From 232d61ad7e70d41379c8e5d38db2575011ac275fe1b7a6130d2c6f07708d2287 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Thu, 4 Jan 2018 08:44:05 +0000 Subject: [PATCH] Accepting request 561561 from home:gary_lin:branches:devel:openSUSE:Factory - Update to 14 - Adjust make commands in spec - Drop upstreamed fixes - Add patches to avoid build failure - Update SUSE/openSUSE specific patches OBS-URL: https://build.opensuse.org/request/show/561561 OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=135 --- shim-12.tar.bz2 | 3 - shim-14.tar.bz2 | 3 + shim-add-fallback-verbose-print.patch | 304 - shim-arch-independent-names.patch | 54 +- shim-back-to-openssl-1.0.2e.patch | 178031 --------------- shim-change-debug-file-path.patch | 37 +- ...back-workaround-masked-ami-variables.patch | 198 - shim-fix-fallback-double-free.patch | 35 - shim-fix-httpboot-crash.patch | 32 - shim-fix-openssl-flags.patch | 40 - shim-httpboot-include-console.h.patch | 28 + shim-more-tpm-measurement.patch | 1263 - shim-only-os-name.patch | 31 +- shim-opensuse-cert-prompt.patch | 140 +- shim-remove-cryptpem.patch | 223 + shim.changes | 23 + shim.spec | 37 +- 17 files changed, 399 insertions(+), 180083 deletions(-) delete mode 100644 shim-12.tar.bz2 create mode 100644 shim-14.tar.bz2 delete mode 100644 shim-add-fallback-verbose-print.patch delete mode 100644 shim-back-to-openssl-1.0.2e.patch delete mode 100644 shim-fallback-workaround-masked-ami-variables.patch delete mode 100644 shim-fix-fallback-double-free.patch delete mode 100644 shim-fix-httpboot-crash.patch delete mode 100644 shim-fix-openssl-flags.patch create mode 100644 shim-httpboot-include-console.h.patch delete mode 100644 shim-more-tpm-measurement.patch create mode 100644 shim-remove-cryptpem.patch diff --git a/shim-12.tar.bz2 b/shim-12.tar.bz2 deleted file mode 100644 index cf49b22..0000000 --- a/shim-12.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d9364983ef91ab09dc231c8d979b413cfa36d4744830ba59f5d3e52b616048b0 -size 994898 diff --git a/shim-14.tar.bz2 b/shim-14.tar.bz2 new file mode 100644 index 0000000..bf80445 --- /dev/null +++ b/shim-14.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:11584881af2cb990a5a782747558ebd3a182b766f2747bd0c0955cbf4786285e +size 1023267 diff --git a/shim-add-fallback-verbose-print.patch b/shim-add-fallback-verbose-print.patch deleted file mode 100644 index bbc678f..0000000 --- a/shim-add-fallback-verbose-print.patch +++ /dev/null @@ -1,304 +0,0 @@ -From 5b7f867367131e758548f9b537b765611ce3d874 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Mon, 31 Jul 2017 11:07:06 -0400 -Subject: [PATCH 1/2] fallback: Minor whitespace cleanup - -Signed-off-by: Peter Jones -(cherry picked from commit 87c8f07e98995c7a2bd040e9d7b7c35b15ff05e4) ---- - fallback.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/fallback.c b/fallback.c -index 0a7058b..9ec40b8 100644 ---- a/fallback.c -+++ b/fallback.c -@@ -114,7 +114,7 @@ EFI_STATUS - make_full_path(CHAR16 *dirname, CHAR16 *filename, CHAR16 **out, UINT64 *outlen) - { - UINT64 len; -- -+ - len = StrLen(L"\\EFI\\") + StrLen(dirname) - + StrLen(L"\\") + StrLen(filename) - + 2; -@@ -358,12 +358,12 @@ add_to_boot_list(EFI_FILE_HANDLE fh, CHAR16 *dirname, CHAR16 *filename, CHAR16 * - rc = make_full_path(dirname, filename, &fullpath, &pathlen); - if (EFI_ERROR(rc)) - return rc; -- -+ - EFI_DEVICE_PATH *dph = NULL; - EFI_DEVICE_PATH *file = NULL; - EFI_DEVICE_PATH *full_device_path = NULL; - EFI_DEVICE_PATH *dp = NULL; -- -+ - dph = DevicePathFromHandle(this_image->DeviceHandle); - if (!dph) { - rc = EFI_OUT_OF_RESOURCES; --- -2.14.1 - - -From 74608d8f3dded28addbc09046c626f1a02251f3d Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Mon, 31 Jul 2017 12:51:46 -0400 -Subject: [PATCH 2/2] Make fallback debug printing be dynamic at runtime. - -Signed-off-by: Peter Jones -(cherry picked from commit c0f7d130746e82613b88cdaa9929fe37aff54c57) ---- - fallback.c | 133 +++++++++++++++++++++++++++++++++++++++++++------------------ - 1 file changed, 94 insertions(+), 39 deletions(-) - -diff --git a/fallback.c b/fallback.c -index 9ec40b8..5602a88 100644 ---- a/fallback.c -+++ b/fallback.c -@@ -15,6 +15,57 @@ - - EFI_LOADED_IMAGE *this_image = NULL; - -+EFI_GUID SHIM_LOCK_GUID = { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} }; -+ -+int -+get_fallback_verbose(void) -+{ -+ EFI_GUID guid = SHIM_LOCK_GUID; -+ UINT8 *data = NULL; -+ UINTN dataSize = 0; -+ EFI_STATUS efi_status; -+ unsigned int i; -+ static int state = -1; -+ -+ if (state != -1) -+ return state; -+ -+ efi_status = get_variable(L"FALLBACK_VERBOSE", -+ &data, &dataSize, guid); -+ if (EFI_ERROR(efi_status)) { -+ state = 0; -+ return state; -+ } -+ -+ for (i = 0; i < dataSize; i++) { -+ if (data[i]) { -+ state = 1; -+ return state; -+ } -+ } -+ -+ state = 0; -+ return state; -+} -+ -+#define VerbosePrintUnprefixed(fmt, ...) \ -+ ({ \ -+ UINTN ret_ = 0; \ -+ if (get_fallback_verbose()) \ -+ ret_ = Print((fmt), ##__VA_ARGS__); \ -+ ret_; \ -+ }) -+ -+#define VerbosePrint(fmt, ...) \ -+ ({ UINTN line_ = __LINE__; \ -+ UINTN ret_ = 0; \ -+ if (get_fallback_verbose()) { \ -+ Print(L"%a:%d: ", __func__, line_); \ -+ ret_ = Print((fmt), ##__VA_ARGS__); \ -+ } \ -+ ret_; \ -+ }) -+ - static EFI_STATUS - FindSubDevicePath(EFI_DEVICE_PATH *In, UINT8 Type, UINT8 SubType, - EFI_DEVICE_PATH **Out) -@@ -23,9 +74,18 @@ FindSubDevicePath(EFI_DEVICE_PATH *In, UINT8 Type, UINT8 SubType, - if (!In || !Out) - return EFI_INVALID_PARAMETER; - -+ CHAR16 *dps = DevicePathToStr(In); -+ VerbosePrint(L"input device path: \"%s\"\n", dps); -+ FreePool(dps); -+ - for (dp = In; !IsDevicePathEnd(dp); dp = NextDevicePathNode(dp)) { - if (DevicePathType(dp) == Type && - DevicePathSubType(dp) == SubType) { -+ dps = DevicePathToStr(dp); -+ VerbosePrint(L"sub-path (%hhd,%hhd): \"%s\"\n", -+ Type, SubType, dps); -+ FreePool(dps); -+ - *Out = DuplicateDevicePath(dp); - if (!*Out) - return EFI_OUT_OF_RESOURCES; -@@ -327,13 +387,11 @@ update_boot_order(void) - return EFI_OUT_OF_RESOURCES; - CopyMem(newbootorder, bootorder, size); - --#ifdef DEBUG_FALLBACK -- Print(L"nbootorder: %d\nBootOrder: ", size / sizeof (CHAR16)); -+ VerbosePrint(L"nbootorder: %d\nBootOrder: ", size / sizeof (CHAR16)); - UINTN j; - for (j = 0 ; j < size / sizeof (CHAR16); j++) -- Print(L"%04x ", newbootorder[j]); -+ VerbosePrintUnprefixed(L"%04x ", newbootorder[j]); - Print(L"\n"); --#endif - rc = uefi_call_wrapper(RT->GetVariable, 5, L"BootOrder", &global, - NULL, &len, NULL); - if (rc == EFI_BUFFER_TOO_SMALL) -@@ -363,6 +421,7 @@ add_to_boot_list(EFI_FILE_HANDLE fh, CHAR16 *dirname, CHAR16 *filename, CHAR16 * - EFI_DEVICE_PATH *file = NULL; - EFI_DEVICE_PATH *full_device_path = NULL; - EFI_DEVICE_PATH *dp = NULL; -+ CHAR16 *dps; - - dph = DevicePathFromHandle(this_image->DeviceHandle); - if (!dph) { -@@ -381,6 +440,9 @@ add_to_boot_list(EFI_FILE_HANDLE fh, CHAR16 *dirname, CHAR16 *filename, CHAR16 * - rc = EFI_OUT_OF_RESOURCES; - goto err; - } -+ dps = DevicePathToStr(full_device_path); -+ VerbosePrint(L"file DP: %s\n", dps); -+ FreePool(dps); - - rc = FindSubDevicePath(full_device_path, - MEDIA_DEVICE_PATH, MEDIA_HARDDRIVE_DP, &dp); -@@ -393,22 +455,24 @@ add_to_boot_list(EFI_FILE_HANDLE fh, CHAR16 *dirname, CHAR16 *filename, CHAR16 * - } - } - --#ifdef DEBUG_FALLBACK - { -- UINTN s = DevicePathSize(dp); -- UINTN i; -- UINT8 *dpv = (void *)dp; -- for (i = 0; i < s; i++) { -- if (i > 0 && i % 16 == 0) -- Print(L"\n"); -- Print(L"%02x ", dpv[i]); -- } -- Print(L"\n"); -+ UINTN s = DevicePathSize(dp); -+ UINTN i; -+ UINT8 *dpv = (void *)dp; -+ for (i = 0; i < s; i++) { -+ if (i % 16 == 0) { -+ if (i > 0) -+ VerbosePrintUnprefixed(L"\n"); -+ VerbosePrint(L""); -+ } -+ VerbosePrintUnprefixed(L"%02x ", dpv[i]); -+ } -+ VerbosePrintUnprefixed(L"\n"); - -- CHAR16 *dps = DevicePathToStr(dp); -- Print(L"device path: \"%s\"\n", dps); -+ CHAR16 *dps = DevicePathToStr(dp); -+ VerbosePrint(L"device path: \"%s\"\n", dps); -+ FreePool(dps); - } --#endif - - UINT16 option; - rc = find_boot_option(dp, full_device_path, fullpath, label, arguments, &option); -@@ -443,35 +507,27 @@ err: - EFI_STATUS - populate_stanza(EFI_FILE_HANDLE fh, CHAR16 *dirname, CHAR16 *filename, CHAR16 *csv) - { --#ifdef DEBUG_FALLBACK -- Print(L"CSV data: \"%s\"\n", csv); --#endif - CHAR16 *file = csv; -+ VerbosePrint(L"CSV data: \"%s\"\n", csv); - - UINTN comma0 = StrCSpn(csv, L","); - if (comma0 == 0) - return EFI_INVALID_PARAMETER; - file[comma0] = L'\0'; --#ifdef DEBUG_FALLBACK -- Print(L"filename: \"%s\"\n", file); --#endif -+ VerbosePrint(L"filename: \"%s\"\n", file); - - CHAR16 *label = csv + comma0 + 1; - UINTN comma1 = StrCSpn(label, L","); - if (comma1 == 0) - return EFI_INVALID_PARAMETER; - label[comma1] = L'\0'; --#ifdef DEBUG_FALLBACK -- Print(L"label: \"%s\"\n", label); --#endif -+ VerbosePrint(L"label: \"%s\"\n", label); - - CHAR16 *arguments = csv + comma0 +1 + comma1 +1; - UINTN comma2 = StrCSpn(arguments, L","); - arguments[comma2] = L'\0'; - /* This one is optional, so don't check if comma2 is 0 */ --#ifdef DEBUG_FALLBACK -- Print(L"arguments: \"%s\"\n", arguments); --#endif -+ VerbosePrint(L"arguments: \"%s\"\n", arguments); - - add_to_boot_list(fh, dirname, file, label, arguments); - -@@ -489,9 +545,7 @@ try_boot_csv(EFI_FILE_HANDLE fh, CHAR16 *dirname, CHAR16 *filename) - if (EFI_ERROR(rc)) - return rc; - --#ifdef DEBUG_FALLBACK -- Print(L"Found file \"%s\"\n", fullpath); --#endif -+ VerbosePrint(L"Found file \"%s\"\n", fullpath); - - CHAR16 *buffer; - UINT64 bs; -@@ -503,9 +557,7 @@ try_boot_csv(EFI_FILE_HANDLE fh, CHAR16 *dirname, CHAR16 *filename) - } - FreePool(fullpath); - --#ifdef DEBUG_FALLBACK -- Print(L"File looks like:\n%s\n", buffer); --#endif -+ VerbosePrint(L"File looks like:\n%s\n", buffer); - - CHAR16 *start = buffer; - /* The file may or may not start with the Unicode byte order marker. -@@ -735,9 +787,7 @@ find_boot_options(EFI_HANDLE device) - buffer = NULL; - continue; - } --#ifdef DEBUG_FALLBACK -- Print(L"Found directory named \"%s\"\n", fi->FileName); --#endif -+ VerbosePrint(L"Found directory named \"%s\"\n", fi->FileName); - - EFI_FILE_HANDLE fh3; - rc = uefi_call_wrapper(fh->Open, 5, fh2, &fh3, fi->FileName, -@@ -810,7 +860,6 @@ try_start_first_option(EFI_HANDLE parent_image_handle) - return rc; - } - --EFI_GUID SHIM_LOCK_GUID = { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} }; - extern EFI_STATUS - efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *systab); - -@@ -870,6 +919,12 @@ efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *systab) - try_start_first_option(image); - - Print(L"Reset System\n"); -+ -+ if (get_fallback_verbose()) { -+ Print(L"Verbose enabled, sleeping for half a second\n"); -+ uefi_call_wrapper(BS->Stall, 1, 500000); -+ } -+ - uefi_call_wrapper(RT->ResetSystem, 4, EfiResetCold, - EFI_SUCCESS, 0, NULL); - --- -2.14.1 - diff --git a/shim-arch-independent-names.patch b/shim-arch-independent-names.patch index 5f5d7e2..003e5a6 100644 --- a/shim-arch-independent-names.patch +++ b/shim-arch-independent-names.patch @@ -1,4 +1,4 @@ -From 927d98bacff515fdbac1ba13c6ca655385f3d6a7 Mon Sep 17 00:00:00 2001 +From ffd90c3957fe8621e660d663b38b2eef8559c84a Mon Sep 17 00:00:00 2001 From: Gary Lin Date: Tue, 22 Aug 2017 12:43:36 +0800 Subject: [PATCH] Make the names of EFI binaries arch-independent @@ -10,49 +10,15 @@ the script with the same names. Signed-off-by: Gary Lin --- - Makefile | 9 --------- fallback.c | 2 +- shim.c | 6 +++--- - 3 files changed, 4 insertions(+), 13 deletions(-) + 2 files changed, 4 insertions(+), 4 deletions(-) -diff --git a/Makefile b/Makefile -index 6ece282..d518615 100644 ---- a/Makefile -+++ b/Makefile -@@ -51,9 +51,6 @@ ifeq ($(ARCH),x86_64) - -DNO_BUILTIN_VA_FUNCS \ - -DMDE_CPU_X64 "-DEFI_ARCH=L\"x64\"" -DPAGE_SIZE=4096 \ - "-DDEBUGDIR=L\"/usr/lib/debug/usr/share/shim/x64-$(VERSION)$(RELEASE)/\"" -- MMNAME = mmx64 -- FBNAME = fbx64 -- SHIMNAME= shimx64 - EFI_PATH:=/usr/lib64/gnuefi - LIB_PATH:=/usr/lib64 - -@@ -63,18 +60,12 @@ ifeq ($(ARCH),ia32) - -maccumulate-outgoing-args -m32 \ - -DMDE_CPU_IA32 "-DEFI_ARCH=L\"ia32\"" -DPAGE_SIZE=4096 \ - "-DDEBUGDIR=L\"/usr/lib/debug/usr/share/shim/ia32-$(VERSION)$(RELEASE)/\"" -- MMNAME = mmia32 -- FBNAME = fbia32 -- SHIMNAME= shimia32 - EFI_PATH:=/usr/lib/gnuefi - LIB_PATH:=/usr/lib - endif - ifeq ($(ARCH),aarch64) - CFLAGS += -DMDE_CPU_AARCH64 "-DEFI_ARCH=L\"aa64\"" -DPAGE_SIZE=4096 \ - "-DDEBUGDIR=L\"/usr/lib/debug/usr/share/shim/aa64-$(VERSION)$(RELEASE)/\"" -- MMNAME = mmaa64 -- FBNAME = fbaa64 -- SHIMNAME= shimaa64 - EFI_PATH:=/usr/lib64/gnuefi - LIB_PATH:=/usr/lib64 - endif diff --git a/fallback.c b/fallback.c -index 5e4a396..c80652a 100644 +index 46894af..886e052 100644 --- a/fallback.c +++ b/fallback.c -@@ -835,7 +835,7 @@ debug_hook(void) +@@ -977,7 +977,7 @@ debug_hook(void) x = 1; Print(L"add-symbol-file "DEBUGDIR @@ -62,12 +28,12 @@ index 5e4a396..c80652a 100644 } diff --git a/shim.c b/shim.c -index f8a1e67..48c8797 100644 +index aec9f8f..7b34868 100644 --- a/shim.c +++ b/shim.c -@@ -56,8 +56,8 @@ - #include - #include +@@ -50,8 +50,8 @@ + + #include -#define FALLBACK L"\\fb" EFI_ARCH L".efi" -#define MOK_MANAGER L"\\mm" EFI_ARCH L".efi" @@ -76,7 +42,7 @@ index f8a1e67..48c8797 100644 #define OID_EKU_MODSIGN "1.3.6.1.4.1.2312.16.1.2" -@@ -2671,7 +2671,7 @@ debug_hook(void) +@@ -2852,7 +2852,7 @@ debug_hook(void) } Print(L"add-symbol-file "DEBUGDIR @@ -86,5 +52,5 @@ index f8a1e67..48c8797 100644 Print(L"Pausing for debugger attachment.\n"); -- -2.14.0 +2.15.1 diff --git a/shim-back-to-openssl-1.0.2e.patch b/shim-back-to-openssl-1.0.2e.patch deleted file mode 100644 index 1623542..0000000 --- a/shim-back-to-openssl-1.0.2e.patch +++ /dev/null @@ -1,178031 +0,0 @@ -From 103758d9ea9001184bec59732128832b80443862 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Thu, 31 Aug 2017 13:57:30 -0400 -Subject: [PATCH 1/3] Revert lots of Cryptlib updates. - -OpenSSL changes quite a bit of the key validation, and most of the keys -I can find in the wild aren't marked as trusted by the new checker. - -Intel noticed this too: https://github.com/vathpela/edk2/commit/f536d7c3ed -but instead of fixing the compatibility error, they switched their test -data to match the bug. - -So that's pretty broken. - -For now, I'm reverting OpenSSL 1.1.0e, because we need those certs in -the wild to work. - -This reverts commit 513cbe2aea689bf968f171f894f3d4cdb43524d5. -This reverts commit e9cc33d6f2b7f35c6f5e349fd83fb9ae0bc66226. -This reverts commit 80d49f758ead0180bfe6161931838e0578248303. -This reverts commit 9bc647e2b23bcfd69a0077c0717fbc454c919a57. -This reverts commit ae75df6232ad30f3e8736e9449692d58a7439260. -This reverts commit e883479f35644d17db7efed710657c8543cfcb68. -This reverts commit 97469449fda5ba933a64280917e776487301a127. -This reverts commit e39692647f78e13d757ddbfdd36f440d5f526050. -This reverts commit 0f3dfc01e2d5e7df882c963dd8dc4a0dfbfc96ad. -This reverts commit 4da6ac819510c7cc4ba21d7a735d69b45daa5873. -This reverts commit d064bd7eef201f26cb926450a76260b5187ac689. -This reverts commit 9bc86cfd6f9387f0da9d5c0102b6aa5627e91c91. -This reverts commit ab9a05a10f16b33f7ee1e9da360c7801eebdb9d2. - -Signed-off-by: Peter Jones -(cherry picked from commit 1d39ada8cb336d9e7c156be7526b674851fbdd40) ---- - Cryptlib/Cryptlib.diff | 68 +- - Cryptlib/Hmac/CryptHmacMd5Null.c | 40 +- - Cryptlib/Hmac/CryptHmacSha1Null.c | 40 +- - Cryptlib/Hmac/CryptHmacSha256Null.c | 40 +- - Cryptlib/Include/CrtLibSupport.h | 384 - - Cryptlib/Include/OpenSslSupport.h | 377 + - Cryptlib/Include/arpa/inet.h | 2 +- - Cryptlib/Include/assert.h | 2 +- - Cryptlib/Include/ctype.h | 2 +- - Cryptlib/Include/dirent.h | 2 +- - Cryptlib/Include/errno.h | 2 +- - Cryptlib/Include/internal/bio.h | 26 - - Cryptlib/Include/internal/comp.h | 12 - - Cryptlib/Include/internal/conf.h | 32 - - Cryptlib/Include/internal/constant_time_locl.h | 185 - - Cryptlib/Include/internal/dane.h | 103 - - Cryptlib/Include/internal/dso.h | 239 - - Cryptlib/Include/internal/dso_conf.h | 0 - Cryptlib/Include/internal/err.h | 15 - - Cryptlib/Include/internal/numbers.h | 68 - - Cryptlib/Include/internal/o_dir.h | 63 - - Cryptlib/Include/internal/o_str.h | 17 - - Cryptlib/Include/internal/thread_once.h | 45 - - Cryptlib/Include/limits.h | 2 +- - Cryptlib/Include/malloc.h | 2 +- - Cryptlib/Include/math.h | 2 +- - Cryptlib/Include/memory.h | 2 +- - Cryptlib/Include/netdb.h | 2 +- - Cryptlib/Include/netinet/in.h | 2 +- - Cryptlib/Include/openssl/README | 1 + - Cryptlib/Include/openssl/aes.h | 81 +- - Cryptlib/Include/openssl/asn1.h | 583 +- - Cryptlib/Include/openssl/asn1_mac.h | 583 +- - Cryptlib/Include/openssl/asn1t.h | 259 +- - Cryptlib/Include/openssl/async.h | 98 - - Cryptlib/Include/openssl/bio.h | 581 +- - Cryptlib/Include/openssl/blowfish.h | 99 +- - Cryptlib/Include/openssl/bn.h | 634 +- - Cryptlib/Include/openssl/buffer.h | 109 +- - Cryptlib/Include/openssl/camellia.h | 77 +- - Cryptlib/Include/openssl/cast.h | 78 +- - Cryptlib/Include/openssl/cmac.h | 59 +- - Cryptlib/Include/openssl/cms.h | 97 +- - Cryptlib/Include/openssl/comp.h | 69 +- - Cryptlib/Include/openssl/conf.h | 121 +- - Cryptlib/Include/openssl/conf_api.h | 61 +- - Cryptlib/Include/openssl/crypto.h | 856 +- - Cryptlib/Include/openssl/ct.h | 533 - - Cryptlib/Include/openssl/des.h | 119 +- - Cryptlib/Include/openssl/des_old.h | 497 + - Cryptlib/Include/openssl/dh.h | 235 +- - Cryptlib/Include/openssl/dsa.h | 273 +- - Cryptlib/Include/openssl/dso.h | 451 + - Cryptlib/Include/openssl/dtls1.h | 228 +- - Cryptlib/Include/openssl/e_os2.h | 275 +- - Cryptlib/Include/openssl/ebcdic.h | 11 +- - Cryptlib/Include/openssl/ec.h | 649 +- - Cryptlib/Include/openssl/ecdh.h | 138 +- - Cryptlib/Include/openssl/ecdsa.h | 339 +- - Cryptlib/Include/openssl/engine.h | 266 +- - Cryptlib/Include/openssl/err.h | 222 +- - Cryptlib/Include/openssl/evp.h | 948 +- - Cryptlib/Include/openssl/hmac.h | 102 +- - Cryptlib/Include/openssl/idea.h | 111 +- - Cryptlib/Include/openssl/kdf.h | 75 - - Cryptlib/Include/openssl/krb5_asn.h | 240 + - Cryptlib/Include/openssl/kssl.h | 197 + - Cryptlib/Include/openssl/lhash.h | 302 +- - Cryptlib/Include/openssl/md2.h | 44 - - Cryptlib/Include/openssl/md4.h | 100 +- - Cryptlib/Include/openssl/md5.h | 99 +- - Cryptlib/Include/openssl/mdc2.h | 80 +- - Cryptlib/Include/openssl/modes.h | 48 +- - Cryptlib/Include/openssl/obj_mac.h | 515 +- - Cryptlib/Include/openssl/objects.h | 80 +- - Cryptlib/Include/openssl/ocsp.h | 511 +- - Cryptlib/Include/openssl/opensslconf.h | 811 +- - Cryptlib/Include/openssl/opensslv.h | 20 +- - Cryptlib/Include/openssl/ossl_typ.h | 125 +- - Cryptlib/Include/openssl/pem.h | 175 +- - Cryptlib/Include/openssl/pem2.h | 64 +- - Cryptlib/Include/openssl/pkcs12.h | 266 +- - Cryptlib/Include/openssl/pkcs7.h | 113 +- - Cryptlib/Include/openssl/pqueue.h | 99 + - Cryptlib/Include/openssl/rand.h | 117 +- - Cryptlib/Include/openssl/rc2.h | 84 +- - Cryptlib/Include/openssl/rc4.h | 74 +- - Cryptlib/Include/openssl/rc5.h | 63 - - Cryptlib/Include/openssl/ripemd.h | 90 +- - Cryptlib/Include/openssl/rsa.h | 404 +- - Cryptlib/Include/openssl/safestack.h | 2736 ++++- - Cryptlib/Include/openssl/seed.h | 87 +- - Cryptlib/Include/openssl/sha.h | 137 +- - Cryptlib/Include/openssl/srp.h | 182 +- - Cryptlib/Include/openssl/srtp.h | 127 +- - Cryptlib/Include/openssl/ssl.h | 2606 +++-- - Cryptlib/Include/openssl/ssl2.h | 253 +- - Cryptlib/Include/openssl/ssl23.h | 84 + - Cryptlib/Include/openssl/ssl3.h | 532 +- - Cryptlib/Include/openssl/stack.h | 145 +- - Cryptlib/Include/openssl/symhacks.h | 478 +- - Cryptlib/Include/openssl/tls1.h | 558 +- - Cryptlib/Include/openssl/ts.h | 379 +- - Cryptlib/Include/openssl/txt_db.h | 75 +- - Cryptlib/Include/openssl/ui.h | 119 +- - Cryptlib/Include/openssl/ui_compat.h | 88 + - Cryptlib/Include/openssl/whrlpool.h | 27 +- - Cryptlib/Include/openssl/x509.h | 667 +- - Cryptlib/Include/openssl/x509_vfy.h | 515 +- - Cryptlib/Include/openssl/x509v3.h | 332 +- - Cryptlib/Include/sgtty.h | 2 +- - Cryptlib/Include/signal.h | 2 +- - Cryptlib/Include/stdarg.h | 2 +- - Cryptlib/Include/stddef.h | 2 +- - Cryptlib/Include/stdio.h | 2 +- - Cryptlib/Include/stdlib.h | 2 +- - Cryptlib/Include/string.h | 2 +- - Cryptlib/Include/strings.h | 2 +- - Cryptlib/Include/sys/ioctl.h | 2 +- - Cryptlib/Include/sys/param.h | 2 +- - Cryptlib/Include/sys/socket.h | 2 +- - Cryptlib/Include/sys/stat.h | 2 +- - Cryptlib/Include/sys/time.h | 2 +- - Cryptlib/Include/sys/times.h | 2 +- - Cryptlib/Include/sys/types.h | 2 +- - Cryptlib/Include/sys/un.h | 2 +- - Cryptlib/Include/syslog.h | 2 +- - Cryptlib/Include/time.h | 2 +- - Cryptlib/Include/unistd.h | 2 +- - Cryptlib/InternalCryptLib.h | 10 +- - Cryptlib/Library/BaseLib.h | 6 - - Cryptlib/Library/BaseMemoryLib.h | 1 - - Cryptlib/Makefile | 2 +- - Cryptlib/OpenSSL/Makefile | 866 +- - Cryptlib/OpenSSL/buildinf.h | 2 +- - Cryptlib/OpenSSL/crypto/LPdir_nyi.c | 9 - - Cryptlib/OpenSSL/crypto/aes/aes_cbc.c | 54 +- - Cryptlib/OpenSSL/crypto/aes/aes_cfb.c | 54 +- - Cryptlib/OpenSSL/crypto/aes/aes_core.c | 48 +- - Cryptlib/OpenSSL/crypto/aes/aes_ctr.c | 63 + - Cryptlib/OpenSSL/crypto/aes/aes_ecb.c | 59 +- - Cryptlib/OpenSSL/crypto/aes/aes_ige.c | 56 +- - Cryptlib/OpenSSL/crypto/aes/aes_locl.h | 59 +- - Cryptlib/OpenSSL/crypto/aes/aes_misc.c | 77 +- - Cryptlib/OpenSSL/crypto/aes/aes_ofb.c | 54 +- - Cryptlib/OpenSSL/crypto/aes/aes_wrap.c | 57 +- - Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c | 96 +- - Cryptlib/OpenSSL/crypto/asn1/a_bool.c | 111 + - Cryptlib/OpenSSL/crypto/asn1/a_bytes.c | 334 + - Cryptlib/OpenSSL/crypto/asn1/a_d2i_fp.c | 115 +- - Cryptlib/OpenSSL/crypto/asn1/a_digest.c | 73 +- - Cryptlib/OpenSSL/crypto/asn1/a_dup.c | 63 +- - Cryptlib/OpenSSL/crypto/asn1/a_enum.c | 181 + - Cryptlib/OpenSSL/crypto/asn1/a_gentm.c | 213 +- - Cryptlib/OpenSSL/crypto/asn1/a_i2d_fp.c | 69 +- - Cryptlib/OpenSSL/crypto/asn1/a_int.c | 676 +- - Cryptlib/OpenSSL/crypto/asn1/a_mbstr.c | 104 +- - Cryptlib/OpenSSL/crypto/asn1/a_object.c | 144 +- - Cryptlib/OpenSSL/crypto/asn1/a_octet.c | 69 +- - Cryptlib/OpenSSL/crypto/asn1/a_print.c | 94 +- - Cryptlib/OpenSSL/crypto/asn1/a_set.c | 243 + - Cryptlib/OpenSSL/crypto/asn1/a_sign.c | 213 +- - Cryptlib/OpenSSL/crypto/asn1/a_strex.c | 178 +- - Cryptlib/OpenSSL/crypto/asn1/a_strnid.c | 173 +- - Cryptlib/OpenSSL/crypto/asn1/a_time.c | 111 +- - Cryptlib/OpenSSL/crypto/asn1/a_type.c | 103 +- - Cryptlib/OpenSSL/crypto/asn1/a_utctm.c | 198 +- - Cryptlib/OpenSSL/crypto/asn1/a_utf8.c | 63 +- - Cryptlib/OpenSSL/crypto/asn1/a_verify.c | 127 +- - Cryptlib/OpenSSL/crypto/asn1/ameth_lib.c | 164 +- - Cryptlib/OpenSSL/crypto/asn1/asn1_err.c | 205 +- - Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c | 160 +- - Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c | 195 +- - Cryptlib/OpenSSL/crypto/asn1/asn1_locl.h | 181 +- - Cryptlib/OpenSSL/crypto/asn1/asn1_par.c | 133 +- - Cryptlib/OpenSSL/crypto/asn1/asn_mime.c | 292 +- - Cryptlib/OpenSSL/crypto/asn1/asn_moid.c | 76 +- - Cryptlib/OpenSSL/crypto/asn1/asn_mstbl.c | 114 - - Cryptlib/OpenSSL/crypto/asn1/asn_pack.c | 197 +- - Cryptlib/OpenSSL/crypto/asn1/bio_asn1.c | 151 +- - Cryptlib/OpenSSL/crypto/asn1/bio_ndef.c | 82 +- - Cryptlib/OpenSSL/crypto/asn1/charmap.h | 41 +- - Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c | 78 +- - Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c | 90 +- - Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c | 182 +- - Cryptlib/OpenSSL/crypto/asn1/f_enum.c | 203 + - Cryptlib/OpenSSL/crypto/asn1/f_int.c | 122 +- - Cryptlib/OpenSSL/crypto/asn1/f_string.c | 125 +- - Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c | 66 +- - Cryptlib/OpenSSL/crypto/asn1/i2d_pu.c | 85 +- - Cryptlib/OpenSSL/crypto/asn1/n_pkey.c | 322 +- - Cryptlib/OpenSSL/crypto/asn1/nsseq.c | 60 +- - Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c | 83 +- - Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c | 117 +- - Cryptlib/OpenSSL/crypto/asn1/p5_scrypt.c | 283 - - Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c | 131 +- - Cryptlib/OpenSSL/crypto/asn1/t_bitst.c | 69 +- - Cryptlib/OpenSSL/crypto/asn1/t_crl.c | 133 + - Cryptlib/OpenSSL/crypto/asn1/t_pkey.c | 158 +- - Cryptlib/OpenSSL/crypto/asn1/t_req.c | 255 + - Cryptlib/OpenSSL/crypto/asn1/t_spki.c | 76 +- - Cryptlib/OpenSSL/crypto/asn1/t_x509.c | 556 + - Cryptlib/OpenSSL/crypto/asn1/t_x509a.c | 115 + - Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c | 263 +- - Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c | 112 +- - Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c | 146 +- - Cryptlib/OpenSSL/crypto/asn1/tasn_new.c | 200 +- - Cryptlib/OpenSSL/crypto/asn1/tasn_prn.c | 135 +- - Cryptlib/OpenSSL/crypto/asn1/tasn_scn.c | 65 - - Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c | 129 +- - Cryptlib/OpenSSL/crypto/asn1/tasn_utl.c | 111 +- - Cryptlib/OpenSSL/crypto/asn1/x_algor.c | 77 +- - Cryptlib/OpenSSL/crypto/asn1/x_attrib.c | 124 + - Cryptlib/OpenSSL/crypto/asn1/x_bignum.c | 96 +- - Cryptlib/OpenSSL/crypto/asn1/x_crl.c | 518 + - Cryptlib/OpenSSL/crypto/asn1/x_exten.c | 77 + - Cryptlib/OpenSSL/crypto/asn1/x_info.c | 108 +- - Cryptlib/OpenSSL/crypto/asn1/x_long.c | 66 +- - Cryptlib/OpenSSL/crypto/asn1/x_name.c | 536 + - Cryptlib/OpenSSL/crypto/asn1/x_nx509.c | 72 + - Cryptlib/OpenSSL/crypto/asn1/x_pkey.c | 154 +- - Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c | 374 + - Cryptlib/OpenSSL/crypto/asn1/x_req.c | 116 + - Cryptlib/OpenSSL/crypto/asn1/x_sig.c | 82 +- - Cryptlib/OpenSSL/crypto/asn1/x_spki.c | 65 +- - Cryptlib/OpenSSL/crypto/asn1/x_val.c | 63 +- - Cryptlib/OpenSSL/crypto/asn1/x_x509.c | 289 + - Cryptlib/OpenSSL/crypto/asn1/x_x509a.c | 196 + - Cryptlib/OpenSSL/crypto/async/arch/async_null.c | 23 - - Cryptlib/OpenSSL/crypto/async/arch/async_null.h | 30 - - Cryptlib/OpenSSL/crypto/async/arch/async_posix.c | 58 - - Cryptlib/OpenSSL/crypto/async/arch/async_posix.h | 58 - - Cryptlib/OpenSSL/crypto/async/arch/async_win.c | 55 - - Cryptlib/OpenSSL/crypto/async/arch/async_win.h | 36 - - Cryptlib/OpenSSL/crypto/async/async.c | 433 - - Cryptlib/OpenSSL/crypto/async/async_err.c | 51 - - Cryptlib/OpenSSL/crypto/async/async_locl.h | 77 - - Cryptlib/OpenSSL/crypto/async/async_wait.c | 211 - - Cryptlib/OpenSSL/crypto/bio/b_addr.c | 897 -- - Cryptlib/OpenSSL/crypto/bio/b_dump.c | 78 +- - Cryptlib/OpenSSL/crypto/bio/b_print.c | 297 +- - Cryptlib/OpenSSL/crypto/bio/b_sock.c | 921 +- - Cryptlib/OpenSSL/crypto/bio/b_sock2.c | 270 - - Cryptlib/OpenSSL/crypto/bio/bf_buff.c | 102 +- - Cryptlib/OpenSSL/crypto/bio/bf_lbuf.c | 319 - - Cryptlib/OpenSSL/crypto/bio/bf_nbio.c | 87 +- - Cryptlib/OpenSSL/crypto/bio/bf_null.c | 69 +- - Cryptlib/OpenSSL/crypto/bio/bio_cb.c | 78 +- - Cryptlib/OpenSSL/crypto/bio/bio_err.c | 144 +- - Cryptlib/OpenSSL/crypto/bio/bio_lcl.h | 154 +- - Cryptlib/OpenSSL/crypto/bio/bio_lib.c | 246 +- - Cryptlib/OpenSSL/crypto/bio/bio_meth.c | 145 - - Cryptlib/OpenSSL/crypto/bio/bss_acpt.c | 490 +- - Cryptlib/OpenSSL/crypto/bio/bss_bio.c | 126 +- - Cryptlib/OpenSSL/crypto/bio/bss_conn.c | 399 +- - Cryptlib/OpenSSL/crypto/bio/bss_dgram.c | 417 +- - Cryptlib/OpenSSL/crypto/bio/bss_fd.c | 79 +- - Cryptlib/OpenSSL/crypto/bio/bss_file.c | 251 +- - Cryptlib/OpenSSL/crypto/bio/bss_log.c | 91 +- - Cryptlib/OpenSSL/crypto/bio/bss_mem.c | 224 +- - Cryptlib/OpenSSL/crypto/bio/bss_null.c | 69 +- - Cryptlib/OpenSSL/crypto/bio/bss_sock.c | 90 +- - Cryptlib/OpenSSL/crypto/bn/bn.h | 951 ++ - Cryptlib/OpenSSL/crypto/bn/bn_add.c | 202 +- - Cryptlib/OpenSSL/crypto/bn/bn_asm.c | 72 +- - Cryptlib/OpenSSL/crypto/bn/bn_blind.c | 196 +- - Cryptlib/OpenSSL/crypto/bn/bn_const.c | 28 +- - Cryptlib/OpenSSL/crypto/bn/bn_ctx.c | 203 +- - Cryptlib/OpenSSL/crypto/bn/bn_depr.c | 81 +- - Cryptlib/OpenSSL/crypto/bn/bn_dh.c | 220 - - Cryptlib/OpenSSL/crypto/bn/bn_div.c | 82 +- - Cryptlib/OpenSSL/crypto/bn/bn_err.c | 81 +- - Cryptlib/OpenSSL/crypto/bn/bn_exp.c | 148 +- - Cryptlib/OpenSSL/crypto/bn/bn_exp2.c | 118 +- - Cryptlib/OpenSSL/crypto/bn/bn_gcd.c | 172 +- - Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c | 122 +- - Cryptlib/OpenSSL/crypto/bn/bn_intern.c | 210 - - Cryptlib/OpenSSL/crypto/bn/bn_kron.c | 62 +- - Cryptlib/OpenSSL/crypto/bn/bn_lcl.h | 406 +- - Cryptlib/OpenSSL/crypto/bn/bn_lib.c | 489 +- - Cryptlib/OpenSSL/crypto/bn/bn_mod.c | 129 +- - Cryptlib/OpenSSL/crypto/bn/bn_mont.c | 166 +- - Cryptlib/OpenSSL/crypto/bn/bn_mpi.c | 88 +- - Cryptlib/OpenSSL/crypto/bn/bn_mul.c | 154 +- - Cryptlib/OpenSSL/crypto/bn/bn_nist.c | 109 +- - Cryptlib/OpenSSL/crypto/bn/bn_prime.c | 400 +- - Cryptlib/OpenSSL/crypto/bn/bn_prime.h | 588 +- - Cryptlib/OpenSSL/crypto/bn/bn_print.c | 105 +- - Cryptlib/OpenSSL/crypto/bn/bn_rand.c | 210 +- - Cryptlib/OpenSSL/crypto/bn/bn_recp.c | 79 +- - Cryptlib/OpenSSL/crypto/bn/bn_shift.c | 77 +- - Cryptlib/OpenSSL/crypto/bn/bn_sqr.c | 72 +- - Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c | 65 +- - Cryptlib/OpenSSL/crypto/bn/bn_srp.c | 545 - - Cryptlib/OpenSSL/crypto/bn/bn_word.c | 66 +- - Cryptlib/OpenSSL/crypto/bn/bn_x931p.c | 95 +- - Cryptlib/OpenSSL/crypto/bn/rsaz_exp.c | 352 - - Cryptlib/OpenSSL/crypto/bn/rsaz_exp.h | 9 - - Cryptlib/OpenSSL/crypto/buffer/buf_err.c | 71 +- - Cryptlib/OpenSSL/crypto/buffer/buf_str.c | 137 + - Cryptlib/OpenSSL/crypto/buffer/buffer.c | 119 +- - Cryptlib/OpenSSL/crypto/cmac/cm_ameth.c | 65 +- - Cryptlib/OpenSSL/crypto/cmac/cm_pmeth.c | 87 +- - Cryptlib/OpenSSL/crypto/cmac/cmac.c | 173 +- - Cryptlib/OpenSSL/crypto/comp/c_rle.c | 62 + - Cryptlib/OpenSSL/crypto/comp/c_zlib.c | 316 +- - Cryptlib/OpenSSL/crypto/comp/comp_err.c | 76 +- - Cryptlib/OpenSSL/crypto/comp/comp_lcl.h | 30 - - Cryptlib/OpenSSL/crypto/comp/comp_lib.c | 37 +- - Cryptlib/OpenSSL/crypto/conf/conf_api.c | 149 +- - Cryptlib/OpenSSL/crypto/conf/conf_def.c | 135 +- - Cryptlib/OpenSSL/crypto/conf/conf_def.h | 120 +- - Cryptlib/OpenSSL/crypto/conf/conf_err.c | 84 +- - Cryptlib/OpenSSL/crypto/conf/conf_lib.c | 128 +- - Cryptlib/OpenSSL/crypto/conf/conf_mall.c | 68 +- - Cryptlib/OpenSSL/crypto/conf/conf_mod.c | 140 +- - Cryptlib/OpenSSL/crypto/conf/conf_sap.c | 89 +- - Cryptlib/OpenSSL/crypto/constant_time_locl.h | 211 + - Cryptlib/OpenSSL/crypto/cpt_err.c | 87 +- - Cryptlib/OpenSSL/crypto/cryptlib.c | 774 +- - Cryptlib/OpenSSL/crypto/cryptlib.h | 113 + - Cryptlib/OpenSSL/crypto/cversion.c | 92 +- - Cryptlib/OpenSSL/crypto/des/cbc_cksm.c | 103 + - Cryptlib/OpenSSL/crypto/des/cbc_enc.c | 61 + - Cryptlib/OpenSSL/crypto/des/cfb64ede.c | 249 + - Cryptlib/OpenSSL/crypto/des/cfb64enc.c | 122 + - Cryptlib/OpenSSL/crypto/des/cfb_enc.c | 199 + - Cryptlib/OpenSSL/crypto/des/des_enc.c | 389 + - Cryptlib/OpenSSL/crypto/des/des_locl.h | 443 + - Cryptlib/OpenSSL/crypto/des/des_old.c | 345 + - Cryptlib/OpenSSL/crypto/des/des_old2.c | 80 + - Cryptlib/OpenSSL/crypto/des/des_ver.h | 73 + - Cryptlib/OpenSSL/crypto/des/ecb3_enc.c | 82 + - Cryptlib/OpenSSL/crypto/des/ecb_enc.c | 124 + - Cryptlib/OpenSSL/crypto/des/ede_cbcm_enc.c | 189 + - Cryptlib/OpenSSL/crypto/des/enc_read.c | 235 + - Cryptlib/OpenSSL/crypto/des/enc_writ.c | 182 + - Cryptlib/OpenSSL/crypto/des/fcrypt.c | 167 + - Cryptlib/OpenSSL/crypto/des/fcrypt_b.c | 140 + - Cryptlib/OpenSSL/crypto/des/ncbc_enc.c | 154 + - Cryptlib/OpenSSL/crypto/des/ofb64ede.c | 123 + - Cryptlib/OpenSSL/crypto/des/ofb64enc.c | 109 + - Cryptlib/OpenSSL/crypto/des/ofb_enc.c | 131 + - Cryptlib/OpenSSL/crypto/des/pcbc_enc.c | 115 + - Cryptlib/OpenSSL/crypto/des/qud_cksm.c | 143 + - Cryptlib/OpenSSL/crypto/des/rand_key.c | 67 + - Cryptlib/OpenSSL/crypto/des/read2pwd.c | 144 + - Cryptlib/OpenSSL/crypto/des/rpc_des.h | 130 + - Cryptlib/OpenSSL/crypto/des/rpc_enc.c | 100 + - Cryptlib/OpenSSL/crypto/des/set_key.c | 447 + - Cryptlib/OpenSSL/crypto/des/spr.h | 212 + - Cryptlib/OpenSSL/crypto/des/str2key.c | 164 + - Cryptlib/OpenSSL/crypto/des/xcbc_enc.c | 216 + - Cryptlib/OpenSSL/crypto/dh/dh_ameth.c | 277 +- - Cryptlib/OpenSSL/crypto/dh/dh_asn1.c | 79 +- - Cryptlib/OpenSSL/crypto/dh/dh_check.c | 136 +- - Cryptlib/OpenSSL/crypto/dh/dh_depr.c | 86 +- - Cryptlib/OpenSSL/crypto/dh/dh_err.c | 105 +- - Cryptlib/OpenSSL/crypto/dh/dh_gen.c | 92 +- - Cryptlib/OpenSSL/crypto/dh/dh_kdf.c | 150 - - Cryptlib/OpenSSL/crypto/dh/dh_key.c | 132 +- - Cryptlib/OpenSSL/crypto/dh/dh_lib.c | 333 +- - Cryptlib/OpenSSL/crypto/dh/dh_locl.h | 56 - - Cryptlib/OpenSSL/crypto/dh/dh_meth.c | 173 - - Cryptlib/OpenSSL/crypto/dh/dh_pmeth.c | 157 +- - Cryptlib/OpenSSL/crypto/dh/dh_prn.c | 65 +- - Cryptlib/OpenSSL/crypto/dh/dh_rfc5114.c | 294 +- - Cryptlib/OpenSSL/crypto/dso/dso_beos.c | 253 + - Cryptlib/OpenSSL/crypto/dso/dso_dl.c | 155 +- - Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c | 149 +- - Cryptlib/OpenSSL/crypto/dso/dso_err.c | 131 +- - Cryptlib/OpenSSL/crypto/dso/dso_lib.c | 247 +- - Cryptlib/OpenSSL/crypto/dso/dso_locl.h | 106 - - Cryptlib/OpenSSL/crypto/dso/dso_null.c | 92 + - Cryptlib/OpenSSL/crypto/dso/dso_openssl.c | 87 +- - Cryptlib/OpenSSL/crypto/dso/dso_vms.c | 127 +- - Cryptlib/OpenSSL/crypto/dso/dso_win32.c | 275 +- - Cryptlib/OpenSSL/crypto/ebcdic.c | 102 +- - Cryptlib/OpenSSL/crypto/err/err.c | 710 +- - Cryptlib/OpenSSL/crypto/err/err_all.c | 185 +- - Cryptlib/OpenSSL/crypto/err/err_prn.c | 109 +- - Cryptlib/OpenSSL/crypto/evp/bio_b64.c | 197 +- - Cryptlib/OpenSSL/crypto/evp/bio_enc.c | 280 +- - Cryptlib/OpenSSL/crypto/evp/bio_md.c | 171 +- - Cryptlib/OpenSSL/crypto/evp/bio_ok.c | 260 +- - Cryptlib/OpenSSL/crypto/evp/c_all.c | 85 + - Cryptlib/OpenSSL/crypto/evp/c_allc.c | 105 +- - Cryptlib/OpenSSL/crypto/evp/c_alld.c | 95 +- - Cryptlib/OpenSSL/crypto/evp/cmeth_lib.c | 151 - - Cryptlib/OpenSSL/crypto/evp/digest.c | 297 +- - Cryptlib/OpenSSL/crypto/evp/e_aes.c | 1528 +-- - Cryptlib/OpenSSL/crypto/evp/e_aes_cbc_hmac_sha1.c | 269 +- - .../OpenSSL/crypto/evp/e_aes_cbc_hmac_sha256.c | 252 +- - Cryptlib/OpenSSL/crypto/evp/e_bf.c | 65 +- - Cryptlib/OpenSSL/crypto/evp/e_camellia.c | 162 +- - Cryptlib/OpenSSL/crypto/evp/e_cast.c | 65 +- - Cryptlib/OpenSSL/crypto/evp/e_chacha20_poly1305.c | 454 - - Cryptlib/OpenSSL/crypto/evp/e_des.c | 149 +- - Cryptlib/OpenSSL/crypto/evp/e_des3.c | 229 +- - Cryptlib/OpenSSL/crypto/evp/e_idea.c | 95 +- - Cryptlib/OpenSSL/crypto/evp/e_null.c | 70 +- - Cryptlib/OpenSSL/crypto/evp/e_old.c | 73 +- - Cryptlib/OpenSSL/crypto/evp/e_rc2.c | 80 +- - Cryptlib/OpenSSL/crypto/evp/e_rc4.c | 69 +- - Cryptlib/OpenSSL/crypto/evp/e_rc4_hmac_md5.c | 72 +- - Cryptlib/OpenSSL/crypto/evp/e_rc5.c | 66 +- - Cryptlib/OpenSSL/crypto/evp/e_seed.c | 66 +- - Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c | 77 +- - Cryptlib/OpenSSL/crypto/evp/encode.c | 130 +- - Cryptlib/OpenSSL/crypto/evp/evp_acnf.c | 73 + - Cryptlib/OpenSSL/crypto/evp/evp_cnf.c | 71 +- - Cryptlib/OpenSSL/crypto/evp/evp_enc.c | 287 +- - Cryptlib/OpenSSL/crypto/evp/evp_err.c | 163 +- - Cryptlib/OpenSSL/crypto/evp/evp_key.c | 93 +- - Cryptlib/OpenSSL/crypto/evp/evp_lib.c | 308 +- - Cryptlib/OpenSSL/crypto/evp/evp_locl.h | 421 +- - Cryptlib/OpenSSL/crypto/evp/evp_pbe.c | 137 +- - Cryptlib/OpenSSL/crypto/evp/evp_pkey.c | 121 +- - Cryptlib/OpenSSL/crypto/evp/m_dss.c | 104 + - Cryptlib/OpenSSL/crypto/evp/m_dss1.c | 105 + - Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c | 154 + - Cryptlib/OpenSSL/crypto/evp/m_md2.c | 78 +- - Cryptlib/OpenSSL/crypto/evp/m_md4.c | 77 +- - Cryptlib/OpenSSL/crypto/evp/m_md5.c | 76 +- - Cryptlib/OpenSSL/crypto/evp/m_md5_sha1.c | 142 - - Cryptlib/OpenSSL/crypto/evp/m_mdc2.c | 77 +- - Cryptlib/OpenSSL/crypto/evp/m_null.c | 65 +- - Cryptlib/OpenSSL/crypto/evp/m_ripemd.c | 78 +- - Cryptlib/OpenSSL/crypto/evp/m_sha.c | 106 + - Cryptlib/OpenSSL/crypto/evp/m_sha1.c | 178 +- - Cryptlib/OpenSSL/crypto/evp/m_sigver.c | 140 +- - Cryptlib/OpenSSL/crypto/evp/m_wp.c | 20 +- - Cryptlib/OpenSSL/crypto/evp/names.c | 99 +- - Cryptlib/OpenSSL/crypto/evp/p5_crpt.c | 92 +- - Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c | 157 +- - Cryptlib/OpenSSL/crypto/evp/p_dec.c | 73 +- - Cryptlib/OpenSSL/crypto/evp/p_enc.c | 72 +- - Cryptlib/OpenSSL/crypto/evp/p_lib.c | 264 +- - Cryptlib/OpenSSL/crypto/evp/p_open.c | 88 +- - Cryptlib/OpenSSL/crypto/evp/p_seal.c | 69 +- - Cryptlib/OpenSSL/crypto/evp/p_sign.c | 154 +- - Cryptlib/OpenSSL/crypto/evp/p_verify.c | 133 +- - Cryptlib/OpenSSL/crypto/evp/pmeth_fn.c | 69 +- - Cryptlib/OpenSSL/crypto/evp/pmeth_gn.c | 79 +- - Cryptlib/OpenSSL/crypto/evp/pmeth_lib.c | 330 +- - Cryptlib/OpenSSL/crypto/evp/scrypt.c | 248 - - Cryptlib/OpenSSL/crypto/ex_data.c | 736 +- - Cryptlib/OpenSSL/crypto/fips_ers.c | 7 + - Cryptlib/OpenSSL/crypto/hmac/hm_ameth.c | 80 +- - Cryptlib/OpenSSL/crypto/hmac/hm_pmeth.c | 146 +- - Cryptlib/OpenSSL/crypto/hmac/hmac.c | 252 +- - Cryptlib/OpenSSL/crypto/hmac/hmac_lcl.h | 33 - - .../OpenSSL/crypto/include/internal/asn1_int.h | 94 - - Cryptlib/OpenSSL/crypto/include/internal/async.h | 14 - - Cryptlib/OpenSSL/crypto/include/internal/bn_dh.h | 17 - - Cryptlib/OpenSSL/crypto/include/internal/bn_int.h | 82 - - Cryptlib/OpenSSL/crypto/include/internal/bn_srp.h | 32 - - Cryptlib/OpenSSL/crypto/include/internal/chacha.h | 49 - - .../OpenSSL/crypto/include/internal/cryptlib.h | 81 - - .../OpenSSL/crypto/include/internal/cryptlib_int.h | 31 - - Cryptlib/OpenSSL/crypto/include/internal/engine.h | 20 - - Cryptlib/OpenSSL/crypto/include/internal/err_int.h | 17 - - Cryptlib/OpenSSL/crypto/include/internal/evp_int.h | 389 - - .../OpenSSL/crypto/include/internal/md32_common.h | 383 - - Cryptlib/OpenSSL/crypto/include/internal/objects.h | 12 - - .../OpenSSL/crypto/include/internal/poly1305.h | 19 - - Cryptlib/OpenSSL/crypto/include/internal/rand.h | 20 - - .../OpenSSL/crypto/include/internal/x509_int.h | 267 - - Cryptlib/OpenSSL/crypto/init.c | 664 -- - Cryptlib/OpenSSL/crypto/kdf/hkdf.c | 293 - - Cryptlib/OpenSSL/crypto/kdf/kdf_err.c | 46 - - Cryptlib/OpenSSL/crypto/kdf/tls1_prf.c | 265 - - Cryptlib/OpenSSL/crypto/krb5/krb5_asn.c | 162 + - Cryptlib/OpenSSL/crypto/lhash/lh_stats.c | 178 +- - Cryptlib/OpenSSL/crypto/lhash/lhash.c | 245 +- - Cryptlib/OpenSSL/crypto/lhash/lhash_lcl.h | 42 - - Cryptlib/OpenSSL/crypto/md32_common.h | 436 + - Cryptlib/OpenSSL/crypto/md4/md4_dgst.c | 199 + - Cryptlib/OpenSSL/crypto/md4/md4_locl.h | 113 + - Cryptlib/OpenSSL/crypto/md4/md4_one.c | 96 + - Cryptlib/OpenSSL/crypto/md5/md5_dgst.c | 98 +- - Cryptlib/OpenSSL/crypto/md5/md5_locl.h | 69 +- - Cryptlib/OpenSSL/crypto/md5/md5_one.c | 61 +- - Cryptlib/OpenSSL/crypto/mem.c | 484 +- - Cryptlib/OpenSSL/crypto/mem_clr.c | 62 +- - Cryptlib/OpenSSL/crypto/mem_dbg.c | 761 +- - Cryptlib/OpenSSL/crypto/mem_sec.c | 585 -- - Cryptlib/OpenSSL/crypto/modes/cbc128.c | 64 +- - Cryptlib/OpenSSL/crypto/modes/ccm128.c | 59 +- - Cryptlib/OpenSSL/crypto/modes/cfb128.c | 70 +- - Cryptlib/OpenSSL/crypto/modes/ctr128.c | 70 +- - Cryptlib/OpenSSL/crypto/modes/cts128.c | 33 +- - Cryptlib/OpenSSL/crypto/modes/gcm128.c | 269 +- - Cryptlib/OpenSSL/crypto/modes/modes_lcl.h | 50 +- - Cryptlib/OpenSSL/crypto/modes/ocb128.c | 568 - - Cryptlib/OpenSSL/crypto/modes/ofb128.c | 62 +- - Cryptlib/OpenSSL/crypto/modes/wrap128.c | 311 +- - Cryptlib/OpenSSL/crypto/modes/xts128.c | 59 +- - Cryptlib/OpenSSL/crypto/o_dir.c | 62 +- - Cryptlib/OpenSSL/crypto/o_dir.h | 55 + - Cryptlib/OpenSSL/crypto/o_fips.c | 76 +- - Cryptlib/OpenSSL/crypto/o_fopen.c | 103 - - Cryptlib/OpenSSL/crypto/o_init.c | 62 +- - Cryptlib/OpenSSL/crypto/o_str.c | 324 +- - Cryptlib/OpenSSL/crypto/o_str.h | 69 + - Cryptlib/OpenSSL/crypto/o_time.c | 139 +- - Cryptlib/OpenSSL/crypto/o_time.h | 70 + - Cryptlib/OpenSSL/crypto/objects/o_names.c | 133 +- - Cryptlib/OpenSSL/crypto/objects/obj_dat.c | 229 +- - Cryptlib/OpenSSL/crypto/objects/obj_dat.h | 10396 ++++++++++--------- - Cryptlib/OpenSSL/crypto/objects/obj_err.c | 70 +- - Cryptlib/OpenSSL/crypto/objects/obj_lcl.h | 14 - - Cryptlib/OpenSSL/crypto/objects/obj_lib.c | 127 +- - Cryptlib/OpenSSL/crypto/objects/obj_xref.c | 99 +- - Cryptlib/OpenSSL/crypto/objects/obj_xref.h | 21 +- - Cryptlib/OpenSSL/crypto/ocsp/ocsp_asn.c | 80 +- - Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c | 150 +- - Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c | 90 +- - Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c | 220 +- - Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c | 86 +- - Cryptlib/OpenSSL/crypto/ocsp/ocsp_lcl.h | 216 - - Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c | 148 +- - Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c | 107 +- - Cryptlib/OpenSSL/crypto/ocsp/ocsp_srv.c | 186 +- - Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c | 214 +- - Cryptlib/OpenSSL/crypto/ocsp/v3_ocsp.c | 264 - - Cryptlib/OpenSSL/crypto/pem/pem_all.c | 278 +- - Cryptlib/OpenSSL/crypto/pem/pem_err.c | 112 +- - Cryptlib/OpenSSL/crypto/pem/pem_info.c | 104 +- - Cryptlib/OpenSSL/crypto/pem/pem_lib.c | 422 +- - Cryptlib/OpenSSL/crypto/pem/pem_oth.c | 64 +- - Cryptlib/OpenSSL/crypto/pem/pem_pk8.c | 82 +- - Cryptlib/OpenSSL/crypto/pem/pem_pkey.c | 106 +- - Cryptlib/OpenSSL/crypto/pem/pem_seal.c | 191 + - Cryptlib/OpenSSL/crypto/pem/pem_sign.c | 77 +- - Cryptlib/OpenSSL/crypto/pem/pem_x509.c | 62 +- - Cryptlib/OpenSSL/crypto/pem/pem_xaux.c | 64 +- - Cryptlib/OpenSSL/crypto/pem/pvkfmt.c | 404 +- - Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c | 130 +- - Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c | 63 +- - Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c | 116 +- - Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c | 87 +- - Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c | 115 +- - Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c | 107 +- - Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c | 73 +- - Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c | 139 +- - Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c | 108 +- - Cryptlib/OpenSSL/crypto/pkcs12/p12_lcl.h | 43 - - Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c | 206 +- - Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c | 86 +- - Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c | 71 +- - Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c | 110 +- - Cryptlib/OpenSSL/crypto/pkcs12/p12_sbag.c | 170 - - Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c | 260 +- - Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c | 88 +- - Cryptlib/OpenSSL/crypto/pkcs7/bio_pk7.c | 58 +- - Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c | 62 +- - Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c | 96 +- - Cryptlib/OpenSSL/crypto/pkcs7/pk7_dgst.c | 15 - - Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c | 321 +- - Cryptlib/OpenSSL/crypto/pkcs7/pk7_enc.c | 25 - - Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c | 115 +- - Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c | 59 +- - Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c | 148 +- - Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c | 106 +- - Cryptlib/OpenSSL/crypto/rand/md_rand.c | 540 +- - Cryptlib/OpenSSL/crypto/rand/rand_egd.c | 249 - - Cryptlib/OpenSSL/crypto/rand/rand_err.c | 77 +- - Cryptlib/OpenSSL/crypto/rand/rand_lcl.h | 128 +- - Cryptlib/OpenSSL/crypto/rand/rand_lib.c | 210 +- - Cryptlib/OpenSSL/crypto/rand/rand_unix.c | 159 +- - Cryptlib/OpenSSL/crypto/rand/rand_vms.c | 133 - - Cryptlib/OpenSSL/crypto/rand/rand_win.c | 135 - - Cryptlib/OpenSSL/crypto/rand/randfile.c | 276 +- - Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c | 290 +- - Cryptlib/OpenSSL/crypto/rc4/rc4_locl.h | 13 +- - Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c | 76 +- - Cryptlib/OpenSSL/crypto/rc4/rc4_utl.c | 62 + - Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c | 221 +- - Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c | 78 +- - Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c | 89 +- - Cryptlib/OpenSSL/crypto/rsa/rsa_crpt.c | 145 +- - Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c | 92 +- - Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c | 904 ++ - Cryptlib/OpenSSL/crypto/rsa/rsa_err.c | 138 +- - Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c | 166 +- - Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c | 393 +- - Cryptlib/OpenSSL/crypto/rsa/rsa_locl.h | 92 - - Cryptlib/OpenSSL/crypto/rsa/rsa_meth.c | 273 - - Cryptlib/OpenSSL/crypto/rsa/rsa_none.c | 65 +- - Cryptlib/OpenSSL/crypto/rsa/rsa_null.c | 76 +- - Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c | 55 +- - Cryptlib/OpenSSL/crypto/rsa/rsa_ossl.c | 790 -- - Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c | 96 +- - Cryptlib/OpenSSL/crypto/rsa/rsa_pmeth.c | 261 +- - Cryptlib/OpenSSL/crypto/rsa/rsa_prn.c | 66 +- - Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c | 110 +- - Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c | 78 +- - Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c | 413 +- - Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c | 63 +- - Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c | 63 +- - Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c | 195 - - Cryptlib/OpenSSL/crypto/sha/sha1_one.c | 63 +- - Cryptlib/OpenSSL/crypto/sha/sha1dgst.c | 69 +- - Cryptlib/OpenSSL/crypto/sha/sha256.c | 119 +- - Cryptlib/OpenSSL/crypto/sha/sha512.c | 198 +- - Cryptlib/OpenSSL/crypto/sha/sha_dgst.c | 74 + - Cryptlib/OpenSSL/crypto/sha/sha_locl.h | 118 +- - Cryptlib/OpenSSL/crypto/sha/sha_one.c | 79 + - Cryptlib/OpenSSL/crypto/stack/stack.c | 334 +- - Cryptlib/OpenSSL/crypto/threads_none.c | 124 - - Cryptlib/OpenSSL/crypto/threads_pthread.c | 171 - - Cryptlib/OpenSSL/crypto/threads_win.c | 136 - - Cryptlib/OpenSSL/crypto/txt_db/txt_db.c | 136 +- - Cryptlib/OpenSSL/crypto/ui/ui_compat.c | 69 + - Cryptlib/OpenSSL/crypto/ui/ui_lib.c | 878 ++ - Cryptlib/OpenSSL/crypto/ui/ui_locl.h | 145 + - Cryptlib/OpenSSL/crypto/ui/ui_util.c | 97 + - Cryptlib/OpenSSL/crypto/uid.c | 60 +- - Cryptlib/OpenSSL/crypto/x509/by_dir.c | 388 - - Cryptlib/OpenSSL/crypto/x509/by_file.c | 221 - - Cryptlib/OpenSSL/crypto/x509/t_crl.c | 89 - - Cryptlib/OpenSSL/crypto/x509/t_req.c | 198 - - Cryptlib/OpenSSL/crypto/x509/t_x509.c | 376 - - Cryptlib/OpenSSL/crypto/x509/vpm_int.h | 70 + - Cryptlib/OpenSSL/crypto/x509/x509_att.c | 105 +- - Cryptlib/OpenSSL/crypto/x509/x509_cmp.c | 215 +- - Cryptlib/OpenSSL/crypto/x509/x509_d2.c | 66 +- - Cryptlib/OpenSSL/crypto/x509/x509_def.c | 63 +- - Cryptlib/OpenSSL/crypto/x509/x509_err.c | 88 +- - Cryptlib/OpenSSL/crypto/x509/x509_ext.c | 141 +- - Cryptlib/OpenSSL/crypto/x509/x509_lcl.h | 142 - - Cryptlib/OpenSSL/crypto/x509/x509_lu.c | 599 +- - Cryptlib/OpenSSL/crypto/x509/x509_obj.c | 72 +- - Cryptlib/OpenSSL/crypto/x509/x509_r2x.c | 92 +- - Cryptlib/OpenSSL/crypto/x509/x509_req.c | 188 +- - Cryptlib/OpenSSL/crypto/x509/x509_set.c | 203 +- - Cryptlib/OpenSSL/crypto/x509/x509_trs.c | 184 +- - Cryptlib/OpenSSL/crypto/x509/x509_txt.c | 113 +- - Cryptlib/OpenSSL/crypto/x509/x509_v3.c | 84 +- - Cryptlib/OpenSSL/crypto/x509/x509_vfy.c | 2364 ++--- - Cryptlib/OpenSSL/crypto/x509/x509_vpm.c | 291 +- - Cryptlib/OpenSSL/crypto/x509/x509cset.c | 219 +- - Cryptlib/OpenSSL/crypto/x509/x509name.c | 109 +- - Cryptlib/OpenSSL/crypto/x509/x509rset.c | 77 +- - Cryptlib/OpenSSL/crypto/x509/x509spki.c | 68 +- - Cryptlib/OpenSSL/crypto/x509/x509type.c | 78 +- - Cryptlib/OpenSSL/crypto/x509/x_all.c | 152 +- - Cryptlib/OpenSSL/crypto/x509/x_attrib.c | 55 - - Cryptlib/OpenSSL/crypto/x509/x_crl.c | 459 - - Cryptlib/OpenSSL/crypto/x509/x_exten.c | 28 - - Cryptlib/OpenSSL/crypto/x509/x_name.c | 557 - - Cryptlib/OpenSSL/crypto/x509/x_pubkey.c | 374 - - Cryptlib/OpenSSL/crypto/x509/x_req.c | 68 - - Cryptlib/OpenSSL/crypto/x509/x_x509.c | 224 - - Cryptlib/OpenSSL/crypto/x509/x_x509a.c | 169 - - Cryptlib/OpenSSL/crypto/x509v3/ext_dat.h | 152 +- - Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c | 101 +- - Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c | 82 +- - Cryptlib/OpenSSL/crypto/x509v3/pcy_int.h | 66 +- - Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c | 71 +- - Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c | 69 +- - Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c | 79 +- - Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c | 607 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c | 179 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c | 91 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c | 62 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c | 137 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c | 132 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c | 70 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c | 73 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c | 195 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c | 118 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c | 131 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c | 69 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c | 67 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c | 64 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c | 88 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_info.c | 85 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_int.c | 65 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c | 189 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c | 178 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c | 312 + - Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c | 62 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c | 10 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c | 70 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c | 63 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c | 88 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c | 115 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c | 183 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c | 98 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c | 117 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_tlsf.c | 137 - - Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c | 356 +- - Cryptlib/OpenSSL/crypto/x509v3/v3err.c | 152 +- - Cryptlib/OpenSSL/e_os.h | 444 +- - .../OpenSSL/openssl-bio-b_print-disable-sse.patch | 22 +- - Cryptlib/OpenSSL/update.sh | 555 +- - Cryptlib/Pem/CryptPem.c | 135 + - Cryptlib/Pem/CryptPemNull.c | 44 - - Cryptlib/Pk/CryptPkcs7Verify.c | 68 +- - Cryptlib/Pk/CryptRsaBasic.c | 189 +- - Cryptlib/Pk/CryptTs.c | 20 +- - Cryptlib/Pk/CryptX509.c | 41 +- - Cryptlib/SysCall/BaseMemAllocation.c | 5 +- - Cryptlib/SysCall/BaseStrings.c | 70 +- - Cryptlib/SysCall/CrtWrapper.c | 189 +- - Cryptlib/SysCall/TimerWrapper.c | 4 +- - Cryptlib/opensslconf-diff.patch | 24 - - Cryptlib/update.sh | 10 +- - MokManager.c | 4 +- - PasswordCrypt.c | 17 + - shim.c | 2 + - 713 files changed, 81238 insertions(+), 52511 deletions(-) - delete mode 100644 Cryptlib/Include/CrtLibSupport.h - create mode 100644 Cryptlib/Include/OpenSslSupport.h - delete mode 100644 Cryptlib/Include/internal/bio.h - delete mode 100644 Cryptlib/Include/internal/comp.h - delete mode 100644 Cryptlib/Include/internal/conf.h - delete mode 100644 Cryptlib/Include/internal/constant_time_locl.h - delete mode 100644 Cryptlib/Include/internal/dane.h - delete mode 100644 Cryptlib/Include/internal/dso.h - delete mode 100644 Cryptlib/Include/internal/dso_conf.h - delete mode 100644 Cryptlib/Include/internal/err.h - delete mode 100644 Cryptlib/Include/internal/numbers.h - delete mode 100644 Cryptlib/Include/internal/o_dir.h - delete mode 100644 Cryptlib/Include/internal/o_str.h - delete mode 100644 Cryptlib/Include/internal/thread_once.h - create mode 100644 Cryptlib/Include/openssl/README - delete mode 100644 Cryptlib/Include/openssl/async.h - delete mode 100644 Cryptlib/Include/openssl/ct.h - create mode 100644 Cryptlib/Include/openssl/des_old.h - create mode 100644 Cryptlib/Include/openssl/dso.h - delete mode 100644 Cryptlib/Include/openssl/kdf.h - create mode 100644 Cryptlib/Include/openssl/krb5_asn.h - create mode 100644 Cryptlib/Include/openssl/kssl.h - delete mode 100644 Cryptlib/Include/openssl/md2.h - create mode 100644 Cryptlib/Include/openssl/pqueue.h - delete mode 100644 Cryptlib/Include/openssl/rc5.h - create mode 100644 Cryptlib/Include/openssl/ssl23.h - create mode 100644 Cryptlib/Include/openssl/ui_compat.h - create mode 100644 Cryptlib/OpenSSL/crypto/aes/aes_ctr.c - create mode 100644 Cryptlib/OpenSSL/crypto/asn1/a_bool.c - create mode 100644 Cryptlib/OpenSSL/crypto/asn1/a_bytes.c - create mode 100644 Cryptlib/OpenSSL/crypto/asn1/a_enum.c - create mode 100644 Cryptlib/OpenSSL/crypto/asn1/a_set.c - delete mode 100644 Cryptlib/OpenSSL/crypto/asn1/asn_mstbl.c - create mode 100644 Cryptlib/OpenSSL/crypto/asn1/f_enum.c - delete mode 100644 Cryptlib/OpenSSL/crypto/asn1/p5_scrypt.c - create mode 100644 Cryptlib/OpenSSL/crypto/asn1/t_crl.c - create mode 100644 Cryptlib/OpenSSL/crypto/asn1/t_req.c - create mode 100644 Cryptlib/OpenSSL/crypto/asn1/t_x509.c - create mode 100644 Cryptlib/OpenSSL/crypto/asn1/t_x509a.c - delete mode 100644 Cryptlib/OpenSSL/crypto/asn1/tasn_scn.c - create mode 100644 Cryptlib/OpenSSL/crypto/asn1/x_attrib.c - create mode 100644 Cryptlib/OpenSSL/crypto/asn1/x_crl.c - create mode 100644 Cryptlib/OpenSSL/crypto/asn1/x_exten.c - create mode 100644 Cryptlib/OpenSSL/crypto/asn1/x_name.c - create mode 100644 Cryptlib/OpenSSL/crypto/asn1/x_nx509.c - create mode 100644 Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c - create mode 100644 Cryptlib/OpenSSL/crypto/asn1/x_req.c - create mode 100644 Cryptlib/OpenSSL/crypto/asn1/x_x509.c - create mode 100644 Cryptlib/OpenSSL/crypto/asn1/x_x509a.c - delete mode 100644 Cryptlib/OpenSSL/crypto/async/arch/async_null.c - delete mode 100644 Cryptlib/OpenSSL/crypto/async/arch/async_null.h - delete mode 100644 Cryptlib/OpenSSL/crypto/async/arch/async_posix.c - delete mode 100644 Cryptlib/OpenSSL/crypto/async/arch/async_posix.h - delete mode 100644 Cryptlib/OpenSSL/crypto/async/arch/async_win.c - delete mode 100644 Cryptlib/OpenSSL/crypto/async/arch/async_win.h - delete mode 100644 Cryptlib/OpenSSL/crypto/async/async.c - delete mode 100644 Cryptlib/OpenSSL/crypto/async/async_err.c - delete mode 100644 Cryptlib/OpenSSL/crypto/async/async_locl.h - delete mode 100644 Cryptlib/OpenSSL/crypto/async/async_wait.c - delete mode 100644 Cryptlib/OpenSSL/crypto/bio/b_addr.c - delete mode 100644 Cryptlib/OpenSSL/crypto/bio/b_sock2.c - delete mode 100644 Cryptlib/OpenSSL/crypto/bio/bf_lbuf.c - delete mode 100644 Cryptlib/OpenSSL/crypto/bio/bio_meth.c - create mode 100644 Cryptlib/OpenSSL/crypto/bn/bn.h - delete mode 100644 Cryptlib/OpenSSL/crypto/bn/bn_dh.c - delete mode 100644 Cryptlib/OpenSSL/crypto/bn/bn_intern.c - delete mode 100644 Cryptlib/OpenSSL/crypto/bn/bn_srp.c - delete mode 100644 Cryptlib/OpenSSL/crypto/bn/rsaz_exp.c - create mode 100644 Cryptlib/OpenSSL/crypto/buffer/buf_str.c - create mode 100644 Cryptlib/OpenSSL/crypto/comp/c_rle.c - delete mode 100644 Cryptlib/OpenSSL/crypto/comp/comp_lcl.h - create mode 100644 Cryptlib/OpenSSL/crypto/constant_time_locl.h - create mode 100644 Cryptlib/OpenSSL/crypto/cryptlib.h - create mode 100644 Cryptlib/OpenSSL/crypto/des/cbc_cksm.c - create mode 100644 Cryptlib/OpenSSL/crypto/des/cbc_enc.c - create mode 100644 Cryptlib/OpenSSL/crypto/des/cfb64ede.c - create mode 100644 Cryptlib/OpenSSL/crypto/des/cfb64enc.c - create mode 100644 Cryptlib/OpenSSL/crypto/des/cfb_enc.c - create mode 100644 Cryptlib/OpenSSL/crypto/des/des_enc.c - create mode 100644 Cryptlib/OpenSSL/crypto/des/des_locl.h - create mode 100644 Cryptlib/OpenSSL/crypto/des/des_old.c - create mode 100644 Cryptlib/OpenSSL/crypto/des/des_old2.c - create mode 100644 Cryptlib/OpenSSL/crypto/des/des_ver.h - create mode 100644 Cryptlib/OpenSSL/crypto/des/ecb3_enc.c - create mode 100644 Cryptlib/OpenSSL/crypto/des/ecb_enc.c - create mode 100644 Cryptlib/OpenSSL/crypto/des/ede_cbcm_enc.c - create mode 100644 Cryptlib/OpenSSL/crypto/des/enc_read.c - create mode 100644 Cryptlib/OpenSSL/crypto/des/enc_writ.c - create mode 100644 Cryptlib/OpenSSL/crypto/des/fcrypt.c - create mode 100644 Cryptlib/OpenSSL/crypto/des/fcrypt_b.c - create mode 100644 Cryptlib/OpenSSL/crypto/des/ncbc_enc.c - create mode 100644 Cryptlib/OpenSSL/crypto/des/ofb64ede.c - create mode 100644 Cryptlib/OpenSSL/crypto/des/ofb64enc.c - create mode 100644 Cryptlib/OpenSSL/crypto/des/ofb_enc.c - create mode 100644 Cryptlib/OpenSSL/crypto/des/pcbc_enc.c - create mode 100644 Cryptlib/OpenSSL/crypto/des/qud_cksm.c - create mode 100644 Cryptlib/OpenSSL/crypto/des/rand_key.c - create mode 100644 Cryptlib/OpenSSL/crypto/des/read2pwd.c - create mode 100644 Cryptlib/OpenSSL/crypto/des/rpc_des.h - create mode 100644 Cryptlib/OpenSSL/crypto/des/rpc_enc.c - create mode 100644 Cryptlib/OpenSSL/crypto/des/set_key.c - create mode 100644 Cryptlib/OpenSSL/crypto/des/spr.h - create mode 100644 Cryptlib/OpenSSL/crypto/des/str2key.c - create mode 100644 Cryptlib/OpenSSL/crypto/des/xcbc_enc.c - delete mode 100644 Cryptlib/OpenSSL/crypto/dh/dh_kdf.c - delete mode 100644 Cryptlib/OpenSSL/crypto/dh/dh_locl.h - delete mode 100644 Cryptlib/OpenSSL/crypto/dh/dh_meth.c - create mode 100644 Cryptlib/OpenSSL/crypto/dso/dso_beos.c - delete mode 100644 Cryptlib/OpenSSL/crypto/dso/dso_locl.h - create mode 100644 Cryptlib/OpenSSL/crypto/dso/dso_null.c - create mode 100644 Cryptlib/OpenSSL/crypto/evp/c_all.c - delete mode 100644 Cryptlib/OpenSSL/crypto/evp/cmeth_lib.c - delete mode 100644 Cryptlib/OpenSSL/crypto/evp/e_chacha20_poly1305.c - create mode 100644 Cryptlib/OpenSSL/crypto/evp/evp_acnf.c - create mode 100644 Cryptlib/OpenSSL/crypto/evp/m_dss.c - create mode 100644 Cryptlib/OpenSSL/crypto/evp/m_dss1.c - create mode 100644 Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c - delete mode 100644 Cryptlib/OpenSSL/crypto/evp/m_md5_sha1.c - create mode 100644 Cryptlib/OpenSSL/crypto/evp/m_sha.c - delete mode 100644 Cryptlib/OpenSSL/crypto/evp/scrypt.c - create mode 100644 Cryptlib/OpenSSL/crypto/fips_ers.c - delete mode 100644 Cryptlib/OpenSSL/crypto/hmac/hmac_lcl.h - delete mode 100644 Cryptlib/OpenSSL/crypto/include/internal/asn1_int.h - delete mode 100644 Cryptlib/OpenSSL/crypto/include/internal/async.h - delete mode 100644 Cryptlib/OpenSSL/crypto/include/internal/bn_dh.h - delete mode 100644 Cryptlib/OpenSSL/crypto/include/internal/bn_int.h - delete mode 100644 Cryptlib/OpenSSL/crypto/include/internal/bn_srp.h - delete mode 100644 Cryptlib/OpenSSL/crypto/include/internal/chacha.h - delete mode 100644 Cryptlib/OpenSSL/crypto/include/internal/cryptlib.h - delete mode 100644 Cryptlib/OpenSSL/crypto/include/internal/cryptlib_int.h - delete mode 100644 Cryptlib/OpenSSL/crypto/include/internal/engine.h - delete mode 100644 Cryptlib/OpenSSL/crypto/include/internal/err_int.h - delete mode 100644 Cryptlib/OpenSSL/crypto/include/internal/evp_int.h - delete mode 100644 Cryptlib/OpenSSL/crypto/include/internal/md32_common.h - delete mode 100644 Cryptlib/OpenSSL/crypto/include/internal/objects.h - delete mode 100644 Cryptlib/OpenSSL/crypto/include/internal/poly1305.h - delete mode 100644 Cryptlib/OpenSSL/crypto/include/internal/rand.h - delete mode 100644 Cryptlib/OpenSSL/crypto/include/internal/x509_int.h - delete mode 100644 Cryptlib/OpenSSL/crypto/init.c - delete mode 100644 Cryptlib/OpenSSL/crypto/kdf/hkdf.c - delete mode 100644 Cryptlib/OpenSSL/crypto/kdf/kdf_err.c - delete mode 100644 Cryptlib/OpenSSL/crypto/kdf/tls1_prf.c - create mode 100644 Cryptlib/OpenSSL/crypto/krb5/krb5_asn.c - delete mode 100644 Cryptlib/OpenSSL/crypto/lhash/lhash_lcl.h - create mode 100644 Cryptlib/OpenSSL/crypto/md32_common.h - create mode 100644 Cryptlib/OpenSSL/crypto/md4/md4_dgst.c - create mode 100644 Cryptlib/OpenSSL/crypto/md4/md4_locl.h - create mode 100644 Cryptlib/OpenSSL/crypto/md4/md4_one.c - delete mode 100644 Cryptlib/OpenSSL/crypto/mem_sec.c - delete mode 100644 Cryptlib/OpenSSL/crypto/modes/ocb128.c - create mode 100644 Cryptlib/OpenSSL/crypto/o_dir.h - delete mode 100644 Cryptlib/OpenSSL/crypto/o_fopen.c - create mode 100644 Cryptlib/OpenSSL/crypto/o_str.h - create mode 100644 Cryptlib/OpenSSL/crypto/o_time.h - delete mode 100644 Cryptlib/OpenSSL/crypto/objects/obj_lcl.h - delete mode 100644 Cryptlib/OpenSSL/crypto/ocsp/ocsp_lcl.h - delete mode 100644 Cryptlib/OpenSSL/crypto/ocsp/v3_ocsp.c - create mode 100644 Cryptlib/OpenSSL/crypto/pem/pem_seal.c - delete mode 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_lcl.h - delete mode 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_sbag.c - delete mode 100644 Cryptlib/OpenSSL/crypto/pkcs7/pk7_dgst.c - delete mode 100644 Cryptlib/OpenSSL/crypto/pkcs7/pk7_enc.c - delete mode 100644 Cryptlib/OpenSSL/crypto/rand/rand_egd.c - delete mode 100644 Cryptlib/OpenSSL/crypto/rand/rand_vms.c - delete mode 100644 Cryptlib/OpenSSL/crypto/rand/rand_win.c - create mode 100644 Cryptlib/OpenSSL/crypto/rc4/rc4_utl.c - create mode 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c - delete mode 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_meth.c - delete mode 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_ossl.c - delete mode 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c - create mode 100644 Cryptlib/OpenSSL/crypto/sha/sha_dgst.c - create mode 100644 Cryptlib/OpenSSL/crypto/sha/sha_one.c - delete mode 100644 Cryptlib/OpenSSL/crypto/threads_none.c - delete mode 100644 Cryptlib/OpenSSL/crypto/threads_pthread.c - delete mode 100644 Cryptlib/OpenSSL/crypto/threads_win.c - create mode 100644 Cryptlib/OpenSSL/crypto/ui/ui_compat.c - create mode 100644 Cryptlib/OpenSSL/crypto/ui/ui_lib.c - create mode 100644 Cryptlib/OpenSSL/crypto/ui/ui_locl.h - create mode 100644 Cryptlib/OpenSSL/crypto/ui/ui_util.c - delete mode 100644 Cryptlib/OpenSSL/crypto/x509/by_dir.c - delete mode 100644 Cryptlib/OpenSSL/crypto/x509/by_file.c - delete mode 100644 Cryptlib/OpenSSL/crypto/x509/t_crl.c - delete mode 100644 Cryptlib/OpenSSL/crypto/x509/t_req.c - delete mode 100644 Cryptlib/OpenSSL/crypto/x509/t_x509.c - create mode 100644 Cryptlib/OpenSSL/crypto/x509/vpm_int.h - delete mode 100644 Cryptlib/OpenSSL/crypto/x509/x509_lcl.h - delete mode 100644 Cryptlib/OpenSSL/crypto/x509/x_attrib.c - delete mode 100644 Cryptlib/OpenSSL/crypto/x509/x_crl.c - delete mode 100644 Cryptlib/OpenSSL/crypto/x509/x_exten.c - delete mode 100644 Cryptlib/OpenSSL/crypto/x509/x_name.c - delete mode 100644 Cryptlib/OpenSSL/crypto/x509/x_pubkey.c - delete mode 100644 Cryptlib/OpenSSL/crypto/x509/x_req.c - delete mode 100644 Cryptlib/OpenSSL/crypto/x509/x_x509.c - delete mode 100644 Cryptlib/OpenSSL/crypto/x509/x_x509a.c - create mode 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c - delete mode 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_tlsf.c - create mode 100644 Cryptlib/Pem/CryptPem.c - delete mode 100644 Cryptlib/Pem/CryptPemNull.c - delete mode 100644 Cryptlib/opensslconf-diff.patch - -diff --git a/Cryptlib/Cryptlib.diff b/Cryptlib/Cryptlib.diff -index 5a56470..a2f49d6 100644 ---- a/Cryptlib/Cryptlib.diff -+++ b/Cryptlib/Cryptlib.diff -@@ -1,20 +1,8 @@ --diff --git a/Cryptlib/Include/openssl/e_os2.h b/Cryptlib/Include/openssl/e_os2.h --index 99ea347..f11cffe 100644 ----- a/Cryptlib/Include/openssl/e_os2.h --+++ b/Cryptlib/Include/openssl/e_os2.h --@@ -234,6 +234,7 @@ extern "C" { -- -- /* Standard integer types */ -- # if defined(OPENSSL_SYS_UEFI) --+#include -- typedef INT8 int8_t; -- typedef UINT8 uint8_t; -- typedef INT16 int16_t; - diff --git a/Cryptlib/SysCall/BaseMemAllocation.c b/Cryptlib/SysCall/BaseMemAllocation.c --index f390e0d..65e9938 100644 -+index 68bc25a..1abe78e 100644 - --- a/Cryptlib/SysCall/BaseMemAllocation.c - +++ b/Cryptlib/SysCall/BaseMemAllocation.c --@@ -33,7 +33,7 @@ void *realloc (void *ptr, size_t size) -+@@ -32,7 +32,7 @@ void *realloc (void *ptr, size_t size) - // BUG: hardcode OldSize == size! We have no any knowledge about - // memory size of original pointer ptr. - // -@@ -23,33 +11,8 @@ index f390e0d..65e9938 100644 - } - - /* De-allocates or frees a memory block */ --diff --git a/Cryptlib/SysCall/CrtWrapper.c b/Cryptlib/SysCall/CrtWrapper.c --index 20c9656..7878953 100644 ----- a/Cryptlib/SysCall/CrtWrapper.c --+++ b/Cryptlib/SysCall/CrtWrapper.c --@@ -371,20 +371,6 @@ size_t fwrite (const void *buffer, size_t size, size_t count, FILE *stream) -- return 0; -- } -- ---// ---// -- Dummy OpenSSL Support Routines -- ---// --- ---int BIO_printf (void *bio, const char *format, ...) ---{ --- return 0; ---} --- ---int BIO_snprintf(char *buf, size_t n, const char *format, ...) ---{ --- return 0; ---} --- -- #ifdef __GNUC__ -- -- typedef - diff --git a/Cryptlib/SysCall/TimerWrapper.c b/Cryptlib/SysCall/TimerWrapper.c --index 581b8fb..04fe4ef 100644 -+index 805e6b4..bb7bcba 100644 - --- a/Cryptlib/SysCall/TimerWrapper.c - +++ b/Cryptlib/SysCall/TimerWrapper.c - @@ -13,9 +13,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -@@ -57,12 +20,12 @@ index 581b8fb..04fe4ef 100644 - **/ - - -#include -- #include -+ #include - -#include - - // - // -- Time Management Routines -- --@@ -79,7 +77,7 @@ time_t time (time_t *timer) -+@@ -78,7 +76,7 @@ time_t time (time_t *timer) - // - // Get the current time and date information - // -@@ -71,3 +34,24 @@ index 581b8fb..04fe4ef 100644 - - // - // Years Handling -+diff --git a/Cryptlib/SysCall/CrtWrapper.c b/Cryptlib/SysCall/CrtWrapper.c -+index fb446b6..5a8322d 100644 -+--- a/Cryptlib/SysCall/CrtWrapper.c -++++ b/Cryptlib/SysCall/CrtWrapper.c -+@@ -293,16 +293,6 @@ size_t fwrite (const void *buffer, size_t size, size_t count, FILE *stream) -+ // -- Dummy OpenSSL Support Routines -- -+ // -+ -+-int BIO_printf (void *bio, const char *format, ...) -+-{ -+- return 0; -+-} -+- -+-int BIO_snprintf(char *buf, size_t n, const char *format, ...) -+-{ -+- return 0; -+-} -+- -+ void *UI_OpenSSL(void) -+ { -+ return NULL; -diff --git a/Cryptlib/Hmac/CryptHmacMd5Null.c b/Cryptlib/Hmac/CryptHmacMd5Null.c -index bfe68ab..b4bdde0 100644 ---- a/Cryptlib/Hmac/CryptHmacMd5Null.c -+++ b/Cryptlib/Hmac/CryptHmacMd5Null.c -@@ -1,7 +1,7 @@ - /** @file - HMAC-MD5 Wrapper Implementation which does not provide real capabilities. - --Copyright (c) 2012 - 2017, Intel Corporation. All rights reserved.
-+Copyright (c) 2012, Intel Corporation. All rights reserved.
- This program and the accompanying materials - are licensed and made available under the terms and conditions of the BSD License - which accompanies this distribution. The full text of the license may be found at -@@ -16,8 +16,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - - /** - Retrieves the size, in bytes, of the context buffer required for HMAC-MD5 operations. -- (NOTE: This API is deprecated. -- Use HmacMd5New() / HmacMd5Free() for HMAC-MD5 Context operations.) - - Return zero to indicate this interface is not supported. - -@@ -34,42 +32,6 @@ HmacMd5GetContextSize ( - return 0; - } - --/** -- Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 use. -- -- Return NULL to indicate this interface is not supported. -- -- @retval NULL This interface is not supported. -- --**/ --VOID * --EFIAPI --HmacMd5New ( -- VOID -- ) --{ -- ASSERT (FALSE); -- return NULL; --} -- --/** -- Release the specified HMAC_CTX context. -- -- This function will do nothing. -- -- @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released. -- --**/ --VOID --EFIAPI --HmacMd5Free ( -- IN VOID *HmacMd5Ctx -- ) --{ -- ASSERT (FALSE); -- return; --} -- - /** - Initializes user-supplied memory pointed by HmacMd5Context as HMAC-MD5 context for - subsequent use. -diff --git a/Cryptlib/Hmac/CryptHmacSha1Null.c b/Cryptlib/Hmac/CryptHmacSha1Null.c -index 466c488..b31d0d1 100644 ---- a/Cryptlib/Hmac/CryptHmacSha1Null.c -+++ b/Cryptlib/Hmac/CryptHmacSha1Null.c -@@ -1,7 +1,7 @@ - /** @file - HMAC-SHA1 Wrapper Implementation which does not provide real capabilities. - --Copyright (c) 2012 - 2017, Intel Corporation. All rights reserved.
-+Copyright (c) 2012, Intel Corporation. All rights reserved.
- This program and the accompanying materials - are licensed and made available under the terms and conditions of the BSD License - which accompanies this distribution. The full text of the license may be found at -@@ -16,8 +16,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - - /** - Retrieves the size, in bytes, of the context buffer required for HMAC-SHA1 operations. -- (NOTE: This API is deprecated. -- Use HmacSha1New() / HmacSha1Free() for HMAC-SHA1 Context operations.) - - Return zero to indicate this interface is not supported. - -@@ -34,42 +32,6 @@ HmacSha1GetContextSize ( - return 0; - } - --/** -- Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 use. -- -- Return NULL to indicate this interface is not supported. -- -- @return NULL This interface is not supported.. -- --**/ --VOID * --EFIAPI --HmacSha1New ( -- VOID -- ) --{ -- ASSERT (FALSE); -- return NULL; --} -- --/** -- Release the specified HMAC_CTX context. -- -- This function will do nothing. -- -- @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released. -- --**/ --VOID --EFIAPI --HmacSha1Free ( -- IN VOID *HmacSha1Ctx -- ) --{ -- ASSERT (FALSE); -- return; --} -- - /** - Initializes user-supplied memory pointed by HmacSha1Context as HMAC-SHA1 context for - subsequent use. -diff --git a/Cryptlib/Hmac/CryptHmacSha256Null.c b/Cryptlib/Hmac/CryptHmacSha256Null.c -index 1696fa1..35abdda 100644 ---- a/Cryptlib/Hmac/CryptHmacSha256Null.c -+++ b/Cryptlib/Hmac/CryptHmacSha256Null.c -@@ -1,7 +1,7 @@ - /** @file - HMAC-SHA256 Wrapper Implementation which does not provide real capabilities. - --Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
-+Copyright (c) 2016, Intel Corporation. All rights reserved.
- This program and the accompanying materials - are licensed and made available under the terms and conditions of the BSD License - which accompanies this distribution. The full text of the license may be found at -@@ -16,8 +16,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - - /** - Retrieves the size, in bytes, of the context buffer required for HMAC-SHA256 operations. -- (NOTE: This API is deprecated. -- Use HmacSha256New() / HmacSha256Free() for HMAC-SHA256 Context operations.) - - Return zero to indicate this interface is not supported. - -@@ -34,42 +32,6 @@ HmacSha256GetContextSize ( - return 0; - } - --/** -- Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use. -- -- Return NULL to indicate this interface is not supported. -- -- @return NULL This interface is not supported.. -- --**/ --VOID * --EFIAPI --HmacSha256New ( -- VOID -- ) --{ -- ASSERT (FALSE); -- return NULL; --} -- --/** -- Release the specified HMAC_CTX context. -- -- This function will do nothing. -- -- @param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be released. -- --**/ --VOID --EFIAPI --HmacSha256Free ( -- IN VOID *HmacSha256Ctx -- ) --{ -- ASSERT (FALSE); -- return; --} -- - /** - Initializes user-supplied memory pointed by HmacSha256Context as HMAC-SHA256 context for - subsequent use. -diff --git a/Cryptlib/Include/CrtLibSupport.h b/Cryptlib/Include/CrtLibSupport.h -deleted file mode 100644 -index 6312e5c..0000000 ---- a/Cryptlib/Include/CrtLibSupport.h -+++ /dev/null -@@ -1,384 +0,0 @@ --/** @file -- Root include file of C runtime library to support building the third-party -- cryptographic library. -- --Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.
--This program and the accompanying materials --are licensed and made available under the terms and conditions of the BSD License --which accompanies this distribution. The full text of the license may be found at --http://opensource.org/licenses/bsd-license.php -- --THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, --WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -- --**/ -- --#ifndef __CRT_LIB_SUPPORT_H__ --#define __CRT_LIB_SUPPORT_H__ -- --#include --#include --#include --#include --#include --#include --#include -- --/* -- * Include stddef.h to avoid redefining "offsetof" -- */ --#include -- --#define OPENSSLDIR "" --#define ENGINESDIR "" -- --#define CONST const -- --// --// OpenSSL relies on explicit configuration for word size in crypto/bn, --// but we want it to be automatically inferred from the target. So we --// bypass what's in for OPENSSL_SYS_UEFI, and --// define our own here. --// --#ifdef CONFIG_HEADER_BN_H --#error CONFIG_HEADER_BN_H already defined --#endif -- --#define CONFIG_HEADER_BN_H -- --#if defined(MDE_CPU_X64) || defined(MDE_CPU_AARCH64) || defined(MDE_CPU_IA64) --// --// With GCC we would normally use SIXTY_FOUR_BIT_LONG, but MSVC needs --// SIXTY_FOUR_BIT, because 'long' is 32-bit and only 'long long' is --// 64-bit. Since using 'long long' works fine on GCC too, just do that. --// --#define SIXTY_FOUR_BIT --#elif defined(MDE_CPU_IA32) || defined(MDE_CPU_ARM) || defined(MDE_CPU_EBC) --#define THIRTY_TWO_BIT --#else --#error Unknown target architecture --#endif -- --// --// File operations are not required for building Open SSL, --// so FILE is mapped to VOID * to pass build --// --typedef VOID *FILE; -- --// --// Map all va_xxxx elements to VA_xxx defined in MdePkg/Include/Base.h --// --#if !defined(__CC_ARM) || defined(_STDARG_H) // if va_list is not already defined --/* -- * These are now unconditionally #defined by GNU_EFI's efistdarg.h, -- * so we should #undef them here before providing a new definition. -- */ --#undef va_arg --#undef va_start --#undef va_end -- --#define va_list VA_LIST --#define va_arg VA_ARG --#define va_start VA_START --#define va_end VA_END -- --# if !defined(NO_BUILTIN_VA_FUNCS) -- --typedef __builtin_va_list VA_LIST; -- --#define VA_START(Marker, Parameter) __builtin_va_start (Marker, Parameter) -- --#define VA_ARG(Marker, TYPE) ((sizeof (TYPE) < sizeof (UINTN)) ? (TYPE)(__builtin_va_arg (Marker, UINTN)) : (TYPE)(__builtin_va_arg (Marker, TYPE))) -- --#define VA_END(Marker) __builtin_va_end (Marker) -- --#define VA_COPY(Dest, Start) __builtin_va_copy (Dest, Start) -- --# else -- --#define _INT_SIZE_OF(n) ((sizeof (n) + sizeof (UINTN) - 1) &~(sizeof (UINTN) - 1)) --/// --/// Variable used to traverse the list of arguments. This type can vary by --/// implementation and could be an array or structure. --/// --typedef CHAR8 *VA_LIST; -- --/** -- Retrieves a pointer to the beginning of a variable argument list, based on -- the name of the parameter that immediately precedes the variable argument list. -- -- This function initializes Marker to point to the beginning of the variable -- argument list that immediately follows Parameter. The method for computing the -- pointer to the next argument in the argument list is CPU-specific following the -- EFIAPI ABI. -- -- @param Marker The VA_LIST used to traverse the list of arguments. -- @param Parameter The name of the parameter that immediately precedes -- the variable argument list. -- -- @return A pointer to the beginning of a variable argument list. -- --**/ --#define VA_START(Marker, Parameter) (Marker = (VA_LIST) ((UINTN) & (Parameter) + _INT_SIZE_OF (Parameter))) -- --/** -- Returns an argument of a specified type from a variable argument list and updates -- the pointer to the variable argument list to point to the next argument. -- -- This function returns an argument of the type specified by TYPE from the beginning -- of the variable argument list specified by Marker. Marker is then updated to point -- to the next argument in the variable argument list. The method for computing the -- pointer to the next argument in the argument list is CPU-specific following the EFIAPI ABI. -- -- @param Marker VA_LIST used to traverse the list of arguments. -- @param TYPE The type of argument to retrieve from the beginning -- of the variable argument list. -- -- @return An argument of the type specified by TYPE. -- --**/ --#define VA_ARG(Marker, TYPE) (*(TYPE *) ((Marker += _INT_SIZE_OF (TYPE)) - _INT_SIZE_OF (TYPE))) -- --/** -- Terminates the use of a variable argument list. -- -- This function initializes Marker so it can no longer be used with VA_ARG(). -- After this macro is used, the only way to access the variable argument list is -- by using VA_START() again. -- -- @param Marker VA_LIST used to traverse the list of arguments. -- --**/ --#define VA_END(Marker) (Marker = (VA_LIST) 0) -- --/** -- Initializes a VA_LIST as a copy of an existing VA_LIST. -- -- This macro initializes Dest as a copy of Start, as if the VA_START macro had been applied to Dest -- followed by the same sequence of uses of the VA_ARG macro as had previously been used to reach -- the present state of Start. -- -- @param Dest VA_LIST used to traverse the list of arguments. -- @param Start VA_LIST used to traverse the list of arguments. -- --**/ --#define VA_COPY(Dest, Start) ((void)((Dest) = (Start))) -- --# endif -- --#else // __CC_ARM --#define va_start(Marker, Parameter) __va_start(Marker, Parameter) --#define va_arg(Marker, TYPE) __va_arg(Marker, TYPE) --#define va_end(Marker) ((void)0) --#endif -- --// --// Definitions for global constants used by CRT library routines --// --#define EINVAL 22 /* Invalid argument */ --#define INT_MAX 0x7FFFFFFF /* Maximum (signed) int value */ --#define LONG_MAX 0X7FFFFFFFL /* max value for a long */ --#define LONG_MIN (-LONG_MAX-1) /* min value for a long */ --#define ULONG_MAX 0xFFFFFFFF /* Maximum unsigned long value */ --#define CHAR_BIT 8 /* Number of bits in a char */ -- --// --// Macros from EFI Application Toolkit required to buiild Open SSL --// --/* The offsetof() macro calculates the offset of a structure member -- in its structure. Unfortunately this cannot be written down -- portably, hence it is provided by a Standard C header file. -- For pre-Standard C compilers, here is a version that usually works -- (but watch out!): */ --#ifndef offsetof --#define offsetof(type, member) ( (UINTN) & ((type*)0) -> member ) --#endif -- --// --// Basic types mapping --// --typedef UINTN size_t; --typedef INTN ssize_t; --typedef INT32 time_t; --typedef UINT8 __uint8_t; --typedef UINT8 sa_family_t; --typedef UINT32 uid_t; --typedef UINT32 gid_t; --typedef INT64 off_t; --typedef UINT16 mode_t; --typedef unsigned long clock_t; --typedef UINT32 ino_t; --typedef UINT32 dev_t; --typedef UINT16 nlink_t; --typedef int pid_t; --typedef void *DIR; -- --// --// Structures Definitions --// --struct tm { -- int tm_sec; /* seconds after the minute [0-60] */ -- int tm_min; /* minutes after the hour [0-59] */ -- int tm_hour; /* hours since midnight [0-23] */ -- int tm_mday; /* day of the month [1-31] */ -- int tm_mon; /* months since January [0-11] */ -- int tm_year; /* years since 1900 */ -- int tm_wday; /* days since Sunday [0-6] */ -- int tm_yday; /* days since January 1 [0-365] */ -- int tm_isdst; /* Daylight Savings Time flag */ -- long tm_gmtoff; /* offset from CUT in seconds */ -- char *tm_zone; /* timezone abbreviation */ --}; -- --struct timeval { -- long tv_sec; /* time value, in seconds */ -- long tv_usec; /* time value, in microseconds */ --}; -- --struct sockaddr { -- __uint8_t sa_len; /* total length */ -- sa_family_t sa_family; /* address family */ -- char sa_data[14]; /* actually longer; address value */ --}; -- --struct dirent { -- UINT32 d_fileno; /* file number of entry */ -- UINT16 d_reclen; /* length of this record */ -- UINT8 d_type; /* file type, see below */ -- UINT8 d_namlen; /* length of string in d_name */ -- char d_name[255 + 1]; /* name must be no longer than this */ --}; -- --struct stat { -- dev_t st_dev; /* inode's device */ -- ino_t st_ino; /* inode's number */ -- mode_t st_mode; /* inode protection mode */ -- nlink_t st_nlink; /* number of hard links */ -- uid_t st_uid; /* user ID of the file's owner */ -- gid_t st_gid; /* group ID of the file's group */ -- dev_t st_rdev; /* device type */ -- time_t st_atime; /* time of last access */ -- long st_atimensec; /* nsec of last access */ -- time_t st_mtime; /* time of last data modification */ -- long st_mtimensec; /* nsec of last data modification */ -- time_t st_ctime; /* time of last file status change */ -- long st_ctimensec; /* nsec of last file status change */ -- off_t st_size; /* file size, in bytes */ -- INT64 st_blocks; /* blocks allocated for file */ -- UINT32 st_blksize; /* optimal blocksize for I/O */ -- UINT32 st_flags; /* user defined flags for file */ -- UINT32 st_gen; /* file generation number */ -- INT32 st_lspare; -- INT64 st_qspare[2]; --}; -- --// --// Global variables --// --extern int errno; -- --// --// Function prototypes of CRT Library routines --// --void *malloc (size_t); --void *realloc (void *, size_t); --void free (void *); --void *memcpy (void *, const void *, size_t); --void *memchr (const void *, int, size_t); --int memcmp (const void *, const void *, size_t); --void *memmove (void *, const void *, size_t); --void *memset (void *, int, size_t); --int isdigit (int); --int isspace (int); --int isxdigit (int); --int isalnum (int); --int isupper (int); --int tolower (int); --int strcmp (const char *, const char *); --int strncmp (const char *, const char *, size_t); --int strncasecmp (const char *, const char *, size_t); --int strcasecmp (const char *, const char *); --char *strcpy (char *, const char *); --char *strncpy (char *, const char *, size_t); --size_t strlen (const char *); --char *strcat (char *, const char *); --char *strchr (const char *, int); --char *strncpy (char *, const char *, size_t); --char *strrchr (const char *, int); --unsigned long strtoul (const char *, char **, int); --long strtol (const char *, char **, int); --char *strerror (int); --size_t strspn (const char *, const char *); --size_t strcspn (const char *, const char *); --int printf (const char *, ...); --int sscanf (const char *, const char *, ...); --int open (const char *, int, ...); --int chmod (const char *, mode_t); --int stat (const char *, struct stat *); --off_t lseek (int, off_t, int); --ssize_t read (int, void *, size_t); --ssize_t write (int, const void *, size_t); --int close (int); --FILE *fopen (const char *, const char *); --size_t fread (void *, size_t, size_t, FILE *); --size_t fwrite (const void *, size_t, size_t, FILE *); --char *fgets (char *, int, FILE *); --int fputs (const char *, FILE *); --int fprintf (FILE *, const char *, ...); --int vfprintf (FILE *, const char *, VA_LIST); --int fflush (FILE *); --int fclose (FILE *); --DIR *opendir (const char *); --struct dirent *readdir (DIR *); --int closedir (DIR *); --void openlog (const char *, int, int); --void closelog (void); --void syslog (int, const char *, ...); --time_t time (time_t *); --struct tm *localtime (const time_t *); --struct tm *gmtime (const time_t *); --struct tm *gmtime_r (const time_t *, struct tm *); --uid_t getuid (void); --uid_t geteuid (void); --gid_t getgid (void); --gid_t getegid (void); --void qsort (void *, size_t, size_t, int (*)(const void *, const void *)); --char *getenv (const char *); --void exit (int); --#if defined(__GNUC__) && (__GNUC__ >= 2) --void abort (void) __attribute__((__noreturn__)); --#else --void abort (void); --#endif -- --// --// Global variables from EFI Application Toolkit required to buiild Open SSL --// --extern FILE *stderr; --extern FILE *stdin; --extern FILE *stdout; -- --#define AsciiStrLen(x) strlena(x) --#define AsciiStrnCmp(s1, s2, len) strncmpa((CHAR8 *)s1, (CHAR8 *)s2, len) -- --// --// Macros that directly map functions to BaseLib, BaseMemoryLib, and DebugLib functions --// --#define memcpy(dest,source,count) ( {CopyMem(dest,source,(UINTN)(count)); dest; }) --#define memset(dest,ch,count) SetMem(dest,(UINTN)(count),(UINT8)(ch)) --#define memchr(buf,ch,count) ScanMem8((CHAR8 *)buf,(UINTN)(count),ch) --#define memcmp(buf1,buf2,count) (int)(CompareMem(buf1,buf2,(UINTN)(count))) --#define memmove(dest,source,count) CopyMem(dest,source,(UINTN)(count)) --#define strlen(str) (size_t)(AsciiStrLen((CHAR8 *)str)) --#define strcpy(strDest,strSource) AsciiStrCpy(strDest,strSource) --#define strncpy(strDest,strSource,count) AsciiStrnCpy(strDest,strSource,(UINTN)count) --#define strcat(strDest,strSource) AsciiStrCat(strDest,strSource) --#define strchr(str,ch) (char *)(ScanMem8((CHAR8 *)str,AsciiStrSize((CHAR8 *)str),ch)) --#define strncmp(string1,string2,count) (int)(AsciiStrnCmp(string1,string2,(UINTN)(count))) --#define localtime(timer) NULL --#define assert(expression) --#define atoi(nptr) AsciiStrDecimalToUintn(nptr) --#define gettimeofday(tvp,tz) do { (tvp)->tv_sec = time(NULL); (tvp)->tv_usec = 0; } while (0) --#define gmtime_r(timer,result) (result = NULL) -- --#endif -diff --git a/Cryptlib/Include/OpenSslSupport.h b/Cryptlib/Include/OpenSslSupport.h -new file mode 100644 -index 0000000..f73bbc9 ---- /dev/null -+++ b/Cryptlib/Include/OpenSslSupport.h -@@ -0,0 +1,377 @@ -+/** @file -+ Root include file to support building OpenSSL Crypto Library. -+ -+Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.
-+This program and the accompanying materials -+are licensed and made available under the terms and conditions of the BSD License -+which accompanies this distribution. The full text of the license may be found at -+http://opensource.org/licenses/bsd-license.php -+ -+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -+ -+**/ -+ -+#ifndef __OPEN_SSL_SUPPORT_H__ -+#define __OPEN_SSL_SUPPORT_H__ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#define CONST const -+ -+// -+// OpenSSL relies on explicit configuration for word size in crypto/bn, -+// but we want it to be automatically inferred from the target. So we -+// bypass what's in for OPENSSL_SYS_UEFI, and -+// define our own here. -+// -+#ifdef CONFIG_HEADER_BN_H -+#error CONFIG_HEADER_BN_H already defined -+#endif -+ -+#define CONFIG_HEADER_BN_H -+ -+#if defined(MDE_CPU_X64) || defined(MDE_CPU_AARCH64) || defined(MDE_CPU_IA64) -+// -+// With GCC we would normally use SIXTY_FOUR_BIT_LONG, but MSVC needs -+// SIXTY_FOUR_BIT, because 'long' is 32-bit and only 'long long' is -+// 64-bit. Since using 'long long' works fine on GCC too, just do that. -+// -+#define SIXTY_FOUR_BIT -+#elif defined(MDE_CPU_IA32) || defined(MDE_CPU_ARM) || defined(MDE_CPU_EBC) -+#define THIRTY_TWO_BIT -+#else -+#error Unknown target architecture -+#endif -+ -+// -+// File operations are not required for building Open SSL, -+// so FILE is mapped to VOID * to pass build -+// -+typedef VOID *FILE; -+ -+// -+// Map all va_xxxx elements to VA_xxx defined in MdePkg/Include/Base.h -+// -+#if !defined(__CC_ARM) || defined(_STDARG_H) // if va_list is not already defined -+/* -+ * These are now unconditionally #defined by GNU_EFI's efistdarg.h, -+ * so we should #undef them here before providing a new definition. -+ */ -+#undef va_arg -+#undef va_start -+#undef va_end -+ -+#define va_list VA_LIST -+#define va_arg VA_ARG -+#define va_start VA_START -+#define va_end VA_END -+ -+# if !defined(NO_BUILTIN_VA_FUNCS) -+ -+typedef __builtin_va_list VA_LIST; -+ -+#define VA_START(Marker, Parameter) __builtin_va_start (Marker, Parameter) -+ -+#define VA_ARG(Marker, TYPE) ((sizeof (TYPE) < sizeof (UINTN)) ? (TYPE)(__builtin_va_arg (Marker, UINTN)) : (TYPE)(__builtin_va_arg (Marker, TYPE))) -+ -+#define VA_END(Marker) __builtin_va_end (Marker) -+ -+#define VA_COPY(Dest, Start) __builtin_va_copy (Dest, Start) -+ -+# else -+ -+#define _INT_SIZE_OF(n) ((sizeof (n) + sizeof (UINTN) - 1) &~(sizeof (UINTN) - 1)) -+/// -+/// Variable used to traverse the list of arguments. This type can vary by -+/// implementation and could be an array or structure. -+/// -+typedef CHAR8 *VA_LIST; -+ -+/** -+ Retrieves a pointer to the beginning of a variable argument list, based on -+ the name of the parameter that immediately precedes the variable argument list. -+ -+ This function initializes Marker to point to the beginning of the variable -+ argument list that immediately follows Parameter. The method for computing the -+ pointer to the next argument in the argument list is CPU-specific following the -+ EFIAPI ABI. -+ -+ @param Marker The VA_LIST used to traverse the list of arguments. -+ @param Parameter The name of the parameter that immediately precedes -+ the variable argument list. -+ -+ @return A pointer to the beginning of a variable argument list. -+ -+**/ -+#define VA_START(Marker, Parameter) (Marker = (VA_LIST) ((UINTN) & (Parameter) + _INT_SIZE_OF (Parameter))) -+ -+/** -+ Returns an argument of a specified type from a variable argument list and updates -+ the pointer to the variable argument list to point to the next argument. -+ -+ This function returns an argument of the type specified by TYPE from the beginning -+ of the variable argument list specified by Marker. Marker is then updated to point -+ to the next argument in the variable argument list. The method for computing the -+ pointer to the next argument in the argument list is CPU-specific following the EFIAPI ABI. -+ -+ @param Marker VA_LIST used to traverse the list of arguments. -+ @param TYPE The type of argument to retrieve from the beginning -+ of the variable argument list. -+ -+ @return An argument of the type specified by TYPE. -+ -+**/ -+#define VA_ARG(Marker, TYPE) (*(TYPE *) ((Marker += _INT_SIZE_OF (TYPE)) - _INT_SIZE_OF (TYPE))) -+ -+/** -+ Terminates the use of a variable argument list. -+ -+ This function initializes Marker so it can no longer be used with VA_ARG(). -+ After this macro is used, the only way to access the variable argument list is -+ by using VA_START() again. -+ -+ @param Marker VA_LIST used to traverse the list of arguments. -+ -+**/ -+#define VA_END(Marker) (Marker = (VA_LIST) 0) -+ -+/** -+ Initializes a VA_LIST as a copy of an existing VA_LIST. -+ -+ This macro initializes Dest as a copy of Start, as if the VA_START macro had been applied to Dest -+ followed by the same sequence of uses of the VA_ARG macro as had previously been used to reach -+ the present state of Start. -+ -+ @param Dest VA_LIST used to traverse the list of arguments. -+ @param Start VA_LIST used to traverse the list of arguments. -+ -+**/ -+#define VA_COPY(Dest, Start) ((void)((Dest) = (Start))) -+ -+# endif -+ -+#else // __CC_ARM -+#define va_start(Marker, Parameter) __va_start(Marker, Parameter) -+#define va_arg(Marker, TYPE) __va_arg(Marker, TYPE) -+#define va_end(Marker) ((void)0) -+#endif -+ -+// -+// #defines from EFI Application Toolkit required to buiild Open SSL -+// -+#define ENOMEM 12 /* Cannot allocate memory */ -+#define EINVAL 22 /* Invalid argument */ -+#define BUFSIZ 1024 /* size of buffer used by setbuf */ -+#define INT_MAX 2147483647 /* max value for an int */ -+#define INT_MIN (-2147483647-1) /* min value for an int */ -+#define LONG_MAX 2147483647L /* max value for a long */ -+#define LONG_MIN (-2147483647-1) /* min value for a long */ -+#define ULONG_MAX 0xffffffff /* max value for an unsigned long */ -+#define LOG_DAEMON (3<<3) /* system daemons */ -+#define LOG_EMERG 0 /* system is unusable */ -+#define LOG_ALERT 1 /* action must be taken immediately */ -+#define LOG_CRIT 2 /* critical conditions */ -+#define LOG_ERR 3 /* error conditions */ -+#define LOG_WARNING 4 /* warning conditions */ -+#define LOG_NOTICE 5 /* normal but significant condition */ -+#define LOG_INFO 6 /* informational */ -+#define LOG_DEBUG 7 /* debug-level messages */ -+#define LOG_PID 0x01 /* log the pid with each message */ -+#define LOG_CONS 0x02 /* log on the console if errors in sending */ -+ -+// -+// Macros from EFI Application Toolkit required to buiild Open SSL -+// -+/* The offsetof() macro calculates the offset of a structure member -+ in its structure. Unfortunately this cannot be written down -+ portably, hence it is provided by a Standard C header file. -+ For pre-Standard C compilers, here is a version that usually works -+ (but watch out!): */ -+#ifndef offsetof -+#define offsetof(type, member) ( (int) & ((type*)0) -> member ) -+#endif -+ -+// -+// Basic types from EFI Application Toolkit required to buiild Open SSL -+// -+typedef UINTN size_t; -+typedef INTN ssize_t; -+typedef INT64 off_t; -+typedef UINT16 mode_t; -+typedef long time_t; -+typedef unsigned long clock_t; -+typedef UINT32 uid_t; -+typedef UINT32 gid_t; -+typedef UINT32 ino_t; -+typedef UINT32 dev_t; -+typedef UINT16 nlink_t; -+typedef int pid_t; -+typedef void *DIR; -+typedef void __sighandler_t (int); -+ -+// -+// Structures from EFI Application Toolkit required to buiild Open SSL -+// -+struct tm { -+ int tm_sec; /* seconds after the minute [0-60] */ -+ int tm_min; /* minutes after the hour [0-59] */ -+ int tm_hour; /* hours since midnight [0-23] */ -+ int tm_mday; /* day of the month [1-31] */ -+ int tm_mon; /* months since January [0-11] */ -+ int tm_year; /* years since 1900 */ -+ int tm_wday; /* days since Sunday [0-6] */ -+ int tm_yday; /* days since January 1 [0-365] */ -+ int tm_isdst; /* Daylight Savings Time flag */ -+ long tm_gmtoff; /* offset from CUT in seconds */ -+ char *tm_zone; /* timezone abbreviation */ -+}; -+ -+struct timeval { -+ long tv_sec; /* time value, in seconds */ -+ long tv_usec; /* time value, in microseconds */ -+}; -+ -+struct dirent { -+ UINT32 d_fileno; /* file number of entry */ -+ UINT16 d_reclen; /* length of this record */ -+ UINT8 d_type; /* file type, see below */ -+ UINT8 d_namlen; /* length of string in d_name */ -+ char d_name[255 + 1]; /* name must be no longer than this */ -+}; -+ -+struct stat { -+ dev_t st_dev; /* inode's device */ -+ ino_t st_ino; /* inode's number */ -+ mode_t st_mode; /* inode protection mode */ -+ nlink_t st_nlink; /* number of hard links */ -+ uid_t st_uid; /* user ID of the file's owner */ -+ gid_t st_gid; /* group ID of the file's group */ -+ dev_t st_rdev; /* device type */ -+ time_t st_atime; /* time of last access */ -+ long st_atimensec; /* nsec of last access */ -+ time_t st_mtime; /* time of last data modification */ -+ long st_mtimensec; /* nsec of last data modification */ -+ time_t st_ctime; /* time of last file status change */ -+ long st_ctimensec; /* nsec of last file status change */ -+ off_t st_size; /* file size, in bytes */ -+ INT64 st_blocks; /* blocks allocated for file */ -+ UINT32 st_blksize; /* optimal blocksize for I/O */ -+ UINT32 st_flags; /* user defined flags for file */ -+ UINT32 st_gen; /* file generation number */ -+ INT32 st_lspare; -+ INT64 st_qspare[2]; -+}; -+ -+// -+// Externs from EFI Application Toolkit required to buiild Open SSL -+// -+extern int errno; -+ -+// -+// Function prototypes from EFI Application Toolkit required to buiild Open SSL -+// -+void *malloc (size_t); -+void *realloc (void *, size_t); -+void free (void *); -+int isdigit (int); -+int isspace (int); -+int tolower (int); -+int isupper (int); -+int isxdigit (int); -+int isalnum (int); -+void *memcpy (void *, const void *, size_t); -+void *memset (void *, int, size_t); -+void *memchr (const void *, int, size_t); -+int memcmp (const void *, const void *, size_t); -+void *memmove (void *, const void *, size_t); -+int strcmp (const char *, const char *); -+int strncmp (const char *, const char *, size_t); -+char *strcpy (char *, const char *); -+char *strncpy (char *, const char *, size_t); -+size_t strlen (const char *); -+char *strcat (char *, const char *); -+char *strchr (const char *, int); -+int strcasecmp (const char *, const char *); -+int strncasecmp (const char *, const char *, size_t); -+char *strncpy (char *, const char *, size_t); -+int strncmp (const char *, const char *, size_t); -+char *strrchr (const char *, int); -+unsigned long strtoul (const char *, char **, int); -+long strtol (const char *, char **, int); -+int printf (const char *, ...); -+int sscanf (const char *, const char *, ...); -+int open (const char *, int, ...); -+int chmod (const char *, mode_t); -+int stat (const char *, struct stat *); -+off_t lseek (int, off_t, int); -+ssize_t read (int, void *, size_t); -+ssize_t write (int, const void *, size_t); -+int close (int); -+FILE *fopen (const char *, const char *); -+size_t fread (void *, size_t, size_t, FILE *); -+size_t fwrite (const void *, size_t, size_t, FILE *); -+char *fgets (char *, int, FILE *); -+int fputs (const char *, FILE *); -+int fprintf (FILE *, const char *, ...); -+int vfprintf (FILE *, const char *, VA_LIST); -+int fflush (FILE *); -+int fclose (FILE *); -+DIR *opendir (const char *); -+struct dirent *readdir (DIR *); -+int closedir (DIR *); -+void openlog (const char *, int, int); -+void closelog (void); -+void syslog (int, const char *, ...); -+time_t time (time_t *); -+struct tm *localtime (const time_t *); -+struct tm *gmtime (const time_t *); -+struct tm *gmtime_r (const time_t *, struct tm *); -+uid_t getuid (void); -+uid_t geteuid (void); -+gid_t getgid (void); -+gid_t getegid (void); -+void qsort (void *, size_t, size_t, int (*)(const void *, const void *)); -+char *getenv (const char *); -+void exit (int); -+void abort (void); -+__sighandler_t *signal (int, __sighandler_t *); -+ -+// -+// Global variables from EFI Application Toolkit required to buiild Open SSL -+// -+extern FILE *stderr; -+extern FILE *stdin; -+extern FILE *stdout; -+ -+#define AsciiStrLen(x) strlena(x) -+#define AsciiStrnCmp(s1, s2, len) strncmpa(s1, s2, len) -+ -+// -+// Macros that directly map functions to BaseLib, BaseMemoryLib, and DebugLib functions -+// -+#define memcpy(dest,source,count) ( {CopyMem(dest,source,(UINTN)(count)); dest; }) -+#define memset(dest,ch,count) SetMem(dest,(UINTN)(count),(UINT8)(ch)) -+#define memchr(buf,ch,count) ScanMem8(buf,(UINTN)(count),(UINT8)ch) -+#define memcmp(buf1,buf2,count) (int)(CompareMem(buf1,buf2,(UINTN)(count))) -+#define memmove(dest,source,count) CopyMem(dest,source,(UINTN)(count)) -+#define strcmp strcmpa -+#define strncmp(string1,string2,count) (int)(AsciiStrnCmp(string1,string2,(UINTN)(count))) -+#define strcpy(strDest,strSource) AsciiStrCpy(strDest,strSource) -+#define strncpy(strDest,strSource,count) AsciiStrnCpy(strDest,strSource,(UINTN)count) -+#define strlen(str) (size_t)(AsciiStrLen(str)) -+#define strcat(strDest,strSource) AsciiStrCat(strDest,strSource) -+#define strchr(str,ch) ScanMem8((VOID *)(str),AsciiStrSize(str),(UINT8)ch) -+#define abort() ASSERT (FALSE) -+#define assert(expression) -+#define localtime(timer) NULL -+#define gmtime_r(timer,result) (result = NULL) -+#define atoi(nptr) Atoi(nptr) -+ -+#endif -diff --git a/Cryptlib/Include/arpa/inet.h b/Cryptlib/Include/arpa/inet.h -index e95c19c..ee07f6b 100644 ---- a/Cryptlib/Include/arpa/inet.h -+++ b/Cryptlib/Include/arpa/inet.h -@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - - **/ - --#include -+#include - -diff --git a/Cryptlib/Include/assert.h b/Cryptlib/Include/assert.h -index e95c19c..ee07f6b 100644 ---- a/Cryptlib/Include/assert.h -+++ b/Cryptlib/Include/assert.h -@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - - **/ - --#include -+#include - -diff --git a/Cryptlib/Include/ctype.h b/Cryptlib/Include/ctype.h -index e95c19c..ee07f6b 100644 ---- a/Cryptlib/Include/ctype.h -+++ b/Cryptlib/Include/ctype.h -@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - - **/ - --#include -+#include - -diff --git a/Cryptlib/Include/dirent.h b/Cryptlib/Include/dirent.h -index e95c19c..ee07f6b 100644 ---- a/Cryptlib/Include/dirent.h -+++ b/Cryptlib/Include/dirent.h -@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - - **/ - --#include -+#include - -diff --git a/Cryptlib/Include/errno.h b/Cryptlib/Include/errno.h -index e95c19c..ee07f6b 100644 ---- a/Cryptlib/Include/errno.h -+++ b/Cryptlib/Include/errno.h -@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - - **/ - --#include -+#include - -diff --git a/Cryptlib/Include/internal/bio.h b/Cryptlib/Include/internal/bio.h -deleted file mode 100644 -index 3b6a6ac..0000000 ---- a/Cryptlib/Include/internal/bio.h -+++ /dev/null -@@ -1,26 +0,0 @@ --/* -- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include -- --struct bio_method_st { -- int type; -- const char *name; -- int (*bwrite) (BIO *, const char *, int); -- int (*bread) (BIO *, char *, int); -- int (*bputs) (BIO *, const char *); -- int (*bgets) (BIO *, char *, int); -- long (*ctrl) (BIO *, int, long, void *); -- int (*create) (BIO *); -- int (*destroy) (BIO *); -- long (*callback_ctrl) (BIO *, int, bio_info_cb *); --}; -- --void bio_free_ex_data(BIO *bio); --void bio_cleanup(void); -diff --git a/Cryptlib/Include/internal/comp.h b/Cryptlib/Include/internal/comp.h -deleted file mode 100644 -index ac6e38b..0000000 ---- a/Cryptlib/Include/internal/comp.h -+++ /dev/null -@@ -1,12 +0,0 @@ --/* -- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include -- --void comp_zlib_cleanup_int(void); -diff --git a/Cryptlib/Include/internal/conf.h b/Cryptlib/Include/internal/conf.h -deleted file mode 100644 -index ada3f92..0000000 ---- a/Cryptlib/Include/internal/conf.h -+++ /dev/null -@@ -1,32 +0,0 @@ --/* -- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#ifndef HEADER_INTERNAL_CONF_H --# define HEADER_INTERNAL_CONF_H -- --#include -- --#ifdef __cplusplus --extern "C" { --#endif -- -- --struct ossl_init_settings_st { -- char *appname; --}; -- --void openssl_config_int(const char *appname); --void openssl_no_config_int(void); --void conf_modules_free_int(void); -- --#ifdef __cplusplus --} --#endif -- --#endif -diff --git a/Cryptlib/Include/internal/constant_time_locl.h b/Cryptlib/Include/internal/constant_time_locl.h -deleted file mode 100644 -index d27fb14..0000000 ---- a/Cryptlib/Include/internal/constant_time_locl.h -+++ /dev/null -@@ -1,185 +0,0 @@ --/* -- * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#ifndef HEADER_CONSTANT_TIME_LOCL_H --# define HEADER_CONSTANT_TIME_LOCL_H -- --# include /* For 'ossl_inline' */ -- --#ifdef __cplusplus --extern "C" { --#endif -- --/*- -- * The boolean methods return a bitmask of all ones (0xff...f) for true -- * and 0 for false. This is useful for choosing a value based on the result -- * of a conditional in constant time. For example, -- * -- * if (a < b) { -- * c = a; -- * } else { -- * c = b; -- * } -- * -- * can be written as -- * -- * unsigned int lt = constant_time_lt(a, b); -- * c = constant_time_select(lt, a, b); -- */ -- --/* -- * Returns the given value with the MSB copied to all the other -- * bits. Uses the fact that arithmetic shift shifts-in the sign bit. -- * However, this is not ensured by the C standard so you may need to -- * replace this with something else on odd CPUs. -- */ --static ossl_inline unsigned int constant_time_msb(unsigned int a); -- --/* -- * Returns 0xff..f if a < b and 0 otherwise. -- */ --static ossl_inline unsigned int constant_time_lt(unsigned int a, -- unsigned int b); --/* Convenience method for getting an 8-bit mask. */ --static ossl_inline unsigned char constant_time_lt_8(unsigned int a, -- unsigned int b); -- --/* -- * Returns 0xff..f if a >= b and 0 otherwise. -- */ --static ossl_inline unsigned int constant_time_ge(unsigned int a, -- unsigned int b); --/* Convenience method for getting an 8-bit mask. */ --static ossl_inline unsigned char constant_time_ge_8(unsigned int a, -- unsigned int b); -- --/* -- * Returns 0xff..f if a == 0 and 0 otherwise. -- */ --static ossl_inline unsigned int constant_time_is_zero(unsigned int a); --/* Convenience method for getting an 8-bit mask. */ --static ossl_inline unsigned char constant_time_is_zero_8(unsigned int a); -- --/* -- * Returns 0xff..f if a == b and 0 otherwise. -- */ --static ossl_inline unsigned int constant_time_eq(unsigned int a, -- unsigned int b); --/* Convenience method for getting an 8-bit mask. */ --static ossl_inline unsigned char constant_time_eq_8(unsigned int a, -- unsigned int b); --/* Signed integers. */ --static ossl_inline unsigned int constant_time_eq_int(int a, int b); --/* Convenience method for getting an 8-bit mask. */ --static ossl_inline unsigned char constant_time_eq_int_8(int a, int b); -- --/*- -- * Returns (mask & a) | (~mask & b). -- * -- * When |mask| is all 1s or all 0s (as returned by the methods above), -- * the select methods return either |a| (if |mask| is nonzero) or |b| -- * (if |mask| is zero). -- */ --static ossl_inline unsigned int constant_time_select(unsigned int mask, -- unsigned int a, -- unsigned int b); --/* Convenience method for unsigned chars. */ --static ossl_inline unsigned char constant_time_select_8(unsigned char mask, -- unsigned char a, -- unsigned char b); --/* Convenience method for signed integers. */ --static ossl_inline int constant_time_select_int(unsigned int mask, int a, -- int b); -- --static ossl_inline unsigned int constant_time_msb(unsigned int a) --{ -- return 0 - (a >> (sizeof(a) * 8 - 1)); --} -- --static ossl_inline unsigned int constant_time_lt(unsigned int a, -- unsigned int b) --{ -- return constant_time_msb(a ^ ((a ^ b) | ((a - b) ^ b))); --} -- --static ossl_inline unsigned char constant_time_lt_8(unsigned int a, -- unsigned int b) --{ -- return (unsigned char)(constant_time_lt(a, b)); --} -- --static ossl_inline unsigned int constant_time_ge(unsigned int a, -- unsigned int b) --{ -- return ~constant_time_lt(a, b); --} -- --static ossl_inline unsigned char constant_time_ge_8(unsigned int a, -- unsigned int b) --{ -- return (unsigned char)(constant_time_ge(a, b)); --} -- --static ossl_inline unsigned int constant_time_is_zero(unsigned int a) --{ -- return constant_time_msb(~a & (a - 1)); --} -- --static ossl_inline unsigned char constant_time_is_zero_8(unsigned int a) --{ -- return (unsigned char)(constant_time_is_zero(a)); --} -- --static ossl_inline unsigned int constant_time_eq(unsigned int a, -- unsigned int b) --{ -- return constant_time_is_zero(a ^ b); --} -- --static ossl_inline unsigned char constant_time_eq_8(unsigned int a, -- unsigned int b) --{ -- return (unsigned char)(constant_time_eq(a, b)); --} -- --static ossl_inline unsigned int constant_time_eq_int(int a, int b) --{ -- return constant_time_eq((unsigned)(a), (unsigned)(b)); --} -- --static ossl_inline unsigned char constant_time_eq_int_8(int a, int b) --{ -- return constant_time_eq_8((unsigned)(a), (unsigned)(b)); --} -- --static ossl_inline unsigned int constant_time_select(unsigned int mask, -- unsigned int a, -- unsigned int b) --{ -- return (mask & a) | (~mask & b); --} -- --static ossl_inline unsigned char constant_time_select_8(unsigned char mask, -- unsigned char a, -- unsigned char b) --{ -- return (unsigned char)(constant_time_select(mask, a, b)); --} -- --static ossl_inline int constant_time_select_int(unsigned int mask, int a, -- int b) --{ -- return (int)(constant_time_select(mask, (unsigned)(a), (unsigned)(b))); --} -- --#ifdef __cplusplus --} --#endif -- --#endif /* HEADER_CONSTANT_TIME_LOCL_H */ -diff --git a/Cryptlib/Include/internal/dane.h b/Cryptlib/Include/internal/dane.h -deleted file mode 100644 -index a1cb548..0000000 ---- a/Cryptlib/Include/internal/dane.h -+++ /dev/null -@@ -1,103 +0,0 @@ --/* -- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#ifndef HEADER_INTERNAL_DANE_H --#define HEADER_INTERNAL_DANE_H -- --#include -- --/*- -- * Certificate usages: -- * https://tools.ietf.org/html/rfc6698#section-2.1.1 -- */ --#define DANETLS_USAGE_PKIX_TA 0 --#define DANETLS_USAGE_PKIX_EE 1 --#define DANETLS_USAGE_DANE_TA 2 --#define DANETLS_USAGE_DANE_EE 3 --#define DANETLS_USAGE_LAST DANETLS_USAGE_DANE_EE -- --/*- -- * Selectors: -- * https://tools.ietf.org/html/rfc6698#section-2.1.2 -- */ --#define DANETLS_SELECTOR_CERT 0 --#define DANETLS_SELECTOR_SPKI 1 --#define DANETLS_SELECTOR_LAST DANETLS_SELECTOR_SPKI -- --/*- -- * Matching types: -- * https://tools.ietf.org/html/rfc6698#section-2.1.3 -- */ --#define DANETLS_MATCHING_FULL 0 --#define DANETLS_MATCHING_2256 1 --#define DANETLS_MATCHING_2512 2 --#define DANETLS_MATCHING_LAST DANETLS_MATCHING_2512 -- --typedef struct danetls_record_st { -- uint8_t usage; -- uint8_t selector; -- uint8_t mtype; -- unsigned char *data; -- size_t dlen; -- EVP_PKEY *spki; --} danetls_record; -- --DEFINE_STACK_OF(danetls_record) -- --/* -- * Shared DANE context -- */ --struct dane_ctx_st { -- const EVP_MD **mdevp; /* mtype -> digest */ -- uint8_t *mdord; /* mtype -> preference */ -- uint8_t mdmax; /* highest supported mtype */ -- unsigned long flags; /* feature bitmask */ --}; -- --/* -- * Per connection DANE state -- */ --struct ssl_dane_st { -- struct dane_ctx_st *dctx; -- STACK_OF(danetls_record) *trecs; -- STACK_OF(X509) *certs; /* DANE-TA(2) Cert(0) Full(0) certs */ -- danetls_record *mtlsa; /* Matching TLSA record */ -- X509 *mcert; /* DANE matched cert */ -- uint32_t umask; /* Usages present */ -- int mdpth; /* Depth of matched cert */ -- int pdpth; /* Depth of PKIX trust */ -- unsigned long flags; /* feature bitmask */ --}; -- --#define DANETLS_ENABLED(dane) \ -- ((dane) != NULL && sk_danetls_record_num((dane)->trecs) > 0) -- --#define DANETLS_USAGE_BIT(u) (((uint32_t)1) << u) -- --#define DANETLS_PKIX_TA_MASK (DANETLS_USAGE_BIT(DANETLS_USAGE_PKIX_TA)) --#define DANETLS_PKIX_EE_MASK (DANETLS_USAGE_BIT(DANETLS_USAGE_PKIX_EE)) --#define DANETLS_DANE_TA_MASK (DANETLS_USAGE_BIT(DANETLS_USAGE_DANE_TA)) --#define DANETLS_DANE_EE_MASK (DANETLS_USAGE_BIT(DANETLS_USAGE_DANE_EE)) -- --#define DANETLS_PKIX_MASK (DANETLS_PKIX_TA_MASK | DANETLS_PKIX_EE_MASK) --#define DANETLS_DANE_MASK (DANETLS_DANE_TA_MASK | DANETLS_DANE_EE_MASK) --#define DANETLS_TA_MASK (DANETLS_PKIX_TA_MASK | DANETLS_DANE_TA_MASK) --#define DANETLS_EE_MASK (DANETLS_PKIX_EE_MASK | DANETLS_DANE_EE_MASK) -- --#define DANETLS_HAS_PKIX(dane) ((dane) && ((dane)->umask & DANETLS_PKIX_MASK)) --#define DANETLS_HAS_DANE(dane) ((dane) && ((dane)->umask & DANETLS_DANE_MASK)) --#define DANETLS_HAS_TA(dane) ((dane) && ((dane)->umask & DANETLS_TA_MASK)) --#define DANETLS_HAS_EE(dane) ((dane) && ((dane)->umask & DANETLS_EE_MASK)) -- --#define DANETLS_HAS_PKIX_TA(dane) ((dane)&&((dane)->umask & DANETLS_PKIX_TA_MASK)) --#define DANETLS_HAS_PKIX_EE(dane) ((dane)&&((dane)->umask & DANETLS_PKIX_EE_MASK)) --#define DANETLS_HAS_DANE_TA(dane) ((dane)&&((dane)->umask & DANETLS_DANE_TA_MASK)) --#define DANETLS_HAS_DANE_EE(dane) ((dane)&&((dane)->umask & DANETLS_DANE_EE_MASK)) -- --#endif /* HEADER_INTERNAL_DANE_H */ -diff --git a/Cryptlib/Include/internal/dso.h b/Cryptlib/Include/internal/dso.h -deleted file mode 100644 -index f5de8a2..0000000 ---- a/Cryptlib/Include/internal/dso.h -+++ /dev/null -@@ -1,239 +0,0 @@ --/* -- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#ifndef HEADER_DSO_H --# define HEADER_DSO_H -- --# include -- --#ifdef __cplusplus --extern "C" { --#endif -- --/* These values are used as commands to DSO_ctrl() */ --# define DSO_CTRL_GET_FLAGS 1 --# define DSO_CTRL_SET_FLAGS 2 --# define DSO_CTRL_OR_FLAGS 3 -- --/* -- * By default, DSO_load() will translate the provided filename into a form -- * typical for the platform using the dso_name_converter function of the -- * method. Eg. win32 will transform "blah" into "blah.dll", and dlfcn will -- * transform it into "libblah.so". This callback could even utilise the -- * DSO_METHOD's converter too if it only wants to override behaviour for -- * one or two possible DSO methods. However, the following flag can be -- * set in a DSO to prevent *any* native name-translation at all - eg. if -- * the caller has prompted the user for a path to a driver library so the -- * filename should be interpreted as-is. -- */ --# define DSO_FLAG_NO_NAME_TRANSLATION 0x01 --/* -- * An extra flag to give if only the extension should be added as -- * translation. This is obviously only of importance on Unix and other -- * operating systems where the translation also may prefix the name with -- * something, like 'lib', and ignored everywhere else. This flag is also -- * ignored if DSO_FLAG_NO_NAME_TRANSLATION is used at the same time. -- */ --# define DSO_FLAG_NAME_TRANSLATION_EXT_ONLY 0x02 -- --/* -- * Don't unload the DSO when we call DSO_free() -- */ --# define DSO_FLAG_NO_UNLOAD_ON_FREE 0x04 --/* -- * The following flag controls the translation of symbol names to upper case. -- * This is currently only being implemented for OpenVMS. -- */ --# define DSO_FLAG_UPCASE_SYMBOL 0x10 -- --/* -- * This flag loads the library with public symbols. Meaning: The exported -- * symbols of this library are public to all libraries loaded after this -- * library. At the moment only implemented in unix. -- */ --# define DSO_FLAG_GLOBAL_SYMBOLS 0x20 -- --typedef void (*DSO_FUNC_TYPE) (void); -- --typedef struct dso_st DSO; --typedef struct dso_meth_st DSO_METHOD; -- --/* -- * The function prototype used for method functions (or caller-provided -- * callbacks) that transform filenames. They are passed a DSO structure -- * pointer (or NULL if they are to be used independently of a DSO object) and -- * a filename to transform. They should either return NULL (if there is an -- * error condition) or a newly allocated string containing the transformed -- * form that the caller will need to free with OPENSSL_free() when done. -- */ --typedef char *(*DSO_NAME_CONVERTER_FUNC)(DSO *, const char *); --/* -- * The function prototype used for method functions (or caller-provided -- * callbacks) that merge two file specifications. They are passed a DSO -- * structure pointer (or NULL if they are to be used independently of a DSO -- * object) and two file specifications to merge. They should either return -- * NULL (if there is an error condition) or a newly allocated string -- * containing the result of merging that the caller will need to free with -- * OPENSSL_free() when done. Here, merging means that bits and pieces are -- * taken from each of the file specifications and added together in whatever -- * fashion that is sensible for the DSO method in question. The only rule -- * that really applies is that if the two specification contain pieces of the -- * same type, the copy from the first string takes priority. One could see -- * it as the first specification is the one given by the user and the second -- * being a bunch of defaults to add on if they're missing in the first. -- */ --typedef char *(*DSO_MERGER_FUNC)(DSO *, const char *, const char *); -- --DSO *DSO_new(void); --int DSO_free(DSO *dso); --int DSO_flags(DSO *dso); --int DSO_up_ref(DSO *dso); --long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg); -- --/* -- * These functions can be used to get/set the platform-independent filename -- * used for a DSO. NB: set will fail if the DSO is already loaded. -- */ --const char *DSO_get_filename(DSO *dso); --int DSO_set_filename(DSO *dso, const char *filename); --/* -- * This function will invoke the DSO's name_converter callback to translate a -- * filename, or if the callback isn't set it will instead use the DSO_METHOD's -- * converter. If "filename" is NULL, the "filename" in the DSO itself will be -- * used. If the DSO_FLAG_NO_NAME_TRANSLATION flag is set, then the filename is -- * simply duplicated. NB: This function is usually called from within a -- * DSO_METHOD during the processing of a DSO_load() call, and is exposed so -- * that caller-created DSO_METHODs can do the same thing. A non-NULL return -- * value will need to be OPENSSL_free()'d. -- */ --char *DSO_convert_filename(DSO *dso, const char *filename); --/* -- * This function will invoke the DSO's merger callback to merge two file -- * specifications, or if the callback isn't set it will instead use the -- * DSO_METHOD's merger. A non-NULL return value will need to be -- * OPENSSL_free()'d. -- */ --char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2); -- --/* -- * The all-singing all-dancing load function, you normally pass NULL for the -- * first and third parameters. Use DSO_up_ref and DSO_free for subsequent -- * reference count handling. Any flags passed in will be set in the -- * constructed DSO after its init() function but before the load operation. -- * If 'dso' is non-NULL, 'flags' is ignored. -- */ --DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags); -- --/* This function binds to a function inside a shared library. */ --DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname); -- --/* -- * This method is the default, but will beg, borrow, or steal whatever method -- * should be the default on any particular platform (including -- * DSO_METH_null() if necessary). -- */ --DSO_METHOD *DSO_METHOD_openssl(void); -- --/* -- * This function writes null-terminated pathname of DSO module containing -- * 'addr' into 'sz' large caller-provided 'path' and returns the number of -- * characters [including trailing zero] written to it. If 'sz' is 0 or -- * negative, 'path' is ignored and required amount of charachers [including -- * trailing zero] to accommodate pathname is returned. If 'addr' is NULL, then -- * pathname of cryptolib itself is returned. Negative or zero return value -- * denotes error. -- */ --int DSO_pathbyaddr(void *addr, char *path, int sz); -- --/* -- * Like DSO_pathbyaddr() but instead returns a handle to the DSO for the symbol -- * or NULL on error. -- */ --DSO *DSO_dsobyaddr(void *addr, int flags); -- --/* -- * This function should be used with caution! It looks up symbols in *all* -- * loaded modules and if module gets unloaded by somebody else attempt to -- * dereference the pointer is doomed to have fatal consequences. Primary -- * usage for this function is to probe *core* system functionality, e.g. -- * check if getnameinfo(3) is available at run-time without bothering about -- * OS-specific details such as libc.so.versioning or where does it actually -- * reside: in libc itself or libsocket. -- */ --void *DSO_global_lookup(const char *name); -- --/* BEGIN ERROR CODES */ --/* -- * The following lines are auto generated by the script mkerr.pl. Any changes -- * made after this point may be overwritten when the script is next run. -- */ -- --int ERR_load_DSO_strings(void); -- --/* Error codes for the DSO functions. */ -- --/* Function codes. */ --# define DSO_F_DLFCN_BIND_FUNC 100 --# define DSO_F_DLFCN_LOAD 102 --# define DSO_F_DLFCN_MERGER 130 --# define DSO_F_DLFCN_NAME_CONVERTER 123 --# define DSO_F_DLFCN_UNLOAD 103 --# define DSO_F_DL_BIND_FUNC 104 --# define DSO_F_DL_LOAD 106 --# define DSO_F_DL_MERGER 131 --# define DSO_F_DL_NAME_CONVERTER 124 --# define DSO_F_DL_UNLOAD 107 --# define DSO_F_DSO_BIND_FUNC 108 --# define DSO_F_DSO_CONVERT_FILENAME 126 --# define DSO_F_DSO_CTRL 110 --# define DSO_F_DSO_FREE 111 --# define DSO_F_DSO_GET_FILENAME 127 --# define DSO_F_DSO_GLOBAL_LOOKUP 139 --# define DSO_F_DSO_LOAD 112 --# define DSO_F_DSO_MERGE 132 --# define DSO_F_DSO_NEW_METHOD 113 --# define DSO_F_DSO_PATHBYADDR 105 --# define DSO_F_DSO_SET_FILENAME 129 --# define DSO_F_DSO_UP_REF 114 --# define DSO_F_VMS_BIND_SYM 115 --# define DSO_F_VMS_LOAD 116 --# define DSO_F_VMS_MERGER 133 --# define DSO_F_VMS_UNLOAD 117 --# define DSO_F_WIN32_BIND_FUNC 101 --# define DSO_F_WIN32_GLOBALLOOKUP 142 --# define DSO_F_WIN32_JOINER 135 --# define DSO_F_WIN32_LOAD 120 --# define DSO_F_WIN32_MERGER 134 --# define DSO_F_WIN32_NAME_CONVERTER 125 --# define DSO_F_WIN32_PATHBYADDR 109 --# define DSO_F_WIN32_SPLITTER 136 --# define DSO_F_WIN32_UNLOAD 121 -- --/* Reason codes. */ --# define DSO_R_CTRL_FAILED 100 --# define DSO_R_DSO_ALREADY_LOADED 110 --# define DSO_R_EMPTY_FILE_STRUCTURE 113 --# define DSO_R_FAILURE 114 --# define DSO_R_FILENAME_TOO_BIG 101 --# define DSO_R_FINISH_FAILED 102 --# define DSO_R_INCORRECT_FILE_SYNTAX 115 --# define DSO_R_LOAD_FAILED 103 --# define DSO_R_NAME_TRANSLATION_FAILED 109 --# define DSO_R_NO_FILENAME 111 --# define DSO_R_NULL_HANDLE 104 --# define DSO_R_SET_FILENAME_FAILED 112 --# define DSO_R_STACK_ERROR 105 --# define DSO_R_SYM_FAILURE 106 --# define DSO_R_UNLOAD_FAILED 107 --# define DSO_R_UNSUPPORTED 108 -- --# ifdef __cplusplus --} --# endif --#endif -diff --git a/Cryptlib/Include/internal/dso_conf.h b/Cryptlib/Include/internal/dso_conf.h -deleted file mode 100644 -index e69de29..0000000 -diff --git a/Cryptlib/Include/internal/err.h b/Cryptlib/Include/internal/err.h -deleted file mode 100644 -index d46b8bd..0000000 ---- a/Cryptlib/Include/internal/err.h -+++ /dev/null -@@ -1,15 +0,0 @@ --/* -- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#ifndef INTERNAL_ERR_H --# define INTERNAL_ERR_H -- --void err_free_strings_int(void); -- --#endif -diff --git a/Cryptlib/Include/internal/numbers.h b/Cryptlib/Include/internal/numbers.h -deleted file mode 100644 -index 31931df..0000000 ---- a/Cryptlib/Include/internal/numbers.h -+++ /dev/null -@@ -1,68 +0,0 @@ --/* -- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#ifndef HEADER_NUMBERS_H --# define HEADER_NUMBERS_H -- --# include -- --# if (-1 & 3) == 0x03 /* Two's complement */ -- --# define __MAXUINT__(T) ((T) -1) --# define __MAXINT__(T) ((T) ((((T) 1) << ((sizeof(T) * CHAR_BIT) - 1)) ^ __MAXUINT__(T))) --# define __MININT__(T) (-__MAXINT__(T) - 1) -- --# elif (-1 & 3) == 0x02 /* One's complement */ -- --# define __MAXUINT__(T) (((T) -1) + 1) --# define __MAXINT__(T) ((T) ((((T) 1) << ((sizeof(T) * CHAR_BIT) - 1)) ^ __MAXUINT__(T))) --# define __MININT__(T) (-__MAXINT__(T)) -- --# elif (-1 & 3) == 0x01 /* Sign/magnitude */ -- --# define __MAXINT__(T) ((T) (((((T) 1) << ((sizeof(T) * CHAR_BIT) - 2)) - 1) | (((T) 1) << ((sizeof(T) * CHAR_BIT) - 2)))) --# define __MAXUINT__(T) ((T) (__MAXINT__(T) | (((T) 1) << ((sizeof(T) * CHAR_BIT) - 1)))) --# define __MININT__(T) (-__MAXINT__(T)) -- --# else -- --# error "do not know the integer encoding on this architecture" -- --# endif -- --# ifndef INT8_MAX --# define INT8_MIN __MININT__(int8_t) --# define INT8_MAX __MAXINT__(int8_t) --# define UINT8_MAX __MAXUINT__(uint8_t) --# endif -- --# ifndef INT16_MAX --# define INT16_MIN __MININT__(int16_t) --# define INT16_MAX __MAXINT__(int16_t) --# define UINT16_MAX __MAXUINT__(uint16_t) --# endif -- --# ifndef INT32_MAX --# define INT32_MIN __MININT__(int32_t) --# define INT32_MAX __MAXINT__(int32_t) --# define UINT32_MAX __MAXUINT__(uint32_t) --# endif -- --# ifndef INT64_MAX --# define INT64_MIN __MININT__(int64_t) --# define INT64_MAX __MAXINT__(int64_t) --# define UINT64_MAX __MAXUINT__(uint64_t) --# endif -- --# ifndef SIZE_MAX --# define SIZE_MAX __MAXUINT__(size_t) --# endif -- --#endif -- -diff --git a/Cryptlib/Include/internal/o_dir.h b/Cryptlib/Include/internal/o_dir.h -deleted file mode 100644 -index 178c2ed..0000000 ---- a/Cryptlib/Include/internal/o_dir.h -+++ /dev/null -@@ -1,63 +0,0 @@ --/* -- * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --/* -- * Copied from Richard Levitte's (richard@levitte.org) LP library. All -- * symbol names have been changed, with permission from the author. -- */ -- --/* $LP: LPlib/source/LPdir.h,v 1.1 2004/06/14 08:56:04 _cvs_levitte Exp $ */ --/* -- * Copyright (c) 2004, Richard Levitte -- * All rights reserved. -- * -- * Redistribution and use in source and binary forms, with or without -- * modification, are permitted provided that the following conditions -- * are met: -- * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -- * 2. Redistributions in binary form must reproduce the above copyright -- * notice, this list of conditions and the following disclaimer in the -- * documentation and/or other materials provided with the distribution. -- * -- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -- * SUCH DAMAGE. -- */ -- --#ifndef O_DIR_H --# define O_DIR_H -- --#ifdef __cplusplus --extern "C" { --#endif -- --typedef struct OPENSSL_dir_context_st OPENSSL_DIR_CTX; -- -- /* -- * returns NULL on error or end-of-directory. If it is end-of-directory, -- * errno will be zero -- */ --const char *OPENSSL_DIR_read(OPENSSL_DIR_CTX **ctx, const char *directory); -- /* returns 1 on success, 0 on error */ --int OPENSSL_DIR_end(OPENSSL_DIR_CTX **ctx); -- --#ifdef __cplusplus --} --#endif -- --#endif /* LPDIR_H */ -diff --git a/Cryptlib/Include/internal/o_str.h b/Cryptlib/Include/internal/o_str.h -deleted file mode 100644 -index 86403c9..0000000 ---- a/Cryptlib/Include/internal/o_str.h -+++ /dev/null -@@ -1,17 +0,0 @@ --/* -- * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#ifndef HEADER_O_STR_H --# define HEADER_O_STR_H -- --# include /* to get size_t */ -- --int OPENSSL_memcmp(const void *p1, const void *p2, size_t n); -- --#endif -diff --git a/Cryptlib/Include/internal/thread_once.h b/Cryptlib/Include/internal/thread_once.h -deleted file mode 100644 -index 2242443..0000000 ---- a/Cryptlib/Include/internal/thread_once.h -+++ /dev/null -@@ -1,45 +0,0 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include -- --#define DEFINE_RUN_ONCE(init) \ -- static int init(void); \ -- int init##_ossl_ret_ = 0; \ -- void init##_ossl_(void) \ -- { \ -- init##_ossl_ret_ = init(); \ -- } \ -- static int init(void) --#define DECLARE_RUN_ONCE(init) \ -- extern int init##_ossl_ret_; \ -- void init##_ossl_(void); -- --#define DEFINE_RUN_ONCE_STATIC(init) \ -- static int init(void); \ -- static int init##_ossl_ret_ = 0; \ -- static void init##_ossl_(void) \ -- { \ -- init##_ossl_ret_ = init(); \ -- } \ -- static int init(void) -- --/* -- * RUN_ONCE - use CRYPTO_THREAD_run_once, and check if the init succeeded -- * @once: pointer to static object of type CRYPTO_ONCE -- * @init: function name that was previously given to DEFINE_RUN_ONCE, -- * DEFINE_RUN_ONCE_STATIC or DECLARE_RUN_ONCE. This function -- * must return 1 for success or 0 for failure. -- * -- * The return value is 1 on success (*) or 0 in case of error. -- * -- * (*) by convention, since the init function must return 1 on success. -- */ --#define RUN_ONCE(once, init) \ -- (CRYPTO_THREAD_run_once(once, init##_ossl_) ? init##_ossl_ret_ : 0) -diff --git a/Cryptlib/Include/limits.h b/Cryptlib/Include/limits.h -index e95c19c..ee07f6b 100644 ---- a/Cryptlib/Include/limits.h -+++ b/Cryptlib/Include/limits.h -@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - - **/ - --#include -+#include - -diff --git a/Cryptlib/Include/malloc.h b/Cryptlib/Include/malloc.h -index e95c19c..ee07f6b 100644 ---- a/Cryptlib/Include/malloc.h -+++ b/Cryptlib/Include/malloc.h -@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - - **/ - --#include -+#include - -diff --git a/Cryptlib/Include/math.h b/Cryptlib/Include/math.h -index b13508a..a21f554 100644 ---- a/Cryptlib/Include/math.h -+++ b/Cryptlib/Include/math.h -@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - - **/ - --#include -+#include - -diff --git a/Cryptlib/Include/memory.h b/Cryptlib/Include/memory.h -index 4554616..092b3cd 100644 ---- a/Cryptlib/Include/memory.h -+++ b/Cryptlib/Include/memory.h -@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - - **/ - --#include -+#include - -diff --git a/Cryptlib/Include/netdb.h b/Cryptlib/Include/netdb.h -index e95c19c..ee07f6b 100644 ---- a/Cryptlib/Include/netdb.h -+++ b/Cryptlib/Include/netdb.h -@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - - **/ - --#include -+#include - -diff --git a/Cryptlib/Include/netinet/in.h b/Cryptlib/Include/netinet/in.h -index e95c19c..ee07f6b 100644 ---- a/Cryptlib/Include/netinet/in.h -+++ b/Cryptlib/Include/netinet/in.h -@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - - **/ - --#include -+#include - -diff --git a/Cryptlib/Include/openssl/README b/Cryptlib/Include/openssl/README -new file mode 100644 -index 0000000..1594010 ---- /dev/null -+++ b/Cryptlib/Include/openssl/README -@@ -0,0 +1 @@ -+This directory contains all the public include files from the OpenSSL project. -diff --git a/Cryptlib/Include/openssl/aes.h b/Cryptlib/Include/openssl/aes.h -index 245c552..faa66c4 100644 ---- a/Cryptlib/Include/openssl/aes.h -+++ b/Cryptlib/Include/openssl/aes.h -@@ -1,10 +1,52 @@ --/* -- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/aes/aes.h */ -+/* ==================================================================== -+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #ifndef HEADER_AES_H -@@ -12,11 +54,12 @@ - - # include - --# include --# ifdef __cplusplus --extern "C" { -+# ifdef OPENSSL_NO_AES -+# error AES is disabled. - # endif - -+# include -+ - # define AES_ENCRYPT 1 - # define AES_DECRYPT 0 - -@@ -27,6 +70,10 @@ extern "C" { - # define AES_MAXNR 14 - # define AES_BLOCK_SIZE 16 - -+#ifdef __cplusplus -+extern "C" { -+#endif -+ - /* This should be a hidden type, but EVP requires that the size be known */ - struct aes_key_st { - # ifdef AES_LONG -@@ -45,6 +92,11 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, - int AES_set_decrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key); - -+int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits, -+ AES_KEY *key); -+int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits, -+ AES_KEY *key); -+ - void AES_encrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); - void AES_decrypt(const unsigned char *in, unsigned char *out, -@@ -67,6 +119,11 @@ void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, - void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, - unsigned char *ivec, int *num); -+void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, -+ size_t length, const AES_KEY *key, -+ unsigned char ivec[AES_BLOCK_SIZE], -+ unsigned char ecount_buf[AES_BLOCK_SIZE], -+ unsigned int *num); - /* NB: the IV is _two_ blocks long */ - void AES_ige_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, -@@ -85,8 +142,8 @@ int AES_unwrap_key(AES_KEY *key, const unsigned char *iv, - const unsigned char *in, unsigned int inlen); - - --# ifdef __cplusplus -+#ifdef __cplusplus - } --# endif -- - #endif -+ -+#endif /* !HEADER_AES_H */ -diff --git a/Cryptlib/Include/openssl/asn1.h b/Cryptlib/Include/openssl/asn1.h -index 7cf6116..68e791f 100644 ---- a/Cryptlib/Include/openssl/asn1.h -+++ b/Cryptlib/Include/openssl/asn1.h -@@ -1,10 +1,59 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/asn1/asn1.h */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #ifndef HEADER_ASN1_H -@@ -12,15 +61,16 @@ - - # include - # include --# include --# include -+# ifndef OPENSSL_NO_BIO -+# include -+# endif - # include - # include - - # include - - # include --# if OPENSSL_API_COMPAT < 0x10100000L -+# ifndef OPENSSL_NO_DEPRECATED - # include - # endif - -@@ -46,11 +96,13 @@ extern "C" { - # define V_ASN1_OTHER -3/* used in ASN1_TYPE */ - # define V_ASN1_ANY -4/* used in ASN1 template code */ - -+# define V_ASN1_NEG 0x100/* negative flag */ -+ - # define V_ASN1_UNDEF -1 --/* ASN.1 tag values */ - # define V_ASN1_EOC 0 - # define V_ASN1_BOOLEAN 1 /**/ - # define V_ASN1_INTEGER 2 -+# define V_ASN1_NEG_INTEGER (2 | V_ASN1_NEG) - # define V_ASN1_BIT_STRING 3 - # define V_ASN1_OCTET_STRING 4 - # define V_ASN1_NULL 5 -@@ -59,6 +111,7 @@ extern "C" { - # define V_ASN1_EXTERNAL 8 - # define V_ASN1_REAL 9 - # define V_ASN1_ENUMERATED 10 -+# define V_ASN1_NEG_ENUMERATED (10 | V_ASN1_NEG) - # define V_ASN1_UTF8STRING 12 - # define V_ASN1_SEQUENCE 16 - # define V_ASN1_SET 17 -@@ -76,17 +129,6 @@ extern "C" { - # define V_ASN1_GENERALSTRING 27 /**/ - # define V_ASN1_UNIVERSALSTRING 28 /**/ - # define V_ASN1_BMPSTRING 30 -- --/* -- * NB the constants below are used internally by ASN1_INTEGER -- * and ASN1_ENUMERATED to indicate the sign. They are *not* on -- * the wire tag values. -- */ -- --# define V_ASN1_NEG 0x100 --# define V_ASN1_NEG_INTEGER (2 | V_ASN1_NEG) --# define V_ASN1_NEG_ENUMERATED (10 | V_ASN1_NEG) -- - /* For use with d2i_ASN1_type_bytes() */ - # define B_ASN1_NUMERICSTRING 0x0001 - # define B_ASN1_PRINTABLESTRING 0x0002 -@@ -117,7 +159,61 @@ extern "C" { - # define SMIME_CRLFEOL 0x800 - # define SMIME_STREAM 0x1000 - struct X509_algor_st; --DEFINE_STACK_OF(X509_ALGOR) -+DECLARE_STACK_OF(X509_ALGOR) -+ -+# define DECLARE_ASN1_SET_OF(type)/* filled in by mkstack.pl */ -+# define IMPLEMENT_ASN1_SET_OF(type)/* nothing, no longer needed */ -+ -+/* -+ * We MUST make sure that, except for constness, asn1_ctx_st and -+ * asn1_const_ctx are exactly the same. Fortunately, as soon as the old ASN1 -+ * parsing macros are gone, we can throw this away as well... -+ */ -+typedef struct asn1_ctx_st { -+ unsigned char *p; /* work char pointer */ -+ int eos; /* end of sequence read for indefinite -+ * encoding */ -+ int error; /* error code to use when returning an error */ -+ int inf; /* constructed if 0x20, indefinite is 0x21 */ -+ int tag; /* tag from last 'get object' */ -+ int xclass; /* class from last 'get object' */ -+ long slen; /* length of last 'get object' */ -+ unsigned char *max; /* largest value of p allowed */ -+ unsigned char *q; /* temporary variable */ -+ unsigned char **pp; /* variable */ -+ int line; /* used in error processing */ -+} ASN1_CTX; -+ -+typedef struct asn1_const_ctx_st { -+ const unsigned char *p; /* work char pointer */ -+ int eos; /* end of sequence read for indefinite -+ * encoding */ -+ int error; /* error code to use when returning an error */ -+ int inf; /* constructed if 0x20, indefinite is 0x21 */ -+ int tag; /* tag from last 'get object' */ -+ int xclass; /* class from last 'get object' */ -+ long slen; /* length of last 'get object' */ -+ const unsigned char *max; /* largest value of p allowed */ -+ const unsigned char *q; /* temporary variable */ -+ const unsigned char **pp; /* variable */ -+ int line; /* used in error processing */ -+} ASN1_const_CTX; -+ -+/* -+ * These are used internally in the ASN1_OBJECT to keep track of whether the -+ * names and data need to be free()ed -+ */ -+# define ASN1_OBJECT_FLAG_DYNAMIC 0x01/* internal use */ -+# define ASN1_OBJECT_FLAG_CRITICAL 0x02/* critical x509v3 object id */ -+# define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04/* internal use */ -+# define ASN1_OBJECT_FLAG_DYNAMIC_DATA 0x08/* internal use */ -+struct asn1_object_st { -+ const char *sn, *ln; -+ int nid; -+ int length; -+ const unsigned char *data; /* data remains const after init */ -+ int flags; /* Should we free this one */ -+}; - - # define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */ - /* -@@ -139,8 +235,6 @@ DEFINE_STACK_OF(X509_ALGOR) - * type. - */ - # define ASN1_STRING_FLAG_MSTRING 0x040 --/* String is embedded and only content should be freed */ --# define ASN1_STRING_FLAG_EMBED 0x080 - /* This is the base type that holds just about everything :-) */ - struct asn1_string_st { - int length; -@@ -170,13 +264,6 @@ typedef struct ASN1_ENCODING_st { - # define ASN1_LONG_UNDEF 0x7fffffffL - - # define STABLE_FLAGS_MALLOC 0x01 --/* -- * A zero passed to ASN1_STRING_TABLE_new_add for the flags is interpreted -- * as "don't change" and STABLE_FLAGS_MALLOC is always set. By setting -- * STABLE_FLAGS_MALLOC only we can clear the existing value. Use the alias -- * STABLE_FLAGS_CLEAR to reflect this. -- */ --# define STABLE_FLAGS_CLEAR STABLE_FLAGS_MALLOC - # define STABLE_NO_MASK 0x02 - # define DIRSTRING_TYPE \ - (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_BMPSTRING|B_ASN1_UTF8STRING) -@@ -190,7 +277,7 @@ typedef struct asn1_string_table_st { - unsigned long flags; - } ASN1_STRING_TABLE; - --DEFINE_STACK_OF(ASN1_STRING_TABLE) -+DECLARE_STACK_OF(ASN1_STRING_TABLE) - - /* size limits: this stuff is taken straight from RFC2459 */ - -@@ -417,11 +504,6 @@ typedef const ASN1_ITEM *ASN1_ITEM_EXP (void); - - # define ASN1_STRFLGS_DUMP_DER 0x200 - --/* -- * This flag specifies that RC2254 escaping shall be performed. -- */ --#define ASN1_STRFLGS_ESC_2254 0x400 -- - /* - * All the string flags consistent with RFC2253, escaping control characters - * isn't essential in RFC2253 but it is advisable anyway. -@@ -434,11 +516,10 @@ typedef const ASN1_ITEM *ASN1_ITEM_EXP (void); - ASN1_STRFLGS_DUMP_UNKNOWN | \ - ASN1_STRFLGS_DUMP_DER) - --DEFINE_STACK_OF(ASN1_INTEGER) -- --DEFINE_STACK_OF(ASN1_GENERALSTRING) -+DECLARE_STACK_OF(ASN1_INTEGER) -+DECLARE_ASN1_SET_OF(ASN1_INTEGER) - --DEFINE_STACK_OF(ASN1_UTF8STRING) -+DECLARE_STACK_OF(ASN1_GENERALSTRING) - - typedef struct asn1_type_st { - int type; -@@ -471,13 +552,19 @@ typedef struct asn1_type_st { - } value; - } ASN1_TYPE; - --DEFINE_STACK_OF(ASN1_TYPE) -+DECLARE_STACK_OF(ASN1_TYPE) -+DECLARE_ASN1_SET_OF(ASN1_TYPE) - - typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY; - - DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY) - DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SET_ANY) - -+typedef struct NETSCAPE_X509_st { -+ ASN1_OCTET_STRING *header; -+ X509 *cert; -+} NETSCAPE_X509; -+ - /* This is used to contain a list of bit names */ - typedef struct BIT_STRING_BITNAME_st { - int bitnum; -@@ -485,6 +572,50 @@ typedef struct BIT_STRING_BITNAME_st { - const char *sname; - } BIT_STRING_BITNAME; - -+# define M_ASN1_STRING_length(x) ((x)->length) -+# define M_ASN1_STRING_length_set(x, n) ((x)->length = (n)) -+# define M_ASN1_STRING_type(x) ((x)->type) -+# define M_ASN1_STRING_data(x) ((x)->data) -+ -+/* Macros for string operations */ -+# define M_ASN1_BIT_STRING_new() (ASN1_BIT_STRING *)\ -+ ASN1_STRING_type_new(V_ASN1_BIT_STRING) -+# define M_ASN1_BIT_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -+# define M_ASN1_BIT_STRING_dup(a) (ASN1_BIT_STRING *)\ -+ ASN1_STRING_dup((const ASN1_STRING *)a) -+# define M_ASN1_BIT_STRING_cmp(a,b) ASN1_STRING_cmp(\ -+ (const ASN1_STRING *)a,(const ASN1_STRING *)b) -+# define M_ASN1_BIT_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c) -+ -+# define M_ASN1_INTEGER_new() (ASN1_INTEGER *)\ -+ ASN1_STRING_type_new(V_ASN1_INTEGER) -+# define M_ASN1_INTEGER_free(a) ASN1_STRING_free((ASN1_STRING *)a) -+# define M_ASN1_INTEGER_dup(a) (ASN1_INTEGER *)\ -+ ASN1_STRING_dup((const ASN1_STRING *)a) -+# define M_ASN1_INTEGER_cmp(a,b) ASN1_STRING_cmp(\ -+ (const ASN1_STRING *)a,(const ASN1_STRING *)b) -+ -+# define M_ASN1_ENUMERATED_new() (ASN1_ENUMERATED *)\ -+ ASN1_STRING_type_new(V_ASN1_ENUMERATED) -+# define M_ASN1_ENUMERATED_free(a) ASN1_STRING_free((ASN1_STRING *)a) -+# define M_ASN1_ENUMERATED_dup(a) (ASN1_ENUMERATED *)\ -+ ASN1_STRING_dup((const ASN1_STRING *)a) -+# define M_ASN1_ENUMERATED_cmp(a,b) ASN1_STRING_cmp(\ -+ (const ASN1_STRING *)a,(const ASN1_STRING *)b) -+ -+# define M_ASN1_OCTET_STRING_new() (ASN1_OCTET_STRING *)\ -+ ASN1_STRING_type_new(V_ASN1_OCTET_STRING) -+# define M_ASN1_OCTET_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -+# define M_ASN1_OCTET_STRING_dup(a) (ASN1_OCTET_STRING *)\ -+ ASN1_STRING_dup((const ASN1_STRING *)a) -+# define M_ASN1_OCTET_STRING_cmp(a,b) ASN1_STRING_cmp(\ -+ (const ASN1_STRING *)a,(const ASN1_STRING *)b) -+# define M_ASN1_OCTET_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c) -+# define M_ASN1_OCTET_STRING_print(a,b) ASN1_STRING_print(a,(ASN1_STRING *)b) -+# define M_i2d_ASN1_OCTET_STRING(a,pp) \ -+ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_OCTET_STRING,\ -+ V_ASN1_UNIVERSAL) -+ - # define B_ASN1_TIME \ - B_ASN1_UTCTIME | \ - B_ASN1_GENERALIZEDTIME -@@ -514,25 +645,153 @@ typedef struct BIT_STRING_BITNAME_st { - B_ASN1_BMPSTRING|\ - B_ASN1_UTF8STRING - -+# define M_ASN1_PRINTABLE_new() ASN1_STRING_type_new(V_ASN1_T61STRING) -+# define M_ASN1_PRINTABLE_free(a) ASN1_STRING_free((ASN1_STRING *)a) -+# define M_i2d_ASN1_PRINTABLE(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\ -+ pp,a->type,V_ASN1_UNIVERSAL) -+# define M_d2i_ASN1_PRINTABLE(a,pp,l) \ -+ d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \ -+ B_ASN1_PRINTABLE) -+ -+# define M_DIRECTORYSTRING_new() ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING) -+# define M_DIRECTORYSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -+# define M_i2d_DIRECTORYSTRING(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\ -+ pp,a->type,V_ASN1_UNIVERSAL) -+# define M_d2i_DIRECTORYSTRING(a,pp,l) \ -+ d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \ -+ B_ASN1_DIRECTORYSTRING) -+ -+# define M_DISPLAYTEXT_new() ASN1_STRING_type_new(V_ASN1_VISIBLESTRING) -+# define M_DISPLAYTEXT_free(a) ASN1_STRING_free((ASN1_STRING *)a) -+# define M_i2d_DISPLAYTEXT(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\ -+ pp,a->type,V_ASN1_UNIVERSAL) -+# define M_d2i_DISPLAYTEXT(a,pp,l) \ -+ d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \ -+ B_ASN1_DISPLAYTEXT) -+ -+# define M_ASN1_PRINTABLESTRING_new() (ASN1_PRINTABLESTRING *)\ -+ ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING) -+# define M_ASN1_PRINTABLESTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -+# define M_i2d_ASN1_PRINTABLESTRING(a,pp) \ -+ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_PRINTABLESTRING,\ -+ V_ASN1_UNIVERSAL) -+# define M_d2i_ASN1_PRINTABLESTRING(a,pp,l) \ -+ (ASN1_PRINTABLESTRING *)d2i_ASN1_type_bytes\ -+ ((ASN1_STRING **)a,pp,l,B_ASN1_PRINTABLESTRING) -+ -+# define M_ASN1_T61STRING_new() (ASN1_T61STRING *)\ -+ ASN1_STRING_type_new(V_ASN1_T61STRING) -+# define M_ASN1_T61STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -+# define M_i2d_ASN1_T61STRING(a,pp) \ -+ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_T61STRING,\ -+ V_ASN1_UNIVERSAL) -+# define M_d2i_ASN1_T61STRING(a,pp,l) \ -+ (ASN1_T61STRING *)d2i_ASN1_type_bytes\ -+ ((ASN1_STRING **)a,pp,l,B_ASN1_T61STRING) -+ -+# define M_ASN1_IA5STRING_new() (ASN1_IA5STRING *)\ -+ ASN1_STRING_type_new(V_ASN1_IA5STRING) -+# define M_ASN1_IA5STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -+# define M_ASN1_IA5STRING_dup(a) \ -+ (ASN1_IA5STRING *)ASN1_STRING_dup((const ASN1_STRING *)a) -+# define M_i2d_ASN1_IA5STRING(a,pp) \ -+ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_IA5STRING,\ -+ V_ASN1_UNIVERSAL) -+# define M_d2i_ASN1_IA5STRING(a,pp,l) \ -+ (ASN1_IA5STRING *)d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l,\ -+ B_ASN1_IA5STRING) -+ -+# define M_ASN1_UTCTIME_new() (ASN1_UTCTIME *)\ -+ ASN1_STRING_type_new(V_ASN1_UTCTIME) -+# define M_ASN1_UTCTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) -+# define M_ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)\ -+ ASN1_STRING_dup((const ASN1_STRING *)a) -+ -+# define M_ASN1_GENERALIZEDTIME_new() (ASN1_GENERALIZEDTIME *)\ -+ ASN1_STRING_type_new(V_ASN1_GENERALIZEDTIME) -+# define M_ASN1_GENERALIZEDTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) -+# define M_ASN1_GENERALIZEDTIME_dup(a) (ASN1_GENERALIZEDTIME *)ASN1_STRING_dup(\ -+ (const ASN1_STRING *)a) -+ -+# define M_ASN1_TIME_new() (ASN1_TIME *)\ -+ ASN1_STRING_type_new(V_ASN1_UTCTIME) -+# define M_ASN1_TIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) -+# define M_ASN1_TIME_dup(a) (ASN1_TIME *)\ -+ ASN1_STRING_dup((const ASN1_STRING *)a) -+ -+# define M_ASN1_GENERALSTRING_new() (ASN1_GENERALSTRING *)\ -+ ASN1_STRING_type_new(V_ASN1_GENERALSTRING) -+# define M_ASN1_GENERALSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -+# define M_i2d_ASN1_GENERALSTRING(a,pp) \ -+ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_GENERALSTRING,\ -+ V_ASN1_UNIVERSAL) -+# define M_d2i_ASN1_GENERALSTRING(a,pp,l) \ -+ (ASN1_GENERALSTRING *)d2i_ASN1_type_bytes\ -+ ((ASN1_STRING **)a,pp,l,B_ASN1_GENERALSTRING) -+ -+# define M_ASN1_UNIVERSALSTRING_new() (ASN1_UNIVERSALSTRING *)\ -+ ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING) -+# define M_ASN1_UNIVERSALSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -+# define M_i2d_ASN1_UNIVERSALSTRING(a,pp) \ -+ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UNIVERSALSTRING,\ -+ V_ASN1_UNIVERSAL) -+# define M_d2i_ASN1_UNIVERSALSTRING(a,pp,l) \ -+ (ASN1_UNIVERSALSTRING *)d2i_ASN1_type_bytes\ -+ ((ASN1_STRING **)a,pp,l,B_ASN1_UNIVERSALSTRING) -+ -+# define M_ASN1_BMPSTRING_new() (ASN1_BMPSTRING *)\ -+ ASN1_STRING_type_new(V_ASN1_BMPSTRING) -+# define M_ASN1_BMPSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -+# define M_i2d_ASN1_BMPSTRING(a,pp) \ -+ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_BMPSTRING,\ -+ V_ASN1_UNIVERSAL) -+# define M_d2i_ASN1_BMPSTRING(a,pp,l) \ -+ (ASN1_BMPSTRING *)d2i_ASN1_type_bytes\ -+ ((ASN1_STRING **)a,pp,l,B_ASN1_BMPSTRING) -+ -+# define M_ASN1_VISIBLESTRING_new() (ASN1_VISIBLESTRING *)\ -+ ASN1_STRING_type_new(V_ASN1_VISIBLESTRING) -+# define M_ASN1_VISIBLESTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -+# define M_i2d_ASN1_VISIBLESTRING(a,pp) \ -+ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_VISIBLESTRING,\ -+ V_ASN1_UNIVERSAL) -+# define M_d2i_ASN1_VISIBLESTRING(a,pp,l) \ -+ (ASN1_VISIBLESTRING *)d2i_ASN1_type_bytes\ -+ ((ASN1_STRING **)a,pp,l,B_ASN1_VISIBLESTRING) -+ -+# define M_ASN1_UTF8STRING_new() (ASN1_UTF8STRING *)\ -+ ASN1_STRING_type_new(V_ASN1_UTF8STRING) -+# define M_ASN1_UTF8STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -+# define M_i2d_ASN1_UTF8STRING(a,pp) \ -+ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UTF8STRING,\ -+ V_ASN1_UNIVERSAL) -+# define M_d2i_ASN1_UTF8STRING(a,pp,l) \ -+ (ASN1_UTF8STRING *)d2i_ASN1_type_bytes\ -+ ((ASN1_STRING **)a,pp,l,B_ASN1_UTF8STRING) -+ -+ /* for the is_set parameter to i2d_ASN1_SET */ -+# define IS_SEQUENCE 0 -+# define IS_SET 1 -+ - DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE) - --int ASN1_TYPE_get(const ASN1_TYPE *a); -+int ASN1_TYPE_get(ASN1_TYPE *a); - void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); - int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value); - int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b); - --ASN1_TYPE *ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s, ASN1_TYPE **t); --void *ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t); -- - ASN1_OBJECT *ASN1_OBJECT_new(void); - void ASN1_OBJECT_free(ASN1_OBJECT *a); --int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp); -+int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp); -+ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, -+ long length); - ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, - long length); - - DECLARE_ASN1_ITEM(ASN1_OBJECT) - --DEFINE_STACK_OF(ASN1_OBJECT) -+DECLARE_STACK_OF(ASN1_OBJECT) -+DECLARE_ASN1_SET_OF(ASN1_OBJECT) - - ASN1_STRING *ASN1_STRING_new(void); - void ASN1_STRING_free(ASN1_STRING *a); -@@ -549,24 +808,34 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); - void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len); - int ASN1_STRING_length(const ASN1_STRING *x); - void ASN1_STRING_length_set(ASN1_STRING *x, int n); --int ASN1_STRING_type(const ASN1_STRING *x); --DEPRECATEDIN_1_1_0(unsigned char *ASN1_STRING_data(ASN1_STRING *x)) --const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x); -+int ASN1_STRING_type(ASN1_STRING *x); -+unsigned char *ASN1_STRING_data(ASN1_STRING *x); - - DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING) -+int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp); -+ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, -+ const unsigned char **pp, long length); - int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int length); - int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value); --int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n); --int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a, -- const unsigned char *flags, int flags_len); -+int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n); -+int ASN1_BIT_STRING_check(ASN1_BIT_STRING *a, -+ unsigned char *flags, int flags_len); - -+# ifndef OPENSSL_NO_BIO - int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs, - BIT_STRING_BITNAME *tbl, int indent); --int ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl); --int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, int value, -+# endif -+int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl); -+int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value, - BIT_STRING_BITNAME *tbl); - -+int i2d_ASN1_BOOLEAN(int a, unsigned char **pp); -+int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length); -+ - DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER) -+int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp); -+ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, -+ long length); - ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, - long length); - ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x); -@@ -580,6 +849,9 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, - int offset_day, long offset_sec); - int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str); - int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t); -+# if 0 -+time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s); -+# endif - - int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *a); - ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, -@@ -624,48 +896,59 @@ DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF) - ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t); - ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, - int offset_day, long offset_sec); --int ASN1_TIME_check(const ASN1_TIME *t); -+int ASN1_TIME_check(ASN1_TIME *t); - ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME - **out); - int ASN1_TIME_set_string(ASN1_TIME *s, const char *str); - --int i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a); -+int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp, -+ i2d_of_void *i2d, int ex_tag, int ex_class, int is_set); -+STACK_OF(OPENSSL_BLOCK) *d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a, -+ const unsigned char **pp, -+ long length, d2i_of_void *d2i, -+ void (*free_func) (OPENSSL_BLOCK), -+ int ex_tag, int ex_class); -+ -+# ifndef OPENSSL_NO_BIO -+int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a); - int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size); --int i2a_ASN1_ENUMERATED(BIO *bp, const ASN1_ENUMERATED *a); -+int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a); - int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size); --int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a); -+int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a); - int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size); --int i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *a, int type); --int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a); -+int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type); -+# endif -+int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a); - - int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num); - ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len, - const char *sn, const char *ln); - --int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a); --int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r); --int ASN1_INTEGER_get_uint64(uint64_t *pr, const ASN1_INTEGER *a); --int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r); -- - int ASN1_INTEGER_set(ASN1_INTEGER *a, long v); - long ASN1_INTEGER_get(const ASN1_INTEGER *a); - ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai); - BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn); - --int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a); --int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r); -- -- - int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v); --long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a); --ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai); --BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn); -+long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a); -+ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai); -+BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn); - - /* General */ - /* given a string, return the correct type, max is the maximum length */ - int ASN1_PRINTABLE_type(const unsigned char *s, int max); - -+int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass); -+ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp, -+ long length, int Ptag, int Pclass); - unsigned long ASN1_tag2bit(int tag); -+/* type is one or more of the B_ASN1_ values. */ -+ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, const unsigned char **pp, -+ long length, int type); -+ -+/* PARSING */ -+int asn1_Finish(ASN1_CTX *c); -+int asn1_const_Finish(ASN1_const_CTX *c); - - /* SPECIALS */ - int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, -@@ -698,7 +981,7 @@ void *ASN1_item_dup(const ASN1_ITEM *it, void *x); - # define M_ASN1_free_of(x, type) \ - ASN1_item_free(CHECKED_PTR_OF(type, x), ASN1_ITEM_rptr(type)) - --# ifndef OPENSSL_NO_STDIO -+# ifndef OPENSSL_NO_FP_API - void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x); - - # define ASN1_d2i_fp_of(type,xnew,d2i,in,x) \ -@@ -721,11 +1004,12 @@ int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x); - CHECKED_PTR_OF(const type, x))) - - int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x); --int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags); -+int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags); - # endif - --int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in); -+int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in); - -+# ifndef OPENSSL_NO_BIO - void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x); - - # define ASN1_d2i_bio_of(type,xnew,d2i,in,x) \ -@@ -752,27 +1036,42 @@ int ASN1_UTCTIME_print(BIO *fp, const ASN1_UTCTIME *a); - int ASN1_GENERALIZEDTIME_print(BIO *fp, const ASN1_GENERALIZEDTIME *a); - int ASN1_TIME_print(BIO *fp, const ASN1_TIME *a); - int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v); --int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags); --int ASN1_buf_print(BIO *bp, const unsigned char *buf, size_t buflen, int off); -+int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags); - int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num, - unsigned char *buf, int off); - int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent); - int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, - int dump); -+# endif - const char *ASN1_tag2str(int tag); - --/* Used to load and write Netscape format cert */ -+/* Used to load and write netscape format cert */ -+ -+DECLARE_ASN1_FUNCTIONS(NETSCAPE_X509) - - int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s); - - int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len); --int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_len); -+int ASN1_TYPE_get_octetstring(ASN1_TYPE *a, unsigned char *data, int max_len); - int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, - unsigned char *data, int len); --int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num, -+int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num, - unsigned char *data, int max_len); - --void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it); -+STACK_OF(OPENSSL_BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len, -+ d2i_of_void *d2i, -+ void (*free_func) (OPENSSL_BLOCK)); -+unsigned char *ASN1_seq_pack(STACK_OF(OPENSSL_BLOCK) *safes, i2d_of_void *i2d, -+ unsigned char **buf, int *len); -+void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i); -+void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it); -+ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d, -+ ASN1_OCTET_STRING **oct); -+ -+# define ASN1_pack_string_of(type,obj,i2d,oct) \ -+ (ASN1_pack_string(CHECKED_PTR_OF(type, obj), \ -+ CHECKED_I2D_OF(type, i2d), \ -+ oct)) - - ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, - ASN1_OCTET_STRING **oct); -@@ -805,11 +1104,9 @@ int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, - const ASN1_ITEM *it); - - void ASN1_add_oid_module(void); --void ASN1_add_stable_module(void); - --ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf); --ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf); --int ASN1_str2mask(const char *str, unsigned long *pmask); -+ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf); -+ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf); - - /* ASN1 Print flags */ - -@@ -836,26 +1133,18 @@ int ASN1_item_print(BIO *out, ASN1_VALUE *ifld, int indent, - const ASN1_ITEM *it, const ASN1_PCTX *pctx); - ASN1_PCTX *ASN1_PCTX_new(void); - void ASN1_PCTX_free(ASN1_PCTX *p); --unsigned long ASN1_PCTX_get_flags(const ASN1_PCTX *p); -+unsigned long ASN1_PCTX_get_flags(ASN1_PCTX *p); - void ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags); --unsigned long ASN1_PCTX_get_nm_flags(const ASN1_PCTX *p); -+unsigned long ASN1_PCTX_get_nm_flags(ASN1_PCTX *p); - void ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags); --unsigned long ASN1_PCTX_get_cert_flags(const ASN1_PCTX *p); -+unsigned long ASN1_PCTX_get_cert_flags(ASN1_PCTX *p); - void ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags); --unsigned long ASN1_PCTX_get_oid_flags(const ASN1_PCTX *p); -+unsigned long ASN1_PCTX_get_oid_flags(ASN1_PCTX *p); - void ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags); --unsigned long ASN1_PCTX_get_str_flags(const ASN1_PCTX *p); -+unsigned long ASN1_PCTX_get_str_flags(ASN1_PCTX *p); - void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags); - --ASN1_SCTX *ASN1_SCTX_new(int (*scan_cb) (ASN1_SCTX *ctx)); --void ASN1_SCTX_free(ASN1_SCTX *p); --const ASN1_ITEM *ASN1_SCTX_get_item(ASN1_SCTX *p); --const ASN1_TEMPLATE *ASN1_SCTX_get_template(ASN1_SCTX *p); --unsigned long ASN1_SCTX_get_flags(ASN1_SCTX *p); --void ASN1_SCTX_set_app_data(ASN1_SCTX *p, void *data); --void *ASN1_SCTX_get_app_data(ASN1_SCTX *p); -- --const BIO_METHOD *BIO_f_asn1(void); -+BIO_METHOD *BIO_f_asn1(void); - - BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it); - -@@ -875,40 +1164,44 @@ int SMIME_text(BIO *in, BIO *out); - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -- --int ERR_load_ASN1_strings(void); -+void ERR_load_ASN1_strings(void); - - /* Error codes for the ASN1 functions. */ - - /* Function codes. */ - # define ASN1_F_A2D_ASN1_OBJECT 100 -+# define ASN1_F_A2I_ASN1_ENUMERATED 101 - # define ASN1_F_A2I_ASN1_INTEGER 102 - # define ASN1_F_A2I_ASN1_STRING 103 - # define ASN1_F_APPEND_EXP 176 - # define ASN1_F_ASN1_BIT_STRING_SET_BIT 183 - # define ASN1_F_ASN1_CB 177 - # define ASN1_F_ASN1_CHECK_TLEN 104 -+# define ASN1_F_ASN1_COLLATE_PRIMITIVE 105 - # define ASN1_F_ASN1_COLLECT 106 - # define ASN1_F_ASN1_D2I_EX_PRIMITIVE 108 - # define ASN1_F_ASN1_D2I_FP 109 - # define ASN1_F_ASN1_D2I_READ_BIO 107 - # define ASN1_F_ASN1_DIGEST 184 - # define ASN1_F_ASN1_DO_ADB 110 --# define ASN1_F_ASN1_DO_LOCK 233 - # define ASN1_F_ASN1_DUP 111 -+# define ASN1_F_ASN1_ENUMERATED_SET 112 -+# define ASN1_F_ASN1_ENUMERATED_TO_BN 113 - # define ASN1_F_ASN1_EX_C2I 204 - # define ASN1_F_ASN1_FIND_END 190 - # define ASN1_F_ASN1_GENERALIZEDTIME_ADJ 216 -+# define ASN1_F_ASN1_GENERALIZEDTIME_SET 185 - # define ASN1_F_ASN1_GENERATE_V3 178 --# define ASN1_F_ASN1_GET_INT64 224 - # define ASN1_F_ASN1_GET_OBJECT 114 --# define ASN1_F_ASN1_GET_UINT64 225 -+# define ASN1_F_ASN1_HEADER_NEW 115 - # define ASN1_F_ASN1_I2D_BIO 116 - # define ASN1_F_ASN1_I2D_FP 117 -+# define ASN1_F_ASN1_INTEGER_SET 118 -+# define ASN1_F_ASN1_INTEGER_TO_BN 119 - # define ASN1_F_ASN1_ITEM_D2I_FP 206 - # define ASN1_F_ASN1_ITEM_DUP 191 --# define ASN1_F_ASN1_ITEM_EMBED_D2I 120 --# define ASN1_F_ASN1_ITEM_EMBED_NEW 121 -+# define ASN1_F_ASN1_ITEM_EX_COMBINE_NEW 121 -+# define ASN1_F_ASN1_ITEM_EX_D2I 120 - # define ASN1_F_ASN1_ITEM_I2D_BIO 192 - # define ASN1_F_ASN1_ITEM_I2D_FP 193 - # define ASN1_F_ASN1_ITEM_PACK 198 -@@ -919,63 +1212,83 @@ int ERR_load_ASN1_strings(void); - # define ASN1_F_ASN1_MBSTRING_NCOPY 122 - # define ASN1_F_ASN1_OBJECT_NEW 123 - # define ASN1_F_ASN1_OUTPUT_DATA 214 -+# define ASN1_F_ASN1_PACK_STRING 124 - # define ASN1_F_ASN1_PCTX_NEW 205 --# define ASN1_F_ASN1_SCTX_NEW 221 -+# define ASN1_F_ASN1_PKCS5_PBE_SET 125 -+# define ASN1_F_ASN1_SEQ_PACK 126 -+# define ASN1_F_ASN1_SEQ_UNPACK 127 - # define ASN1_F_ASN1_SIGN 128 - # define ASN1_F_ASN1_STR2TYPE 179 --# define ASN1_F_ASN1_STRING_GET_INT64 227 --# define ASN1_F_ASN1_STRING_GET_UINT64 230 - # define ASN1_F_ASN1_STRING_SET 186 - # define ASN1_F_ASN1_STRING_TABLE_ADD 129 --# define ASN1_F_ASN1_STRING_TO_BN 228 - # define ASN1_F_ASN1_STRING_TYPE_NEW 130 - # define ASN1_F_ASN1_TEMPLATE_EX_D2I 132 - # define ASN1_F_ASN1_TEMPLATE_NEW 133 - # define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I 131 - # define ASN1_F_ASN1_TIME_ADJ 217 -+# define ASN1_F_ASN1_TIME_SET 175 - # define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 134 - # define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 135 -+# define ASN1_F_ASN1_UNPACK_STRING 136 - # define ASN1_F_ASN1_UTCTIME_ADJ 218 -+# define ASN1_F_ASN1_UTCTIME_SET 187 - # define ASN1_F_ASN1_VERIFY 137 - # define ASN1_F_B64_READ_ASN1 209 - # define ASN1_F_B64_WRITE_ASN1 210 - # define ASN1_F_BIO_NEW_NDEF 208 - # define ASN1_F_BITSTR_CB 180 --# define ASN1_F_BN_TO_ASN1_STRING 229 -+# define ASN1_F_BN_TO_ASN1_ENUMERATED 138 -+# define ASN1_F_BN_TO_ASN1_INTEGER 139 - # define ASN1_F_C2I_ASN1_BIT_STRING 189 - # define ASN1_F_C2I_ASN1_INTEGER 194 - # define ASN1_F_C2I_ASN1_OBJECT 196 --# define ASN1_F_C2I_IBUF 226 - # define ASN1_F_COLLECT_DATA 140 -+# define ASN1_F_D2I_ASN1_BIT_STRING 141 -+# define ASN1_F_D2I_ASN1_BOOLEAN 142 -+# define ASN1_F_D2I_ASN1_BYTES 143 -+# define ASN1_F_D2I_ASN1_GENERALIZEDTIME 144 -+# define ASN1_F_D2I_ASN1_HEADER 145 -+# define ASN1_F_D2I_ASN1_INTEGER 146 - # define ASN1_F_D2I_ASN1_OBJECT 147 -+# define ASN1_F_D2I_ASN1_SET 148 -+# define ASN1_F_D2I_ASN1_TYPE_BYTES 149 - # define ASN1_F_D2I_ASN1_UINTEGER 150 -+# define ASN1_F_D2I_ASN1_UTCTIME 151 - # define ASN1_F_D2I_AUTOPRIVATEKEY 207 -+# define ASN1_F_D2I_NETSCAPE_RSA 152 -+# define ASN1_F_D2I_NETSCAPE_RSA_2 153 - # define ASN1_F_D2I_PRIVATEKEY 154 - # define ASN1_F_D2I_PUBLICKEY 155 --# define ASN1_F_DO_TCREATE 222 -+# define ASN1_F_D2I_RSA_NET 200 -+# define ASN1_F_D2I_RSA_NET_2 201 -+# define ASN1_F_D2I_X509 156 -+# define ASN1_F_D2I_X509_CINF 157 -+# define ASN1_F_D2I_X509_PKEY 159 - # define ASN1_F_I2D_ASN1_BIO_STREAM 211 -+# define ASN1_F_I2D_ASN1_SET 188 -+# define ASN1_F_I2D_ASN1_TIME 160 - # define ASN1_F_I2D_DSA_PUBKEY 161 - # define ASN1_F_I2D_EC_PUBKEY 181 - # define ASN1_F_I2D_PRIVATEKEY 163 - # define ASN1_F_I2D_PUBLICKEY 164 -+# define ASN1_F_I2D_RSA_NET 162 - # define ASN1_F_I2D_RSA_PUBKEY 165 - # define ASN1_F_LONG_C2I 166 - # define ASN1_F_OID_MODULE_INIT 174 - # define ASN1_F_PARSE_TAGGING 182 - # define ASN1_F_PKCS5_PBE2_SET_IV 167 --# define ASN1_F_PKCS5_PBE2_SET_SCRYPT 231 - # define ASN1_F_PKCS5_PBE_SET 202 - # define ASN1_F_PKCS5_PBE_SET0_ALGOR 215 - # define ASN1_F_PKCS5_PBKDF2_SET 219 --# define ASN1_F_PKCS5_SCRYPT_SET 232 - # define ASN1_F_SMIME_READ_ASN1 212 - # define ASN1_F_SMIME_TEXT 213 --# define ASN1_F_STBL_MODULE_INIT 223 -+# define ASN1_F_X509_CINF_NEW 168 - # define ASN1_F_X509_CRL_ADD0_REVOKED 169 - # define ASN1_F_X509_INFO_NEW 170 - # define ASN1_F_X509_NAME_ENCODE 203 - # define ASN1_F_X509_NAME_EX_D2I 158 - # define ASN1_F_X509_NAME_EX_NEW 171 -+# define ASN1_F_X509_NEW 172 - # define ASN1_F_X509_PKEY_NEW 173 - - /* Reason codes. */ -@@ -983,7 +1296,10 @@ int ERR_load_ASN1_strings(void); - # define ASN1_R_ASN1_PARSE_ERROR 203 - # define ASN1_R_ASN1_SIG_PARSE_ERROR 204 - # define ASN1_R_AUX_ERROR 100 -+# define ASN1_R_BAD_CLASS 101 - # define ASN1_R_BAD_OBJECT_HEADER 102 -+# define ASN1_R_BAD_PASSWORD_READ 103 -+# define ASN1_R_BAD_TAG 104 - # define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 214 - # define ASN1_R_BN_LIB 105 - # define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 -@@ -992,14 +1308,18 @@ int ERR_load_ASN1_strings(void); - # define ASN1_R_CONTEXT_NOT_INITIALISED 217 - # define ASN1_R_DATA_IS_WRONG 109 - # define ASN1_R_DECODE_ERROR 110 -+# define ASN1_R_DECODING_ERROR 111 - # define ASN1_R_DEPTH_EXCEEDED 174 - # define ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED 198 - # define ASN1_R_ENCODE_ERROR 112 - # define ASN1_R_ERROR_GETTING_TIME 173 - # define ASN1_R_ERROR_LOADING_SECTION 172 -+# define ASN1_R_ERROR_PARSING_SET_ELEMENT 113 - # define ASN1_R_ERROR_SETTING_CIPHER_PARAMS 114 - # define ASN1_R_EXPECTING_AN_INTEGER 115 - # define ASN1_R_EXPECTING_AN_OBJECT 116 -+# define ASN1_R_EXPECTING_A_BOOLEAN 117 -+# define ASN1_R_EXPECTING_A_TIME 118 - # define ASN1_R_EXPLICIT_LENGTH_MISMATCH 119 - # define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED 120 - # define ASN1_R_FIELD_MISSING 121 -@@ -1012,17 +1332,14 @@ int ERR_load_ASN1_strings(void); - # define ASN1_R_ILLEGAL_HEX 178 - # define ASN1_R_ILLEGAL_IMPLICIT_TAG 179 - # define ASN1_R_ILLEGAL_INTEGER 180 --# define ASN1_R_ILLEGAL_NEGATIVE_VALUE 226 - # define ASN1_R_ILLEGAL_NESTED_TAGGING 181 - # define ASN1_R_ILLEGAL_NULL 125 - # define ASN1_R_ILLEGAL_NULL_VALUE 182 - # define ASN1_R_ILLEGAL_OBJECT 183 - # define ASN1_R_ILLEGAL_OPTIONAL_ANY 126 - # define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE 170 --# define ASN1_R_ILLEGAL_PADDING 221 - # define ASN1_R_ILLEGAL_TAGGED_ANY 127 - # define ASN1_R_ILLEGAL_TIME_VALUE 184 --# define ASN1_R_ILLEGAL_ZERO_CONTENT 222 - # define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185 - # define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128 - # define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 220 -@@ -1032,12 +1349,12 @@ int ERR_load_ASN1_strings(void); - # define ASN1_R_INVALID_MODIFIER 186 - # define ASN1_R_INVALID_NUMBER 187 - # define ASN1_R_INVALID_OBJECT_ENCODING 216 --# define ASN1_R_INVALID_SCRYPT_PARAMETERS 227 - # define ASN1_R_INVALID_SEPARATOR 131 --# define ASN1_R_INVALID_STRING_TABLE_VALUE 218 -+# define ASN1_R_INVALID_TIME_FORMAT 132 - # define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133 - # define ASN1_R_INVALID_UTF8STRING 134 --# define ASN1_R_INVALID_VALUE 219 -+# define ASN1_R_IV_TOO_LARGE 135 -+# define ASN1_R_LENGTH_ERROR 136 - # define ASN1_R_LIST_ERROR 188 - # define ASN1_R_MIME_NO_CONTENT_TYPE 206 - # define ASN1_R_MIME_PARSE_ERROR 207 -@@ -1052,6 +1369,7 @@ int ERR_load_ASN1_strings(void); - # define ASN1_R_NOT_ASCII_FORMAT 190 - # define ASN1_R_NOT_ENOUGH_DATA 142 - # define ASN1_R_NO_CONTENT_TYPE 209 -+# define ASN1_R_NO_DEFAULT_DIGEST 201 - # define ASN1_R_NO_MATCHING_CHOICE_TYPE 143 - # define ASN1_R_NO_MULTIPART_BODY_FAILURE 210 - # define ASN1_R_NO_MULTIPART_BOUNDARY 211 -@@ -1059,6 +1377,7 @@ int ERR_load_ASN1_strings(void); - # define ASN1_R_NULL_IS_WRONG_LENGTH 144 - # define ASN1_R_OBJECT_NOT_ASCII_FORMAT 191 - # define ASN1_R_ODD_NUMBER_OF_CHARS 145 -+# define ASN1_R_PRIVATE_KEY_HEADER_MISSING 146 - # define ASN1_R_SECOND_NUMBER_TOO_LARGE 147 - # define ASN1_R_SEQUENCE_LENGTH_MISMATCH 148 - # define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 149 -@@ -1068,13 +1387,14 @@ int ERR_load_ASN1_strings(void); - # define ASN1_R_STREAMING_NOT_SUPPORTED 202 - # define ASN1_R_STRING_TOO_LONG 151 - # define ASN1_R_STRING_TOO_SHORT 152 -+# define ASN1_R_TAG_VALUE_TOO_HIGH 153 - # define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154 - # define ASN1_R_TIME_NOT_ASCII_FORMAT 193 --# define ASN1_R_TOO_LARGE 223 - # define ASN1_R_TOO_LONG 155 --# define ASN1_R_TOO_SMALL 224 - # define ASN1_R_TYPE_NOT_CONSTRUCTED 156 --# define ASN1_R_TYPE_NOT_PRIMITIVE 195 -+# define ASN1_R_TYPE_NOT_PRIMITIVE 218 -+# define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157 -+# define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158 - # define ASN1_R_UNEXPECTED_EOC 159 - # define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 215 - # define ASN1_R_UNKNOWN_FORMAT 160 -@@ -1083,14 +1403,17 @@ int ERR_load_ASN1_strings(void); - # define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 163 - # define ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM 199 - # define ASN1_R_UNKNOWN_TAG 194 -+# define ASN1_R_UNKOWN_FORMAT 195 - # define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 164 -+# define ASN1_R_UNSUPPORTED_CIPHER 165 -+# define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM 166 - # define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 167 - # define ASN1_R_UNSUPPORTED_TYPE 196 --# define ASN1_R_WRONG_INTEGER_TYPE 225 - # define ASN1_R_WRONG_PUBLIC_KEY_TYPE 200 - # define ASN1_R_WRONG_TAG 168 -+# define ASN1_R_WRONG_TYPE 169 - --# ifdef __cplusplus -+#ifdef __cplusplus - } --# endif -+#endif - #endif -diff --git a/Cryptlib/Include/openssl/asn1_mac.h b/Cryptlib/Include/openssl/asn1_mac.h -index 7ac1782..3a672e9 100644 ---- a/Cryptlib/Include/openssl/asn1_mac.h -+++ b/Cryptlib/Include/openssl/asn1_mac.h -@@ -1,10 +1,579 @@ --/* -- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/asn1/asn1_mac.h */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#ifndef HEADER_ASN1_MAC_H -+# define HEADER_ASN1_MAC_H -+ -+# include -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+# ifndef ASN1_MAC_ERR_LIB -+# define ASN1_MAC_ERR_LIB ERR_LIB_ASN1 -+# endif -+ -+# define ASN1_MAC_H_err(f,r,line) \ -+ ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),OPENSSL_FILE,(line)) -+ -+# define M_ASN1_D2I_vars(a,type,func) \ -+ ASN1_const_CTX c; \ -+ type ret=NULL; \ -+ \ -+ c.pp=(const unsigned char **)pp; \ -+ c.q= *(const unsigned char **)pp; \ -+ c.error=ERR_R_NESTED_ASN1_ERROR; \ -+ if ((a == NULL) || ((*a) == NULL)) \ -+ { if ((ret=(type)func()) == NULL) \ -+ { c.line=OPENSSL_LINE; goto err; } } \ -+ else ret=(*a); -+ -+# define M_ASN1_D2I_Init() \ -+ c.p= *(const unsigned char **)pp; \ -+ c.max=(length == 0)?0:(c.p+length); -+ -+# define M_ASN1_D2I_Finish_2(a) \ -+ if (!asn1_const_Finish(&c)) \ -+ { c.line=OPENSSL_LINE; goto err; } \ -+ *(const unsigned char **)pp=c.p; \ -+ if (a != NULL) (*a)=ret; \ -+ return(ret); -+ -+# define M_ASN1_D2I_Finish(a,func,e) \ -+ M_ASN1_D2I_Finish_2(a); \ -+err:\ -+ ASN1_MAC_H_err((e),c.error,c.line); \ -+ asn1_add_error(*(const unsigned char **)pp,(int)(c.q- *pp)); \ -+ if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \ -+ return(NULL) -+ -+# define M_ASN1_D2I_start_sequence() \ -+ if (!asn1_GetSequence(&c,&length)) \ -+ { c.line=OPENSSL_LINE; goto err; } -+/* Begin reading ASN1 without a surrounding sequence */ -+# define M_ASN1_D2I_begin() \ -+ c.slen = length; -+ -+/* End reading ASN1 with no check on length */ -+# define M_ASN1_D2I_Finish_nolen(a, func, e) \ -+ *pp=c.p; \ -+ if (a != NULL) (*a)=ret; \ -+ return(ret); \ -+err:\ -+ ASN1_MAC_H_err((e),c.error,c.line); \ -+ asn1_add_error(*pp,(int)(c.q- *pp)); \ -+ if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \ -+ return(NULL) -+ -+# define M_ASN1_D2I_end_sequence() \ -+ (((c.inf&1) == 0)?(c.slen <= 0): \ -+ (c.eos=ASN1_const_check_infinite_end(&c.p,c.slen))) -+ -+/* Don't use this with d2i_ASN1_BOOLEAN() */ -+# define M_ASN1_D2I_get(b, func) \ -+ c.q=c.p; \ -+ if (func(&(b),&c.p,c.slen) == NULL) \ -+ {c.line=OPENSSL_LINE; goto err; } \ -+ c.slen-=(c.p-c.q); -+ -+/* Don't use this with d2i_ASN1_BOOLEAN() */ -+# define M_ASN1_D2I_get_x(type,b,func) \ -+ c.q=c.p; \ -+ if (((D2I_OF(type))func)(&(b),&c.p,c.slen) == NULL) \ -+ {c.line=OPENSSL_LINE; goto err; } \ -+ c.slen-=(c.p-c.q); -+ -+/* use this instead () */ -+# define M_ASN1_D2I_get_int(b,func) \ -+ c.q=c.p; \ -+ if (func(&(b),&c.p,c.slen) < 0) \ -+ {c.line=OPENSSL_LINE; goto err; } \ -+ c.slen-=(c.p-c.q); -+ -+# define M_ASN1_D2I_get_opt(b,func,type) \ -+ if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) \ -+ == (V_ASN1_UNIVERSAL|(type)))) \ -+ { \ -+ M_ASN1_D2I_get(b,func); \ -+ } -+ -+# define M_ASN1_D2I_get_int_opt(b,func,type) \ -+ if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) \ -+ == (V_ASN1_UNIVERSAL|(type)))) \ -+ { \ -+ M_ASN1_D2I_get_int(b,func); \ -+ } -+ -+# define M_ASN1_D2I_get_imp(b,func, type) \ -+ M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \ -+ c.q=c.p; \ -+ if (func(&(b),&c.p,c.slen) == NULL) \ -+ {c.line=OPENSSL_LINE; M_ASN1_next_prev = _tmp; goto err; } \ -+ c.slen-=(c.p-c.q);\ -+ M_ASN1_next_prev=_tmp; -+ -+# define M_ASN1_D2I_get_IMP_opt(b,func,tag,type) \ -+ if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) == \ -+ (V_ASN1_CONTEXT_SPECIFIC|(tag)))) \ -+ { \ -+ unsigned char _tmp = M_ASN1_next; \ -+ M_ASN1_D2I_get_imp(b,func, type);\ -+ } -+ -+# define M_ASN1_D2I_get_set(r,func,free_func) \ -+ M_ASN1_D2I_get_imp_set(r,func,free_func, \ -+ V_ASN1_SET,V_ASN1_UNIVERSAL); -+ -+# define M_ASN1_D2I_get_set_type(type,r,func,free_func) \ -+ M_ASN1_D2I_get_imp_set_type(type,r,func,free_func, \ -+ V_ASN1_SET,V_ASN1_UNIVERSAL); -+ -+# define M_ASN1_D2I_get_set_opt(r,func,free_func) \ -+ if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ -+ V_ASN1_CONSTRUCTED|V_ASN1_SET)))\ -+ { M_ASN1_D2I_get_set(r,func,free_func); } -+ -+# define M_ASN1_D2I_get_set_opt_type(type,r,func,free_func) \ -+ if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ -+ V_ASN1_CONSTRUCTED|V_ASN1_SET)))\ -+ { M_ASN1_D2I_get_set_type(type,r,func,free_func); } -+ -+# define M_ASN1_I2D_len_SET_opt(a,f) \ -+ if ((a != NULL) && (sk_num(a) != 0)) \ -+ M_ASN1_I2D_len_SET(a,f); -+ -+# define M_ASN1_I2D_put_SET_opt(a,f) \ -+ if ((a != NULL) && (sk_num(a) != 0)) \ -+ M_ASN1_I2D_put_SET(a,f); -+ -+# define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \ -+ if ((a != NULL) && (sk_num(a) != 0)) \ -+ M_ASN1_I2D_put_SEQUENCE(a,f); -+ -+# define M_ASN1_I2D_put_SEQUENCE_opt_type(type,a,f) \ -+ if ((a != NULL) && (sk_##type##_num(a) != 0)) \ -+ M_ASN1_I2D_put_SEQUENCE_type(type,a,f); -+ -+# define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \ -+ if ((c.slen != 0) && \ -+ (M_ASN1_next == \ -+ (V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\ -+ { \ -+ M_ASN1_D2I_get_imp_set(b,func,free_func,\ -+ tag,V_ASN1_CONTEXT_SPECIFIC); \ -+ } -+ -+# define M_ASN1_D2I_get_IMP_set_opt_type(type,b,func,free_func,tag) \ -+ if ((c.slen != 0) && \ -+ (M_ASN1_next == \ -+ (V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\ -+ { \ -+ M_ASN1_D2I_get_imp_set_type(type,b,func,free_func,\ -+ tag,V_ASN1_CONTEXT_SPECIFIC); \ -+ } -+ -+# define M_ASN1_D2I_get_seq(r,func,free_func) \ -+ M_ASN1_D2I_get_imp_set(r,func,free_func,\ -+ V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL); -+ -+# define M_ASN1_D2I_get_seq_type(type,r,func,free_func) \ -+ M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\ -+ V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL) -+ -+# define M_ASN1_D2I_get_seq_opt(r,func,free_func) \ -+ if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ -+ V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\ -+ { M_ASN1_D2I_get_seq(r,func,free_func); } -+ -+# define M_ASN1_D2I_get_seq_opt_type(type,r,func,free_func) \ -+ if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ -+ V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\ -+ { M_ASN1_D2I_get_seq_type(type,r,func,free_func); } -+ -+# define M_ASN1_D2I_get_IMP_set(r,func,free_func,x) \ -+ M_ASN1_D2I_get_imp_set(r,func,free_func,\ -+ x,V_ASN1_CONTEXT_SPECIFIC); -+ -+# define M_ASN1_D2I_get_IMP_set_type(type,r,func,free_func,x) \ -+ M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\ -+ x,V_ASN1_CONTEXT_SPECIFIC); -+ -+# define M_ASN1_D2I_get_imp_set(r,func,free_func,a,b) \ -+ c.q=c.p; \ -+ if (d2i_ASN1_SET(&(r),&c.p,c.slen,(char *(*)())func,\ -+ (void (*)())free_func,a,b) == NULL) \ -+ { c.line=OPENSSL_LINE; goto err; } \ -+ c.slen-=(c.p-c.q); -+ -+# define M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,a,b) \ -+ c.q=c.p; \ -+ if (d2i_ASN1_SET_OF_##type(&(r),&c.p,c.slen,func,\ -+ free_func,a,b) == NULL) \ -+ { c.line=OPENSSL_LINE; goto err; } \ -+ c.slen-=(c.p-c.q); -+ -+# define M_ASN1_D2I_get_set_strings(r,func,a,b) \ -+ c.q=c.p; \ -+ if (d2i_ASN1_STRING_SET(&(r),&c.p,c.slen,a,b) == NULL) \ -+ { c.line=OPENSSL_LINE; goto err; } \ -+ c.slen-=(c.p-c.q); -+ -+# define M_ASN1_D2I_get_EXP_opt(r,func,tag) \ -+ if ((c.slen != 0L) && (M_ASN1_next == \ -+ (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \ -+ { \ -+ int Tinf,Ttag,Tclass; \ -+ long Tlen; \ -+ \ -+ c.q=c.p; \ -+ Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \ -+ if (Tinf & 0x80) \ -+ { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \ -+ c.line=OPENSSL_LINE; goto err; } \ -+ if (Tinf == (V_ASN1_CONSTRUCTED+1)) \ -+ Tlen = c.slen - (c.p - c.q) - 2; \ -+ if (func(&(r),&c.p,Tlen) == NULL) \ -+ { c.line=OPENSSL_LINE; goto err; } \ -+ if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \ -+ Tlen = c.slen - (c.p - c.q); \ -+ if(!ASN1_const_check_infinite_end(&c.p, Tlen)) \ -+ { c.error=ERR_R_MISSING_ASN1_EOS; \ -+ c.line=OPENSSL_LINE; goto err; } \ -+ }\ -+ c.slen-=(c.p-c.q); \ -+ } -+ -+# define M_ASN1_D2I_get_EXP_set_opt(r,func,free_func,tag,b) \ -+ if ((c.slen != 0) && (M_ASN1_next == \ -+ (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \ -+ { \ -+ int Tinf,Ttag,Tclass; \ -+ long Tlen; \ -+ \ -+ c.q=c.p; \ -+ Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \ -+ if (Tinf & 0x80) \ -+ { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \ -+ c.line=OPENSSL_LINE; goto err; } \ -+ if (Tinf == (V_ASN1_CONSTRUCTED+1)) \ -+ Tlen = c.slen - (c.p - c.q) - 2; \ -+ if (d2i_ASN1_SET(&(r),&c.p,Tlen,(char *(*)())func, \ -+ (void (*)())free_func, \ -+ b,V_ASN1_UNIVERSAL) == NULL) \ -+ { c.line=OPENSSL_LINE; goto err; } \ -+ if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \ -+ Tlen = c.slen - (c.p - c.q); \ -+ if(!ASN1_check_infinite_end(&c.p, Tlen)) \ -+ { c.error=ERR_R_MISSING_ASN1_EOS; \ -+ c.line=OPENSSL_LINE; goto err; } \ -+ }\ -+ c.slen-=(c.p-c.q); \ -+ } -+ -+# define M_ASN1_D2I_get_EXP_set_opt_type(type,r,func,free_func,tag,b) \ -+ if ((c.slen != 0) && (M_ASN1_next == \ -+ (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \ -+ { \ -+ int Tinf,Ttag,Tclass; \ -+ long Tlen; \ -+ \ -+ c.q=c.p; \ -+ Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \ -+ if (Tinf & 0x80) \ -+ { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \ -+ c.line=OPENSSL_LINE; goto err; } \ -+ if (Tinf == (V_ASN1_CONSTRUCTED+1)) \ -+ Tlen = c.slen - (c.p - c.q) - 2; \ -+ if (d2i_ASN1_SET_OF_##type(&(r),&c.p,Tlen,func, \ -+ free_func,b,V_ASN1_UNIVERSAL) == NULL) \ -+ { c.line=OPENSSL_LINE; goto err; } \ -+ if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \ -+ Tlen = c.slen - (c.p - c.q); \ -+ if(!ASN1_check_infinite_end(&c.p, Tlen)) \ -+ { c.error=ERR_R_MISSING_ASN1_EOS; \ -+ c.line=OPENSSL_LINE; goto err; } \ -+ }\ -+ c.slen-=(c.p-c.q); \ -+ } -+ -+/* New macros */ -+# define M_ASN1_New_Malloc(ret,type) \ -+ if ((ret=(type *)OPENSSL_malloc(sizeof(type))) == NULL) \ -+ { c.line=OPENSSL_LINE; goto err2; } -+ -+# define M_ASN1_New(arg,func) \ -+ if (((arg)=func()) == NULL) return(NULL) -+ -+# define M_ASN1_New_Error(a) \ -+/*- err: ASN1_MAC_H_err((a),ERR_R_NESTED_ASN1_ERROR,c.line); \ -+ return(NULL);*/ \ -+ err2: ASN1_MAC_H_err((a),ERR_R_MALLOC_FAILURE,c.line); \ -+ return(NULL) -+ -+/* -+ * BIG UGLY WARNING! This is so damn ugly I wanna puke. Unfortunately, some -+ * macros that use ASN1_const_CTX still insist on writing in the input -+ * stream. ARGH! ARGH! ARGH! Let's get rid of this macro package. Please? -- -+ * Richard Levitte - */ -+# define M_ASN1_next (*((unsigned char *)(c.p))) -+# define M_ASN1_next_prev (*((unsigned char *)(c.q))) -+ -+/*************************************************/ -+ -+# define M_ASN1_I2D_vars(a) int r=0,ret=0; \ -+ unsigned char *p; \ -+ if (a == NULL) return(0) -+ -+/* Length Macros */ -+# define M_ASN1_I2D_len(a,f) ret+=f(a,NULL) -+# define M_ASN1_I2D_len_IMP_opt(a,f) if (a != NULL) M_ASN1_I2D_len(a,f) -+ -+# define M_ASN1_I2D_len_SET(a,f) \ -+ ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET); -+ -+# define M_ASN1_I2D_len_SET_type(type,a,f) \ -+ ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SET, \ -+ V_ASN1_UNIVERSAL,IS_SET); -+ -+# define M_ASN1_I2D_len_SEQUENCE(a,f) \ -+ ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \ -+ IS_SEQUENCE); -+ -+# define M_ASN1_I2D_len_SEQUENCE_type(type,a,f) \ -+ ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SEQUENCE, \ -+ V_ASN1_UNIVERSAL,IS_SEQUENCE) -+ -+# define M_ASN1_I2D_len_SEQUENCE_opt(a,f) \ -+ if ((a != NULL) && (sk_num(a) != 0)) \ -+ M_ASN1_I2D_len_SEQUENCE(a,f); -+ -+# define M_ASN1_I2D_len_SEQUENCE_opt_type(type,a,f) \ -+ if ((a != NULL) && (sk_##type##_num(a) != 0)) \ -+ M_ASN1_I2D_len_SEQUENCE_type(type,a,f); -+ -+# define M_ASN1_I2D_len_IMP_SET(a,f,x) \ -+ ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET); -+ -+# define M_ASN1_I2D_len_IMP_SET_type(type,a,f,x) \ -+ ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \ -+ V_ASN1_CONTEXT_SPECIFIC,IS_SET); -+ -+# define M_ASN1_I2D_len_IMP_SET_opt(a,f,x) \ -+ if ((a != NULL) && (sk_num(a) != 0)) \ -+ ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \ -+ IS_SET); -+ -+# define M_ASN1_I2D_len_IMP_SET_opt_type(type,a,f,x) \ -+ if ((a != NULL) && (sk_##type##_num(a) != 0)) \ -+ ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \ -+ V_ASN1_CONTEXT_SPECIFIC,IS_SET); -+ -+# define M_ASN1_I2D_len_IMP_SEQUENCE(a,f,x) \ -+ ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \ -+ IS_SEQUENCE); -+ -+# define M_ASN1_I2D_len_IMP_SEQUENCE_opt(a,f,x) \ -+ if ((a != NULL) && (sk_num(a) != 0)) \ -+ ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \ -+ IS_SEQUENCE); -+ -+# define M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(type,a,f,x) \ -+ if ((a != NULL) && (sk_##type##_num(a) != 0)) \ -+ ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \ -+ V_ASN1_CONTEXT_SPECIFIC, \ -+ IS_SEQUENCE); -+ -+# define M_ASN1_I2D_len_EXP_opt(a,f,mtag,v) \ -+ if (a != NULL)\ -+ { \ -+ v=f(a,NULL); \ -+ ret+=ASN1_object_size(1,v,mtag); \ -+ } -+ -+# define M_ASN1_I2D_len_EXP_SET_opt(a,f,mtag,tag,v) \ -+ if ((a != NULL) && (sk_num(a) != 0))\ -+ { \ -+ v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL,IS_SET); \ -+ ret+=ASN1_object_size(1,v,mtag); \ -+ } -+ -+# define M_ASN1_I2D_len_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \ -+ if ((a != NULL) && (sk_num(a) != 0))\ -+ { \ -+ v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL, \ -+ IS_SEQUENCE); \ -+ ret+=ASN1_object_size(1,v,mtag); \ -+ } -+ -+# define M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \ -+ if ((a != NULL) && (sk_##type##_num(a) != 0))\ -+ { \ -+ v=i2d_ASN1_SET_OF_##type(a,NULL,f,tag, \ -+ V_ASN1_UNIVERSAL, \ -+ IS_SEQUENCE); \ -+ ret+=ASN1_object_size(1,v,mtag); \ -+ } -+ -+/* Put Macros */ -+# define M_ASN1_I2D_put(a,f) f(a,&p) -+ -+# define M_ASN1_I2D_put_IMP_opt(a,f,t) \ -+ if (a != NULL) \ -+ { \ -+ unsigned char *q=p; \ -+ f(a,&p); \ -+ *q=(V_ASN1_CONTEXT_SPECIFIC|t|(*q&V_ASN1_CONSTRUCTED));\ -+ } -+ -+# define M_ASN1_I2D_put_SET(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SET,\ -+ V_ASN1_UNIVERSAL,IS_SET) -+# define M_ASN1_I2D_put_SET_type(type,a,f) \ -+ i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET) -+# define M_ASN1_I2D_put_IMP_SET(a,f,x) i2d_ASN1_SET(a,&p,f,x,\ -+ V_ASN1_CONTEXT_SPECIFIC,IS_SET) -+# define M_ASN1_I2D_put_IMP_SET_type(type,a,f,x) \ -+ i2d_ASN1_SET_OF_##type(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET) -+# define M_ASN1_I2D_put_IMP_SEQUENCE(a,f,x) i2d_ASN1_SET(a,&p,f,x,\ -+ V_ASN1_CONTEXT_SPECIFIC,IS_SEQUENCE) -+ -+# define M_ASN1_I2D_put_SEQUENCE(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SEQUENCE,\ -+ V_ASN1_UNIVERSAL,IS_SEQUENCE) -+ -+# define M_ASN1_I2D_put_SEQUENCE_type(type,a,f) \ -+ i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \ -+ IS_SEQUENCE) -+ -+# define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \ -+ if ((a != NULL) && (sk_num(a) != 0)) \ -+ M_ASN1_I2D_put_SEQUENCE(a,f); -+ -+# define M_ASN1_I2D_put_IMP_SET_opt(a,f,x) \ -+ if ((a != NULL) && (sk_num(a) != 0)) \ -+ { i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \ -+ IS_SET); } -+ -+# define M_ASN1_I2D_put_IMP_SET_opt_type(type,a,f,x) \ -+ if ((a != NULL) && (sk_##type##_num(a) != 0)) \ -+ { i2d_ASN1_SET_OF_##type(a,&p,f,x, \ -+ V_ASN1_CONTEXT_SPECIFIC, \ -+ IS_SET); } -+ -+# define M_ASN1_I2D_put_IMP_SEQUENCE_opt(a,f,x) \ -+ if ((a != NULL) && (sk_num(a) != 0)) \ -+ { i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \ -+ IS_SEQUENCE); } -+ -+# define M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(type,a,f,x) \ -+ if ((a != NULL) && (sk_##type##_num(a) != 0)) \ -+ { i2d_ASN1_SET_OF_##type(a,&p,f,x, \ -+ V_ASN1_CONTEXT_SPECIFIC, \ -+ IS_SEQUENCE); } -+ -+# define M_ASN1_I2D_put_EXP_opt(a,f,tag,v) \ -+ if (a != NULL) \ -+ { \ -+ ASN1_put_object(&p,1,v,tag,V_ASN1_CONTEXT_SPECIFIC); \ -+ f(a,&p); \ -+ } -+ -+# define M_ASN1_I2D_put_EXP_SET_opt(a,f,mtag,tag,v) \ -+ if ((a != NULL) && (sk_num(a) != 0)) \ -+ { \ -+ ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \ -+ i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SET); \ -+ } -+ -+# define M_ASN1_I2D_put_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \ -+ if ((a != NULL) && (sk_num(a) != 0)) \ -+ { \ -+ ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \ -+ i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SEQUENCE); \ -+ } -+ -+# define M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \ -+ if ((a != NULL) && (sk_##type##_num(a) != 0)) \ -+ { \ -+ ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \ -+ i2d_ASN1_SET_OF_##type(a,&p,f,tag,V_ASN1_UNIVERSAL, \ -+ IS_SEQUENCE); \ -+ } -+ -+# define M_ASN1_I2D_seq_total() \ -+ r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \ -+ if (pp == NULL) return(r); \ -+ p= *pp; \ -+ ASN1_put_object(&p,1,ret,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL) -+ -+# define M_ASN1_I2D_INF_seq_start(tag,ctx) \ -+ *(p++)=(V_ASN1_CONSTRUCTED|(tag)|(ctx)); \ -+ *(p++)=0x80 -+ -+# define M_ASN1_I2D_INF_seq_end() *(p++)=0x00; *(p++)=0x00 -+ -+# define M_ASN1_I2D_finish() *pp=p; \ -+ return(r); -+ -+int asn1_GetSequence(ASN1_const_CTX *c, long *length); -+void asn1_add_error(const unsigned char *address, int offset); -+#ifdef __cplusplus -+} -+#endif - --#error "This file is obsolete; please update your software." -+#endif -diff --git a/Cryptlib/Include/openssl/asn1t.h b/Cryptlib/Include/openssl/asn1t.h -index 8eedfb3..99bc0ee 100644 ---- a/Cryptlib/Include/openssl/asn1t.h -+++ b/Cryptlib/Include/openssl/asn1t.h -@@ -1,12 +1,61 @@ -+/* asn1t.h */ - /* -- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2000. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ -- - #ifndef HEADER_ASN1T_H - # define HEADER_ASN1T_H - -@@ -35,10 +84,7 @@ extern "C" { - # define ASN1_ITEM_start(itname) \ - OPENSSL_GLOBAL const ASN1_ITEM itname##_it = { - --# define static_ASN1_ITEM_start(itname) \ -- static const ASN1_ITEM itname##_it = { -- --# define ASN1_ITEM_end(itname) \ -+# define ASN1_ITEM_end(itname) \ - }; - - # else -@@ -53,9 +99,6 @@ extern "C" { - { \ - static const ASN1_ITEM local_it = { - --# define static_ASN1_ITEM_start(itname) \ -- static ASN1_ITEM_start(itname) -- - # define ASN1_ITEM_end(itname) \ - }; \ - return &local_it; \ -@@ -79,17 +122,6 @@ extern "C" { - 0,\ - #tname \ - ASN1_ITEM_end(tname) --# define static_ASN1_ITEM_TEMPLATE_END(tname) \ -- ;\ -- static_ASN1_ITEM_start(tname) \ -- ASN1_ITYPE_PRIMITIVE,\ -- -1,\ -- &tname##_item_tt,\ -- 0,\ -- NULL,\ -- 0,\ -- #tname \ -- ASN1_ITEM_end(tname) - - /* This is a ASN1 type which just embeds a template */ - -@@ -119,8 +151,6 @@ extern "C" { - - # define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname) - --# define static_ASN1_SEQUENCE_END(stname) static_ASN1_SEQUENCE_END_name(stname, stname) -- - # define ASN1_SEQUENCE_END_name(stname, tname) \ - ;\ - ASN1_ITEM_start(tname) \ -@@ -133,18 +163,6 @@ extern "C" { - #stname \ - ASN1_ITEM_end(tname) - --# define static_ASN1_SEQUENCE_END_name(stname, tname) \ -- ;\ -- static_ASN1_ITEM_start(tname) \ -- ASN1_ITYPE_SEQUENCE,\ -- V_ASN1_SEQUENCE,\ -- tname##_seq_tt,\ -- sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ -- NULL,\ -- sizeof(stname),\ -- #stname \ -- ASN1_ITEM_end(tname) -- - # define ASN1_NDEF_SEQUENCE(tname) \ - ASN1_SEQUENCE(tname) - -@@ -159,8 +177,8 @@ extern "C" { - static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \ - ASN1_SEQUENCE(tname) - --# define ASN1_SEQUENCE_ref(tname, cb) \ -- static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), offsetof(tname, lock), cb, 0}; \ -+# define ASN1_SEQUENCE_ref(tname, cb, lck) \ -+ static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), lck, cb, 0}; \ - ASN1_SEQUENCE(tname) - - # define ASN1_SEQUENCE_enc(tname, enc, cb) \ -@@ -178,26 +196,12 @@ extern "C" { - sizeof(tname),\ - #tname \ - ASN1_ITEM_end(tname) --# define static_ASN1_NDEF_SEQUENCE_END(tname) \ -- ;\ -- static_ASN1_ITEM_start(tname) \ -- ASN1_ITYPE_NDEF_SEQUENCE,\ -- V_ASN1_SEQUENCE,\ -- tname##_seq_tt,\ -- sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ -- NULL,\ -- sizeof(tname),\ -- #tname \ -- ASN1_ITEM_end(tname) - - # define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname) --# define static_ASN1_BROKEN_SEQUENCE_END(stname) \ -- static_ASN1_SEQUENCE_END_ref(stname, stname) - - # define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) - - # define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) --# define static_ASN1_SEQUENCE_END_cb(stname, tname) static_ASN1_SEQUENCE_END_ref(stname, tname) - - # define ASN1_SEQUENCE_END_ref(stname, tname) \ - ;\ -@@ -210,17 +214,6 @@ extern "C" { - sizeof(stname),\ - #stname \ - ASN1_ITEM_end(tname) --# define static_ASN1_SEQUENCE_END_ref(stname, tname) \ -- ;\ -- static_ASN1_ITEM_start(tname) \ -- ASN1_ITYPE_SEQUENCE,\ -- V_ASN1_SEQUENCE,\ -- tname##_seq_tt,\ -- sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ -- &tname##_aux,\ -- sizeof(stname),\ -- #stname \ -- ASN1_ITEM_end(tname) - - # define ASN1_NDEF_SEQUENCE_END_cb(stname, tname) \ - ;\ -@@ -266,12 +259,8 @@ extern "C" { - - # define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname) - --# define static_ASN1_CHOICE_END(stname) static_ASN1_CHOICE_END_name(stname, stname) -- - # define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type) - --# define static_ASN1_CHOICE_END_name(stname, tname) static_ASN1_CHOICE_END_selector(stname, tname, type) -- - # define ASN1_CHOICE_END_selector(stname, tname, selname) \ - ;\ - ASN1_ITEM_start(tname) \ -@@ -284,18 +273,6 @@ extern "C" { - #stname \ - ASN1_ITEM_end(tname) - --# define static_ASN1_CHOICE_END_selector(stname, tname, selname) \ -- ;\ -- static_ASN1_ITEM_start(tname) \ -- ASN1_ITYPE_CHOICE,\ -- offsetof(stname,selname) ,\ -- tname##_ch_tt,\ -- sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ -- NULL,\ -- sizeof(stname),\ -- #stname \ -- ASN1_ITEM_end(tname) -- - # define ASN1_CHOICE_END_cb(stname, tname, selname) \ - ;\ - ASN1_ITEM_start(tname) \ -@@ -322,6 +299,11 @@ extern "C" { - (flags), (tag), offsetof(stname, field),\ - #field, ASN1_ITEM_ref(type) } - -+/* used when the structure is combined with the parent */ -+ -+# define ASN1_EX_COMBINE(flags, tag, type) { \ -+ (flags)|ASN1_TFLG_COMBINE, (tag), 0, NULL, ASN1_ITEM_ref(type) } -+ - /* implicit and explicit helper macros */ - - # define ASN1_IMP_EX(stname, field, type, tag, ex) \ -@@ -341,8 +323,6 @@ extern "C" { - # endif - /* Plain simple type */ - # define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type) --/* Embedded simple type */ --# define ASN1_EMBED(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_EMBED,0, stname, field, type) - - /* OPTIONAL simple type */ - # define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type) -@@ -415,12 +395,12 @@ extern "C" { - - # ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION - --# define ASN1_ADB_END(name, flags, field, adb_cb, def, none) \ -+# define ASN1_ADB_END(name, flags, field, app_table, def, none) \ - ;\ - static const ASN1_ADB name##_adb = {\ - flags,\ - offsetof(name, field),\ -- adb_cb,\ -+ app_table,\ - name##_adbtbl,\ - sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\ - def,\ -@@ -429,7 +409,7 @@ extern "C" { - - # else - --# define ASN1_ADB_END(name, flags, field, adb_cb, def, none) \ -+# define ASN1_ADB_END(name, flags, field, app_table, def, none) \ - ;\ - static const ASN1_ITEM *name##_adb(void) \ - { \ -@@ -437,7 +417,7 @@ extern "C" { - {\ - flags,\ - offsetof(name, field),\ -- adb_cb,\ -+ app_table,\ - name##_adbtbl,\ - sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\ - def,\ -@@ -464,7 +444,9 @@ struct ASN1_TEMPLATE_st { - unsigned long flags; /* Various flags */ - long tag; /* tag, not used if no tagging */ - unsigned long offset; /* Offset of this field in structure */ -+# ifndef NO_ASN1_FIELD_NAMES - const char *field_name; /* Field name */ -+# endif - ASN1_ITEM_EXP *item; /* Relevant ASN1_ITEM or ASN1_ADB */ - }; - -@@ -479,7 +461,7 @@ typedef struct ASN1_ADB_st ASN1_ADB; - struct ASN1_ADB_st { - unsigned long flags; /* Various flags */ - unsigned long offset; /* Offset of selector field */ -- int (*adb_cb)(long *psel); /* Application callback */ -+ STACK_OF(ASN1_ADB_TABLE) **app_items; /* Application defined items */ - const ASN1_ADB_TABLE *tbl; /* Table of possible types */ - long tblcount; /* Number of entries in tbl */ - const ASN1_TEMPLATE *default_tt; /* Type to use if no match */ -@@ -560,6 +542,15 @@ struct ASN1_ADB_TABLE_st { - - # define ASN1_TFLG_ADB_INT (0x1<<9) - -+/* -+ * This flag means a parent structure is passed instead of the field: this is -+ * useful is a SEQUENCE is being combined with a CHOICE for example. Since -+ * this means the structure and item name will differ we need to use the -+ * ASN1_CHOICE_END_name() macro for example. -+ */ -+ -+# define ASN1_TFLG_COMBINE (0x1<<10) -+ - /* - * This flag when present in a SEQUENCE OF, SET OF or EXPLICIT causes - * indefinite length constructed encoding to be used if required. -@@ -567,9 +558,6 @@ struct ASN1_ADB_TABLE_st { - - # define ASN1_TFLG_NDEF (0x1<<11) - --/* Field is embedded and not a pointer */ --# define ASN1_TFLG_EMBED (0x1 << 12) -- - /* This is the actual ASN1 item itself */ - - struct ASN1_ITEM_st { -@@ -581,7 +569,9 @@ struct ASN1_ITEM_st { - long tcount; /* Number of templates if SEQUENCE or CHOICE */ - const void *funcs; /* functions that handle this type */ - long size; /* Structure size (usually) */ -+# ifndef NO_ASN1_FIELD_NAMES - const char *sname; /* Structure name */ -+# endif - }; - - /*- -@@ -607,6 +597,10 @@ struct ASN1_ITEM_st { - * The 'funcs' field is used for application - * specific functions. - * -+ * For COMPAT types the funcs field gives a -+ * set of functions that handle this type, this -+ * supports the old d2i, i2d convention. -+ * - * The EXTERN type uses a new style d2i/i2d. - * The new style should be used where possible - * because it avoids things like the d2i IMPLICIT -@@ -631,6 +625,8 @@ struct ASN1_ITEM_st { - - # define ASN1_ITYPE_CHOICE 0x2 - -+# define ASN1_ITYPE_COMPAT 0x3 -+ - # define ASN1_ITYPE_EXTERN 0x4 - - # define ASN1_ITYPE_MSTRING 0x5 -@@ -652,6 +648,13 @@ struct ASN1_TLC_st { - }; - - /* Typedefs for ASN1 function pointers */ -+ -+typedef ASN1_VALUE *ASN1_new_func(void); -+typedef void ASN1_free_func(ASN1_VALUE *a); -+typedef ASN1_VALUE *ASN1_d2i_func(ASN1_VALUE **a, const unsigned char **in, -+ long length); -+typedef int ASN1_i2d_func(ASN1_VALUE *a, unsigned char **in); -+ - typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, - const ASN1_ITEM *it, int tag, int aclass, char opt, - ASN1_TLC *ctx); -@@ -674,6 +677,13 @@ typedef int ASN1_primitive_print(BIO *out, ASN1_VALUE **pval, - const ASN1_ITEM *it, int indent, - const ASN1_PCTX *pctx); - -+typedef struct ASN1_COMPAT_FUNCS_st { -+ ASN1_new_func *asn1_new; -+ ASN1_free_func *asn1_free; -+ ASN1_d2i_func *asn1_d2i; -+ ASN1_i2d_func *asn1_i2d; -+} ASN1_COMPAT_FUNCS; -+ - typedef struct ASN1_EXTERN_FUNCS_st { - void *app_data; - ASN1_ex_new_func *asn1_ex_new; -@@ -776,6 +786,27 @@ typedef struct ASN1_STREAM_ARG_st { - ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \ - ASN1_ITEM_end(itname) - -+/* Macro to implement an ASN1_ITEM in terms of old style funcs */ -+ -+# define IMPLEMENT_COMPAT_ASN1(sname) IMPLEMENT_COMPAT_ASN1_type(sname, V_ASN1_SEQUENCE) -+ -+# define IMPLEMENT_COMPAT_ASN1_type(sname, tag) \ -+ static const ASN1_COMPAT_FUNCS sname##_ff = { \ -+ (ASN1_new_func *)sname##_new, \ -+ (ASN1_free_func *)sname##_free, \ -+ (ASN1_d2i_func *)d2i_##sname, \ -+ (ASN1_i2d_func *)i2d_##sname, \ -+ }; \ -+ ASN1_ITEM_start(sname) \ -+ ASN1_ITYPE_COMPAT, \ -+ tag, \ -+ NULL, \ -+ 0, \ -+ &sname##_ff, \ -+ 0, \ -+ #sname \ -+ ASN1_ITEM_end(sname) -+ - # define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \ - ASN1_ITEM_start(sname) \ - ASN1_ITYPE_EXTERN, \ -@@ -842,19 +873,6 @@ typedef struct ASN1_STREAM_ARG_st { - return ASN1_item_ndef_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\ - } - --# define IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(stname) \ -- static stname *d2i_##stname(stname **a, \ -- const unsigned char **in, long len) \ -- { \ -- return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, \ -- ASN1_ITEM_rptr(stname)); \ -- } \ -- static int i2d_##stname(stname *a, unsigned char **out) \ -- { \ -- return ASN1_item_i2d((ASN1_VALUE *)a, out, \ -- ASN1_ITEM_rptr(stname)); \ -- } -- - /* - * This includes evil casts to remove const: they will go away when full ASN1 - * constification is done. -@@ -904,19 +922,50 @@ DECLARE_ASN1_ITEM(BIGNUM) - DECLARE_ASN1_ITEM(LONG) - DECLARE_ASN1_ITEM(ZLONG) - --DEFINE_STACK_OF(ASN1_VALUE) -+DECLARE_STACK_OF(ASN1_VALUE) - - /* Functions used internally by the ASN1 code */ - - int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it); - void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it); -+int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); -+int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it); - -+void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); -+int ASN1_template_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, -+ const ASN1_TEMPLATE *tt); - int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, - const ASN1_ITEM *it, int tag, int aclass, char opt, - ASN1_TLC *ctx); - - int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, - const ASN1_ITEM *it, int tag, int aclass); -+int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, -+ const ASN1_TEMPLATE *tt); -+void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it); -+ -+int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, -+ const ASN1_ITEM *it); -+int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, -+ int utype, char *free_cont, const ASN1_ITEM *it); -+ -+int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it); -+int asn1_set_choice_selector(ASN1_VALUE **pval, int value, -+ const ASN1_ITEM *it); -+ -+ASN1_VALUE **asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); -+ -+const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, -+ int nullerr); -+ -+int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it); -+ -+void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it); -+void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it); -+int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, -+ const ASN1_ITEM *it); -+int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, -+ const ASN1_ITEM *it); - - #ifdef __cplusplus - } -diff --git a/Cryptlib/Include/openssl/async.h b/Cryptlib/Include/openssl/async.h -deleted file mode 100644 -index 5b2e496..0000000 ---- a/Cryptlib/Include/openssl/async.h -+++ /dev/null -@@ -1,98 +0,0 @@ --/* -- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include -- --#ifndef HEADER_ASYNC_H --# define HEADER_ASYNC_H -- --#if defined(_WIN32) --# if defined(BASETYPES) || defined(_WINDEF_H) --/* application has to include to use this */ --#define OSSL_ASYNC_FD HANDLE --#define OSSL_BAD_ASYNC_FD INVALID_HANDLE_VALUE --# endif --#else --#define OSSL_ASYNC_FD int --#define OSSL_BAD_ASYNC_FD -1 --#endif -- -- --# ifdef __cplusplus --extern "C" { --# endif -- --typedef struct async_job_st ASYNC_JOB; --typedef struct async_wait_ctx_st ASYNC_WAIT_CTX; -- --#define ASYNC_ERR 0 --#define ASYNC_NO_JOBS 1 --#define ASYNC_PAUSE 2 --#define ASYNC_FINISH 3 -- --int ASYNC_init_thread(size_t max_size, size_t init_size); --void ASYNC_cleanup_thread(void); -- --#ifdef OSSL_ASYNC_FD --ASYNC_WAIT_CTX *ASYNC_WAIT_CTX_new(void); --void ASYNC_WAIT_CTX_free(ASYNC_WAIT_CTX *ctx); --int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key, -- OSSL_ASYNC_FD fd, -- void *custom_data, -- void (*cleanup)(ASYNC_WAIT_CTX *, const void *, -- OSSL_ASYNC_FD, void *)); --int ASYNC_WAIT_CTX_get_fd(ASYNC_WAIT_CTX *ctx, const void *key, -- OSSL_ASYNC_FD *fd, void **custom_data); --int ASYNC_WAIT_CTX_get_all_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *fd, -- size_t *numfds); --int ASYNC_WAIT_CTX_get_changed_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *addfd, -- size_t *numaddfds, OSSL_ASYNC_FD *delfd, -- size_t *numdelfds); --int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key); --#endif -- --int ASYNC_is_capable(void); -- --int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret, -- int (*func)(void *), void *args, size_t size); --int ASYNC_pause_job(void); -- --ASYNC_JOB *ASYNC_get_current_job(void); --ASYNC_WAIT_CTX *ASYNC_get_wait_ctx(ASYNC_JOB *job); --void ASYNC_block_pause(void); --void ASYNC_unblock_pause(void); -- --/* BEGIN ERROR CODES */ --/* -- * The following lines are auto generated by the script mkerr.pl. Any changes -- * made after this point may be overwritten when the script is next run. -- */ -- --int ERR_load_ASYNC_strings(void); -- --/* Error codes for the ASYNC functions. */ -- --/* Function codes. */ --# define ASYNC_F_ASYNC_CTX_NEW 100 --# define ASYNC_F_ASYNC_INIT_THREAD 101 --# define ASYNC_F_ASYNC_JOB_NEW 102 --# define ASYNC_F_ASYNC_PAUSE_JOB 103 --# define ASYNC_F_ASYNC_START_FUNC 104 --# define ASYNC_F_ASYNC_START_JOB 105 -- --/* Reason codes. */ --# define ASYNC_R_FAILED_TO_SET_POOL 101 --# define ASYNC_R_FAILED_TO_SWAP_CONTEXT 102 --# define ASYNC_R_INIT_FAILED 105 --# define ASYNC_R_INVALID_POOL_SIZE 103 -- --# ifdef __cplusplus --} --# endif --#endif -diff --git a/Cryptlib/Include/openssl/bio.h b/Cryptlib/Include/openssl/bio.h -index 9bc941b..8f2438c 100644 ---- a/Cryptlib/Include/openssl/bio.h -+++ b/Cryptlib/Include/openssl/bio.h -@@ -1,10 +1,59 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/bio/bio.h */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #ifndef HEADER_BIO_H -@@ -12,7 +61,7 @@ - - # include - --# ifndef OPENSSL_NO_STDIO -+# ifndef OPENSSL_NO_FP_API - # include - # endif - # include -@@ -31,39 +80,38 @@ - extern "C" { - #endif - --/* There are the classes of BIOs */ --# define BIO_TYPE_DESCRIPTOR 0x0100 /* socket, fd, connect or accept */ --# define BIO_TYPE_FILTER 0x0200 --# define BIO_TYPE_SOURCE_SINK 0x0400 -- - /* These are the 'types' of BIOs */ --# define BIO_TYPE_NONE 0 --# define BIO_TYPE_MEM ( 1|BIO_TYPE_SOURCE_SINK) --# define BIO_TYPE_FILE ( 2|BIO_TYPE_SOURCE_SINK) -- --# define BIO_TYPE_FD ( 4|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) --# define BIO_TYPE_SOCKET ( 5|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) --# define BIO_TYPE_NULL ( 6|BIO_TYPE_SOURCE_SINK) --# define BIO_TYPE_SSL ( 7|BIO_TYPE_FILTER) --# define BIO_TYPE_MD ( 8|BIO_TYPE_FILTER) --# define BIO_TYPE_BUFFER ( 9|BIO_TYPE_FILTER) --# define BIO_TYPE_CIPHER (10|BIO_TYPE_FILTER) --# define BIO_TYPE_BASE64 (11|BIO_TYPE_FILTER) --# define BIO_TYPE_CONNECT (12|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) --# define BIO_TYPE_ACCEPT (13|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) -- --# define BIO_TYPE_NBIO_TEST (16|BIO_TYPE_FILTER)/* server proxy BIO */ --# define BIO_TYPE_NULL_FILTER (17|BIO_TYPE_FILTER) --# define BIO_TYPE_BIO (19|BIO_TYPE_SOURCE_SINK)/* half a BIO pair */ --# define BIO_TYPE_LINEBUFFER (20|BIO_TYPE_FILTER) --# define BIO_TYPE_DGRAM (21|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) --# define BIO_TYPE_ASN1 (22|BIO_TYPE_FILTER) --# define BIO_TYPE_COMP (23|BIO_TYPE_FILTER) -+# define BIO_TYPE_NONE 0 -+# define BIO_TYPE_MEM (1|0x0400) -+# define BIO_TYPE_FILE (2|0x0400) -+ -+# define BIO_TYPE_FD (4|0x0400|0x0100) -+# define BIO_TYPE_SOCKET (5|0x0400|0x0100) -+# define BIO_TYPE_NULL (6|0x0400) -+# define BIO_TYPE_SSL (7|0x0200) -+# define BIO_TYPE_MD (8|0x0200)/* passive filter */ -+# define BIO_TYPE_BUFFER (9|0x0200)/* filter */ -+# define BIO_TYPE_CIPHER (10|0x0200)/* filter */ -+# define BIO_TYPE_BASE64 (11|0x0200)/* filter */ -+# define BIO_TYPE_CONNECT (12|0x0400|0x0100)/* socket - connect */ -+# define BIO_TYPE_ACCEPT (13|0x0400|0x0100)/* socket for accept */ -+# define BIO_TYPE_PROXY_CLIENT (14|0x0200)/* client proxy BIO */ -+# define BIO_TYPE_PROXY_SERVER (15|0x0200)/* server proxy BIO */ -+# define BIO_TYPE_NBIO_TEST (16|0x0200)/* server proxy BIO */ -+# define BIO_TYPE_NULL_FILTER (17|0x0200) -+# define BIO_TYPE_BER (18|0x0200)/* BER -> bin filter */ -+# define BIO_TYPE_BIO (19|0x0400)/* (half a) BIO pair */ -+# define BIO_TYPE_LINEBUFFER (20|0x0200)/* filter */ -+# define BIO_TYPE_DGRAM (21|0x0400|0x0100) - # ifndef OPENSSL_NO_SCTP --# define BIO_TYPE_DGRAM_SCTP (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) -+# define BIO_TYPE_DGRAM_SCTP (24|0x0400|0x0100) - # endif -+# define BIO_TYPE_ASN1 (22|0x0200)/* filter */ -+# define BIO_TYPE_COMP (23|0x0200)/* filter */ - --#define BIO_TYPE_START 128 -+# define BIO_TYPE_DESCRIPTOR 0x0100/* socket, fd, connect or accept */ -+# define BIO_TYPE_FILTER 0x0200 -+# define BIO_TYPE_SOURCE_SINK 0x0400 - - /* - * BIO_FILENAME_READ|BIO_CLOSE to open or close on free. -@@ -88,6 +136,7 @@ extern "C" { - # define BIO_CTRL_FLUSH 11/* opt - 'flush' buffered output */ - # define BIO_CTRL_DUP 12/* man - extra stuff for 'duped' BIO */ - # define BIO_CTRL_WPENDING 13/* opt - number of bytes still to write */ -+/* callback is int cb(BIO *bio,state,ret); */ - # define BIO_CTRL_SET_CALLBACK 14/* opt - set callback function */ - # define BIO_CTRL_GET_CALLBACK 15/* opt - set callback function */ - -@@ -129,8 +178,6 @@ extern "C" { - - # define BIO_CTRL_DGRAM_GET_MTU_OVERHEAD 49 - --# define BIO_CTRL_DGRAM_SET_PEEK_MODE 50 -- - # ifndef OPENSSL_NO_SCTP - /* SCTP stuff */ - # define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE 50 -@@ -165,20 +212,31 @@ extern "C" { - # define BIO_FLAGS_UPLINK 0 - # endif - -+/* Used in BIO_gethostbyname() */ -+# define BIO_GHBN_CTRL_HITS 1 -+# define BIO_GHBN_CTRL_MISSES 2 -+# define BIO_GHBN_CTRL_CACHE_SIZE 3 -+# define BIO_GHBN_CTRL_GET_ENTRY 4 -+# define BIO_GHBN_CTRL_FLUSH 5 -+ -+/* Mostly used in the SSL BIO */ -+/*- -+ * Not used anymore -+ * #define BIO_FLAGS_PROTOCOL_DELAYED_READ 0x10 -+ * #define BIO_FLAGS_PROTOCOL_DELAYED_WRITE 0x20 -+ * #define BIO_FLAGS_PROTOCOL_STARTUP 0x40 -+ */ -+ - # define BIO_FLAGS_BASE64_NO_NL 0x100 - - /* -- * This is used with memory BIOs: -- * BIO_FLAGS_MEM_RDONLY means we shouldn't free up or change the data in any way; -- * BIO_FLAGS_NONCLEAR_RST means we should't clear data on reset. -+ * This is used with memory BIOs: it means we shouldn't free up or change the -+ * data in any way. - */ - # define BIO_FLAGS_MEM_RDONLY 0x200 --# define BIO_FLAGS_NONCLEAR_RST 0x400 - --typedef union bio_addr_st BIO_ADDR; --typedef struct bio_addrinfo_st BIO_ADDRINFO; -+typedef struct bio_st BIO; - --int BIO_get_new_index(void); - void BIO_set_flags(BIO *b, int flags); - int BIO_test_flags(const BIO *b, int flags); - void BIO_clear_flags(BIO *b, int flags); -@@ -237,21 +295,76 @@ void BIO_clear_flags(BIO *b, int flags); - # define BIO_cb_pre(a) (!((a)&BIO_CB_RETURN)) - # define BIO_cb_post(a) ((a)&BIO_CB_RETURN) - --typedef long (*BIO_callback_fn)(BIO *b, int oper, const char *argp, int argi, -- long argl, long ret); --BIO_callback_fn BIO_get_callback(const BIO *b); --void BIO_set_callback(BIO *b, BIO_callback_fn callback); -+long (*BIO_get_callback(const BIO *b)) (struct bio_st *, int, const char *, -+ int, long, long); -+void BIO_set_callback(BIO *b, -+ long (*callback) (struct bio_st *, int, const char *, -+ int, long, long)); - char *BIO_get_callback_arg(const BIO *b); - void BIO_set_callback_arg(BIO *b, char *arg); - --typedef struct bio_method_st BIO_METHOD; -- - const char *BIO_method_name(const BIO *b); - int BIO_method_type(const BIO *b); - --typedef void bio_info_cb(BIO *, int, const char *, int, long, long); -+typedef void bio_info_cb (struct bio_st *, int, const char *, int, long, -+ long); -+ -+typedef struct bio_method_st { -+ int type; -+ const char *name; -+ int (*bwrite) (BIO *, const char *, int); -+ int (*bread) (BIO *, char *, int); -+ int (*bputs) (BIO *, const char *); -+ int (*bgets) (BIO *, char *, int); -+ long (*ctrl) (BIO *, int, long, void *); -+ int (*create) (BIO *); -+ int (*destroy) (BIO *); -+ long (*callback_ctrl) (BIO *, int, bio_info_cb *); -+} BIO_METHOD; -+ -+struct bio_st { -+ BIO_METHOD *method; -+ /* bio, mode, argp, argi, argl, ret */ -+ long (*callback) (struct bio_st *, int, const char *, int, long, long); -+ char *cb_arg; /* first argument for the callback */ -+ int init; -+ int shutdown; -+ int flags; /* extra storage */ -+ int retry_reason; -+ int num; -+ void *ptr; -+ struct bio_st *next_bio; /* used by filter BIOs */ -+ struct bio_st *prev_bio; /* used by filter BIOs */ -+ int references; -+ unsigned long num_read; -+ unsigned long num_write; -+ CRYPTO_EX_DATA ex_data; -+}; - --DEFINE_STACK_OF(BIO) -+DECLARE_STACK_OF(BIO) -+ -+typedef struct bio_f_buffer_ctx_struct { -+ /*- -+ * Buffers are setup like this: -+ * -+ * <---------------------- size -----------------------> -+ * +---------------------------------------------------+ -+ * | consumed | remaining | free space | -+ * +---------------------------------------------------+ -+ * <-- off --><------- len -------> -+ */ -+ /*- BIO *bio; *//* -+ * this is now in the BIO struct -+ */ -+ int ibuf_size; /* how big is the input buffer */ -+ int obuf_size; /* how big is the output buffer */ -+ char *ibuf; /* the char array */ -+ int ibuf_len; /* how many bytes are in it */ -+ int ibuf_off; /* write/read offset */ -+ char *obuf; /* the char array */ -+ int obuf_len; /* how many bytes are in it */ -+ int obuf_off; /* write/read offset */ -+} BIO_F_BUFFER_CTX; - - /* Prefix and suffix callback in ASN1 BIO */ - typedef int asn1_ps_func (BIO *b, unsigned char **pbuf, int *plen, -@@ -282,6 +395,15 @@ struct bio_dgram_sctp_prinfo { - }; - # endif - -+/* connect BIO stuff */ -+# define BIO_CONN_S_BEFORE 1 -+# define BIO_CONN_S_GET_IP 2 -+# define BIO_CONN_S_GET_PORT 3 -+# define BIO_CONN_S_CREATE_SOCKET 4 -+# define BIO_CONN_S_CONNECT 5 -+# define BIO_CONN_S_OK 6 -+# define BIO_CONN_S_BLOCKED_CONNECT 7 -+# define BIO_CONN_S_NBIO 8 - /* - * #define BIO_CONN_get_param_hostname BIO_ctrl - */ -@@ -289,7 +411,7 @@ struct bio_dgram_sctp_prinfo { - # define BIO_C_SET_CONNECT 100 - # define BIO_C_DO_STATE_MACHINE 101 - # define BIO_C_SET_NBIO 102 --/* # define BIO_C_SET_PROXY_PARAM 103 */ -+# define BIO_C_SET_PROXY_PARAM 103 - # define BIO_C_SET_FD 104 - # define BIO_C_GET_FD 105 - # define BIO_C_SET_FILE_PTR 106 -@@ -307,7 +429,7 @@ struct bio_dgram_sctp_prinfo { - # define BIO_C_SET_ACCEPT 118 - # define BIO_C_SSL_MODE 119 - # define BIO_C_GET_MD_CTX 120 --/* # define BIO_C_GET_PROXY_PARAM 121 */ -+# define BIO_C_GET_PROXY_PARAM 121 - # define BIO_C_SET_BUFF_READ_DATA 122/* data to read first */ - # define BIO_C_GET_CONNECT 123 - # define BIO_C_GET_ACCEPT 124 -@@ -346,58 +468,54 @@ struct bio_dgram_sctp_prinfo { - # define BIO_C_SET_EX_ARG 153 - # define BIO_C_GET_EX_ARG 154 - --# define BIO_C_SET_CONNECT_MODE 155 -- - # define BIO_set_app_data(s,arg) BIO_set_ex_data(s,0,arg) - # define BIO_get_app_data(s) BIO_get_ex_data(s,0) - --# define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) -- --# ifndef OPENSSL_NO_SOCK --/* IP families we support, for BIO_s_connect() and BIO_s_accept() */ --/* Note: the underlying operating system may not support some of them */ --# define BIO_FAMILY_IPV4 4 --# define BIO_FAMILY_IPV6 6 --# define BIO_FAMILY_IPANY 256 -- --/* BIO_s_connect() */ --# define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0,(char *)name) --# define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port) --# define BIO_set_conn_address(b,addr) BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)addr) --# define BIO_set_conn_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_CONNECT,3,f) --# define BIO_get_conn_hostname(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)) --# define BIO_get_conn_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)) --# define BIO_get_conn_address(b) ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)) --# define BIO_get_conn_ip_family(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL) --# define BIO_set_conn_mode(b,n) BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL) -+/* BIO_s_connect() and BIO_s_socks4a_connect() */ -+# define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0,(char *)name) -+# define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port) -+# define BIO_set_conn_ip(b,ip) BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)ip) -+# define BIO_set_conn_int_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,3,(char *)port) -+# define BIO_get_conn_hostname(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0) -+# define BIO_get_conn_port(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1) -+# define BIO_get_conn_ip(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2) -+# define BIO_get_conn_int_port(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL) -+ -+# define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) - - /* BIO_s_accept() */ --# define BIO_set_accept_name(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name) --# define BIO_set_accept_port(b,port) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(char *)port) --# define BIO_get_accept_name(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)) --# define BIO_get_accept_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,1)) --# define BIO_get_peer_name(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,2)) --# define BIO_get_peer_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,3)) -+# define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name) -+# define BIO_get_accept_port(b) BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0) - /* #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */ --# define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(n)?(void *)"a":NULL) --# define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,3,(char *)bio) --# define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f) --# define BIO_get_accept_ip_family(b) BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL) -- --/* Aliases kept for backward compatibility */ --# define BIO_BIND_NORMAL 0 --# define BIO_BIND_REUSEADDR BIO_SOCK_REUSEADDR --# define BIO_BIND_REUSEADDR_IF_UNUSED BIO_SOCK_REUSEADDR --# define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL) --# define BIO_get_bind_mode(b) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL) -+# define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?(void *)"a":NULL) -+# define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(char *)bio) - --/* BIO_s_accept() and BIO_s_connect() */ --# define BIO_do_connect(b) BIO_do_handshake(b) --# define BIO_do_accept(b) BIO_do_handshake(b) --# endif /* OPENSSL_NO_SOCK */ -+# define BIO_BIND_NORMAL 0 -+# define BIO_BIND_REUSEADDR_IF_UNUSED 1 -+# define BIO_BIND_REUSEADDR 2 -+# define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL) -+# define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL) - -+/* BIO_s_accept() and BIO_s_connect() */ -+# define BIO_do_connect(b) BIO_do_handshake(b) -+# define BIO_do_accept(b) BIO_do_handshake(b) - # define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL) - -+/* BIO_s_proxy_client() */ -+# define BIO_set_url(b,url) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,0,(char *)(url)) -+# define BIO_set_proxies(b,p) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,1,(char *)(p)) -+/* BIO_set_nbio(b,n) */ -+# define BIO_set_filter_bio(b,s) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,2,(char *)(s)) -+/* BIO *BIO_get_filter_bio(BIO *bio); */ -+# define BIO_set_proxy_cb(b,cb) BIO_callback_ctrl(b,BIO_C_SET_PROXY_PARAM,3,(void *(*cb)())) -+# define BIO_set_proxy_header(b,sk) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,4,(char *)sk) -+# define BIO_set_no_connect_return(b,bool) BIO_int_ctrl(b,BIO_C_SET_PROXY_PARAM,5,bool) -+ -+# define BIO_get_proxy_header(b,skp) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,0,(char *)skp) -+# define BIO_get_proxies(b,pxy_p) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,1,(char *)(pxy_p)) -+# define BIO_get_url(b,url) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,2,(char *)(url)) -+# define BIO_get_no_connect_return(b) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,5,NULL) -+ - /* BIO_s_datagram(), BIO_s_fd(), BIO_s_socket(), BIO_s_accept() and BIO_s_connect() */ - # define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd) - # define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c) -@@ -421,14 +539,14 @@ struct bio_dgram_sctp_prinfo { - */ - int BIO_read_filename(BIO *b, const char *name); - # else --# define BIO_read_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ -+# define BIO_read_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ - BIO_CLOSE|BIO_FP_READ,(char *)name) - # endif --# define BIO_write_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ -+# define BIO_write_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ - BIO_CLOSE|BIO_FP_WRITE,name) --# define BIO_append_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ -+# define BIO_append_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ - BIO_CLOSE|BIO_FP_APPEND,name) --# define BIO_rw_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ -+# define BIO_rw_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ - BIO_CLOSE|BIO_FP_READ|BIO_FP_WRITE,name) - - /* -@@ -499,8 +617,8 @@ int BIO_ctrl_reset_read_request(BIO *b); - /* ctrl macros for dgram */ - # define BIO_ctrl_dgram_connect(b,peer) \ - (int)BIO_ctrl(b,BIO_CTRL_DGRAM_CONNECT,0, (char *)peer) --# define BIO_ctrl_set_connected(b,peer) \ -- (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_CONNECTED, 0, (char *)peer) -+# define BIO_ctrl_set_connected(b, state, peer) \ -+ (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_CONNECTED, state, (char *)peer) - # define BIO_dgram_recv_timedout(b) \ - (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL) - # define BIO_dgram_send_timedout(b) \ -@@ -512,12 +630,15 @@ int BIO_ctrl_reset_read_request(BIO *b); - # define BIO_dgram_get_mtu_overhead(b) \ - (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL) - --#define BIO_get_ex_new_index(l, p, newf, dupf, freef) \ -- CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, l, p, newf, dupf, freef) -+/* These two aren't currently implemented */ -+/* int BIO_get_ex_num(BIO *bio); */ -+/* void BIO_set_ex_free_func(BIO *bio,int idx,void (*cb)()); */ - int BIO_set_ex_data(BIO *bio, int idx, void *data); - void *BIO_get_ex_data(BIO *bio, int idx); --uint64_t BIO_number_read(BIO *bio); --uint64_t BIO_number_written(BIO *bio); -+int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, -+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); -+unsigned long BIO_number_read(BIO *bio); -+unsigned long BIO_number_written(BIO *bio); - - /* For BIO_f_asn1() */ - int BIO_asn1_set_prefix(BIO *b, asn1_ps_func *prefix, -@@ -529,21 +650,16 @@ int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix, - int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix, - asn1_ps_func **psuffix_free); - --const BIO_METHOD *BIO_s_file(void); -+# ifndef OPENSSL_NO_FP_API -+BIO_METHOD *BIO_s_file(void); - BIO *BIO_new_file(const char *filename, const char *mode); --# ifndef OPENSSL_NO_STDIO - BIO *BIO_new_fp(FILE *stream, int close_flag); -+# define BIO_s_file_internal BIO_s_file - # endif --BIO *BIO_new(const BIO_METHOD *type); -+BIO *BIO_new(BIO_METHOD *type); -+int BIO_set(BIO *a, BIO_METHOD *type); - int BIO_free(BIO *a); --void BIO_set_data(BIO *a, void *ptr); --void *BIO_get_data(BIO *a); --void BIO_set_init(BIO *a, int init); --int BIO_get_init(BIO *a); --void BIO_set_shutdown(BIO *a, int shut); --int BIO_get_shutdown(BIO *a); - void BIO_vfree(BIO *a); --int BIO_up_ref(BIO *a); - int BIO_read(BIO *b, void *data, int len); - int BIO_gets(BIO *bp, char *buf, int size); - int BIO_write(BIO *b, const void *data, int len); -@@ -551,18 +667,17 @@ int BIO_puts(BIO *bp, const char *buf); - int BIO_indent(BIO *b, int indent, int max); - long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg); - long BIO_callback_ctrl(BIO *b, int cmd, -- void (*fp) (BIO *, int, const char *, int, long, long)); --void *BIO_ptr_ctrl(BIO *bp, int cmd, long larg); -+ void (*fp) (struct bio_st *, int, const char *, int, -+ long, long)); -+char *BIO_ptr_ctrl(BIO *bp, int cmd, long larg); - long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg); - BIO *BIO_push(BIO *b, BIO *append); - BIO *BIO_pop(BIO *b); - void BIO_free_all(BIO *a); - BIO *BIO_find_type(BIO *b, int bio_type); - BIO *BIO_next(BIO *b); --void BIO_set_next(BIO *b, BIO *next); - BIO *BIO_get_retry_BIO(BIO *bio, int *reason); - int BIO_get_retry_reason(BIO *bio); --void BIO_set_retry_reason(BIO *bio, int reason); - BIO *BIO_dup_chain(BIO *in); - - int BIO_nread0(BIO *bio, char **buf); -@@ -573,44 +688,35 @@ int BIO_nwrite(BIO *bio, char **buf, int num); - long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi, - long argl, long ret); - --const BIO_METHOD *BIO_s_mem(void); --const BIO_METHOD *BIO_s_secmem(void); -+BIO_METHOD *BIO_s_mem(void); - BIO *BIO_new_mem_buf(const void *buf, int len); --# ifndef OPENSSL_NO_SOCK --const BIO_METHOD *BIO_s_socket(void); --const BIO_METHOD *BIO_s_connect(void); --const BIO_METHOD *BIO_s_accept(void); -+BIO_METHOD *BIO_s_socket(void); -+BIO_METHOD *BIO_s_connect(void); -+BIO_METHOD *BIO_s_accept(void); -+BIO_METHOD *BIO_s_fd(void); -+# ifndef OPENSSL_SYS_OS2 -+BIO_METHOD *BIO_s_log(void); - # endif --const BIO_METHOD *BIO_s_fd(void); --const BIO_METHOD *BIO_s_log(void); --const BIO_METHOD *BIO_s_bio(void); --const BIO_METHOD *BIO_s_null(void); --const BIO_METHOD *BIO_f_null(void); --const BIO_METHOD *BIO_f_buffer(void); --const BIO_METHOD *BIO_f_linebuffer(void); --const BIO_METHOD *BIO_f_nbio_test(void); -+BIO_METHOD *BIO_s_bio(void); -+BIO_METHOD *BIO_s_null(void); -+BIO_METHOD *BIO_f_null(void); -+BIO_METHOD *BIO_f_buffer(void); -+# ifdef OPENSSL_SYS_VMS -+BIO_METHOD *BIO_f_linebuffer(void); -+# endif -+BIO_METHOD *BIO_f_nbio_test(void); - # ifndef OPENSSL_NO_DGRAM --const BIO_METHOD *BIO_s_datagram(void); --int BIO_dgram_non_fatal_error(int error); --BIO *BIO_new_dgram(int fd, int close_flag); -+BIO_METHOD *BIO_s_datagram(void); - # ifndef OPENSSL_NO_SCTP --const BIO_METHOD *BIO_s_datagram_sctp(void); --BIO *BIO_new_dgram_sctp(int fd, int close_flag); --int BIO_dgram_is_sctp(BIO *bio); --int BIO_dgram_sctp_notification_cb(BIO *b, -- void (*handle_notifications) (BIO *bio, -- void *context, -- void *buf), -- void *context); --int BIO_dgram_sctp_wait_for_dry(BIO *b); --int BIO_dgram_sctp_msg_waiting(BIO *b); -+BIO_METHOD *BIO_s_datagram_sctp(void); - # endif - # endif - --# ifndef OPENSSL_NO_SOCK -+/* BIO_METHOD *BIO_f_ber(void); */ -+ - int BIO_sock_should_retry(int i); - int BIO_sock_non_fatal_error(int error); --# endif -+int BIO_dgram_non_fatal_error(int error); - - int BIO_fd_should_retry(int i); - int BIO_fd_non_fatal_error(int error); -@@ -620,86 +726,51 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u), - void *u, const char *s, int len, int indent); - int BIO_dump(BIO *b, const char *bytes, int len); - int BIO_dump_indent(BIO *b, const char *bytes, int len, int indent); --# ifndef OPENSSL_NO_STDIO -+# ifndef OPENSSL_NO_FP_API - int BIO_dump_fp(FILE *fp, const char *s, int len); - int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent); - # endif - int BIO_hex_string(BIO *out, int indent, int width, unsigned char *data, - int datalen); - --# ifndef OPENSSL_NO_SOCK --BIO_ADDR *BIO_ADDR_new(void); --int BIO_ADDR_rawmake(BIO_ADDR *ap, int family, -- const void *where, size_t wherelen, unsigned short port); --void BIO_ADDR_free(BIO_ADDR *); --void BIO_ADDR_clear(BIO_ADDR *ap); --int BIO_ADDR_family(const BIO_ADDR *ap); --int BIO_ADDR_rawaddress(const BIO_ADDR *ap, void *p, size_t *l); --unsigned short BIO_ADDR_rawport(const BIO_ADDR *ap); --char *BIO_ADDR_hostname_string(const BIO_ADDR *ap, int numeric); --char *BIO_ADDR_service_string(const BIO_ADDR *ap, int numeric); --char *BIO_ADDR_path_string(const BIO_ADDR *ap); -- --const BIO_ADDRINFO *BIO_ADDRINFO_next(const BIO_ADDRINFO *bai); --int BIO_ADDRINFO_family(const BIO_ADDRINFO *bai); --int BIO_ADDRINFO_socktype(const BIO_ADDRINFO *bai); --int BIO_ADDRINFO_protocol(const BIO_ADDRINFO *bai); --const BIO_ADDR *BIO_ADDRINFO_address(const BIO_ADDRINFO *bai); --void BIO_ADDRINFO_free(BIO_ADDRINFO *bai); -- --enum BIO_hostserv_priorities { -- BIO_PARSE_PRIO_HOST, BIO_PARSE_PRIO_SERV --}; --int BIO_parse_hostserv(const char *hostserv, char **host, char **service, -- enum BIO_hostserv_priorities hostserv_prio); --enum BIO_lookup_type { -- BIO_LOOKUP_CLIENT, BIO_LOOKUP_SERVER --}; --int BIO_lookup(const char *host, const char *service, -- enum BIO_lookup_type lookup_type, -- int family, int socktype, BIO_ADDRINFO **res); -+struct hostent *BIO_gethostbyname(const char *name); -+/*- -+ * We might want a thread-safe interface too: -+ * struct hostent *BIO_gethostbyname_r(const char *name, -+ * struct hostent *result, void *buffer, size_t buflen); -+ * or something similar (caller allocates a struct hostent, -+ * pointed to by "result", and additional buffer space for the various -+ * substructures; if the buffer does not suffice, NULL is returned -+ * and an appropriate error code is set). -+ */ - int BIO_sock_error(int sock); - int BIO_socket_ioctl(int fd, long type, void *arg); - int BIO_socket_nbio(int fd, int mode); -+int BIO_get_port(const char *str, unsigned short *port_ptr); -+int BIO_get_host_ip(const char *str, unsigned char *ip); -+int BIO_get_accept_socket(char *host_port, int mode); -+int BIO_accept(int sock, char **ip_port); - int BIO_sock_init(void); --# if OPENSSL_API_COMPAT < 0x10100000L --# define BIO_sock_cleanup() while(0) continue --# endif -+void BIO_sock_cleanup(void); - int BIO_set_tcp_ndelay(int sock, int turn_on); - --DEPRECATEDIN_1_1_0(struct hostent *BIO_gethostbyname(const char *name)) --DEPRECATEDIN_1_1_0(int BIO_get_port(const char *str, unsigned short *port_ptr)) --DEPRECATEDIN_1_1_0(int BIO_get_host_ip(const char *str, unsigned char *ip)) --DEPRECATEDIN_1_1_0(int BIO_get_accept_socket(char *host_port, int mode)) --DEPRECATEDIN_1_1_0(int BIO_accept(int sock, char **ip_port)) -- --union BIO_sock_info_u { -- BIO_ADDR *addr; --}; --enum BIO_sock_info_type { -- BIO_SOCK_INFO_ADDRESS --}; --int BIO_sock_info(int sock, -- enum BIO_sock_info_type type, union BIO_sock_info_u *info); -- --# define BIO_SOCK_REUSEADDR 0x01 --# define BIO_SOCK_V6_ONLY 0x02 --# define BIO_SOCK_KEEPALIVE 0x04 --# define BIO_SOCK_NONBLOCK 0x08 --# define BIO_SOCK_NODELAY 0x10 -- --int BIO_socket(int domain, int socktype, int protocol, int options); --int BIO_connect(int sock, const BIO_ADDR *addr, int options); --int BIO_listen(int sock, const BIO_ADDR *addr, int options); --int BIO_accept_ex(int accept_sock, BIO_ADDR *addr, int options); --int BIO_closesocket(int sock); -- - BIO *BIO_new_socket(int sock, int close_flag); -+BIO *BIO_new_dgram(int fd, int close_flag); -+# ifndef OPENSSL_NO_SCTP -+BIO *BIO_new_dgram_sctp(int fd, int close_flag); -+int BIO_dgram_is_sctp(BIO *bio); -+int BIO_dgram_sctp_notification_cb(BIO *b, -+ void (*handle_notifications) (BIO *bio, -+ void -+ *context, -+ void *buf), -+ void *context); -+int BIO_dgram_sctp_wait_for_dry(BIO *b); -+int BIO_dgram_sctp_msg_waiting(BIO *b); -+# endif -+BIO *BIO_new_fd(int fd, int close_flag); - BIO *BIO_new_connect(const char *host_port); - BIO *BIO_new_accept(const char *host_port); --# endif /* OPENSSL_NO_SOCK*/ -- --BIO *BIO_new_fd(int fd, int close_flag); - - int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, - BIO **bio2, size_t writebuf2); -@@ -730,59 +801,26 @@ int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) - __bio_h__attr__((__format__(__printf__, 3, 0))); - # undef __bio_h__attr__ - -- --BIO_METHOD *BIO_meth_new(int type, const char *name); --void BIO_meth_free(BIO_METHOD *biom); --int (*BIO_meth_get_write(BIO_METHOD *biom)) (BIO *, const char *, int); --int BIO_meth_set_write(BIO_METHOD *biom, -- int (*write) (BIO *, const char *, int)); --int (*BIO_meth_get_read(BIO_METHOD *biom)) (BIO *, char *, int); --int BIO_meth_set_read(BIO_METHOD *biom, -- int (*read) (BIO *, char *, int)); --int (*BIO_meth_get_puts(BIO_METHOD *biom)) (BIO *, const char *); --int BIO_meth_set_puts(BIO_METHOD *biom, -- int (*puts) (BIO *, const char *)); --int (*BIO_meth_get_gets(BIO_METHOD *biom)) (BIO *, char *, int); --int BIO_meth_set_gets(BIO_METHOD *biom, -- int (*gets) (BIO *, char *, int)); --long (*BIO_meth_get_ctrl(BIO_METHOD *biom)) (BIO *, int, long, void *); --int BIO_meth_set_ctrl(BIO_METHOD *biom, -- long (*ctrl) (BIO *, int, long, void *)); --int (*BIO_meth_get_create(BIO_METHOD *bion)) (BIO *); --int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *)); --int (*BIO_meth_get_destroy(BIO_METHOD *biom)) (BIO *); --int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *)); --long (*BIO_meth_get_callback_ctrl(BIO_METHOD *biom)) -- (BIO *, int, bio_info_cb *); --int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, -- long (*callback_ctrl) (BIO *, int, -- bio_info_cb *)); -- - /* BEGIN ERROR CODES */ - /* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -- --int ERR_load_BIO_strings(void); -+void ERR_load_BIO_strings(void); - - /* Error codes for the BIO functions. */ - - /* Function codes. */ - # define BIO_F_ACPT_STATE 100 --# define BIO_F_ADDR_STRINGS 134 - # define BIO_F_BIO_ACCEPT 101 --# define BIO_F_BIO_ACCEPT_EX 137 --# define BIO_F_BIO_ADDR_NEW 144 -+# define BIO_F_BIO_BER_GET_HEADER 102 - # define BIO_F_BIO_CALLBACK_CTRL 131 --# define BIO_F_BIO_CONNECT 138 - # define BIO_F_BIO_CTRL 103 -+# define BIO_F_BIO_GETHOSTBYNAME 120 - # define BIO_F_BIO_GETS 104 -+# define BIO_F_BIO_GET_ACCEPT_SOCKET 105 - # define BIO_F_BIO_GET_HOST_IP 106 --# define BIO_F_BIO_GET_NEW_INDEX 102 - # define BIO_F_BIO_GET_PORT 107 --# define BIO_F_BIO_LISTEN 139 --# define BIO_F_BIO_LOOKUP 135 - # define BIO_F_BIO_MAKE_PAIR 121 - # define BIO_F_BIO_NEW 108 - # define BIO_F_BIO_NEW_FILE 109 -@@ -791,12 +829,8 @@ int ERR_load_BIO_strings(void); - # define BIO_F_BIO_NREAD0 124 - # define BIO_F_BIO_NWRITE 125 - # define BIO_F_BIO_NWRITE0 122 --# define BIO_F_BIO_PARSE_HOSTSERV 136 - # define BIO_F_BIO_PUTS 110 - # define BIO_F_BIO_READ 111 --# define BIO_F_BIO_SOCKET 140 --# define BIO_F_BIO_SOCKET_NBIO 142 --# define BIO_F_BIO_SOCK_INFO 141 - # define BIO_F_BIO_SOCK_INIT 112 - # define BIO_F_BIO_WRITE 113 - # define BIO_F_BUFFER_CTRL 114 -@@ -807,48 +841,43 @@ int ERR_load_BIO_strings(void); - # define BIO_F_FILE_CTRL 116 - # define BIO_F_FILE_READ 130 - # define BIO_F_LINEBUFFER_CTRL 129 -+# define BIO_F_MEM_READ 128 - # define BIO_F_MEM_WRITE 117 - # define BIO_F_SSL_NEW 118 -+# define BIO_F_WSASTARTUP 119 - - /* Reason codes. */ - # define BIO_R_ACCEPT_ERROR 100 --# define BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET 141 --# define BIO_R_AMBIGUOUS_HOST_OR_SERVICE 129 - # define BIO_R_BAD_FOPEN_MODE 101 -+# define BIO_R_BAD_HOSTNAME_LOOKUP 102 - # define BIO_R_BROKEN_PIPE 124 - # define BIO_R_CONNECT_ERROR 103 -+# define BIO_R_EOF_ON_MEMORY_BIO 127 -+# define BIO_R_ERROR_SETTING_NBIO 104 -+# define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET 105 -+# define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET 106 - # define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET 107 --# define BIO_R_GETSOCKNAME_ERROR 132 --# define BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS 133 --# define BIO_R_GETTING_SOCKTYPE 134 - # define BIO_R_INVALID_ARGUMENT 125 --# define BIO_R_INVALID_SOCKET 135 -+# define BIO_R_INVALID_IP_ADDRESS 108 - # define BIO_R_IN_USE 123 --# define BIO_R_LISTEN_V6_ONLY 136 --# define BIO_R_LOOKUP_RETURNED_NOTHING 142 --# define BIO_R_MALFORMED_HOST_OR_SERVICE 130 -+# define BIO_R_KEEPALIVE 109 - # define BIO_R_NBIO_CONNECT_ERROR 110 --# define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED 143 --# define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED 144 -+# define BIO_R_NO_ACCEPT_PORT_SPECIFIED 111 -+# define BIO_R_NO_HOSTNAME_SPECIFIED 112 - # define BIO_R_NO_PORT_DEFINED 113 -+# define BIO_R_NO_PORT_SPECIFIED 114 - # define BIO_R_NO_SUCH_FILE 128 - # define BIO_R_NULL_PARAMETER 115 -+# define BIO_R_TAG_MISMATCH 116 - # define BIO_R_UNABLE_TO_BIND_SOCKET 117 - # define BIO_R_UNABLE_TO_CREATE_SOCKET 118 --# define BIO_R_UNABLE_TO_KEEPALIVE 137 - # define BIO_R_UNABLE_TO_LISTEN_SOCKET 119 --# define BIO_R_UNABLE_TO_NODELAY 138 --# define BIO_R_UNABLE_TO_REUSEADDR 139 --# define BIO_R_UNAVAILABLE_IP_FAMILY 145 - # define BIO_R_UNINITIALIZED 120 --# define BIO_R_UNKNOWN_INFO_TYPE 140 --# define BIO_R_UNSUPPORTED_IP_FAMILY 146 - # define BIO_R_UNSUPPORTED_METHOD 121 --# define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY 131 - # define BIO_R_WRITE_TO_READ_ONLY_BIO 126 - # define BIO_R_WSASTARTUP 122 - --# ifdef __cplusplus -+#ifdef __cplusplus - } --# endif -+#endif - #endif -diff --git a/Cryptlib/Include/openssl/blowfish.h b/Cryptlib/Include/openssl/blowfish.h -index cd3e460..8329302 100644 ---- a/Cryptlib/Include/openssl/blowfish.h -+++ b/Cryptlib/Include/openssl/blowfish.h -@@ -1,21 +1,72 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/bf/blowfish.h */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #ifndef HEADER_BLOWFISH_H - # define HEADER_BLOWFISH_H - --# include -- --# ifndef OPENSSL_NO_BF - # include --# ifdef __cplusplus -+ -+#ifdef __cplusplus - extern "C" { -+#endif -+ -+# ifdef OPENSSL_NO_BF -+# error BF is disabled. - # endif - - # define BF_ENCRYPT 1 -@@ -23,10 +74,26 @@ extern "C" { - - /*- - * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -- * ! BF_LONG has to be at least 32 bits wide. ! -+ * ! BF_LONG has to be at least 32 bits wide. If it's wider, then ! -+ * ! BF_LONG_LOG2 has to be defined along. ! - * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! - */ --# define BF_LONG unsigned int -+ -+# if defined(__LP32__) -+# define BF_LONG unsigned long -+# elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) -+# define BF_LONG unsigned long -+# define BF_LONG_LOG2 3 -+/* -+ * _CRAY note. I could declare short, but I have no idea what impact -+ * does it have on performance on none-T3E machines. I could declare -+ * int, but at least on C90 sizeof(int) can be chosen at compile time. -+ * So I've chosen long... -+ * -+ */ -+# else -+# define BF_LONG unsigned int -+# endif - - # define BF_ROUNDS 16 - # define BF_BLOCK 8 -@@ -36,6 +103,9 @@ typedef struct bf_key_st { - BF_LONG S[4 * 256]; - } BF_KEY; - -+# ifdef OPENSSL_FIPS -+void private_BF_set_key(BF_KEY *key, int len, const unsigned char *data); -+# endif - void BF_set_key(BF_KEY *key, int len, const unsigned char *data); - - void BF_encrypt(BF_LONG *data, const BF_KEY *key); -@@ -53,9 +123,8 @@ void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, - unsigned char *ivec, int *num); - const char *BF_options(void); - --# ifdef __cplusplus -+#ifdef __cplusplus - } --# endif --# endif -+#endif - - #endif -diff --git a/Cryptlib/Include/openssl/bn.h b/Cryptlib/Include/openssl/bn.h -index 17bd521..633d1b1 100644 ---- a/Cryptlib/Include/openssl/bn.h -+++ b/Cryptlib/Include/openssl/bn.h -@@ -1,12 +1,113 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/bn/bn.h */ -+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+/* ==================================================================== -+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ -- - /* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * -@@ -24,11 +125,11 @@ - #ifndef HEADER_BN_H - # define HEADER_BN_H - -+# include - # include --# ifndef OPENSSL_NO_STDIO --# include -+# ifndef OPENSSL_NO_FP_API -+# include /* FILE */ - # endif --# include - # include - # include - -@@ -37,29 +138,126 @@ extern "C" { - #endif - - /* -- * 64-bit processor with LP64 ABI -+ * These preprocessor symbols control various aspects of the bignum headers -+ * and library code. They're not defined by any "normal" configuration, as -+ * they are intended for development and testing purposes. NB: defining all -+ * three can be useful for debugging application code as well as openssl -+ * itself. BN_DEBUG - turn on various debugging alterations to the bignum -+ * code BN_DEBUG_RAND - uses random poisoning of unused words to trip up -+ * mismanagement of bignum internals. You must also define BN_DEBUG. -+ */ -+/* #define BN_DEBUG */ -+/* #define BN_DEBUG_RAND */ -+ -+# ifndef OPENSSL_SMALL_FOOTPRINT -+# define BN_MUL_COMBA -+# define BN_SQR_COMBA -+# define BN_RECURSION -+# endif -+ -+/* -+ * This next option uses the C libraries (2 word)/(1 word) function. If it is -+ * not defined, I use my C version (which is slower). The reason for this -+ * flag is that when the particular C compiler library routine is used, and -+ * the library is linked with a different compiler, the library is missing. -+ * This mostly happens when the library is built with gcc and then linked -+ * using normal cc. This would be a common occurrence because gcc normally -+ * produces code that is 2 times faster than system compilers for the big -+ * number stuff. For machines with only one compiler (or shared libraries), -+ * this should be on. Again this in only really a problem on machines using -+ * "long long's", are 32bit, and are not using my assembler code. -+ */ -+# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || \ -+ defined(OPENSSL_SYS_WIN32) || defined(linux) -+# ifndef BN_DIV2W -+# define BN_DIV2W -+# endif -+# endif -+ -+/* -+ * assuming long is 64bit - this is the DEC Alpha unsigned long long is only -+ * 64 bits :-(, don't define BN_LLONG for the DEC Alpha - */ - # ifdef SIXTY_FOUR_BIT_LONG -+# define BN_ULLONG unsigned long long - # define BN_ULONG unsigned long -+# define BN_LONG long -+# define BN_BITS 128 - # define BN_BYTES 8 -+# define BN_BITS2 64 -+# define BN_BITS4 32 -+# define BN_MASK (0xffffffffffffffffffffffffffffffffLL) -+# define BN_MASK2 (0xffffffffffffffffL) -+# define BN_MASK2l (0xffffffffL) -+# define BN_MASK2h (0xffffffff00000000L) -+# define BN_MASK2h1 (0xffffffff80000000L) -+# define BN_TBIT (0x8000000000000000L) -+# define BN_DEC_CONV (10000000000000000000UL) -+# define BN_DEC_FMT1 "%lu" -+# define BN_DEC_FMT2 "%019lu" -+# define BN_DEC_NUM 19 -+# define BN_HEX_FMT1 "%lX" -+# define BN_HEX_FMT2 "%016lX" - # endif - - /* -- * 64-bit processor other than LP64 ABI -+ * This is where the long long data type is 64 bits, but long is 32. For -+ * machines where there are 64bit registers, this is the mode to use. IRIX, -+ * on R4000 and above should use this mode, along with the relevant assembler -+ * code :-). Do NOT define BN_LLONG. - */ - # ifdef SIXTY_FOUR_BIT -+# undef BN_LLONG -+# undef BN_ULLONG - # define BN_ULONG unsigned long long -+# define BN_LONG long long -+# define BN_BITS 128 - # define BN_BYTES 8 -+# define BN_BITS2 64 -+# define BN_BITS4 32 -+# define BN_MASK2 (0xffffffffffffffffLL) -+# define BN_MASK2l (0xffffffffL) -+# define BN_MASK2h (0xffffffff00000000LL) -+# define BN_MASK2h1 (0xffffffff80000000LL) -+# define BN_TBIT (0x8000000000000000LL) -+# define BN_DEC_CONV (10000000000000000000ULL) -+# define BN_DEC_FMT1 "%llu" -+# define BN_DEC_FMT2 "%019llu" -+# define BN_DEC_NUM 19 -+# define BN_HEX_FMT1 "%llX" -+# define BN_HEX_FMT2 "%016llX" - # endif - - # ifdef THIRTY_TWO_BIT -+# ifdef BN_LLONG -+# if defined(_WIN32) && !defined(__GNUC__) -+# define BN_ULLONG unsigned __int64 -+# define BN_MASK (0xffffffffffffffffI64) -+# else -+# define BN_ULLONG unsigned long long -+# define BN_MASK (0xffffffffffffffffLL) -+# endif -+# endif - # define BN_ULONG unsigned int -+# define BN_LONG int -+# define BN_BITS 64 - # define BN_BYTES 4 -+# define BN_BITS2 32 -+# define BN_BITS4 16 -+# define BN_MASK2 (0xffffffffL) -+# define BN_MASK2l (0xffff) -+# define BN_MASK2h1 (0xffff8000L) -+# define BN_MASK2h (0xffff0000L) -+# define BN_TBIT (0x80000000L) -+# define BN_DEC_CONV (1000000000L) -+# define BN_DEC_FMT1 "%u" -+# define BN_DEC_FMT2 "%09u" -+# define BN_DEC_NUM 9 -+# define BN_HEX_FMT1 "%X" -+# define BN_HEX_FMT2 "%08X" - # endif - --# define BN_BITS2 (BN_BYTES * 8) --# define BN_BITS (BN_BITS2 * 2) --# define BN_TBIT ((BN_ULONG)1 << (BN_BITS2 - 1)) -+# define BN_DEFAULT_BITS 1280 - - # define BN_FLG_MALLOCED 0x01 - # define BN_FLG_STATIC_DATA 0x02 -@@ -71,49 +269,107 @@ extern "C" { - * BN_mod_inverse() will call BN_mod_inverse_no_branch. - */ - # define BN_FLG_CONSTTIME 0x04 --# define BN_FLG_SECURE 0x08 - --# if OPENSSL_API_COMPAT < 0x00908000L -+# ifdef OPENSSL_NO_DEPRECATED - /* deprecated name for the flag */ - # define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME --# define BN_FLG_FREE 0x8000 /* used for debugging */ -+/* -+ * avoid leaking exponent information through timings -+ * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) -+ */ - # endif - --void BN_set_flags(BIGNUM *b, int n); --int BN_get_flags(const BIGNUM *b, int n); -- --/* Values for |top| in BN_rand() */ --#define BN_RAND_TOP_ANY -1 --#define BN_RAND_TOP_ONE 0 --#define BN_RAND_TOP_TWO 1 -- --/* Values for |bottom| in BN_rand() */ --#define BN_RAND_BOTTOM_ANY 0 --#define BN_RAND_BOTTOM_ODD 1 -+# ifndef OPENSSL_NO_DEPRECATED -+# define BN_FLG_FREE 0x8000 -+ /* used for debuging */ -+# endif -+# define BN_set_flags(b,n) ((b)->flags|=(n)) -+# define BN_get_flags(b,n) ((b)->flags&(n)) - - /* - * get a clone of a BIGNUM with changed flags, for *temporary* use only (the -- * two BIGNUMs cannot be used in parallel!). Also only for *read only* use. The -- * value |dest| should be a newly allocated BIGNUM obtained via BN_new() that -- * has not been otherwise initialised or used. -+ * two BIGNUMs cannot not be used in parallel!) - */ --void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int flags); -- --/* Wrapper function to make using BN_GENCB easier */ --int BN_GENCB_call(BN_GENCB *cb, int a, int b); -- --BN_GENCB *BN_GENCB_new(void); --void BN_GENCB_free(BN_GENCB *cb); -- --/* Populate a BN_GENCB structure with an "old"-style callback */ --void BN_GENCB_set_old(BN_GENCB *gencb, void (*callback) (int, int, void *), -- void *cb_arg); -+# define BN_with_flags(dest,b,n) ((dest)->d=(b)->d, \ -+ (dest)->top=(b)->top, \ -+ (dest)->dmax=(b)->dmax, \ -+ (dest)->neg=(b)->neg, \ -+ (dest)->flags=(((dest)->flags & BN_FLG_MALLOCED) \ -+ | ((b)->flags & ~BN_FLG_MALLOCED) \ -+ | BN_FLG_STATIC_DATA \ -+ | (n))) -+ -+/* Already declared in ossl_typ.h */ -+# if 0 -+typedef struct bignum_st BIGNUM; -+/* Used for temp variables (declaration hidden in bn_lcl.h) */ -+typedef struct bignum_ctx BN_CTX; -+typedef struct bn_blinding_st BN_BLINDING; -+typedef struct bn_mont_ctx_st BN_MONT_CTX; -+typedef struct bn_recp_ctx_st BN_RECP_CTX; -+typedef struct bn_gencb_st BN_GENCB; -+# endif - --/* Populate a BN_GENCB structure with a "new"-style callback */ --void BN_GENCB_set(BN_GENCB *gencb, int (*callback) (int, int, BN_GENCB *), -- void *cb_arg); -+struct bignum_st { -+ BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit -+ * chunks. */ -+ int top; /* Index of last used d +1. */ -+ /* The next are internal book keeping for bn_expand. */ -+ int dmax; /* Size of the d array. */ -+ int neg; /* one if the number is negative */ -+ int flags; -+}; -+ -+/* Used for montgomery multiplication */ -+struct bn_mont_ctx_st { -+ int ri; /* number of bits in R */ -+ BIGNUM RR; /* used to convert to montgomery form */ -+ BIGNUM N; /* The modulus */ -+ BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 (Ni is only -+ * stored for bignum algorithm) */ -+ BN_ULONG n0[2]; /* least significant word(s) of Ni; (type -+ * changed with 0.9.9, was "BN_ULONG n0;" -+ * before) */ -+ int flags; -+}; - --void *BN_GENCB_get_arg(BN_GENCB *cb); -+/* -+ * Used for reciprocal division/mod functions It cannot be shared between -+ * threads -+ */ -+struct bn_recp_ctx_st { -+ BIGNUM N; /* the divisor */ -+ BIGNUM Nr; /* the reciprocal */ -+ int num_bits; -+ int shift; -+ int flags; -+}; -+ -+/* Used for slow "generation" functions. */ -+struct bn_gencb_st { -+ unsigned int ver; /* To handle binary (in)compatibility */ -+ void *arg; /* callback-specific data */ -+ union { -+ /* if(ver==1) - handles old style callbacks */ -+ void (*cb_1) (int, int, void *); -+ /* if(ver==2) - new callback style */ -+ int (*cb_2) (int, int, BN_GENCB *); -+ } cb; -+}; -+/* Wrapper function to make using BN_GENCB easier, */ -+int BN_GENCB_call(BN_GENCB *cb, int a, int b); -+/* Macro to populate a BN_GENCB structure with an "old"-style callback */ -+# define BN_GENCB_set_old(gencb, callback, cb_arg) { \ -+ BN_GENCB *tmp_gencb = (gencb); \ -+ tmp_gencb->ver = 1; \ -+ tmp_gencb->arg = (cb_arg); \ -+ tmp_gencb->cb.cb_1 = (callback); } -+/* Macro to populate a BN_GENCB structure with a "new"-style callback */ -+# define BN_GENCB_set(gencb, callback, cb_arg) { \ -+ BN_GENCB *tmp_gencb = (gencb); \ -+ tmp_gencb->ver = 2; \ -+ tmp_gencb->arg = (cb_arg); \ -+ tmp_gencb->cb.cb_2 = (callback); } - - # define BN_prime_checks 0 /* default: select number of iterations based - * on the size of the number */ -@@ -141,17 +397,22 @@ void *BN_GENCB_get_arg(BN_GENCB *cb); - - # define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) - --int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w); --int BN_is_zero(const BIGNUM *a); --int BN_is_one(const BIGNUM *a); --int BN_is_word(const BIGNUM *a, const BN_ULONG w); --int BN_is_odd(const BIGNUM *a); -+/* Note that BN_abs_is_word didn't work reliably for w == 0 until 0.9.8 */ -+# define BN_abs_is_word(a,w) ((((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) || \ -+ (((w) == 0) && ((a)->top == 0))) -+# define BN_is_zero(a) ((a)->top == 0) -+# define BN_is_one(a) (BN_abs_is_word((a),1) && !(a)->neg) -+# define BN_is_word(a,w) (BN_abs_is_word((a),(w)) && (!(w) || !(a)->neg)) -+# define BN_is_odd(a) (((a)->top > 0) && ((a)->d[0] & 1)) - - # define BN_one(a) (BN_set_word((a),1)) -- --void BN_zero_ex(BIGNUM *a); -- --# if OPENSSL_API_COMPAT >= 0x00908000L -+# define BN_zero_ex(a) \ -+ do { \ -+ BIGNUM *_tmp_bn = (a); \ -+ _tmp_bn->top = 0; \ -+ _tmp_bn->neg = 0; \ -+ } while(0) -+# ifdef OPENSSL_NO_DEPRECATED - # define BN_zero(a) BN_zero_ex(a) - # else - # define BN_zero(a) (BN_set_word((a),0)) -@@ -160,7 +421,9 @@ void BN_zero_ex(BIGNUM *a); - const BIGNUM *BN_value_one(void); - char *BN_options(void); - BN_CTX *BN_CTX_new(void); --BN_CTX *BN_CTX_secure_new(void); -+# ifndef OPENSSL_NO_DEPRECATED -+void BN_CTX_init(BN_CTX *c); -+# endif - void BN_CTX_free(BN_CTX *c); - void BN_CTX_start(BN_CTX *ctx); - BIGNUM *BN_CTX_get(BN_CTX *ctx); -@@ -170,18 +433,14 @@ int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); - int BN_rand_range(BIGNUM *rnd, const BIGNUM *range); - int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range); - int BN_num_bits(const BIGNUM *a); --int BN_num_bits_word(BN_ULONG l); --int BN_security_bits(int L, int N); -+int BN_num_bits_word(BN_ULONG); - BIGNUM *BN_new(void); --BIGNUM *BN_secure_new(void); -+void BN_init(BIGNUM *); - void BN_clear_free(BIGNUM *a); - BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b); - void BN_swap(BIGNUM *a, BIGNUM *b); - BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret); - int BN_bn2bin(const BIGNUM *a, unsigned char *to); --int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen); --BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret); --int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen); - BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret); - int BN_bn2mpi(const BIGNUM *a, unsigned char *to); - int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); -@@ -199,7 +458,7 @@ void BN_set_negative(BIGNUM *b, int n); - * \param a pointer to the BIGNUM object - * \return 1 if a < 0 and 0 otherwise - */ --int BN_is_negative(const BIGNUM *b); -+# define BN_is_negative(a) ((a)->neg != 0) - - int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, - BN_CTX *ctx); -@@ -253,10 +512,14 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx); - - int BN_mask_bits(BIGNUM *a, int n); --# ifndef OPENSSL_NO_STDIO -+# ifndef OPENSSL_NO_FP_API - int BN_print_fp(FILE *fp, const BIGNUM *a); - # endif --int BN_print(BIO *bio, const BIGNUM *a); -+# ifdef HEADER_BIO_H -+int BN_print(BIO *fp, const BIGNUM *a); -+# else -+int BN_print(void *fp, const BIGNUM *a); -+# endif - int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx); - int BN_rshift(BIGNUM *r, const BIGNUM *a, int n); - int BN_rshift1(BIGNUM *r, const BIGNUM *a); -@@ -282,21 +545,17 @@ BIGNUM *BN_mod_sqrt(BIGNUM *ret, - void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); - - /* Deprecated versions */ --DEPRECATEDIN_0_9_8(BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, -- const BIGNUM *add, -- const BIGNUM *rem, -- void (*callback) (int, int, -- void *), -- void *cb_arg)) --DEPRECATEDIN_0_9_8(int -- BN_is_prime(const BIGNUM *p, int nchecks, -- void (*callback) (int, int, void *), -- BN_CTX *ctx, void *cb_arg)) --DEPRECATEDIN_0_9_8(int -- BN_is_prime_fasttest(const BIGNUM *p, int nchecks, -- void (*callback) (int, int, void *), -- BN_CTX *ctx, void *cb_arg, -- int do_trial_division)) -+# ifndef OPENSSL_NO_DEPRECATED -+BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, -+ const BIGNUM *add, const BIGNUM *rem, -+ void (*callback) (int, int, void *), void *cb_arg); -+int BN_is_prime(const BIGNUM *p, int nchecks, -+ void (*callback) (int, int, void *), -+ BN_CTX *ctx, void *cb_arg); -+int BN_is_prime_fasttest(const BIGNUM *p, int nchecks, -+ void (*callback) (int, int, void *), BN_CTX *ctx, -+ void *cb_arg, int do_trial_division); -+# endif /* !defined(OPENSSL_NO_DEPRECATED) */ - - /* Newer versions */ - int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, -@@ -316,16 +575,17 @@ int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, BIGNUM *Xp1, - BN_CTX *ctx, BN_GENCB *cb); - - BN_MONT_CTX *BN_MONT_CTX_new(void); -+void BN_MONT_CTX_init(BN_MONT_CTX *ctx); - int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - BN_MONT_CTX *mont, BN_CTX *ctx); --int BN_to_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, -- BN_CTX *ctx); --int BN_from_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, -- BN_CTX *ctx); -+# define BN_to_montgomery(r,a,mont,ctx) BN_mod_mul_montgomery(\ -+ (r),(a),&((mont)->RR),(mont),(ctx)) -+int BN_from_montgomery(BIGNUM *r, const BIGNUM *a, -+ BN_MONT_CTX *mont, BN_CTX *ctx); - void BN_MONT_CTX_free(BN_MONT_CTX *mont); - int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx); - BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from); --BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_RWLOCK *lock, -+BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, - const BIGNUM *mod, BN_CTX *ctx); - - /* BN_BLINDING flags */ -@@ -340,12 +600,11 @@ int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); - int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *); - int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, - BN_CTX *); -- --int BN_BLINDING_is_current_thread(BN_BLINDING *b); --void BN_BLINDING_set_current_thread(BN_BLINDING *b); --int BN_BLINDING_lock(BN_BLINDING *b); --int BN_BLINDING_unlock(BN_BLINDING *b); -- -+# ifndef OPENSSL_NO_DEPRECATED -+unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *); -+void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long); -+# endif -+CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *); - unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); - void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); - BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, -@@ -358,10 +617,12 @@ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, - BN_MONT_CTX *m_ctx), - BN_MONT_CTX *m_ctx); - --DEPRECATEDIN_0_9_8(void BN_set_params(int mul, int high, int low, int mont)) --DEPRECATEDIN_0_9_8(int BN_get_params(int which)) /* 0, mul, 1 high, 2 low, 3 -- * mont */ -+# ifndef OPENSSL_NO_DEPRECATED -+void BN_set_params(int mul, int high, int low, int mont); -+int BN_get_params(int which); /* 0, mul, 1 high, 2 low, 3 mont */ -+# endif - -+void BN_RECP_CTX_init(BN_RECP_CTX *recp); - BN_RECP_CTX *BN_RECP_CTX_new(void); - void BN_RECP_CTX_free(BN_RECP_CTX *recp); - int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *rdiv, BN_CTX *ctx); -@@ -459,35 +720,154 @@ const BIGNUM *BN_get0_nist_prime_256(void); - const BIGNUM *BN_get0_nist_prime_384(void); - const BIGNUM *BN_get0_nist_prime_521(void); - --int (*BN_nist_mod_func(const BIGNUM *p)) (BIGNUM *r, const BIGNUM *a, -- const BIGNUM *field, BN_CTX *ctx); -+/* library internal functions */ -+ -+# define bn_expand(a,bits) \ -+ ( \ -+ bits > (INT_MAX - BN_BITS2 + 1) ? \ -+ NULL \ -+ : \ -+ (((bits+BN_BITS2-1)/BN_BITS2) <= (a)->dmax) ? \ -+ (a) \ -+ : \ -+ bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2) \ -+ ) -+ -+# define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words))) -+BIGNUM *bn_expand2(BIGNUM *a, int words); -+# ifndef OPENSSL_NO_DEPRECATED -+BIGNUM *bn_dup_expand(const BIGNUM *a, int words); /* unused */ -+# endif -+ -+/*- -+ * Bignum consistency macros -+ * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from -+ * bignum data after direct manipulations on the data. There is also an -+ * "internal" macro, bn_check_top(), for verifying that there are no leading -+ * zeroes. Unfortunately, some auditing is required due to the fact that -+ * bn_fix_top() has become an overabused duct-tape because bignum data is -+ * occasionally passed around in an inconsistent state. So the following -+ * changes have been made to sort this out; -+ * - bn_fix_top()s implementation has been moved to bn_correct_top() -+ * - if BN_DEBUG isn't defined, bn_fix_top() maps to bn_correct_top(), and -+ * bn_check_top() is as before. -+ * - if BN_DEBUG *is* defined; -+ * - bn_check_top() tries to pollute unused words even if the bignum 'top' is -+ * consistent. (ed: only if BN_DEBUG_RAND is defined) -+ * - bn_fix_top() maps to bn_check_top() rather than "fixing" anything. -+ * The idea is to have debug builds flag up inconsistent bignums when they -+ * occur. If that occurs in a bn_fix_top(), we examine the code in question; if -+ * the use of bn_fix_top() was appropriate (ie. it follows directly after code -+ * that manipulates the bignum) it is converted to bn_correct_top(), and if it -+ * was not appropriate, we convert it permanently to bn_check_top() and track -+ * down the cause of the bug. Eventually, no internal code should be using the -+ * bn_fix_top() macro. External applications and libraries should try this with -+ * their own code too, both in terms of building against the openssl headers -+ * with BN_DEBUG defined *and* linking with a version of OpenSSL built with it -+ * defined. This not only improves external code, it provides more test -+ * coverage for openssl's own code. -+ */ - --int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, -- const BIGNUM *priv, const unsigned char *message, -- size_t message_len, BN_CTX *ctx); -+# ifdef BN_DEBUG -+ -+/* We only need assert() when debugging */ -+# include -+ -+# ifdef BN_DEBUG_RAND -+/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */ -+# ifndef RAND_pseudo_bytes -+int RAND_pseudo_bytes(unsigned char *buf, int num); -+# define BN_DEBUG_TRIX -+# endif -+# define bn_pollute(a) \ -+ do { \ -+ const BIGNUM *_bnum1 = (a); \ -+ if(_bnum1->top < _bnum1->dmax) { \ -+ unsigned char _tmp_char; \ -+ /* We cast away const without the compiler knowing, any \ -+ * *genuinely* constant variables that aren't mutable \ -+ * wouldn't be constructed with top!=dmax. */ \ -+ BN_ULONG *_not_const; \ -+ memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \ -+ /* Debug only - safe to ignore error return */ \ -+ RAND_pseudo_bytes(&_tmp_char, 1); \ -+ memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \ -+ (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \ -+ } \ -+ } while(0) -+# ifdef BN_DEBUG_TRIX -+# undef RAND_pseudo_bytes -+# endif -+# else -+# define bn_pollute(a) -+# endif -+# define bn_check_top(a) \ -+ do { \ -+ const BIGNUM *_bnum2 = (a); \ -+ if (_bnum2 != NULL) { \ -+ assert((_bnum2->top == 0) || \ -+ (_bnum2->d[_bnum2->top - 1] != 0)); \ -+ bn_pollute(_bnum2); \ -+ } \ -+ } while(0) -+ -+# define bn_fix_top(a) bn_check_top(a) -+ -+# define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2) -+# define bn_wcheck_size(bn, words) \ -+ do { \ -+ const BIGNUM *_bnum2 = (bn); \ -+ assert((words) <= (_bnum2)->dmax && (words) >= (_bnum2)->top); \ -+ /* avoid unused variable warning with NDEBUG */ \ -+ (void)(_bnum2); \ -+ } while(0) -+ -+# else /* !BN_DEBUG */ -+ -+# define bn_pollute(a) -+# define bn_check_top(a) -+# define bn_fix_top(a) bn_correct_top(a) -+# define bn_check_size(bn, bits) -+# define bn_wcheck_size(bn, words) -+ -+# endif -+ -+# define bn_correct_top(a) \ -+ { \ -+ BN_ULONG *ftl; \ -+ int tmp_top = (a)->top; \ -+ if (tmp_top > 0) \ -+ { \ -+ for (ftl= &((a)->d[tmp_top-1]); tmp_top > 0; tmp_top--) \ -+ if (*(ftl--)) break; \ -+ (a)->top = tmp_top; \ -+ } \ -+ if ((a)->top == 0) \ -+ (a)->neg = 0; \ -+ bn_pollute(a); \ -+ } -+ -+BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, -+ BN_ULONG w); -+BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); -+void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num); -+BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d); -+BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, -+ int num); -+BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, -+ int num); - - /* Primes from RFC 2409 */ --BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn); --BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn); -+BIGNUM *get_rfc2409_prime_768(BIGNUM *bn); -+BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn); - - /* Primes from RFC 3526 */ --BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn); --BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn); --BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn); --BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn); --BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn); --BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn); -- --# if OPENSSL_API_COMPAT < 0x10100000L --# define get_rfc2409_prime_768 BN_get_rfc2409_prime_768 --# define get_rfc2409_prime_1024 BN_get_rfc2409_prime_1024 --# define get_rfc3526_prime_1536 BN_get_rfc3526_prime_1536 --# define get_rfc3526_prime_2048 BN_get_rfc3526_prime_2048 --# define get_rfc3526_prime_3072 BN_get_rfc3526_prime_3072 --# define get_rfc3526_prime_4096 BN_get_rfc3526_prime_4096 --# define get_rfc3526_prime_6144 BN_get_rfc3526_prime_6144 --# define get_rfc3526_prime_8192 BN_get_rfc3526_prime_8192 --# endif -+BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn); -+BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn); -+BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn); -+BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn); -+BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn); -+BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn); - - int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom); - -@@ -496,8 +876,7 @@ int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom); - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -- --int ERR_load_BN_strings(void); -+void ERR_load_BN_strings(void); - - /* Error codes for the BN functions. */ - -@@ -510,17 +889,15 @@ int ERR_load_BN_strings(void); - # define BN_F_BN_BLINDING_UPDATE 103 - # define BN_F_BN_BN2DEC 104 - # define BN_F_BN_BN2HEX 105 --# define BN_F_BN_COMPUTE_WNAF 142 - # define BN_F_BN_CTX_GET 116 - # define BN_F_BN_CTX_NEW 106 - # define BN_F_BN_CTX_START 129 - # define BN_F_BN_DIV 107 -+# define BN_F_BN_DIV_NO_BRANCH 138 - # define BN_F_BN_DIV_RECP 130 - # define BN_F_BN_EXP 123 -+# define BN_F_BN_EXPAND2 108 - # define BN_F_BN_EXPAND_INTERNAL 120 --# define BN_F_BN_GENCB_NEW 143 --# define BN_F_BN_GENERATE_DSA_NONCE 140 --# define BN_F_BN_GENERATE_PRIME_EX 141 - # define BN_F_BN_GF2M_MOD 131 - # define BN_F_BN_GF2M_MOD_EXP 132 - # define BN_F_BN_GF2M_MOD_MUL 133 -@@ -538,13 +915,13 @@ int ERR_load_BN_strings(void); - # define BN_F_BN_MOD_INVERSE 110 - # define BN_F_BN_MOD_INVERSE_NO_BRANCH 139 - # define BN_F_BN_MOD_LSHIFT_QUICK 119 -+# define BN_F_BN_MOD_MUL_RECIPROCAL 111 - # define BN_F_BN_MOD_SQRT 121 - # define BN_F_BN_MPI2BN 112 - # define BN_F_BN_NEW 113 - # define BN_F_BN_RAND 114 - # define BN_F_BN_RAND_RANGE 122 - # define BN_F_BN_RSHIFT 146 --# define BN_F_BN_SET_WORDS 144 - # define BN_F_BN_USUB 115 - - /* Reason codes. */ -@@ -564,12 +941,11 @@ int ERR_load_BN_strings(void); - # define BN_R_NOT_INITIALIZED 107 - # define BN_R_NO_INVERSE 108 - # define BN_R_NO_SOLUTION 116 --# define BN_R_PRIVATE_KEY_TOO_LARGE 117 - # define BN_R_P_IS_NOT_PRIME 112 - # define BN_R_TOO_MANY_ITERATIONS 113 - # define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109 - --# ifdef __cplusplus -+#ifdef __cplusplus - } --# endif -+#endif - #endif -diff --git a/Cryptlib/Include/openssl/buffer.h b/Cryptlib/Include/openssl/buffer.h -index 91f0e07..efd240a 100644 ---- a/Cryptlib/Include/openssl/buffer.h -+++ b/Cryptlib/Include/openssl/buffer.h -@@ -1,20 +1,65 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/buffer/buffer.h */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #ifndef HEADER_BUFFER_H - # define HEADER_BUFFER_H - - # include --# ifndef HEADER_CRYPTO_H --# include --# endif -- - - #ifdef __cplusplus - extern "C" { -@@ -26,51 +71,55 @@ extern "C" { - # include - # endif - --/* -- * These names are outdated as of OpenSSL 1.1; a future release -- * will move them to be deprecated. -- */ --# define BUF_strdup(s) OPENSSL_strdup(s) --# define BUF_strndup(s, size) OPENSSL_strndup(s, size) --# define BUF_memdup(data, size) OPENSSL_memdup(data, size) --# define BUF_strlcpy(dst, src, size) OPENSSL_strlcpy(dst, src, size) --# define BUF_strlcat(dst, src, size) OPENSSL_strlcat(dst, src, size) --# define BUF_strnlen(str, maxlen) OPENSSL_strnlen(str, maxlen) -+/* Already declared in ossl_typ.h */ -+/* typedef struct buf_mem_st BUF_MEM; */ - - struct buf_mem_st { - size_t length; /* current number of bytes */ - char *data; - size_t max; /* size of buffer */ -- unsigned long flags; - }; - --# define BUF_MEM_FLAG_SECURE 0x01 -- - BUF_MEM *BUF_MEM_new(void); --BUF_MEM *BUF_MEM_new_ex(unsigned long flags); - void BUF_MEM_free(BUF_MEM *a); --size_t BUF_MEM_grow(BUF_MEM *str, size_t len); --size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len); -+int BUF_MEM_grow(BUF_MEM *str, size_t len); -+int BUF_MEM_grow_clean(BUF_MEM *str, size_t len); -+size_t BUF_strnlen(const char *str, size_t maxlen); -+char *BUF_strdup(const char *str); -+ -+/* -+ * Like strndup, but in addition, explicitly guarantees to never read past the -+ * first |siz| bytes of |str|. -+ */ -+char *BUF_strndup(const char *str, size_t siz); -+ -+void *BUF_memdup(const void *data, size_t siz); - void BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz); - -+/* safe string functions */ -+size_t BUF_strlcpy(char *dst, const char *src, size_t siz); -+size_t BUF_strlcat(char *dst, const char *src, size_t siz); -+ - /* BEGIN ERROR CODES */ - /* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -- --int ERR_load_BUF_strings(void); -+void ERR_load_BUF_strings(void); - - /* Error codes for the BUF functions. */ - - /* Function codes. */ -+# define BUF_F_BUF_MEMDUP 103 - # define BUF_F_BUF_MEM_GROW 100 - # define BUF_F_BUF_MEM_GROW_CLEAN 105 - # define BUF_F_BUF_MEM_NEW 101 -+# define BUF_F_BUF_STRDUP 102 -+# define BUF_F_BUF_STRNDUP 104 - - /* Reason codes. */ - --# ifdef __cplusplus -+#ifdef __cplusplus - } --# endif -+#endif - #endif -diff --git a/Cryptlib/Include/openssl/camellia.h b/Cryptlib/Include/openssl/camellia.h -index 151f3c1..45e8d25 100644 ---- a/Cryptlib/Include/openssl/camellia.h -+++ b/Cryptlib/Include/openssl/camellia.h -@@ -1,10 +1,52 @@ --/* -- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/camellia/camellia.h */ -+/* ==================================================================== -+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #ifndef HEADER_CAMELLIA_H -@@ -12,11 +54,11 @@ - - # include - --# ifndef OPENSSL_NO_CAMELLIA -+# ifdef OPENSSL_NO_CAMELLIA -+# error CAMELLIA is disabled. -+# endif -+ - # include --#ifdef __cplusplus --extern "C" { --#endif - - # define CAMELLIA_ENCRYPT 1 - # define CAMELLIA_DECRYPT 0 -@@ -26,6 +68,10 @@ extern "C" { - * Both sizes are in bytes. - */ - -+#ifdef __cplusplus -+extern "C" { -+#endif -+ - /* This should be a hidden type, but EVP requires that the size be known */ - - # define CAMELLIA_BLOCK_SIZE 16 -@@ -44,6 +90,10 @@ struct camellia_key_st { - }; - typedef struct camellia_key_st CAMELLIA_KEY; - -+# ifdef OPENSSL_FIPS -+int private_Camellia_set_key(const unsigned char *userKey, const int bits, -+ CAMELLIA_KEY *key); -+# endif - int Camellia_set_key(const unsigned char *userKey, const int bits, - CAMELLIA_KEY *key); - -@@ -75,9 +125,8 @@ void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out, - unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE], - unsigned int *num); - --# ifdef __cplusplus -+#ifdef __cplusplus - } --# endif --# endif -- - #endif -+ -+#endif /* !HEADER_Camellia_H */ -diff --git a/Cryptlib/Include/openssl/cast.h b/Cryptlib/Include/openssl/cast.h -index 2cc89ae..0003ec9 100644 ---- a/Cryptlib/Include/openssl/cast.h -+++ b/Cryptlib/Include/openssl/cast.h -@@ -1,20 +1,72 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/cast/cast.h */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #ifndef HEADER_CAST_H - # define HEADER_CAST_H - -+#ifdef __cplusplus -+extern "C" { -+#endif -+ - # include - --# ifndef OPENSSL_NO_CAST --# ifdef __cplusplus --extern "C" { -+# ifdef OPENSSL_NO_CAST -+# error CAST is disabled. - # endif - - # define CAST_ENCRYPT 1 -@@ -30,6 +82,9 @@ typedef struct cast_key_st { - int short_key; /* Use reduced rounds for short key */ - } CAST_KEY; - -+# ifdef OPENSSL_FIPS -+void private_CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); -+# endif - void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); - void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, - const CAST_KEY *key, int enc); -@@ -45,9 +100,8 @@ void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out, - long length, const CAST_KEY *schedule, - unsigned char *ivec, int *num); - --# ifdef __cplusplus -+#ifdef __cplusplus - } --# endif --# endif -+#endif - - #endif -diff --git a/Cryptlib/Include/openssl/cmac.h b/Cryptlib/Include/openssl/cmac.h -index 3535a9a..175be83 100644 ---- a/Cryptlib/Include/openssl/cmac.h -+++ b/Cryptlib/Include/openssl/cmac.h -@@ -1,17 +1,60 @@ -+/* crypto/cmac/cmac.h */ - /* -- * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -+ * project. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2010 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== - */ - - #ifndef HEADER_CMAC_H - # define HEADER_CMAC_H - --# ifndef OPENSSL_NO_CMAC -- - #ifdef __cplusplus - extern "C" { - #endif -@@ -36,6 +79,4 @@ int CMAC_resume(CMAC_CTX *ctx); - #ifdef __cplusplus - } - #endif -- --# endif - #endif -diff --git a/Cryptlib/Include/openssl/cms.h b/Cryptlib/Include/openssl/cms.h -index 7e534e0..e6c7f96 100644 ---- a/Cryptlib/Include/openssl/cms.h -+++ b/Cryptlib/Include/openssl/cms.h -@@ -1,24 +1,70 @@ -+/* crypto/cms/cms.h */ - /* -- * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -+ * project. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== - */ - - #ifndef HEADER_CMS_H - # define HEADER_CMS_H - --# include -- --# ifndef OPENSSL_NO_CMS - # include --# include --# ifdef __cplusplus --extern "C" { -+ -+# ifdef OPENSSL_NO_CMS -+# error CMS is disabled. - # endif - -+#ifdef __cplusplus -+extern "C" { -+#endif -+ - typedef struct CMS_ContentInfo_st CMS_ContentInfo; - typedef struct CMS_SignerInfo_st CMS_SignerInfo; - typedef struct CMS_CertificateChoices CMS_CertificateChoices; -@@ -29,10 +75,9 @@ typedef struct CMS_Receipt_st CMS_Receipt; - typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey; - typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute; - --DEFINE_STACK_OF(CMS_SignerInfo) --DEFINE_STACK_OF(CMS_RecipientEncryptedKey) --DEFINE_STACK_OF(CMS_RecipientInfo) --DEFINE_STACK_OF(CMS_RevocationInfoChoice) -+DECLARE_STACK_OF(CMS_SignerInfo) -+DECLARE_STACK_OF(GENERAL_NAMES) -+DECLARE_STACK_OF(CMS_RecipientEncryptedKey) - DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo) - DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest) - DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo) -@@ -71,9 +116,8 @@ DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo) - # define CMS_USE_KEYID 0x10000 - # define CMS_DEBUG_DECRYPT 0x20000 - # define CMS_KEY_PARAM 0x40000 --# define CMS_ASCIICRLF 0x80000 - --const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms); -+const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms); - - BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont); - int CMS_dataFinal(CMS_ContentInfo *cms, BIO *bio); -@@ -144,7 +188,7 @@ int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, - int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert); - int CMS_decrypt_set1_key(CMS_ContentInfo *cms, - unsigned char *key, size_t keylen, -- const unsigned char *id, size_t idlen); -+ unsigned char *id, size_t idlen); - int CMS_decrypt_set1_password(CMS_ContentInfo *cms, - unsigned char *pass, ossl_ssize_t passlen); - -@@ -246,7 +290,7 @@ int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap); - int CMS_signed_get_attr_count(const CMS_SignerInfo *si); - int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, - int lastpos); --int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj, -+int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj, - int lastpos); - X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc); - X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc); -@@ -260,14 +304,14 @@ int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, - int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, - const char *attrname, int type, - const void *bytes, int len); --void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *oid, -+void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, - int lastpos, int type); - - int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si); - int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid, - int lastpos); --int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, -- const ASN1_OBJECT *obj, int lastpos); -+int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj, -+ int lastpos); - X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc); - X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc); - int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); -@@ -334,8 +378,7 @@ int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg, - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -- --int ERR_load_CMS_strings(void); -+void ERR_load_CMS_strings(void); - - /* Error codes for the CMS functions. */ - -@@ -440,6 +483,7 @@ int ERR_load_CMS_strings(void); - # define CMS_R_CTRL_ERROR 110 - # define CMS_R_CTRL_FAILURE 111 - # define CMS_R_DECRYPT_ERROR 112 -+# define CMS_R_DIGEST_ERROR 161 - # define CMS_R_ERROR_GETTING_PUBLIC_KEY 113 - # define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE 114 - # define CMS_R_ERROR_SETTING_KEY 115 -@@ -505,8 +549,7 @@ int ERR_load_CMS_strings(void); - # define CMS_R_VERIFICATION_FAILURE 158 - # define CMS_R_WRAP_ERROR 159 - --# ifdef __cplusplus -+#ifdef __cplusplus - } --# endif --# endif -+#endif - #endif -diff --git a/Cryptlib/Include/openssl/comp.h b/Cryptlib/Include/openssl/comp.h -index 260ff1e..df599ba 100644 ---- a/Cryptlib/Include/openssl/comp.h -+++ b/Cryptlib/Include/openssl/comp.h -@@ -1,46 +1,59 @@ --/* -- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ - - #ifndef HEADER_COMP_H - # define HEADER_COMP_H - --# include -- --# ifndef OPENSSL_NO_COMP - # include --# ifdef __cplusplus --extern "C" { -+ -+# ifdef OPENSSL_NO_COMP -+# error COMP is disabled. - # endif - -+#ifdef __cplusplus -+extern "C" { -+#endif - -+typedef struct comp_ctx_st COMP_CTX; -+ -+struct comp_method_st { -+ int type; /* NID for compression library */ -+ const char *name; /* A text string to identify the library */ -+ int (*init) (COMP_CTX *ctx); -+ void (*finish) (COMP_CTX *ctx); -+ int (*compress) (COMP_CTX *ctx, -+ unsigned char *out, unsigned int olen, -+ unsigned char *in, unsigned int ilen); -+ int (*expand) (COMP_CTX *ctx, -+ unsigned char *out, unsigned int olen, -+ unsigned char *in, unsigned int ilen); -+ /* -+ * The following two do NOTHING, but are kept for backward compatibility -+ */ -+ long (*ctrl) (void); -+ long (*callback_ctrl) (void); -+}; -+ -+struct comp_ctx_st { -+ COMP_METHOD *meth; -+ unsigned long compress_in; -+ unsigned long compress_out; -+ unsigned long expand_in; -+ unsigned long expand_out; -+ CRYPTO_EX_DATA ex_data; -+}; - - COMP_CTX *COMP_CTX_new(COMP_METHOD *meth); --const COMP_METHOD *COMP_CTX_get_method(const COMP_CTX *ctx); --int COMP_CTX_get_type(const COMP_CTX* comp); --int COMP_get_type(const COMP_METHOD *meth); --const char *COMP_get_name(const COMP_METHOD *meth); - void COMP_CTX_free(COMP_CTX *ctx); -- - int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen, - unsigned char *in, int ilen); - int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, - unsigned char *in, int ilen); -- -+COMP_METHOD *COMP_rle(void); - COMP_METHOD *COMP_zlib(void); -- --#if OPENSSL_API_COMPAT < 0x10100000L --#define COMP_zlib_cleanup() while(0) continue --#endif -+void COMP_zlib_cleanup(void); - - # ifdef HEADER_BIO_H - # ifdef ZLIB --const BIO_METHOD *BIO_f_zlib(void); -+BIO_METHOD *BIO_f_zlib(void); - # endif - # endif - -@@ -49,8 +62,7 @@ const BIO_METHOD *BIO_f_zlib(void); - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -- --int ERR_load_COMP_strings(void); -+void ERR_load_COMP_strings(void); - - /* Error codes for the COMP functions. */ - -@@ -65,8 +77,7 @@ int ERR_load_COMP_strings(void); - # define COMP_R_ZLIB_INFLATE_ERROR 100 - # define COMP_R_ZLIB_NOT_SUPPORTED 101 - --# ifdef __cplusplus -+#ifdef __cplusplus - } --# endif --# endif -+#endif - #endif -diff --git a/Cryptlib/Include/openssl/conf.h b/Cryptlib/Include/openssl/conf.h -index 462e3c9..c29e97d 100644 ---- a/Cryptlib/Include/openssl/conf.h -+++ b/Cryptlib/Include/openssl/conf.h -@@ -1,10 +1,59 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/conf/conf.h */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #ifndef HEADER_CONF_H -@@ -28,8 +77,8 @@ typedef struct { - char *value; - } CONF_VALUE; - --DEFINE_STACK_OF(CONF_VALUE) --DEFINE_LHASH_OF(CONF_VALUE); -+DECLARE_STACK_OF(CONF_VALUE) -+DECLARE_LHASH_OF(CONF_VALUE); - - struct conf_st; - struct conf_method_st; -@@ -53,8 +102,8 @@ struct conf_method_st { - typedef struct conf_imodule_st CONF_IMODULE; - typedef struct conf_module_st CONF_MODULE; - --DEFINE_STACK_OF(CONF_MODULE) --DEFINE_STACK_OF(CONF_IMODULE) -+DECLARE_STACK_OF(CONF_MODULE) -+DECLARE_STACK_OF(CONF_IMODULE) - - /* DSO module function typedefs */ - typedef int conf_init_func (CONF_IMODULE *md, const CONF *cnf); -@@ -69,9 +118,11 @@ typedef void conf_finish_func (CONF_IMODULE *md); - - int CONF_set_default_method(CONF_METHOD *meth); - void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash); -+# ifndef OPENSSL_NO_STDIO - LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file, - long *eline); --# ifndef OPENSSL_NO_STDIO -+# endif -+# ifndef OPENSSL_NO_FP_API - LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp, - long *eline); - # endif -@@ -84,17 +135,13 @@ char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group, - long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group, - const char *name); - void CONF_free(LHASH_OF(CONF_VALUE) *conf); --#ifndef OPENSSL_NO_STDIO -+# ifndef OPENSSL_NO_FP_API - int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out); --#endif -+# endif - int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out); - --DEPRECATEDIN_1_1_0(void OPENSSL_config(const char *config_name)) -- --#if OPENSSL_API_COMPAT < 0x10100000L --# define OPENSSL_no_config() \ -- OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL) --#endif -+void OPENSSL_config(const char *config_name); -+void OPENSSL_no_config(void); - - /* - * New conf code. The semantics are different from the functions above. If -@@ -110,11 +157,17 @@ struct conf_st { - CONF *NCONF_new(CONF_METHOD *meth); - CONF_METHOD *NCONF_default(void); - CONF_METHOD *NCONF_WIN32(void); -+# if 0 /* Just to give you an idea of what I have in -+ * mind */ -+CONF_METHOD *NCONF_XML(void); -+# endif - void NCONF_free(CONF *conf); - void NCONF_free_data(CONF *conf); - --int NCONF_load(CONF *conf, const char *file, long *eline); - # ifndef OPENSSL_NO_STDIO -+int NCONF_load(CONF *conf, const char *file, long *eline); -+# endif -+# ifndef OPENSSL_NO_FP_API - int NCONF_load_fp(CONF *conf, FILE *fp, long *eline); - # endif - int NCONF_load_bio(CONF *conf, BIO *bp, long *eline); -@@ -123,24 +176,29 @@ STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf, - char *NCONF_get_string(const CONF *conf, const char *group, const char *name); - int NCONF_get_number_e(const CONF *conf, const char *group, const char *name, - long *result); --#ifndef OPENSSL_NO_STDIO -+# ifndef OPENSSL_NO_FP_API - int NCONF_dump_fp(const CONF *conf, FILE *out); --#endif -+# endif - int NCONF_dump_bio(const CONF *conf, BIO *out); - --#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r) -+# if 0 /* The following function has no error -+ * checking, and should therefore be avoided */ -+long NCONF_get_number(CONF *conf, char *group, char *name); -+# else -+# define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r) -+# endif - - /* Module functions */ - - int CONF_modules_load(const CONF *cnf, const char *appname, - unsigned long flags); -+# ifndef OPENSSL_NO_STDIO - int CONF_modules_load_file(const char *filename, const char *appname, - unsigned long flags); -+# endif - void CONF_modules_unload(int all); - void CONF_modules_finish(void); --#if OPENSSL_API_COMPAT < 0x10100000L --# define CONF_modules_free() while(0) continue --#endif -+void CONF_modules_free(void); - int CONF_module_add(const char *name, conf_init_func *ifunc, - conf_finish_func *ffunc); - -@@ -167,15 +225,16 @@ void OPENSSL_load_builtin_modules(void); - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -- --int ERR_load_CONF_strings(void); -+void ERR_load_CONF_strings(void); - - /* Error codes for the CONF functions. */ - - /* Function codes. */ - # define CONF_F_CONF_DUMP_FP 104 - # define CONF_F_CONF_LOAD 100 -+# define CONF_F_CONF_LOAD_BIO 102 - # define CONF_F_CONF_LOAD_FP 103 -+# define CONF_F_CONF_MODULES_LOAD 116 - # define CONF_F_CONF_PARSE_LIST 119 - # define CONF_F_DEF_LOAD 120 - # define CONF_F_DEF_LOAD_BIO 121 -@@ -184,6 +243,7 @@ int ERR_load_CONF_strings(void); - # define CONF_F_MODULE_RUN 118 - # define CONF_F_NCONF_DUMP_BIO 105 - # define CONF_F_NCONF_DUMP_FP 106 -+# define CONF_F_NCONF_GET_NUMBER 107 - # define CONF_F_NCONF_GET_NUMBER_E 112 - # define CONF_F_NCONF_GET_SECTION 108 - # define CONF_F_NCONF_GET_STRING 109 -@@ -198,6 +258,7 @@ int ERR_load_CONF_strings(void); - # define CONF_R_LIST_CANNOT_BE_NULL 115 - # define CONF_R_MISSING_CLOSE_SQUARE_BRACKET 100 - # define CONF_R_MISSING_EQUAL_SIGN 101 -+# define CONF_R_MISSING_FINISH_FUNCTION 111 - # define CONF_R_MISSING_INIT_FUNCTION 112 - # define CONF_R_MODULE_INITIALIZATION_ERROR 109 - # define CONF_R_NO_CLOSE_BRACE 102 -@@ -210,7 +271,7 @@ int ERR_load_CONF_strings(void); - # define CONF_R_UNKNOWN_MODULE_NAME 113 - # define CONF_R_VARIABLE_HAS_NO_VALUE 104 - --# ifdef __cplusplus -+#ifdef __cplusplus - } --# endif -+#endif - #endif -diff --git a/Cryptlib/Include/openssl/conf_api.h b/Cryptlib/Include/openssl/conf_api.h -index a0275ad..e478f7d 100644 ---- a/Cryptlib/Include/openssl/conf_api.h -+++ b/Cryptlib/Include/openssl/conf_api.h -@@ -1,10 +1,59 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* conf_api.h */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #ifndef HEADER_CONF_API_H -diff --git a/Cryptlib/Include/openssl/crypto.h b/Cryptlib/Include/openssl/crypto.h -index bd0b140..bea4ca1 100644 ---- a/Cryptlib/Include/openssl/crypto.h -+++ b/Cryptlib/Include/openssl/crypto.h -@@ -1,12 +1,113 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/crypto.h */ -+/* ==================================================================== -+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ -- -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ - /* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECDH support in OpenSSL originally developed by -@@ -17,11 +118,10 @@ - # define HEADER_CRYPTO_H - - # include --# include - - # include - --# ifndef OPENSSL_NO_STDIO -+# ifndef OPENSSL_NO_FP_API - # include - # endif - -@@ -29,7 +129,6 @@ - # include - # include - # include --# include - - # ifdef CHARSET_EBCDIC - # include -@@ -41,292 +140,458 @@ - */ - # include - --# if OPENSSL_API_COMPAT < 0x10100000L --# include --# endif -- - #ifdef __cplusplus - extern "C" { - #endif - --# if OPENSSL_API_COMPAT < 0x10100000L --# define SSLeay OpenSSL_version_num --# define SSLeay_version OpenSSL_version --# define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER --# define SSLEAY_VERSION OPENSSL_VERSION --# define SSLEAY_CFLAGS OPENSSL_CFLAGS --# define SSLEAY_BUILT_ON OPENSSL_BUILT_ON --# define SSLEAY_PLATFORM OPENSSL_PLATFORM --# define SSLEAY_DIR OPENSSL_DIR -- -+/* Backward compatibility to SSLeay */ - /* -- * Old type for allocating dynamic locks. No longer used. Use the new thread -- * API instead. -+ * This is more to be used to check the correct DLL is being used in the MS -+ * world. - */ --typedef struct { -- int dummy; --} CRYPTO_dynlock; -+# define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER -+# define SSLEAY_VERSION 0 -+/* #define SSLEAY_OPTIONS 1 no longer supported */ -+# define SSLEAY_CFLAGS 2 -+# define SSLEAY_BUILT_ON 3 -+# define SSLEAY_PLATFORM 4 -+# define SSLEAY_DIR 5 -+ -+/* Already declared in ossl_typ.h */ -+# if 0 -+typedef struct crypto_ex_data_st CRYPTO_EX_DATA; -+/* Called when a new object is created */ -+typedef int CRYPTO_EX_new (void *parent, void *ptr, CRYPTO_EX_DATA *ad, -+ int idx, long argl, void *argp); -+/* Called when an object is free()ed */ -+typedef void CRYPTO_EX_free (void *parent, void *ptr, CRYPTO_EX_DATA *ad, -+ int idx, long argl, void *argp); -+/* Called when we need to dup an object */ -+typedef int CRYPTO_EX_dup (CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, -+ void *from_d, int idx, long argl, void *argp); -+# endif - --# endif /* OPENSSL_API_COMPAT */ -+/* A generic structure to pass assorted data in a expandable way */ -+typedef struct openssl_item_st { -+ int code; -+ void *value; /* Not used for flag attributes */ -+ size_t value_size; /* Max size of value for output, length for -+ * input */ -+ size_t *value_length; /* Returned length of value for output */ -+} OPENSSL_ITEM; - --typedef void CRYPTO_RWLOCK; -+/* -+ * When changing the CRYPTO_LOCK_* list, be sure to maintin the text lock -+ * names in cryptlib.c -+ */ - --CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void); --int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock); --int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock); --int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock); --void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock); -+# define CRYPTO_LOCK_ERR 1 -+# define CRYPTO_LOCK_EX_DATA 2 -+# define CRYPTO_LOCK_X509 3 -+# define CRYPTO_LOCK_X509_INFO 4 -+# define CRYPTO_LOCK_X509_PKEY 5 -+# define CRYPTO_LOCK_X509_CRL 6 -+# define CRYPTO_LOCK_X509_REQ 7 -+# define CRYPTO_LOCK_DSA 8 -+# define CRYPTO_LOCK_RSA 9 -+# define CRYPTO_LOCK_EVP_PKEY 10 -+# define CRYPTO_LOCK_X509_STORE 11 -+# define CRYPTO_LOCK_SSL_CTX 12 -+# define CRYPTO_LOCK_SSL_CERT 13 -+# define CRYPTO_LOCK_SSL_SESSION 14 -+# define CRYPTO_LOCK_SSL_SESS_CERT 15 -+# define CRYPTO_LOCK_SSL 16 -+# define CRYPTO_LOCK_SSL_METHOD 17 -+# define CRYPTO_LOCK_RAND 18 -+# define CRYPTO_LOCK_RAND2 19 -+# define CRYPTO_LOCK_MALLOC 20 -+# define CRYPTO_LOCK_BIO 21 -+# define CRYPTO_LOCK_GETHOSTBYNAME 22 -+# define CRYPTO_LOCK_GETSERVBYNAME 23 -+# define CRYPTO_LOCK_READDIR 24 -+# define CRYPTO_LOCK_RSA_BLINDING 25 -+# define CRYPTO_LOCK_DH 26 -+# define CRYPTO_LOCK_MALLOC2 27 -+# define CRYPTO_LOCK_DSO 28 -+# define CRYPTO_LOCK_DYNLOCK 29 -+# define CRYPTO_LOCK_ENGINE 30 -+# define CRYPTO_LOCK_UI 31 -+# define CRYPTO_LOCK_ECDSA 32 -+# define CRYPTO_LOCK_EC 33 -+# define CRYPTO_LOCK_ECDH 34 -+# define CRYPTO_LOCK_BN 35 -+# define CRYPTO_LOCK_EC_PRE_COMP 36 -+# define CRYPTO_LOCK_STORE 37 -+# define CRYPTO_LOCK_COMP 38 -+# define CRYPTO_LOCK_FIPS 39 -+# define CRYPTO_LOCK_FIPS2 40 -+# define CRYPTO_NUM_LOCKS 41 -+ -+# define CRYPTO_LOCK 1 -+# define CRYPTO_UNLOCK 2 -+# define CRYPTO_READ 4 -+# define CRYPTO_WRITE 8 -+ -+# ifndef OPENSSL_NO_LOCKING -+# ifndef CRYPTO_w_lock -+# define CRYPTO_w_lock(type) \ -+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE) -+# define CRYPTO_w_unlock(type) \ -+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE) -+# define CRYPTO_r_lock(type) \ -+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE) -+# define CRYPTO_r_unlock(type) \ -+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE) -+# define CRYPTO_add(addr,amount,type) \ -+ CRYPTO_add_lock(addr,amount,type,OPENSSL_FILE,OPENSSL_LINE) -+# endif -+# else -+# define CRYPTO_w_lock(a) -+# define CRYPTO_w_unlock(a) -+# define CRYPTO_r_lock(a) -+# define CRYPTO_r_unlock(a) -+# define CRYPTO_add(a,b,c) ((*(a))+=(b)) -+# endif - --int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock); -+/* -+ * Some applications as well as some parts of OpenSSL need to allocate and -+ * deallocate locks in a dynamic fashion. The following typedef makes this -+ * possible in a type-safe manner. -+ */ -+/* struct CRYPTO_dynlock_value has to be defined by the application. */ -+typedef struct { -+ int references; -+ struct CRYPTO_dynlock_value *data; -+} CRYPTO_dynlock; - - /* -- * The following can be used to detect memory leaks in the library. If -+ * The following can be used to detect memory leaks in the SSLeay library. It - * used, it turns on malloc checking - */ --# define CRYPTO_MEM_CHECK_OFF 0x0 /* Control only */ --# define CRYPTO_MEM_CHECK_ON 0x1 /* Control and mode bit */ --# define CRYPTO_MEM_CHECK_ENABLE 0x2 /* Control and mode bit */ --# define CRYPTO_MEM_CHECK_DISABLE 0x3 /* Control only */ -+ -+# define CRYPTO_MEM_CHECK_OFF 0x0/* an enume */ -+# define CRYPTO_MEM_CHECK_ON 0x1/* a bit */ -+# define CRYPTO_MEM_CHECK_ENABLE 0x2/* a bit */ -+# define CRYPTO_MEM_CHECK_DISABLE 0x3/* an enume */ -+ -+/* -+ * The following are bit values to turn on or off options connected to the -+ * malloc checking functionality -+ */ -+ -+/* Adds time to the memory checking information */ -+# define V_CRYPTO_MDEBUG_TIME 0x1/* a bit */ -+/* Adds thread number to the memory checking information */ -+# define V_CRYPTO_MDEBUG_THREAD 0x2/* a bit */ -+ -+# define V_CRYPTO_MDEBUG_ALL (V_CRYPTO_MDEBUG_TIME | V_CRYPTO_MDEBUG_THREAD) -+ -+/* predec of the BIO type */ -+typedef struct bio_st BIO_dummy; - - struct crypto_ex_data_st { - STACK_OF(void) *sk; -+ /* gcc is screwing up this data structure :-( */ -+ int dummy; - }; --DEFINE_STACK_OF(void) -+DECLARE_STACK_OF(void) - - /* -- * Per class, we have a STACK of function pointers. -+ * This stuff is basically class callback functions The current classes are -+ * SSL_CTX, SSL, SSL_SESSION, and a few more - */ --# define CRYPTO_EX_INDEX_SSL 0 --# define CRYPTO_EX_INDEX_SSL_CTX 1 --# define CRYPTO_EX_INDEX_SSL_SESSION 2 --# define CRYPTO_EX_INDEX_X509 3 --# define CRYPTO_EX_INDEX_X509_STORE 4 --# define CRYPTO_EX_INDEX_X509_STORE_CTX 5 --# define CRYPTO_EX_INDEX_DH 6 --# define CRYPTO_EX_INDEX_DSA 7 --# define CRYPTO_EX_INDEX_EC_KEY 8 --# define CRYPTO_EX_INDEX_RSA 9 --# define CRYPTO_EX_INDEX_ENGINE 10 -+ -+typedef struct crypto_ex_data_func_st { -+ long argl; /* Arbitary long */ -+ void *argp; /* Arbitary void * */ -+ CRYPTO_EX_new *new_func; -+ CRYPTO_EX_free *free_func; -+ CRYPTO_EX_dup *dup_func; -+} CRYPTO_EX_DATA_FUNCS; -+ -+DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS) -+ -+/* -+ * Per class, we have a STACK of CRYPTO_EX_DATA_FUNCS for each CRYPTO_EX_DATA -+ * entry. -+ */ -+ -+# define CRYPTO_EX_INDEX_BIO 0 -+# define CRYPTO_EX_INDEX_SSL 1 -+# define CRYPTO_EX_INDEX_SSL_CTX 2 -+# define CRYPTO_EX_INDEX_SSL_SESSION 3 -+# define CRYPTO_EX_INDEX_X509_STORE 4 -+# define CRYPTO_EX_INDEX_X509_STORE_CTX 5 -+# define CRYPTO_EX_INDEX_RSA 6 -+# define CRYPTO_EX_INDEX_DSA 7 -+# define CRYPTO_EX_INDEX_DH 8 -+# define CRYPTO_EX_INDEX_ENGINE 9 -+# define CRYPTO_EX_INDEX_X509 10 - # define CRYPTO_EX_INDEX_UI 11 --# define CRYPTO_EX_INDEX_BIO 12 --# define CRYPTO_EX_INDEX_APP 13 --# define CRYPTO_EX_INDEX__COUNT 14 -+# define CRYPTO_EX_INDEX_ECDSA 12 -+# define CRYPTO_EX_INDEX_ECDH 13 -+# define CRYPTO_EX_INDEX_COMP 14 -+# define CRYPTO_EX_INDEX_STORE 15 -+ -+/* -+ * Dynamically assigned indexes start from this value (don't use directly, -+ * use via CRYPTO_ex_data_new_class). -+ */ -+# define CRYPTO_EX_INDEX_USER 100 - - /* - * This is the default callbacks, but we can have others as well: this is - * needed in Win32 where the application malloc and the library malloc may - * not be the same. - */ --#define OPENSSL_malloc_init() \ -- CRYPTO_set_mem_functions(CRYPTO_malloc, CRYPTO_realloc, CRYPTO_free) -+# define CRYPTO_malloc_init() CRYPTO_set_mem_functions(\ -+ malloc, realloc, free) - --int CRYPTO_mem_ctrl(int mode); -+# if defined CRYPTO_MDEBUG_ALL || defined CRYPTO_MDEBUG_TIME || defined CRYPTO_MDEBUG_THREAD -+# ifndef CRYPTO_MDEBUG /* avoid duplicate #define */ -+# define CRYPTO_MDEBUG -+# endif -+# endif - --# define OPENSSL_malloc(num) \ -- CRYPTO_malloc(num, OPENSSL_FILE, OPENSSL_LINE) --# define OPENSSL_zalloc(num) \ -- CRYPTO_zalloc(num, OPENSSL_FILE, OPENSSL_LINE) --# define OPENSSL_realloc(addr, num) \ -- CRYPTO_realloc(addr, num, OPENSSL_FILE, OPENSSL_LINE) --# define OPENSSL_clear_realloc(addr, old_num, num) \ -- CRYPTO_clear_realloc(addr, old_num, num, OPENSSL_FILE, OPENSSL_LINE) --# define OPENSSL_clear_free(addr, num) \ -- CRYPTO_clear_free(addr, num, OPENSSL_FILE, OPENSSL_LINE) --# define OPENSSL_free(addr) \ -- CRYPTO_free(addr, OPENSSL_FILE, OPENSSL_LINE) --# define OPENSSL_memdup(str, s) \ -- CRYPTO_memdup((str), s, OPENSSL_FILE, OPENSSL_LINE) --# define OPENSSL_strdup(str) \ -- CRYPTO_strdup(str, OPENSSL_FILE, OPENSSL_LINE) --# define OPENSSL_strndup(str, n) \ -- CRYPTO_strndup(str, n, OPENSSL_FILE, OPENSSL_LINE) --# define OPENSSL_secure_malloc(num) \ -- CRYPTO_secure_malloc(num, OPENSSL_FILE, OPENSSL_LINE) --# define OPENSSL_secure_zalloc(num) \ -- CRYPTO_secure_zalloc(num, OPENSSL_FILE, OPENSSL_LINE) --# define OPENSSL_secure_free(addr) \ -- CRYPTO_secure_free(addr, OPENSSL_FILE, OPENSSL_LINE) --# define OPENSSL_secure_actual_size(ptr) \ -- CRYPTO_secure_actual_size(ptr) -- --size_t OPENSSL_strlcpy(char *dst, const char *src, size_t siz); --size_t OPENSSL_strlcat(char *dst, const char *src, size_t siz); --size_t OPENSSL_strnlen(const char *str, size_t maxlen); --char *OPENSSL_buf2hexstr(const unsigned char *buffer, long len); --unsigned char *OPENSSL_hexstr2buf(const char *str, long *len); --int OPENSSL_hexchar2int(unsigned char c); -- --# define OPENSSL_MALLOC_MAX_NELEMS(type) (((1U<<(sizeof(int)*8-1))-1)/sizeof(type)) -- --unsigned long OpenSSL_version_num(void); --const char *OpenSSL_version(int type); --# define OPENSSL_VERSION 0 --# define OPENSSL_CFLAGS 1 --# define OPENSSL_BUILT_ON 2 --# define OPENSSL_PLATFORM 3 --# define OPENSSL_DIR 4 --# define OPENSSL_ENGINES_DIR 5 -+/* -+ * Set standard debugging functions (not done by default unless CRYPTO_MDEBUG -+ * is defined) -+ */ -+# define CRYPTO_malloc_debug_init() do {\ -+ CRYPTO_set_mem_debug_functions(\ -+ CRYPTO_dbg_malloc,\ -+ CRYPTO_dbg_realloc,\ -+ CRYPTO_dbg_free,\ -+ CRYPTO_dbg_set_options,\ -+ CRYPTO_dbg_get_options);\ -+ } while(0) -+ -+int CRYPTO_mem_ctrl(int mode); -+int CRYPTO_is_mem_check_on(void); -+ -+/* for applications */ -+# define MemCheck_start() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) -+# define MemCheck_stop() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF) -+ -+/* for library-internal use */ -+# define MemCheck_on() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE) -+# define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE) -+# define is_MemCheck_on() CRYPTO_is_mem_check_on() -+ -+# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,OPENSSL_FILE,OPENSSL_LINE) -+# define OPENSSL_strdup(str) CRYPTO_strdup((str),OPENSSL_FILE,OPENSSL_LINE) -+# define OPENSSL_realloc(addr,num) \ -+ CRYPTO_realloc((char *)addr,(int)num,OPENSSL_FILE,OPENSSL_LINE) -+# define OPENSSL_realloc_clean(addr,old_num,num) \ -+ CRYPTO_realloc_clean(addr,old_num,num,OPENSSL_FILE,OPENSSL_LINE) -+# define OPENSSL_remalloc(addr,num) \ -+ CRYPTO_remalloc((char **)addr,(int)num,OPENSSL_FILE,OPENSSL_LINE) -+# define OPENSSL_freeFunc CRYPTO_free -+# define OPENSSL_free(addr) CRYPTO_free(addr) -+ -+# define OPENSSL_malloc_locked(num) \ -+ CRYPTO_malloc_locked((int)num,OPENSSL_FILE,OPENSSL_LINE) -+# define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr) -+ -+const char *SSLeay_version(int type); -+unsigned long SSLeay(void); - - int OPENSSL_issetugid(void); - --typedef void CRYPTO_EX_new (void *parent, void *ptr, CRYPTO_EX_DATA *ad, -- int idx, long argl, void *argp); --typedef void CRYPTO_EX_free (void *parent, void *ptr, CRYPTO_EX_DATA *ad, -- int idx, long argl, void *argp); --typedef int CRYPTO_EX_dup (CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, -- void *srcp, int idx, long argl, void *argp); --__owur int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, -+/* An opaque type representing an implementation of "ex_data" support */ -+typedef struct st_CRYPTO_EX_DATA_IMPL CRYPTO_EX_DATA_IMPL; -+/* Return an opaque pointer to the current "ex_data" implementation */ -+const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void); -+/* Sets the "ex_data" implementation to be used (if it's not too late) */ -+int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i); -+/* Get a new "ex_data" class, and return the corresponding "class_index" */ -+int CRYPTO_ex_data_new_class(void); -+/* Within a given class, get/register a new index */ -+int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, - CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func); --/* No longer use an index. */ --int CRYPTO_free_ex_index(int class_index, int idx); -- - /* - * Initialise/duplicate/free CRYPTO_EX_DATA variables corresponding to a - * given class (invokes whatever per-class callbacks are applicable) - */ - int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); - int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, -- const CRYPTO_EX_DATA *from); -- -+ CRYPTO_EX_DATA *from); - void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); -- - /* - * Get/set data in a CRYPTO_EX_DATA variable corresponding to a particular - * index (relative to the class type involved) - */ - int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val); - void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx); -- --# if OPENSSL_API_COMPAT < 0x10100000L - /* - * This function cleans up all "ex_data" state. It mustn't be called under - * potential race-conditions. - */ --# define CRYPTO_cleanup_all_ex_data() while(0) continue -+void CRYPTO_cleanup_all_ex_data(void); -+ -+int CRYPTO_get_new_lockid(char *name); -+ -+int CRYPTO_num_locks(void); /* return CRYPTO_NUM_LOCKS (shared libs!) */ -+void CRYPTO_lock(int mode, int type, const char *file, int line); -+void CRYPTO_set_locking_callback(void (*func) (int mode, int type, -+ const char *file, int line)); -+void (*CRYPTO_get_locking_callback(void)) (int mode, int type, -+ const char *file, int line); -+void CRYPTO_set_add_lock_callback(int (*func) -+ (int *num, int mount, int type, -+ const char *file, int line)); -+int (*CRYPTO_get_add_lock_callback(void)) (int *num, int mount, int type, -+ const char *file, int line); -+ -+/* Don't use this structure directly. */ -+typedef struct crypto_threadid_st { -+ void *ptr; -+ unsigned long val; -+} CRYPTO_THREADID; -+/* Only use CRYPTO_THREADID_set_[numeric|pointer]() within callbacks */ -+void CRYPTO_THREADID_set_numeric(CRYPTO_THREADID *id, unsigned long val); -+void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr); -+int CRYPTO_THREADID_set_callback(void (*threadid_func) (CRYPTO_THREADID *)); -+void (*CRYPTO_THREADID_get_callback(void)) (CRYPTO_THREADID *); -+void CRYPTO_THREADID_current(CRYPTO_THREADID *id); -+int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a, const CRYPTO_THREADID *b); -+void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest, const CRYPTO_THREADID *src); -+unsigned long CRYPTO_THREADID_hash(const CRYPTO_THREADID *id); -+# ifndef OPENSSL_NO_DEPRECATED -+void CRYPTO_set_id_callback(unsigned long (*func) (void)); -+unsigned long (*CRYPTO_get_id_callback(void)) (void); -+unsigned long CRYPTO_thread_id(void); -+# endif - --/* -- * The old locking functions have been removed completely without compatibility -- * macros. This is because the old functions either could not properly report -- * errors, or the returned error values were not clearly documented. -- * Replacing the locking functions with with no-ops would cause race condition -- * issues in the affected applications. It is far better for them to fail at -- * compile time. -- * On the other hand, the locking callbacks are no longer used. Consequently, -- * the callback management functions can be safely replaced with no-op macros. -- */ --# define CRYPTO_num_locks() (1) --# define CRYPTO_set_locking_callback(func) --# define CRYPTO_get_locking_callback() (NULL) --# define CRYPTO_set_add_lock_callback(func) --# define CRYPTO_get_add_lock_callback() (NULL) -+const char *CRYPTO_get_lock_name(int type); -+int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file, -+ int line); -+ -+int CRYPTO_get_new_dynlockid(void); -+void CRYPTO_destroy_dynlockid(int i); -+struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i); -+void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value -+ *(*dyn_create_function) (const char -+ *file, -+ int line)); -+void CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function) -+ (int mode, -+ struct CRYPTO_dynlock_value *l, -+ const char *file, int line)); -+void CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function) -+ (struct CRYPTO_dynlock_value *l, -+ const char *file, int line)); -+struct CRYPTO_dynlock_value -+*(*CRYPTO_get_dynlock_create_callback(void)) (const char *file, int line); -+void (*CRYPTO_get_dynlock_lock_callback(void)) (int mode, -+ struct CRYPTO_dynlock_value -+ *l, const char *file, -+ int line); -+void (*CRYPTO_get_dynlock_destroy_callback(void)) (struct CRYPTO_dynlock_value -+ *l, const char *file, -+ int line); - - /* -- * These defines where used in combination with the old locking callbacks, -- * they are not called anymore, but old code that's not called might still -- * use them. -+ * CRYPTO_set_mem_functions includes CRYPTO_set_locked_mem_functions -- call -+ * the latter last if you need different functions - */ --# define CRYPTO_LOCK 1 --# define CRYPTO_UNLOCK 2 --# define CRYPTO_READ 4 --# define CRYPTO_WRITE 8 -- --/* This structure is no longer used */ --typedef struct crypto_threadid_st { -- int dummy; --} CRYPTO_THREADID; --/* Only use CRYPTO_THREADID_set_[numeric|pointer]() within callbacks */ --# define CRYPTO_THREADID_set_numeric(id, val) --# define CRYPTO_THREADID_set_pointer(id, ptr) --# define CRYPTO_THREADID_set_callback(threadid_func) (0) --# define CRYPTO_THREADID_get_callback() (NULL) --# define CRYPTO_THREADID_current(id) --# define CRYPTO_THREADID_cmp(a, b) (-1) --# define CRYPTO_THREADID_cpy(dest, src) --# define CRYPTO_THREADID_hash(id) (0UL) -- --# if OPENSSL_API_COMPAT < 0x10000000L --# define CRYPTO_set_id_callback(func) --# define CRYPTO_get_id_callback() (NULL) --# define CRYPTO_thread_id() (0UL) --# endif /* OPENSSL_API_COMPAT < 0x10000000L */ -- --# define CRYPTO_set_dynlock_create_callback(dyn_create_function) --# define CRYPTO_set_dynlock_lock_callback(dyn_lock_function) --# define CRYPTO_set_dynlock_destroy_callback(dyn_destroy_function) --# define CRYPTO_get_dynlock_create_callback() (NULL) --# define CRYPTO_get_dynlock_lock_callback() (NULL) --# define CRYPTO_get_dynlock_destroy_callback() (NULL) --# endif /* OPENSSL_API_COMPAT < 0x10100000L */ -- --int CRYPTO_set_mem_functions( -- void *(*m) (size_t, const char *, int), -- void *(*r) (void *, size_t, const char *, int), -- void (*f) (void *, const char *, int)); --int CRYPTO_set_mem_debug(int flag); --void CRYPTO_get_mem_functions( -- void *(**m) (size_t, const char *, int), -- void *(**r) (void *, size_t, const char *, int), -- void (**f) (void *, const char *, int)); -- --void *CRYPTO_malloc(size_t num, const char *file, int line); --void *CRYPTO_zalloc(size_t num, const char *file, int line); --void *CRYPTO_memdup(const void *str, size_t siz, const char *file, int line); -+int CRYPTO_set_mem_functions(void *(*m) (size_t), void *(*r) (void *, size_t), -+ void (*f) (void *)); -+int CRYPTO_set_locked_mem_functions(void *(*m) (size_t), -+ void (*free_func) (void *)); -+int CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int), -+ void *(*r) (void *, size_t, const char *, -+ int), void (*f) (void *)); -+int CRYPTO_set_locked_mem_ex_functions(void *(*m) (size_t, const char *, int), -+ void (*free_func) (void *)); -+int CRYPTO_set_mem_debug_functions(void (*m) -+ (void *, int, const char *, int, int), -+ void (*r) (void *, void *, int, -+ const char *, int, int), -+ void (*f) (void *, int), void (*so) (long), -+ long (*go) (void)); -+void CRYPTO_get_mem_functions(void *(**m) (size_t), -+ void *(**r) (void *, size_t), -+ void (**f) (void *)); -+void CRYPTO_get_locked_mem_functions(void *(**m) (size_t), -+ void (**f) (void *)); -+void CRYPTO_get_mem_ex_functions(void *(**m) (size_t, const char *, int), -+ void *(**r) (void *, size_t, const char *, -+ int), void (**f) (void *)); -+void CRYPTO_get_locked_mem_ex_functions(void -+ *(**m) (size_t, const char *, int), -+ void (**f) (void *)); -+void CRYPTO_get_mem_debug_functions(void (**m) -+ (void *, int, const char *, int, int), -+ void (**r) (void *, void *, int, -+ const char *, int, int), -+ void (**f) (void *, int), -+ void (**so) (long), long (**go) (void)); -+ -+void *CRYPTO_malloc_locked(int num, const char *file, int line); -+void CRYPTO_free_locked(void *ptr); -+void *CRYPTO_malloc(int num, const char *file, int line); - char *CRYPTO_strdup(const char *str, const char *file, int line); --char *CRYPTO_strndup(const char *str, size_t s, const char *file, int line); --void CRYPTO_free(void *ptr, const char *file, int line); --void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line); --void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line); --void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num, -- const char *file, int line); -- --int CRYPTO_secure_malloc_init(size_t sz, int minsize); --int CRYPTO_secure_malloc_done(void); --void *CRYPTO_secure_malloc(size_t num, const char *file, int line); --void *CRYPTO_secure_zalloc(size_t num, const char *file, int line); --void CRYPTO_secure_free(void *ptr, const char *file, int line); --int CRYPTO_secure_allocated(const void *ptr); --int CRYPTO_secure_malloc_initialized(void); --size_t CRYPTO_secure_actual_size(void *ptr); --size_t CRYPTO_secure_used(void); -+void CRYPTO_free(void *ptr); -+void *CRYPTO_realloc(void *addr, int num, const char *file, int line); -+void *CRYPTO_realloc_clean(void *addr, int old_num, int num, const char *file, -+ int line); -+void *CRYPTO_remalloc(void *addr, int num, const char *file, int line); - - void OPENSSL_cleanse(void *ptr, size_t len); - --# ifndef OPENSSL_NO_CRYPTO_MDEBUG --# define OPENSSL_mem_debug_push(info) \ -- CRYPTO_mem_debug_push(info, OPENSSL_FILE, OPENSSL_LINE) --# define OPENSSL_mem_debug_pop() \ -- CRYPTO_mem_debug_pop() --int CRYPTO_mem_debug_push(const char *info, const char *file, int line); --int CRYPTO_mem_debug_pop(void); -+void CRYPTO_set_mem_debug_options(long bits); -+long CRYPTO_get_mem_debug_options(void); - -+# define CRYPTO_push_info(info) \ -+ CRYPTO_push_info_(info, OPENSSL_FILE, OPENSSL_LINE); -+int CRYPTO_push_info_(const char *info, const char *file, int line); -+int CRYPTO_pop_info(void); -+int CRYPTO_remove_all_info(void); -+ -+/* -+ * Default debugging functions (enabled by CRYPTO_malloc_debug_init() macro; -+ * used as default in CRYPTO_MDEBUG compilations): -+ */ - /*- -- * Debugging functions (enabled by CRYPTO_set_mem_debug(1)) -- * The flag argument has the following significance: -- * 0: called before the actual memory allocation has taken place -- * 1: called after the actual memory allocation has taken place -+ * The last argument has the following significance: -+ * -+ * 0: called before the actual memory allocation has taken place -+ * 1: called after the actual memory allocation has taken place - */ --void CRYPTO_mem_debug_malloc(void *addr, size_t num, int flag, -- const char *file, int line); --void CRYPTO_mem_debug_realloc(void *addr1, void *addr2, size_t num, int flag, -- const char *file, int line); --void CRYPTO_mem_debug_free(void *addr, int flag, -- const char *file, int line); -- --# ifndef OPENSSL_NO_STDIO --int CRYPTO_mem_leaks_fp(FILE *); --# endif --int CRYPTO_mem_leaks(BIO *bio); -+void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line, -+ int before_p); -+void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num, const char *file, -+ int line, int before_p); -+void CRYPTO_dbg_free(void *addr, int before_p); -+/*- -+ * Tell the debugging code about options. By default, the following values -+ * apply: -+ * -+ * 0: Clear all options. -+ * V_CRYPTO_MDEBUG_TIME (1): Set the "Show Time" option. -+ * V_CRYPTO_MDEBUG_THREAD (2): Set the "Show Thread Number" option. -+ * V_CRYPTO_MDEBUG_ALL (3): 1 + 2 -+ */ -+void CRYPTO_dbg_set_options(long bits); -+long CRYPTO_dbg_get_options(void); -+ -+# ifndef OPENSSL_NO_FP_API -+void CRYPTO_mem_leaks_fp(FILE *); - # endif -+void CRYPTO_mem_leaks(struct bio_st *bio); -+/* unsigned long order, char *file, int line, int num_bytes, char *addr */ -+typedef void *CRYPTO_MEM_LEAK_CB (unsigned long, const char *, int, int, -+ void *); -+void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb); - - /* die if we have to */ --ossl_noreturn void OPENSSL_die(const char *assertion, const char *file, int line); --# if OPENSSL_API_COMPAT < 0x10100000L --# define OpenSSLDie(f,l,a) OPENSSL_die((a),(f),(l)) --# endif --# define OPENSSL_assert(e) \ -- (void)((e) ? 0 : (OPENSSL_die("assertion failed: " #e, OPENSSL_FILE, OPENSSL_LINE), 1)) -+void OpenSSLDie(const char *file, int line, const char *assertion); -+# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(OPENSSL_FILE, OPENSSL_LINE, #e),1)) - -+unsigned long *OPENSSL_ia32cap_loc(void); -+# define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc())) - int OPENSSL_isservice(void); - - int FIPS_mode(void); -@@ -334,10 +599,27 @@ int FIPS_mode_set(int r); - - void OPENSSL_init(void); - --struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result); --int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec); --int OPENSSL_gmtime_diff(int *pday, int *psec, -- const struct tm *from, const struct tm *to); -+# define fips_md_init(alg) fips_md_init_ctx(alg, alg) -+ -+# ifdef OPENSSL_FIPS -+# define fips_md_init_ctx(alg, cx) \ -+ int alg##_Init(cx##_CTX *c) \ -+ { \ -+ if (FIPS_mode()) OpenSSLDie(OPENSSL_FILE, OPENSSL_LINE, \ -+ "Low level API call to digest " #alg " forbidden in FIPS mode!"); \ -+ return private_##alg##_Init(c); \ -+ } \ -+ int private_##alg##_Init(cx##_CTX *c) -+ -+# define fips_cipher_abort(alg) \ -+ if (FIPS_mode()) OpenSSLDie(OPENSSL_FILE, OPENSSL_LINE, \ -+ "Low level API call to cipher " #alg " forbidden in FIPS mode!") -+ -+# else -+# define fips_md_init_ctx(alg, cx) \ -+ int alg##_Init(cx##_CTX *c) -+# define fips_cipher_abort(alg) while(0) -+# endif - - /* - * CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. -@@ -346,118 +628,34 @@ int OPENSSL_gmtime_diff(int *pday, int *psec, - * into a defined order as the return value when a != b is undefined, other - * than to be non-zero. - */ --int CRYPTO_memcmp(const volatile void * volatile in_a, -- const volatile void * volatile in_b, -- size_t len); -- --/* Standard initialisation options */ --# define OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS 0x00000001L --# define OPENSSL_INIT_LOAD_CRYPTO_STRINGS 0x00000002L --# define OPENSSL_INIT_ADD_ALL_CIPHERS 0x00000004L --# define OPENSSL_INIT_ADD_ALL_DIGESTS 0x00000008L --# define OPENSSL_INIT_NO_ADD_ALL_CIPHERS 0x00000010L --# define OPENSSL_INIT_NO_ADD_ALL_DIGESTS 0x00000020L --# define OPENSSL_INIT_LOAD_CONFIG 0x00000040L --# define OPENSSL_INIT_NO_LOAD_CONFIG 0x00000080L --# define OPENSSL_INIT_ASYNC 0x00000100L --# define OPENSSL_INIT_ENGINE_RDRAND 0x00000200L --# define OPENSSL_INIT_ENGINE_DYNAMIC 0x00000400L --# define OPENSSL_INIT_ENGINE_OPENSSL 0x00000800L --# define OPENSSL_INIT_ENGINE_CRYPTODEV 0x00001000L --# define OPENSSL_INIT_ENGINE_CAPI 0x00002000L --# define OPENSSL_INIT_ENGINE_PADLOCK 0x00004000L --# define OPENSSL_INIT_ENGINE_AFALG 0x00008000L --/* OPENSSL_INIT flag 0x00010000 reserved for internal use */ --/* OPENSSL_INIT flag range 0xfff00000 reserved for OPENSSL_init_ssl() */ --/* Max OPENSSL_INIT flag value is 0x80000000 */ -- --/* openssl and dasync not counted as builtin */ --# define OPENSSL_INIT_ENGINE_ALL_BUILTIN \ -- (OPENSSL_INIT_ENGINE_RDRAND | OPENSSL_INIT_ENGINE_DYNAMIC \ -- | OPENSSL_INIT_ENGINE_CRYPTODEV | OPENSSL_INIT_ENGINE_CAPI | \ -- OPENSSL_INIT_ENGINE_PADLOCK) -- -- --/* Library initialisation functions */ --void OPENSSL_cleanup(void); --int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); --int OPENSSL_atexit(void (*handler)(void)); --void OPENSSL_thread_stop(void); -- --/* Low-level control of initialization */ --OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void); --# ifndef OPENSSL_NO_STDIO --int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings, -- const char *config_file); --# endif --void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings); -- --# if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) --# if defined(_WIN32) --# if defined(BASETYPES) || defined(_WINDEF_H) --/* application has to include in order to use this */ --typedef DWORD CRYPTO_THREAD_LOCAL; --typedef DWORD CRYPTO_THREAD_ID; -- --typedef LONG CRYPTO_ONCE; --# define CRYPTO_ONCE_STATIC_INIT 0 --# endif --# else --# include --typedef pthread_once_t CRYPTO_ONCE; --typedef pthread_key_t CRYPTO_THREAD_LOCAL; --typedef pthread_t CRYPTO_THREAD_ID; -- --# define CRYPTO_ONCE_STATIC_INIT PTHREAD_ONCE_INIT --# endif --# endif -- --# if !defined(CRYPTO_ONCE_STATIC_INIT) --typedef unsigned int CRYPTO_ONCE; --typedef unsigned int CRYPTO_THREAD_LOCAL; --typedef unsigned int CRYPTO_THREAD_ID; --# define CRYPTO_ONCE_STATIC_INIT 0 --# endif -- --int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void)); -- --int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *)); --void *CRYPTO_THREAD_get_local(CRYPTO_THREAD_LOCAL *key); --int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val); --int CRYPTO_THREAD_cleanup_local(CRYPTO_THREAD_LOCAL *key); -- --CRYPTO_THREAD_ID CRYPTO_THREAD_get_current_id(void); --int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b); -+int CRYPTO_memcmp(const volatile void *a, const volatile void *b, size_t len); - - /* BEGIN ERROR CODES */ - /* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -- --int ERR_load_CRYPTO_strings(void); -+void ERR_load_CRYPTO_strings(void); - - /* Error codes for the CRYPTO functions. */ - - /* Function codes. */ --# define CRYPTO_F_CRYPTO_DUP_EX_DATA 110 --# define CRYPTO_F_CRYPTO_FREE_EX_DATA 111 - # define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX 100 --# define CRYPTO_F_CRYPTO_MEMDUP 115 --# define CRYPTO_F_CRYPTO_NEW_EX_DATA 112 -+# define CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID 103 -+# define CRYPTO_F_CRYPTO_GET_NEW_LOCKID 101 - # define CRYPTO_F_CRYPTO_SET_EX_DATA 102 -+# define CRYPTO_F_DEF_ADD_INDEX 104 -+# define CRYPTO_F_DEF_GET_CLASS 105 - # define CRYPTO_F_FIPS_MODE_SET 109 --# define CRYPTO_F_GET_AND_LOCK 113 --# define CRYPTO_F_OPENSSL_BUF2HEXSTR 117 --# define CRYPTO_F_OPENSSL_HEXSTR2BUF 118 --# define CRYPTO_F_OPENSSL_INIT_CRYPTO 116 -+# define CRYPTO_F_INT_DUP_EX_DATA 106 -+# define CRYPTO_F_INT_FREE_EX_DATA 107 -+# define CRYPTO_F_INT_NEW_EX_DATA 108 - - /* Reason codes. */ - # define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED 101 --# define CRYPTO_R_ILLEGAL_HEX_DIGIT 102 --# define CRYPTO_R_ODD_NUMBER_OF_DIGITS 103 -+# define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK 100 - --# ifdef __cplusplus -+#ifdef __cplusplus - } --# endif -+#endif - #endif -diff --git a/Cryptlib/Include/openssl/ct.h b/Cryptlib/Include/openssl/ct.h -deleted file mode 100644 -index bf29fba..0000000 ---- a/Cryptlib/Include/openssl/ct.h -+++ /dev/null -@@ -1,533 +0,0 @@ --/* -- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#ifndef HEADER_CT_H --# define HEADER_CT_H -- --# include -- --# ifndef OPENSSL_NO_CT --# include --# include --# include --# ifdef __cplusplus --extern "C" { --# endif -- -- --/* Minimum RSA key size, from RFC6962 */ --# define SCT_MIN_RSA_BITS 2048 -- --/* All hashes are SHA256 in v1 of Certificate Transparency */ --# define CT_V1_HASHLEN SHA256_DIGEST_LENGTH -- --typedef enum { -- CT_LOG_ENTRY_TYPE_NOT_SET = -1, -- CT_LOG_ENTRY_TYPE_X509 = 0, -- CT_LOG_ENTRY_TYPE_PRECERT = 1 --} ct_log_entry_type_t; -- --typedef enum { -- SCT_VERSION_NOT_SET = -1, -- SCT_VERSION_V1 = 0 --} sct_version_t; -- --typedef enum { -- SCT_SOURCE_UNKNOWN, -- SCT_SOURCE_TLS_EXTENSION, -- SCT_SOURCE_X509V3_EXTENSION, -- SCT_SOURCE_OCSP_STAPLED_RESPONSE --} sct_source_t; -- --typedef enum { -- SCT_VALIDATION_STATUS_NOT_SET, -- SCT_VALIDATION_STATUS_UNKNOWN_LOG, -- SCT_VALIDATION_STATUS_VALID, -- SCT_VALIDATION_STATUS_INVALID, -- SCT_VALIDATION_STATUS_UNVERIFIED, -- SCT_VALIDATION_STATUS_UNKNOWN_VERSION --} sct_validation_status_t; -- --DEFINE_STACK_OF(SCT) --DEFINE_STACK_OF(CTLOG) -- --/****************************************** -- * CT policy evaluation context functions * -- ******************************************/ -- --/* -- * Creates a new, empty policy evaluation context. -- * The caller is responsible for calling CT_POLICY_EVAL_CTX_free when finished -- * with the CT_POLICY_EVAL_CTX. -- */ --CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void); -- --/* Deletes a policy evaluation context and anything it owns. */ --void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx); -- --/* Gets the peer certificate that the SCTs are for */ --X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx); -- --/* -- * Sets the certificate associated with the received SCTs. -- * Increments the reference count of cert. -- * Returns 1 on success, 0 otherwise. -- */ --int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert); -- --/* Gets the issuer of the aforementioned certificate */ --X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx); -- --/* -- * Sets the issuer of the certificate associated with the received SCTs. -- * Increments the reference count of issuer. -- * Returns 1 on success, 0 otherwise. -- */ --int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer); -- --/* Gets the CT logs that are trusted sources of SCTs */ --const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx); -- --/* Sets the log store that is in use. It must outlive the CT_POLICY_EVAL_CTX. */ --void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx, -- CTLOG_STORE *log_store); -- --/* -- * Gets the time, in milliseconds since the Unix epoch, that will be used as the -- * current time when checking whether an SCT was issued in the future. -- * Such SCTs will fail validation, as required by RFC6962. -- */ --uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx); -- --/* -- * Sets the time to evaluate SCTs against, in milliseconds since the Unix epoch. -- * If an SCT's timestamp is after this time, it will be interpreted as having -- * been issued in the future. RFC6962 states that "TLS clients MUST reject SCTs -- * whose timestamp is in the future", so an SCT will not validate in this case. -- */ --void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms); -- --/***************** -- * SCT functions * -- *****************/ -- --/* -- * Creates a new, blank SCT. -- * The caller is responsible for calling SCT_free when finished with the SCT. -- */ --SCT *SCT_new(void); -- --/* -- * Creates a new SCT from some base64-encoded strings. -- * The caller is responsible for calling SCT_free when finished with the SCT. -- */ --SCT *SCT_new_from_base64(unsigned char version, -- const char *logid_base64, -- ct_log_entry_type_t entry_type, -- uint64_t timestamp, -- const char *extensions_base64, -- const char *signature_base64); -- --/* -- * Frees the SCT and the underlying data structures. -- */ --void SCT_free(SCT *sct); -- --/* -- * Free a stack of SCTs, and the underlying SCTs themselves. -- * Intended to be compatible with X509V3_EXT_FREE. -- */ --void SCT_LIST_free(STACK_OF(SCT) *a); -- --/* -- * Returns the version of the SCT. -- */ --sct_version_t SCT_get_version(const SCT *sct); -- --/* -- * Set the version of an SCT. -- * Returns 1 on success, 0 if the version is unrecognized. -- */ --__owur int SCT_set_version(SCT *sct, sct_version_t version); -- --/* -- * Returns the log entry type of the SCT. -- */ --ct_log_entry_type_t SCT_get_log_entry_type(const SCT *sct); -- --/* -- * Set the log entry type of an SCT. -- * Returns 1 on success, 0 otherwise. -- */ --__owur int SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type); -- --/* -- * Gets the ID of the log that an SCT came from. -- * Ownership of the log ID remains with the SCT. -- * Returns the length of the log ID. -- */ --size_t SCT_get0_log_id(const SCT *sct, unsigned char **log_id); -- --/* -- * Set the log ID of an SCT to point directly to the *log_id specified. -- * The SCT takes ownership of the specified pointer. -- * Returns 1 on success, 0 otherwise. -- */ --__owur int SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len); -- --/* -- * Set the log ID of an SCT. -- * This makes a copy of the log_id. -- * Returns 1 on success, 0 otherwise. -- */ --__owur int SCT_set1_log_id(SCT *sct, const unsigned char *log_id, -- size_t log_id_len); -- --/* -- * Returns the timestamp for the SCT (epoch time in milliseconds). -- */ --uint64_t SCT_get_timestamp(const SCT *sct); -- --/* -- * Set the timestamp of an SCT (epoch time in milliseconds). -- */ --void SCT_set_timestamp(SCT *sct, uint64_t timestamp); -- --/* -- * Return the NID for the signature used by the SCT. -- * For CT v1, this will be either NID_sha256WithRSAEncryption or -- * NID_ecdsa_with_SHA256 (or NID_undef if incorrect/unset). -- */ --int SCT_get_signature_nid(const SCT *sct); -- --/* -- * Set the signature type of an SCT -- * For CT v1, this should be either NID_sha256WithRSAEncryption or -- * NID_ecdsa_with_SHA256. -- * Returns 1 on success, 0 otherwise. -- */ --__owur int SCT_set_signature_nid(SCT *sct, int nid); -- --/* -- * Set *ext to point to the extension data for the SCT. ext must not be NULL. -- * The SCT retains ownership of this pointer. -- * Returns length of the data pointed to. -- */ --size_t SCT_get0_extensions(const SCT *sct, unsigned char **ext); -- --/* -- * Set the extensions of an SCT to point directly to the *ext specified. -- * The SCT takes ownership of the specified pointer. -- */ --void SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len); -- --/* -- * Set the extensions of an SCT. -- * This takes a copy of the ext. -- * Returns 1 on success, 0 otherwise. -- */ --__owur int SCT_set1_extensions(SCT *sct, const unsigned char *ext, -- size_t ext_len); -- --/* -- * Set *sig to point to the signature for the SCT. sig must not be NULL. -- * The SCT retains ownership of this pointer. -- * Returns length of the data pointed to. -- */ --size_t SCT_get0_signature(const SCT *sct, unsigned char **sig); -- --/* -- * Set the signature of an SCT to point directly to the *sig specified. -- * The SCT takes ownership of the specified pointer. -- */ --void SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len); -- --/* -- * Set the signature of an SCT to be a copy of the *sig specified. -- * Returns 1 on success, 0 otherwise. -- */ --__owur int SCT_set1_signature(SCT *sct, const unsigned char *sig, -- size_t sig_len); -- --/* -- * The origin of this SCT, e.g. TLS extension, OCSP response, etc. -- */ --sct_source_t SCT_get_source(const SCT *sct); -- --/* -- * Set the origin of this SCT, e.g. TLS extension, OCSP response, etc. -- * Returns 1 on success, 0 otherwise. -- */ --__owur int SCT_set_source(SCT *sct, sct_source_t source); -- --/* -- * Returns a text string describing the validation status of |sct|. -- */ --const char *SCT_validation_status_string(const SCT *sct); -- --/* -- * Pretty-prints an |sct| to |out|. -- * It will be indented by the number of spaces specified by |indent|. -- * If |logs| is not NULL, it will be used to lookup the CT log that the SCT came -- * from, so that the log name can be printed. -- */ --void SCT_print(const SCT *sct, BIO *out, int indent, const CTLOG_STORE *logs); -- --/* -- * Pretty-prints an |sct_list| to |out|. -- * It will be indented by the number of spaces specified by |indent|. -- * SCTs will be delimited by |separator|. -- * If |logs| is not NULL, it will be used to lookup the CT log that each SCT -- * came from, so that the log names can be printed. -- */ --void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent, -- const char *separator, const CTLOG_STORE *logs); -- --/* -- * Gets the last result of validating this SCT. -- * If it has not been validated yet, returns SCT_VALIDATION_STATUS_NOT_SET. -- */ --sct_validation_status_t SCT_get_validation_status(const SCT *sct); -- --/* -- * Validates the given SCT with the provided context. -- * Sets the "validation_status" field of the SCT. -- * Returns 1 if the SCT is valid and the signature verifies. -- * Returns 0 if the SCT is invalid or could not be verified. -- * Returns -1 if an error occurs. -- */ --__owur int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx); -- --/* -- * Validates the given list of SCTs with the provided context. -- * Sets the "validation_status" field of each SCT. -- * Returns 1 if there are no invalid SCTs and all signatures verify. -- * Returns 0 if at least one SCT is invalid or could not be verified. -- * Returns a negative integer if an error occurs. -- */ --__owur int SCT_LIST_validate(const STACK_OF(SCT) *scts, -- CT_POLICY_EVAL_CTX *ctx); -- -- --/********************************* -- * SCT parsing and serialisation * -- *********************************/ -- --/* -- * Serialize (to TLS format) a stack of SCTs and return the length. -- * "a" must not be NULL. -- * If "pp" is NULL, just return the length of what would have been serialized. -- * If "pp" is not NULL and "*pp" is null, function will allocate a new pointer -- * for data that caller is responsible for freeing (only if function returns -- * successfully). -- * If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring -- * that "*pp" is large enough to accept all of the serialized data. -- * Returns < 0 on error, >= 0 indicating bytes written (or would have been) -- * on success. -- */ --__owur int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp); -- --/* -- * Convert TLS format SCT list to a stack of SCTs. -- * If "a" or "*a" is NULL, a new stack will be created that the caller is -- * responsible for freeing (by calling SCT_LIST_free). -- * "**pp" and "*pp" must not be NULL. -- * Upon success, "*pp" will point to after the last bytes read, and a stack -- * will be returned. -- * Upon failure, a NULL pointer will be returned, and the position of "*pp" is -- * not defined. -- */ --STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, -- size_t len); -- --/* -- * Serialize (to DER format) a stack of SCTs and return the length. -- * "a" must not be NULL. -- * If "pp" is NULL, just returns the length of what would have been serialized. -- * If "pp" is not NULL and "*pp" is null, function will allocate a new pointer -- * for data that caller is responsible for freeing (only if function returns -- * successfully). -- * If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring -- * that "*pp" is large enough to accept all of the serialized data. -- * Returns < 0 on error, >= 0 indicating bytes written (or would have been) -- * on success. -- */ --__owur int i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp); -- --/* -- * Parses an SCT list in DER format and returns it. -- * If "a" or "*a" is NULL, a new stack will be created that the caller is -- * responsible for freeing (by calling SCT_LIST_free). -- * "**pp" and "*pp" must not be NULL. -- * Upon success, "*pp" will point to after the last bytes read, and a stack -- * will be returned. -- * Upon failure, a NULL pointer will be returned, and the position of "*pp" is -- * not defined. -- */ --STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, -- long len); -- --/* -- * Serialize (to TLS format) an |sct| and write it to |out|. -- * If |out| is null, no SCT will be output but the length will still be returned. -- * If |out| points to a null pointer, a string will be allocated to hold the -- * TLS-format SCT. It is the responsibility of the caller to free it. -- * If |out| points to an allocated string, the TLS-format SCT will be written -- * to it. -- * The length of the SCT in TLS format will be returned. -- */ --__owur int i2o_SCT(const SCT *sct, unsigned char **out); -- --/* -- * Parses an SCT in TLS format and returns it. -- * If |psct| is not null, it will end up pointing to the parsed SCT. If it -- * already points to a non-null pointer, the pointer will be free'd. -- * |in| should be a pointer to a string containing the TLS-format SCT. -- * |in| will be advanced to the end of the SCT if parsing succeeds. -- * |len| should be the length of the SCT in |in|. -- * Returns NULL if an error occurs. -- * If the SCT is an unsupported version, only the SCT's 'sct' and 'sct_len' -- * fields will be populated (with |in| and |len| respectively). -- */ --SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len); -- --/******************** -- * CT log functions * -- ********************/ -- --/* -- * Creates a new CT log instance with the given |public_key| and |name|. -- * Takes ownership of |public_key| but copies |name|. -- * Returns NULL if malloc fails or if |public_key| cannot be converted to DER. -- * Should be deleted by the caller using CTLOG_free when no longer needed. -- */ --CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name); -- --/* -- * Creates a new CTLOG instance with the base64-encoded SubjectPublicKeyInfo DER -- * in |pkey_base64|. The |name| is a string to help users identify this log. -- * Returns 1 on success, 0 on failure. -- * Should be deleted by the caller using CTLOG_free when no longer needed. -- */ --int CTLOG_new_from_base64(CTLOG ** ct_log, -- const char *pkey_base64, const char *name); -- --/* -- * Deletes a CT log instance and its fields. -- */ --void CTLOG_free(CTLOG *log); -- --/* Gets the name of the CT log */ --const char *CTLOG_get0_name(const CTLOG *log); --/* Gets the ID of the CT log */ --void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id, -- size_t *log_id_len); --/* Gets the public key of the CT log */ --EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log); -- --/************************** -- * CT log store functions * -- **************************/ -- --/* -- * Creates a new CT log store. -- * Should be deleted by the caller using CTLOG_STORE_free when no longer needed. -- */ --CTLOG_STORE *CTLOG_STORE_new(void); -- --/* -- * Deletes a CT log store and all of the CT log instances held within. -- */ --void CTLOG_STORE_free(CTLOG_STORE *store); -- --/* -- * Finds a CT log in the store based on its log ID. -- * Returns the CT log, or NULL if no match is found. -- */ --const CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store, -- const uint8_t *log_id, -- size_t log_id_len); -- --/* -- * Loads a CT log list into a |store| from a |file|. -- * Returns 1 if loading is successful, or 0 otherwise. -- */ --__owur int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file); -- --/* -- * Loads the default CT log list into a |store|. -- * See internal/cryptlib.h for the environment variable and file path that are -- * consulted to find the default file. -- * Returns 1 if loading is successful, or 0 otherwise. -- */ --__owur int CTLOG_STORE_load_default_file(CTLOG_STORE *store); -- --/* BEGIN ERROR CODES */ --/* -- * The following lines are auto generated by the script mkerr.pl. Any changes -- * made after this point may be overwritten when the script is next run. -- */ -- --int ERR_load_CT_strings(void); -- --/* Error codes for the CT functions. */ -- --/* Function codes. */ --# define CT_F_CTLOG_NEW 117 --# define CT_F_CTLOG_NEW_FROM_BASE64 118 --# define CT_F_CTLOG_NEW_FROM_CONF 119 --# define CT_F_CTLOG_STORE_LOAD_CTX_NEW 122 --# define CT_F_CTLOG_STORE_LOAD_FILE 123 --# define CT_F_CTLOG_STORE_LOAD_LOG 130 --# define CT_F_CTLOG_STORE_NEW 131 --# define CT_F_CT_BASE64_DECODE 124 --# define CT_F_CT_POLICY_EVAL_CTX_NEW 133 --# define CT_F_CT_V1_LOG_ID_FROM_PKEY 125 --# define CT_F_I2O_SCT 107 --# define CT_F_I2O_SCT_LIST 108 --# define CT_F_I2O_SCT_SIGNATURE 109 --# define CT_F_O2I_SCT 110 --# define CT_F_O2I_SCT_LIST 111 --# define CT_F_O2I_SCT_SIGNATURE 112 --# define CT_F_SCT_CTX_NEW 126 --# define CT_F_SCT_CTX_VERIFY 128 --# define CT_F_SCT_NEW 100 --# define CT_F_SCT_NEW_FROM_BASE64 127 --# define CT_F_SCT_SET0_LOG_ID 101 --# define CT_F_SCT_SET1_EXTENSIONS 114 --# define CT_F_SCT_SET1_LOG_ID 115 --# define CT_F_SCT_SET1_SIGNATURE 116 --# define CT_F_SCT_SET_LOG_ENTRY_TYPE 102 --# define CT_F_SCT_SET_SIGNATURE_NID 103 --# define CT_F_SCT_SET_VERSION 104 -- --/* Reason codes. */ --# define CT_R_BASE64_DECODE_ERROR 108 --# define CT_R_INVALID_LOG_ID_LENGTH 100 --# define CT_R_LOG_CONF_INVALID 109 --# define CT_R_LOG_CONF_INVALID_KEY 110 --# define CT_R_LOG_CONF_MISSING_DESCRIPTION 111 --# define CT_R_LOG_CONF_MISSING_KEY 112 --# define CT_R_LOG_KEY_INVALID 113 --# define CT_R_SCT_FUTURE_TIMESTAMP 116 --# define CT_R_SCT_INVALID 104 --# define CT_R_SCT_INVALID_SIGNATURE 107 --# define CT_R_SCT_LIST_INVALID 105 --# define CT_R_SCT_LOG_ID_MISMATCH 114 --# define CT_R_SCT_NOT_SET 106 --# define CT_R_SCT_UNSUPPORTED_VERSION 115 --# define CT_R_UNRECOGNIZED_SIGNATURE_NID 101 --# define CT_R_UNSUPPORTED_ENTRY_TYPE 102 --# define CT_R_UNSUPPORTED_VERSION 103 -- --# ifdef __cplusplus --} --# endif --# endif --#endif -diff --git a/Cryptlib/Include/openssl/des.h b/Cryptlib/Include/openssl/des.h -index be4abbd..1b40144 100644 ---- a/Cryptlib/Include/openssl/des.h -+++ b/Cryptlib/Include/openssl/des.h -@@ -1,30 +1,80 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/des/des.h */ -+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - --#ifndef HEADER_DES_H --# define HEADER_DES_H -+#ifndef HEADER_NEW_DES_H -+# define HEADER_NEW_DES_H - --# include -+# include /* OPENSSL_EXTERN, OPENSSL_NO_DES, DES_LONG -+ * (via openssl/opensslconf.h */ - --# ifndef OPENSSL_NO_DES --# ifdef __cplusplus --extern "C" { -+# ifdef OPENSSL_NO_DES -+# error DES is disabled. - # endif --# include -- --typedef unsigned int DES_LONG; - - # ifdef OPENSSL_BUILD_SHLIBCRYPTO - # undef OPENSSL_EXTERN - # define OPENSSL_EXTERN OPENSSL_EXPORT - # endif - -+#ifdef __cplusplus -+extern "C" { -+#endif -+ - typedef unsigned char DES_cblock[8]; - typedef /* const */ unsigned char const_DES_cblock[8]; - /* -@@ -42,6 +92,16 @@ typedef struct DES_ks { - } ks[16]; - } DES_key_schedule; - -+# ifndef OPENSSL_DISABLE_OLD_DES_SUPPORT -+# ifndef OPENSSL_ENABLE_OLD_DES_SUPPORT -+# define OPENSSL_ENABLE_OLD_DES_SUPPORT -+# endif -+# endif -+ -+# ifdef OPENSSL_ENABLE_OLD_DES_SUPPORT -+# include -+# endif -+ - # define DES_KEY_SZ (sizeof(DES_cblock)) - # define DES_SCHEDULE_SZ (sizeof(DES_key_schedule)) - -@@ -65,6 +125,8 @@ typedef struct DES_ks { - - OPENSSL_DECLARE_GLOBAL(int, DES_check_key); /* defaults to false */ - # define DES_check_key OPENSSL_GLOBAL_REF(DES_check_key) -+OPENSSL_DECLARE_GLOBAL(int, DES_rw_mode); /* defaults to DES_PCBC_MODE */ -+# define DES_rw_mode OPENSSL_GLOBAL_REF(DES_rw_mode) - - const char *DES_options(void); - void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, -@@ -120,6 +182,11 @@ void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output, - long length, - DES_key_schedule *ks1, DES_key_schedule *ks2, - DES_key_schedule *ks3, DES_cblock *ivec, int enc); -+void DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out, -+ long length, -+ DES_key_schedule *ks1, DES_key_schedule *ks2, -+ DES_key_schedule *ks3, -+ DES_cblock *ivec1, DES_cblock *ivec2, int enc); - void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, - long length, DES_key_schedule *ks1, - DES_key_schedule *ks2, DES_key_schedule *ks3, -@@ -132,6 +199,15 @@ void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out, - long length, DES_key_schedule *ks1, - DES_key_schedule *ks2, DES_key_schedule *ks3, - DES_cblock *ivec, int *num); -+# if 0 -+void DES_xwhite_in2out(const_DES_cblock *DES_key, const_DES_cblock *in_white, -+ DES_cblock *out_white); -+# endif -+ -+int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched, -+ DES_cblock *iv); -+int DES_enc_write(int fd, const void *buf, int len, DES_key_schedule *sched, -+ DES_cblock *iv); - char *DES_fcrypt(const char *buf, const char *salt, char *ret); - char *DES_crypt(const char *buf, const char *salt); - void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits, -@@ -155,6 +231,10 @@ int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule); - int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule); - int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule); - void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule); -+# ifdef OPENSSL_FIPS -+void private_DES_set_key_unchecked(const_DES_cblock *key, -+ DES_key_schedule *schedule); -+# endif - void DES_string_to_key(const char *str, DES_cblock *key); - void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2); - void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out, -@@ -164,11 +244,14 @@ void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out, - long length, DES_key_schedule *schedule, - DES_cblock *ivec, int *num); - -+int DES_read_password(DES_cblock *key, const char *prompt, int verify); -+int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, -+ const char *prompt, int verify); -+ - # define DES_fixup_key_parity DES_set_odd_parity - --# ifdef __cplusplus -+#ifdef __cplusplus - } --# endif --# endif -+#endif - - #endif -diff --git a/Cryptlib/Include/openssl/des_old.h b/Cryptlib/Include/openssl/des_old.h -new file mode 100644 -index 0000000..ee7607a ---- /dev/null -+++ b/Cryptlib/Include/openssl/des_old.h -@@ -0,0 +1,497 @@ -+/* crypto/des/des_old.h */ -+ -+/*- -+ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING -+ * -+ * The function names in here are deprecated and are only present to -+ * provide an interface compatible with openssl 0.9.6 and older as -+ * well as libdes. OpenSSL now provides functions where "des_" has -+ * been replaced with "DES_" in the names, to make it possible to -+ * make incompatible changes that are needed for C type security and -+ * other stuff. -+ * -+ * This include files has two compatibility modes: -+ * -+ * - If OPENSSL_DES_LIBDES_COMPATIBILITY is defined, you get an API -+ * that is compatible with libdes and SSLeay. -+ * - If OPENSSL_DES_LIBDES_COMPATIBILITY isn't defined, you get an -+ * API that is compatible with OpenSSL 0.9.5x to 0.9.6x. -+ * -+ * Note that these modes break earlier snapshots of OpenSSL, where -+ * libdes compatibility was the only available mode or (later on) the -+ * prefered compatibility mode. However, after much consideration -+ * (and more or less violent discussions with external parties), it -+ * was concluded that OpenSSL should be compatible with earlier versions -+ * of itself before anything else. Also, in all honesty, libdes is -+ * an old beast that shouldn't really be used any more. -+ * -+ * Please consider starting to use the DES_ functions rather than the -+ * des_ ones. The des_ functions will disappear completely before -+ * OpenSSL 1.0! -+ * -+ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING -+ */ -+ -+/* -+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project -+ * 2001. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+#ifndef HEADER_DES_H -+# define HEADER_DES_H -+ -+# include /* OPENSSL_EXTERN, OPENSSL_NO_DES, DES_LONG */ -+ -+# ifdef OPENSSL_NO_DES -+# error DES is disabled. -+# endif -+ -+# ifndef HEADER_NEW_DES_H -+# error You must include des.h, not des_old.h directly. -+# endif -+ -+# ifdef _KERBEROS_DES_H -+# error replaces . -+# endif -+ -+# include -+ -+# ifdef OPENSSL_BUILD_SHLIBCRYPTO -+# undef OPENSSL_EXTERN -+# define OPENSSL_EXTERN OPENSSL_EXPORT -+# endif -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+# ifdef _ -+# undef _ -+# endif -+ -+typedef unsigned char _ossl_old_des_cblock[8]; -+typedef struct _ossl_old_des_ks_struct { -+ union { -+ _ossl_old_des_cblock _; -+ /* -+ * make sure things are correct size on machines with 8 byte longs -+ */ -+ DES_LONG pad[2]; -+ } ks; -+} _ossl_old_des_key_schedule[16]; -+ -+# ifndef OPENSSL_DES_LIBDES_COMPATIBILITY -+# define des_cblock DES_cblock -+# define const_des_cblock const_DES_cblock -+# define des_key_schedule DES_key_schedule -+# define des_ecb3_encrypt(i,o,k1,k2,k3,e)\ -+ DES_ecb3_encrypt((i),(o),&(k1),&(k2),&(k3),(e)) -+# define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\ -+ DES_ede3_cbc_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(e)) -+# define des_ede3_cbcm_encrypt(i,o,l,k1,k2,k3,iv1,iv2,e)\ -+ DES_ede3_cbcm_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv1),(iv2),(e)) -+# define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\ -+ DES_ede3_cfb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n),(e)) -+# define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\ -+ DES_ede3_ofb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n)) -+# define des_options()\ -+ DES_options() -+# define des_cbc_cksum(i,o,l,k,iv)\ -+ DES_cbc_cksum((i),(o),(l),&(k),(iv)) -+# define des_cbc_encrypt(i,o,l,k,iv,e)\ -+ DES_cbc_encrypt((i),(o),(l),&(k),(iv),(e)) -+# define des_ncbc_encrypt(i,o,l,k,iv,e)\ -+ DES_ncbc_encrypt((i),(o),(l),&(k),(iv),(e)) -+# define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\ -+ DES_xcbc_encrypt((i),(o),(l),&(k),(iv),(inw),(outw),(e)) -+# define des_cfb_encrypt(i,o,n,l,k,iv,e)\ -+ DES_cfb_encrypt((i),(o),(n),(l),&(k),(iv),(e)) -+# define des_ecb_encrypt(i,o,k,e)\ -+ DES_ecb_encrypt((i),(o),&(k),(e)) -+# define des_encrypt1(d,k,e)\ -+ DES_encrypt1((d),&(k),(e)) -+# define des_encrypt2(d,k,e)\ -+ DES_encrypt2((d),&(k),(e)) -+# define des_encrypt3(d,k1,k2,k3)\ -+ DES_encrypt3((d),&(k1),&(k2),&(k3)) -+# define des_decrypt3(d,k1,k2,k3)\ -+ DES_decrypt3((d),&(k1),&(k2),&(k3)) -+# define des_xwhite_in2out(k,i,o)\ -+ DES_xwhite_in2out((k),(i),(o)) -+# define des_enc_read(f,b,l,k,iv)\ -+ DES_enc_read((f),(b),(l),&(k),(iv)) -+# define des_enc_write(f,b,l,k,iv)\ -+ DES_enc_write((f),(b),(l),&(k),(iv)) -+# define des_fcrypt(b,s,r)\ -+ DES_fcrypt((b),(s),(r)) -+# if 0 -+# define des_crypt(b,s)\ -+ DES_crypt((b),(s)) -+# if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(__OpenBSD__) -+# define crypt(b,s)\ -+ DES_crypt((b),(s)) -+# endif -+# endif -+# define des_ofb_encrypt(i,o,n,l,k,iv)\ -+ DES_ofb_encrypt((i),(o),(n),(l),&(k),(iv)) -+# define des_pcbc_encrypt(i,o,l,k,iv,e)\ -+ DES_pcbc_encrypt((i),(o),(l),&(k),(iv),(e)) -+# define des_quad_cksum(i,o,l,c,s)\ -+ DES_quad_cksum((i),(o),(l),(c),(s)) -+# define des_random_seed(k)\ -+ _ossl_096_des_random_seed((k)) -+# define des_random_key(r)\ -+ DES_random_key((r)) -+# define des_read_password(k,p,v) \ -+ DES_read_password((k),(p),(v)) -+# define des_read_2passwords(k1,k2,p,v) \ -+ DES_read_2passwords((k1),(k2),(p),(v)) -+# define des_set_odd_parity(k)\ -+ DES_set_odd_parity((k)) -+# define des_check_key_parity(k)\ -+ DES_check_key_parity((k)) -+# define des_is_weak_key(k)\ -+ DES_is_weak_key((k)) -+# define des_set_key(k,ks)\ -+ DES_set_key((k),&(ks)) -+# define des_key_sched(k,ks)\ -+ DES_key_sched((k),&(ks)) -+# define des_set_key_checked(k,ks)\ -+ DES_set_key_checked((k),&(ks)) -+# define des_set_key_unchecked(k,ks)\ -+ DES_set_key_unchecked((k),&(ks)) -+# define des_string_to_key(s,k)\ -+ DES_string_to_key((s),(k)) -+# define des_string_to_2keys(s,k1,k2)\ -+ DES_string_to_2keys((s),(k1),(k2)) -+# define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\ -+ DES_cfb64_encrypt((i),(o),(l),&(ks),(iv),(n),(e)) -+# define des_ofb64_encrypt(i,o,l,ks,iv,n)\ -+ DES_ofb64_encrypt((i),(o),(l),&(ks),(iv),(n)) -+ -+# define des_ecb2_encrypt(i,o,k1,k2,e) \ -+ des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) -+ -+# define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ -+ des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) -+ -+# define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ -+ des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) -+ -+# define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ -+ des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) -+ -+# define des_check_key DES_check_key -+# define des_rw_mode DES_rw_mode -+# else /* libdes compatibility */ -+/* -+ * Map all symbol names to _ossl_old_des_* form, so we avoid all clashes with -+ * libdes -+ */ -+# define des_cblock _ossl_old_des_cblock -+# define des_key_schedule _ossl_old_des_key_schedule -+# define des_ecb3_encrypt(i,o,k1,k2,k3,e)\ -+ _ossl_old_des_ecb3_encrypt((i),(o),(k1),(k2),(k3),(e)) -+# define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\ -+ _ossl_old_des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(e)) -+# define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\ -+ _ossl_old_des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n),(e)) -+# define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\ -+ _ossl_old_des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n)) -+# define des_options()\ -+ _ossl_old_des_options() -+# define des_cbc_cksum(i,o,l,k,iv)\ -+ _ossl_old_des_cbc_cksum((i),(o),(l),(k),(iv)) -+# define des_cbc_encrypt(i,o,l,k,iv,e)\ -+ _ossl_old_des_cbc_encrypt((i),(o),(l),(k),(iv),(e)) -+# define des_ncbc_encrypt(i,o,l,k,iv,e)\ -+ _ossl_old_des_ncbc_encrypt((i),(o),(l),(k),(iv),(e)) -+# define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\ -+ _ossl_old_des_xcbc_encrypt((i),(o),(l),(k),(iv),(inw),(outw),(e)) -+# define des_cfb_encrypt(i,o,n,l,k,iv,e)\ -+ _ossl_old_des_cfb_encrypt((i),(o),(n),(l),(k),(iv),(e)) -+# define des_ecb_encrypt(i,o,k,e)\ -+ _ossl_old_des_ecb_encrypt((i),(o),(k),(e)) -+# define des_encrypt(d,k,e)\ -+ _ossl_old_des_encrypt((d),(k),(e)) -+# define des_encrypt2(d,k,e)\ -+ _ossl_old_des_encrypt2((d),(k),(e)) -+# define des_encrypt3(d,k1,k2,k3)\ -+ _ossl_old_des_encrypt3((d),(k1),(k2),(k3)) -+# define des_decrypt3(d,k1,k2,k3)\ -+ _ossl_old_des_decrypt3((d),(k1),(k2),(k3)) -+# define des_xwhite_in2out(k,i,o)\ -+ _ossl_old_des_xwhite_in2out((k),(i),(o)) -+# define des_enc_read(f,b,l,k,iv)\ -+ _ossl_old_des_enc_read((f),(b),(l),(k),(iv)) -+# define des_enc_write(f,b,l,k,iv)\ -+ _ossl_old_des_enc_write((f),(b),(l),(k),(iv)) -+# define des_fcrypt(b,s,r)\ -+ _ossl_old_des_fcrypt((b),(s),(r)) -+# define des_crypt(b,s)\ -+ _ossl_old_des_crypt((b),(s)) -+# if 0 -+# define crypt(b,s)\ -+ _ossl_old_crypt((b),(s)) -+# endif -+# define des_ofb_encrypt(i,o,n,l,k,iv)\ -+ _ossl_old_des_ofb_encrypt((i),(o),(n),(l),(k),(iv)) -+# define des_pcbc_encrypt(i,o,l,k,iv,e)\ -+ _ossl_old_des_pcbc_encrypt((i),(o),(l),(k),(iv),(e)) -+# define des_quad_cksum(i,o,l,c,s)\ -+ _ossl_old_des_quad_cksum((i),(o),(l),(c),(s)) -+# define des_random_seed(k)\ -+ _ossl_old_des_random_seed((k)) -+# define des_random_key(r)\ -+ _ossl_old_des_random_key((r)) -+# define des_read_password(k,p,v) \ -+ _ossl_old_des_read_password((k),(p),(v)) -+# define des_read_2passwords(k1,k2,p,v) \ -+ _ossl_old_des_read_2passwords((k1),(k2),(p),(v)) -+# define des_set_odd_parity(k)\ -+ _ossl_old_des_set_odd_parity((k)) -+# define des_is_weak_key(k)\ -+ _ossl_old_des_is_weak_key((k)) -+# define des_set_key(k,ks)\ -+ _ossl_old_des_set_key((k),(ks)) -+# define des_key_sched(k,ks)\ -+ _ossl_old_des_key_sched((k),(ks)) -+# define des_string_to_key(s,k)\ -+ _ossl_old_des_string_to_key((s),(k)) -+# define des_string_to_2keys(s,k1,k2)\ -+ _ossl_old_des_string_to_2keys((s),(k1),(k2)) -+# define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\ -+ _ossl_old_des_cfb64_encrypt((i),(o),(l),(ks),(iv),(n),(e)) -+# define des_ofb64_encrypt(i,o,l,ks,iv,n)\ -+ _ossl_old_des_ofb64_encrypt((i),(o),(l),(ks),(iv),(n)) -+ -+# define des_ecb2_encrypt(i,o,k1,k2,e) \ -+ des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) -+ -+# define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ -+ des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) -+ -+# define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ -+ des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) -+ -+# define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ -+ des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) -+ -+# define des_check_key DES_check_key -+# define des_rw_mode DES_rw_mode -+# endif -+ -+const char *_ossl_old_des_options(void); -+void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input, -+ _ossl_old_des_cblock *output, -+ _ossl_old_des_key_schedule ks1, -+ _ossl_old_des_key_schedule ks2, -+ _ossl_old_des_key_schedule ks3, int enc); -+DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input, -+ _ossl_old_des_cblock *output, long length, -+ _ossl_old_des_key_schedule schedule, -+ _ossl_old_des_cblock *ivec); -+void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input, -+ _ossl_old_des_cblock *output, long length, -+ _ossl_old_des_key_schedule schedule, -+ _ossl_old_des_cblock *ivec, int enc); -+void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input, -+ _ossl_old_des_cblock *output, long length, -+ _ossl_old_des_key_schedule schedule, -+ _ossl_old_des_cblock *ivec, int enc); -+void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input, -+ _ossl_old_des_cblock *output, long length, -+ _ossl_old_des_key_schedule schedule, -+ _ossl_old_des_cblock *ivec, -+ _ossl_old_des_cblock *inw, -+ _ossl_old_des_cblock *outw, int enc); -+void _ossl_old_des_cfb_encrypt(unsigned char *in, unsigned char *out, -+ int numbits, long length, -+ _ossl_old_des_key_schedule schedule, -+ _ossl_old_des_cblock *ivec, int enc); -+void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input, -+ _ossl_old_des_cblock *output, -+ _ossl_old_des_key_schedule ks, int enc); -+void _ossl_old_des_encrypt(DES_LONG *data, _ossl_old_des_key_schedule ks, -+ int enc); -+void _ossl_old_des_encrypt2(DES_LONG *data, _ossl_old_des_key_schedule ks, -+ int enc); -+void _ossl_old_des_encrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1, -+ _ossl_old_des_key_schedule ks2, -+ _ossl_old_des_key_schedule ks3); -+void _ossl_old_des_decrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1, -+ _ossl_old_des_key_schedule ks2, -+ _ossl_old_des_key_schedule ks3); -+void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input, -+ _ossl_old_des_cblock *output, long length, -+ _ossl_old_des_key_schedule ks1, -+ _ossl_old_des_key_schedule ks2, -+ _ossl_old_des_key_schedule ks3, -+ _ossl_old_des_cblock *ivec, int enc); -+void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out, -+ long length, -+ _ossl_old_des_key_schedule ks1, -+ _ossl_old_des_key_schedule ks2, -+ _ossl_old_des_key_schedule ks3, -+ _ossl_old_des_cblock *ivec, int *num, -+ int enc); -+void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out, -+ long length, -+ _ossl_old_des_key_schedule ks1, -+ _ossl_old_des_key_schedule ks2, -+ _ossl_old_des_key_schedule ks3, -+ _ossl_old_des_cblock *ivec, int *num); -+# if 0 -+void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), -+ _ossl_old_des_cblock (*in_white), -+ _ossl_old_des_cblock (*out_white)); -+# endif -+ -+int _ossl_old_des_enc_read(int fd, char *buf, int len, -+ _ossl_old_des_key_schedule sched, -+ _ossl_old_des_cblock *iv); -+int _ossl_old_des_enc_write(int fd, char *buf, int len, -+ _ossl_old_des_key_schedule sched, -+ _ossl_old_des_cblock *iv); -+char *_ossl_old_des_fcrypt(const char *buf, const char *salt, char *ret); -+char *_ossl_old_des_crypt(const char *buf, const char *salt); -+# if !defined(PERL5) && !defined(NeXT) -+char *_ossl_old_crypt(const char *buf, const char *salt); -+# endif -+void _ossl_old_des_ofb_encrypt(unsigned char *in, unsigned char *out, -+ int numbits, long length, -+ _ossl_old_des_key_schedule schedule, -+ _ossl_old_des_cblock *ivec); -+void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input, -+ _ossl_old_des_cblock *output, long length, -+ _ossl_old_des_key_schedule schedule, -+ _ossl_old_des_cblock *ivec, int enc); -+DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input, -+ _ossl_old_des_cblock *output, long length, -+ int out_count, _ossl_old_des_cblock *seed); -+void _ossl_old_des_random_seed(_ossl_old_des_cblock key); -+void _ossl_old_des_random_key(_ossl_old_des_cblock ret); -+int _ossl_old_des_read_password(_ossl_old_des_cblock *key, const char *prompt, -+ int verify); -+int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1, -+ _ossl_old_des_cblock *key2, -+ const char *prompt, int verify); -+void _ossl_old_des_set_odd_parity(_ossl_old_des_cblock *key); -+int _ossl_old_des_is_weak_key(_ossl_old_des_cblock *key); -+int _ossl_old_des_set_key(_ossl_old_des_cblock *key, -+ _ossl_old_des_key_schedule schedule); -+int _ossl_old_des_key_sched(_ossl_old_des_cblock *key, -+ _ossl_old_des_key_schedule schedule); -+void _ossl_old_des_string_to_key(char *str, _ossl_old_des_cblock *key); -+void _ossl_old_des_string_to_2keys(char *str, _ossl_old_des_cblock *key1, -+ _ossl_old_des_cblock *key2); -+void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out, -+ long length, -+ _ossl_old_des_key_schedule schedule, -+ _ossl_old_des_cblock *ivec, int *num, -+ int enc); -+void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out, -+ long length, -+ _ossl_old_des_key_schedule schedule, -+ _ossl_old_des_cblock *ivec, int *num); -+ -+void _ossl_096_des_random_seed(des_cblock *key); -+ -+/* -+ * The following definitions provide compatibility with the MIT Kerberos -+ * library. The _ossl_old_des_key_schedule structure is not binary -+ * compatible. -+ */ -+ -+# define _KERBEROS_DES_H -+ -+# define KRBDES_ENCRYPT DES_ENCRYPT -+# define KRBDES_DECRYPT DES_DECRYPT -+ -+# ifdef KERBEROS -+# define ENCRYPT DES_ENCRYPT -+# define DECRYPT DES_DECRYPT -+# endif -+ -+# ifndef NCOMPAT -+# define C_Block des_cblock -+# define Key_schedule des_key_schedule -+# define KEY_SZ DES_KEY_SZ -+# define string_to_key des_string_to_key -+# define read_pw_string des_read_pw_string -+# define random_key des_random_key -+# define pcbc_encrypt des_pcbc_encrypt -+# define set_key des_set_key -+# define key_sched des_key_sched -+# define ecb_encrypt des_ecb_encrypt -+# define cbc_encrypt des_cbc_encrypt -+# define ncbc_encrypt des_ncbc_encrypt -+# define xcbc_encrypt des_xcbc_encrypt -+# define cbc_cksum des_cbc_cksum -+# define quad_cksum des_quad_cksum -+# define check_parity des_check_key_parity -+# endif -+ -+# define des_fixup_key_parity DES_fixup_key_parity -+ -+#ifdef __cplusplus -+} -+#endif -+ -+/* for DES_read_pw_string et al */ -+# include -+ -+#endif -diff --git a/Cryptlib/Include/openssl/dh.h b/Cryptlib/Include/openssl/dh.h -index 6d149bc..6488879 100644 ---- a/Cryptlib/Include/openssl/dh.h -+++ b/Cryptlib/Include/openssl/dh.h -@@ -1,49 +1,98 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/dh/dh.h */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #ifndef HEADER_DH_H - # define HEADER_DH_H - --# include -- --# ifndef OPENSSL_NO_DH - # include --# include --# include --# include --# if OPENSSL_API_COMPAT < 0x10100000L --# include -+ -+# ifdef OPENSSL_NO_DH -+# error DH is disabled. - # endif - --# ifdef __cplusplus --extern "C" { -+# ifndef OPENSSL_NO_BIO -+# include -+# endif -+# include -+# ifndef OPENSSL_NO_DEPRECATED -+# include - # endif - - # ifndef OPENSSL_DH_MAX_MODULUS_BITS - # define OPENSSL_DH_MAX_MODULUS_BITS 10000 - # endif - --# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 -- - # define DH_FLAG_CACHE_MONT_P 0x01 - --# if OPENSSL_API_COMPAT < 0x10100000L - /* -- * Does nothing. Previously this switched off constant time behaviour. -+ * new with 0.9.7h; the built-in DH -+ * implementation now uses constant time -+ * modular exponentiation for secret exponents -+ * by default. This flag causes the -+ * faster variable sliding window method to -+ * be used for all exponents. - */ --# define DH_FLAG_NO_EXP_CONSTTIME 0x00 --# endif -+# define DH_FLAG_NO_EXP_CONSTTIME 0x02 - - /* - * If this flag is set the DH method is FIPS compliant and can be used in - * FIPS mode. This is set in the validated module method. If an application -- * sets this flag in its own methods it is its responsibility to ensure the -+ * sets this flag in its own methods it is its reposibility to ensure the - * result is compliant. - */ - -@@ -57,11 +106,57 @@ extern "C" { - - # define DH_FLAG_NON_FIPS_ALLOW 0x0400 - -+#ifdef __cplusplus -+extern "C" { -+#endif -+ - /* Already defined in ossl_typ.h */ - /* typedef struct dh_st DH; */ - /* typedef struct dh_method DH_METHOD; */ - --DECLARE_ASN1_ITEM(DHparams) -+struct dh_method { -+ const char *name; -+ /* Methods here */ -+ int (*generate_key) (DH *dh); -+ int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh); -+ /* Can be null */ -+ int (*bn_mod_exp) (const DH *dh, BIGNUM *r, const BIGNUM *a, -+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, -+ BN_MONT_CTX *m_ctx); -+ int (*init) (DH *dh); -+ int (*finish) (DH *dh); -+ int flags; -+ char *app_data; -+ /* If this is non-NULL, it will be used to generate parameters */ -+ int (*generate_params) (DH *dh, int prime_len, int generator, -+ BN_GENCB *cb); -+}; -+ -+struct dh_st { -+ /* -+ * This first argument is used to pick up errors when a DH is passed -+ * instead of a EVP_PKEY -+ */ -+ int pad; -+ int version; -+ BIGNUM *p; -+ BIGNUM *g; -+ long length; /* optional */ -+ BIGNUM *pub_key; /* g^x % p */ -+ BIGNUM *priv_key; /* x */ -+ int flags; -+ BN_MONT_CTX *method_mont_p; -+ /* Place holders if we want to do X9.42 DH */ -+ BIGNUM *q; -+ BIGNUM *j; -+ unsigned char *seed; -+ int seedlen; -+ BIGNUM *counter; -+ int references; -+ CRYPTO_EX_DATA ex_data; -+ const DH_METHOD *meth; -+ ENGINE *engine; -+}; - - # define DH_GENERATOR_2 2 - /* #define DH_GENERATOR_3 3 */ -@@ -106,25 +201,22 @@ DH *DH_new_method(ENGINE *engine); - DH *DH_new(void); - void DH_free(DH *dh); - int DH_up_ref(DH *dh); --int DH_bits(const DH *dh); - int DH_size(const DH *dh); --int DH_security_bits(const DH *dh); --#define DH_get_ex_new_index(l, p, newf, dupf, freef) \ -- CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, l, p, newf, dupf, freef) -+int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, -+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); - int DH_set_ex_data(DH *d, int idx, void *arg); - void *DH_get_ex_data(DH *d, int idx); - - /* Deprecated version */ --DEPRECATEDIN_0_9_8(DH *DH_generate_parameters(int prime_len, int generator, -- void (*callback) (int, int, -- void *), -- void *cb_arg)) -+# ifndef OPENSSL_NO_DEPRECATED -+DH *DH_generate_parameters(int prime_len, int generator, -+ void (*callback) (int, int, void *), void *cb_arg); -+# endif /* !defined(OPENSSL_NO_DEPRECATED) */ - - /* New version */ - int DH_generate_parameters_ex(DH *dh, int prime_len, int generator, - BN_GENCB *cb); - --int DH_check_params(const DH *dh, int *ret); - int DH_check(const DH *dh, int *codes); - int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *codes); - int DH_generate_key(DH *dh); -@@ -134,10 +226,14 @@ DH *d2i_DHparams(DH **a, const unsigned char **pp, long length); - int i2d_DHparams(const DH *a, unsigned char **pp); - DH *d2i_DHxparams(DH **a, const unsigned char **pp, long length); - int i2d_DHxparams(const DH *a, unsigned char **pp); --# ifndef OPENSSL_NO_STDIO -+# ifndef OPENSSL_NO_FP_API - int DHparams_print_fp(FILE *fp, const DH *x); - # endif -+# ifndef OPENSSL_NO_BIO - int DHparams_print(BIO *bp, const DH *x); -+# else -+int DHparams_print(char *bp, const DH *x); -+# endif - - /* RFC 5114 parameters */ - DH *DH_get_1024_160(void); -@@ -152,50 +248,6 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen, - const unsigned char *ukm, size_t ukmlen, const EVP_MD *md); - # endif - --void DH_get0_pqg(const DH *dh, -- const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); --int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); --void DH_get0_key(const DH *dh, -- const BIGNUM **pub_key, const BIGNUM **priv_key); --int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key); --void DH_clear_flags(DH *dh, int flags); --int DH_test_flags(const DH *dh, int flags); --void DH_set_flags(DH *dh, int flags); --ENGINE *DH_get0_engine(DH *d); --long DH_get_length(const DH *dh); --int DH_set_length(DH *dh, long length); -- --DH_METHOD *DH_meth_new(const char *name, int flags); --void DH_meth_free(DH_METHOD *dhm); --DH_METHOD *DH_meth_dup(const DH_METHOD *dhm); --const char *DH_meth_get0_name(const DH_METHOD *dhm); --int DH_meth_set1_name(DH_METHOD *dhm, const char *name); --int DH_meth_get_flags(DH_METHOD *dhm); --int DH_meth_set_flags(DH_METHOD *dhm, int flags); --void *DH_meth_get0_app_data(const DH_METHOD *dhm); --int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data); --int (*DH_meth_get_generate_key(const DH_METHOD *dhm)) (DH *); --int DH_meth_set_generate_key(DH_METHOD *dhm, int (*generate_key) (DH *)); --int (*DH_meth_get_compute_key(const DH_METHOD *dhm)) -- (unsigned char *key, const BIGNUM *pub_key, DH *dh); --int DH_meth_set_compute_key(DH_METHOD *dhm, -- int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh)); --int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm)) -- (const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, -- BN_CTX *, BN_MONT_CTX *); --int DH_meth_set_bn_mod_exp(DH_METHOD *dhm, -- int (*bn_mod_exp) (const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *, -- const BIGNUM *, BN_CTX *, BN_MONT_CTX *)); --int (*DH_meth_get_init(const DH_METHOD *dhm))(DH *); --int DH_meth_set_init(DH_METHOD *dhm, int (*init)(DH *)); --int (*DH_meth_get_finish(const DH_METHOD *dhm)) (DH *); --int DH_meth_set_finish(DH_METHOD *dhm, int (*finish) (DH *)); --int (*DH_meth_get_generate_params(const DH_METHOD *dhm)) -- (DH *, int, int, BN_GENCB *); --int DH_meth_set_generate_params(DH_METHOD *dhm, -- int (*generate_params) (DH *, int, int, BN_GENCB *)); -- -- - # define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ - EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL) -@@ -296,8 +348,7 @@ int DH_meth_set_generate_params(DH_METHOD *dhm, - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -- --int ERR_load_DH_strings(void); -+void ERR_load_DH_strings(void); - - /* Error codes for the DH functions. */ - -@@ -305,12 +356,12 @@ int ERR_load_DH_strings(void); - # define DH_F_COMPUTE_KEY 102 - # define DH_F_DHPARAMS_PRINT_FP 101 - # define DH_F_DH_BUILTIN_GENPARAMS 106 --# define DH_F_DH_CMS_DECRYPT 114 --# define DH_F_DH_CMS_SET_PEERKEY 115 --# define DH_F_DH_CMS_SET_SHARED_INFO 116 --# define DH_F_DH_METH_DUP 117 --# define DH_F_DH_METH_NEW 118 --# define DH_F_DH_METH_SET1_NAME 119 -+# define DH_F_DH_CMS_DECRYPT 117 -+# define DH_F_DH_CMS_SET_PEERKEY 118 -+# define DH_F_DH_CMS_SET_SHARED_INFO 119 -+# define DH_F_DH_COMPUTE_KEY 114 -+# define DH_F_DH_GENERATE_KEY 115 -+# define DH_F_DH_GENERATE_PARAMETERS_EX 116 - # define DH_F_DH_NEW_METHOD 105 - # define DH_F_DH_PARAM_DECODE 107 - # define DH_F_DH_PRIV_DECODE 110 -@@ -319,6 +370,7 @@ int ERR_load_DH_strings(void); - # define DH_F_DH_PUB_ENCODE 109 - # define DH_F_DO_DH_PRINT 100 - # define DH_F_GENERATE_KEY 103 -+# define DH_F_GENERATE_PARAMETERS 104 - # define DH_F_PKEY_DH_DERIVE 112 - # define DH_F_PKEY_DH_KEYGEN 113 - -@@ -330,15 +382,16 @@ int ERR_load_DH_strings(void); - # define DH_R_INVALID_PUBKEY 102 - # define DH_R_KDF_PARAMETER_ERROR 112 - # define DH_R_KEYS_NOT_SET 108 -+# define DH_R_KEY_SIZE_TOO_SMALL 110 - # define DH_R_MODULUS_TOO_LARGE 103 -+# define DH_R_NON_FIPS_METHOD 111 - # define DH_R_NO_PARAMETERS_SET 107 - # define DH_R_NO_PRIVATE_VALUE 100 - # define DH_R_PARAMETER_ENCODING_ERROR 105 --# define DH_R_PEER_KEY_ERROR 111 --# define DH_R_SHARED_INFO_ERROR 113 -+# define DH_R_PEER_KEY_ERROR 113 -+# define DH_R_SHARED_INFO_ERROR 114 - --# ifdef __cplusplus -+#ifdef __cplusplus - } --# endif --# endif -+#endif - #endif -diff --git a/Cryptlib/Include/openssl/dsa.h b/Cryptlib/Include/openssl/dsa.h -index 139718e..545358f 100644 ---- a/Cryptlib/Include/openssl/dsa.h -+++ b/Cryptlib/Include/openssl/dsa.h -@@ -1,54 +1,105 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/dsa/dsa.h */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - /* - * The DSS routines are based on patches supplied by -- * Steven Schoch . -- */ -+ * Steven Schoch . He basically did the -+ * work and I have just tweaked them a little to fit into my -+ * stylistic vision for SSLeay :-) */ - - #ifndef HEADER_DSA_H - # define HEADER_DSA_H - --# include -+# include - --# ifndef OPENSSL_NO_DSA --# ifdef __cplusplus --extern "C" { -+# ifdef OPENSSL_NO_DSA -+# error DSA is disabled. -+# endif -+ -+# ifndef OPENSSL_NO_BIO -+# include - # endif --# include --# include - # include - # include --# include --# include --# if OPENSSL_API_COMPAT < 0x10100000L --# include -+ -+# ifndef OPENSSL_NO_DEPRECATED -+# include -+# ifndef OPENSSL_NO_DH -+# include -+# endif - # endif - - # ifndef OPENSSL_DSA_MAX_MODULUS_BITS - # define OPENSSL_DSA_MAX_MODULUS_BITS 10000 - # endif - --# define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024 -- - # define DSA_FLAG_CACHE_MONT_P 0x01 --# if OPENSSL_API_COMPAT < 0x10100000L - /* -- * Does nothing. Previously this switched off constant time behaviour. -+ * new with 0.9.7h; the built-in DSA implementation now uses constant time -+ * modular exponentiation for secret exponents by default. This flag causes -+ * the faster variable sliding window method to be used for all exponents. - */ --# define DSA_FLAG_NO_EXP_CONSTTIME 0x00 --# endif -+# define DSA_FLAG_NO_EXP_CONSTTIME 0x02 - - /* - * If this flag is set the DSA method is FIPS compliant and can be used in - * FIPS mode. This is set in the validated module method. If an application -- * sets this flag in its own methods it is its responsibility to ensure the -+ * sets this flag in its own methods it is its reposibility to ensure the - * result is compliant. - */ - -@@ -61,13 +112,70 @@ extern "C" { - */ - - # define DSA_FLAG_NON_FIPS_ALLOW 0x0400 --# define DSA_FLAG_FIPS_CHECKED 0x0800 -+ -+#ifdef __cplusplus -+extern "C" { -+#endif - - /* Already defined in ossl_typ.h */ - /* typedef struct dsa_st DSA; */ - /* typedef struct dsa_method DSA_METHOD; */ - --typedef struct DSA_SIG_st DSA_SIG; -+typedef struct DSA_SIG_st { -+ BIGNUM *r; -+ BIGNUM *s; -+} DSA_SIG; -+ -+struct dsa_method { -+ const char *name; -+ DSA_SIG *(*dsa_do_sign) (const unsigned char *dgst, int dlen, DSA *dsa); -+ int (*dsa_sign_setup) (DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, -+ BIGNUM **rp); -+ int (*dsa_do_verify) (const unsigned char *dgst, int dgst_len, -+ DSA_SIG *sig, DSA *dsa); -+ int (*dsa_mod_exp) (DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, -+ BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, -+ BN_MONT_CTX *in_mont); -+ /* Can be null */ -+ int (*bn_mod_exp) (DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, -+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); -+ int (*init) (DSA *dsa); -+ int (*finish) (DSA *dsa); -+ int flags; -+ char *app_data; -+ /* If this is non-NULL, it is used to generate DSA parameters */ -+ int (*dsa_paramgen) (DSA *dsa, int bits, -+ const unsigned char *seed, int seed_len, -+ int *counter_ret, unsigned long *h_ret, -+ BN_GENCB *cb); -+ /* If this is non-NULL, it is used to generate DSA keys */ -+ int (*dsa_keygen) (DSA *dsa); -+}; -+ -+struct dsa_st { -+ /* -+ * This first variable is used to pick up errors where a DSA is passed -+ * instead of of a EVP_PKEY -+ */ -+ int pad; -+ long version; -+ int write_params; -+ BIGNUM *p; -+ BIGNUM *q; /* == 20 */ -+ BIGNUM *g; -+ BIGNUM *pub_key; /* y public key */ -+ BIGNUM *priv_key; /* x private key */ -+ BIGNUM *kinv; /* Signing pre-calc */ -+ BIGNUM *r; /* Signing pre-calc */ -+ int flags; -+ /* Normally used to cache montgomery values */ -+ BN_MONT_CTX *method_mont_p; -+ int references; -+ CRYPTO_EX_DATA ex_data; -+ const DSA_METHOD *meth; -+ /* functional reference if 'meth' is ENGINE-provided */ -+ ENGINE *engine; -+}; - - # define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \ - (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x)) -@@ -81,8 +189,6 @@ DSA_SIG *DSA_SIG_new(void); - void DSA_SIG_free(DSA_SIG *a); - int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp); - DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length); --void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); --int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s); - - DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); - int DSA_do_verify(const unsigned char *dgst, int dgst_len, -@@ -93,7 +199,6 @@ const DSA_METHOD *DSA_OpenSSL(void); - void DSA_set_default_method(const DSA_METHOD *); - const DSA_METHOD *DSA_get_default_method(void); - int DSA_set_method(DSA *dsa, const DSA_METHOD *); --const DSA_METHOD *DSA_get_method(DSA *d); - - DSA *DSA_new(void); - DSA *DSA_new_method(ENGINE *engine); -@@ -101,16 +206,14 @@ void DSA_free(DSA *r); - /* "up" the DSA object's reference count */ - int DSA_up_ref(DSA *r); - int DSA_size(const DSA *); --int DSA_bits(const DSA *d); --int DSA_security_bits(const DSA *d); - /* next 4 return -1 on error */ - int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); - int DSA_sign(int type, const unsigned char *dgst, int dlen, - unsigned char *sig, unsigned int *siglen, DSA *dsa); - int DSA_verify(int type, const unsigned char *dgst, int dgst_len, - const unsigned char *sigbuf, int siglen, DSA *dsa); --#define DSA_get_ex_new_index(l, p, newf, dupf, freef) \ -- CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, l, p, newf, dupf, freef) -+int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, -+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); - int DSA_set_ex_data(DSA *d, int idx, void *arg); - void *DSA_get_ex_data(DSA *d, int idx); - -@@ -119,14 +222,12 @@ DSA *d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length); - DSA *d2i_DSAparams(DSA **a, const unsigned char **pp, long length); - - /* Deprecated version */ --DEPRECATEDIN_0_9_8(DSA *DSA_generate_parameters(int bits, -- unsigned char *seed, -- int seed_len, -- int *counter_ret, -- unsigned long *h_ret, void -- (*callback) (int, int, -- void *), -- void *cb_arg)) -+# ifndef OPENSSL_NO_DEPRECATED -+DSA *DSA_generate_parameters(int bits, -+ unsigned char *seed, int seed_len, -+ int *counter_ret, unsigned long *h_ret, void -+ (*callback) (int, int, void *), void *cb_arg); -+# endif /* !defined(OPENSSL_NO_DEPRECATED) */ - - /* New version */ - int DSA_generate_parameters_ex(DSA *dsa, int bits, -@@ -139,9 +240,11 @@ int i2d_DSAPublicKey(const DSA *a, unsigned char **pp); - int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp); - int i2d_DSAparams(const DSA *a, unsigned char **pp); - -+# ifndef OPENSSL_NO_BIO - int DSAparams_print(BIO *bp, const DSA *x); - int DSA_print(BIO *bp, const DSA *x, int off); --# ifndef OPENSSL_NO_STDIO -+# endif -+# ifndef OPENSSL_NO_FP_API - int DSAparams_print_fp(FILE *fp, const DSA *x); - int DSA_print_fp(FILE *bp, const DSA *x, int off); - # endif -@@ -170,84 +273,25 @@ DH *DSA_dup_DH(const DSA *r); - # define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS (EVP_PKEY_ALG_CTRL + 2) - # define EVP_PKEY_CTRL_DSA_PARAMGEN_MD (EVP_PKEY_ALG_CTRL + 3) - --void DSA_get0_pqg(const DSA *d, -- const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); --int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g); --void DSA_get0_key(const DSA *d, -- const BIGNUM **pub_key, const BIGNUM **priv_key); --int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key); --void DSA_clear_flags(DSA *d, int flags); --int DSA_test_flags(const DSA *d, int flags); --void DSA_set_flags(DSA *d, int flags); --ENGINE *DSA_get0_engine(DSA *d); -- --DSA_METHOD *DSA_meth_new(const char *name, int flags); --void DSA_meth_free(DSA_METHOD *dsam); --DSA_METHOD *DSA_meth_dup(const DSA_METHOD *dsam); --const char *DSA_meth_get0_name(const DSA_METHOD *dsam); --int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name); --int DSA_meth_get_flags(DSA_METHOD *dsam); --int DSA_meth_set_flags(DSA_METHOD *dsam, int flags); --void *DSA_meth_get0_app_data(const DSA_METHOD *dsam); --int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data); --DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam)) -- (const unsigned char *, int, DSA *); --int DSA_meth_set_sign(DSA_METHOD *dsam, -- DSA_SIG *(*sign) (const unsigned char *, int, DSA *)); --int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam)) -- (DSA *, BN_CTX *, BIGNUM **, BIGNUM **); --int DSA_meth_set_sign_setup(DSA_METHOD *dsam, -- int (*sign_setup) (DSA *, BN_CTX *, BIGNUM **, BIGNUM **)); --int (*DSA_meth_get_verify(const DSA_METHOD *dsam)) -- (const unsigned char *, int , DSA_SIG *, DSA *); --int DSA_meth_set_verify(DSA_METHOD *dsam, -- int (*verify) (const unsigned char *, int, DSA_SIG *, DSA *)); --int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam)) -- (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, -- const BIGNUM *, const BIGNUM *, BN_CTX *, BN_MONT_CTX *); --int DSA_meth_set_mod_exp(DSA_METHOD *dsam, -- int (*mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, -- const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *, -- BN_MONT_CTX *)); --int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam)) -- (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, -- BN_CTX *, BN_MONT_CTX *); --int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam, -- int (*bn_mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, -- const BIGNUM *, BN_CTX *, BN_MONT_CTX *)); --int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *); --int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *)); --int (*DSA_meth_get_finish(const DSA_METHOD *dsam)) (DSA *); --int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish) (DSA *)); --int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam)) -- (DSA *, int, const unsigned char *, int, int *, unsigned long *, -- BN_GENCB *); --int DSA_meth_set_paramgen(DSA_METHOD *dsam, -- int (*paramgen) (DSA *, int, const unsigned char *, int, int *, -- unsigned long *, BN_GENCB *)); --int (*DSA_meth_get_keygen(const DSA_METHOD *dsam)) (DSA *); --int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen) (DSA *)); -- - /* BEGIN ERROR CODES */ - /* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -- --int ERR_load_DSA_strings(void); -+void ERR_load_DSA_strings(void); - - /* Error codes for the DSA functions. */ - - /* Function codes. */ -+# define DSA_F_D2I_DSA_SIG 110 -+# define DSA_F_DO_DSA_PRINT 104 - # define DSA_F_DSAPARAMS_PRINT 100 - # define DSA_F_DSAPARAMS_PRINT_FP 101 --# define DSA_F_DSA_BUILTIN_PARAMGEN 125 - # define DSA_F_DSA_BUILTIN_PARAMGEN2 126 - # define DSA_F_DSA_DO_SIGN 112 - # define DSA_F_DSA_DO_VERIFY 113 --# define DSA_F_DSA_METH_DUP 127 --# define DSA_F_DSA_METH_NEW 128 --# define DSA_F_DSA_METH_SET1_NAME 129 -+# define DSA_F_DSA_GENERATE_KEY 124 -+# define DSA_F_DSA_GENERATE_PARAMETERS_EX 123 - # define DSA_F_DSA_NEW_METHOD 103 - # define DSA_F_DSA_PARAM_DECODE 119 - # define DSA_F_DSA_PRINT_FP 105 -@@ -257,27 +301,32 @@ int ERR_load_DSA_strings(void); - # define DSA_F_DSA_PUB_ENCODE 118 - # define DSA_F_DSA_SIGN 106 - # define DSA_F_DSA_SIGN_SETUP 107 --# define DSA_F_DSA_SIG_NEW 102 -+# define DSA_F_DSA_SIG_NEW 109 -+# define DSA_F_DSA_SIG_PRINT 125 -+# define DSA_F_DSA_VERIFY 108 -+# define DSA_F_I2D_DSA_SIG 111 - # define DSA_F_OLD_DSA_PRIV_DECODE 122 - # define DSA_F_PKEY_DSA_CTRL 120 - # define DSA_F_PKEY_DSA_KEYGEN 121 -+# define DSA_F_SIG_CB 114 - - /* Reason codes. */ - # define DSA_R_BAD_Q_VALUE 102 - # define DSA_R_BN_DECODE_ERROR 108 - # define DSA_R_BN_ERROR 109 -+# define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 - # define DSA_R_DECODE_ERROR 104 - # define DSA_R_INVALID_DIGEST_TYPE 106 - # define DSA_R_INVALID_PARAMETERS 112 - # define DSA_R_MISSING_PARAMETERS 101 - # define DSA_R_MODULUS_TOO_LARGE 103 -+# define DSA_R_NEED_NEW_SETUP_VALUES 110 -+# define DSA_R_NON_FIPS_DSA_METHOD 111 - # define DSA_R_NO_PARAMETERS_SET 107 - # define DSA_R_PARAMETER_ENCODING_ERROR 105 - # define DSA_R_Q_NOT_PRIME 113 --# define DSA_R_SEED_LEN_SMALL 110 - --# ifdef __cplusplus -+#ifdef __cplusplus - } --# endif --# endif -+#endif - #endif -diff --git a/Cryptlib/Include/openssl/dso.h b/Cryptlib/Include/openssl/dso.h -new file mode 100644 -index 0000000..c9013f5 ---- /dev/null -+++ b/Cryptlib/Include/openssl/dso.h -@@ -0,0 +1,451 @@ -+/* dso.h */ -+/* -+ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project -+ * 2000. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+#ifndef HEADER_DSO_H -+# define HEADER_DSO_H -+ -+# include -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+/* These values are used as commands to DSO_ctrl() */ -+# define DSO_CTRL_GET_FLAGS 1 -+# define DSO_CTRL_SET_FLAGS 2 -+# define DSO_CTRL_OR_FLAGS 3 -+ -+/* -+ * By default, DSO_load() will translate the provided filename into a form -+ * typical for the platform (more specifically the DSO_METHOD) using the -+ * dso_name_converter function of the method. Eg. win32 will transform "blah" -+ * into "blah.dll", and dlfcn will transform it into "libblah.so". The -+ * behaviour can be overriden by setting the name_converter callback in the -+ * DSO object (using DSO_set_name_converter()). This callback could even -+ * utilise the DSO_METHOD's converter too if it only wants to override -+ * behaviour for one or two possible DSO methods. However, the following flag -+ * can be set in a DSO to prevent *any* native name-translation at all - eg. -+ * if the caller has prompted the user for a path to a driver library so the -+ * filename should be interpreted as-is. -+ */ -+# define DSO_FLAG_NO_NAME_TRANSLATION 0x01 -+/* -+ * An extra flag to give if only the extension should be added as -+ * translation. This is obviously only of importance on Unix and other -+ * operating systems where the translation also may prefix the name with -+ * something, like 'lib', and ignored everywhere else. This flag is also -+ * ignored if DSO_FLAG_NO_NAME_TRANSLATION is used at the same time. -+ */ -+# define DSO_FLAG_NAME_TRANSLATION_EXT_ONLY 0x02 -+ -+/* -+ * The following flag controls the translation of symbol names to upper case. -+ * This is currently only being implemented for OpenVMS. -+ */ -+# define DSO_FLAG_UPCASE_SYMBOL 0x10 -+ -+/* -+ * This flag loads the library with public symbols. Meaning: The exported -+ * symbols of this library are public to all libraries loaded after this -+ * library. At the moment only implemented in unix. -+ */ -+# define DSO_FLAG_GLOBAL_SYMBOLS 0x20 -+ -+typedef void (*DSO_FUNC_TYPE) (void); -+ -+typedef struct dso_st DSO; -+ -+/* -+ * The function prototype used for method functions (or caller-provided -+ * callbacks) that transform filenames. They are passed a DSO structure -+ * pointer (or NULL if they are to be used independantly of a DSO object) and -+ * a filename to transform. They should either return NULL (if there is an -+ * error condition) or a newly allocated string containing the transformed -+ * form that the caller will need to free with OPENSSL_free() when done. -+ */ -+typedef char *(*DSO_NAME_CONVERTER_FUNC)(DSO *, const char *); -+/* -+ * The function prototype used for method functions (or caller-provided -+ * callbacks) that merge two file specifications. They are passed a DSO -+ * structure pointer (or NULL if they are to be used independantly of a DSO -+ * object) and two file specifications to merge. They should either return -+ * NULL (if there is an error condition) or a newly allocated string -+ * containing the result of merging that the caller will need to free with -+ * OPENSSL_free() when done. Here, merging means that bits and pieces are -+ * taken from each of the file specifications and added together in whatever -+ * fashion that is sensible for the DSO method in question. The only rule -+ * that really applies is that if the two specification contain pieces of the -+ * same type, the copy from the first string takes priority. One could see -+ * it as the first specification is the one given by the user and the second -+ * being a bunch of defaults to add on if they're missing in the first. -+ */ -+typedef char *(*DSO_MERGER_FUNC)(DSO *, const char *, const char *); -+ -+typedef struct dso_meth_st { -+ const char *name; -+ /* -+ * Loads a shared library, NB: new DSO_METHODs must ensure that a -+ * successful load populates the loaded_filename field, and likewise a -+ * successful unload OPENSSL_frees and NULLs it out. -+ */ -+ int (*dso_load) (DSO *dso); -+ /* Unloads a shared library */ -+ int (*dso_unload) (DSO *dso); -+ /* Binds a variable */ -+ void *(*dso_bind_var) (DSO *dso, const char *symname); -+ /* -+ * Binds a function - assumes a return type of DSO_FUNC_TYPE. This should -+ * be cast to the real function prototype by the caller. Platforms that -+ * don't have compatible representations for different prototypes (this -+ * is possible within ANSI C) are highly unlikely to have shared -+ * libraries at all, let alone a DSO_METHOD implemented for them. -+ */ -+ DSO_FUNC_TYPE (*dso_bind_func) (DSO *dso, const char *symname); -+/* I don't think this would actually be used in any circumstances. */ -+# if 0 -+ /* Unbinds a variable */ -+ int (*dso_unbind_var) (DSO *dso, char *symname, void *symptr); -+ /* Unbinds a function */ -+ int (*dso_unbind_func) (DSO *dso, char *symname, DSO_FUNC_TYPE symptr); -+# endif -+ /* -+ * The generic (yuck) "ctrl()" function. NB: Negative return values -+ * (rather than zero) indicate errors. -+ */ -+ long (*dso_ctrl) (DSO *dso, int cmd, long larg, void *parg); -+ /* -+ * The default DSO_METHOD-specific function for converting filenames to a -+ * canonical native form. -+ */ -+ DSO_NAME_CONVERTER_FUNC dso_name_converter; -+ /* -+ * The default DSO_METHOD-specific function for converting filenames to a -+ * canonical native form. -+ */ -+ DSO_MERGER_FUNC dso_merger; -+ /* [De]Initialisation handlers. */ -+ int (*init) (DSO *dso); -+ int (*finish) (DSO *dso); -+ /* Return pathname of the module containing location */ -+ int (*pathbyaddr) (void *addr, char *path, int sz); -+ /* Perform global symbol lookup, i.e. among *all* modules */ -+ void *(*globallookup) (const char *symname); -+} DSO_METHOD; -+ -+/**********************************************************************/ -+/* The low-level handle type used to refer to a loaded shared library */ -+ -+struct dso_st { -+ DSO_METHOD *meth; -+ /* -+ * Standard dlopen uses a (void *). Win32 uses a HANDLE. VMS doesn't use -+ * anything but will need to cache the filename for use in the dso_bind -+ * handler. All in all, let each method control its own destiny. -+ * "Handles" and such go in a STACK. -+ */ -+ STACK_OF(void) *meth_data; -+ int references; -+ int flags; -+ /* -+ * For use by applications etc ... use this for your bits'n'pieces, don't -+ * touch meth_data! -+ */ -+ CRYPTO_EX_DATA ex_data; -+ /* -+ * If this callback function pointer is set to non-NULL, then it will be -+ * used in DSO_load() in place of meth->dso_name_converter. NB: This -+ * should normally set using DSO_set_name_converter(). -+ */ -+ DSO_NAME_CONVERTER_FUNC name_converter; -+ /* -+ * If this callback function pointer is set to non-NULL, then it will be -+ * used in DSO_load() in place of meth->dso_merger. NB: This should -+ * normally set using DSO_set_merger(). -+ */ -+ DSO_MERGER_FUNC merger; -+ /* -+ * This is populated with (a copy of) the platform-independant filename -+ * used for this DSO. -+ */ -+ char *filename; -+ /* -+ * This is populated with (a copy of) the translated filename by which -+ * the DSO was actually loaded. It is NULL iff the DSO is not currently -+ * loaded. NB: This is here because the filename translation process may -+ * involve a callback being invoked more than once not only to convert to -+ * a platform-specific form, but also to try different filenames in the -+ * process of trying to perform a load. As such, this variable can be -+ * used to indicate (a) whether this DSO structure corresponds to a -+ * loaded library or not, and (b) the filename with which it was actually -+ * loaded. -+ */ -+ char *loaded_filename; -+}; -+ -+DSO *DSO_new(void); -+DSO *DSO_new_method(DSO_METHOD *method); -+int DSO_free(DSO *dso); -+int DSO_flags(DSO *dso); -+int DSO_up_ref(DSO *dso); -+long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg); -+ -+/* -+ * This function sets the DSO's name_converter callback. If it is non-NULL, -+ * then it will be used instead of the associated DSO_METHOD's function. If -+ * oldcb is non-NULL then it is set to the function pointer value being -+ * replaced. Return value is non-zero for success. -+ */ -+int DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb, -+ DSO_NAME_CONVERTER_FUNC *oldcb); -+/* -+ * These functions can be used to get/set the platform-independant filename -+ * used for a DSO. NB: set will fail if the DSO is already loaded. -+ */ -+const char *DSO_get_filename(DSO *dso); -+int DSO_set_filename(DSO *dso, const char *filename); -+/* -+ * This function will invoke the DSO's name_converter callback to translate a -+ * filename, or if the callback isn't set it will instead use the DSO_METHOD's -+ * converter. If "filename" is NULL, the "filename" in the DSO itself will be -+ * used. If the DSO_FLAG_NO_NAME_TRANSLATION flag is set, then the filename is -+ * simply duplicated. NB: This function is usually called from within a -+ * DSO_METHOD during the processing of a DSO_load() call, and is exposed so -+ * that caller-created DSO_METHODs can do the same thing. A non-NULL return -+ * value will need to be OPENSSL_free()'d. -+ */ -+char *DSO_convert_filename(DSO *dso, const char *filename); -+/* -+ * This function will invoke the DSO's merger callback to merge two file -+ * specifications, or if the callback isn't set it will instead use the -+ * DSO_METHOD's merger. A non-NULL return value will need to be -+ * OPENSSL_free()'d. -+ */ -+char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2); -+/* -+ * If the DSO is currently loaded, this returns the filename that it was -+ * loaded under, otherwise it returns NULL. So it is also useful as a test as -+ * to whether the DSO is currently loaded. NB: This will not necessarily -+ * return the same value as DSO_convert_filename(dso, dso->filename), because -+ * the DSO_METHOD's load function may have tried a variety of filenames (with -+ * and/or without the aid of the converters) before settling on the one it -+ * actually loaded. -+ */ -+const char *DSO_get_loaded_filename(DSO *dso); -+ -+void DSO_set_default_method(DSO_METHOD *meth); -+DSO_METHOD *DSO_get_default_method(void); -+DSO_METHOD *DSO_get_method(DSO *dso); -+DSO_METHOD *DSO_set_method(DSO *dso, DSO_METHOD *meth); -+ -+/* -+ * The all-singing all-dancing load function, you normally pass NULL for the -+ * first and third parameters. Use DSO_up and DSO_free for subsequent -+ * reference count handling. Any flags passed in will be set in the -+ * constructed DSO after its init() function but before the load operation. -+ * If 'dso' is non-NULL, 'flags' is ignored. -+ */ -+DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags); -+ -+/* This function binds to a variable inside a shared library. */ -+void *DSO_bind_var(DSO *dso, const char *symname); -+ -+/* This function binds to a function inside a shared library. */ -+DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname); -+ -+/* -+ * This method is the default, but will beg, borrow, or steal whatever method -+ * should be the default on any particular platform (including -+ * DSO_METH_null() if necessary). -+ */ -+DSO_METHOD *DSO_METHOD_openssl(void); -+ -+/* -+ * This method is defined for all platforms - if a platform has no DSO -+ * support then this will be the only method! -+ */ -+DSO_METHOD *DSO_METHOD_null(void); -+ -+/* -+ * If DSO_DLFCN is defined, the standard dlfcn.h-style functions (dlopen, -+ * dlclose, dlsym, etc) will be used and incorporated into this method. If -+ * not, this method will return NULL. -+ */ -+DSO_METHOD *DSO_METHOD_dlfcn(void); -+ -+/* -+ * If DSO_DL is defined, the standard dl.h-style functions (shl_load, -+ * shl_unload, shl_findsym, etc) will be used and incorporated into this -+ * method. If not, this method will return NULL. -+ */ -+DSO_METHOD *DSO_METHOD_dl(void); -+ -+/* If WIN32 is defined, use DLLs. If not, return NULL. */ -+DSO_METHOD *DSO_METHOD_win32(void); -+ -+/* If VMS is defined, use shared images. If not, return NULL. */ -+DSO_METHOD *DSO_METHOD_vms(void); -+ -+/* -+ * This function writes null-terminated pathname of DSO module containing -+ * 'addr' into 'sz' large caller-provided 'path' and returns the number of -+ * characters [including trailing zero] written to it. If 'sz' is 0 or -+ * negative, 'path' is ignored and required amount of charachers [including -+ * trailing zero] to accomodate pathname is returned. If 'addr' is NULL, then -+ * pathname of cryptolib itself is returned. Negative or zero return value -+ * denotes error. -+ */ -+int DSO_pathbyaddr(void *addr, char *path, int sz); -+ -+/* -+ * This function should be used with caution! It looks up symbols in *all* -+ * loaded modules and if module gets unloaded by somebody else attempt to -+ * dereference the pointer is doomed to have fatal consequences. Primary -+ * usage for this function is to probe *core* system functionality, e.g. -+ * check if getnameinfo(3) is available at run-time without bothering about -+ * OS-specific details such as libc.so.versioning or where does it actually -+ * reside: in libc itself or libsocket. -+ */ -+void *DSO_global_lookup(const char *name); -+ -+/* If BeOS is defined, use shared images. If not, return NULL. */ -+DSO_METHOD *DSO_METHOD_beos(void); -+ -+/* BEGIN ERROR CODES */ -+/* -+ * The following lines are auto generated by the script mkerr.pl. Any changes -+ * made after this point may be overwritten when the script is next run. -+ */ -+void ERR_load_DSO_strings(void); -+ -+/* Error codes for the DSO functions. */ -+ -+/* Function codes. */ -+# define DSO_F_BEOS_BIND_FUNC 144 -+# define DSO_F_BEOS_BIND_VAR 145 -+# define DSO_F_BEOS_LOAD 146 -+# define DSO_F_BEOS_NAME_CONVERTER 147 -+# define DSO_F_BEOS_UNLOAD 148 -+# define DSO_F_DLFCN_BIND_FUNC 100 -+# define DSO_F_DLFCN_BIND_VAR 101 -+# define DSO_F_DLFCN_LOAD 102 -+# define DSO_F_DLFCN_MERGER 130 -+# define DSO_F_DLFCN_NAME_CONVERTER 123 -+# define DSO_F_DLFCN_UNLOAD 103 -+# define DSO_F_DL_BIND_FUNC 104 -+# define DSO_F_DL_BIND_VAR 105 -+# define DSO_F_DL_LOAD 106 -+# define DSO_F_DL_MERGER 131 -+# define DSO_F_DL_NAME_CONVERTER 124 -+# define DSO_F_DL_UNLOAD 107 -+# define DSO_F_DSO_BIND_FUNC 108 -+# define DSO_F_DSO_BIND_VAR 109 -+# define DSO_F_DSO_CONVERT_FILENAME 126 -+# define DSO_F_DSO_CTRL 110 -+# define DSO_F_DSO_FREE 111 -+# define DSO_F_DSO_GET_FILENAME 127 -+# define DSO_F_DSO_GET_LOADED_FILENAME 128 -+# define DSO_F_DSO_GLOBAL_LOOKUP 139 -+# define DSO_F_DSO_LOAD 112 -+# define DSO_F_DSO_MERGE 132 -+# define DSO_F_DSO_NEW_METHOD 113 -+# define DSO_F_DSO_PATHBYADDR 140 -+# define DSO_F_DSO_SET_FILENAME 129 -+# define DSO_F_DSO_SET_NAME_CONVERTER 122 -+# define DSO_F_DSO_UP_REF 114 -+# define DSO_F_GLOBAL_LOOKUP_FUNC 138 -+# define DSO_F_PATHBYADDR 137 -+# define DSO_F_VMS_BIND_SYM 115 -+# define DSO_F_VMS_LOAD 116 -+# define DSO_F_VMS_MERGER 133 -+# define DSO_F_VMS_UNLOAD 117 -+# define DSO_F_WIN32_BIND_FUNC 118 -+# define DSO_F_WIN32_BIND_VAR 119 -+# define DSO_F_WIN32_GLOBALLOOKUP 142 -+# define DSO_F_WIN32_GLOBALLOOKUP_FUNC 143 -+# define DSO_F_WIN32_JOINER 135 -+# define DSO_F_WIN32_LOAD 120 -+# define DSO_F_WIN32_MERGER 134 -+# define DSO_F_WIN32_NAME_CONVERTER 125 -+# define DSO_F_WIN32_PATHBYADDR 141 -+# define DSO_F_WIN32_SPLITTER 136 -+# define DSO_F_WIN32_UNLOAD 121 -+ -+/* Reason codes. */ -+# define DSO_R_CTRL_FAILED 100 -+# define DSO_R_DSO_ALREADY_LOADED 110 -+# define DSO_R_EMPTY_FILE_STRUCTURE 113 -+# define DSO_R_FAILURE 114 -+# define DSO_R_FILENAME_TOO_BIG 101 -+# define DSO_R_FINISH_FAILED 102 -+# define DSO_R_INCORRECT_FILE_SYNTAX 115 -+# define DSO_R_LOAD_FAILED 103 -+# define DSO_R_NAME_TRANSLATION_FAILED 109 -+# define DSO_R_NO_FILENAME 111 -+# define DSO_R_NO_FILE_SPECIFICATION 116 -+# define DSO_R_NULL_HANDLE 104 -+# define DSO_R_SET_FILENAME_FAILED 112 -+# define DSO_R_STACK_ERROR 105 -+# define DSO_R_SYM_FAILURE 106 -+# define DSO_R_UNLOAD_FAILED 107 -+# define DSO_R_UNSUPPORTED 108 -+ -+#ifdef __cplusplus -+} -+#endif -+#endif -diff --git a/Cryptlib/Include/openssl/dtls1.h b/Cryptlib/Include/openssl/dtls1.h -index f4769f8..30bbcf2 100644 ---- a/Cryptlib/Include/openssl/dtls1.h -+++ b/Cryptlib/Include/openssl/dtls1.h -@@ -1,22 +1,90 @@ -+/* ssl/dtls1.h */ - /* -- * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * DTLS implementation written by Nagendra Modadugu -+ * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #ifndef HEADER_DTLS1_H - # define HEADER_DTLS1_H - -+# include -+# include -+# ifdef OPENSSL_SYS_VMS -+# include -+# include -+# endif -+# ifdef OPENSSL_SYS_WIN32 -+/* Needed for struct timeval */ -+# include -+# elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_) -+# include -+# else -+# if defined(OPENSSL_SYS_VXWORKS) -+# include -+# else -+# include -+# endif -+# endif -+ - #ifdef __cplusplus - extern "C" { - #endif - - # define DTLS1_VERSION 0xFEFF - # define DTLS1_2_VERSION 0xFEFD --# define DTLS_MIN_VERSION DTLS1_VERSION - # define DTLS_MAX_VERSION DTLS1_2_VERSION - # define DTLS1_VERSION_MAJOR 0xFE - -@@ -25,6 +93,11 @@ extern "C" { - /* Special value for method supporting multiple versions */ - # define DTLS_ANY_VERSION 0x1FFFF - -+# if 0 -+/* this alert description is not specified anywhere... */ -+# define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 110 -+# endif -+ - /* lengths of messages */ - # define DTLS1_COOKIE_LENGTH 256 - -@@ -43,6 +116,149 @@ extern "C" { - # define DTLS1_AL_HEADER_LENGTH 2 - # endif - -+# ifndef OPENSSL_NO_SSL_INTERN -+ -+# ifndef OPENSSL_NO_SCTP -+# define DTLS1_SCTP_AUTH_LABEL "EXPORTER_DTLS_OVER_SCTP" -+# endif -+ -+/* Max MTU overhead we know about so far is 40 for IPv6 + 8 for UDP */ -+# define DTLS1_MAX_MTU_OVERHEAD 48 -+ -+typedef struct dtls1_bitmap_st { -+ unsigned long map; /* track 32 packets on 32-bit systems and 64 -+ * - on 64-bit systems */ -+ unsigned char max_seq_num[8]; /* max record number seen so far, 64-bit -+ * value in big-endian encoding */ -+} DTLS1_BITMAP; -+ -+struct dtls1_retransmit_state { -+ EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ -+ EVP_MD_CTX *write_hash; /* used for mac generation */ -+# ifndef OPENSSL_NO_COMP -+ COMP_CTX *compress; /* compression */ -+# else -+ char *compress; -+# endif -+ SSL_SESSION *session; -+ unsigned short epoch; -+}; -+ -+struct hm_header_st { -+ unsigned char type; -+ unsigned long msg_len; -+ unsigned short seq; -+ unsigned long frag_off; -+ unsigned long frag_len; -+ unsigned int is_ccs; -+ struct dtls1_retransmit_state saved_retransmit_state; -+}; -+ -+struct ccs_header_st { -+ unsigned char type; -+ unsigned short seq; -+}; -+ -+struct dtls1_timeout_st { -+ /* Number of read timeouts so far */ -+ unsigned int read_timeouts; -+ /* Number of write timeouts so far */ -+ unsigned int write_timeouts; -+ /* Number of alerts received so far */ -+ unsigned int num_alerts; -+}; -+ -+typedef struct record_pqueue_st { -+ unsigned short epoch; -+ pqueue q; -+} record_pqueue; -+ -+typedef struct hm_fragment_st { -+ struct hm_header_st msg_header; -+ unsigned char *fragment; -+ unsigned char *reassembly; -+} hm_fragment; -+ -+typedef struct dtls1_state_st { -+ unsigned int send_cookie; -+ unsigned char cookie[DTLS1_COOKIE_LENGTH]; -+ unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH]; -+ unsigned int cookie_len; -+ /* -+ * The current data and handshake epoch. This is initially -+ * undefined, and starts at zero once the initial handshake is -+ * completed -+ */ -+ unsigned short r_epoch; -+ unsigned short w_epoch; -+ /* records being received in the current epoch */ -+ DTLS1_BITMAP bitmap; -+ /* renegotiation starts a new set of sequence numbers */ -+ DTLS1_BITMAP next_bitmap; -+ /* handshake message numbers */ -+ unsigned short handshake_write_seq; -+ unsigned short next_handshake_write_seq; -+ unsigned short handshake_read_seq; -+ /* save last sequence number for retransmissions */ -+ unsigned char last_write_sequence[8]; -+ /* Received handshake records (processed and unprocessed) */ -+ record_pqueue unprocessed_rcds; -+ record_pqueue processed_rcds; -+ /* Buffered handshake messages */ -+ pqueue buffered_messages; -+ /* Buffered (sent) handshake records */ -+ pqueue sent_messages; -+ /* -+ * Buffered application records. Only for records between CCS and -+ * Finished to prevent either protocol violation or unnecessary message -+ * loss. -+ */ -+ record_pqueue buffered_app_data; -+ /* Is set when listening for new connections with dtls1_listen() */ -+ unsigned int listen; -+ unsigned int link_mtu; /* max on-the-wire DTLS packet size */ -+ unsigned int mtu; /* max DTLS packet size */ -+ struct hm_header_st w_msg_hdr; -+ struct hm_header_st r_msg_hdr; -+ struct dtls1_timeout_st timeout; -+ /* -+ * Indicates when the last handshake msg or heartbeat sent will timeout -+ */ -+ struct timeval next_timeout; -+ /* Timeout duration */ -+ unsigned short timeout_duration; -+ /* -+ * storage for Alert/Handshake protocol data received but not yet -+ * processed by ssl3_read_bytes: -+ */ -+ unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH]; -+ unsigned int alert_fragment_len; -+ unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH]; -+ unsigned int handshake_fragment_len; -+ unsigned int retransmitting; -+ /* -+ * Set when the handshake is ready to process peer's ChangeCipherSpec message. -+ * Cleared after the message has been processed. -+ */ -+ unsigned int change_cipher_spec_ok; -+# ifndef OPENSSL_NO_SCTP -+ /* used when SSL_ST_XX_FLUSH is entered */ -+ int next_state; -+ int shutdown_received; -+# endif -+} DTLS1_STATE; -+ -+typedef struct dtls1_record_data_st { -+ unsigned char *packet; -+ unsigned int packet_length; -+ SSL3_BUFFER rbuf; -+ SSL3_RECORD rrec; -+# ifndef OPENSSL_NO_SCTP -+ struct bio_dgram_sctp_rcvinfo recordinfo; -+# endif -+} DTLS1_RECORD_DATA; -+ -+# endif - - /* Timeout multipliers (timeout slice is defined in apps/timeouts.h */ - # define DTLS1_TMO_READ_COUNT 2 -diff --git a/Cryptlib/Include/openssl/e_os2.h b/Cryptlib/Include/openssl/e_os2.h -index f11cffe..909e22f 100644 ---- a/Cryptlib/Include/openssl/e_os2.h -+++ b/Cryptlib/Include/openssl/e_os2.h -@@ -1,17 +1,63 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* e_os2.h */ -+/* ==================================================================== -+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - -+#include -+ - #ifndef HEADER_E_OS2_H - # define HEADER_E_OS2_H - --# include -- - #ifdef __cplusplus - extern "C" { - #endif -@@ -24,14 +70,27 @@ extern "C" { - - # define OPENSSL_SYS_UNIX - -+/* ---------------------- Macintosh, before MacOS X ----------------------- */ -+# if defined(__MWERKS__) && defined(macintosh) || defined(OPENSSL_SYSNAME_MAC) -+# undef OPENSSL_SYS_UNIX -+# define OPENSSL_SYS_MACINTOSH_CLASSIC -+# endif -+ -+/* ---------------------- NetWare ----------------------------------------- */ -+# if defined(NETWARE) || defined(OPENSSL_SYSNAME_NETWARE) -+# undef OPENSSL_SYS_UNIX -+# define OPENSSL_SYS_NETWARE -+# endif -+ - /* --------------------- Microsoft operating systems ---------------------- */ - - /* - * Note that MSDOS actually denotes 32-bit environments running on top of - * MS-DOS, such as DJGPP one. - */ --# if defined(OPENSSL_SYS_MSDOS) -+# if defined(OPENSSL_SYSNAME_MSDOS) - # undef OPENSSL_SYS_UNIX -+# define OPENSSL_SYS_MSDOS - # endif - - /* -@@ -42,33 +101,34 @@ extern "C" { - * UEFI lives here because it might be built with a Microsoft toolchain and - * we need to avoid the false positive match on Windows. - */ --# if defined(OPENSSL_SYS_UEFI) -+# if defined(OPENSSL_SYSNAME_UEFI) - # undef OPENSSL_SYS_UNIX --# elif defined(OPENSSL_SYS_UWIN) -+# define OPENSSL_SYS_UEFI -+# elif defined(OPENSSL_SYSNAME_UWIN) - # undef OPENSSL_SYS_UNIX - # define OPENSSL_SYS_WIN32_UWIN - # else --# if defined(__CYGWIN__) || defined(OPENSSL_SYS_CYGWIN) -+# if defined(__CYGWIN__) || defined(OPENSSL_SYSNAME_CYGWIN) - # undef OPENSSL_SYS_UNIX - # define OPENSSL_SYS_WIN32_CYGWIN - # else --# if defined(_WIN32) || defined(OPENSSL_SYS_WIN32) -+# if defined(_WIN32) || defined(OPENSSL_SYSNAME_WIN32) - # undef OPENSSL_SYS_UNIX --# if !defined(OPENSSL_SYS_WIN32) --# define OPENSSL_SYS_WIN32 --# endif -+# define OPENSSL_SYS_WIN32 - # endif --# if defined(_WIN64) || defined(OPENSSL_SYS_WIN64) -+# if defined(_WIN64) || defined(OPENSSL_SYSNAME_WIN64) - # undef OPENSSL_SYS_UNIX - # if !defined(OPENSSL_SYS_WIN64) - # define OPENSSL_SYS_WIN64 - # endif - # endif --# if defined(OPENSSL_SYS_WINNT) -+# if defined(OPENSSL_SYSNAME_WINNT) - # undef OPENSSL_SYS_UNIX -+# define OPENSSL_SYS_WINNT - # endif --# if defined(OPENSSL_SYS_WINCE) -+# if defined(OPENSSL_SYSNAME_WINCE) - # undef OPENSSL_SYS_UNIX -+# define OPENSSL_SYS_WINCE - # endif - # endif - # endif -@@ -97,10 +157,8 @@ extern "C" { - # endif - - /* ------------------------------- OpenVMS -------------------------------- */ --# if defined(__VMS) || defined(VMS) || defined(OPENSSL_SYS_VMS) --# if !defined(OPENSSL_SYS_VMS) --# undef OPENSSL_SYS_UNIX --# endif -+# if defined(__VMS) || defined(VMS) || defined(OPENSSL_SYSNAME_VMS) -+# undef OPENSSL_SYS_UNIX - # define OPENSSL_SYS_VMS - # if defined(__DECC) - # define OPENSSL_SYS_VMS_DECC -@@ -112,18 +170,49 @@ extern "C" { - # endif - # endif - -+/* -------------------------------- OS/2 ---------------------------------- */ -+# if defined(__EMX__) || defined(__OS2__) -+# undef OPENSSL_SYS_UNIX -+# define OPENSSL_SYS_OS2 -+# endif -+ - /* -------------------------------- Unix ---------------------------------- */ - # ifdef OPENSSL_SYS_UNIX --# if defined(linux) || defined(__linux__) && !defined(OPENSSL_SYS_LINUX) -+# if defined(linux) || defined(__linux__) || defined(OPENSSL_SYSNAME_LINUX) - # define OPENSSL_SYS_LINUX - # endif --# if defined(_AIX) && !defined(OPENSSL_SYS_AIX) -+# ifdef OPENSSL_SYSNAME_MPE -+# define OPENSSL_SYS_MPE -+# endif -+# ifdef OPENSSL_SYSNAME_SNI -+# define OPENSSL_SYS_SNI -+# endif -+# ifdef OPENSSL_SYSNAME_ULTRASPARC -+# define OPENSSL_SYS_ULTRASPARC -+# endif -+# ifdef OPENSSL_SYSNAME_NEWS4 -+# define OPENSSL_SYS_NEWS4 -+# endif -+# ifdef OPENSSL_SYSNAME_MACOSX -+# define OPENSSL_SYS_MACOSX -+# endif -+# ifdef OPENSSL_SYSNAME_MACOSX_RHAPSODY -+# define OPENSSL_SYS_MACOSX_RHAPSODY -+# define OPENSSL_SYS_MACOSX -+# endif -+# ifdef OPENSSL_SYSNAME_SUNOS -+# define OPENSSL_SYS_SUNOS -+# endif -+# if defined(_CRAY) || defined(OPENSSL_SYSNAME_CRAY) -+# define OPENSSL_SYS_CRAY -+# endif -+# if defined(_AIX) || defined(OPENSSL_SYSNAME_AIX) - # define OPENSSL_SYS_AIX - # endif - # endif - - /* -------------------------------- VOS ----------------------------------- */ --# if defined(__VOS__) && !defined(OPENSSL_SYS_VOS) -+# if defined(__VOS__) || defined(OPENSSL_SYSNAME_VOS) - # define OPENSSL_SYS_VOS - # ifdef __HPPA__ - # define OPENSSL_SYS_VOS_HPPA -@@ -133,6 +222,22 @@ extern "C" { - # endif - # endif - -+/* ------------------------------ VxWorks --------------------------------- */ -+# ifdef OPENSSL_SYSNAME_VXWORKS -+# define OPENSSL_SYS_VXWORKS -+# endif -+ -+/* -------------------------------- BeOS ---------------------------------- */ -+# if defined(__BEOS__) -+# define OPENSSL_SYS_BEOS -+# include -+# if defined(BONE_VERSION) -+# define OPENSSL_SYS_BEOS_BONE -+# else -+# define OPENSSL_SYS_BEOS_R5 -+# endif -+# endif -+ - /** - * That's it for OS-specific stuff - *****************************************************************************/ -@@ -149,7 +254,7 @@ extern "C" { - /*- - * Definitions of OPENSSL_GLOBAL and OPENSSL_EXTERN, to define and declare - * certain global symbols that, with some compilers under VMS, have to be -- * defined and declared explicitly with globaldef and globalref. -+ * defined and declared explicitely with globaldef and globalref. - * Definitions of OPENSSL_EXPORT and OPENSSL_IMPORT, to define and declare - * DLL exports and imports for compilers under Win32. These are a little - * more complicated to use. Basically, for any library that exports some -@@ -161,23 +266,25 @@ extern "C" { - * # define OPENSSL_EXTERN OPENSSL_EXPORT - * #endif - * -- * The default is to have OPENSSL_EXPORT, OPENSSL_EXTERN and OPENSSL_GLOBAL -- * have some generally sensible values. -+ * The default is to have OPENSSL_EXPORT, OPENSSL_IMPORT and OPENSSL_GLOBAL -+ * have some generally sensible values, and for OPENSSL_EXTERN to have the -+ * value OPENSSL_IMPORT. - */ - - # if defined(OPENSSL_SYS_VMS_NODECC) - # define OPENSSL_EXPORT globalref --# define OPENSSL_EXTERN globalref -+# define OPENSSL_IMPORT globalref - # define OPENSSL_GLOBAL globaldef - # elif defined(OPENSSL_SYS_WINDOWS) && defined(OPENSSL_OPT_WINDLL) - # define OPENSSL_EXPORT extern __declspec(dllexport) --# define OPENSSL_EXTERN extern __declspec(dllimport) -+# define OPENSSL_IMPORT extern __declspec(dllimport) - # define OPENSSL_GLOBAL - # else - # define OPENSSL_EXPORT extern --# define OPENSSL_EXTERN extern -+# define OPENSSL_IMPORT extern - # define OPENSSL_GLOBAL - # endif -+# define OPENSSL_EXTERN OPENSSL_IMPORT - - /*- - * Macros to allow global variables to be reached through function calls when -@@ -202,108 +309,24 @@ extern "C" { - # define OPENSSL_GLOBAL_REF(name) _shadow_##name - # endif - --# ifdef _WIN32 --# ifdef _WIN64 --# define ossl_ssize_t __int64 --# define OSSL_SSIZE_MAX _I64_MAX --# else --# define ossl_ssize_t int --# define OSSL_SSIZE_MAX INT_MAX --# endif -+# if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && macintosh==1 && !defined(MAC_OS_GUSI_SOURCE) -+# define ossl_ssize_t long - # endif - --# if defined(OPENSSL_SYS_UEFI) && !defined(ssize_t) --# define ossl_ssize_t int --# define OSSL_SSIZE_MAX INT_MAX --# endif -- --# ifndef ossl_ssize_t --# define ossl_ssize_t ssize_t --# if defined(SSIZE_MAX) --# define OSSL_SSIZE_MAX SSIZE_MAX --# elif defined(_POSIX_SSIZE_MAX) --# define OSSL_SSIZE_MAX _POSIX_SSIZE_MAX --# endif --# endif -- --# ifdef DEBUG_UNUSED --# define __owur __attribute__((__warn_unused_result__)) --# else --# define __owur --# endif -- --/* Standard integer types */ --# if defined(OPENSSL_SYS_UEFI) --#include --typedef INT8 int8_t; --typedef UINT8 uint8_t; --typedef INT16 int16_t; --typedef UINT16 uint16_t; --typedef INT32 int32_t; --typedef UINT32 uint32_t; --typedef INT64 int64_t; --typedef UINT64 uint64_t; --# define PRIu64 "%Lu" --# elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \ -- defined(__osf__) || defined(__sgi) || defined(__hpux) || \ -- defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__) --# include --# elif defined(_MSC_VER) && _MSC_VER<=1500 --/* -- * minimally required typdefs for systems not supporting inttypes.h or -- * stdint.h: currently just older VC++ -- */ --typedef signed char int8_t; --typedef unsigned char uint8_t; --typedef short int16_t; --typedef unsigned short uint16_t; --typedef int int32_t; --typedef unsigned int uint32_t; --typedef __int64 int64_t; --typedef unsigned __int64 uint64_t; --# else --# include -+# ifdef OPENSSL_SYS_MSDOS -+# define ossl_ssize_t long - # endif - --/* -- * We need a format operator for some client tools for uint64_t. If inttypes.h -- * isn't available or did not define it, just go with hard-coded. -- */ --# ifndef PRIu64 --# ifdef SIXTY_FOUR_BIT_LONG --# define PRIu64 "lu" --# else --# define PRIu64 "llu" --# endif -+# if defined(NeXT) || defined(OPENSSL_SYS_NEWS4) || defined(OPENSSL_SYS_SUNOS) -+# define ssize_t int - # endif - --/* ossl_inline: portable inline definition usable in public headers */ --# if !defined(inline) && !defined(__cplusplus) --# if defined(__STDC_VERSION__) && __STDC_VERSION__>=199901L -- /* just use inline */ --# define ossl_inline inline --# elif defined(__GNUC__) && __GNUC__>=2 --# define ossl_inline __inline__ --# elif defined(_MSC_VER) -- /* -- * Visual Studio: inline is available in C++ only, however -- * __inline is available for C, see -- * http://msdn.microsoft.com/en-us/library/z8y1yy88.aspx -- */ --# define ossl_inline __inline --# else --# define ossl_inline --# endif --# else --# define ossl_inline inline -+# if defined(__ultrix) && !defined(ssize_t) -+# define ossl_ssize_t int - # endif - --# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L --# define ossl_noreturn _Noreturn --# elif defined(__GNUC__) && __GNUC__ >= 2 --# define ossl_noreturn __attribute__((noreturn)) --# else --# define ossl_noreturn -+# ifndef ossl_ssize_t -+# define ossl_ssize_t ssize_t - # endif - - #ifdef __cplusplus -diff --git a/Cryptlib/Include/openssl/ebcdic.h b/Cryptlib/Include/openssl/ebcdic.h -index aa01285..4cbdfeb 100644 ---- a/Cryptlib/Include/openssl/ebcdic.h -+++ b/Cryptlib/Include/openssl/ebcdic.h -@@ -1,16 +1,9 @@ --/* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -+/* crypto/ebcdic.h */ - - #ifndef HEADER_EBCDIC_H - # define HEADER_EBCDIC_H - --# include -+# include - - #ifdef __cplusplus - extern "C" { -diff --git a/Cryptlib/Include/openssl/ec.h b/Cryptlib/Include/openssl/ec.h -index 656cb41..81e6faf 100644 ---- a/Cryptlib/Include/openssl/ec.h -+++ b/Cryptlib/Include/openssl/ec.h -@@ -1,12 +1,64 @@ -+/* crypto/ec/ec.h */ - /* -- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Originally written by Bodo Moeller for the OpenSSL project. -+ */ -+/** -+ * \file crypto/ec/ec.h Include file for the OpenSSL EC functions -+ * \author Originally written by Bodo Moeller for the OpenSSL project -+ */ -+/* ==================================================================== -+ * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ -- - /* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * -@@ -26,14 +78,22 @@ - - # include - --# ifndef OPENSSL_NO_EC -+# ifdef OPENSSL_NO_EC -+# error EC is disabled. -+# endif -+ - # include - # include --# if OPENSSL_API_COMPAT < 0x10100000L -+# ifndef OPENSSL_NO_DEPRECATED - # include - # endif -+ - # ifdef __cplusplus - extern "C" { -+# elif defined(__SUNPRO_C) -+# if __SUNPRO_C >= 0x520 -+# pragma error_messages (off,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE) -+# endif - # endif - - # ifndef OPENSSL_ECC_MAX_FIELD_BITS -@@ -54,10 +114,19 @@ typedef enum { - } point_conversion_form_t; - - typedef struct ec_method_st EC_METHOD; --typedef struct ec_group_st EC_GROUP; -+ -+typedef struct ec_group_st -+ /*- -+ EC_METHOD *meth; -+ -- field definition -+ -- curve coefficients -+ -- optional generator with associated information (order, cofactor) -+ -- optional extra data (precomputed table for fast computation of multiples of generator) -+ -- ASN1 stuff -+ */ -+ EC_GROUP; -+ - typedef struct ec_point_st EC_POINT; --typedef struct ecpk_parameters_st ECPKPARAMETERS; --typedef struct ec_parameters_st ECPARAMETERS; - - /********************************************************************/ - /* EC_METHODs for curves over GF(p) */ -@@ -160,7 +229,7 @@ int EC_METHOD_get_field_type(const EC_METHOD *meth); - * \param order the order of the group generated by the generator. - * \param cofactor the index of the sub-group generated by the generator - * in the group of all points on the elliptic curve. -- * \return 1 on success and 0 if an error occurred -+ * \return 1 on success and 0 if an error occured - */ - int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, - const BIGNUM *order, const BIGNUM *cofactor); -@@ -173,45 +242,27 @@ const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group); - - /** Returns the montgomery data for order(Generator) - * \param group EC_GROUP object -- * \return the currently used montgomery data (possibly NULL). -+ * \return the currently used generator (possibly NULL). - */ - BN_MONT_CTX *EC_GROUP_get_mont_data(const EC_GROUP *group); - - /** Gets the order of a EC_GROUP - * \param group EC_GROUP object - * \param order BIGNUM to which the order is copied -- * \param ctx unused -- * \return 1 on success and 0 if an error occurred -+ * \param ctx BN_CTX object (optional) -+ * \return 1 on success and 0 if an error occured - */ - int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx); - --/** Gets the order of an EC_GROUP -- * \param group EC_GROUP object -- * \return the group order -- */ --const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group); -- --/** Gets the number of bits of the order of an EC_GROUP -- * \param group EC_GROUP object -- * \return number of bits of group order. -- */ --int EC_GROUP_order_bits(const EC_GROUP *group); -- - /** Gets the cofactor of a EC_GROUP - * \param group EC_GROUP object - * \param cofactor BIGNUM to which the cofactor is copied -- * \param ctx unused -- * \return 1 on success and 0 if an error occurred -+ * \param ctx BN_CTX object (optional) -+ * \return 1 on success and 0 if an error occured - */ - int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, - BN_CTX *ctx); - --/** Gets the cofactor of an EC_GROUP -- * \param group EC_GROUP object -- * \return the group cofactor -- */ --const BIGNUM *EC_GROUP_get0_cofactor(const EC_GROUP *group); -- - /** Sets the name of a EC_GROUP object - * \param group EC_GROUP object - * \param nid NID of the curve name OID -@@ -241,7 +292,7 @@ size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len); - * \param a BIGNUM with parameter a of the equation - * \param b BIGNUM with parameter b of the equation - * \param ctx BN_CTX object (optional) -- * \return 1 on success and 0 if an error occurred -+ * \return 1 on success and 0 if an error occured - */ - int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, - const BIGNUM *b, BN_CTX *ctx); -@@ -252,7 +303,7 @@ int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, - * \param a BIGNUM for parameter a of the equation - * \param b BIGNUM for parameter b of the equation - * \param ctx BN_CTX object (optional) -- * \return 1 on success and 0 if an error occurred -+ * \return 1 on success and 0 if an error occured - */ - int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, - BIGNUM *b, BN_CTX *ctx); -@@ -264,7 +315,7 @@ int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, - * \param a BIGNUM with parameter a of the equation - * \param b BIGNUM with parameter b of the equation - * \param ctx BN_CTX object (optional) -- * \return 1 on success and 0 if an error occurred -+ * \return 1 on success and 0 if an error occured - */ - int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, - const BIGNUM *b, BN_CTX *ctx); -@@ -275,7 +326,7 @@ int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, - * \param a BIGNUM for parameter a of the equation - * \param b BIGNUM for parameter b of the equation - * \param ctx BN_CTX object (optional) -- * \return 1 on success and 0 if an error occurred -+ * \return 1 on success and 0 if an error occured - */ - int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, - BIGNUM *b, BN_CTX *ctx); -@@ -304,7 +355,7 @@ int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx); - * \param a first EC_GROUP object - * \param b second EC_GROUP object - * \param ctx BN_CTX object (optional) -- * \return 0 if the groups are equal, 1 if not, or -1 on error -+ * \return 0 if both groups are equal and 1 otherwise - */ - int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx); - -@@ -335,7 +386,6 @@ EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, - EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, - const BIGNUM *b, BN_CTX *ctx); - # endif -- - /** Creates a EC_GROUP object with a curve specified by a NID - * \param nid NID of the OID of the curve name - * \return newly created EC_GROUP object with specified curve or NULL -@@ -343,38 +393,6 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, - */ - EC_GROUP *EC_GROUP_new_by_curve_name(int nid); - --/** Creates a new EC_GROUP object from an ECPARAMETERS object -- * \param params pointer to the ECPARAMETERS object -- * \return newly created EC_GROUP object with specified curve or NULL -- * if an error occurred -- */ --EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params); -- --/** Creates an ECPARAMETERS object for the the given EC_GROUP object. -- * \param group pointer to the EC_GROUP object -- * \param params pointer to an existing ECPARAMETERS object or NULL -- * \return pointer to the new ECPARAMETERS object or NULL -- * if an error occurred. -- */ --ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, -- ECPARAMETERS *params); -- --/** Creates a new EC_GROUP object from an ECPKPARAMETERS object -- * \param params pointer to an existing ECPKPARAMETERS object, or NULL -- * \return newly created EC_GROUP object with specified curve, or NULL -- * if an error occurred -- */ --EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params); -- --/** Creates an ECPKPARAMETERS object for the the given EC_GROUP object. -- * \param group pointer to the EC_GROUP object -- * \param params pointer to an existing ECPKPARAMETERS object or NULL -- * \return pointer to the new ECPKPARAMETERS object or NULL -- * if an error occurred. -- */ --ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, -- ECPKPARAMETERS *params); -- - /********************************************************************/ - /* handling of internal curves */ - /********************************************************************/ -@@ -386,7 +404,7 @@ typedef struct { - - /* - * EC_builtin_curves(EC_builtin_curve *r, size_t size) returns number of all -- * available curves or zero if a error occurred. In case r is not zero, -+ * available curves or zero if a error occurred. In case r ist not zero - * nitems EC_builtin_curve structures are filled with the data of the first - * nitems internal groups - */ -@@ -418,7 +436,7 @@ void EC_POINT_clear_free(EC_POINT *point); - /** Copies EC_POINT object - * \param dst destination EC_POINT object - * \param src source EC_POINT object -- * \return 1 on success and 0 if an error occurred -+ * \return 1 on success and 0 if an error occured - */ - int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src); - -@@ -439,7 +457,7 @@ const EC_METHOD *EC_POINT_method_of(const EC_POINT *point); - /** Sets a point to infinity (neutral element) - * \param group underlying EC_GROUP object - * \param point EC_POINT to set to infinity -- * \return 1 on success and 0 if an error occurred -+ * \return 1 on success and 0 if an error occured - */ - int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point); - -@@ -450,7 +468,7 @@ int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point); - * \param y BIGNUM with the y-coordinate - * \param z BIGNUM with the z-coordinate - * \param ctx BN_CTX object (optional) -- * \return 1 on success and 0 if an error occurred -+ * \return 1 on success and 0 if an error occured - */ - int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, - EC_POINT *p, const BIGNUM *x, -@@ -464,7 +482,7 @@ int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, - * \param y BIGNUM for the y-coordinate - * \param z BIGNUM for the z-coordinate - * \param ctx BN_CTX object (optional) -- * \return 1 on success and 0 if an error occurred -+ * \return 1 on success and 0 if an error occured - */ - int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, - const EC_POINT *p, BIGNUM *x, -@@ -477,7 +495,7 @@ int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, - * \param x BIGNUM with the x-coordinate - * \param y BIGNUM with the y-coordinate - * \param ctx BN_CTX object (optional) -- * \return 1 on success and 0 if an error occurred -+ * \return 1 on success and 0 if an error occured - */ - int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, - const BIGNUM *x, const BIGNUM *y, -@@ -489,7 +507,7 @@ int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, - * \param x BIGNUM for the x-coordinate - * \param y BIGNUM for the y-coordinate - * \param ctx BN_CTX object (optional) -- * \return 1 on success and 0 if an error occurred -+ * \return 1 on success and 0 if an error occured - */ - int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, - const EC_POINT *p, BIGNUM *x, -@@ -501,7 +519,7 @@ int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, - * \param x BIGNUM with x-coordinate - * \param y_bit integer with the y-Bit (either 0 or 1) - * \param ctx BN_CTX object (optional) -- * \return 1 on success and 0 if an error occurred -+ * \return 1 on success and 0 if an error occured - */ - int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, - EC_POINT *p, const BIGNUM *x, -@@ -513,7 +531,7 @@ int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, - * \param x BIGNUM with the x-coordinate - * \param y BIGNUM with the y-coordinate - * \param ctx BN_CTX object (optional) -- * \return 1 on success and 0 if an error occurred -+ * \return 1 on success and 0 if an error occured - */ - int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p, - const BIGNUM *x, const BIGNUM *y, -@@ -525,7 +543,7 @@ int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p, - * \param x BIGNUM for the x-coordinate - * \param y BIGNUM for the y-coordinate - * \param ctx BN_CTX object (optional) -- * \return 1 on success and 0 if an error occurred -+ * \return 1 on success and 0 if an error occured - */ - int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, - const EC_POINT *p, BIGNUM *x, -@@ -537,7 +555,7 @@ int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, - * \param x BIGNUM with x-coordinate - * \param y_bit integer with the y-Bit (either 0 or 1) - * \param ctx BN_CTX object (optional) -- * \return 1 on success and 0 if an error occurred -+ * \return 1 on success and 0 if an error occured - */ - int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, - EC_POINT *p, const BIGNUM *x, -@@ -563,25 +581,11 @@ size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p, - * \param buf memory buffer with the encoded ec point - * \param len length of the encoded ec point - * \param ctx BN_CTX object (optional) -- * \return 1 on success and 0 if an error occurred -+ * \return 1 on success and 0 if an error occured - */ - int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p, - const unsigned char *buf, size_t len, BN_CTX *ctx); - --/** Encodes an EC_POINT object to an allocated octet string -- * \param group underlying EC_GROUP object -- * \param point EC_POINT object -- * \param form point conversion form -- * \param pbuf returns pointer to allocated buffer -- * \param len length of the memory buffer -- * \param ctx BN_CTX object (optional) -- * \return the length of the encoded octet string or 0 if an error occurred -- */ -- --size_t EC_POINT_point2buf(const EC_GROUP *group, const EC_POINT *point, -- point_conversion_form_t form, -- unsigned char **pbuf, BN_CTX *ctx); -- - /* other interfaces to point2oct/oct2point: */ - BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *, - point_conversion_form_t form, BIGNUM *, BN_CTX *); -@@ -602,7 +606,7 @@ EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *, - * \param a EC_POINT object with the first summand - * \param b EC_POINT object with the second summand - * \param ctx BN_CTX object (optional) -- * \return 1 on success and 0 if an error occurred -+ * \return 1 on success and 0 if an error occured - */ - int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, - const EC_POINT *b, BN_CTX *ctx); -@@ -612,7 +616,7 @@ int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, - * \param r EC_POINT object for the result (r = 2 * a) - * \param a EC_POINT object - * \param ctx BN_CTX object (optional) -- * \return 1 on success and 0 if an error occurred -+ * \return 1 on success and 0 if an error occured - */ - int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, - BN_CTX *ctx); -@@ -621,7 +625,7 @@ int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, - * \param group underlying EC_GROUP object - * \param a EC_POINT object to be inverted (it's used for the result as well) - * \param ctx BN_CTX object (optional) -- * \return 1 on success and 0 if an error occurred -+ * \return 1 on success and 0 if an error occured - */ - int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx); - -@@ -636,7 +640,7 @@ int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p); - * \param group underlying EC_GROUP object - * \param point EC_POINT object to check - * \param ctx BN_CTX object (optional) -- * \return 1 if the point is on the curve, 0 if not, or -1 on error -+ * \return 1 if point if on the curve and 0 otherwise - */ - int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, - BN_CTX *ctx); -@@ -646,7 +650,7 @@ int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, - * \param a first EC_POINT object - * \param b second EC_POINT object - * \param ctx BN_CTX object (optional) -- * \return 1 if the points are not equal, 0 if they are, or -1 on error -+ * \return 0 if both points are equal and a value != 0 otherwise - */ - int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, - BN_CTX *ctx); -@@ -655,15 +659,15 @@ int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx); - int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, - EC_POINT *points[], BN_CTX *ctx); - --/** Computes r = generator * n + sum_{i=0}^{num-1} p[i] * m[i] -+/** Computes r = generator * n sum_{i=0}^{num-1} p[i] * m[i] - * \param group underlying EC_GROUP object - * \param r EC_POINT object for the result - * \param n BIGNUM with the multiplier for the group generator (optional) -- * \param num number further summands -+ * \param num number futher summands - * \param p array of size num of EC_POINT objects - * \param m array of size num of BIGNUM objects - * \param ctx BN_CTX object (optional) -- * \return 1 on success and 0 if an error occurred -+ * \return 1 on success and 0 if an error occured - */ - int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, - size_t num, const EC_POINT *p[], const BIGNUM *m[], -@@ -676,7 +680,7 @@ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, - * \param q EC_POINT object with the first factor of the second summand - * \param m BIGNUM with the second factor of the second summand - * \param ctx BN_CTX object (optional) -- * \return 1 on success and 0 if an error occurred -+ * \return 1 on success and 0 if an error occured - */ - int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, - const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx); -@@ -684,7 +688,7 @@ int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, - /** Stores multiples of generator for faster point multiplication - * \param group EC_GROUP object - * \param ctx BN_CTX object (optional) -- * \return 1 on success and 0 if an error occurred -+ * \return 1 on success and 0 if an error occured - */ - int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx); - -@@ -698,11 +702,6 @@ int EC_GROUP_have_precompute_mult(const EC_GROUP *group); - /* ASN1 stuff */ - /********************************************************************/ - --DECLARE_ASN1_ITEM(ECPKPARAMETERS) --DECLARE_ASN1_ALLOC_FUNCTIONS(ECPKPARAMETERS) --DECLARE_ASN1_ITEM(ECPARAMETERS) --DECLARE_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS) -- - /* - * EC_GROUP_get_basis_type() returns the NID of the basis type used to - * represent the field elements -@@ -714,8 +713,9 @@ int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, - unsigned int *k2, unsigned int *k3); - # endif - --# define OPENSSL_EC_EXPLICIT_CURVE 0x000 --# define OPENSSL_EC_NAMED_CURVE 0x001 -+# define OPENSSL_EC_NAMED_CURVE 0x001 -+ -+typedef struct ecpk_parameters_st ECPKPARAMETERS; - - EC_GROUP *d2i_ECPKParameters(EC_GROUP **, const unsigned char **in, long len); - int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out); -@@ -727,8 +727,10 @@ int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out); - # define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \ - (unsigned char *)(x)) - -+# ifndef OPENSSL_NO_BIO - int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off); --# ifndef OPENSSL_NO_STDIO -+# endif -+# ifndef OPENSSL_NO_FP_API - int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); - # endif - -@@ -736,6 +738,8 @@ int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); - /* EC_KEY functions */ - /********************************************************************/ - -+typedef struct ec_key_st EC_KEY; -+ - /* some values for the encoding_flag */ - # define EC_PKEY_NO_PARAMETERS 0x001 - # define EC_PKEY_NO_PUBKEY 0x002 -@@ -743,7 +747,6 @@ int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); - /* some values for the flags field */ - # define EC_FLAG_NON_FIPS_ALLOW 0x1 - # define EC_FLAG_FIPS_CHECKED 0x2 --# define EC_FLAG_COFACTOR_ECDH 0x1000 - - /** Creates a new EC_KEY object. - * \return EC_KEY object or NULL if an error occurred. -@@ -833,12 +836,23 @@ unsigned EC_KEY_get_enc_flags(const EC_KEY *key); - void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags); - point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key); - void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform); -- --#define EC_KEY_get_ex_new_index(l, p, newf, dupf, freef) \ -- CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_EC_KEY, l, p, newf, dupf, freef) --int EC_KEY_set_ex_data(EC_KEY *key, int idx, void *arg); --void *EC_KEY_get_ex_data(const EC_KEY *key, int idx); -- -+/* functions to set/get method specific data */ -+void *EC_KEY_get_key_method_data(EC_KEY *key, -+ void *(*dup_func) (void *), -+ void (*free_func) (void *), -+ void (*clear_free_func) (void *)); -+/** Sets the key method data of an EC_KEY object, if none has yet been set. -+ * \param key EC_KEY object -+ * \param data opaque data to install. -+ * \param dup_func a function that duplicates |data|. -+ * \param free_func a function that frees |data|. -+ * \param clear_free_func a function that wipes and frees |data|. -+ * \return the previously set data pointer, or NULL if |data| was inserted. -+ */ -+void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data, -+ void *(*dup_func) (void *), -+ void (*free_func) (void *), -+ void (*clear_free_func) (void *)); - /* wrapper functions for the underlying EC_GROUP object */ - void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag); - -@@ -862,14 +876,8 @@ int EC_KEY_generate_key(EC_KEY *key); - */ - int EC_KEY_check_key(const EC_KEY *key); - --/** Indicates if an EC_KEY can be used for signing. -- * \param key the EC_KEY object -- * \return 1 if can can sign and 0 otherwise. -- */ --int EC_KEY_can_sign(const EC_KEY *eckey); -- --/** Sets a public key from affine coordinates performing -- * necessary NIST PKV tests. -+/** Sets a public key from affine coordindates performing -+ * neccessary NIST PKV tests. - * \param key the EC_KEY object - * \param x public key x coordinate - * \param y public key y coordinate -@@ -878,56 +886,6 @@ int EC_KEY_can_sign(const EC_KEY *eckey); - int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, - BIGNUM *y); - --/** Encodes an EC_KEY public key to an allocated octet string -- * \param key key to encode -- * \param form point conversion form -- * \param pbuf returns pointer to allocated buffer -- * \param len length of the memory buffer -- * \param ctx BN_CTX object (optional) -- * \return the length of the encoded octet string or 0 if an error occurred -- */ -- --size_t EC_KEY_key2buf(const EC_KEY *key, point_conversion_form_t form, -- unsigned char **pbuf, BN_CTX *ctx); -- --/** Decodes a EC_KEY public key from a octet string -- * \param key key to decode -- * \param buf memory buffer with the encoded ec point -- * \param len length of the encoded ec point -- * \param ctx BN_CTX object (optional) -- * \return 1 on success and 0 if an error occurred -- */ -- --int EC_KEY_oct2key(EC_KEY *key, const unsigned char *buf, size_t len, -- BN_CTX *ctx); -- --/** Decodes an EC_KEY private key from an octet string -- * \param key key to decode -- * \param buf memory buffer with the encoded private key -- * \param len length of the encoded key -- * \return 1 on success and 0 if an error occurred -- */ -- --int EC_KEY_oct2priv(EC_KEY *key, const unsigned char *buf, size_t len); -- --/** Encodes a EC_KEY private key to an octet string -- * \param key key to encode -- * \param buf memory buffer for the result. If NULL the function returns -- * required buffer size. -- * \param len length of the memory buffer -- * \return the length of the encoded octet string or 0 if an error occurred -- */ -- --size_t EC_KEY_priv2oct(const EC_KEY *key, unsigned char *buf, size_t len); -- --/** Encodes an EC_KEY private key to an allocated octet string -- * \param key key to encode -- * \param pbuf returns pointer to allocated buffer -- * \return the length of the encoded octet string or 0 if an error occurred -- */ -- --size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf); -- - /********************************************************************/ - /* de- and encoding functions for SEC1 ECPrivateKey */ - /********************************************************************/ -@@ -962,7 +920,7 @@ int i2d_ECPrivateKey(EC_KEY *key, unsigned char **out); - EC_KEY *d2i_ECParameters(EC_KEY **key, const unsigned char **in, long len); - - /** Encodes ec parameter and stores the result in a buffer. -- * \param key the EC_KEY object with ec parameters to encode -+ * \param key the EC_KEY object with ec paramters to encode - * \param out the buffer for the result (if NULL the function returns number - * of bytes needed). - * \return 1 on success and 0 if an error occurred. -@@ -989,8 +947,9 @@ EC_KEY *o2i_ECPublicKey(EC_KEY **key, const unsigned char **in, long len); - * of bytes needed). - * \return 1 on success and 0 if an error occurred - */ --int i2o_ECPublicKey(const EC_KEY *key, unsigned char **out); -+int i2o_ECPublicKey(EC_KEY *key, unsigned char **out); - -+# ifndef OPENSSL_NO_BIO - /** Prints out the ec parameters on human readable form. - * \param bp BIO object to which the information is printed - * \param key EC_KEY object -@@ -1006,7 +965,8 @@ int ECParameters_print(BIO *bp, const EC_KEY *key); - */ - int EC_KEY_print(BIO *bp, const EC_KEY *key, int off); - --# ifndef OPENSSL_NO_STDIO -+# endif -+# ifndef OPENSSL_NO_FP_API - /** Prints out the ec parameters on human readable form. - * \param fp file descriptor to which the information is printed - * \param key EC_KEY object -@@ -1024,254 +984,6 @@ int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off); - - # endif - --const EC_KEY_METHOD *EC_KEY_OpenSSL(void); --const EC_KEY_METHOD *EC_KEY_get_default_method(void); --void EC_KEY_set_default_method(const EC_KEY_METHOD *meth); --const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key); --int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth); --EC_KEY *EC_KEY_new_method(ENGINE *engine); -- --int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, -- const unsigned char *Z, size_t Zlen, -- const unsigned char *sinfo, size_t sinfolen, -- const EVP_MD *md); -- --int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, -- const EC_KEY *ecdh, -- void *(*KDF) (const void *in, size_t inlen, -- void *out, size_t *outlen)); -- --typedef struct ECDSA_SIG_st ECDSA_SIG; -- --/** Allocates and initialize a ECDSA_SIG structure -- * \return pointer to a ECDSA_SIG structure or NULL if an error occurred -- */ --ECDSA_SIG *ECDSA_SIG_new(void); -- --/** frees a ECDSA_SIG structure -- * \param sig pointer to the ECDSA_SIG structure -- */ --void ECDSA_SIG_free(ECDSA_SIG *sig); -- --/** DER encode content of ECDSA_SIG object (note: this function modifies *pp -- * (*pp += length of the DER encoded signature)). -- * \param sig pointer to the ECDSA_SIG object -- * \param pp pointer to a unsigned char pointer for the output or NULL -- * \return the length of the DER encoded ECDSA_SIG object or 0 -- */ --int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp); -- --/** Decodes a DER encoded ECDSA signature (note: this function changes *pp -- * (*pp += len)). -- * \param sig pointer to ECDSA_SIG pointer (may be NULL) -- * \param pp memory buffer with the DER encoded signature -- * \param len length of the buffer -- * \return pointer to the decoded ECDSA_SIG structure (or NULL) -- */ --ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len); -- --/** Accessor for r and s fields of ECDSA_SIG -- * \param sig pointer to ECDSA_SIG pointer -- * \param pr pointer to BIGNUM pointer for r (may be NULL) -- * \param ps pointer to BIGNUM pointer for s (may be NULL) -- */ --void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); -- --/** Setter for r and s fields of ECDSA_SIG -- * \param sig pointer to ECDSA_SIG pointer -- * \param r pointer to BIGNUM for r (may be NULL) -- * \param s pointer to BIGNUM for s (may be NULL) -- */ --int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); -- --/** Computes the ECDSA signature of the given hash value using -- * the supplied private key and returns the created signature. -- * \param dgst pointer to the hash value -- * \param dgst_len length of the hash value -- * \param eckey EC_KEY object containing a private EC key -- * \return pointer to a ECDSA_SIG structure or NULL if an error occurred -- */ --ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len, -- EC_KEY *eckey); -- --/** Computes ECDSA signature of a given hash value using the supplied -- * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). -- * \param dgst pointer to the hash value to sign -- * \param dgstlen length of the hash value -- * \param kinv BIGNUM with a pre-computed inverse k (optional) -- * \param rp BIGNUM with a pre-computed rp value (optional), -- * see ECDSA_sign_setup -- * \param eckey EC_KEY object containing a private EC key -- * \return pointer to a ECDSA_SIG structure or NULL if an error occurred -- */ --ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, -- const BIGNUM *kinv, const BIGNUM *rp, -- EC_KEY *eckey); -- --/** Verifies that the supplied signature is a valid ECDSA -- * signature of the supplied hash value using the supplied public key. -- * \param dgst pointer to the hash value -- * \param dgst_len length of the hash value -- * \param sig ECDSA_SIG structure -- * \param eckey EC_KEY object containing a public EC key -- * \return 1 if the signature is valid, 0 if the signature is invalid -- * and -1 on error -- */ --int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, -- const ECDSA_SIG *sig, EC_KEY *eckey); -- --/** Precompute parts of the signing operation -- * \param eckey EC_KEY object containing a private EC key -- * \param ctx BN_CTX object (optional) -- * \param kinv BIGNUM pointer for the inverse of k -- * \param rp BIGNUM pointer for x coordinate of k * generator -- * \return 1 on success and 0 otherwise -- */ --int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp); -- --/** Computes ECDSA signature of a given hash value using the supplied -- * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). -- * \param type this parameter is ignored -- * \param dgst pointer to the hash value to sign -- * \param dgstlen length of the hash value -- * \param sig memory for the DER encoded created signature -- * \param siglen pointer to the length of the returned signature -- * \param eckey EC_KEY object containing a private EC key -- * \return 1 on success and 0 otherwise -- */ --int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, -- unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); -- --/** Computes ECDSA signature of a given hash value using the supplied -- * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). -- * \param type this parameter is ignored -- * \param dgst pointer to the hash value to sign -- * \param dgstlen length of the hash value -- * \param sig buffer to hold the DER encoded signature -- * \param siglen pointer to the length of the returned signature -- * \param kinv BIGNUM with a pre-computed inverse k (optional) -- * \param rp BIGNUM with a pre-computed rp value (optional), -- * see ECDSA_sign_setup -- * \param eckey EC_KEY object containing a private EC key -- * \return 1 on success and 0 otherwise -- */ --int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, -- unsigned char *sig, unsigned int *siglen, -- const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); -- --/** Verifies that the given signature is valid ECDSA signature -- * of the supplied hash value using the specified public key. -- * \param type this parameter is ignored -- * \param dgst pointer to the hash value -- * \param dgstlen length of the hash value -- * \param sig pointer to the DER encoded signature -- * \param siglen length of the DER encoded signature -- * \param eckey EC_KEY object containing a public EC key -- * \return 1 if the signature is valid, 0 if the signature is invalid -- * and -1 on error -- */ --int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, -- const unsigned char *sig, int siglen, EC_KEY *eckey); -- --/** Returns the maximum length of the DER encoded signature -- * \param eckey EC_KEY object -- * \return numbers of bytes required for the DER encoded signature -- */ --int ECDSA_size(const EC_KEY *eckey); -- --/********************************************************************/ --/* EC_KEY_METHOD constructors, destructors, writers and accessors */ --/********************************************************************/ -- --EC_KEY_METHOD *EC_KEY_METHOD_new(const EC_KEY_METHOD *meth); --void EC_KEY_METHOD_free(EC_KEY_METHOD *meth); --void EC_KEY_METHOD_set_init(EC_KEY_METHOD *meth, -- int (*init)(EC_KEY *key), -- void (*finish)(EC_KEY *key), -- int (*copy)(EC_KEY *dest, const EC_KEY *src), -- int (*set_group)(EC_KEY *key, const EC_GROUP *grp), -- int (*set_private)(EC_KEY *key, -- const BIGNUM *priv_key), -- int (*set_public)(EC_KEY *key, -- const EC_POINT *pub_key)); -- --void EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth, -- int (*keygen)(EC_KEY *key)); -- --void EC_KEY_METHOD_set_compute_key(EC_KEY_METHOD *meth, -- int (*ckey)(unsigned char **psec, -- size_t *pseclen, -- const EC_POINT *pub_key, -- const EC_KEY *ecdh)); -- --void EC_KEY_METHOD_set_sign(EC_KEY_METHOD *meth, -- int (*sign)(int type, const unsigned char *dgst, -- int dlen, unsigned char *sig, -- unsigned int *siglen, -- const BIGNUM *kinv, const BIGNUM *r, -- EC_KEY *eckey), -- int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, -- BIGNUM **kinvp, BIGNUM **rp), -- ECDSA_SIG *(*sign_sig)(const unsigned char *dgst, -- int dgst_len, -- const BIGNUM *in_kinv, -- const BIGNUM *in_r, -- EC_KEY *eckey)); -- --void EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth, -- int (*verify)(int type, const unsigned -- char *dgst, int dgst_len, -- const unsigned char *sigbuf, -- int sig_len, EC_KEY *eckey), -- int (*verify_sig)(const unsigned char *dgst, -- int dgst_len, -- const ECDSA_SIG *sig, -- EC_KEY *eckey)); -- --void EC_KEY_METHOD_get_init(EC_KEY_METHOD *meth, -- int (**pinit)(EC_KEY *key), -- void (**pfinish)(EC_KEY *key), -- int (**pcopy)(EC_KEY *dest, const EC_KEY *src), -- int (**pset_group)(EC_KEY *key, -- const EC_GROUP *grp), -- int (**pset_private)(EC_KEY *key, -- const BIGNUM *priv_key), -- int (**pset_public)(EC_KEY *key, -- const EC_POINT *pub_key)); -- --void EC_KEY_METHOD_get_keygen(EC_KEY_METHOD *meth, -- int (**pkeygen)(EC_KEY *key)); -- --void EC_KEY_METHOD_get_compute_key(EC_KEY_METHOD *meth, -- int (**pck)(unsigned char **psec, -- size_t *pseclen, -- const EC_POINT *pub_key, -- const EC_KEY *ecdh)); -- --void EC_KEY_METHOD_get_sign(EC_KEY_METHOD *meth, -- int (**psign)(int type, const unsigned char *dgst, -- int dlen, unsigned char *sig, -- unsigned int *siglen, -- const BIGNUM *kinv, const BIGNUM *r, -- EC_KEY *eckey), -- int (**psign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, -- BIGNUM **kinvp, BIGNUM **rp), -- ECDSA_SIG *(**psign_sig)(const unsigned char *dgst, -- int dgst_len, -- const BIGNUM *in_kinv, -- const BIGNUM *in_r, -- EC_KEY *eckey)); -- --void EC_KEY_METHOD_get_verify(EC_KEY_METHOD *meth, -- int (**pverify)(int type, const unsigned -- char *dgst, int dgst_len, -- const unsigned char *sigbuf, -- int sig_len, EC_KEY *eckey), -- int (**pverify_sig)(const unsigned char *dgst, -- int dgst_len, -- const ECDSA_SIG *sig, -- EC_KEY *eckey)); -- - # define ECParameters_dup(x) ASN1_dup_of(EC_KEY,i2d_ECParameters,d2i_ECParameters,x) - - # ifndef __cplusplus -@@ -1361,27 +1073,19 @@ void EC_KEY_METHOD_get_verify(EC_KEY_METHOD *meth, - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -- --int ERR_load_EC_strings(void); -+void ERR_load_EC_strings(void); - - /* Error codes for the EC functions. */ - - /* Function codes. */ - # define EC_F_BN_TO_FELEM 224 -+# define EC_F_COMPUTE_WNAF 143 - # define EC_F_D2I_ECPARAMETERS 144 - # define EC_F_D2I_ECPKPARAMETERS 145 - # define EC_F_D2I_ECPRIVATEKEY 146 - # define EC_F_DO_EC_KEY_PRINT 221 - # define EC_F_ECDH_CMS_DECRYPT 238 - # define EC_F_ECDH_CMS_SET_SHARED_INFO 239 --# define EC_F_ECDH_COMPUTE_KEY 246 --# define EC_F_ECDH_SIMPLE_COMPUTE_KEY 257 --# define EC_F_ECDSA_DO_SIGN_EX 251 --# define EC_F_ECDSA_DO_VERIFY 252 --# define EC_F_ECDSA_SIGN_EX 254 --# define EC_F_ECDSA_SIGN_SETUP 248 --# define EC_F_ECDSA_SIG_NEW 265 --# define EC_F_ECDSA_VERIFY 253 - # define EC_F_ECKEY_PARAM2TYPE 223 - # define EC_F_ECKEY_PARAM_DECODE 212 - # define EC_F_ECKEY_PRIV_DECODE 213 -@@ -1397,12 +1101,19 @@ int ERR_load_EC_strings(void); - # define EC_F_ECP_NISTZ256_MULT_PRECOMPUTE 243 - # define EC_F_ECP_NISTZ256_POINTS_MUL 241 - # define EC_F_ECP_NISTZ256_PRE_COMP_NEW 244 -+# define EC_F_ECP_NISTZ256_SET_WORDS 245 - # define EC_F_ECP_NISTZ256_WINDOWED_MUL 242 --# define EC_F_ECX_KEY_OP 266 --# define EC_F_ECX_PRIV_ENCODE 267 --# define EC_F_ECX_PUB_ENCODE 268 -+# define EC_F_ECP_NIST_MOD_192 203 -+# define EC_F_ECP_NIST_MOD_224 204 -+# define EC_F_ECP_NIST_MOD_256 205 -+# define EC_F_ECP_NIST_MOD_521 206 - # define EC_F_EC_ASN1_GROUP2CURVE 153 - # define EC_F_EC_ASN1_GROUP2FIELDID 154 -+# define EC_F_EC_ASN1_GROUP2PARAMETERS 155 -+# define EC_F_EC_ASN1_GROUP2PKPARAMETERS 156 -+# define EC_F_EC_ASN1_PARAMETERS2GROUP 157 -+# define EC_F_EC_ASN1_PKPARAMETERS2GROUP 158 -+# define EC_F_EC_EX_DATA_SET_DATA 211 - # define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY 208 - # define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT 159 - # define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE 195 -@@ -1417,6 +1128,7 @@ int ERR_load_EC_strings(void); - # define EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE 209 - # define EC_F_EC_GFP_MONT_FIELD_SQR 132 - # define EC_F_EC_GFP_MONT_GROUP_SET_CURVE 189 -+# define EC_F_EC_GFP_MONT_GROUP_SET_CURVE_GFP 135 - # define EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE 225 - # define EC_F_EC_GFP_NISTP224_POINTS_MUL 228 - # define EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES 226 -@@ -1431,44 +1143,44 @@ int ERR_load_EC_strings(void); - # define EC_F_EC_GFP_NIST_GROUP_SET_CURVE 202 - # define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT 165 - # define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE 166 -+# define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP 100 -+# define EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR 101 - # define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE 102 - # define EC_F_EC_GFP_SIMPLE_OCT2POINT 103 - # define EC_F_EC_GFP_SIMPLE_POINT2OCT 104 - # define EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE 137 - # define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES 167 -+# define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP 105 - # define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES 168 -+# define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP 128 - # define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES 169 -+# define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP 129 - # define EC_F_EC_GROUP_CHECK 170 - # define EC_F_EC_GROUP_CHECK_DISCRIMINANT 171 - # define EC_F_EC_GROUP_COPY 106 -+# define EC_F_EC_GROUP_GET0_GENERATOR 139 -+# define EC_F_EC_GROUP_GET_COFACTOR 140 - # define EC_F_EC_GROUP_GET_CURVE_GF2M 172 - # define EC_F_EC_GROUP_GET_CURVE_GFP 130 - # define EC_F_EC_GROUP_GET_DEGREE 173 --# define EC_F_EC_GROUP_GET_ECPARAMETERS 261 --# define EC_F_EC_GROUP_GET_ECPKPARAMETERS 262 -+# define EC_F_EC_GROUP_GET_ORDER 141 - # define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS 193 - # define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS 194 - # define EC_F_EC_GROUP_NEW 108 - # define EC_F_EC_GROUP_NEW_BY_CURVE_NAME 174 - # define EC_F_EC_GROUP_NEW_FROM_DATA 175 --# define EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS 263 --# define EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS 264 -+# define EC_F_EC_GROUP_PRECOMPUTE_MULT 142 - # define EC_F_EC_GROUP_SET_CURVE_GF2M 176 - # define EC_F_EC_GROUP_SET_CURVE_GFP 109 -+# define EC_F_EC_GROUP_SET_EXTRA_DATA 110 - # define EC_F_EC_GROUP_SET_GENERATOR 111 - # define EC_F_EC_KEY_CHECK_KEY 177 - # define EC_F_EC_KEY_COPY 178 - # define EC_F_EC_KEY_GENERATE_KEY 179 - # define EC_F_EC_KEY_NEW 182 --# define EC_F_EC_KEY_NEW_METHOD 245 --# define EC_F_EC_KEY_OCT2PRIV 255 - # define EC_F_EC_KEY_PRINT 180 - # define EC_F_EC_KEY_PRINT_FP 181 --# define EC_F_EC_KEY_PRIV2OCT 256 - # define EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES 229 --# define EC_F_EC_KEY_SIMPLE_CHECK_KEY 258 --# define EC_F_EC_KEY_SIMPLE_OCT2PRIV 259 --# define EC_F_EC_KEY_SIMPLE_PRIV2OCT 260 - # define EC_F_EC_POINTS_MAKE_AFFINE 136 - # define EC_F_EC_POINT_ADD 112 - # define EC_F_EC_POINT_CMP 113 -@@ -1481,6 +1193,7 @@ int ERR_load_EC_strings(void); - # define EC_F_EC_POINT_IS_AT_INFINITY 118 - # define EC_F_EC_POINT_IS_ON_CURVE 119 - # define EC_F_EC_POINT_MAKE_AFFINE 120 -+# define EC_F_EC_POINT_MUL 184 - # define EC_F_EC_POINT_NEW 121 - # define EC_F_EC_POINT_OCT2POINT 122 - # define EC_F_EC_POINT_POINT2OCT 123 -@@ -1490,6 +1203,7 @@ int ERR_load_EC_strings(void); - # define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP 125 - # define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP 126 - # define EC_F_EC_POINT_SET_TO_INFINITY 127 -+# define EC_F_EC_PRE_COMP_DUP 207 - # define EC_F_EC_PRE_COMP_NEW 196 - # define EC_F_EC_WNAF_MUL 187 - # define EC_F_EC_WNAF_PRECOMPUTE_MULT 188 -@@ -1502,10 +1216,6 @@ int ERR_load_EC_strings(void); - # define EC_F_NISTP521_PRE_COMP_NEW 237 - # define EC_F_O2I_ECPUBLICKEY 152 - # define EC_F_OLD_EC_PRIV_DECODE 222 --# define EC_F_OSSL_ECDH_COMPUTE_KEY 247 --# define EC_F_OSSL_ECDSA_SIGN_SIG 249 --# define EC_F_OSSL_ECDSA_VERIFY_SIG 250 --# define EC_F_PKEY_ECX_DERIVE 269 - # define EC_F_PKEY_EC_CTRL 197 - # define EC_F_PKEY_EC_CTRL_STR 198 - # define EC_F_PKEY_EC_DERIVE 217 -@@ -1515,12 +1225,10 @@ int ERR_load_EC_strings(void); - - /* Reason codes. */ - # define EC_R_ASN1_ERROR 115 --# define EC_R_BAD_SIGNATURE 156 -+# define EC_R_ASN1_UNKNOWN_FIELD 116 - # define EC_R_BIGNUM_OUT_OF_RANGE 144 - # define EC_R_BUFFER_TOO_SMALL 100 - # define EC_R_COORDINATES_OUT_OF_RANGE 146 --# define EC_R_CURVE_DOES_NOT_SUPPORT_ECDH 160 --# define EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING 159 - # define EC_R_D2I_ECPKPARAMETERS_FAILURE 117 - # define EC_R_DECODE_ERROR 142 - # define EC_R_DISCRIMINANT_IS_ZERO 118 -@@ -1540,9 +1248,6 @@ int ERR_load_EC_strings(void); - # define EC_R_INVALID_FIELD 103 - # define EC_R_INVALID_FORM 104 - # define EC_R_INVALID_GROUP_ORDER 122 --# define EC_R_INVALID_KEY 116 --# define EC_R_INVALID_OUTPUT_LENGTH 161 --# define EC_R_INVALID_PEER_KEY 133 - # define EC_R_INVALID_PENTANOMIAL_BASIS 132 - # define EC_R_INVALID_PRIVATE_KEY 123 - # define EC_R_INVALID_TRINOMIAL_BASIS 137 -@@ -1550,20 +1255,17 @@ int ERR_load_EC_strings(void); - # define EC_R_KEYS_NOT_SET 140 - # define EC_R_MISSING_PARAMETERS 124 - # define EC_R_MISSING_PRIVATE_KEY 125 --# define EC_R_NEED_NEW_SETUP_VALUES 157 - # define EC_R_NOT_A_NIST_PRIME 135 -+# define EC_R_NOT_A_SUPPORTED_NIST_PRIME 136 - # define EC_R_NOT_IMPLEMENTED 126 - # define EC_R_NOT_INITIALIZED 111 -+# define EC_R_NO_FIELD_MOD 133 - # define EC_R_NO_PARAMETERS_SET 139 --# define EC_R_NO_PRIVATE_VALUE 154 --# define EC_R_OPERATION_NOT_SUPPORTED 152 - # define EC_R_PASSED_NULL_PARAMETER 134 - # define EC_R_PEER_KEY_ERROR 149 - # define EC_R_PKPARAMETERS2GROUP_FAILURE 127 --# define EC_R_POINT_ARITHMETIC_FAILURE 155 - # define EC_R_POINT_AT_INFINITY 106 - # define EC_R_POINT_IS_NOT_ON_CURVE 107 --# define EC_R_RANDOM_NUMBER_GENERATION_FAILED 158 - # define EC_R_SHARED_INFO_ERROR 150 - # define EC_R_SLOT_FULL 108 - # define EC_R_UNDEFINED_GENERATOR 113 -@@ -1574,8 +1276,7 @@ int ERR_load_EC_strings(void); - # define EC_R_WRONG_CURVE_PARAMETERS 145 - # define EC_R_WRONG_ORDER 130 - --# ifdef __cplusplus -+#ifdef __cplusplus - } --# endif --# endif -+#endif - #endif -diff --git a/Cryptlib/Include/openssl/ecdh.h b/Cryptlib/Include/openssl/ecdh.h -index 681f3d5..25348b3 100644 ---- a/Cryptlib/Include/openssl/ecdh.h -+++ b/Cryptlib/Include/openssl/ecdh.h -@@ -1,10 +1,134 @@ --/* -- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/ecdh/ecdh.h */ -+/* ==================================================================== -+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. -+ * -+ * The Elliptic Curve Public-Key Crypto Library (ECC Code) included -+ * herein is developed by SUN MICROSYSTEMS, INC., and is contributed -+ * to the OpenSSL project. -+ * -+ * The ECC Code is licensed pursuant to the OpenSSL open source -+ * license provided below. -+ * -+ * The ECDH software is originally written by Douglas Stebila of -+ * Sun Microsystems Laboratories. -+ * -+ */ -+/* ==================================================================== -+ * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ -+#ifndef HEADER_ECDH_H -+# define HEADER_ECDH_H -+ -+# include -+ -+# ifdef OPENSSL_NO_ECDH -+# error ECDH is disabled. -+# endif -+ -+# include -+# include -+# ifndef OPENSSL_NO_DEPRECATED -+# include -+# endif -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+# define EC_FLAG_COFACTOR_ECDH 0x1000 -+ -+const ECDH_METHOD *ECDH_OpenSSL(void); -+ -+void ECDH_set_default_method(const ECDH_METHOD *); -+const ECDH_METHOD *ECDH_get_default_method(void); -+int ECDH_set_method(EC_KEY *, const ECDH_METHOD *); -+ -+int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, -+ EC_KEY *ecdh, void *(*KDF) (const void *in, size_t inlen, -+ void *out, size_t *outlen)); -+ -+int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new -+ *new_func, CRYPTO_EX_dup *dup_func, -+ CRYPTO_EX_free *free_func); -+int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg); -+void *ECDH_get_ex_data(EC_KEY *d, int idx); -+ -+int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, -+ const unsigned char *Z, size_t Zlen, -+ const unsigned char *sinfo, size_t sinfolen, -+ const EVP_MD *md); -+ -+/* BEGIN ERROR CODES */ -+/* -+ * The following lines are auto generated by the script mkerr.pl. Any changes -+ * made after this point may be overwritten when the script is next run. -+ */ -+void ERR_load_ECDH_strings(void); -+ -+/* Error codes for the ECDH functions. */ -+ -+/* Function codes. */ -+# define ECDH_F_ECDH_CHECK 102 -+# define ECDH_F_ECDH_COMPUTE_KEY 100 -+# define ECDH_F_ECDH_DATA_NEW_METHOD 101 -+ -+/* Reason codes. */ -+# define ECDH_R_KDF_FAILED 102 -+# define ECDH_R_NON_FIPS_METHOD 103 -+# define ECDH_R_NO_PRIVATE_VALUE 100 -+# define ECDH_R_POINT_ARITHMETIC_FAILURE 101 - --#include -+#ifdef __cplusplus -+} -+#endif -+#endif -diff --git a/Cryptlib/Include/openssl/ecdsa.h b/Cryptlib/Include/openssl/ecdsa.h -index 681f3d5..a6f0930 100644 ---- a/Cryptlib/Include/openssl/ecdsa.h -+++ b/Cryptlib/Include/openssl/ecdsa.h -@@ -1,10 +1,335 @@ --/* -- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/ecdsa/ecdsa.h */ -+/** -+ * \file crypto/ecdsa/ecdsa.h Include file for the OpenSSL ECDSA functions -+ * \author Written by Nils Larsch for the OpenSSL project -+ */ -+/* ==================================================================== -+ * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+#ifndef HEADER_ECDSA_H -+# define HEADER_ECDSA_H -+ -+# include -+ -+# ifdef OPENSSL_NO_ECDSA -+# error ECDSA is disabled. -+# endif -+ -+# include -+# include -+# ifndef OPENSSL_NO_DEPRECATED -+# include -+# endif -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+typedef struct ECDSA_SIG_st { -+ BIGNUM *r; -+ BIGNUM *s; -+} ECDSA_SIG; -+ -+/** Allocates and initialize a ECDSA_SIG structure -+ * \return pointer to a ECDSA_SIG structure or NULL if an error occurred -+ */ -+ECDSA_SIG *ECDSA_SIG_new(void); -+ -+/** frees a ECDSA_SIG structure -+ * \param sig pointer to the ECDSA_SIG structure -+ */ -+void ECDSA_SIG_free(ECDSA_SIG *sig); -+ -+/** DER encode content of ECDSA_SIG object (note: this function modifies *pp -+ * (*pp += length of the DER encoded signature)). -+ * \param sig pointer to the ECDSA_SIG object -+ * \param pp pointer to a unsigned char pointer for the output or NULL -+ * \return the length of the DER encoded ECDSA_SIG object or 0 -+ */ -+int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp); -+ -+/** Decodes a DER encoded ECDSA signature (note: this function changes *pp -+ * (*pp += len)). -+ * \param sig pointer to ECDSA_SIG pointer (may be NULL) -+ * \param pp memory buffer with the DER encoded signature -+ * \param len length of the buffer -+ * \return pointer to the decoded ECDSA_SIG structure (or NULL) -+ */ -+ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len); -+ -+/** Computes the ECDSA signature of the given hash value using -+ * the supplied private key and returns the created signature. -+ * \param dgst pointer to the hash value -+ * \param dgst_len length of the hash value -+ * \param eckey EC_KEY object containing a private EC key -+ * \return pointer to a ECDSA_SIG structure or NULL if an error occurred -+ */ -+ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len, -+ EC_KEY *eckey); -+ -+/** Computes ECDSA signature of a given hash value using the supplied -+ * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). -+ * \param dgst pointer to the hash value to sign -+ * \param dgstlen length of the hash value -+ * \param kinv BIGNUM with a pre-computed inverse k (optional) -+ * \param rp BIGNUM with a pre-computed rp value (optioanl), -+ * see ECDSA_sign_setup -+ * \param eckey EC_KEY object containing a private EC key -+ * \return pointer to a ECDSA_SIG structure or NULL if an error occurred -+ */ -+ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, -+ const BIGNUM *kinv, const BIGNUM *rp, -+ EC_KEY *eckey); -+ -+/** Verifies that the supplied signature is a valid ECDSA -+ * signature of the supplied hash value using the supplied public key. -+ * \param dgst pointer to the hash value -+ * \param dgst_len length of the hash value -+ * \param sig ECDSA_SIG structure -+ * \param eckey EC_KEY object containing a public EC key -+ * \return 1 if the signature is valid, 0 if the signature is invalid -+ * and -1 on error -+ */ -+int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, -+ const ECDSA_SIG *sig, EC_KEY *eckey); -+ -+const ECDSA_METHOD *ECDSA_OpenSSL(void); -+ -+/** Sets the default ECDSA method -+ * \param meth new default ECDSA_METHOD -+ */ -+void ECDSA_set_default_method(const ECDSA_METHOD *meth); -+ -+/** Returns the default ECDSA method -+ * \return pointer to ECDSA_METHOD structure containing the default method -+ */ -+const ECDSA_METHOD *ECDSA_get_default_method(void); -+ -+/** Sets method to be used for the ECDSA operations -+ * \param eckey EC_KEY object -+ * \param meth new method -+ * \return 1 on success and 0 otherwise -+ */ -+int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth); -+ -+/** Returns the maximum length of the DER encoded signature -+ * \param eckey EC_KEY object -+ * \return numbers of bytes required for the DER encoded signature -+ */ -+int ECDSA_size(const EC_KEY *eckey); -+ -+/** Precompute parts of the signing operation -+ * \param eckey EC_KEY object containing a private EC key -+ * \param ctx BN_CTX object (optional) -+ * \param kinv BIGNUM pointer for the inverse of k -+ * \param rp BIGNUM pointer for x coordinate of k * generator -+ * \return 1 on success and 0 otherwise -+ */ -+int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp); -+ -+/** Computes ECDSA signature of a given hash value using the supplied -+ * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). -+ * \param type this parameter is ignored -+ * \param dgst pointer to the hash value to sign -+ * \param dgstlen length of the hash value -+ * \param sig memory for the DER encoded created signature -+ * \param siglen pointer to the length of the returned signature -+ * \param eckey EC_KEY object containing a private EC key -+ * \return 1 on success and 0 otherwise -+ */ -+int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, -+ unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); -+ -+/** Computes ECDSA signature of a given hash value using the supplied -+ * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). -+ * \param type this parameter is ignored -+ * \param dgst pointer to the hash value to sign -+ * \param dgstlen length of the hash value -+ * \param sig buffer to hold the DER encoded signature -+ * \param siglen pointer to the length of the returned signature -+ * \param kinv BIGNUM with a pre-computed inverse k (optional) -+ * \param rp BIGNUM with a pre-computed rp value (optioanl), -+ * see ECDSA_sign_setup -+ * \param eckey EC_KEY object containing a private EC key -+ * \return 1 on success and 0 otherwise -+ */ -+int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, -+ unsigned char *sig, unsigned int *siglen, -+ const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); -+ -+/** Verifies that the given signature is valid ECDSA signature -+ * of the supplied hash value using the specified public key. -+ * \param type this parameter is ignored -+ * \param dgst pointer to the hash value -+ * \param dgstlen length of the hash value -+ * \param sig pointer to the DER encoded signature -+ * \param siglen length of the DER encoded signature -+ * \param eckey EC_KEY object containing a public EC key -+ * \return 1 if the signature is valid, 0 if the signature is invalid -+ * and -1 on error -+ */ -+int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, -+ const unsigned char *sig, int siglen, EC_KEY *eckey); -+ -+/* the standard ex_data functions */ -+int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new -+ *new_func, CRYPTO_EX_dup *dup_func, -+ CRYPTO_EX_free *free_func); -+int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg); -+void *ECDSA_get_ex_data(EC_KEY *d, int idx); -+ -+/** Allocates and initialize a ECDSA_METHOD structure -+ * \param ecdsa_method pointer to ECDSA_METHOD to copy. (May be NULL) -+ * \return pointer to a ECDSA_METHOD structure or NULL if an error occurred -+ */ -+ -+ECDSA_METHOD *ECDSA_METHOD_new(const ECDSA_METHOD *ecdsa_method); -+ -+/** frees a ECDSA_METHOD structure -+ * \param ecdsa_method pointer to the ECDSA_METHOD structure -+ */ -+void ECDSA_METHOD_free(ECDSA_METHOD *ecdsa_method); -+ -+/** Sets application specific data in the ECDSA_METHOD -+ * \param ecdsa_method pointer to existing ECDSA_METHOD -+ * \param app application specific data to set -+ */ -+ -+void ECDSA_METHOD_set_app_data(ECDSA_METHOD *ecdsa_method, void *app); -+ -+/** Returns application specific data from a ECDSA_METHOD structure -+ * \param ecdsa_method pointer to ECDSA_METHOD structure -+ * \return pointer to application specific data. -+ */ -+ -+void *ECDSA_METHOD_get_app_data(ECDSA_METHOD *ecdsa_method); -+ -+/** Set the ECDSA_do_sign function in the ECDSA_METHOD -+ * \param ecdsa_method pointer to existing ECDSA_METHOD -+ * \param ecdsa_do_sign a funtion of type ECDSA_do_sign -+ */ -+ -+void ECDSA_METHOD_set_sign(ECDSA_METHOD *ecdsa_method, -+ ECDSA_SIG *(*ecdsa_do_sign) (const unsigned char -+ *dgst, int dgst_len, -+ const BIGNUM *inv, -+ const BIGNUM *rp, -+ EC_KEY *eckey)); -+ -+/** Set the ECDSA_sign_setup function in the ECDSA_METHOD -+ * \param ecdsa_method pointer to existing ECDSA_METHOD -+ * \param ecdsa_sign_setup a funtion of type ECDSA_sign_setup -+ */ -+ -+void ECDSA_METHOD_set_sign_setup(ECDSA_METHOD *ecdsa_method, -+ int (*ecdsa_sign_setup) (EC_KEY *eckey, -+ BN_CTX *ctx, -+ BIGNUM **kinv, -+ BIGNUM **r)); -+ -+/** Set the ECDSA_do_verify function in the ECDSA_METHOD -+ * \param ecdsa_method pointer to existing ECDSA_METHOD -+ * \param ecdsa_do_verify a funtion of type ECDSA_do_verify -+ */ -+ -+void ECDSA_METHOD_set_verify(ECDSA_METHOD *ecdsa_method, -+ int (*ecdsa_do_verify) (const unsigned char -+ *dgst, int dgst_len, -+ const ECDSA_SIG *sig, -+ EC_KEY *eckey)); -+ -+void ECDSA_METHOD_set_flags(ECDSA_METHOD *ecdsa_method, int flags); -+ -+/** Set the flags field in the ECDSA_METHOD -+ * \param ecdsa_method pointer to existing ECDSA_METHOD -+ * \param flags flags value to set -+ */ -+ -+void ECDSA_METHOD_set_name(ECDSA_METHOD *ecdsa_method, char *name); -+ -+/** Set the name field in the ECDSA_METHOD -+ * \param ecdsa_method pointer to existing ECDSA_METHOD -+ * \param name name to set -+ */ -+ -+/* BEGIN ERROR CODES */ -+/* -+ * The following lines are auto generated by the script mkerr.pl. Any changes -+ * made after this point may be overwritten when the script is next run. - */ -+void ERR_load_ECDSA_strings(void); -+ -+/* Error codes for the ECDSA functions. */ -+ -+/* Function codes. */ -+# define ECDSA_F_ECDSA_CHECK 104 -+# define ECDSA_F_ECDSA_DATA_NEW_METHOD 100 -+# define ECDSA_F_ECDSA_DO_SIGN 101 -+# define ECDSA_F_ECDSA_DO_VERIFY 102 -+# define ECDSA_F_ECDSA_METHOD_NEW 105 -+# define ECDSA_F_ECDSA_SIGN_SETUP 103 -+ -+/* Reason codes. */ -+# define ECDSA_R_BAD_SIGNATURE 100 -+# define ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 101 -+# define ECDSA_R_ERR_EC_LIB 102 -+# define ECDSA_R_MISSING_PARAMETERS 103 -+# define ECDSA_R_NEED_NEW_SETUP_VALUES 106 -+# define ECDSA_R_NON_FIPS_METHOD 107 -+# define ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED 104 -+# define ECDSA_R_SIGNATURE_MALLOC_FAILED 105 - --#include -+#ifdef __cplusplus -+} -+#endif -+#endif -diff --git a/Cryptlib/Include/openssl/engine.h b/Cryptlib/Include/openssl/engine.h -index 26cf714..bd7b591 100644 ---- a/Cryptlib/Include/openssl/engine.h -+++ b/Cryptlib/Include/openssl/engine.h -@@ -1,12 +1,61 @@ -+/* openssl/engine.h */ - /* -- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project -+ * 2000. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ -- - /* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECDH support in OpenSSL originally developed by -@@ -18,23 +67,40 @@ - - # include - --# ifndef OPENSSL_NO_ENGINE --# if OPENSSL_API_COMPAT < 0x10100000L -+# ifdef OPENSSL_NO_ENGINE -+# error ENGINE is disabled. -+# endif -+ -+# ifndef OPENSSL_NO_DEPRECATED - # include --# include --# include --# include --# include -+# ifndef OPENSSL_NO_RSA -+# include -+# endif -+# ifndef OPENSSL_NO_DSA -+# include -+# endif -+# ifndef OPENSSL_NO_DH -+# include -+# endif -+# ifndef OPENSSL_NO_ECDH -+# include -+# endif -+# ifndef OPENSSL_NO_ECDSA -+# include -+# endif - # include - # include - # include - # endif -+ - # include - # include -+ - # include --# ifdef __cplusplus -+ -+#ifdef __cplusplus - extern "C" { --# endif -+#endif - - /* - * These flags are used to control combinations of algorithm (methods) by -@@ -44,11 +110,13 @@ extern "C" { - # define ENGINE_METHOD_DSA (unsigned int)0x0002 - # define ENGINE_METHOD_DH (unsigned int)0x0004 - # define ENGINE_METHOD_RAND (unsigned int)0x0008 -+# define ENGINE_METHOD_ECDH (unsigned int)0x0010 -+# define ENGINE_METHOD_ECDSA (unsigned int)0x0020 - # define ENGINE_METHOD_CIPHERS (unsigned int)0x0040 - # define ENGINE_METHOD_DIGESTS (unsigned int)0x0080 -+# define ENGINE_METHOD_STORE (unsigned int)0x0100 - # define ENGINE_METHOD_PKEY_METHS (unsigned int)0x0200 - # define ENGINE_METHOD_PKEY_ASN1_METHS (unsigned int)0x0400 --# define ENGINE_METHOD_EC (unsigned int)0x0800 - /* Obvious all-or-nothing cases. */ - # define ENGINE_METHOD_ALL (unsigned int)0xFFFF - # define ENGINE_METHOD_NONE (unsigned int)0x0000 -@@ -323,25 +391,29 @@ int ENGINE_add(ENGINE *e); - int ENGINE_remove(ENGINE *e); - /* Retrieve an engine from the list by its unique "id" value. */ - ENGINE *ENGINE_by_id(const char *id); -- --#if OPENSSL_API_COMPAT < 0x10100000L --# define ENGINE_load_openssl() \ -- OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_OPENSSL, NULL) --# define ENGINE_load_dynamic() \ -- OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_DYNAMIC, NULL) -+/* Add all the built-in engines. */ -+void ENGINE_load_openssl(void); -+void ENGINE_load_dynamic(void); - # ifndef OPENSSL_NO_STATIC_ENGINE --# define ENGINE_load_padlock() \ -- OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_PADLOCK, NULL) --# define ENGINE_load_capi() \ -- OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CAPI, NULL) --# define ENGINE_load_afalg() \ -- OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_AFALG, NULL) -+void ENGINE_load_4758cca(void); -+void ENGINE_load_aep(void); -+void ENGINE_load_atalla(void); -+void ENGINE_load_chil(void); -+void ENGINE_load_cswift(void); -+void ENGINE_load_nuron(void); -+void ENGINE_load_sureware(void); -+void ENGINE_load_ubsec(void); -+void ENGINE_load_padlock(void); -+void ENGINE_load_capi(void); -+# ifndef OPENSSL_NO_GMP -+void ENGINE_load_gmp(void); -+# endif -+# ifndef OPENSSL_NO_GOST -+void ENGINE_load_gost(void); -+# endif - # endif --# define ENGINE_load_cryptodev() \ -- OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CRYPTODEV, NULL) --# define ENGINE_load_rdrand() \ -- OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_RDRAND, NULL) --#endif -+void ENGINE_load_cryptodev(void); -+void ENGINE_load_rdrand(void); - void ENGINE_load_builtin_engines(void); - - /* -@@ -356,7 +428,8 @@ void ENGINE_set_table_flags(unsigned int flags); - * ENGINE_register_***(e) - registers the implementation from 'e' (if it has one) - * ENGINE_unregister_***(e) - unregister the implementation from 'e' - * ENGINE_register_all_***() - call ENGINE_register_***() for each 'e' in the list -- * Cleanup is automatically registered from each table when required. -+ * Cleanup is automatically registered from each table when required, so -+ * ENGINE_cleanup() will reverse any "register" operations. - */ - - int ENGINE_register_RSA(ENGINE *e); -@@ -367,9 +440,13 @@ int ENGINE_register_DSA(ENGINE *e); - void ENGINE_unregister_DSA(ENGINE *e); - void ENGINE_register_all_DSA(void); - --int ENGINE_register_EC(ENGINE *e); --void ENGINE_unregister_EC(ENGINE *e); --void ENGINE_register_all_EC(void); -+int ENGINE_register_ECDH(ENGINE *e); -+void ENGINE_unregister_ECDH(ENGINE *e); -+void ENGINE_register_all_ECDH(void); -+ -+int ENGINE_register_ECDSA(ENGINE *e); -+void ENGINE_unregister_ECDSA(ENGINE *e); -+void ENGINE_register_all_ECDSA(void); - - int ENGINE_register_DH(ENGINE *e); - void ENGINE_unregister_DH(ENGINE *e); -@@ -379,6 +456,10 @@ int ENGINE_register_RAND(ENGINE *e); - void ENGINE_unregister_RAND(ENGINE *e); - void ENGINE_register_all_RAND(void); - -+int ENGINE_register_STORE(ENGINE *e); -+void ENGINE_unregister_STORE(ENGINE *e); -+void ENGINE_register_all_STORE(void); -+ - int ENGINE_register_ciphers(ENGINE *e); - void ENGINE_unregister_ciphers(ENGINE *e); - void ENGINE_register_all_ciphers(void); -@@ -473,9 +554,11 @@ int ENGINE_set_id(ENGINE *e, const char *id); - int ENGINE_set_name(ENGINE *e, const char *name); - int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); - int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); --int ENGINE_set_EC(ENGINE *e, const EC_KEY_METHOD *ecdsa_meth); -+int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *ecdh_meth); -+int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *ecdsa_meth); - int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth); - int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth); -+int ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *store_meth); - int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f); - int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f); - int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f); -@@ -493,18 +576,19 @@ int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f); - int ENGINE_set_flags(ENGINE *e, int flags); - int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns); - /* These functions allow control over any per-structure ENGINE data. */ --#define ENGINE_get_ex_new_index(l, p, newf, dupf, freef) \ -- CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, l, p, newf, dupf, freef) -+int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, -+ CRYPTO_EX_dup *dup_func, -+ CRYPTO_EX_free *free_func); - int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg); - void *ENGINE_get_ex_data(const ENGINE *e, int idx); - --#if OPENSSL_API_COMPAT < 0x10100000L - /* -- * This function previously cleaned up anything that needs it. Auto-deinit will -- * now take care of it so it is no longer required to call this function. -+ * This function cleans up anything that needs it. Eg. the ENGINE_add() -+ * function automatically ensures the list cleanup function is registered to -+ * be called from ENGINE_cleanup(). Similarly, all ENGINE_register_*** -+ * functions ensure ENGINE_cleanup() will clean up after them. - */ --# define ENGINE_cleanup() while(0) continue --#endif -+void ENGINE_cleanup(void); - - /* - * These return values from within the ENGINE structure. These can be useful -@@ -516,9 +600,11 @@ const char *ENGINE_get_id(const ENGINE *e); - const char *ENGINE_get_name(const ENGINE *e); - const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e); - const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e); --const EC_KEY_METHOD *ENGINE_get_EC(const ENGINE *e); -+const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e); -+const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e); - const DH_METHOD *ENGINE_get_DH(const ENGINE *e); - const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e); -+const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e); - ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e); - ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e); - ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e); -@@ -593,7 +679,8 @@ int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s, - ENGINE *ENGINE_get_default_RSA(void); - /* Same for the other "methods" */ - ENGINE *ENGINE_get_default_DSA(void); --ENGINE *ENGINE_get_default_EC(void); -+ENGINE *ENGINE_get_default_ECDH(void); -+ENGINE *ENGINE_get_default_ECDSA(void); - ENGINE *ENGINE_get_default_DH(void); - ENGINE *ENGINE_get_default_RAND(void); - /* -@@ -615,7 +702,8 @@ int ENGINE_set_default_RSA(ENGINE *e); - int ENGINE_set_default_string(ENGINE *e, const char *def_list); - /* Same for the other "methods" */ - int ENGINE_set_default_DSA(ENGINE *e); --int ENGINE_set_default_EC(ENGINE *e); -+int ENGINE_set_default_ECDH(ENGINE *e); -+int ENGINE_set_default_ECDSA(ENGINE *e); - int ENGINE_set_default_DH(ENGINE *e); - int ENGINE_set_default_RAND(ENGINE *e); - int ENGINE_set_default_ciphers(ENGINE *e); -@@ -642,12 +730,12 @@ void ENGINE_add_conf_module(void); - /**************************/ - - /* Binary/behaviour compatibility levels */ --# define OSSL_DYNAMIC_VERSION (unsigned long)0x00030000 -+# define OSSL_DYNAMIC_VERSION (unsigned long)0x00020000 - /* - * Binary versions older than this are too old for us (whether we're a loader - * or a loadee) - */ --# define OSSL_DYNAMIC_OLDEST (unsigned long)0x00030000 -+# define OSSL_DYNAMIC_OLDEST (unsigned long)0x00020000 - - /* - * When compiling an ENGINE entirely as an external shared library, loadable -@@ -660,22 +748,40 @@ void ENGINE_add_conf_module(void); - * same static data as the calling application (or library), and thus whether - * these callbacks need to be set or not. - */ --typedef void *(*dyn_MEM_malloc_fn) (size_t, const char *, int); --typedef void *(*dyn_MEM_realloc_fn) (void *, size_t, const char *, int); --typedef void (*dyn_MEM_free_fn) (void *, const char *, int); -+typedef void *(*dyn_MEM_malloc_cb) (size_t); -+typedef void *(*dyn_MEM_realloc_cb) (void *, size_t); -+typedef void (*dyn_MEM_free_cb) (void *); - typedef struct st_dynamic_MEM_fns { -- dyn_MEM_malloc_fn malloc_fn; -- dyn_MEM_realloc_fn realloc_fn; -- dyn_MEM_free_fn free_fn; -+ dyn_MEM_malloc_cb malloc_cb; -+ dyn_MEM_realloc_cb realloc_cb; -+ dyn_MEM_free_cb free_cb; - } dynamic_MEM_fns; - /* - * FIXME: Perhaps the memory and locking code (crypto.h) should declare and -- * use these types so we (and any other dependent code) can simplify a bit?? -- */ -+ * use these types so we (and any other dependant code) can simplify a bit?? -+ */ -+typedef void (*dyn_lock_locking_cb) (int, int, const char *, int); -+typedef int (*dyn_lock_add_lock_cb) (int *, int, int, const char *, int); -+typedef struct CRYPTO_dynlock_value *(*dyn_dynlock_create_cb) (const char *, -+ int); -+typedef void (*dyn_dynlock_lock_cb) (int, struct CRYPTO_dynlock_value *, -+ const char *, int); -+typedef void (*dyn_dynlock_destroy_cb) (struct CRYPTO_dynlock_value *, -+ const char *, int); -+typedef struct st_dynamic_LOCK_fns { -+ dyn_lock_locking_cb lock_locking_cb; -+ dyn_lock_add_lock_cb lock_add_lock_cb; -+ dyn_dynlock_create_cb dynlock_create_cb; -+ dyn_dynlock_lock_cb dynlock_lock_cb; -+ dyn_dynlock_destroy_cb dynlock_destroy_cb; -+} dynamic_LOCK_fns; - /* The top-level structure */ - typedef struct st_dynamic_fns { - void *static_state; -+ const ERR_FNS *err_fns; -+ const CRYPTO_EX_DATA_IMPL *ex_data_fns; - dynamic_MEM_fns mem_fns; -+ dynamic_LOCK_fns lock_fns; - } dynamic_fns; - - /* -@@ -694,7 +800,7 @@ typedef unsigned long (*dynamic_v_check_fn) (unsigned long ossl_version); - # define IMPLEMENT_DYNAMIC_CHECK_FN() \ - OPENSSL_EXPORT unsigned long v_check(unsigned long v); \ - OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \ -- if (v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \ -+ if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \ - return 0; } - - /* -@@ -722,13 +828,21 @@ typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id, - int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \ - OPENSSL_EXPORT \ - int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \ -- if (ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \ -- CRYPTO_set_mem_functions(fns->mem_fns.malloc_fn, \ -- fns->mem_fns.realloc_fn, \ -- fns->mem_fns.free_fn); \ -+ if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \ -+ if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \ -+ fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \ -+ return 0; \ -+ CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \ -+ CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \ -+ CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \ -+ CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \ -+ CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \ -+ if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \ -+ return 0; \ -+ if(!ERR_set_implementation(fns->err_fns)) return 0; \ - skip_cbs: \ -- if (!fn(e, id)) return 0; \ -- return 1; } -+ if(!fn(e,id)) return 0; \ -+ return 1; } - - /* - * If the loading application (or library) and the loaded ENGINE library -@@ -744,7 +858,7 @@ typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id, - void *ENGINE_get_static_state(void); - - # if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) --DEPRECATEDIN_1_1_0(void ENGINE_setup_bsd_cryptodev(void)) -+void ENGINE_setup_bsd_cryptodev(void); - # endif - - /* BEGIN ERROR CODES */ -@@ -752,8 +866,7 @@ DEPRECATEDIN_1_1_0(void ENGINE_setup_bsd_cryptodev(void)) - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -- --int ERR_load_ENGINE_strings(void); -+void ERR_load_ENGINE_strings(void); - - /* Error codes for the ENGINE functions. */ - -@@ -769,10 +882,10 @@ int ERR_load_ENGINE_strings(void); - # define ENGINE_F_ENGINE_CTRL_CMD 178 - # define ENGINE_F_ENGINE_CTRL_CMD_STRING 171 - # define ENGINE_F_ENGINE_FINISH 107 -+# define ENGINE_F_ENGINE_FREE_UTIL 108 - # define ENGINE_F_ENGINE_GET_CIPHER 185 -+# define ENGINE_F_ENGINE_GET_DEFAULT_TYPE 177 - # define ENGINE_F_ENGINE_GET_DIGEST 186 --# define ENGINE_F_ENGINE_GET_FIRST 195 --# define ENGINE_F_ENGINE_GET_LAST 196 - # define ENGINE_F_ENGINE_GET_NEXT 115 - # define ENGINE_F_ENGINE_GET_PKEY_ASN1_METH 193 - # define ENGINE_F_ENGINE_GET_PKEY_METH 192 -@@ -784,17 +897,19 @@ int ERR_load_ENGINE_strings(void); - # define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151 - # define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 194 - # define ENGINE_F_ENGINE_NEW 122 --# define ENGINE_F_ENGINE_PKEY_ASN1_FIND_STR 197 - # define ENGINE_F_ENGINE_REMOVE 123 - # define ENGINE_F_ENGINE_SET_DEFAULT_STRING 189 -+# define ENGINE_F_ENGINE_SET_DEFAULT_TYPE 126 - # define ENGINE_F_ENGINE_SET_ID 129 - # define ENGINE_F_ENGINE_SET_NAME 130 - # define ENGINE_F_ENGINE_TABLE_REGISTER 184 -+# define ENGINE_F_ENGINE_UNLOAD_KEY 152 - # define ENGINE_F_ENGINE_UNLOCKED_FINISH 191 - # define ENGINE_F_ENGINE_UP_REF 190 - # define ENGINE_F_INT_CTRL_HELPER 172 - # define ENGINE_F_INT_ENGINE_CONFIGURE 188 - # define ENGINE_F_INT_ENGINE_MODULE_INIT 187 -+# define ENGINE_F_LOG_MESSAGE 141 - - /* Reason codes. */ - # define ENGINE_R_ALREADY_LOADED 100 -@@ -804,6 +919,8 @@ int ERR_load_ENGINE_strings(void); - # define ENGINE_R_COMMAND_TAKES_NO_INPUT 136 - # define ENGINE_R_CONFLICTING_ENGINE_ID 103 - # define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 119 -+# define ENGINE_R_DH_NOT_IMPLEMENTED 139 -+# define ENGINE_R_DSA_NOT_IMPLEMENTED 140 - # define ENGINE_R_DSO_FAILURE 104 - # define ENGINE_R_DSO_NOT_FOUND 132 - # define ENGINE_R_ENGINES_SECTION_ERROR 148 -@@ -813,6 +930,7 @@ int ERR_load_ENGINE_strings(void); - # define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128 - # define ENGINE_R_FAILED_LOADING_PUBLIC_KEY 129 - # define ENGINE_R_FINISH_FAILED 106 -+# define ENGINE_R_GET_HANDLE_FAILED 107 - # define ENGINE_R_ID_OR_NAME_MISSING 108 - # define ENGINE_R_INIT_FAILED 109 - # define ENGINE_R_INTERNAL_LIST_ERROR 110 -@@ -828,13 +946,15 @@ int ERR_load_ENGINE_strings(void); - # define ENGINE_R_NO_LOAD_FUNCTION 125 - # define ENGINE_R_NO_REFERENCE 130 - # define ENGINE_R_NO_SUCH_ENGINE 116 -+# define ENGINE_R_NO_UNLOAD_FUNCTION 126 -+# define ENGINE_R_PROVIDE_PARAMETERS 113 -+# define ENGINE_R_RSA_NOT_IMPLEMENTED 141 - # define ENGINE_R_UNIMPLEMENTED_CIPHER 146 - # define ENGINE_R_UNIMPLEMENTED_DIGEST 147 - # define ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD 101 - # define ENGINE_R_VERSION_INCOMPATIBILITY 145 - --# ifdef __cplusplus -+#ifdef __cplusplus - } --# endif --# endif -+#endif - #endif -diff --git a/Cryptlib/Include/openssl/err.h b/Cryptlib/Include/openssl/err.h -index 9bbe9e1..04c6cfc 100644 ---- a/Cryptlib/Include/openssl/err.h -+++ b/Cryptlib/Include/openssl/err.h -@@ -1,10 +1,112 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/err/err.h */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+/* ==================================================================== -+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #ifndef HEADER_ERR_H -@@ -12,14 +114,18 @@ - - # include - --# ifndef OPENSSL_NO_STDIO -+# ifndef OPENSSL_NO_FP_API - # include - # include - # endif - - # include --# include --# include -+# ifndef OPENSSL_NO_BIO -+# include -+# endif -+# ifndef OPENSSL_NO_LHASH -+# include -+# endif - - #ifdef __cplusplus - extern "C" { -@@ -40,6 +146,7 @@ extern "C" { - - # define ERR_NUM_ERRORS 16 - typedef struct err_state_st { -+ CRYPTO_THREADID tid; - int err_flags[ERR_NUM_ERRORS]; - unsigned long err_buffer[ERR_NUM_ERRORS]; - char *err_data[ERR_NUM_ERRORS]; -@@ -89,10 +196,7 @@ typedef struct err_state_st { - # define ERR_LIB_CMS 46 - # define ERR_LIB_TS 47 - # define ERR_LIB_HMAC 48 --/* # define ERR_LIB_JPAKE 49 */ --# define ERR_LIB_CT 50 --# define ERR_LIB_ASYNC 51 --# define ERR_LIB_KDF 52 -+# define ERR_LIB_JPAKE 49 - - # define ERR_LIB_USER 128 - -@@ -128,18 +232,19 @@ typedef struct err_state_st { - # define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) - # define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) - # define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),OPENSSL_FILE,OPENSSL_LINE) --# define CTerr(f,r) ERR_PUT_error(ERR_LIB_CT,(f),(r),OPENSSL_FILE,OPENSSL_LINE) --# define ASYNCerr(f,r) ERR_PUT_error(ERR_LIB_ASYNC,(f),(r),OPENSSL_FILE,OPENSSL_LINE) --# define KDFerr(f,r) ERR_PUT_error(ERR_LIB_KDF,(f),(r),OPENSSL_FILE,OPENSSL_LINE) -+# define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),OPENSSL_FILE,OPENSSL_LINE) - --# define ERR_PACK(l,f,r) ( \ -- (((unsigned int)(l) & 0x0FF) << 24L) | \ -- (((unsigned int)(f) & 0xFFF) << 12L) | \ -- (((unsigned int)(r) & 0xFFF) ) ) --# define ERR_GET_LIB(l) (int)(((l) >> 24L) & 0x0FFL) --# define ERR_GET_FUNC(l) (int)(((l) >> 12L) & 0xFFFL) --# define ERR_GET_REASON(l) (int)( (l) & 0xFFFL) --# define ERR_FATAL_ERROR(l) (int)( (l) & ERR_R_FATAL) -+/* -+ * Borland C seems too stupid to be able to shift and do longs in the -+ * pre-processor :-( -+ */ -+# define ERR_PACK(l,f,r) (((((unsigned long)l)&0xffL)*0x1000000)| \ -+ ((((unsigned long)f)&0xfffL)*0x1000)| \ -+ ((((unsigned long)r)&0xfffL))) -+# define ERR_GET_LIB(l) (int)((((unsigned long)l)>>24L)&0xffL) -+# define ERR_GET_FUNC(l) (int)((((unsigned long)l)>>12L)&0xfffL) -+# define ERR_GET_REASON(l) (int)((l)&0xfffL) -+# define ERR_FATAL_ERROR(l) (int)((l)&ERR_R_FATAL) - - /* OS functions */ - # define SYS_F_FOPEN 1 -@@ -153,12 +258,6 @@ typedef struct err_state_st { - # define SYS_F_WSASTARTUP 9/* Winsock stuff */ - # define SYS_F_OPENDIR 10 - # define SYS_F_FREAD 11 --# define SYS_F_GETADDRINFO 12 --# define SYS_F_GETNAMEINFO 13 --# define SYS_F_SETSOCKOPT 14 --# define SYS_F_GETSOCKOPT 15 --# define SYS_F_GETSOCKNAME 16 --# define SYS_F_GETHOSTBYNAME 17 - - /* reasons */ - # define ERR_R_SYS_LIB ERR_LIB_SYS/* 2 */ -@@ -172,14 +271,30 @@ typedef struct err_state_st { - # define ERR_R_DSA_LIB ERR_LIB_DSA/* 10 */ - # define ERR_R_X509_LIB ERR_LIB_X509/* 11 */ - # define ERR_R_ASN1_LIB ERR_LIB_ASN1/* 13 */ -+# define ERR_R_CONF_LIB ERR_LIB_CONF/* 14 */ -+# define ERR_R_CRYPTO_LIB ERR_LIB_CRYPTO/* 15 */ - # define ERR_R_EC_LIB ERR_LIB_EC/* 16 */ -+# define ERR_R_SSL_LIB ERR_LIB_SSL/* 20 */ - # define ERR_R_BIO_LIB ERR_LIB_BIO/* 32 */ - # define ERR_R_PKCS7_LIB ERR_LIB_PKCS7/* 33 */ - # define ERR_R_X509V3_LIB ERR_LIB_X509V3/* 34 */ -+# define ERR_R_PKCS12_LIB ERR_LIB_PKCS12/* 35 */ -+# define ERR_R_RAND_LIB ERR_LIB_RAND/* 36 */ -+# define ERR_R_DSO_LIB ERR_LIB_DSO/* 37 */ - # define ERR_R_ENGINE_LIB ERR_LIB_ENGINE/* 38 */ -+# define ERR_R_OCSP_LIB ERR_LIB_OCSP/* 39 */ -+# define ERR_R_UI_LIB ERR_LIB_UI/* 40 */ -+# define ERR_R_COMP_LIB ERR_LIB_COMP/* 41 */ - # define ERR_R_ECDSA_LIB ERR_LIB_ECDSA/* 42 */ -+# define ERR_R_ECDH_LIB ERR_LIB_ECDH/* 43 */ -+# define ERR_R_STORE_LIB ERR_LIB_STORE/* 44 */ -+# define ERR_R_TS_LIB ERR_LIB_TS/* 45 */ - - # define ERR_R_NESTED_ASN1_ERROR 58 -+# define ERR_R_BAD_ASN1_OBJECT_HEADER 59 -+# define ERR_R_BAD_GET_ASN1_OBJECT_CALL 60 -+# define ERR_R_EXPECTING_AN_ASN1_SEQUENCE 61 -+# define ERR_R_ASN1_LENGTH_MISMATCH 62 - # define ERR_R_MISSING_ASN1_EOS 63 - - /* fatal error */ -@@ -189,8 +304,6 @@ typedef struct err_state_st { - # define ERR_R_PASSED_NULL_PARAMETER (3|ERR_R_FATAL) - # define ERR_R_INTERNAL_ERROR (4|ERR_R_FATAL) - # define ERR_R_DISABLED (5|ERR_R_FATAL) --# define ERR_R_INIT_FAIL (6|ERR_R_FATAL) --# define ERR_R_PASSED_INVALID_ARGUMENT (7) - - /* - * 99 is the maximum possible ERR_R_... code, higher values are reserved for -@@ -202,8 +315,6 @@ typedef struct ERR_string_data_st { - const char *string; - } ERR_STRING_DATA; - --DEFINE_LHASH_OF(ERR_STRING_DATA); -- - void ERR_put_error(int lib, int func, int reason, const char *file, int line); - void ERR_set_error_data(char *data, int flags); - -@@ -227,31 +338,50 @@ const char *ERR_func_error_string(unsigned long e); - const char *ERR_reason_error_string(unsigned long e); - void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u), - void *u); --# ifndef OPENSSL_NO_STDIO -+# ifndef OPENSSL_NO_FP_API - void ERR_print_errors_fp(FILE *fp); - # endif -+# ifndef OPENSSL_NO_BIO - void ERR_print_errors(BIO *bp); -+# endif - void ERR_add_error_data(int num, ...); - void ERR_add_error_vdata(int num, va_list args); --int ERR_load_strings(int lib, ERR_STRING_DATA str[]); --int ERR_unload_strings(int lib, ERR_STRING_DATA str[]); --int ERR_load_ERR_strings(void); -- --#if OPENSSL_API_COMPAT < 0x10100000L --# define ERR_load_crypto_strings() \ -- OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) --# define ERR_free_strings() while(0) continue --#endif -+void ERR_load_strings(int lib, ERR_STRING_DATA str[]); -+void ERR_unload_strings(int lib, ERR_STRING_DATA str[]); -+void ERR_load_ERR_strings(void); -+void ERR_load_crypto_strings(void); -+void ERR_free_strings(void); - --DEPRECATEDIN_1_1_0(void ERR_remove_thread_state(void *)) --DEPRECATEDIN_1_0_0(void ERR_remove_state(unsigned long pid)) -+void ERR_remove_thread_state(const CRYPTO_THREADID *tid); -+# ifndef OPENSSL_NO_DEPRECATED -+void ERR_remove_state(unsigned long pid); /* if zero we look it up */ -+# endif - ERR_STATE *ERR_get_state(void); - -+# ifndef OPENSSL_NO_LHASH -+LHASH_OF(ERR_STRING_DATA) *ERR_get_string_table(void); -+LHASH_OF(ERR_STATE) *ERR_get_err_state_table(void); -+void ERR_release_err_state_table(LHASH_OF(ERR_STATE) **hash); -+# endif -+ - int ERR_get_next_error_library(void); - - int ERR_set_mark(void); - int ERR_pop_to_mark(void); - -+/* Already defined in ossl_typ.h */ -+/* typedef struct st_ERR_FNS ERR_FNS; */ -+/* -+ * An application can use this function and provide the return value to -+ * loaded modules that should use the application's ERR state/functionality -+ */ -+const ERR_FNS *ERR_get_implementation(void); -+/* -+ * A loaded module should call this function prior to any ERR operations -+ * using the application's "ERR_FNS". -+ */ -+int ERR_set_implementation(const ERR_FNS *fns); -+ - #ifdef __cplusplus - } - #endif -diff --git a/Cryptlib/Include/openssl/evp.h b/Cryptlib/Include/openssl/evp.h -index 01f51b7..376f260 100644 ---- a/Cryptlib/Include/openssl/evp.h -+++ b/Cryptlib/Include/openssl/evp.h -@@ -1,20 +1,87 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/evp/evp.h */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #ifndef HEADER_ENVELOPE_H - # define HEADER_ENVELOPE_H - --# include -+# ifdef OPENSSL_ALGORITHM_DEFINES -+# include -+# else -+# define OPENSSL_ALGORITHM_DEFINES -+# include -+# undef OPENSSL_ALGORITHM_DEFINES -+# endif -+ - # include -+ - # include --# include - -+# ifndef OPENSSL_NO_BIO -+# include -+# endif -+ -+/*- -+#define EVP_RC2_KEY_SIZE 16 -+#define EVP_RC4_KEY_SIZE 16 -+#define EVP_BLOWFISH_KEY_SIZE 16 -+#define EVP_CAST5_KEY_SIZE 16 -+#define EVP_RC5_32_12_16_KEY_SIZE 16 -+*/ - # define EVP_MAX_MD_SIZE 64/* longest known is SHA512 */ - # define EVP_MAX_KEY_LENGTH 64 - # define EVP_MAX_IV_LENGTH 16 -@@ -50,58 +117,92 @@ - # define EVP_PKEY_EC NID_X9_62_id_ecPublicKey - # define EVP_PKEY_HMAC NID_hmac - # define EVP_PKEY_CMAC NID_cmac --# define EVP_PKEY_TLS1_PRF NID_tls1_prf --# define EVP_PKEY_HKDF NID_hkdf - - #ifdef __cplusplus - extern "C" { - #endif - -+/* -+ * Type needs to be a bit field Sub-type needs to be for variations on the -+ * method, as in, can it do arbitrary encryption.... -+ */ -+struct evp_pkey_st { -+ int type; -+ int save_type; -+ int references; -+ const EVP_PKEY_ASN1_METHOD *ameth; -+ ENGINE *engine; -+ union { -+ char *ptr; -+# ifndef OPENSSL_NO_RSA -+ struct rsa_st *rsa; /* RSA */ -+# endif -+# ifndef OPENSSL_NO_DSA -+ struct dsa_st *dsa; /* DSA */ -+# endif -+# ifndef OPENSSL_NO_DH -+ struct dh_st *dh; /* DH */ -+# endif -+# ifndef OPENSSL_NO_EC -+ struct ec_key_st *ec; /* ECC */ -+# endif -+ } pkey; -+ int save_parameters; -+ STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ -+} /* EVP_PKEY */ ; -+ - # define EVP_PKEY_MO_SIGN 0x0001 - # define EVP_PKEY_MO_VERIFY 0x0002 - # define EVP_PKEY_MO_ENCRYPT 0x0004 - # define EVP_PKEY_MO_DECRYPT 0x0008 - - # ifndef EVP_MD --EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type); --EVP_MD *EVP_MD_meth_dup(const EVP_MD *md); --void EVP_MD_meth_free(EVP_MD *md); -- --int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize); --int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize); --int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize); --int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags); --int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx)); --int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx, -- const void *data, -- size_t count)); --int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx, -- unsigned char *md)); --int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to, -- const EVP_MD_CTX *from)); --int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx)); --int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd, -- int p1, void *p2)); -- --int EVP_MD_meth_get_input_blocksize(const EVP_MD *md); --int EVP_MD_meth_get_result_size(const EVP_MD *md); --int EVP_MD_meth_get_app_datasize(const EVP_MD *md); --unsigned long EVP_MD_meth_get_flags(const EVP_MD *md); --int (*EVP_MD_meth_get_init(const EVP_MD *md))(EVP_MD_CTX *ctx); --int (*EVP_MD_meth_get_update(const EVP_MD *md))(EVP_MD_CTX *ctx, -- const void *data, -- size_t count); --int (*EVP_MD_meth_get_final(const EVP_MD *md))(EVP_MD_CTX *ctx, -- unsigned char *md); --int (*EVP_MD_meth_get_copy(const EVP_MD *md))(EVP_MD_CTX *to, -- const EVP_MD_CTX *from); --int (*EVP_MD_meth_get_cleanup(const EVP_MD *md))(EVP_MD_CTX *ctx); --int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, -- int p1, void *p2); -+struct env_md_st { -+ int type; -+ int pkey_type; -+ int md_size; -+ unsigned long flags; -+ int (*init) (EVP_MD_CTX *ctx); -+ int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count); -+ int (*final) (EVP_MD_CTX *ctx, unsigned char *md); -+ int (*copy) (EVP_MD_CTX *to, const EVP_MD_CTX *from); -+ int (*cleanup) (EVP_MD_CTX *ctx); -+ /* FIXME: prototype these some day */ -+ int (*sign) (int type, const unsigned char *m, unsigned int m_length, -+ unsigned char *sigret, unsigned int *siglen, void *key); -+ int (*verify) (int type, const unsigned char *m, unsigned int m_length, -+ const unsigned char *sigbuf, unsigned int siglen, -+ void *key); -+ int required_pkey_type[5]; /* EVP_PKEY_xxx */ -+ int block_size; -+ int ctx_size; /* how big does the ctx->md_data need to be */ -+ /* control function */ -+ int (*md_ctrl) (EVP_MD_CTX *ctx, int cmd, int p1, void *p2); -+} /* EVP_MD */ ; -+ -+typedef int evp_sign_method(int type, const unsigned char *m, -+ unsigned int m_length, unsigned char *sigret, -+ unsigned int *siglen, void *key); -+typedef int evp_verify_method(int type, const unsigned char *m, -+ unsigned int m_length, -+ const unsigned char *sigbuf, -+ unsigned int siglen, void *key); - - /* digest can only handle a single block */ - # define EVP_MD_FLAG_ONESHOT 0x0001 - -+/* -+ * digest is a "clone" digest used -+ * which is a copy of an existing -+ * one for a specific public key type. -+ * EVP_dss1() etc -+ */ -+# define EVP_MD_FLAG_PKEY_DIGEST 0x0002 -+ -+/* Digest uses EVP_PKEY_METHOD for signing instead of MD specific signing */ -+ -+# define EVP_MD_FLAG_PKEY_METHOD_SIGNATURE 0x0004 -+ - /* DigestAlgorithmIdentifier flags... */ - - # define EVP_MD_FLAG_DIGALGID_MASK 0x0018 -@@ -130,8 +231,52 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, - - # define EVP_MD_CTRL_ALG_CTRL 0x1000 - -+# define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0} -+ -+# ifndef OPENSSL_NO_DSA -+# define EVP_PKEY_DSA_method (evp_sign_method *)DSA_sign, \ -+ (evp_verify_method *)DSA_verify, \ -+ {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \ -+ EVP_PKEY_DSA4,0} -+# else -+# define EVP_PKEY_DSA_method EVP_PKEY_NULL_method -+# endif -+ -+# ifndef OPENSSL_NO_ECDSA -+# define EVP_PKEY_ECDSA_method (evp_sign_method *)ECDSA_sign, \ -+ (evp_verify_method *)ECDSA_verify, \ -+ {EVP_PKEY_EC,0,0,0} -+# else -+# define EVP_PKEY_ECDSA_method EVP_PKEY_NULL_method -+# endif -+ -+# ifndef OPENSSL_NO_RSA -+# define EVP_PKEY_RSA_method (evp_sign_method *)RSA_sign, \ -+ (evp_verify_method *)RSA_verify, \ -+ {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} -+# define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \ -+ (evp_sign_method *)RSA_sign_ASN1_OCTET_STRING, \ -+ (evp_verify_method *)RSA_verify_ASN1_OCTET_STRING, \ -+ {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} -+# else -+# define EVP_PKEY_RSA_method EVP_PKEY_NULL_method -+# define EVP_PKEY_RSA_ASN1_OCTET_STRING_method EVP_PKEY_NULL_method -+# endif -+ - # endif /* !EVP_MD */ - -+struct env_md_ctx_st { -+ const EVP_MD *digest; -+ ENGINE *engine; /* functional reference if 'digest' is -+ * ENGINE-provided */ -+ unsigned long flags; -+ void *md_data; -+ /* Public key context for sign/verify */ -+ EVP_PKEY_CTX *pctx; -+ /* Update function: usually copied from EVP_MD */ -+ int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count); -+} /* EVP_MD_CTX */ ; -+ - /* values for EVP_MD_CTX flags */ - - # define EVP_MD_CTX_FLAG_ONESHOT 0x0001/* digest update will be -@@ -139,7 +284,7 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, - # define EVP_MD_CTX_FLAG_CLEANED 0x0002/* context has already been - * cleaned */ - # define EVP_MD_CTX_FLAG_REUSE 0x0004/* Don't free up ctx->md_data -- * in EVP_MD_CTX_reset */ -+ * in EVP_MD_CTX_cleanup */ - /* - * FIPS and pad options are ignored in 1.0.0, definitions are here so we - * don't accidentally reuse the values for other purposes. -@@ -159,59 +304,34 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, - # define EVP_MD_CTX_FLAG_PAD_PSS 0x20/* PSS mode */ - - # define EVP_MD_CTX_FLAG_NO_INIT 0x0100/* Don't initialize md_data */ --/* -- * Some functions such as EVP_DigestSign only finalise copies of internal -- * contexts so additional data can be included after the finalisation call. -- * This is inefficient if this functionality is not required: it is disabled -- * if the following flag is set. -- */ --# define EVP_MD_CTX_FLAG_FINALISE 0x0200 -- --EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len); --EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher); --void EVP_CIPHER_meth_free(EVP_CIPHER *cipher); -- --int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len); --int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags); --int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size); --int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher, -- int (*init) (EVP_CIPHER_CTX *ctx, -- const unsigned char *key, -- const unsigned char *iv, -- int enc)); --int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher, -- int (*do_cipher) (EVP_CIPHER_CTX *ctx, -- unsigned char *out, -- const unsigned char *in, -- size_t inl)); --int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher, -- int (*cleanup) (EVP_CIPHER_CTX *)); --int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher, -- int (*set_asn1_parameters) (EVP_CIPHER_CTX *, -- ASN1_TYPE *)); --int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher, -- int (*get_asn1_parameters) (EVP_CIPHER_CTX *, -- ASN1_TYPE *)); --int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher, -- int (*ctrl) (EVP_CIPHER_CTX *, int type, -- int arg, void *ptr)); -- --int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, -- const unsigned char *key, -- const unsigned char *iv, -- int enc); --int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, -- unsigned char *out, -- const unsigned char *in, -- size_t inl); --int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *); --int (*EVP_CIPHER_meth_get_set_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, -- ASN1_TYPE *); --int (*EVP_CIPHER_meth_get_get_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, -- ASN1_TYPE *); --int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, -- int type, int arg, -- void *ptr); -+ -+struct evp_cipher_st { -+ int nid; -+ int block_size; -+ /* Default value for variable length ciphers */ -+ int key_len; -+ int iv_len; -+ /* Various flags */ -+ unsigned long flags; -+ /* init key */ -+ int (*init) (EVP_CIPHER_CTX *ctx, const unsigned char *key, -+ const unsigned char *iv, int enc); -+ /* encrypt/decrypt data */ -+ int (*do_cipher) (EVP_CIPHER_CTX *ctx, unsigned char *out, -+ const unsigned char *in, size_t inl); -+ /* cleanup ctx */ -+ int (*cleanup) (EVP_CIPHER_CTX *); -+ /* how big ctx->cipher_data needs to be */ -+ int ctx_size; -+ /* Populate a ASN1_TYPE with parameters */ -+ int (*set_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *); -+ /* Get parameters from a ASN1_TYPE */ -+ int (*get_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *); -+ /* Miscellaneous operations */ -+ int (*ctrl) (EVP_CIPHER_CTX *, int type, int arg, void *ptr); -+ /* Application data */ -+ void *app_data; -+} /* EVP_CIPHER */ ; - - /* Values for cipher flags */ - -@@ -227,7 +347,6 @@ int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, - # define EVP_CIPH_CCM_MODE 0x7 - # define EVP_CIPH_XTS_MODE 0x10001 - # define EVP_CIPH_WRAP_MODE 0x10002 --# define EVP_CIPH_OCB_MODE 0x10003 - # define EVP_CIPH_MODE 0xF0007 - /* Set if variable length cipher */ - # define EVP_CIPH_VARIABLE_LENGTH 0x8 -@@ -259,8 +378,6 @@ int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, - # define EVP_CIPH_FLAG_CUSTOM_CIPHER 0x100000 - # define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 - # define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0x400000 --/* Cipher can handle pipeline operations */ --# define EVP_CIPH_FLAG_PIPELINE 0X800000 - - /* - * Cipher context flag to indicate we can handle wrap mode: if allowed in -@@ -280,19 +397,14 @@ int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, - # define EVP_CTRL_RAND_KEY 0x6 - # define EVP_CTRL_PBE_PRF_NID 0x7 - # define EVP_CTRL_COPY 0x8 --# define EVP_CTRL_AEAD_SET_IVLEN 0x9 --# define EVP_CTRL_AEAD_GET_TAG 0x10 --# define EVP_CTRL_AEAD_SET_TAG 0x11 --# define EVP_CTRL_AEAD_SET_IV_FIXED 0x12 --# define EVP_CTRL_GCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN --# define EVP_CTRL_GCM_GET_TAG EVP_CTRL_AEAD_GET_TAG --# define EVP_CTRL_GCM_SET_TAG EVP_CTRL_AEAD_SET_TAG --# define EVP_CTRL_GCM_SET_IV_FIXED EVP_CTRL_AEAD_SET_IV_FIXED -+# define EVP_CTRL_GCM_SET_IVLEN 0x9 -+# define EVP_CTRL_GCM_GET_TAG 0x10 -+# define EVP_CTRL_GCM_SET_TAG 0x11 -+# define EVP_CTRL_GCM_SET_IV_FIXED 0x12 - # define EVP_CTRL_GCM_IV_GEN 0x13 --# define EVP_CTRL_CCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN --# define EVP_CTRL_CCM_GET_TAG EVP_CTRL_AEAD_GET_TAG --# define EVP_CTRL_CCM_SET_TAG EVP_CTRL_AEAD_SET_TAG --# define EVP_CTRL_CCM_SET_IV_FIXED EVP_CTRL_AEAD_SET_IV_FIXED -+# define EVP_CTRL_CCM_SET_IVLEN EVP_CTRL_GCM_SET_IVLEN -+# define EVP_CTRL_CCM_GET_TAG EVP_CTRL_GCM_GET_TAG -+# define EVP_CTRL_CCM_SET_TAG EVP_CTRL_GCM_SET_TAG - # define EVP_CTRL_CCM_SET_L 0x14 - # define EVP_CTRL_CCM_SET_MSGLEN 0x15 - /* -@@ -311,36 +423,6 @@ int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, - # define EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT 0x1b - # define EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE 0x1c - --# define EVP_CTRL_SSL3_MASTER_SECRET 0x1d -- --/* EVP_CTRL_SET_SBOX takes the char * specifying S-boxes */ --# define EVP_CTRL_SET_SBOX 0x1e --/* -- * EVP_CTRL_SBOX_USED takes a 'size_t' and 'char *', pointing at a -- * pre-allocated buffer with specified size -- */ --# define EVP_CTRL_SBOX_USED 0x1f --/* EVP_CTRL_KEY_MESH takes 'size_t' number of bytes to mesh the key after, -- * 0 switches meshing off -- */ --# define EVP_CTRL_KEY_MESH 0x20 --/* EVP_CTRL_BLOCK_PADDING_MODE takes the padding mode */ --# define EVP_CTRL_BLOCK_PADDING_MODE 0x21 -- --/* Set the output buffers to use for a pipelined operation */ --# define EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS 0x22 --/* Set the input buffers to use for a pipelined operation */ --# define EVP_CTRL_SET_PIPELINE_INPUT_BUFS 0x23 --/* Set the input buffer lengths to use for a pipelined operation */ --# define EVP_CTRL_SET_PIPELINE_INPUT_LENS 0x24 -- --/* Padding modes */ --#define EVP_PADDING_PKCS7 1 --#define EVP_PADDING_ISO7816_4 2 --#define EVP_PADDING_ANSI923 3 --#define EVP_PADDING_ISO10126 4 --#define EVP_PADDING_ZERO 5 -- - /* RFC 5246 defines additional data to be 13 bytes in length */ - # define EVP_AEAD_TLS1_AAD_LEN 13 - -@@ -359,17 +441,45 @@ typedef struct { - /* Length of tag for TLS */ - # define EVP_GCM_TLS_TAG_LEN 16 - --/* CCM TLS constants */ --/* Length of fixed part of IV derived from PRF */ --# define EVP_CCM_TLS_FIXED_IV_LEN 4 --/* Length of explicit part of IV part of TLS records */ --# define EVP_CCM_TLS_EXPLICIT_IV_LEN 8 -- - typedef struct evp_cipher_info_st { - const EVP_CIPHER *cipher; - unsigned char iv[EVP_MAX_IV_LENGTH]; - } EVP_CIPHER_INFO; - -+struct evp_cipher_ctx_st { -+ const EVP_CIPHER *cipher; -+ ENGINE *engine; /* functional reference if 'cipher' is -+ * ENGINE-provided */ -+ int encrypt; /* encrypt or decrypt */ -+ int buf_len; /* number we have left */ -+ unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */ -+ unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */ -+ unsigned char buf[EVP_MAX_BLOCK_LENGTH]; /* saved partial block */ -+ int num; /* used by cfb/ofb/ctr mode */ -+ void *app_data; /* application stuff */ -+ int key_len; /* May change for variable length cipher */ -+ unsigned long flags; /* Various flags */ -+ void *cipher_data; /* per EVP data */ -+ int final_used; -+ int block_mask; -+ unsigned char final[EVP_MAX_BLOCK_LENGTH]; /* possible final block */ -+} /* EVP_CIPHER_CTX */ ; -+ -+typedef struct evp_Encode_Ctx_st { -+ /* number saved in a partial encode/decode */ -+ int num; -+ /* -+ * The length is either the output line length (in input bytes) or the -+ * shortest input line length that is ok. Once decoding begins, the -+ * length is adjusted up each time a longer line is decoded -+ */ -+ int length; -+ /* data to encode */ -+ unsigned char enc_data[80]; -+ /* number read on current line */ -+ int line_num; -+ int expect_nl; -+} EVP_ENCODE_CTX; - - /* Password based encryption function */ - typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass, -@@ -412,48 +522,29 @@ int EVP_MD_block_size(const EVP_MD *md); - unsigned long EVP_MD_flags(const EVP_MD *md); - - const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); --int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx, -- const void *data, size_t count); --void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx, -- int (*update) (EVP_MD_CTX *ctx, -- const void *data, size_t count)); - # define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e)) - # define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_md(e)) - # define EVP_MD_CTX_type(e) EVP_MD_type(EVP_MD_CTX_md(e)) --EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx); --void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx); - - int EVP_CIPHER_nid(const EVP_CIPHER *cipher); - # define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e)) - int EVP_CIPHER_block_size(const EVP_CIPHER *cipher); --int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *cipher); - int EVP_CIPHER_key_length(const EVP_CIPHER *cipher); - int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher); - unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher); - # define EVP_CIPHER_mode(e) (EVP_CIPHER_flags(e) & EVP_CIPH_MODE) - - const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx); --int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx); - int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx); - int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx); - int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx); - int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx); --const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx); --const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx); --unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx); --unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx); --int EVP_CIPHER_CTX_num(const EVP_CIPHER_CTX *ctx); --void EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num); - int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in); - void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); - void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data); --void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx); --void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data); - # define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) --# if OPENSSL_API_COMPAT < 0x10100000L --# define EVP_CIPHER_CTX_flags(c) EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(c)) --# endif --# define EVP_CIPHER_CTX_mode(c) EVP_CIPHER_mode(EVP_CIPHER_CTX_cipher(c)) -+unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx); -+# define EVP_CIPHER_CTX_mode(e) (EVP_CIPHER_CTX_flags(e) & EVP_CIPH_MODE) - - # define EVP_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80) - # define EVP_DECODE_LENGTH(l) ((l+3)/4*3+80) -@@ -480,9 +571,8 @@ void BIO_set_md(BIO *, const EVP_MD *md); - # define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL) - # define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp) - --/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c, -- unsigned char *out, -- const unsigned char *in, unsigned int inl); -+int EVP_Cipher(EVP_CIPHER_CTX *c, -+ unsigned char *out, const unsigned char *in, unsigned int inl); - - # define EVP_add_cipher_alias(n,alias) \ - OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n)) -@@ -493,31 +583,24 @@ void BIO_set_md(BIO *, const EVP_MD *md); - # define EVP_delete_digest_alias(alias) \ - OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS); - --int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2); --EVP_MD_CTX *EVP_MD_CTX_new(void); --int EVP_MD_CTX_reset(EVP_MD_CTX *ctx); --void EVP_MD_CTX_free(EVP_MD_CTX *ctx); --# define EVP_MD_CTX_create() EVP_MD_CTX_new() --# define EVP_MD_CTX_init(ctx) EVP_MD_CTX_reset((ctx)) --# define EVP_MD_CTX_destroy(ctx) EVP_MD_CTX_free((ctx)) --__owur int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in); -+void EVP_MD_CTX_init(EVP_MD_CTX *ctx); -+int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx); -+EVP_MD_CTX *EVP_MD_CTX_create(void); -+void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); -+int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in); - void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags); - void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); - int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags); --__owur int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, -- ENGINE *impl); --__owur int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, -- size_t cnt); --__owur int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, -- unsigned int *s); --__owur int EVP_Digest(const void *data, size_t count, -- unsigned char *md, unsigned int *size, -- const EVP_MD *type, ENGINE *impl); -- --__owur int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in); --__owur int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); --__owur int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, -- unsigned int *s); -+int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); -+int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); -+int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); -+int EVP_Digest(const void *data, size_t count, -+ unsigned char *md, unsigned int *size, const EVP_MD *type, -+ ENGINE *impl); -+ -+int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in); -+int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); -+int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); - - #ifndef OPENSSL_NO_UI - int EVP_read_pw_string(char *buf, int length, const char *prompt, int verify); -@@ -527,92 +610,75 @@ void EVP_set_pw_prompt(const char *prompt); - char *EVP_get_pw_prompt(void); - #endif - --__owur int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, -- const unsigned char *salt, -- const unsigned char *data, int datal, int count, -- unsigned char *key, unsigned char *iv); -+int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, -+ const unsigned char *salt, const unsigned char *data, -+ int datal, int count, unsigned char *key, -+ unsigned char *iv); - - void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags); - void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags); - int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags); - --__owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, -- const unsigned char *key, const unsigned char *iv); --/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, -- const EVP_CIPHER *cipher, ENGINE *impl, -- const unsigned char *key, -- const unsigned char *iv); --/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, -- int *outl, const unsigned char *in, int inl); --/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, -- int *outl); --/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, -- int *outl); -- --__owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, -- const unsigned char *key, const unsigned char *iv); --/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, -- const EVP_CIPHER *cipher, ENGINE *impl, -- const unsigned char *key, -- const unsigned char *iv); --/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, -- int *outl, const unsigned char *in, int inl); --__owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, -- int *outl); --/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, -- int *outl); -- --__owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, -- const unsigned char *key, const unsigned char *iv, -- int enc); --/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, -- const EVP_CIPHER *cipher, ENGINE *impl, -- const unsigned char *key, -- const unsigned char *iv, int enc); --__owur int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, -- int *outl, const unsigned char *in, int inl); --__owur int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, -- int *outl); --__owur int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, -- int *outl); -- --__owur int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s, -- EVP_PKEY *pkey); -- --__owur int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, -- unsigned int siglen, EVP_PKEY *pkey); -- --/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, -- const EVP_MD *type, ENGINE *e, -- EVP_PKEY *pkey); --__owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, -- size_t *siglen); -- --__owur int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, -- const EVP_MD *type, ENGINE *e, -- EVP_PKEY *pkey); --__owur int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, -- size_t siglen); -+int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, -+ const unsigned char *key, const unsigned char *iv); -+int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, -+ ENGINE *impl, const unsigned char *key, -+ const unsigned char *iv); -+int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, -+ const unsigned char *in, int inl); -+int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); -+int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); -+ -+int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, -+ const unsigned char *key, const unsigned char *iv); -+int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, -+ ENGINE *impl, const unsigned char *key, -+ const unsigned char *iv); -+int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, -+ const unsigned char *in, int inl); -+int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); -+int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); -+ -+int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, -+ const unsigned char *key, const unsigned char *iv, -+ int enc); -+int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, -+ ENGINE *impl, const unsigned char *key, -+ const unsigned char *iv, int enc); -+int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, -+ const unsigned char *in, int inl); -+int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); -+int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); - --# ifndef OPENSSL_NO_RSA --__owur int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, -- const unsigned char *ek, int ekl, -- const unsigned char *iv, EVP_PKEY *priv); --__owur int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); -- --__owur int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, -- unsigned char **ek, int *ekl, unsigned char *iv, -- EVP_PKEY **pubk, int npubk); --__owur int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); --# endif -+int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s, -+ EVP_PKEY *pkey); -+ -+int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, -+ unsigned int siglen, EVP_PKEY *pkey); -+ -+int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, -+ const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); -+int EVP_DigestSignFinal(EVP_MD_CTX *ctx, -+ unsigned char *sigret, size_t *siglen); -+ -+int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, -+ const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); -+int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, -+ const unsigned char *sig, size_t siglen); -+ -+int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, -+ const unsigned char *ek, int ekl, const unsigned char *iv, -+ EVP_PKEY *priv); -+int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); -+ -+int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, -+ unsigned char **ek, int *ekl, unsigned char *iv, -+ EVP_PKEY **pubk, int npubk); -+int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); - --EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void); --void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx); --int EVP_ENCODE_CTX_copy(EVP_ENCODE_CTX *dctx, EVP_ENCODE_CTX *sctx); --int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx); - void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); --int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, -- const unsigned char *in, int inl); -+void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, -+ const unsigned char *in, int inl); - void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); - int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n); - -@@ -623,24 +689,23 @@ int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned - char *out, int *outl); - int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); - --# if OPENSSL_API_COMPAT < 0x10100000L --# define EVP_CIPHER_CTX_init(c) EVP_CIPHER_CTX_reset(c) --# define EVP_CIPHER_CTX_cleanup(c) EVP_CIPHER_CTX_reset(c) --# endif -+void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); -+int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); - EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); --int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c); --void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *c); -+void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *a); - int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); - int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad); - int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); - int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key); - --const BIO_METHOD *BIO_f_md(void); --const BIO_METHOD *BIO_f_base64(void); --const BIO_METHOD *BIO_f_cipher(void); --const BIO_METHOD *BIO_f_reliable(void); --__owur int BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k, -- const unsigned char *i, int enc); -+# ifndef OPENSSL_NO_BIO -+BIO_METHOD *BIO_f_md(void); -+BIO_METHOD *BIO_f_base64(void); -+BIO_METHOD *BIO_f_cipher(void); -+BIO_METHOD *BIO_f_reliable(void); -+void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k, -+ const unsigned char *i, int enc); -+# endif - - const EVP_MD *EVP_md_null(void); - # ifndef OPENSSL_NO_MD2 -@@ -651,21 +716,26 @@ const EVP_MD *EVP_md4(void); - # endif - # ifndef OPENSSL_NO_MD5 - const EVP_MD *EVP_md5(void); --const EVP_MD *EVP_md5_sha1(void); --# endif --# ifndef OPENSSL_NO_BLAKE2 --const EVP_MD *EVP_blake2b512(void); --const EVP_MD *EVP_blake2s256(void); - # endif -+# ifndef OPENSSL_NO_SHA -+const EVP_MD *EVP_sha(void); - const EVP_MD *EVP_sha1(void); -+const EVP_MD *EVP_dss(void); -+const EVP_MD *EVP_dss1(void); -+const EVP_MD *EVP_ecdsa(void); -+# endif -+# ifndef OPENSSL_NO_SHA256 - const EVP_MD *EVP_sha224(void); - const EVP_MD *EVP_sha256(void); -+# endif -+# ifndef OPENSSL_NO_SHA512 - const EVP_MD *EVP_sha384(void); - const EVP_MD *EVP_sha512(void); -+# endif - # ifndef OPENSSL_NO_MDC2 - const EVP_MD *EVP_mdc2(void); - # endif --# ifndef OPENSSL_NO_RMD160 -+# ifndef OPENSSL_NO_RIPEMD - const EVP_MD *EVP_ripemd160(void); - # endif - # ifndef OPENSSL_NO_WHIRLPOOL -@@ -684,6 +754,10 @@ const EVP_CIPHER *EVP_des_cfb1(void); - const EVP_CIPHER *EVP_des_cfb8(void); - const EVP_CIPHER *EVP_des_ede_cfb64(void); - # define EVP_des_ede_cfb EVP_des_ede_cfb64 -+# if 0 -+const EVP_CIPHER *EVP_des_ede_cfb1(void); -+const EVP_CIPHER *EVP_des_ede_cfb8(void); -+# endif - const EVP_CIPHER *EVP_des_ede3_cfb64(void); - # define EVP_des_ede3_cfb EVP_des_ede3_cfb64 - const EVP_CIPHER *EVP_des_ede3_cfb1(void); -@@ -701,6 +775,13 @@ const EVP_CIPHER *EVP_des_ede3_wrap(void); - * are rc4 and md5 declarations made here inside a "NO_DES" precompiler - * branch? - */ -+# if 0 -+# ifdef OPENSSL_OPENBSD_DEV_CRYPTO -+const EVP_CIPHER *EVP_dev_crypto_des_ede3_cbc(void); -+const EVP_CIPHER *EVP_dev_crypto_rc4(void); -+const EVP_MD *EVP_dev_crypto_md5(void); -+# endif -+# endif - # endif - # ifndef OPENSSL_NO_RC4 - const EVP_CIPHER *EVP_rc4(void); -@@ -746,57 +827,51 @@ const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void); - # define EVP_rc5_32_12_16_cfb EVP_rc5_32_12_16_cfb64 - const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void); - # endif -+# ifndef OPENSSL_NO_AES - const EVP_CIPHER *EVP_aes_128_ecb(void); - const EVP_CIPHER *EVP_aes_128_cbc(void); - const EVP_CIPHER *EVP_aes_128_cfb1(void); - const EVP_CIPHER *EVP_aes_128_cfb8(void); - const EVP_CIPHER *EVP_aes_128_cfb128(void); --# define EVP_aes_128_cfb EVP_aes_128_cfb128 -+# define EVP_aes_128_cfb EVP_aes_128_cfb128 - const EVP_CIPHER *EVP_aes_128_ofb(void); - const EVP_CIPHER *EVP_aes_128_ctr(void); - const EVP_CIPHER *EVP_aes_128_ccm(void); - const EVP_CIPHER *EVP_aes_128_gcm(void); - const EVP_CIPHER *EVP_aes_128_xts(void); - const EVP_CIPHER *EVP_aes_128_wrap(void); --const EVP_CIPHER *EVP_aes_128_wrap_pad(void); --# ifndef OPENSSL_NO_OCB --const EVP_CIPHER *EVP_aes_128_ocb(void); --# endif - const EVP_CIPHER *EVP_aes_192_ecb(void); - const EVP_CIPHER *EVP_aes_192_cbc(void); - const EVP_CIPHER *EVP_aes_192_cfb1(void); - const EVP_CIPHER *EVP_aes_192_cfb8(void); - const EVP_CIPHER *EVP_aes_192_cfb128(void); --# define EVP_aes_192_cfb EVP_aes_192_cfb128 -+# define EVP_aes_192_cfb EVP_aes_192_cfb128 - const EVP_CIPHER *EVP_aes_192_ofb(void); - const EVP_CIPHER *EVP_aes_192_ctr(void); - const EVP_CIPHER *EVP_aes_192_ccm(void); - const EVP_CIPHER *EVP_aes_192_gcm(void); - const EVP_CIPHER *EVP_aes_192_wrap(void); --const EVP_CIPHER *EVP_aes_192_wrap_pad(void); --# ifndef OPENSSL_NO_OCB --const EVP_CIPHER *EVP_aes_192_ocb(void); --# endif - const EVP_CIPHER *EVP_aes_256_ecb(void); - const EVP_CIPHER *EVP_aes_256_cbc(void); - const EVP_CIPHER *EVP_aes_256_cfb1(void); - const EVP_CIPHER *EVP_aes_256_cfb8(void); - const EVP_CIPHER *EVP_aes_256_cfb128(void); --# define EVP_aes_256_cfb EVP_aes_256_cfb128 -+# define EVP_aes_256_cfb EVP_aes_256_cfb128 - const EVP_CIPHER *EVP_aes_256_ofb(void); - const EVP_CIPHER *EVP_aes_256_ctr(void); - const EVP_CIPHER *EVP_aes_256_ccm(void); - const EVP_CIPHER *EVP_aes_256_gcm(void); - const EVP_CIPHER *EVP_aes_256_xts(void); - const EVP_CIPHER *EVP_aes_256_wrap(void); --const EVP_CIPHER *EVP_aes_256_wrap_pad(void); --# ifndef OPENSSL_NO_OCB --const EVP_CIPHER *EVP_aes_256_ocb(void); --# endif -+# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) - const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void); - const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void); -+# endif -+# ifndef OPENSSL_NO_SHA256 - const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void); - const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void); -+# endif -+# endif - # ifndef OPENSSL_NO_CAMELLIA - const EVP_CIPHER *EVP_camellia_128_ecb(void); - const EVP_CIPHER *EVP_camellia_128_cbc(void); -@@ -805,7 +880,6 @@ const EVP_CIPHER *EVP_camellia_128_cfb8(void); - const EVP_CIPHER *EVP_camellia_128_cfb128(void); - # define EVP_camellia_128_cfb EVP_camellia_128_cfb128 - const EVP_CIPHER *EVP_camellia_128_ofb(void); --const EVP_CIPHER *EVP_camellia_128_ctr(void); - const EVP_CIPHER *EVP_camellia_192_ecb(void); - const EVP_CIPHER *EVP_camellia_192_cbc(void); - const EVP_CIPHER *EVP_camellia_192_cfb1(void); -@@ -813,7 +887,6 @@ const EVP_CIPHER *EVP_camellia_192_cfb8(void); - const EVP_CIPHER *EVP_camellia_192_cfb128(void); - # define EVP_camellia_192_cfb EVP_camellia_192_cfb128 - const EVP_CIPHER *EVP_camellia_192_ofb(void); --const EVP_CIPHER *EVP_camellia_192_ctr(void); - const EVP_CIPHER *EVP_camellia_256_ecb(void); - const EVP_CIPHER *EVP_camellia_256_cbc(void); - const EVP_CIPHER *EVP_camellia_256_cfb1(void); -@@ -821,13 +894,6 @@ const EVP_CIPHER *EVP_camellia_256_cfb8(void); - const EVP_CIPHER *EVP_camellia_256_cfb128(void); - # define EVP_camellia_256_cfb EVP_camellia_256_cfb128 - const EVP_CIPHER *EVP_camellia_256_ofb(void); --const EVP_CIPHER *EVP_camellia_256_ctr(void); --# endif --# ifndef OPENSSL_NO_CHACHA --const EVP_CIPHER *EVP_chacha20(void); --# ifndef OPENSSL_NO_POLY1305 --const EVP_CIPHER *EVP_chacha20_poly1305(void); --# endif - # endif - - # ifndef OPENSSL_NO_SEED -@@ -838,39 +904,29 @@ const EVP_CIPHER *EVP_seed_cfb128(void); - const EVP_CIPHER *EVP_seed_ofb(void); - # endif - --# if OPENSSL_API_COMPAT < 0x10100000L --# define OPENSSL_add_all_algorithms_conf() \ -- OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ -- | OPENSSL_INIT_ADD_ALL_DIGESTS \ -- | OPENSSL_INIT_LOAD_CONFIG, NULL) --# define OPENSSL_add_all_algorithms_noconf() \ -- OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ -- | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL) -- --# ifdef OPENSSL_LOAD_CONF --# define OpenSSL_add_all_algorithms() \ -- OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ -- | OPENSSL_INIT_ADD_ALL_DIGESTS \ -- | OPENSSL_INIT_LOAD_CONFIG, NULL) --# else --# define OpenSSL_add_all_algorithms() \ -- OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ -- | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL) --# endif -- --# define OpenSSL_add_all_ciphers() \ -- OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL) --# define OpenSSL_add_all_digests() \ -- OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL) -+void OPENSSL_add_all_algorithms_noconf(void); -+void OPENSSL_add_all_algorithms_conf(void); - --# define EVP_cleanup() while(0) continue -+# ifdef OPENSSL_LOAD_CONF -+# define OpenSSL_add_all_algorithms() \ -+ OPENSSL_add_all_algorithms_conf() -+# else -+# define OpenSSL_add_all_algorithms() \ -+ OPENSSL_add_all_algorithms_noconf() - # endif - -+void OpenSSL_add_all_ciphers(void); -+void OpenSSL_add_all_digests(void); -+# define SSLeay_add_all_algorithms() OpenSSL_add_all_algorithms() -+# define SSLeay_add_all_ciphers() OpenSSL_add_all_ciphers() -+# define SSLeay_add_all_digests() OpenSSL_add_all_digests() -+ - int EVP_add_cipher(const EVP_CIPHER *cipher); - int EVP_add_digest(const EVP_MD *digest); - - const EVP_CIPHER *EVP_get_cipherbyname(const char *name); - const EVP_MD *EVP_get_digestbyname(const char *name); -+void EVP_cleanup(void); - - void EVP_CIPHER_do_all(void (*fn) (const EVP_CIPHER *ciph, - const char *from, const char *to, void *x), -@@ -895,42 +951,35 @@ int EVP_PKEY_encrypt_old(unsigned char *enc_key, - int EVP_PKEY_type(int type); - int EVP_PKEY_id(const EVP_PKEY *pkey); - int EVP_PKEY_base_id(const EVP_PKEY *pkey); --int EVP_PKEY_bits(const EVP_PKEY *pkey); --int EVP_PKEY_security_bits(const EVP_PKEY *pkey); -+int EVP_PKEY_bits(EVP_PKEY *pkey); - int EVP_PKEY_size(EVP_PKEY *pkey); - int EVP_PKEY_set_type(EVP_PKEY *pkey, int type); - int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len); - int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key); --void *EVP_PKEY_get0(const EVP_PKEY *pkey); --const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len); -+void *EVP_PKEY_get0(EVP_PKEY *pkey); - - # ifndef OPENSSL_NO_RSA - struct rsa_st; - int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, struct rsa_st *key); --struct rsa_st *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); - struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey); - # endif - # ifndef OPENSSL_NO_DSA - struct dsa_st; - int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, struct dsa_st *key); --struct dsa_st *EVP_PKEY_get0_DSA(EVP_PKEY *pkey); - struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey); - # endif - # ifndef OPENSSL_NO_DH - struct dh_st; - int EVP_PKEY_set1_DH(EVP_PKEY *pkey, struct dh_st *key); --struct dh_st *EVP_PKEY_get0_DH(EVP_PKEY *pkey); - struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey); - # endif - # ifndef OPENSSL_NO_EC - struct ec_key_st; - int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key); --struct ec_key_st *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey); - struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); - # endif - - EVP_PKEY *EVP_PKEY_new(void); --int EVP_PKEY_up_ref(EVP_PKEY *pkey); - void EVP_PKEY_free(EVP_PKEY *pkey); - - EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, -@@ -959,10 +1008,6 @@ int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, - - int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid); - --int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *pkey, -- const unsigned char *pt, size_t ptlen); --size_t EVP_PKEY_get1_tls_encodedpoint(EVP_PKEY *pkey, unsigned char **ppt); -- - int EVP_CIPHER_type(const EVP_CIPHER *ctx); - - /* calls methods */ -@@ -987,17 +1032,6 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *cipher, - const EVP_MD *md, int en_de); - --#ifndef OPENSSL_NO_SCRYPT --int EVP_PBE_scrypt(const char *pass, size_t passlen, -- const unsigned char *salt, size_t saltlen, -- uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, -- unsigned char *key, size_t keylen); -- --int PKCS5_v2_scrypt_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, -- int passlen, ASN1_TYPE *param, -- const EVP_CIPHER *c, const EVP_MD *md, int en_de); --#endif -- - void PKCS5_PBE_add(void); - - int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, -@@ -1009,8 +1043,6 @@ int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, - # define EVP_PBE_TYPE_OUTER 0x0 - /* Is an PRF type OID */ - # define EVP_PBE_TYPE_PRF 0x1 --/* Is a PKCS#5 v2.0 KDF */ --# define EVP_PBE_TYPE_KDF 0x2 - - int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, - int md_nid, EVP_PBE_KEYGEN *keygen); -@@ -1019,7 +1051,6 @@ int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, - int EVP_PBE_find(int type, int pbe_nid, int *pcnid, int *pmnid, - EVP_PBE_KEYGEN **pkeygen); - void EVP_PBE_cleanup(void); --int EVP_PBE_get(int *ptype, int *ppbe_nid, size_t num); - - # define ASN1_PKEY_ALIAS 0x1 - # define ASN1_PKEY_DYNAMIC 0x2 -@@ -1032,9 +1063,6 @@ int EVP_PBE_get(int *ptype, int *ppbe_nid, size_t num); - # define ASN1_PKEY_CTRL_CMS_ENVELOPE 0x7 - # define ASN1_PKEY_CTRL_CMS_RI_TYPE 0x8 - --# define ASN1_PKEY_CTRL_SET1_TLS_ENCPT 0x9 --# define ASN1_PKEY_CTRL_GET1_TLS_ENCPT 0xa -- - int EVP_PKEY_asn1_get_count(void); - const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx); - const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type); -@@ -1047,7 +1075,7 @@ int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id, - const char **ppem_str, - const EVP_PKEY_ASN1_METHOD *ameth); - --const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey); -+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(EVP_PKEY *pkey); - EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags, - const char *pem_str, - const char *info); -@@ -1068,7 +1096,7 @@ void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth, - int (*pkey_bits) (const EVP_PKEY *pk)); - void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth, - int (*priv_decode) (EVP_PKEY *pk, -- const PKCS8_PRIV_KEY_INFO -+ PKCS8_PRIV_KEY_INFO - *p8inf), - int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, - const EVP_PKEY *pk), -@@ -1111,10 +1139,6 @@ void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth, - X509_ALGOR *alg2, - ASN1_BIT_STRING *sig)); - --void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, -- int (*pkey_security_bits) (const EVP_PKEY -- *pk)); -- - # define EVP_PKEY_OP_UNDEFINED 0 - # define EVP_PKEY_OP_PARAMGEN (1<<1) - # define EVP_PKEY_OP_KEYGEN (1<<2) -@@ -1135,7 +1159,7 @@ void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, - (EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT) - - # define EVP_PKEY_OP_TYPE_NOGEN \ -- (EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_DERIVE) -+ (EVP_PKEY_OP_SIG | EVP_PKEY_OP_CRYPT | EVP_PKEY_OP_DERIVE) - - # define EVP_PKEY_OP_TYPE_GEN \ - (EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN) -@@ -1148,10 +1172,6 @@ void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, - EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, \ - EVP_PKEY_CTRL_GET_MD, 0, (void *)pmd) - --# define EVP_PKEY_CTX_set_mac_key(ctx, key, len) \ -- EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_KEYGEN, \ -- EVP_PKEY_CTRL_SET_MAC_KEY, len, (void *)key) -- - # define EVP_PKEY_CTRL_MD 1 - # define EVP_PKEY_CTRL_PEER_KEY 2 - -@@ -1201,9 +1221,6 @@ int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, - int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, - const char *value); - --int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *str); --int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hex); -- - int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx); - void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen); - -@@ -1244,7 +1261,7 @@ int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx); - int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer); - int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); - --typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx); -+typedef int EVP_PKEY_gen_cb (EVP_PKEY_CTX *ctx); - - int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx); - int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); -@@ -1348,98 +1365,6 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, - const char *type, - const char *value)); - --void EVP_PKEY_meth_get_init(EVP_PKEY_METHOD *pmeth, -- int (**pinit) (EVP_PKEY_CTX *ctx)); -- --void EVP_PKEY_meth_get_copy(EVP_PKEY_METHOD *pmeth, -- int (**pcopy) (EVP_PKEY_CTX *dst, -- EVP_PKEY_CTX *src)); -- --void EVP_PKEY_meth_get_cleanup(EVP_PKEY_METHOD *pmeth, -- void (**pcleanup) (EVP_PKEY_CTX *ctx)); -- --void EVP_PKEY_meth_get_paramgen(EVP_PKEY_METHOD *pmeth, -- int (**pparamgen_init) (EVP_PKEY_CTX *ctx), -- int (**pparamgen) (EVP_PKEY_CTX *ctx, -- EVP_PKEY *pkey)); -- --void EVP_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth, -- int (**pkeygen_init) (EVP_PKEY_CTX *ctx), -- int (**pkeygen) (EVP_PKEY_CTX *ctx, -- EVP_PKEY *pkey)); -- --void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth, -- int (**psign_init) (EVP_PKEY_CTX *ctx), -- int (**psign) (EVP_PKEY_CTX *ctx, -- unsigned char *sig, size_t *siglen, -- const unsigned char *tbs, -- size_t tbslen)); -- --void EVP_PKEY_meth_get_verify(EVP_PKEY_METHOD *pmeth, -- int (**pverify_init) (EVP_PKEY_CTX *ctx), -- int (**pverify) (EVP_PKEY_CTX *ctx, -- const unsigned char *sig, -- size_t siglen, -- const unsigned char *tbs, -- size_t tbslen)); -- --void EVP_PKEY_meth_get_verify_recover(EVP_PKEY_METHOD *pmeth, -- int (**pverify_recover_init) (EVP_PKEY_CTX -- *ctx), -- int (**pverify_recover) (EVP_PKEY_CTX -- *ctx, -- unsigned char -- *sig, -- size_t *siglen, -- const unsigned -- char *tbs, -- size_t tbslen)); -- --void EVP_PKEY_meth_get_signctx(EVP_PKEY_METHOD *pmeth, -- int (**psignctx_init) (EVP_PKEY_CTX *ctx, -- EVP_MD_CTX *mctx), -- int (**psignctx) (EVP_PKEY_CTX *ctx, -- unsigned char *sig, -- size_t *siglen, -- EVP_MD_CTX *mctx)); -- --void EVP_PKEY_meth_get_verifyctx(EVP_PKEY_METHOD *pmeth, -- int (**pverifyctx_init) (EVP_PKEY_CTX *ctx, -- EVP_MD_CTX *mctx), -- int (**pverifyctx) (EVP_PKEY_CTX *ctx, -- const unsigned char *sig, -- int siglen, -- EVP_MD_CTX *mctx)); -- --void EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *pmeth, -- int (**pencrypt_init) (EVP_PKEY_CTX *ctx), -- int (**pencryptfn) (EVP_PKEY_CTX *ctx, -- unsigned char *out, -- size_t *outlen, -- const unsigned char *in, -- size_t inlen)); -- --void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth, -- int (**pdecrypt_init) (EVP_PKEY_CTX *ctx), -- int (**pdecrypt) (EVP_PKEY_CTX *ctx, -- unsigned char *out, -- size_t *outlen, -- const unsigned char *in, -- size_t inlen)); -- --void EVP_PKEY_meth_get_derive(EVP_PKEY_METHOD *pmeth, -- int (**pderive_init) (EVP_PKEY_CTX *ctx), -- int (**pderive) (EVP_PKEY_CTX *ctx, -- unsigned char *key, -- size_t *keylen)); -- --void EVP_PKEY_meth_get_ctrl(EVP_PKEY_METHOD *pmeth, -- int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1, -- void *p2), -- int (**pctrl_str) (EVP_PKEY_CTX *ctx, -- const char *type, -- const char *value)); -- - void EVP_add_alg_module(void); - - /* BEGIN ERROR CODES */ -@@ -1448,40 +1373,43 @@ void EVP_add_alg_module(void); - * made after this point may be overwritten when the script is next run. - */ - --int ERR_load_EVP_strings(void); -+void ERR_load_EVP_strings(void); - - /* Error codes for the EVP functions. */ - - /* Function codes. */ - # define EVP_F_AESNI_INIT_KEY 165 -+# define EVP_F_AESNI_XTS_CIPHER 176 - # define EVP_F_AES_INIT_KEY 133 --# define EVP_F_AES_OCB_CIPHER 169 - # define EVP_F_AES_T4_INIT_KEY 178 --# define EVP_F_AES_WRAP_CIPHER 170 -+# define EVP_F_AES_XTS 172 -+# define EVP_F_AES_XTS_CIPHER 175 - # define EVP_F_ALG_MODULE_INIT 177 - # define EVP_F_CAMELLIA_INIT_KEY 159 --# define EVP_F_CHACHA20_POLY1305_CTRL 182 -+# define EVP_F_CMAC_INIT 173 - # define EVP_F_CMLL_T4_INIT_KEY 179 --# define EVP_F_DES_EDE3_WRAP_CIPHER 171 -+# define EVP_F_D2I_PKEY 100 - # define EVP_F_DO_SIGVER_INIT 161 -+# define EVP_F_DSAPKEY2PKCS8 134 -+# define EVP_F_DSA_PKEY2PKCS8 135 -+# define EVP_F_ECDSA_PKEY2PKCS8 129 -+# define EVP_F_ECKEY_PKEY2PKCS8 132 - # define EVP_F_EVP_CIPHERINIT_EX 123 - # define EVP_F_EVP_CIPHER_CTX_COPY 163 - # define EVP_F_EVP_CIPHER_CTX_CTRL 124 - # define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 - # define EVP_F_EVP_DECRYPTFINAL_EX 101 --# define EVP_F_EVP_DECRYPTUPDATE 166 - # define EVP_F_EVP_DIGESTINIT_EX 128 - # define EVP_F_EVP_ENCRYPTFINAL_EX 127 --# define EVP_F_EVP_ENCRYPTUPDATE 167 - # define EVP_F_EVP_MD_CTX_COPY_EX 110 - # define EVP_F_EVP_MD_SIZE 162 - # define EVP_F_EVP_OPENINIT 102 - # define EVP_F_EVP_PBE_ALG_ADD 115 - # define EVP_F_EVP_PBE_ALG_ADD_TYPE 160 - # define EVP_F_EVP_PBE_CIPHERINIT 116 --# define EVP_F_EVP_PBE_SCRYPT 181 - # define EVP_F_EVP_PKCS82PKEY 111 --# define EVP_F_EVP_PKEY2PKCS8 113 -+# define EVP_F_EVP_PKCS82PKEY_BROKEN 136 -+# define EVP_F_EVP_PKEY2PKCS8_BROKEN 113 - # define EVP_F_EVP_PKEY_COPY_PARAMETERS 103 - # define EVP_F_EVP_PKEY_CTX_CTRL 137 - # define EVP_F_EVP_PKEY_CTX_CTRL_STR 150 -@@ -1495,11 +1423,11 @@ int ERR_load_EVP_strings(void); - # define EVP_F_EVP_PKEY_ENCRYPT 105 - # define EVP_F_EVP_PKEY_ENCRYPT_INIT 139 - # define EVP_F_EVP_PKEY_ENCRYPT_OLD 152 --# define EVP_F_EVP_PKEY_GET0_DH 119 --# define EVP_F_EVP_PKEY_GET0_DSA 120 --# define EVP_F_EVP_PKEY_GET0_EC_KEY 131 --# define EVP_F_EVP_PKEY_GET0_HMAC 183 --# define EVP_F_EVP_PKEY_GET0_RSA 121 -+# define EVP_F_EVP_PKEY_GET1_DH 119 -+# define EVP_F_EVP_PKEY_GET1_DSA 120 -+# define EVP_F_EVP_PKEY_GET1_ECDSA 130 -+# define EVP_F_EVP_PKEY_GET1_EC_KEY 131 -+# define EVP_F_EVP_PKEY_GET1_RSA 121 - # define EVP_F_EVP_PKEY_KEYGEN 146 - # define EVP_F_EVP_PKEY_KEYGEN_INIT 147 - # define EVP_F_EVP_PKEY_NEW 106 -@@ -1511,78 +1439,98 @@ int ERR_load_EVP_strings(void); - # define EVP_F_EVP_PKEY_VERIFY_INIT 143 - # define EVP_F_EVP_PKEY_VERIFY_RECOVER 144 - # define EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT 145 -+# define EVP_F_EVP_RIJNDAEL 126 - # define EVP_F_EVP_SIGNFINAL 107 - # define EVP_F_EVP_VERIFYFINAL 108 -+# define EVP_F_FIPS_CIPHERINIT 166 -+# define EVP_F_FIPS_CIPHER_CTX_COPY 170 -+# define EVP_F_FIPS_CIPHER_CTX_CTRL 167 -+# define EVP_F_FIPS_CIPHER_CTX_SET_KEY_LENGTH 171 -+# define EVP_F_FIPS_DIGESTINIT 168 -+# define EVP_F_FIPS_MD_CTX_COPY 169 -+# define EVP_F_HMAC_INIT_EX 174 - # define EVP_F_INT_CTX_NEW 157 - # define EVP_F_PKCS5_PBE_KEYIVGEN 117 - # define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 - # define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 164 --# define EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN 180 -+# define EVP_F_PKCS8_SET_BROKEN 112 - # define EVP_F_PKEY_SET_TYPE 158 - # define EVP_F_RC2_MAGIC_TO_METH 109 - # define EVP_F_RC5_CTRL 125 - - /* Reason codes. */ -+# define EVP_R_AES_IV_SETUP_FAILED 162 - # define EVP_R_AES_KEY_SETUP_FAILED 143 -+# define EVP_R_ASN1_LIB 140 -+# define EVP_R_BAD_BLOCK_LENGTH 136 - # define EVP_R_BAD_DECRYPT 100 -+# define EVP_R_BAD_KEY_LENGTH 137 -+# define EVP_R_BN_DECODE_ERROR 112 -+# define EVP_R_BN_PUBKEY_ERROR 113 - # define EVP_R_BUFFER_TOO_SMALL 155 - # define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157 - # define EVP_R_CIPHER_PARAMETER_ERROR 122 - # define EVP_R_COMMAND_NOT_SUPPORTED 147 --# define EVP_R_COPY_ERROR 173 - # define EVP_R_CTRL_NOT_IMPLEMENTED 132 - # define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 - # define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 - # define EVP_R_DECODE_ERROR 114 - # define EVP_R_DIFFERENT_KEY_TYPES 101 - # define EVP_R_DIFFERENT_PARAMETERS 153 -+# define EVP_R_DISABLED_FOR_FIPS 163 -+# define EVP_R_ENCODE_ERROR 115 - # define EVP_R_ERROR_LOADING_SECTION 165 - # define EVP_R_ERROR_SETTING_FIPS_MODE 166 --# define EVP_R_EXPECTING_AN_HMAC_KEY 174 -+# define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 - # define EVP_R_EXPECTING_AN_RSA_KEY 127 - # define EVP_R_EXPECTING_A_DH_KEY 128 - # define EVP_R_EXPECTING_A_DSA_KEY 129 -+# define EVP_R_EXPECTING_A_ECDSA_KEY 141 - # define EVP_R_EXPECTING_A_EC_KEY 142 - # define EVP_R_FIPS_MODE_NOT_SUPPORTED 167 --# define EVP_R_ILLEGAL_SCRYPT_PARAMETERS 171 - # define EVP_R_INITIALIZATION_ERROR 134 - # define EVP_R_INPUT_NOT_INITIALIZED 111 - # define EVP_R_INVALID_DIGEST 152 - # define EVP_R_INVALID_FIPS_MODE 168 --# define EVP_R_INVALID_KEY 163 -+# define EVP_R_INVALID_KEY 171 - # define EVP_R_INVALID_KEY_LENGTH 130 - # define EVP_R_INVALID_OPERATION 148 -+# define EVP_R_IV_TOO_LARGE 102 - # define EVP_R_KEYGEN_FAILURE 120 --# define EVP_R_MEMORY_LIMIT_EXCEEDED 172 - # define EVP_R_MESSAGE_DIGEST_IS_NULL 159 - # define EVP_R_METHOD_NOT_SUPPORTED 144 - # define EVP_R_MISSING_PARAMETERS 103 - # define EVP_R_NO_CIPHER_SET 131 - # define EVP_R_NO_DEFAULT_DIGEST 158 - # define EVP_R_NO_DIGEST_SET 139 -+# define EVP_R_NO_DSA_PARAMETERS 116 - # define EVP_R_NO_KEY_SET 154 - # define EVP_R_NO_OPERATION_SET 149 -+# define EVP_R_NO_SIGN_FUNCTION_CONFIGURED 104 -+# define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105 - # define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 - # define EVP_R_OPERATON_NOT_INITIALIZED 151 --# define EVP_R_PARTIALLY_OVERLAPPING 162 -+# define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE 117 - # define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 - # define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 - # define EVP_R_PUBLIC_KEY_NOT_RSA 106 -+# define EVP_R_TOO_LARGE 164 - # define EVP_R_UNKNOWN_CIPHER 160 - # define EVP_R_UNKNOWN_DIGEST 161 - # define EVP_R_UNKNOWN_OPTION 169 - # define EVP_R_UNKNOWN_PBE_ALGORITHM 121 -+# define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS 135 - # define EVP_R_UNSUPPORTED_ALGORITHM 156 - # define EVP_R_UNSUPPORTED_CIPHER 107 - # define EVP_R_UNSUPPORTED_KEYLENGTH 123 - # define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION 124 - # define EVP_R_UNSUPPORTED_KEY_SIZE 108 --# define EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS 135 - # define EVP_R_UNSUPPORTED_PRF 125 - # define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 118 - # define EVP_R_UNSUPPORTED_SALT_TYPE 126 - # define EVP_R_WRAP_MODE_NOT_ALLOWED 170 - # define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 -+# define EVP_R_WRONG_PUBLIC_KEY_TYPE 110 - - # ifdef __cplusplus - } -diff --git a/Cryptlib/Include/openssl/hmac.h b/Cryptlib/Include/openssl/hmac.h -index 9f06896..b8b55cd 100644 ---- a/Cryptlib/Include/openssl/hmac.h -+++ b/Cryptlib/Include/openssl/hmac.h -@@ -1,17 +1,69 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/hmac/hmac.h */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ -- - #ifndef HEADER_HMAC_H - # define HEADER_HMAC_H - - # include - -+# ifdef OPENSSL_NO_HMAC -+# error HMAC is disabled. -+# endif -+ - # include - - # define HMAC_MAX_MD_CBLOCK 128/* largest known is SHA512 */ -@@ -20,27 +72,35 @@ - extern "C" { - #endif - --size_t HMAC_size(const HMAC_CTX *e); --HMAC_CTX *HMAC_CTX_new(void); --int HMAC_CTX_reset(HMAC_CTX *ctx); --void HMAC_CTX_free(HMAC_CTX *ctx); -+typedef struct hmac_ctx_st { -+ const EVP_MD *md; -+ EVP_MD_CTX md_ctx; -+ EVP_MD_CTX i_ctx; -+ EVP_MD_CTX o_ctx; -+ unsigned int key_length; -+ unsigned char key[HMAC_MAX_MD_CBLOCK]; -+} HMAC_CTX; -+ -+# define HMAC_size(e) (EVP_MD_size((e)->md)) -+ -+void HMAC_CTX_init(HMAC_CTX *ctx); -+void HMAC_CTX_cleanup(HMAC_CTX *ctx); - --DEPRECATEDIN_1_1_0(__owur int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, -- const EVP_MD *md)) -+/* deprecated */ -+# define HMAC_cleanup(ctx) HMAC_CTX_cleanup(ctx) - --/*__owur*/ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, -- const EVP_MD *md, ENGINE *impl); --/*__owur*/ int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, -- size_t len); --/*__owur*/ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, -- unsigned int *len); -+/* deprecated */ -+int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md); -+int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, -+ const EVP_MD *md, ENGINE *impl); -+int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len); -+int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); - unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, - const unsigned char *d, size_t n, unsigned char *md, - unsigned int *md_len); --__owur int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx); -+int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx); - - void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags); --const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx); - - #ifdef __cplusplus - } -diff --git a/Cryptlib/Include/openssl/idea.h b/Cryptlib/Include/openssl/idea.h -index 4334f3e..6075984 100644 ---- a/Cryptlib/Include/openssl/idea.h -+++ b/Cryptlib/Include/openssl/idea.h -@@ -1,64 +1,105 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/idea/idea.h */ -+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #ifndef HEADER_IDEA_H - # define HEADER_IDEA_H - --# include -+# include /* IDEA_INT, OPENSSL_NO_IDEA */ - --# ifndef OPENSSL_NO_IDEA --# ifdef __cplusplus --extern "C" { -+# ifdef OPENSSL_NO_IDEA -+# error IDEA is disabled. - # endif - --typedef unsigned int IDEA_INT; -- - # define IDEA_ENCRYPT 1 - # define IDEA_DECRYPT 0 - - # define IDEA_BLOCK 8 - # define IDEA_KEY_LENGTH 16 - -+#ifdef __cplusplus -+extern "C" { -+#endif -+ - typedef struct idea_key_st { - IDEA_INT data[9][6]; - } IDEA_KEY_SCHEDULE; - --const char *IDEA_options(void); --void IDEA_ecb_encrypt(const unsigned char *in, unsigned char *out, -+const char *idea_options(void); -+void idea_ecb_encrypt(const unsigned char *in, unsigned char *out, - IDEA_KEY_SCHEDULE *ks); --void IDEA_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks); --void IDEA_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk); --void IDEA_cbc_encrypt(const unsigned char *in, unsigned char *out, -+# ifdef OPENSSL_FIPS -+void private_idea_set_encrypt_key(const unsigned char *key, -+ IDEA_KEY_SCHEDULE *ks); -+# endif -+void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks); -+void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk); -+void idea_cbc_encrypt(const unsigned char *in, unsigned char *out, - long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, - int enc); --void IDEA_cfb64_encrypt(const unsigned char *in, unsigned char *out, -+void idea_cfb64_encrypt(const unsigned char *in, unsigned char *out, - long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, - int *num, int enc); --void IDEA_ofb64_encrypt(const unsigned char *in, unsigned char *out, -+void idea_ofb64_encrypt(const unsigned char *in, unsigned char *out, - long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, - int *num); --void IDEA_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks); -- --# if OPENSSL_API_COMPAT < 0x10100000L --# define idea_options IDEA_options --# define idea_ecb_encrypt IDEA_ecb_encrypt --# define idea_set_encrypt_key IDEA_set_encrypt_key --# define idea_set_decrypt_key IDEA_set_decrypt_key --# define idea_cbc_encrypt IDEA_cbc_encrypt --# define idea_cfb64_encrypt IDEA_cfb64_encrypt --# define idea_ofb64_encrypt IDEA_ofb64_encrypt --# define idea_encrypt IDEA_encrypt --# endif -- --# ifdef __cplusplus -+void idea_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks); -+#ifdef __cplusplus - } --# endif --# endif -+#endif - - #endif -diff --git a/Cryptlib/Include/openssl/kdf.h b/Cryptlib/Include/openssl/kdf.h -deleted file mode 100644 -index 9f87f78..0000000 ---- a/Cryptlib/Include/openssl/kdf.h -+++ /dev/null -@@ -1,75 +0,0 @@ --/* -- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#ifndef HEADER_KDF_H --# define HEADER_KDF_H -- --#ifdef __cplusplus --extern "C" { --#endif -- --# define EVP_PKEY_CTRL_TLS_MD (EVP_PKEY_ALG_CTRL) --# define EVP_PKEY_CTRL_TLS_SECRET (EVP_PKEY_ALG_CTRL + 1) --# define EVP_PKEY_CTRL_TLS_SEED (EVP_PKEY_ALG_CTRL + 2) --# define EVP_PKEY_CTRL_HKDF_MD (EVP_PKEY_ALG_CTRL + 3) --# define EVP_PKEY_CTRL_HKDF_SALT (EVP_PKEY_ALG_CTRL + 4) --# define EVP_PKEY_CTRL_HKDF_KEY (EVP_PKEY_ALG_CTRL + 5) --# define EVP_PKEY_CTRL_HKDF_INFO (EVP_PKEY_ALG_CTRL + 6) -- --# define EVP_PKEY_CTX_set_tls1_prf_md(pctx, md) \ -- EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ -- EVP_PKEY_CTRL_TLS_MD, 0, (void *)md) -- --# define EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, sec, seclen) \ -- EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ -- EVP_PKEY_CTRL_TLS_SECRET, seclen, (void *)sec) -- --# define EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed, seedlen) \ -- EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ -- EVP_PKEY_CTRL_TLS_SEED, seedlen, (void *)seed) -- --# define EVP_PKEY_CTX_set_hkdf_md(pctx, md) \ -- EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ -- EVP_PKEY_CTRL_HKDF_MD, 0, (void *)md) -- --# define EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, saltlen) \ -- EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ -- EVP_PKEY_CTRL_HKDF_SALT, saltlen, (void *)salt) -- --# define EVP_PKEY_CTX_set1_hkdf_key(pctx, key, keylen) \ -- EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ -- EVP_PKEY_CTRL_HKDF_KEY, keylen, (void *)key) -- --# define EVP_PKEY_CTX_add1_hkdf_info(pctx, info, infolen) \ -- EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ -- EVP_PKEY_CTRL_HKDF_INFO, infolen, (void *)info) -- --/* BEGIN ERROR CODES */ --/* -- * The following lines are auto generated by the script mkerr.pl. Any changes -- * made after this point may be overwritten when the script is next run. -- */ -- --int ERR_load_KDF_strings(void); -- --/* Error codes for the KDF functions. */ -- --/* Function codes. */ --# define KDF_F_PKEY_TLS1_PRF_CTRL_STR 100 --# define KDF_F_PKEY_TLS1_PRF_DERIVE 101 -- --/* Reason codes. */ --# define KDF_R_INVALID_DIGEST 100 --# define KDF_R_MISSING_PARAMETER 101 --# define KDF_R_VALUE_MISSING 102 -- --# ifdef __cplusplus --} --# endif --#endif -diff --git a/Cryptlib/Include/openssl/krb5_asn.h b/Cryptlib/Include/openssl/krb5_asn.h -new file mode 100644 -index 0000000..9cf5a26 ---- /dev/null -+++ b/Cryptlib/Include/openssl/krb5_asn.h -@@ -0,0 +1,240 @@ -+/* krb5_asn.h */ -+/* -+ * Written by Vern Staats for the OpenSSL project, ** -+ * using ocsp/{*.h,*asn*.c} as a starting point -+ */ -+ -+/* ==================================================================== -+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+#ifndef HEADER_KRB5_ASN_H -+# define HEADER_KRB5_ASN_H -+ -+/* -+ * #include -+ */ -+# include -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+/* -+ * ASN.1 from Kerberos RFC 1510 -+ */ -+ -+/*- EncryptedData ::= SEQUENCE { -+ * etype[0] INTEGER, -- EncryptionType -+ * kvno[1] INTEGER OPTIONAL, -+ * cipher[2] OCTET STRING -- ciphertext -+ * } -+ */ -+typedef struct krb5_encdata_st { -+ ASN1_INTEGER *etype; -+ ASN1_INTEGER *kvno; -+ ASN1_OCTET_STRING *cipher; -+} KRB5_ENCDATA; -+ -+DECLARE_STACK_OF(KRB5_ENCDATA) -+ -+/*- PrincipalName ::= SEQUENCE { -+ * name-type[0] INTEGER, -+ * name-string[1] SEQUENCE OF GeneralString -+ * } -+ */ -+typedef struct krb5_princname_st { -+ ASN1_INTEGER *nametype; -+ STACK_OF(ASN1_GENERALSTRING) *namestring; -+} KRB5_PRINCNAME; -+ -+DECLARE_STACK_OF(KRB5_PRINCNAME) -+ -+/*- Ticket ::= [APPLICATION 1] SEQUENCE { -+ * tkt-vno[0] INTEGER, -+ * realm[1] Realm, -+ * sname[2] PrincipalName, -+ * enc-part[3] EncryptedData -+ * } -+ */ -+typedef struct krb5_tktbody_st { -+ ASN1_INTEGER *tktvno; -+ ASN1_GENERALSTRING *realm; -+ KRB5_PRINCNAME *sname; -+ KRB5_ENCDATA *encdata; -+} KRB5_TKTBODY; -+ -+typedef STACK_OF(KRB5_TKTBODY) KRB5_TICKET; -+DECLARE_STACK_OF(KRB5_TKTBODY) -+ -+/*- AP-REQ ::= [APPLICATION 14] SEQUENCE { -+ * pvno[0] INTEGER, -+ * msg-type[1] INTEGER, -+ * ap-options[2] APOptions, -+ * ticket[3] Ticket, -+ * authenticator[4] EncryptedData -+ * } -+ * -+ * APOptions ::= BIT STRING { -+ * reserved(0), use-session-key(1), mutual-required(2) } -+ */ -+typedef struct krb5_ap_req_st { -+ ASN1_INTEGER *pvno; -+ ASN1_INTEGER *msgtype; -+ ASN1_BIT_STRING *apoptions; -+ KRB5_TICKET *ticket; -+ KRB5_ENCDATA *authenticator; -+} KRB5_APREQBODY; -+ -+typedef STACK_OF(KRB5_APREQBODY) KRB5_APREQ; -+DECLARE_STACK_OF(KRB5_APREQBODY) -+ -+/* Authenticator Stuff */ -+ -+/*- Checksum ::= SEQUENCE { -+ * cksumtype[0] INTEGER, -+ * checksum[1] OCTET STRING -+ * } -+ */ -+typedef struct krb5_checksum_st { -+ ASN1_INTEGER *ctype; -+ ASN1_OCTET_STRING *checksum; -+} KRB5_CHECKSUM; -+ -+DECLARE_STACK_OF(KRB5_CHECKSUM) -+ -+/*- EncryptionKey ::= SEQUENCE { -+ * keytype[0] INTEGER, -+ * keyvalue[1] OCTET STRING -+ * } -+ */ -+typedef struct krb5_encryptionkey_st { -+ ASN1_INTEGER *ktype; -+ ASN1_OCTET_STRING *keyvalue; -+} KRB5_ENCKEY; -+ -+DECLARE_STACK_OF(KRB5_ENCKEY) -+ -+/*- AuthorizationData ::= SEQUENCE OF SEQUENCE { -+ * ad-type[0] INTEGER, -+ * ad-data[1] OCTET STRING -+ * } -+ */ -+typedef struct krb5_authorization_st { -+ ASN1_INTEGER *adtype; -+ ASN1_OCTET_STRING *addata; -+} KRB5_AUTHDATA; -+ -+DECLARE_STACK_OF(KRB5_AUTHDATA) -+ -+/*- -- Unencrypted authenticator -+ * Authenticator ::= [APPLICATION 2] SEQUENCE { -+ * authenticator-vno[0] INTEGER, -+ * crealm[1] Realm, -+ * cname[2] PrincipalName, -+ * cksum[3] Checksum OPTIONAL, -+ * cusec[4] INTEGER, -+ * ctime[5] KerberosTime, -+ * subkey[6] EncryptionKey OPTIONAL, -+ * seq-number[7] INTEGER OPTIONAL, -+ * authorization-data[8] AuthorizationData OPTIONAL -+ * } -+ */ -+typedef struct krb5_authenticator_st { -+ ASN1_INTEGER *avno; -+ ASN1_GENERALSTRING *crealm; -+ KRB5_PRINCNAME *cname; -+ KRB5_CHECKSUM *cksum; -+ ASN1_INTEGER *cusec; -+ ASN1_GENERALIZEDTIME *ctime; -+ KRB5_ENCKEY *subkey; -+ ASN1_INTEGER *seqnum; -+ KRB5_AUTHDATA *authorization; -+} KRB5_AUTHENTBODY; -+ -+typedef STACK_OF(KRB5_AUTHENTBODY) KRB5_AUTHENT; -+DECLARE_STACK_OF(KRB5_AUTHENTBODY) -+ -+/*- DECLARE_ASN1_FUNCTIONS(type) = DECLARE_ASN1_FUNCTIONS_name(type, type) = -+ * type *name##_new(void); -+ * void name##_free(type *a); -+ * DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) = -+ * DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) = -+ * type *d2i_##name(type **a, const unsigned char **in, long len); -+ * int i2d_##name(type *a, unsigned char **out); -+ * DECLARE_ASN1_ITEM(itname) = OPENSSL_EXTERN const ASN1_ITEM itname##_it -+ */ -+ -+DECLARE_ASN1_FUNCTIONS(KRB5_ENCDATA) -+DECLARE_ASN1_FUNCTIONS(KRB5_PRINCNAME) -+DECLARE_ASN1_FUNCTIONS(KRB5_TKTBODY) -+DECLARE_ASN1_FUNCTIONS(KRB5_APREQBODY) -+DECLARE_ASN1_FUNCTIONS(KRB5_TICKET) -+DECLARE_ASN1_FUNCTIONS(KRB5_APREQ) -+ -+DECLARE_ASN1_FUNCTIONS(KRB5_CHECKSUM) -+DECLARE_ASN1_FUNCTIONS(KRB5_ENCKEY) -+DECLARE_ASN1_FUNCTIONS(KRB5_AUTHDATA) -+DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENTBODY) -+DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENT) -+ -+/* BEGIN ERROR CODES */ -+/* -+ * The following lines are auto generated by the script mkerr.pl. Any changes -+ * made after this point may be overwritten when the script is next run. -+ */ -+ -+#ifdef __cplusplus -+} -+#endif -+#endif -diff --git a/Cryptlib/Include/openssl/kssl.h b/Cryptlib/Include/openssl/kssl.h -new file mode 100644 -index 0000000..ae8a51f ---- /dev/null -+++ b/Cryptlib/Include/openssl/kssl.h -@@ -0,0 +1,197 @@ -+/* ssl/kssl.h */ -+/* -+ * Written by Vern Staats for the OpenSSL project -+ * 2000. project 2000. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+/* -+ ** 19990701 VRS Started. -+ */ -+ -+#ifndef KSSL_H -+# define KSSL_H -+ -+# include -+ -+# ifndef OPENSSL_NO_KRB5 -+ -+# include -+# include -+# include -+# ifdef OPENSSL_SYS_WIN32 -+/* -+ * These can sometimes get redefined indirectly by krb5 header files after -+ * they get undefed in ossl_typ.h -+ */ -+# undef X509_NAME -+# undef X509_EXTENSIONS -+# undef OCSP_REQUEST -+# undef OCSP_RESPONSE -+# endif -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+/* -+ * Depending on which KRB5 implementation used, some types from -+ * the other may be missing. Resolve that here and now -+ */ -+# ifdef KRB5_HEIMDAL -+typedef unsigned char krb5_octet; -+# define FAR -+# else -+ -+# ifndef FAR -+# define FAR -+# endif -+ -+# endif -+ -+/*- -+ * Uncomment this to debug kssl problems or -+ * to trace usage of the Kerberos session key -+ * -+ * #define KSSL_DEBUG -+ */ -+ -+# ifndef KRB5SVC -+# define KRB5SVC "host" -+# endif -+ -+# ifndef KRB5KEYTAB -+# define KRB5KEYTAB "/etc/krb5.keytab" -+# endif -+ -+# ifndef KRB5SENDAUTH -+# define KRB5SENDAUTH 1 -+# endif -+ -+# ifndef KRB5CHECKAUTH -+# define KRB5CHECKAUTH 1 -+# endif -+ -+# ifndef KSSL_CLOCKSKEW -+# define KSSL_CLOCKSKEW 300; -+# endif -+ -+# define KSSL_ERR_MAX 255 -+typedef struct kssl_err_st { -+ int reason; -+ char text[KSSL_ERR_MAX + 1]; -+} KSSL_ERR; -+ -+/*- Context for passing -+ * (1) Kerberos session key to SSL, and -+ * (2) Config data between application and SSL lib -+ */ -+typedef struct kssl_ctx_st { -+ /* used by: disposition: */ -+ char *service_name; /* C,S default ok (kssl) */ -+ char *service_host; /* C input, REQUIRED */ -+ char *client_princ; /* S output from krb5 ticket */ -+ char *keytab_file; /* S NULL (/etc/krb5.keytab) */ -+ char *cred_cache; /* C NULL (default) */ -+ krb5_enctype enctype; -+ int length; -+ krb5_octet FAR *key; -+} KSSL_CTX; -+ -+# define KSSL_CLIENT 1 -+# define KSSL_SERVER 2 -+# define KSSL_SERVICE 3 -+# define KSSL_KEYTAB 4 -+ -+# define KSSL_CTX_OK 0 -+# define KSSL_CTX_ERR 1 -+# define KSSL_NOMEM 2 -+ -+/* Public (for use by applications that use OpenSSL with Kerberos 5 support */ -+krb5_error_code kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text); -+KSSL_CTX *kssl_ctx_new(void); -+KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx); -+void kssl_ctx_show(KSSL_CTX *kssl_ctx); -+krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, -+ krb5_data *realm, krb5_data *entity, -+ int nentities); -+krb5_error_code kssl_cget_tkt(KSSL_CTX *kssl_ctx, krb5_data **enc_tktp, -+ krb5_data *authenp, KSSL_ERR *kssl_err); -+krb5_error_code kssl_sget_tkt(KSSL_CTX *kssl_ctx, krb5_data *indata, -+ krb5_ticket_times *ttimes, KSSL_ERR *kssl_err); -+krb5_error_code kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session); -+void kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text); -+void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data); -+krb5_error_code kssl_build_principal_2(krb5_context context, -+ krb5_principal *princ, int rlen, -+ const char *realm, int slen, -+ const char *svc, int hlen, -+ const char *host); -+krb5_error_code kssl_validate_times(krb5_timestamp atime, -+ krb5_ticket_times *ttimes); -+krb5_error_code kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp, -+ krb5_timestamp *atimep, -+ KSSL_ERR *kssl_err); -+unsigned char *kssl_skip_confound(krb5_enctype enctype, unsigned char *authn); -+ -+void SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx); -+KSSL_CTX *SSL_get0_kssl_ctx(SSL *s); -+char *kssl_ctx_get0_client_princ(KSSL_CTX *kctx); -+ -+#ifdef __cplusplus -+} -+#endif -+# endif /* OPENSSL_NO_KRB5 */ -+#endif /* KSSL_H */ -diff --git a/Cryptlib/Include/openssl/lhash.h b/Cryptlib/Include/openssl/lhash.h -index e2ccb65..b6c328b 100644 ---- a/Cryptlib/Include/openssl/lhash.h -+++ b/Cryptlib/Include/openssl/lhash.h -@@ -1,10 +1,59 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/lhash/lhash.h */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - /* -@@ -15,18 +64,30 @@ - # define HEADER_LHASH_H - - # include --# include -+# ifndef OPENSSL_NO_FP_API -+# include -+# endif -+ -+# ifndef OPENSSL_NO_BIO -+# include -+# endif - - #ifdef __cplusplus - extern "C" { - #endif - --typedef struct lhash_node_st OPENSSL_LH_NODE; --typedef int (*OPENSSL_LH_COMPFUNC) (const void *, const void *); --typedef unsigned long (*OPENSSL_LH_HASHFUNC) (const void *); --typedef void (*OPENSSL_LH_DOALL_FUNC) (void *); --typedef void (*OPENSSL_LH_DOALL_FUNCARG) (void *, void *); --typedef struct lhash_st OPENSSL_LHASH; -+typedef struct lhash_node_st { -+ void *data; -+ struct lhash_node_st *next; -+# ifndef OPENSSL_NO_HASH_COMP -+ unsigned long hash; -+# endif -+} LHASH_NODE; -+ -+typedef int (*LHASH_COMP_FN_TYPE) (const void *, const void *); -+typedef unsigned long (*LHASH_HASH_FN_TYPE) (const void *); -+typedef void (*LHASH_DOALL_FN_TYPE) (void *); -+typedef void (*LHASH_DOALL_ARG_FN_TYPE) (void *, void *); - - /* - * Macros for declaring and implementing type-safe wrappers for LHASH -@@ -56,6 +117,15 @@ typedef struct lhash_st OPENSSL_LHASH; - return name##_cmp(a,b); } - # define LHASH_COMP_FN(name) name##_LHASH_COMP - -+/* Third: "doall" functions */ -+# define DECLARE_LHASH_DOALL_FN(name, o_type) \ -+ void name##_LHASH_DOALL(void *); -+# define IMPLEMENT_LHASH_DOALL_FN(name, o_type) \ -+ void name##_LHASH_DOALL(void *arg) { \ -+ o_type *a = arg; \ -+ name##_doall(a); } -+# define LHASH_DOALL_FN(name) name##_LHASH_DOALL -+ - /* Fourth: "doall_arg" functions */ - # define DECLARE_LHASH_DOALL_ARG_FN(name, o_type, a_type) \ - void name##_LHASH_DOALL_ARG(void *, void *); -@@ -66,136 +136,102 @@ typedef struct lhash_st OPENSSL_LHASH; - name##_doall_arg(a, b); } - # define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG - -+typedef struct lhash_st { -+ LHASH_NODE **b; -+ LHASH_COMP_FN_TYPE comp; -+ LHASH_HASH_FN_TYPE hash; -+ unsigned int num_nodes; -+ unsigned int num_alloc_nodes; -+ unsigned int p; -+ unsigned int pmax; -+ unsigned long up_load; /* load times 256 */ -+ unsigned long down_load; /* load times 256 */ -+ unsigned long num_items; -+ unsigned long num_expands; -+ unsigned long num_expand_reallocs; -+ unsigned long num_contracts; -+ unsigned long num_contract_reallocs; -+ unsigned long num_hash_calls; -+ unsigned long num_comp_calls; -+ unsigned long num_insert; -+ unsigned long num_replace; -+ unsigned long num_delete; -+ unsigned long num_no_delete; -+ unsigned long num_retrieve; -+ unsigned long num_retrieve_miss; -+ unsigned long num_hash_comps; -+ int error; -+} _LHASH; /* Do not use _LHASH directly, use LHASH_OF -+ * and friends */ - - # define LH_LOAD_MULT 256 - --int OPENSSL_LH_error(OPENSSL_LHASH *lh); --OPENSSL_LHASH *OPENSSL_LH_new(OPENSSL_LH_HASHFUNC h, OPENSSL_LH_COMPFUNC c); --void OPENSSL_LH_free(OPENSSL_LHASH *lh); --void *OPENSSL_LH_insert(OPENSSL_LHASH *lh, void *data); --void *OPENSSL_LH_delete(OPENSSL_LHASH *lh, const void *data); --void *OPENSSL_LH_retrieve(OPENSSL_LHASH *lh, const void *data); --void OPENSSL_LH_doall(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNC func); --void OPENSSL_LH_doall_arg(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNCARG func, void *arg); --unsigned long OPENSSL_LH_strhash(const char *c); --unsigned long OPENSSL_LH_num_items(const OPENSSL_LHASH *lh); --unsigned long OPENSSL_LH_get_down_load(const OPENSSL_LHASH *lh); --void OPENSSL_LH_set_down_load(OPENSSL_LHASH *lh, unsigned long down_load); -- --# ifndef OPENSSL_NO_STDIO --void OPENSSL_LH_stats(const OPENSSL_LHASH *lh, FILE *fp); --void OPENSSL_LH_node_stats(const OPENSSL_LHASH *lh, FILE *fp); --void OPENSSL_LH_node_usage_stats(const OPENSSL_LHASH *lh, FILE *fp); -+/* -+ * Indicates a malloc() error in the last call, this is only bad in -+ * lh_insert(). -+ */ -+# define lh_error(lh) ((lh)->error) -+ -+_LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c); -+void lh_free(_LHASH *lh); -+void *lh_insert(_LHASH *lh, void *data); -+void *lh_delete(_LHASH *lh, const void *data); -+void *lh_retrieve(_LHASH *lh, const void *data); -+void lh_doall(_LHASH *lh, LHASH_DOALL_FN_TYPE func); -+void lh_doall_arg(_LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg); -+unsigned long lh_strhash(const char *c); -+unsigned long lh_num_items(const _LHASH *lh); -+ -+# ifndef OPENSSL_NO_FP_API -+void lh_stats(const _LHASH *lh, FILE *out); -+void lh_node_stats(const _LHASH *lh, FILE *out); -+void lh_node_usage_stats(const _LHASH *lh, FILE *out); - # endif --void OPENSSL_LH_stats_bio(const OPENSSL_LHASH *lh, BIO *out); --void OPENSSL_LH_node_stats_bio(const OPENSSL_LHASH *lh, BIO *out); --void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out); -- --# if OPENSSL_API_COMPAT < 0x10100000L --# define _LHASH OPENSSL_LHASH --# define LHASH_NODE OPENSSL_LH_NODE --# define lh_error OPENSSL_LH_error --# define lh_new OPENSSL_lh_new --# define lh_free OPENSSL_LH_free --# define lh_insert OPENSSL_LH_insert --# define lh_delete OPENSSL_LH_delete --# define lh_retrieve OPENSSL_LH_retrieve --# define lh_doall OPENSSL_LH_doall --# define lh_doall_arg OPENSSL_LH_doall_arg --# define lh_strhash OPENSSL_LH_strhash --# define lh_num_items OPENSSL_LH_num_items --# ifndef OPENSSL_NO_STDIO --# define lh_stats OPENSSL_LH_stats --# define lh_node_stats OPENSSL_LH_node_stats --# define lh_node_usage_stats OPENSSL_LH_node_usage_stats --# endif --# define lh_stats_bio OPENSSL_LH_stats_bio --# define lh_node_stats_bio OPENSSL_LH_node_stats_bio --# define lh_node_usage_stats_bio OPENSSL_LH_node_usage_stats_bio -+ -+# ifndef OPENSSL_NO_BIO -+void lh_stats_bio(const _LHASH *lh, BIO *out); -+void lh_node_stats_bio(const _LHASH *lh, BIO *out); -+void lh_node_usage_stats_bio(const _LHASH *lh, BIO *out); - # endif - - /* Type checking... */ - - # define LHASH_OF(type) struct lhash_st_##type - --# define DEFINE_LHASH_OF(type) \ -- LHASH_OF(type) { union lh_##type##_dummy { void* d1; unsigned long d2; int d3; } dummy; }; \ -- static ossl_inline LHASH_OF(type) * \ -- lh_##type##_new(unsigned long (*hfn)(const type *), \ -- int (*cfn)(const type *, const type *)) \ -- { \ -- return (LHASH_OF(type) *) \ -- OPENSSL_LH_new((OPENSSL_LH_HASHFUNC)hfn, (OPENSSL_LH_COMPFUNC)cfn); \ -- } \ -- static ossl_inline void lh_##type##_free(LHASH_OF(type) *lh) \ -- { \ -- OPENSSL_LH_free((OPENSSL_LHASH *)lh); \ -- } \ -- static ossl_inline type *lh_##type##_insert(LHASH_OF(type) *lh, type *d) \ -- { \ -- return (type *)OPENSSL_LH_insert((OPENSSL_LHASH *)lh, d); \ -- } \ -- static ossl_inline type *lh_##type##_delete(LHASH_OF(type) *lh, const type *d) \ -- { \ -- return (type *)OPENSSL_LH_delete((OPENSSL_LHASH *)lh, d); \ -- } \ -- static ossl_inline type *lh_##type##_retrieve(LHASH_OF(type) *lh, const type *d) \ -- { \ -- return (type *)OPENSSL_LH_retrieve((OPENSSL_LHASH *)lh, d); \ -- } \ -- static ossl_inline int lh_##type##_error(LHASH_OF(type) *lh) \ -- { \ -- return OPENSSL_LH_error((OPENSSL_LHASH *)lh); \ -- } \ -- static ossl_inline unsigned long lh_##type##_num_items(LHASH_OF(type) *lh) \ -- { \ -- return OPENSSL_LH_num_items((OPENSSL_LHASH *)lh); \ -- } \ -- static ossl_inline void lh_##type##_node_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ -- { \ -- OPENSSL_LH_node_stats_bio((const OPENSSL_LHASH *)lh, out); \ -- } \ -- static ossl_inline void lh_##type##_node_usage_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ -- { \ -- OPENSSL_LH_node_usage_stats_bio((const OPENSSL_LHASH *)lh, out); \ -- } \ -- static ossl_inline void lh_##type##_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ -- { \ -- OPENSSL_LH_stats_bio((const OPENSSL_LHASH *)lh, out); \ -- } \ -- static ossl_inline unsigned long lh_##type##_get_down_load(LHASH_OF(type) *lh) \ -- { \ -- return OPENSSL_LH_get_down_load((OPENSSL_LHASH *)lh); \ -- } \ -- static ossl_inline void lh_##type##_set_down_load(LHASH_OF(type) *lh, unsigned long dl) \ -- { \ -- OPENSSL_LH_set_down_load((OPENSSL_LHASH *)lh, dl); \ -- } \ -- static ossl_inline void lh_##type##_doall(LHASH_OF(type) *lh, \ -- void (*doall)(type *)) \ -- { \ -- OPENSSL_LH_doall((OPENSSL_LHASH *)lh, (OPENSSL_LH_DOALL_FUNC)doall); \ -- } \ -- LHASH_OF(type) -- --#define IMPLEMENT_LHASH_DOALL_ARG_CONST(type, argtype) \ -- int_implement_lhash_doall(type, argtype, const type) -- --#define IMPLEMENT_LHASH_DOALL_ARG(type, argtype) \ -- int_implement_lhash_doall(type, argtype, type) -- --#define int_implement_lhash_doall(type, argtype, cbargtype) \ -- static ossl_inline void \ -- lh_##type##_doall_##argtype(LHASH_OF(type) *lh, \ -- void (*fn)(cbargtype *, argtype *), \ -- argtype *arg) \ -- { \ -- OPENSSL_LH_doall_arg((OPENSSL_LHASH *)lh, (OPENSSL_LH_DOALL_FUNCARG)fn, (void *)arg); \ -- } \ -- LHASH_OF(type) -- --DEFINE_LHASH_OF(OPENSSL_STRING); --DEFINE_LHASH_OF(OPENSSL_CSTRING); -+# define DECLARE_LHASH_OF(type) LHASH_OF(type) { int dummy; } -+ -+# define CHECKED_LHASH_OF(type,lh) \ -+ ((_LHASH *)CHECKED_PTR_OF(LHASH_OF(type),lh)) -+ -+/* Define wrapper functions. */ -+# define LHM_lh_new(type, name) \ -+ ((LHASH_OF(type) *)lh_new(LHASH_HASH_FN(name), LHASH_COMP_FN(name))) -+# define LHM_lh_error(type, lh) \ -+ lh_error(CHECKED_LHASH_OF(type,lh)) -+# define LHM_lh_insert(type, lh, inst) \ -+ ((type *)lh_insert(CHECKED_LHASH_OF(type, lh), \ -+ CHECKED_PTR_OF(type, inst))) -+# define LHM_lh_retrieve(type, lh, inst) \ -+ ((type *)lh_retrieve(CHECKED_LHASH_OF(type, lh), \ -+ CHECKED_PTR_OF(type, inst))) -+# define LHM_lh_delete(type, lh, inst) \ -+ ((type *)lh_delete(CHECKED_LHASH_OF(type, lh), \ -+ CHECKED_PTR_OF(type, inst))) -+# define LHM_lh_doall(type, lh,fn) lh_doall(CHECKED_LHASH_OF(type, lh), fn) -+# define LHM_lh_doall_arg(type, lh, fn, arg_type, arg) \ -+ lh_doall_arg(CHECKED_LHASH_OF(type, lh), fn, CHECKED_PTR_OF(arg_type, arg)) -+# define LHM_lh_num_items(type, lh) lh_num_items(CHECKED_LHASH_OF(type, lh)) -+# define LHM_lh_down_load(type, lh) (CHECKED_LHASH_OF(type, lh)->down_load) -+# define LHM_lh_node_stats_bio(type, lh, out) \ -+ lh_node_stats_bio(CHECKED_LHASH_OF(type, lh), out) -+# define LHM_lh_node_usage_stats_bio(type, lh, out) \ -+ lh_node_usage_stats_bio(CHECKED_LHASH_OF(type, lh), out) -+# define LHM_lh_stats_bio(type, lh, out) \ -+ lh_stats_bio(CHECKED_LHASH_OF(type, lh), out) -+# define LHM_lh_free(type, lh) lh_free(CHECKED_LHASH_OF(type, lh)) -+ -+DECLARE_LHASH_OF(OPENSSL_STRING); -+DECLARE_LHASH_OF(OPENSSL_CSTRING); - - #ifdef __cplusplus - } -diff --git a/Cryptlib/Include/openssl/md2.h b/Cryptlib/Include/openssl/md2.h -deleted file mode 100644 -index 7faf8e3..0000000 ---- a/Cryptlib/Include/openssl/md2.h -+++ /dev/null -@@ -1,44 +0,0 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#ifndef HEADER_MD2_H --# define HEADER_MD2_H -- --# include -- --# ifndef OPENSSL_NO_MD2 --# include --# ifdef __cplusplus --extern "C" { --# endif -- --typedef unsigned char MD2_INT; -- --# define MD2_DIGEST_LENGTH 16 --# define MD2_BLOCK 16 -- --typedef struct MD2state_st { -- unsigned int num; -- unsigned char data[MD2_BLOCK]; -- MD2_INT cksm[MD2_BLOCK]; -- MD2_INT state[MD2_BLOCK]; --} MD2_CTX; -- --const char *MD2_options(void); --int MD2_Init(MD2_CTX *c); --int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len); --int MD2_Final(unsigned char *md, MD2_CTX *c); --unsigned char *MD2(const unsigned char *d, size_t n, unsigned char *md); -- --# ifdef __cplusplus --} --# endif --# endif -- --#endif -diff --git a/Cryptlib/Include/openssl/md4.h b/Cryptlib/Include/openssl/md4.h -index 940e29d..11fd712 100644 ---- a/Cryptlib/Include/openssl/md4.h -+++ b/Cryptlib/Include/openssl/md4.h -@@ -1,30 +1,97 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/md4/md4.h */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #ifndef HEADER_MD4_H - # define HEADER_MD4_H - --# include -- --# ifndef OPENSSL_NO_MD4 - # include - # include --# ifdef __cplusplus -+ -+#ifdef __cplusplus - extern "C" { -+#endif -+ -+# ifdef OPENSSL_NO_MD4 -+# error MD4 is disabled. - # endif - - /*- - * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -- * ! MD4_LONG has to be at least 32 bits wide. ! -+ * ! MD4_LONG has to be at least 32 bits wide. If it's wider, then ! -+ * ! MD4_LONG_LOG2 has to be defined along. ! - * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! - */ --# define MD4_LONG unsigned int -+ -+# if defined(__LP32__) -+# define MD4_LONG unsigned long -+# elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) -+# define MD4_LONG unsigned long -+# define MD4_LONG_LOG2 3 -+/* -+ * _CRAY note. I could declare short, but I have no idea what impact -+ * does it have on performance on none-T3E machines. I could declare -+ * int, but at least on C90 sizeof(int) can be chosen at compile time. -+ * So I've chosen long... -+ * -+ */ -+# else -+# define MD4_LONG unsigned int -+# endif - - # define MD4_CBLOCK 64 - # define MD4_LBLOCK (MD4_CBLOCK/4) -@@ -37,15 +104,16 @@ typedef struct MD4state_st { - unsigned int num; - } MD4_CTX; - -+# ifdef OPENSSL_FIPS -+int private_MD4_Init(MD4_CTX *c); -+# endif - int MD4_Init(MD4_CTX *c); - int MD4_Update(MD4_CTX *c, const void *data, size_t len); - int MD4_Final(unsigned char *md, MD4_CTX *c); - unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md); - void MD4_Transform(MD4_CTX *c, const unsigned char *b); -- --# ifdef __cplusplus -+#ifdef __cplusplus - } --# endif --# endif -+#endif - - #endif -diff --git a/Cryptlib/Include/openssl/md5.h b/Cryptlib/Include/openssl/md5.h -index 2deb772..2659038 100644 ---- a/Cryptlib/Include/openssl/md5.h -+++ b/Cryptlib/Include/openssl/md5.h -@@ -1,30 +1,97 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/md5/md5.h */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #ifndef HEADER_MD5_H - # define HEADER_MD5_H - --# include -- --# ifndef OPENSSL_NO_MD5 - # include - # include --# ifdef __cplusplus -+ -+#ifdef __cplusplus - extern "C" { -+#endif -+ -+# ifdef OPENSSL_NO_MD5 -+# error MD5 is disabled. - # endif - - /* - * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -- * ! MD5_LONG has to be at least 32 bits wide. ! -+ * ! MD5_LONG has to be at least 32 bits wide. If it's wider, then ! -+ * ! MD5_LONG_LOG2 has to be defined along. ! - * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! - */ --# define MD5_LONG unsigned int -+ -+# if defined(__LP32__) -+# define MD5_LONG unsigned long -+# elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) -+# define MD5_LONG unsigned long -+# define MD5_LONG_LOG2 3 -+/* -+ * _CRAY note. I could declare short, but I have no idea what impact -+ * does it have on performance on none-T3E machines. I could declare -+ * int, but at least on C90 sizeof(int) can be chosen at compile time. -+ * So I've chosen long... -+ * -+ */ -+# else -+# define MD5_LONG unsigned int -+# endif - - # define MD5_CBLOCK 64 - # define MD5_LBLOCK (MD5_CBLOCK/4) -@@ -37,14 +104,16 @@ typedef struct MD5state_st { - unsigned int num; - } MD5_CTX; - -+# ifdef OPENSSL_FIPS -+int private_MD5_Init(MD5_CTX *c); -+# endif - int MD5_Init(MD5_CTX *c); - int MD5_Update(MD5_CTX *c, const void *data, size_t len); - int MD5_Final(unsigned char *md, MD5_CTX *c); - unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md); - void MD5_Transform(MD5_CTX *c, const unsigned char *b); --# ifdef __cplusplus -+#ifdef __cplusplus - } --# endif --# endif -+#endif - - #endif -diff --git a/Cryptlib/Include/openssl/mdc2.h b/Cryptlib/Include/openssl/mdc2.h -index aabd2bf..7efe53b 100644 ---- a/Cryptlib/Include/openssl/mdc2.h -+++ b/Cryptlib/Include/openssl/mdc2.h -@@ -1,22 +1,72 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/mdc2/mdc2.h */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #ifndef HEADER_MDC2_H - # define HEADER_MDC2_H - --# include -- --#ifndef OPENSSL_NO_MDC2 --# include - # include --# ifdef __cplusplus -+ -+#ifdef __cplusplus - extern "C" { -+#endif -+ -+# ifdef OPENSSL_NO_MDC2 -+# error MDC2 is disabled. - # endif - - # define MDC2_BLOCK 8 -@@ -29,14 +79,16 @@ typedef struct mdc2_ctx_st { - int pad_type; /* either 1 or 2, default 1 */ - } MDC2_CTX; - -+# ifdef OPENSSL_FIPS -+int private_MDC2_Init(MDC2_CTX *c); -+# endif - int MDC2_Init(MDC2_CTX *c); - int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len); - int MDC2_Final(unsigned char *md, MDC2_CTX *c); - unsigned char *MDC2(const unsigned char *d, size_t n, unsigned char *md); - --# ifdef __cplusplus -+#ifdef __cplusplus - } --# endif --# endif -+#endif - - #endif -diff --git a/Cryptlib/Include/openssl/modes.h b/Cryptlib/Include/openssl/modes.h -index a04c6a5..fd48849 100644 ---- a/Cryptlib/Include/openssl/modes.h -+++ b/Cryptlib/Include/openssl/modes.h -@@ -1,10 +1,8 @@ --/* -- * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* ==================================================================== -+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * Rights for redistribution and usage in source and binary -+ * forms are granted according to the OpenSSL license. - */ - - #include -@@ -159,44 +157,6 @@ size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv, - unsigned char *out, - const unsigned char *in, size_t inlen, - block128_f block); --size_t CRYPTO_128_wrap_pad(void *key, const unsigned char *icv, -- unsigned char *out, const unsigned char *in, -- size_t inlen, block128_f block); --size_t CRYPTO_128_unwrap_pad(void *key, const unsigned char *icv, -- unsigned char *out, const unsigned char *in, -- size_t inlen, block128_f block); -- --#ifndef OPENSSL_NO_OCB --typedef struct ocb128_context OCB128_CONTEXT; -- --typedef void (*ocb128_f) (const unsigned char *in, unsigned char *out, -- size_t blocks, const void *key, -- size_t start_block_num, -- unsigned char offset_i[16], -- const unsigned char L_[][16], -- unsigned char checksum[16]); -- --OCB128_CONTEXT *CRYPTO_ocb128_new(void *keyenc, void *keydec, -- block128_f encrypt, block128_f decrypt, -- ocb128_f stream); --int CRYPTO_ocb128_init(OCB128_CONTEXT *ctx, void *keyenc, void *keydec, -- block128_f encrypt, block128_f decrypt, -- ocb128_f stream); --int CRYPTO_ocb128_copy_ctx(OCB128_CONTEXT *dest, OCB128_CONTEXT *src, -- void *keyenc, void *keydec); --int CRYPTO_ocb128_setiv(OCB128_CONTEXT *ctx, const unsigned char *iv, -- size_t len, size_t taglen); --int CRYPTO_ocb128_aad(OCB128_CONTEXT *ctx, const unsigned char *aad, -- size_t len); --int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx, const unsigned char *in, -- unsigned char *out, size_t len); --int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx, const unsigned char *in, -- unsigned char *out, size_t len); --int CRYPTO_ocb128_finish(OCB128_CONTEXT *ctx, const unsigned char *tag, -- size_t len); --int CRYPTO_ocb128_tag(OCB128_CONTEXT *ctx, unsigned char *tag, size_t len); --void CRYPTO_ocb128_cleanup(OCB128_CONTEXT *ctx); --#endif /* OPENSSL_NO_OCB */ - - #ifdef __cplusplus - } -diff --git a/Cryptlib/Include/openssl/obj_mac.h b/Cryptlib/Include/openssl/obj_mac.h -index f97f3ea..779c309 100644 ---- a/Cryptlib/Include/openssl/obj_mac.h -+++ b/Cryptlib/Include/openssl/obj_mac.h -@@ -1,12 +1,65 @@ -+/* crypto/objects/obj_mac.h */ -+ - /* -- * WARNING: do not edit! -- * Generated by crypto/objects/objects.pl -+ * THIS FILE IS GENERATED FROM objects.txt by objects.pl via the following -+ * command: perl objects.pl objects.txt obj_mac.num obj_mac.h -+ */ -+ -+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * -- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #define SN_undef "UNDEF" -@@ -800,22 +853,10 @@ - #define NID_id_smime_ct_compressedData 786 - #define OBJ_id_smime_ct_compressedData OBJ_id_smime_ct,9L - --#define SN_id_smime_ct_contentCollection "id-smime-ct-contentCollection" --#define NID_id_smime_ct_contentCollection 1058 --#define OBJ_id_smime_ct_contentCollection OBJ_id_smime_ct,19L -- --#define SN_id_smime_ct_authEnvelopedData "id-smime-ct-authEnvelopedData" --#define NID_id_smime_ct_authEnvelopedData 1059 --#define OBJ_id_smime_ct_authEnvelopedData OBJ_id_smime_ct,23L -- - #define SN_id_ct_asciiTextWithCRLF "id-ct-asciiTextWithCRLF" - #define NID_id_ct_asciiTextWithCRLF 787 - #define OBJ_id_ct_asciiTextWithCRLF OBJ_id_smime_ct,27L - --#define SN_id_ct_xml "id-ct-xml" --#define NID_id_ct_xml 1060 --#define OBJ_id_ct_xml OBJ_id_smime_ct,28L -- - #define SN_id_smime_aa_receiptRequest "id-smime-aa-receiptRequest" - #define NID_id_smime_aa_receiptRequest 212 - #define OBJ_id_smime_aa_receiptRequest OBJ_id_smime_aa,1L -@@ -1449,11 +1490,6 @@ - #define NID_proxyCertInfo 663 - #define OBJ_proxyCertInfo OBJ_id_pe,14L - --#define SN_tlsfeature "tlsfeature" --#define LN_tlsfeature "TLS Feature" --#define NID_tlsfeature 1020 --#define OBJ_tlsfeature OBJ_id_pe,24L -- - #define SN_id_qt_cps "id-qt-cps" - #define LN_id_qt_cps "Policy Qualifier CPS" - #define NID_id_qt_cps 164 -@@ -1518,51 +1554,6 @@ - #define NID_dvcs 297 - #define OBJ_dvcs OBJ_id_kp,10L - --#define SN_ipsec_IKE "ipsecIKE" --#define LN_ipsec_IKE "ipsec Internet Key Exchange" --#define NID_ipsec_IKE 1022 --#define OBJ_ipsec_IKE OBJ_id_kp,17L -- --#define SN_capwapAC "capwapAC" --#define LN_capwapAC "Ctrl/provision WAP Access" --#define NID_capwapAC 1023 --#define OBJ_capwapAC OBJ_id_kp,18L -- --#define SN_capwapWTP "capwapWTP" --#define LN_capwapWTP "Ctrl/Provision WAP Termination" --#define NID_capwapWTP 1024 --#define OBJ_capwapWTP OBJ_id_kp,19L -- --#define SN_sshClient "secureShellClient" --#define LN_sshClient "SSH Client" --#define NID_sshClient 1025 --#define OBJ_sshClient OBJ_id_kp,21L -- --#define SN_sshServer "secureShellServer" --#define LN_sshServer "SSH Server" --#define NID_sshServer 1026 --#define OBJ_sshServer OBJ_id_kp,22L -- --#define SN_sendRouter "sendRouter" --#define LN_sendRouter "Send Router" --#define NID_sendRouter 1027 --#define OBJ_sendRouter OBJ_id_kp,23L -- --#define SN_sendProxiedRouter "sendProxiedRouter" --#define LN_sendProxiedRouter "Send Proxied Router" --#define NID_sendProxiedRouter 1028 --#define OBJ_sendProxiedRouter OBJ_id_kp,24L -- --#define SN_sendOwner "sendOwner" --#define LN_sendOwner "Send Owner" --#define NID_sendOwner 1029 --#define OBJ_sendOwner OBJ_id_kp,25L -- --#define SN_sendProxiedOwner "sendProxiedOwner" --#define LN_sendProxiedOwner "Send Proxied Owner" --#define NID_sendProxiedOwner 1030 --#define OBJ_sendProxiedOwner OBJ_id_kp,26L -- - #define SN_id_it_caProtEncCert "id-it-caProtEncCert" - #define NID_id_it_caProtEncCert 298 - #define OBJ_id_it_caProtEncCert OBJ_id_it,1L -@@ -2039,16 +2030,6 @@ - #define NID_ripemd160WithRSA 119 - #define OBJ_ripemd160WithRSA 1L,3L,36L,3L,3L,1L,2L - --#define SN_blake2b512 "BLAKE2b512" --#define LN_blake2b512 "blake2b512" --#define NID_blake2b512 1056 --#define OBJ_blake2b512 1L,3L,6L,1L,4L,1L,1722L,12L,2L,1L,16L -- --#define SN_blake2s256 "BLAKE2s256" --#define LN_blake2s256 "blake2s256" --#define NID_blake2s256 1057 --#define OBJ_blake2s256 1L,3L,6L,1L,4L,1L,1722L,12L,2L,2L,8L -- - #define SN_sxnet "SXNetID" - #define LN_sxnet "Strong Extranet ID" - #define NID_sxnet 143 -@@ -2373,7 +2354,7 @@ - #define OBJ_delta_crl OBJ_id_ce,27L - - #define SN_issuing_distribution_point "issuingDistributionPoint" --#define LN_issuing_distribution_point "X509v3 Issuing Distribution Point" -+#define LN_issuing_distribution_point "X509v3 Issuing Distrubution Point" - #define NID_issuing_distribution_point 770 - #define OBJ_issuing_distribution_point OBJ_id_ce,28L - -@@ -2598,6 +2579,11 @@ - #define NID_id_hex_multipart_message 508 - #define OBJ_id_hex_multipart_message OBJ_mime_mhs_headings,2L - -+#define SN_rle_compression "RLE" -+#define LN_rle_compression "run length compression" -+#define NID_rle_compression 124 -+#define OBJ_rle_compression 1L,1L,1L,1L,666L,1L -+ - #define SN_zlib_compression "ZLIB" - #define LN_zlib_compression "zlib compression" - #define NID_zlib_compression 125 -@@ -2759,18 +2745,6 @@ - #define LN_aes_256_ctr "aes-256-ctr" - #define NID_aes_256_ctr 906 - --#define SN_aes_128_ocb "AES-128-OCB" --#define LN_aes_128_ocb "aes-128-ocb" --#define NID_aes_128_ocb 958 -- --#define SN_aes_192_ocb "AES-192-OCB" --#define LN_aes_192_ocb "aes-192-ocb" --#define NID_aes_192_ocb 959 -- --#define SN_aes_256_ocb "AES-256-OCB" --#define LN_aes_256_ocb "aes-256-ocb" --#define NID_aes_256_ocb 960 -- - #define SN_aes_128_xts "AES-128-XTS" - #define LN_aes_128_xts "aes-128-xts" - #define NID_aes_128_xts 913 -@@ -3089,11 +3063,6 @@ - #define NID_friendlyCountryName 490 - #define OBJ_friendlyCountryName OBJ_pilotAttributeType,43L - --#define SN_uniqueIdentifier "uid" --#define LN_uniqueIdentifier "uniqueIdentifier" --#define NID_uniqueIdentifier 102 --#define OBJ_uniqueIdentifier OBJ_pilotAttributeType,44L -- - #define LN_organizationalStatus "organizationalStatus" - #define NID_organizationalStatus 491 - #define OBJ_organizationalStatus OBJ_pilotAttributeType,45L -@@ -3709,10 +3678,6 @@ - #define NID_cryptocom 806 - #define OBJ_cryptocom OBJ_member_body,643L,2L,9L - --#define SN_id_tc26 "id-tc26" --#define NID_id_tc26 974 --#define OBJ_id_tc26 OBJ_member_body,643L,7L,1L -- - #define SN_id_GostR3411_94_with_GostR3410_2001 "id-GostR3411-94-with-GostR3410-2001" - #define LN_id_GostR3411_94_with_GostR3410_2001 "GOST R 34.11-94 with GOST R 34.10-2001" - #define NID_id_GostR3411_94_with_GostR3410_2001 807 -@@ -3751,26 +3716,11 @@ - #define SN_gost89_cnt "gost89-cnt" - #define NID_gost89_cnt 814 - --#define SN_gost89_cnt_12 "gost89-cnt-12" --#define NID_gost89_cnt_12 975 -- --#define SN_gost89_cbc "gost89-cbc" --#define NID_gost89_cbc 1009 -- --#define SN_gost89_ecb "gost89-ecb" --#define NID_gost89_ecb 1010 -- --#define SN_gost89_ctr "gost89-ctr" --#define NID_gost89_ctr 1011 -- - #define SN_id_Gost28147_89_MAC "gost-mac" - #define LN_id_Gost28147_89_MAC "GOST 28147-89 MAC" - #define NID_id_Gost28147_89_MAC 815 - #define OBJ_id_Gost28147_89_MAC OBJ_cryptopro,22L - --#define SN_gost_mac_12 "gost-mac-12" --#define NID_gost_mac_12 976 -- - #define SN_id_GostR3411_94_prf "prf-gostr3411-94" - #define LN_id_GostR3411_94_prf "GOST R 34.11-94 PRF" - #define NID_id_GostR3411_94_prf 816 -@@ -3936,169 +3886,6 @@ - #define NID_id_GostR3410_2001_ParamSet_cc 854 - #define OBJ_id_GostR3410_2001_ParamSet_cc OBJ_cryptocom,1L,8L,1L - --#define SN_id_tc26_algorithms "id-tc26-algorithms" --#define NID_id_tc26_algorithms 977 --#define OBJ_id_tc26_algorithms OBJ_id_tc26,1L -- --#define SN_id_tc26_sign "id-tc26-sign" --#define NID_id_tc26_sign 978 --#define OBJ_id_tc26_sign OBJ_id_tc26_algorithms,1L -- --#define SN_id_GostR3410_2012_256 "gost2012_256" --#define LN_id_GostR3410_2012_256 "GOST R 34.10-2012 with 256 bit modulus" --#define NID_id_GostR3410_2012_256 979 --#define OBJ_id_GostR3410_2012_256 OBJ_id_tc26_sign,1L -- --#define SN_id_GostR3410_2012_512 "gost2012_512" --#define LN_id_GostR3410_2012_512 "GOST R 34.10-2012 with 512 bit modulus" --#define NID_id_GostR3410_2012_512 980 --#define OBJ_id_GostR3410_2012_512 OBJ_id_tc26_sign,2L -- --#define SN_id_tc26_digest "id-tc26-digest" --#define NID_id_tc26_digest 981 --#define OBJ_id_tc26_digest OBJ_id_tc26_algorithms,2L -- --#define SN_id_GostR3411_2012_256 "md_gost12_256" --#define LN_id_GostR3411_2012_256 "GOST R 34.11-2012 with 256 bit hash" --#define NID_id_GostR3411_2012_256 982 --#define OBJ_id_GostR3411_2012_256 OBJ_id_tc26_digest,2L -- --#define SN_id_GostR3411_2012_512 "md_gost12_512" --#define LN_id_GostR3411_2012_512 "GOST R 34.11-2012 with 512 bit hash" --#define NID_id_GostR3411_2012_512 983 --#define OBJ_id_GostR3411_2012_512 OBJ_id_tc26_digest,3L -- --#define SN_id_tc26_signwithdigest "id-tc26-signwithdigest" --#define NID_id_tc26_signwithdigest 984 --#define OBJ_id_tc26_signwithdigest OBJ_id_tc26_algorithms,3L -- --#define SN_id_tc26_signwithdigest_gost3410_2012_256 "id-tc26-signwithdigest-gost3410-2012-256" --#define LN_id_tc26_signwithdigest_gost3410_2012_256 "GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)" --#define NID_id_tc26_signwithdigest_gost3410_2012_256 985 --#define OBJ_id_tc26_signwithdigest_gost3410_2012_256 OBJ_id_tc26_signwithdigest,2L -- --#define SN_id_tc26_signwithdigest_gost3410_2012_512 "id-tc26-signwithdigest-gost3410-2012-512" --#define LN_id_tc26_signwithdigest_gost3410_2012_512 "GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)" --#define NID_id_tc26_signwithdigest_gost3410_2012_512 986 --#define OBJ_id_tc26_signwithdigest_gost3410_2012_512 OBJ_id_tc26_signwithdigest,3L -- --#define SN_id_tc26_mac "id-tc26-mac" --#define NID_id_tc26_mac 987 --#define OBJ_id_tc26_mac OBJ_id_tc26_algorithms,4L -- --#define SN_id_tc26_hmac_gost_3411_2012_256 "id-tc26-hmac-gost-3411-2012-256" --#define LN_id_tc26_hmac_gost_3411_2012_256 "HMAC GOST 34.11-2012 256 bit" --#define NID_id_tc26_hmac_gost_3411_2012_256 988 --#define OBJ_id_tc26_hmac_gost_3411_2012_256 OBJ_id_tc26_mac,1L -- --#define SN_id_tc26_hmac_gost_3411_2012_512 "id-tc26-hmac-gost-3411-2012-512" --#define LN_id_tc26_hmac_gost_3411_2012_512 "HMAC GOST 34.11-2012 512 bit" --#define NID_id_tc26_hmac_gost_3411_2012_512 989 --#define OBJ_id_tc26_hmac_gost_3411_2012_512 OBJ_id_tc26_mac,2L -- --#define SN_id_tc26_cipher "id-tc26-cipher" --#define NID_id_tc26_cipher 990 --#define OBJ_id_tc26_cipher OBJ_id_tc26_algorithms,5L -- --#define SN_id_tc26_agreement "id-tc26-agreement" --#define NID_id_tc26_agreement 991 --#define OBJ_id_tc26_agreement OBJ_id_tc26_algorithms,6L -- --#define SN_id_tc26_agreement_gost_3410_2012_256 "id-tc26-agreement-gost-3410-2012-256" --#define NID_id_tc26_agreement_gost_3410_2012_256 992 --#define OBJ_id_tc26_agreement_gost_3410_2012_256 OBJ_id_tc26_agreement,1L -- --#define SN_id_tc26_agreement_gost_3410_2012_512 "id-tc26-agreement-gost-3410-2012-512" --#define NID_id_tc26_agreement_gost_3410_2012_512 993 --#define OBJ_id_tc26_agreement_gost_3410_2012_512 OBJ_id_tc26_agreement,2L -- --#define SN_id_tc26_constants "id-tc26-constants" --#define NID_id_tc26_constants 994 --#define OBJ_id_tc26_constants OBJ_id_tc26,2L -- --#define SN_id_tc26_sign_constants "id-tc26-sign-constants" --#define NID_id_tc26_sign_constants 995 --#define OBJ_id_tc26_sign_constants OBJ_id_tc26_constants,1L -- --#define SN_id_tc26_gost_3410_2012_512_constants "id-tc26-gost-3410-2012-512-constants" --#define NID_id_tc26_gost_3410_2012_512_constants 996 --#define OBJ_id_tc26_gost_3410_2012_512_constants OBJ_id_tc26_sign_constants,2L -- --#define SN_id_tc26_gost_3410_2012_512_paramSetTest "id-tc26-gost-3410-2012-512-paramSetTest" --#define LN_id_tc26_gost_3410_2012_512_paramSetTest "GOST R 34.10-2012 (512 bit) testing parameter set" --#define NID_id_tc26_gost_3410_2012_512_paramSetTest 997 --#define OBJ_id_tc26_gost_3410_2012_512_paramSetTest OBJ_id_tc26_gost_3410_2012_512_constants,0L -- --#define SN_id_tc26_gost_3410_2012_512_paramSetA "id-tc26-gost-3410-2012-512-paramSetA" --#define LN_id_tc26_gost_3410_2012_512_paramSetA "GOST R 34.10-2012 (512 bit) ParamSet A" --#define NID_id_tc26_gost_3410_2012_512_paramSetA 998 --#define OBJ_id_tc26_gost_3410_2012_512_paramSetA OBJ_id_tc26_gost_3410_2012_512_constants,1L -- --#define SN_id_tc26_gost_3410_2012_512_paramSetB "id-tc26-gost-3410-2012-512-paramSetB" --#define LN_id_tc26_gost_3410_2012_512_paramSetB "GOST R 34.10-2012 (512 bit) ParamSet B" --#define NID_id_tc26_gost_3410_2012_512_paramSetB 999 --#define OBJ_id_tc26_gost_3410_2012_512_paramSetB OBJ_id_tc26_gost_3410_2012_512_constants,2L -- --#define SN_id_tc26_digest_constants "id-tc26-digest-constants" --#define NID_id_tc26_digest_constants 1000 --#define OBJ_id_tc26_digest_constants OBJ_id_tc26_constants,2L -- --#define SN_id_tc26_cipher_constants "id-tc26-cipher-constants" --#define NID_id_tc26_cipher_constants 1001 --#define OBJ_id_tc26_cipher_constants OBJ_id_tc26_constants,5L -- --#define SN_id_tc26_gost_28147_constants "id-tc26-gost-28147-constants" --#define NID_id_tc26_gost_28147_constants 1002 --#define OBJ_id_tc26_gost_28147_constants OBJ_id_tc26_cipher_constants,1L -- --#define SN_id_tc26_gost_28147_param_Z "id-tc26-gost-28147-param-Z" --#define LN_id_tc26_gost_28147_param_Z "GOST 28147-89 TC26 parameter set" --#define NID_id_tc26_gost_28147_param_Z 1003 --#define OBJ_id_tc26_gost_28147_param_Z OBJ_id_tc26_gost_28147_constants,1L -- --#define SN_INN "INN" --#define LN_INN "INN" --#define NID_INN 1004 --#define OBJ_INN OBJ_member_body,643L,3L,131L,1L,1L -- --#define SN_OGRN "OGRN" --#define LN_OGRN "OGRN" --#define NID_OGRN 1005 --#define OBJ_OGRN OBJ_member_body,643L,100L,1L -- --#define SN_SNILS "SNILS" --#define LN_SNILS "SNILS" --#define NID_SNILS 1006 --#define OBJ_SNILS OBJ_member_body,643L,100L,3L -- --#define SN_subjectSignTool "subjectSignTool" --#define LN_subjectSignTool "Signing Tool of Subject" --#define NID_subjectSignTool 1007 --#define OBJ_subjectSignTool OBJ_member_body,643L,100L,111L -- --#define SN_issuerSignTool "issuerSignTool" --#define LN_issuerSignTool "Signing Tool of Issuer" --#define NID_issuerSignTool 1008 --#define OBJ_issuerSignTool OBJ_member_body,643L,100L,112L -- --#define SN_grasshopper_ecb "grasshopper-ecb" --#define NID_grasshopper_ecb 1012 -- --#define SN_grasshopper_ctr "grasshopper-ctr" --#define NID_grasshopper_ctr 1013 -- --#define SN_grasshopper_ofb "grasshopper-ofb" --#define NID_grasshopper_ofb 1014 -- --#define SN_grasshopper_cbc "grasshopper-cbc" --#define NID_grasshopper_cbc 1015 -- --#define SN_grasshopper_cfb "grasshopper-cfb" --#define NID_grasshopper_cfb 1016 -- --#define SN_grasshopper_mac "grasshopper-mac" --#define NID_grasshopper_mac 1017 -- - #define SN_camellia_128_cbc "CAMELLIA-128-CBC" - #define LN_camellia_128_cbc "camellia-128-cbc" - #define NID_camellia_128_cbc 751 -@@ -4145,26 +3932,6 @@ - #define NID_camellia_128_cfb128 757 - #define OBJ_camellia_128_cfb128 OBJ_camellia,4L - --#define SN_camellia_128_gcm "CAMELLIA-128-GCM" --#define LN_camellia_128_gcm "camellia-128-gcm" --#define NID_camellia_128_gcm 961 --#define OBJ_camellia_128_gcm OBJ_camellia,6L -- --#define SN_camellia_128_ccm "CAMELLIA-128-CCM" --#define LN_camellia_128_ccm "camellia-128-ccm" --#define NID_camellia_128_ccm 962 --#define OBJ_camellia_128_ccm OBJ_camellia,7L -- --#define SN_camellia_128_ctr "CAMELLIA-128-CTR" --#define LN_camellia_128_ctr "camellia-128-ctr" --#define NID_camellia_128_ctr 963 --#define OBJ_camellia_128_ctr OBJ_camellia,9L -- --#define SN_camellia_128_cmac "CAMELLIA-128-CMAC" --#define LN_camellia_128_cmac "camellia-128-cmac" --#define NID_camellia_128_cmac 964 --#define OBJ_camellia_128_cmac OBJ_camellia,10L -- - #define SN_camellia_192_ecb "CAMELLIA-192-ECB" - #define LN_camellia_192_ecb "camellia-192-ecb" - #define NID_camellia_192_ecb 755 -@@ -4180,26 +3947,6 @@ - #define NID_camellia_192_cfb128 758 - #define OBJ_camellia_192_cfb128 OBJ_camellia,24L - --#define SN_camellia_192_gcm "CAMELLIA-192-GCM" --#define LN_camellia_192_gcm "camellia-192-gcm" --#define NID_camellia_192_gcm 965 --#define OBJ_camellia_192_gcm OBJ_camellia,26L -- --#define SN_camellia_192_ccm "CAMELLIA-192-CCM" --#define LN_camellia_192_ccm "camellia-192-ccm" --#define NID_camellia_192_ccm 966 --#define OBJ_camellia_192_ccm OBJ_camellia,27L -- --#define SN_camellia_192_ctr "CAMELLIA-192-CTR" --#define LN_camellia_192_ctr "camellia-192-ctr" --#define NID_camellia_192_ctr 967 --#define OBJ_camellia_192_ctr OBJ_camellia,29L -- --#define SN_camellia_192_cmac "CAMELLIA-192-CMAC" --#define LN_camellia_192_cmac "camellia-192-cmac" --#define NID_camellia_192_cmac 968 --#define OBJ_camellia_192_cmac OBJ_camellia,30L -- - #define SN_camellia_256_ecb "CAMELLIA-256-ECB" - #define LN_camellia_256_ecb "camellia-256-ecb" - #define NID_camellia_256_ecb 756 -@@ -4215,26 +3962,6 @@ - #define NID_camellia_256_cfb128 759 - #define OBJ_camellia_256_cfb128 OBJ_camellia,44L - --#define SN_camellia_256_gcm "CAMELLIA-256-GCM" --#define LN_camellia_256_gcm "camellia-256-gcm" --#define NID_camellia_256_gcm 969 --#define OBJ_camellia_256_gcm OBJ_camellia,46L -- --#define SN_camellia_256_ccm "CAMELLIA-256-CCM" --#define LN_camellia_256_ccm "camellia-256-ccm" --#define NID_camellia_256_ccm 970 --#define OBJ_camellia_256_ccm OBJ_camellia,47L -- --#define SN_camellia_256_ctr "CAMELLIA-256-CTR" --#define LN_camellia_256_ctr "camellia-256-ctr" --#define NID_camellia_256_ctr 971 --#define OBJ_camellia_256_ctr OBJ_camellia,49L -- --#define SN_camellia_256_cmac "CAMELLIA-256-CMAC" --#define LN_camellia_256_cmac "camellia-256-cmac" --#define NID_camellia_256_cmac 972 --#define OBJ_camellia_256_cmac OBJ_camellia,50L -- - #define SN_camellia_128_cfb1 "CAMELLIA-128-CFB1" - #define LN_camellia_128_cfb1 "camellia-128-cfb1" - #define NID_camellia_128_cfb1 760 -@@ -4320,14 +4047,6 @@ - #define LN_aes_256_cbc_hmac_sha256 "aes-256-cbc-hmac-sha256" - #define NID_aes_256_cbc_hmac_sha256 950 - --#define SN_chacha20_poly1305 "ChaCha20-Poly1305" --#define LN_chacha20_poly1305 "chacha20-poly1305" --#define NID_chacha20_poly1305 1018 -- --#define SN_chacha20 "ChaCha20" --#define LN_chacha20 "chacha20" --#define NID_chacha20 1019 -- - #define SN_dhpublicnumber "dhpublicnumber" - #define LN_dhpublicnumber "X9.42 DH" - #define NID_dhpublicnumber 920 -@@ -4473,105 +4192,3 @@ - #define LN_jurisdictionCountryName "jurisdictionCountryName" - #define NID_jurisdictionCountryName 957 - #define OBJ_jurisdictionCountryName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L -- --#define SN_id_scrypt "id-scrypt" --#define NID_id_scrypt 973 --#define OBJ_id_scrypt 1L,3L,6L,1L,4L,1L,11591L,4L,11L -- --#define SN_tls1_prf "TLS1-PRF" --#define LN_tls1_prf "tls1-prf" --#define NID_tls1_prf 1021 -- --#define SN_hkdf "HKDF" --#define LN_hkdf "hkdf" --#define NID_hkdf 1036 -- --#define SN_id_pkinit "id-pkinit" --#define NID_id_pkinit 1031 --#define OBJ_id_pkinit 1L,3L,6L,1L,5L,2L,3L -- --#define SN_pkInitClientAuth "pkInitClientAuth" --#define LN_pkInitClientAuth "PKINIT Client Auth" --#define NID_pkInitClientAuth 1032 --#define OBJ_pkInitClientAuth OBJ_id_pkinit,4L -- --#define SN_pkInitKDC "pkInitKDC" --#define LN_pkInitKDC "Signing KDC Response" --#define NID_pkInitKDC 1033 --#define OBJ_pkInitKDC OBJ_id_pkinit,5L -- --#define SN_X25519 "X25519" --#define NID_X25519 1034 --#define OBJ_X25519 1L,3L,101L,110L -- --#define SN_X448 "X448" --#define NID_X448 1035 --#define OBJ_X448 1L,3L,101L,111L -- --#define SN_kx_rsa "KxRSA" --#define LN_kx_rsa "kx-rsa" --#define NID_kx_rsa 1037 -- --#define SN_kx_ecdhe "KxECDHE" --#define LN_kx_ecdhe "kx-ecdhe" --#define NID_kx_ecdhe 1038 -- --#define SN_kx_dhe "KxDHE" --#define LN_kx_dhe "kx-dhe" --#define NID_kx_dhe 1039 -- --#define SN_kx_ecdhe_psk "KxECDHE-PSK" --#define LN_kx_ecdhe_psk "kx-ecdhe-psk" --#define NID_kx_ecdhe_psk 1040 -- --#define SN_kx_dhe_psk "KxDHE-PSK" --#define LN_kx_dhe_psk "kx-dhe-psk" --#define NID_kx_dhe_psk 1041 -- --#define SN_kx_rsa_psk "KxRSA_PSK" --#define LN_kx_rsa_psk "kx-rsa-psk" --#define NID_kx_rsa_psk 1042 -- --#define SN_kx_psk "KxPSK" --#define LN_kx_psk "kx-psk" --#define NID_kx_psk 1043 -- --#define SN_kx_srp "KxSRP" --#define LN_kx_srp "kx-srp" --#define NID_kx_srp 1044 -- --#define SN_kx_gost "KxGOST" --#define LN_kx_gost "kx-gost" --#define NID_kx_gost 1045 -- --#define SN_auth_rsa "AuthRSA" --#define LN_auth_rsa "auth-rsa" --#define NID_auth_rsa 1046 -- --#define SN_auth_ecdsa "AuthECDSA" --#define LN_auth_ecdsa "auth-ecdsa" --#define NID_auth_ecdsa 1047 -- --#define SN_auth_psk "AuthPSK" --#define LN_auth_psk "auth-psk" --#define NID_auth_psk 1048 -- --#define SN_auth_dss "AuthDSS" --#define LN_auth_dss "auth-dss" --#define NID_auth_dss 1049 -- --#define SN_auth_gost01 "AuthGOST01" --#define LN_auth_gost01 "auth-gost01" --#define NID_auth_gost01 1050 -- --#define SN_auth_gost12 "AuthGOST12" --#define LN_auth_gost12 "auth-gost12" --#define NID_auth_gost12 1051 -- --#define SN_auth_srp "AuthSRP" --#define LN_auth_srp "auth-srp" --#define NID_auth_srp 1052 -- --#define SN_auth_null "AuthNULL" --#define LN_auth_null "auth-null" --#define NID_auth_null 1053 -diff --git a/Cryptlib/Include/openssl/objects.h b/Cryptlib/Include/openssl/objects.h -index 09d614f..b8dafa8 100644 ---- a/Cryptlib/Include/openssl/objects.h -+++ b/Cryptlib/Include/openssl/objects.h -@@ -1,10 +1,59 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/objects/objects.h */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #ifndef HEADER_OBJECTS_H -@@ -1055,26 +1104,23 @@ const void *OBJ_bsearch_ex_(const void *key, const void *base, int num, - int OBJ_new_nid(int num); - int OBJ_add_object(const ASN1_OBJECT *obj); - int OBJ_create(const char *oid, const char *sn, const char *ln); --#if OPENSSL_API_COMPAT < 0x10100000L --# define OBJ_cleanup() while(0) continue --#endif -+void OBJ_cleanup(void); - int OBJ_create_objects(BIO *in); - --size_t OBJ_length(const ASN1_OBJECT *obj); --const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj); -- - int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid); - int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid); - int OBJ_add_sigid(int signid, int dig_id, int pkey_id); - void OBJ_sigid_free(void); - -+extern int obj_cleanup_defer; -+void check_defer(int nid); -+ - /* BEGIN ERROR CODES */ - /* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -- --int ERR_load_OBJ_strings(void); -+void ERR_load_OBJ_strings(void); - - /* Error codes for the OBJ functions. */ - -@@ -1088,10 +1134,10 @@ int ERR_load_OBJ_strings(void); - # define OBJ_F_OBJ_NID2SN 104 - - /* Reason codes. */ --# define OBJ_R_OID_EXISTS 102 -+# define OBJ_R_MALLOC_FAILURE 100 - # define OBJ_R_UNKNOWN_NID 101 - --# ifdef __cplusplus -+#ifdef __cplusplus - } --# endif -+#endif - #endif -diff --git a/Cryptlib/Include/openssl/ocsp.h b/Cryptlib/Include/openssl/ocsp.h -index 08debc5..ca2ee76 100644 ---- a/Cryptlib/Include/openssl/ocsp.h -+++ b/Cryptlib/Include/openssl/ocsp.h -@@ -1,22 +1,306 @@ -+/* ocsp.h */ - /* -- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Tom Titchener for the OpenSSL -+ * project. -+ */ -+ -+/* -+ * History: This file was transfered to Richard Levitte from CertCo by Kathy -+ * Weinhold in mid-spring 2000 to be included in OpenSSL or released as a -+ * patch kit. -+ */ -+ -+/* ==================================================================== -+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #ifndef HEADER_OCSP_H - # define HEADER_OCSP_H - --#include -+# include -+# include -+# include -+# include - --/* -- * These definitions are outside the OPENSSL_NO_OCSP guard because although for -- * historical reasons they have OCSP_* names, they can actually be used -- * independently of OCSP. E.g. see RFC5280 -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+/* Various flags and values */ -+ -+# define OCSP_DEFAULT_NONCE_LENGTH 16 -+ -+# define OCSP_NOCERTS 0x1 -+# define OCSP_NOINTERN 0x2 -+# define OCSP_NOSIGS 0x4 -+# define OCSP_NOCHAIN 0x8 -+# define OCSP_NOVERIFY 0x10 -+# define OCSP_NOEXPLICIT 0x20 -+# define OCSP_NOCASIGN 0x40 -+# define OCSP_NODELEGATED 0x80 -+# define OCSP_NOCHECKS 0x100 -+# define OCSP_TRUSTOTHER 0x200 -+# define OCSP_RESPID_KEY 0x400 -+# define OCSP_NOTIME 0x800 -+ -+/*- CertID ::= SEQUENCE { -+ * hashAlgorithm AlgorithmIdentifier, -+ * issuerNameHash OCTET STRING, -- Hash of Issuer's DN -+ * issuerKeyHash OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields) -+ * serialNumber CertificateSerialNumber } -+ */ -+typedef struct ocsp_cert_id_st { -+ X509_ALGOR *hashAlgorithm; -+ ASN1_OCTET_STRING *issuerNameHash; -+ ASN1_OCTET_STRING *issuerKeyHash; -+ ASN1_INTEGER *serialNumber; -+} OCSP_CERTID; -+ -+DECLARE_STACK_OF(OCSP_CERTID) -+ -+/*- Request ::= SEQUENCE { -+ * reqCert CertID, -+ * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } -+ */ -+typedef struct ocsp_one_request_st { -+ OCSP_CERTID *reqCert; -+ STACK_OF(X509_EXTENSION) *singleRequestExtensions; -+} OCSP_ONEREQ; -+ -+DECLARE_STACK_OF(OCSP_ONEREQ) -+DECLARE_ASN1_SET_OF(OCSP_ONEREQ) -+ -+/*- TBSRequest ::= SEQUENCE { -+ * version [0] EXPLICIT Version DEFAULT v1, -+ * requestorName [1] EXPLICIT GeneralName OPTIONAL, -+ * requestList SEQUENCE OF Request, -+ * requestExtensions [2] EXPLICIT Extensions OPTIONAL } -+ */ -+typedef struct ocsp_req_info_st { -+ ASN1_INTEGER *version; -+ GENERAL_NAME *requestorName; -+ STACK_OF(OCSP_ONEREQ) *requestList; -+ STACK_OF(X509_EXTENSION) *requestExtensions; -+} OCSP_REQINFO; -+ -+/*- Signature ::= SEQUENCE { -+ * signatureAlgorithm AlgorithmIdentifier, -+ * signature BIT STRING, -+ * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } -+ */ -+typedef struct ocsp_signature_st { -+ X509_ALGOR *signatureAlgorithm; -+ ASN1_BIT_STRING *signature; -+ STACK_OF(X509) *certs; -+} OCSP_SIGNATURE; -+ -+/*- OCSPRequest ::= SEQUENCE { -+ * tbsRequest TBSRequest, -+ * optionalSignature [0] EXPLICIT Signature OPTIONAL } -+ */ -+typedef struct ocsp_request_st { -+ OCSP_REQINFO *tbsRequest; -+ OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */ -+} OCSP_REQUEST; -+ -+/*- OCSPResponseStatus ::= ENUMERATED { -+ * successful (0), --Response has valid confirmations -+ * malformedRequest (1), --Illegal confirmation request -+ * internalError (2), --Internal error in issuer -+ * tryLater (3), --Try again later -+ * --(4) is not used -+ * sigRequired (5), --Must sign the request -+ * unauthorized (6) --Request unauthorized -+ * } -+ */ -+# define OCSP_RESPONSE_STATUS_SUCCESSFUL 0 -+# define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1 -+# define OCSP_RESPONSE_STATUS_INTERNALERROR 2 -+# define OCSP_RESPONSE_STATUS_TRYLATER 3 -+# define OCSP_RESPONSE_STATUS_SIGREQUIRED 5 -+# define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6 -+ -+/*- ResponseBytes ::= SEQUENCE { -+ * responseType OBJECT IDENTIFIER, -+ * response OCTET STRING } -+ */ -+typedef struct ocsp_resp_bytes_st { -+ ASN1_OBJECT *responseType; -+ ASN1_OCTET_STRING *response; -+} OCSP_RESPBYTES; -+ -+/*- OCSPResponse ::= SEQUENCE { -+ * responseStatus OCSPResponseStatus, -+ * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } -+ */ -+struct ocsp_response_st { -+ ASN1_ENUMERATED *responseStatus; -+ OCSP_RESPBYTES *responseBytes; -+}; -+ -+/*- ResponderID ::= CHOICE { -+ * byName [1] Name, -+ * byKey [2] KeyHash } -+ */ -+# define V_OCSP_RESPID_NAME 0 -+# define V_OCSP_RESPID_KEY 1 -+struct ocsp_responder_id_st { -+ int type; -+ union { -+ X509_NAME *byName; -+ ASN1_OCTET_STRING *byKey; -+ } value; -+}; -+ -+DECLARE_STACK_OF(OCSP_RESPID) -+DECLARE_ASN1_FUNCTIONS(OCSP_RESPID) -+ -+/*- KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key -+ * --(excluding the tag and length fields) -+ */ -+ -+/*- RevokedInfo ::= SEQUENCE { -+ * revocationTime GeneralizedTime, -+ * revocationReason [0] EXPLICIT CRLReason OPTIONAL } -+ */ -+typedef struct ocsp_revoked_info_st { -+ ASN1_GENERALIZEDTIME *revocationTime; -+ ASN1_ENUMERATED *revocationReason; -+} OCSP_REVOKEDINFO; -+ -+/*- CertStatus ::= CHOICE { -+ * good [0] IMPLICIT NULL, -+ * revoked [1] IMPLICIT RevokedInfo, -+ * unknown [2] IMPLICIT UnknownInfo } -+ */ -+# define V_OCSP_CERTSTATUS_GOOD 0 -+# define V_OCSP_CERTSTATUS_REVOKED 1 -+# define V_OCSP_CERTSTATUS_UNKNOWN 2 -+typedef struct ocsp_cert_status_st { -+ int type; -+ union { -+ ASN1_NULL *good; -+ OCSP_REVOKEDINFO *revoked; -+ ASN1_NULL *unknown; -+ } value; -+} OCSP_CERTSTATUS; -+ -+/*- SingleResponse ::= SEQUENCE { -+ * certID CertID, -+ * certStatus CertStatus, -+ * thisUpdate GeneralizedTime, -+ * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, -+ * singleExtensions [1] EXPLICIT Extensions OPTIONAL } -+ */ -+typedef struct ocsp_single_response_st { -+ OCSP_CERTID *certId; -+ OCSP_CERTSTATUS *certStatus; -+ ASN1_GENERALIZEDTIME *thisUpdate; -+ ASN1_GENERALIZEDTIME *nextUpdate; -+ STACK_OF(X509_EXTENSION) *singleExtensions; -+} OCSP_SINGLERESP; -+ -+DECLARE_STACK_OF(OCSP_SINGLERESP) -+DECLARE_ASN1_SET_OF(OCSP_SINGLERESP) -+ -+/*- ResponseData ::= SEQUENCE { -+ * version [0] EXPLICIT Version DEFAULT v1, -+ * responderID ResponderID, -+ * producedAt GeneralizedTime, -+ * responses SEQUENCE OF SingleResponse, -+ * responseExtensions [1] EXPLICIT Extensions OPTIONAL } - */ -+typedef struct ocsp_response_data_st { -+ ASN1_INTEGER *version; -+ OCSP_RESPID *responderId; -+ ASN1_GENERALIZEDTIME *producedAt; -+ STACK_OF(OCSP_SINGLERESP) *responses; -+ STACK_OF(X509_EXTENSION) *responseExtensions; -+} OCSP_RESPDATA; -+ -+/*- BasicOCSPResponse ::= SEQUENCE { -+ * tbsResponseData ResponseData, -+ * signatureAlgorithm AlgorithmIdentifier, -+ * signature BIT STRING, -+ * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } -+ */ -+ /* -+ * Note 1: The value for "signature" is specified in the OCSP rfc2560 as -+ * follows: "The value for the signature SHALL be computed on the hash of -+ * the DER encoding ResponseData." This means that you must hash the -+ * DER-encoded tbsResponseData, and then run it through a crypto-signing -+ * function, which will (at least w/RSA) do a hash-'n'-private-encrypt -+ * operation. This seems a bit odd, but that's the spec. Also note that -+ * the data structures do not leave anywhere to independently specify the -+ * algorithm used for the initial hash. So, we look at the -+ * signature-specification algorithm, and try to do something intelligent. -+ * -- Kathy Weinhold, CertCo -+ */ -+ /* -+ * Note 2: It seems that the mentioned passage from RFC 2560 (section -+ * 4.2.1) is open for interpretation. I've done tests against another -+ * responder, and found that it doesn't do the double hashing that the RFC -+ * seems to say one should. Therefore, all relevant functions take a flag -+ * saying which variant should be used. -- Richard Levitte, OpenSSL team -+ * and CeloCom -+ */ -+typedef struct ocsp_basic_response_st { -+ OCSP_RESPDATA *tbsResponseData; -+ X509_ALGOR *signatureAlgorithm; -+ ASN1_BIT_STRING *signature; -+ STACK_OF(X509) *certs; -+} OCSP_BASICRESP; -+ - /*- - * CRLReason ::= ENUMERATED { - * unspecified (0), -@@ -28,135 +312,83 @@ - * certificateHold (6), - * removeFromCRL (8) } - */ --# define OCSP_REVOKED_STATUS_NOSTATUS -1 --# define OCSP_REVOKED_STATUS_UNSPECIFIED 0 --# define OCSP_REVOKED_STATUS_KEYCOMPROMISE 1 --# define OCSP_REVOKED_STATUS_CACOMPROMISE 2 --# define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED 3 --# define OCSP_REVOKED_STATUS_SUPERSEDED 4 --# define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION 5 --# define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6 --# define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8 -- -- --# ifndef OPENSSL_NO_OCSP -- --# include --# include --# include --# include -- --#ifdef __cplusplus --extern "C" { --#endif -- --/* Various flags and values */ -- --# define OCSP_DEFAULT_NONCE_LENGTH 16 -- --# define OCSP_NOCERTS 0x1 --# define OCSP_NOINTERN 0x2 --# define OCSP_NOSIGS 0x4 --# define OCSP_NOCHAIN 0x8 --# define OCSP_NOVERIFY 0x10 --# define OCSP_NOEXPLICIT 0x20 --# define OCSP_NOCASIGN 0x40 --# define OCSP_NODELEGATED 0x80 --# define OCSP_NOCHECKS 0x100 --# define OCSP_TRUSTOTHER 0x200 --# define OCSP_RESPID_KEY 0x400 --# define OCSP_NOTIME 0x800 -- --typedef struct ocsp_cert_id_st OCSP_CERTID; -- --DEFINE_STACK_OF(OCSP_CERTID) -- --typedef struct ocsp_one_request_st OCSP_ONEREQ; -- --DEFINE_STACK_OF(OCSP_ONEREQ) -- --typedef struct ocsp_req_info_st OCSP_REQINFO; --typedef struct ocsp_signature_st OCSP_SIGNATURE; --typedef struct ocsp_request_st OCSP_REQUEST; -- --# define OCSP_RESPONSE_STATUS_SUCCESSFUL 0 --# define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1 --# define OCSP_RESPONSE_STATUS_INTERNALERROR 2 --# define OCSP_RESPONSE_STATUS_TRYLATER 3 --# define OCSP_RESPONSE_STATUS_SIGREQUIRED 5 --# define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6 -+# define OCSP_REVOKED_STATUS_NOSTATUS -1 -+# define OCSP_REVOKED_STATUS_UNSPECIFIED 0 -+# define OCSP_REVOKED_STATUS_KEYCOMPROMISE 1 -+# define OCSP_REVOKED_STATUS_CACOMPROMISE 2 -+# define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED 3 -+# define OCSP_REVOKED_STATUS_SUPERSEDED 4 -+# define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION 5 -+# define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6 -+# define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8 - --typedef struct ocsp_resp_bytes_st OCSP_RESPBYTES; -- --# define V_OCSP_RESPID_NAME 0 --# define V_OCSP_RESPID_KEY 1 -- --DEFINE_STACK_OF(OCSP_RESPID) --DECLARE_ASN1_FUNCTIONS(OCSP_RESPID) -- --typedef struct ocsp_revoked_info_st OCSP_REVOKEDINFO; -- --# define V_OCSP_CERTSTATUS_GOOD 0 --# define V_OCSP_CERTSTATUS_REVOKED 1 --# define V_OCSP_CERTSTATUS_UNKNOWN 2 -- --typedef struct ocsp_cert_status_st OCSP_CERTSTATUS; --typedef struct ocsp_single_response_st OCSP_SINGLERESP; -- --DEFINE_STACK_OF(OCSP_SINGLERESP) -- --typedef struct ocsp_response_data_st OCSP_RESPDATA; -- --typedef struct ocsp_basic_response_st OCSP_BASICRESP; -+/*- -+ * CrlID ::= SEQUENCE { -+ * crlUrl [0] EXPLICIT IA5String OPTIONAL, -+ * crlNum [1] EXPLICIT INTEGER OPTIONAL, -+ * crlTime [2] EXPLICIT GeneralizedTime OPTIONAL } -+ */ -+typedef struct ocsp_crl_id_st { -+ ASN1_IA5STRING *crlUrl; -+ ASN1_INTEGER *crlNum; -+ ASN1_GENERALIZEDTIME *crlTime; -+} OCSP_CRLID; - --typedef struct ocsp_crl_id_st OCSP_CRLID; --typedef struct ocsp_service_locator_st OCSP_SERVICELOC; -+/*- -+ * ServiceLocator ::= SEQUENCE { -+ * issuer Name, -+ * locator AuthorityInfoAccessSyntax OPTIONAL } -+ */ -+typedef struct ocsp_service_locator_st { -+ X509_NAME *issuer; -+ STACK_OF(ACCESS_DESCRIPTION) *locator; -+} OCSP_SERVICELOC; - --# define PEM_STRING_OCSP_REQUEST "OCSP REQUEST" --# define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE" -+# define PEM_STRING_OCSP_REQUEST "OCSP REQUEST" -+# define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE" - --# define d2i_OCSP_REQUEST_bio(bp,p) ASN1_d2i_bio_of(OCSP_REQUEST,OCSP_REQUEST_new,d2i_OCSP_REQUEST,bp,p) -+# define d2i_OCSP_REQUEST_bio(bp,p) ASN1_d2i_bio_of(OCSP_REQUEST,OCSP_REQUEST_new,d2i_OCSP_REQUEST,bp,p) - --# define d2i_OCSP_RESPONSE_bio(bp,p) ASN1_d2i_bio_of(OCSP_RESPONSE,OCSP_RESPONSE_new,d2i_OCSP_RESPONSE,bp,p) -+# define d2i_OCSP_RESPONSE_bio(bp,p) ASN1_d2i_bio_of(OCSP_RESPONSE,OCSP_RESPONSE_new,d2i_OCSP_RESPONSE,bp,p) - --# define PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \ -+# define PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \ - (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,bp,(char **)x,cb,NULL) - --# define PEM_read_bio_OCSP_RESPONSE(bp,x,cb)(OCSP_RESPONSE *)PEM_ASN1_read_bio(\ -+# define PEM_read_bio_OCSP_RESPONSE(bp,x,cb)(OCSP_RESPONSE *)PEM_ASN1_read_bio(\ - (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,bp,(char **)x,cb,NULL) - --# define PEM_write_bio_OCSP_REQUEST(bp,o) \ -+# define PEM_write_bio_OCSP_REQUEST(bp,o) \ - PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\ - bp,(char *)o, NULL,NULL,0,NULL,NULL) - --# define PEM_write_bio_OCSP_RESPONSE(bp,o) \ -+# define PEM_write_bio_OCSP_RESPONSE(bp,o) \ - PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\ - bp,(char *)o, NULL,NULL,0,NULL,NULL) - --# define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio_of(OCSP_RESPONSE,i2d_OCSP_RESPONSE,bp,o) -+# define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio_of(OCSP_RESPONSE,i2d_OCSP_RESPONSE,bp,o) - --# define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o) -+# define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o) - --# define OCSP_REQUEST_sign(o,pkey,md) \ -+# define OCSP_REQUEST_sign(o,pkey,md) \ - ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\ -- &o->optionalSignature->signatureAlgorithm,NULL,\ -- o->optionalSignature->signature,&o->tbsRequest,pkey,md) -+ o->optionalSignature->signatureAlgorithm,NULL,\ -+ o->optionalSignature->signature,o->tbsRequest,pkey,md) - --# define OCSP_BASICRESP_sign(o,pkey,md,d) \ -- ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),&o->signatureAlgorithm,NULL,\ -- o->signature,&o->tbsResponseData,pkey,md) -+# define OCSP_BASICRESP_sign(o,pkey,md,d) \ -+ ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),o->signatureAlgorithm,NULL,\ -+ o->signature,o->tbsResponseData,pkey,md) - --# define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\ -- &a->optionalSignature->signatureAlgorithm,\ -- a->optionalSignature->signature,&a->tbsRequest,r) -+# define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\ -+ a->optionalSignature->signatureAlgorithm,\ -+ a->optionalSignature->signature,a->tbsRequest,r) - --# define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\ -- &a->signatureAlgorithm,a->signature,&a->tbsResponseData,r) -+# define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\ -+ a->signatureAlgorithm,a->signature,a->tbsResponseData,r) - --# define ASN1_BIT_STRING_digest(data,type,md,len) \ -+# define ASN1_BIT_STRING_digest(data,type,md,len) \ - ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len) - --# define OCSP_CERTSTATUS_dup(cs)\ -+# define OCSP_CERTSTATUS_dup(cs)\ - (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\ - (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs)) - -@@ -182,13 +414,12 @@ int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req); - int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx, - const char *name, const char *value); - --OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject, -- const X509 *issuer); -+OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer); - - OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, -- const X509_NAME *issuerName, -- const ASN1_BIT_STRING *issuerKey, -- const ASN1_INTEGER *serialNumber); -+ X509_NAME *issuerName, -+ ASN1_BIT_STRING *issuerKey, -+ ASN1_INTEGER *serialNumber); - - OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid); - -@@ -209,16 +440,8 @@ int OCSP_request_sign(OCSP_REQUEST *req, - int OCSP_response_status(OCSP_RESPONSE *resp); - OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp); - --const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs); -- - int OCSP_resp_count(OCSP_BASICRESP *bs); - OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx); --const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(const OCSP_BASICRESP* bs); --const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs); --int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, -- const ASN1_OCTET_STRING **pid, -- const X509_NAME **pname); -- - int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last); - int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, - ASN1_GENERALIZEDTIME **revtime, -@@ -259,21 +482,18 @@ int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert); - int OCSP_basic_sign(OCSP_BASICRESP *brsp, - X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, - STACK_OF(X509) *certs, unsigned long flags); --int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert); --int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert); --int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert); - --X509_EXTENSION *OCSP_crlID_new(const char *url, long *n, char *tim); -+X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim); - - X509_EXTENSION *OCSP_accept_responses_new(char **oids); - - X509_EXTENSION *OCSP_archive_cutoff_new(char *tim); - --X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, const char **urls); -+X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, char **urls); - - int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x); - int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos); --int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, const ASN1_OBJECT *obj, -+int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj, - int lastpos); - int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos); - X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc); -@@ -286,7 +506,7 @@ int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc); - - int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x); - int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos); --int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, const ASN1_OBJECT *obj, int lastpos); -+int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, ASN1_OBJECT *obj, int lastpos); - int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos); - X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc); - X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc); -@@ -297,7 +517,7 @@ int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc); - - int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x); - int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos); --int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, const ASN1_OBJECT *obj, -+int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, - int lastpos); - int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, - int lastpos); -@@ -311,7 +531,7 @@ int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc); - - int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x); - int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos); --int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, const ASN1_OBJECT *obj, -+int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj, - int lastpos); - int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, - int lastpos); -@@ -322,7 +542,6 @@ void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, - int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, - int crit, unsigned long flags); - int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc); --const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *x); - - DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP) - DECLARE_ASN1_FUNCTIONS(OCSP_CERTSTATUS) -@@ -355,12 +574,12 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -- --int ERR_load_OCSP_strings(void); -+void ERR_load_OCSP_strings(void); - - /* Error codes for the OCSP functions. */ - - /* Function codes. */ -+# define OCSP_F_ASN1_STRING_ENCODE 100 - # define OCSP_F_D2I_OCSP_NONCE 102 - # define OCSP_F_OCSP_BASIC_ADD1_STATUS 103 - # define OCSP_F_OCSP_BASIC_SIGN 104 -@@ -375,9 +594,13 @@ int ERR_load_OCSP_strings(void); - # define OCSP_F_OCSP_REQUEST_SIGN 110 - # define OCSP_F_OCSP_REQUEST_VERIFY 116 - # define OCSP_F_OCSP_RESPONSE_GET1_BASIC 111 -+# define OCSP_F_OCSP_SENDREQ_BIO 112 -+# define OCSP_F_OCSP_SENDREQ_NBIO 117 - # define OCSP_F_PARSE_HTTP_LINE1 118 -+# define OCSP_F_REQUEST_VERIFY 113 - - /* Reason codes. */ -+# define OCSP_R_BAD_DATA 100 - # define OCSP_R_CERTIFICATE_VERIFY_ERROR 101 - # define OCSP_R_DIGEST_ERR 102 - # define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD 122 -@@ -387,15 +610,18 @@ int ERR_load_OCSP_strings(void); - # define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE 124 - # define OCSP_R_NOT_BASIC_RESPONSE 104 - # define OCSP_R_NO_CERTIFICATES_IN_CHAIN 105 -+# define OCSP_R_NO_CONTENT 106 -+# define OCSP_R_NO_PUBLIC_KEY 107 - # define OCSP_R_NO_RESPONSE_DATA 108 - # define OCSP_R_NO_REVOKED_TIME 109 --# define OCSP_R_NO_SIGNER_KEY 130 - # define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 110 - # define OCSP_R_REQUEST_NOT_SIGNED 128 - # define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA 111 - # define OCSP_R_ROOT_CA_NOT_TRUSTED 112 -+# define OCSP_R_SERVER_READ_ERROR 113 - # define OCSP_R_SERVER_RESPONSE_ERROR 114 - # define OCSP_R_SERVER_RESPONSE_PARSE_ERROR 115 -+# define OCSP_R_SERVER_WRITE_ERROR 116 - # define OCSP_R_SIGNATURE_FAILURE 117 - # define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND 118 - # define OCSP_R_STATUS_EXPIRED 125 -@@ -405,8 +631,7 @@ int ERR_load_OCSP_strings(void); - # define OCSP_R_UNKNOWN_NID 120 - # define OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE 129 - --# ifdef __cplusplus -+#ifdef __cplusplus - } --# endif --# endif -+#endif - #endif -diff --git a/Cryptlib/Include/openssl/opensslconf.h b/Cryptlib/Include/openssl/opensslconf.h -index c73d03a..52c83b7 100644 ---- a/Cryptlib/Include/openssl/opensslconf.h -+++ b/Cryptlib/Include/openssl/opensslconf.h -@@ -1,314 +1,497 @@ --/* -- * WARNING: do not edit! -- * Generated from include/openssl/opensslconf.h.in -- * -- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#ifdef __cplusplus --extern "C" { --#endif -- --#ifdef OPENSSL_ALGORITHM_DEFINES --# error OPENSSL_ALGORITHM_DEFINES no longer supported --#endif -- --/* -- * OpenSSL was configured with the following options: -- */ -- --#ifndef OPENSSL_SYS_UEFI --# define OPENSSL_SYS_UEFI 1 --#endif --#define OPENSSL_MIN_API 0x10100000L --#ifndef OPENSSL_NO_BF --# define OPENSSL_NO_BF --#endif --#ifndef OPENSSL_NO_BLAKE2 --# define OPENSSL_NO_BLAKE2 --#endif --#ifndef OPENSSL_NO_CAMELLIA --# define OPENSSL_NO_CAMELLIA --#endif --#ifndef OPENSSL_NO_CAST --# define OPENSSL_NO_CAST --#endif --#ifndef OPENSSL_NO_CHACHA --# define OPENSSL_NO_CHACHA --#endif --#ifndef OPENSSL_NO_CMS --# define OPENSSL_NO_CMS --#endif --#ifndef OPENSSL_NO_CT --# define OPENSSL_NO_CT --#endif --#ifndef OPENSSL_NO_DES --# define OPENSSL_NO_DES --#endif --#ifndef OPENSSL_NO_DSA --# define OPENSSL_NO_DSA --#endif --#ifndef OPENSSL_NO_EC --# define OPENSSL_NO_EC --#endif --#ifndef OPENSSL_NO_IDEA --# define OPENSSL_NO_IDEA --#endif --#ifndef OPENSSL_NO_MD2 --# define OPENSSL_NO_MD2 --#endif --#ifndef OPENSSL_NO_MD4 --# define OPENSSL_NO_MD4 --#endif --#ifndef OPENSSL_NO_MDC2 --# define OPENSSL_NO_MDC2 --#endif --#ifndef OPENSSL_NO_POLY1305 --# define OPENSSL_NO_POLY1305 --#endif --#ifndef OPENSSL_NO_RC2 --# define OPENSSL_NO_RC2 --#endif --#ifndef OPENSSL_NO_RC5 --# define OPENSSL_NO_RC5 --#endif --#ifndef OPENSSL_NO_RMD160 --# define OPENSSL_NO_RMD160 --#endif --#ifndef OPENSSL_NO_SEED --# define OPENSSL_NO_SEED --#endif --#ifndef OPENSSL_NO_SRP --# define OPENSSL_NO_SRP --#endif --#ifndef OPENSSL_NO_TS --# define OPENSSL_NO_TS --#endif --#ifndef OPENSSL_NO_UI --# define OPENSSL_NO_UI --#endif --#ifndef OPENSSL_NO_WHIRLPOOL --# define OPENSSL_NO_WHIRLPOOL --#endif --#ifndef OPENSSL_NO_AFALGENG --# define OPENSSL_NO_AFALGENG --#endif --#ifndef OPENSSL_NO_APPS --# define OPENSSL_NO_APPS --#endif --#ifndef OPENSSL_NO_ASAN --# define OPENSSL_NO_ASAN --#endif --#ifndef OPENSSL_NO_ASM --# define OPENSSL_NO_ASM --#endif --#ifndef OPENSSL_NO_ASYNC --# define OPENSSL_NO_ASYNC --#endif --#ifndef OPENSSL_NO_AUTOALGINIT --# define OPENSSL_NO_AUTOALGINIT --#endif --#ifndef OPENSSL_NO_AUTOERRINIT --# define OPENSSL_NO_AUTOERRINIT --#endif --#ifndef OPENSSL_NO_CAPIENG --# define OPENSSL_NO_CAPIENG --#endif --#ifndef OPENSSL_NO_CRYPTO_MDEBUG --# define OPENSSL_NO_CRYPTO_MDEBUG --#endif --#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE --# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE --#endif --#ifndef OPENSSL_NO_DEPRECATED --# define OPENSSL_NO_DEPRECATED --#endif --#ifndef OPENSSL_NO_DGRAM --# define OPENSSL_NO_DGRAM --#endif --#ifndef OPENSSL_NO_DTLS --# define OPENSSL_NO_DTLS --#endif --#ifndef OPENSSL_NO_DTLS1 --# define OPENSSL_NO_DTLS1 --#endif --#ifndef OPENSSL_NO_DTLS1_2 --# define OPENSSL_NO_DTLS1_2 --#endif --#ifndef OPENSSL_NO_EC2M --# define OPENSSL_NO_EC2M --#endif --#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 --# define OPENSSL_NO_EC_NISTP_64_GCC_128 --#endif --#ifndef OPENSSL_NO_ECDH --# define OPENSSL_NO_ECDH --#endif --#ifndef OPENSSL_NO_ECDSA --# define OPENSSL_NO_ECDSA --#endif --#ifndef OPENSSL_NO_EGD --# define OPENSSL_NO_EGD --#endif --#ifndef OPENSSL_NO_ENGINE --# define OPENSSL_NO_ENGINE --#endif --#ifndef OPENSSL_NO_ERR --# define OPENSSL_NO_ERR --#endif --#ifndef OPENSSL_NO_FILENAMES --# define OPENSSL_NO_FILENAMES --#endif --#ifndef OPENSSL_NO_FUZZ_AFL --# define OPENSSL_NO_FUZZ_AFL --#endif --#ifndef OPENSSL_NO_FUZZ_LIBFUZZER --# define OPENSSL_NO_FUZZ_LIBFUZZER --#endif --#ifndef OPENSSL_NO_GOST --# define OPENSSL_NO_GOST --#endif --#ifndef OPENSSL_NO_HEARTBEATS --# define OPENSSL_NO_HEARTBEATS --#endif --#ifndef OPENSSL_NO_HW --# define OPENSSL_NO_HW --#endif --#ifndef OPENSSL_NO_MSAN --# define OPENSSL_NO_MSAN --#endif --#ifndef OPENSSL_NO_OCB --# define OPENSSL_NO_OCB --#endif --#ifndef OPENSSL_NO_POSIX_IO --# define OPENSSL_NO_POSIX_IO --#endif --#ifndef OPENSSL_NO_RFC3779 --# define OPENSSL_NO_RFC3779 --#endif --#ifndef OPENSSL_NO_SCRYPT --# define OPENSSL_NO_SCRYPT --#endif --#ifndef OPENSSL_NO_SCTP --# define OPENSSL_NO_SCTP --#endif --#ifndef OPENSSL_NO_SOCK --# define OPENSSL_NO_SOCK --#endif --#ifndef OPENSSL_NO_SSL_TRACE --# define OPENSSL_NO_SSL_TRACE --#endif --#ifndef OPENSSL_NO_SSL3 --# define OPENSSL_NO_SSL3 --#endif --#ifndef OPENSSL_NO_SSL3_METHOD --# define OPENSSL_NO_SSL3_METHOD --#endif --#ifndef OPENSSL_NO_STDIO --# define OPENSSL_NO_STDIO --#endif --#ifndef OPENSSL_NO_TESTS --# define OPENSSL_NO_TESTS --#endif --#ifndef OPENSSL_NO_UBSAN --# define OPENSSL_NO_UBSAN --#endif --#ifndef OPENSSL_NO_UNIT_TEST --# define OPENSSL_NO_UNIT_TEST --#endif --#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS --# define OPENSSL_NO_WEAK_SSL_CIPHERS --#endif --#ifndef OPENSSL_NO_AFALGENG --# define OPENSSL_NO_AFALGENG --#endif -- -- --/* -- * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers -- * don't like that. This will hopefully silence them. -- */ --#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy; -- --/* -- * Applications should use -DOPENSSL_API_COMPAT= to suppress the -- * declarations of functions deprecated in or before . Otherwise, they -- * still won't see them if the library has been built to disable deprecated -- * functions. -- */ --#if defined(OPENSSL_NO_DEPRECATED) --# define DECLARE_DEPRECATED(f) --#elif __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0) --# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); --#else --# define DECLARE_DEPRECATED(f) f; --#endif -- --#ifndef OPENSSL_FILE --# ifdef OPENSSL_NO_FILENAMES --# define OPENSSL_FILE "" --# define OPENSSL_LINE 0 --# else --# define OPENSSL_FILE __FILE__ --# define OPENSSL_LINE __LINE__ --# endif --#endif -- --#ifndef OPENSSL_MIN_API --# define OPENSSL_MIN_API 0 --#endif -- --#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API --# undef OPENSSL_API_COMPAT --# define OPENSSL_API_COMPAT OPENSSL_MIN_API --#endif -- --#if OPENSSL_API_COMPAT < 0x10100000L --# define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f) --#else --# define DEPRECATEDIN_1_1_0(f) --#endif -- --#if OPENSSL_API_COMPAT < 0x10000000L --# define DEPRECATEDIN_1_0_0(f) DECLARE_DEPRECATED(f) --#else --# define DEPRECATEDIN_1_0_0(f) --#endif -- --#if OPENSSL_API_COMPAT < 0x00908000L --# define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f) --#else --# define DEPRECATEDIN_0_9_8(f) --#endif -- -- -- --/* Generate 80386 code? */ --#undef I386_ONLY -- --#undef OPENSSL_UNISTD --#define OPENSSL_UNISTD -- --#undef OPENSSL_EXPORT_VAR_AS_FUNCTION -- --/* -- * The following are cipher-specific, but are part of the public API. -- */ --#if !defined(OPENSSL_SYS_UEFI) --# undef BN_LLONG --/* Only one for the following should be defined */ --# undef SIXTY_FOUR_BIT_LONG --# undef SIXTY_FOUR_BIT --# define THIRTY_TWO_BIT --#endif -- --#define RC4_INT unsigned int -- --#ifdef __cplusplus --} --#endif -+/* opensslconf.h */ -+/* WARNING: Generated automatically from opensslconf.h.in by Configure. */ -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+/* OpenSSL was configured with the following options: */ -+#ifndef OPENSSL_SYSNAME_UEFI -+# define OPENSSL_SYSNAME_UEFI -+#endif -+#ifndef OPENSSL_DOING_MAKEDEPEND -+ -+ -+#ifndef OPENSSL_NO_BF -+# define OPENSSL_NO_BF -+#endif -+#ifndef OPENSSL_NO_CAMELLIA -+# define OPENSSL_NO_CAMELLIA -+#endif -+#ifndef OPENSSL_NO_CAPIENG -+# define OPENSSL_NO_CAPIENG -+#endif -+#ifndef OPENSSL_NO_CAST -+# define OPENSSL_NO_CAST -+#endif -+#ifndef OPENSSL_NO_CMS -+# define OPENSSL_NO_CMS -+#endif -+#ifndef OPENSSL_NO_DEPRECATED -+# define OPENSSL_NO_DEPRECATED -+#endif -+#ifndef OPENSSL_NO_DGRAM -+# define OPENSSL_NO_DGRAM -+#endif -+#ifndef OPENSSL_NO_DSA -+# define OPENSSL_NO_DSA -+#endif -+#ifndef OPENSSL_NO_DYNAMIC_ENGINE -+# define OPENSSL_NO_DYNAMIC_ENGINE -+#endif -+#ifndef OPENSSL_NO_EC -+# define OPENSSL_NO_EC -+#endif -+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 -+# define OPENSSL_NO_EC_NISTP_64_GCC_128 -+#endif -+#ifndef OPENSSL_NO_ECDH -+# define OPENSSL_NO_ECDH -+#endif -+#ifndef OPENSSL_NO_ECDSA -+# define OPENSSL_NO_ECDSA -+#endif -+#ifndef OPENSSL_NO_ENGINE -+# define OPENSSL_NO_ENGINE -+#endif -+#ifndef OPENSSL_NO_ENGINES -+# define OPENSSL_NO_ENGINES -+#endif -+#ifdef OPENSSL_NO_FILENAMES -+# undef OPENSSL_NO_FILENAMES -+#endif -+#ifndef OPENSSL_NO_FP_API -+# define OPENSSL_NO_FP_API -+#endif -+#ifndef OPENSSL_NO_GMP -+# define OPENSSL_NO_GMP -+#endif -+#ifndef OPENSSL_NO_GOST -+# define OPENSSL_NO_GOST -+#endif -+#ifndef OPENSSL_NO_IDEA -+# define OPENSSL_NO_IDEA -+#endif -+#ifndef OPENSSL_NO_JPAKE -+# define OPENSSL_NO_JPAKE -+#endif -+#ifndef OPENSSL_NO_KRB5 -+# define OPENSSL_NO_KRB5 -+#endif -+#ifndef OPENSSL_NO_LIBUNBOUND -+# define OPENSSL_NO_LIBUNBOUND -+#endif -+#ifndef OPENSSL_NO_LOCKING -+# define OPENSSL_NO_LOCKING -+#endif -+#ifndef OPENSSL_NO_MD2 -+# define OPENSSL_NO_MD2 -+#endif -+#ifndef OPENSSL_NO_MDC2 -+# define OPENSSL_NO_MDC2 -+#endif -+#ifndef OPENSSL_NO_POSIX_IO -+# define OPENSSL_NO_POSIX_IO -+#endif -+#ifndef OPENSSL_NO_RC2 -+# define OPENSSL_NO_RC2 -+#endif -+#ifndef OPENSSL_NO_RC5 -+# define OPENSSL_NO_RC5 -+#endif -+#ifndef OPENSSL_NO_RCS -+# define OPENSSL_NO_RCS -+#endif -+#ifndef OPENSSL_NO_RFC3779 -+# define OPENSSL_NO_RFC3779 -+#endif -+#ifndef OPENSSL_NO_RIPEMD -+# define OPENSSL_NO_RIPEMD -+#endif -+#ifndef OPENSSL_NO_SCRYPT -+# define OPENSSL_NO_SCRYPT -+#endif -+#ifndef OPENSSL_NO_SCT -+# define OPENSSL_NO_SCT -+#endif -+#ifndef OPENSSL_NO_SCTP -+# define OPENSSL_NO_SCTP -+#endif -+#ifndef OPENSSL_NO_SEED -+# define OPENSSL_NO_SEED -+#endif -+#ifndef OPENSSL_NO_SHA0 -+# define OPENSSL_NO_SHA0 -+#endif -+#ifndef OPENSSL_NO_SOCK -+# define OPENSSL_NO_SOCK -+#endif -+#ifndef OPENSSL_NO_SRP -+# define OPENSSL_NO_SRP -+#endif -+#ifndef OPENSSL_NO_SSL_TRACE -+# define OPENSSL_NO_SSL_TRACE -+#endif -+#ifndef OPENSSL_NO_SSL2 -+# define OPENSSL_NO_SSL2 -+#endif -+#ifndef OPENSSL_NO_SSL3 -+# define OPENSSL_NO_SSL3 -+#endif -+#ifndef OPENSSL_NO_STDIO -+# define OPENSSL_NO_STDIO -+#endif -+#ifndef OPENSSL_NO_STORE -+# define OPENSSL_NO_STORE -+#endif -+#ifndef OPENSSL_NO_TS -+# define OPENSSL_NO_TS -+#endif -+#ifndef OPENSSL_NO_UI -+# define OPENSSL_NO_UI -+#endif -+#ifndef OPENSSL_NO_UNIT_TEST -+# define OPENSSL_NO_UNIT_TEST -+#endif -+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS -+# define OPENSSL_NO_WEAK_SSL_CIPHERS -+#endif -+#ifndef OPENSSL_NO_WHIRLPOOL -+# define OPENSSL_NO_WHIRLPOOL -+#endif -+ -+#endif /* OPENSSL_DOING_MAKEDEPEND */ -+ -+#ifndef OPENSSL_NO_ASM -+# define OPENSSL_NO_ASM -+#endif -+#ifndef OPENSSL_NO_ERR -+# define OPENSSL_NO_ERR -+#endif -+#ifndef OPENSSL_NO_HW -+# define OPENSSL_NO_HW -+#endif -+#ifndef OPENSSL_NO_DYNAMIC_ENGINE -+# define OPENSSL_NO_DYNAMIC_ENGINE -+#endif -+ -+/* The OPENSSL_NO_* macros are also defined as NO_* if the application -+ asks for it. This is a transient feature that is provided for those -+ who haven't had the time to do the appropriate changes in their -+ applications. */ -+#ifdef OPENSSL_ALGORITHM_DEFINES -+# if defined(OPENSSL_NO_BF) && !defined(NO_BF) -+# define NO_BF -+# endif -+# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA) -+# define NO_CAMELLIA -+# endif -+# if defined(OPENSSL_NO_CAPIENG) && !defined(NO_CAPIENG) -+# define NO_CAPIENG -+# endif -+# if defined(OPENSSL_NO_CAST) && !defined(NO_CAST) -+# define NO_CAST -+# endif -+# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS) -+# define NO_CMS -+# endif -+# if defined(OPENSSL_NO_DEPRECATED) && !defined(NO_DEPRECATED) -+# define NO_DEPRECATED -+# endif -+# if defined(OPENSSL_NO_DGRAM) && !defined(NO_DGRAM) -+# define NO_DGRAM -+# endif -+# if defined(OPENSSL_NO_DSA) && !defined(NO_DSA) -+# define NO_DSA -+# endif -+# if defined(OPENSSL_NO_DYNAMIC_ENGINE) && !defined(NO_DYNAMIC_ENGINE) -+# define NO_DYNAMIC_ENGINE -+# endif -+# if defined(OPENSSL_NO_EC) && !defined(NO_EC) -+# define NO_EC -+# endif -+# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128) -+# define NO_EC_NISTP_64_GCC_128 -+# endif -+# if defined(OPENSSL_NO_ECDH) && !defined(NO_ECDH) -+# define NO_ECDH -+# endif -+# if defined(OPENSSL_NO_ECDSA) && !defined(NO_ECDSA) -+# define NO_ECDSA -+# endif -+# if defined(OPENSSL_NO_ENGINE) && !defined(NO_ENGINE) -+# define NO_ENGINE -+# endif -+# if defined(OPENSSL_NO_ENGINES) && !defined(NO_ENGINES) -+# define NO_ENGINES -+# endif -+# if defined(OPENSSL_NO_FILENAMES) && !defined(NO_FILENAMES) -+# define NO_FILENAMES -+# endif -+# if defined(OPENSSL_NO_FP_API) && !defined(NO_FP_API) -+# define NO_FP_API -+# endif -+# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP) -+# define NO_GMP -+# endif -+# if defined(OPENSSL_NO_GOST) && !defined(NO_GOST) -+# define NO_GOST -+# endif -+# if defined(OPENSSL_NO_IDEA) && !defined(NO_IDEA) -+# define NO_IDEA -+# endif -+# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE) -+# define NO_JPAKE -+# endif -+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5) -+# define NO_KRB5 -+# endif -+# if defined(OPENSSL_NO_LIBUNBOUND) && !defined(NO_LIBUNBOUND) -+# define NO_LIBUNBOUND -+# endif -+# if defined(OPENSSL_NO_LOCKING) && !defined(NO_LOCKING) -+# define NO_LOCKING -+# endif -+# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2) -+# define NO_MD2 -+# endif -+# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2) -+# define NO_MDC2 -+# endif -+# if defined(OPENSSL_NO_POSIX_IO) && !defined(NO_POSIX_IO) -+# define NO_POSIX_IO -+# endif -+# if defined(OPENSSL_NO_RC2) && !defined(NO_RC2) -+# define NO_RC2 -+# endif -+# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5) -+# define NO_RC5 -+# endif -+# if defined(OPENSSL_NO_RCS) && !defined(NO_RCS) -+# define NO_RCS -+# endif -+# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779) -+# define NO_RFC3779 -+# endif -+# if defined(OPENSSL_NO_RIPEMD) && !defined(NO_RIPEMD) -+# define NO_RIPEMD -+# endif -+# if defined(OPENSSL_NO_SCRYPT) && !defined(NO_SCRYPT) -+# define NO_SCRYPT -+# endif -+# if defined(OPENSSL_NO_SCT) && !defined(NO_SCT) -+# define NO_SCT -+# endif -+# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP) -+# define NO_SCTP -+# endif -+# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED) -+# define NO_SEED -+# endif -+# if defined(OPENSSL_NO_SHA0) && !defined(NO_SHA0) -+# define NO_SHA0 -+# endif -+# if defined(OPENSSL_NO_SOCK) && !defined(NO_SOCK) -+# define NO_SOCK -+# endif -+# if defined(OPENSSL_NO_SRP) && !defined(NO_SRP) -+# define NO_SRP -+# endif -+# if defined(OPENSSL_NO_SSL_TRACE) && !defined(NO_SSL_TRACE) -+# define NO_SSL_TRACE -+# endif -+# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2) -+# define NO_SSL2 -+# endif -+# if defined(OPENSSL_NO_SSL3) && !defined(NO_SSL3) -+# define NO_SSL3 -+# endif -+# if defined(OPENSSL_NO_STDIO) && !defined(NO_STDIO) -+# define NO_STDIO -+# endif -+# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) -+# define NO_STORE -+# endif -+# if defined(OPENSSL_NO_TS) && !defined(NO_TS) -+# define NO_TS -+# endif -+# if defined(OPENSSL_NO_UI) && !defined(NO_UI) -+# define NO_UI -+# endif -+# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST) -+# define NO_UNIT_TEST -+# endif -+# if defined(OPENSSL_NO_WEAK_SSL_CIPHERS) && !defined(NO_WEAK_SSL_CIPHERS) -+# define NO_WEAK_SSL_CIPHERS -+# endif -+# if defined(OPENSSL_NO_WHIRLPOOL) && !defined(NO_WHIRLPOOL) -+# define NO_WHIRLPOOL -+# endif -+#endif -+ -+/* crypto/opensslconf.h.in */ -+ -+#ifndef OPENSSL_FILE -+#ifdef OPENSSL_NO_FILENAMES -+#define OPENSSL_FILE "" -+#define OPENSSL_LINE 0 -+#else -+#define OPENSSL_FILE __FILE__ -+#define OPENSSL_LINE __LINE__ -+#endif -+#endif -+ -+/* Generate 80386 code? */ -+#undef I386_ONLY -+ -+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ -+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) -+#define ENGINESDIR "/usr/local/ssl/lib/engines" -+#define OPENSSLDIR "/usr/local/ssl" -+#endif -+#endif -+ -+#undef OPENSSL_UNISTD -+#define OPENSSL_UNISTD -+ -+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION -+ -+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT) -+#define IDEA_INT unsigned int -+#endif -+ -+#if defined(HEADER_MD2_H) && !defined(MD2_INT) -+#define MD2_INT unsigned int -+#endif -+ -+#if defined(HEADER_RC2_H) && !defined(RC2_INT) -+/* I need to put in a mod for the alpha - eay */ -+#define RC2_INT unsigned int -+#endif -+ -+#if defined(HEADER_RC4_H) -+#if !defined(RC4_INT) -+/* using int types make the structure larger but make the code faster -+ * on most boxes I have tested - up to %20 faster. */ -+/* -+ * I don't know what does "most" mean, but declaring "int" is a must on: -+ * - Intel P6 because partial register stalls are very expensive; -+ * - elder Alpha because it lacks byte load/store instructions; -+ */ -+#define RC4_INT unsigned int -+#endif -+#if !defined(RC4_CHUNK) -+/* -+ * This enables code handling data aligned at natural CPU word -+ * boundary. See crypto/rc4/rc4_enc.c for further details. -+ */ -+#undef RC4_CHUNK -+#endif -+#endif -+ -+#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG) -+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a -+ * %20 speed up (longs are 8 bytes, int's are 4). */ -+#ifndef DES_LONG -+#define DES_LONG unsigned long -+#endif -+#endif -+ -+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) && !defined(OPENSSL_SYSNAME_UEFI) -+#define CONFIG_HEADER_BN_H -+#undef BN_LLONG -+ -+/* Should we define BN_DIV2W here? */ -+ -+/* Only one for the following should be defined */ -+#undef SIXTY_FOUR_BIT_LONG -+#undef SIXTY_FOUR_BIT -+#define THIRTY_TWO_BIT -+#endif -+ -+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) -+#define CONFIG_HEADER_RC4_LOCL_H -+/* if this is defined data[i] is used instead of *data, this is a %20 -+ * speedup on x86 */ -+#undef RC4_INDEX -+#endif -+ -+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) -+#define CONFIG_HEADER_BF_LOCL_H -+#undef BF_PTR -+#endif /* HEADER_BF_LOCL_H */ -+ -+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) -+#define CONFIG_HEADER_DES_LOCL_H -+#ifndef DES_DEFAULT_OPTIONS -+/* the following is tweaked from a config script, that is why it is a -+ * protected undef/define */ -+#ifndef DES_PTR -+#undef DES_PTR -+#endif -+ -+/* This helps C compiler generate the correct code for multiple functional -+ * units. It reduces register dependancies at the expense of 2 more -+ * registers */ -+#ifndef DES_RISC1 -+#undef DES_RISC1 -+#endif -+ -+#ifndef DES_RISC2 -+#undef DES_RISC2 -+#endif -+ -+#if defined(DES_RISC1) && defined(DES_RISC2) -+#error YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! -+#endif -+ -+/* Unroll the inner loop, this sometimes helps, sometimes hinders. -+ * Very mucy CPU dependant */ -+#ifndef DES_UNROLL -+#undef DES_UNROLL -+#endif -+ -+/* These default values were supplied by -+ * Peter Gutman -+ * They are only used if nothing else has been defined */ -+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL) -+/* Special defines which change the way the code is built depending on the -+ CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find -+ even newer MIPS CPU's, but at the moment one size fits all for -+ optimization options. Older Sparc's work better with only UNROLL, but -+ there's no way to tell at compile time what it is you're running on */ -+ -+#if defined( __sun ) || defined ( sun ) /* Newer Sparc's */ -+# define DES_PTR -+# define DES_RISC1 -+# define DES_UNROLL -+#elif defined( __ultrix ) /* Older MIPS */ -+# define DES_PTR -+# define DES_RISC2 -+# define DES_UNROLL -+#elif defined( __osf1__ ) /* Alpha */ -+# define DES_PTR -+# define DES_RISC2 -+#elif defined ( _AIX ) /* RS6000 */ -+ /* Unknown */ -+#elif defined( __hpux ) /* HP-PA */ -+ /* Unknown */ -+#elif defined( __aux ) /* 68K */ -+ /* Unknown */ -+#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */ -+# define DES_UNROLL -+#elif defined( __sgi ) /* Newer MIPS */ -+# define DES_PTR -+# define DES_RISC2 -+# define DES_UNROLL -+#elif defined(i386) || defined(__i386__) /* x86 boxes, should be gcc */ -+# define DES_PTR -+# define DES_RISC1 -+# define DES_UNROLL -+#endif /* Systems-specific speed defines */ -+#endif -+ -+#endif /* DES_DEFAULT_OPTIONS */ -+#endif /* HEADER_DES_LOCL_H */ -+#ifdef __cplusplus -+} -+#endif -diff --git a/Cryptlib/Include/openssl/opensslv.h b/Cryptlib/Include/openssl/opensslv.h -index 9d6708f..645dd07 100644 ---- a/Cryptlib/Include/openssl/opensslv.h -+++ b/Cryptlib/Include/openssl/opensslv.h -@@ -1,12 +1,3 @@ --/* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- - #ifndef HEADER_OPENSSLV_H - # define HEADER_OPENSSLV_H - -@@ -39,12 +30,13 @@ extern "C" { - * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for - * major minor fix final patch/beta) - */ --# define OPENSSL_VERSION_NUMBER 0x1010005fL -+# define OPENSSL_VERSION_NUMBER 0x100020bfL - # ifdef OPENSSL_FIPS --# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0e-fips 16 Feb 2017" -+# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2k-fips 26 Jan 2017" - # else --# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0e 16 Feb 2017" -+# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2k 26 Jan 2017" - # endif -+# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT - - /*- - * The macros below are to be used for shared library (.so, .dll, ...) -@@ -57,7 +49,7 @@ extern "C" { - * - * libcrypto.so.0.9 - * -- * Some unixen also make a softlink with the major version number only: -+ * Some unixen also make a softlink with the major verson number only: - * - * libcrypto.so.0 - * -@@ -96,7 +88,7 @@ extern "C" { - * should only keep the versions that are binary compatible with the current. - */ - # define SHLIB_VERSION_HISTORY "" --# define SHLIB_VERSION_NUMBER "1.1" -+# define SHLIB_VERSION_NUMBER "1.0.0" - - - #ifdef __cplusplus -diff --git a/Cryptlib/Include/openssl/ossl_typ.h b/Cryptlib/Include/openssl/ossl_typ.h -index 129a67f..364d262 100644 ---- a/Cryptlib/Include/openssl/ossl_typ.h -+++ b/Cryptlib/Include/openssl/ossl_typ.h -@@ -1,17 +1,60 @@ --/* -- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* ==================================================================== -+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #ifndef HEADER_OPENSSL_TYPES_H - # define HEADER_OPENSSL_TYPES_H - --#include -- - #ifdef __cplusplus - extern "C" { - #endif -@@ -61,13 +104,12 @@ typedef struct asn1_object_st ASN1_OBJECT; - - typedef struct ASN1_ITEM_st ASN1_ITEM; - typedef struct asn1_pctx_st ASN1_PCTX; --typedef struct asn1_sctx_st ASN1_SCTX; - --# ifdef _WIN32 -+# ifdef OPENSSL_SYS_WIN32 - # undef X509_NAME - # undef X509_EXTENSIONS -+# undef X509_CERT_PAIR - # undef PKCS7_ISSUER_AND_SERIAL --# undef PKCS7_SIGNER_INFO - # undef OCSP_REQUEST - # undef OCSP_RESPONSE - # endif -@@ -75,8 +117,6 @@ typedef struct asn1_sctx_st ASN1_SCTX; - # ifdef BIGNUM - # undef BIGNUM - # endif --struct dane_st; --typedef struct bio_st BIO; - typedef struct bignum_st BIGNUM; - typedef struct bignum_ctx BN_CTX; - typedef struct bn_blinding_st BN_BLINDING; -@@ -88,8 +128,8 @@ typedef struct buf_mem_st BUF_MEM; - - typedef struct evp_cipher_st EVP_CIPHER; - typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX; --typedef struct evp_md_st EVP_MD; --typedef struct evp_md_ctx_st EVP_MD_CTX; -+typedef struct env_md_st EVP_MD; -+typedef struct env_md_ctx_st EVP_MD_CTX; - typedef struct evp_pkey_st EVP_PKEY; - - typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD; -@@ -97,10 +137,6 @@ typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD; - typedef struct evp_pkey_method_st EVP_PKEY_METHOD; - typedef struct evp_pkey_ctx_st EVP_PKEY_CTX; - --typedef struct evp_Encode_Ctx_st EVP_ENCODE_CTX; -- --typedef struct hmac_ctx_st HMAC_CTX; -- - typedef struct dh_st DH; - typedef struct dh_method DH_METHOD; - -@@ -110,12 +146,11 @@ typedef struct dsa_method DSA_METHOD; - typedef struct rsa_st RSA; - typedef struct rsa_meth_st RSA_METHOD; - --typedef struct ec_key_st EC_KEY; --typedef struct ec_key_method_st EC_KEY_METHOD; -- - typedef struct rand_meth_st RAND_METHOD; - --typedef struct ssl_dane_st SSL_DANE; -+typedef struct ecdh_method ECDH_METHOD; -+typedef struct ecdsa_method ECDSA_METHOD; -+ - typedef struct x509_st X509; - typedef struct X509_algor_st X509_ALGOR; - typedef struct X509_crl_st X509_CRL; -@@ -126,25 +161,23 @@ typedef struct X509_pubkey_st X509_PUBKEY; - typedef struct x509_store_st X509_STORE; - typedef struct x509_store_ctx_st X509_STORE_CTX; - --typedef struct x509_object_st X509_OBJECT; --typedef struct x509_lookup_st X509_LOOKUP; --typedef struct x509_lookup_method_st X509_LOOKUP_METHOD; --typedef struct X509_VERIFY_PARAM_st X509_VERIFY_PARAM; -- - typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO; - - typedef struct v3_ext_ctx X509V3_CTX; - typedef struct conf_st CONF; --typedef struct ossl_init_settings_st OPENSSL_INIT_SETTINGS; -+ -+typedef struct store_st STORE; -+typedef struct store_method_st STORE_METHOD; - - typedef struct ui_st UI; - typedef struct ui_method_st UI_METHOD; - -+typedef struct st_ERR_FNS ERR_FNS; -+ - typedef struct engine_st ENGINE; - typedef struct ssl_st SSL; - typedef struct ssl_ctx_st SSL_CTX; - --typedef struct comp_ctx_st COMP_CTX; - typedef struct comp_method_st COMP_METHOD; - - typedef struct X509_POLICY_NODE_st X509_POLICY_NODE; -@@ -157,33 +190,23 @@ typedef struct DIST_POINT_st DIST_POINT; - typedef struct ISSUING_DIST_POINT_st ISSUING_DIST_POINT; - typedef struct NAME_CONSTRAINTS_st NAME_CONSTRAINTS; - -+ /* If placed in pkcs12.h, we end up with a circular depency with pkcs7.h */ -+# define DECLARE_PKCS12_STACK_OF(type)/* Nothing */ -+# define IMPLEMENT_PKCS12_STACK_OF(type)/* Nothing */ -+ - typedef struct crypto_ex_data_st CRYPTO_EX_DATA; -+/* Callback types for crypto.h */ -+typedef int CRYPTO_EX_new (void *parent, void *ptr, CRYPTO_EX_DATA *ad, -+ int idx, long argl, void *argp); -+typedef void CRYPTO_EX_free (void *parent, void *ptr, CRYPTO_EX_DATA *ad, -+ int idx, long argl, void *argp); -+typedef int CRYPTO_EX_dup (CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, -+ void *from_d, int idx, long argl, void *argp); - - typedef struct ocsp_req_ctx_st OCSP_REQ_CTX; - typedef struct ocsp_response_st OCSP_RESPONSE; - typedef struct ocsp_responder_id_st OCSP_RESPID; - --typedef struct sct_st SCT; --typedef struct sct_ctx_st SCT_CTX; --typedef struct ctlog_st CTLOG; --typedef struct ctlog_store_st CTLOG_STORE; --typedef struct ct_policy_eval_ctx_st CT_POLICY_EVAL_CTX; -- --#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \ -- defined(INTMAX_MAX) && defined(UINTMAX_MAX) --typedef intmax_t ossl_intmax_t; --typedef uintmax_t ossl_uintmax_t; --#else --/* -- * Not long long, because the C-library can only be expected to provide -- * strtoll(), strtoull() at the same time as intmax_t and strtoimax(), -- * strtoumax(). Since we use these for parsing arguments, we need the -- * conversion functions, not just the sizes. -- */ --typedef long ossl_intmax_t; --typedef unsigned long ossl_uintmax_t; --#endif -- - #ifdef __cplusplus - } - #endif -diff --git a/Cryptlib/Include/openssl/pem.h b/Cryptlib/Include/openssl/pem.h -index 2375d63..d271ec8 100644 ---- a/Cryptlib/Include/openssl/pem.h -+++ b/Cryptlib/Include/openssl/pem.h -@@ -1,18 +1,71 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/pem/pem.h */ -+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #ifndef HEADER_PEM_H - # define HEADER_PEM_H - - # include --# include --# include -+# ifndef OPENSSL_NO_BIO -+# include -+# endif -+# ifndef OPENSSL_NO_STACK -+# include -+# endif - # include - # include - # include -@@ -23,8 +76,44 @@ extern "C" { - - # define PEM_BUFSIZE 1024 - -+# define PEM_OBJ_UNDEF 0 -+# define PEM_OBJ_X509 1 -+# define PEM_OBJ_X509_REQ 2 -+# define PEM_OBJ_CRL 3 -+# define PEM_OBJ_SSL_SESSION 4 -+# define PEM_OBJ_PRIV_KEY 10 -+# define PEM_OBJ_PRIV_RSA 11 -+# define PEM_OBJ_PRIV_DSA 12 -+# define PEM_OBJ_PRIV_DH 13 -+# define PEM_OBJ_PUB_RSA 14 -+# define PEM_OBJ_PUB_DSA 15 -+# define PEM_OBJ_PUB_DH 16 -+# define PEM_OBJ_DHPARAMS 17 -+# define PEM_OBJ_DSAPARAMS 18 -+# define PEM_OBJ_PRIV_RSA_PUBLIC 19 -+# define PEM_OBJ_PRIV_ECDSA 20 -+# define PEM_OBJ_PUB_ECDSA 21 -+# define PEM_OBJ_ECPARAMETERS 22 -+ -+# define PEM_ERROR 30 -+# define PEM_DEK_DES_CBC 40 -+# define PEM_DEK_IDEA_CBC 45 -+# define PEM_DEK_DES_EDE 50 -+# define PEM_DEK_DES_ECB 60 -+# define PEM_DEK_RSA 70 -+# define PEM_DEK_RSA_MD2 80 -+# define PEM_DEK_RSA_MD5 90 -+ -+# define PEM_MD_MD2 NID_md2 -+# define PEM_MD_MD5 NID_md5 -+# define PEM_MD_SHA NID_sha -+# define PEM_MD_MD2_RSA NID_md2WithRSAEncryption -+# define PEM_MD_MD5_RSA NID_md5WithRSAEncryption -+# define PEM_MD_SHA_RSA NID_sha1WithRSAEncryption -+ - # define PEM_STRING_X509_OLD "X509 CERTIFICATE" - # define PEM_STRING_X509 "CERTIFICATE" -+# define PEM_STRING_X509_PAIR "CERTIFICATE PAIR" - # define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE" - # define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST" - # define PEM_STRING_X509_REQ "CERTIFICATE REQUEST" -@@ -49,6 +138,17 @@ extern "C" { - # define PEM_STRING_PARAMETERS "PARAMETERS" - # define PEM_STRING_CMS "CMS" - -+ /* -+ * Note that this structure is initialised by PEM_SealInit and cleaned up -+ * by PEM_SealFinal (at least for now) -+ */ -+typedef struct PEM_Encode_Seal_st { -+ EVP_ENCODE_CTX encode; -+ EVP_MD_CTX md; -+ EVP_CIPHER_CTX cipher; -+} PEM_ENCODE_SEAL_CTX; -+ -+/* enc_type is one off */ - # define PEM_TYPE_ENCRYPTED 10 - # define PEM_TYPE_MIC_ONLY 20 - # define PEM_TYPE_MIC_CLEAR 30 -@@ -82,7 +182,6 @@ typedef struct pem_ctx_st { - - int num_recipient; - PEM_USER **recipient; -- - /*- - XXX(ben): don#t think this is used! - STACK *x509_chain; / * certificate chain */ -@@ -110,7 +209,7 @@ typedef struct pem_ctx_st { - * IMPLEMENT_PEM_rw_cb(...) - */ - --# ifdef OPENSSL_NO_STDIO -+# ifdef OPENSSL_NO_FP_API - - # define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/ - # define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/ -@@ -221,7 +320,7 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ - - /* These are the same except they are for the declarations */ - --# if defined(OPENSSL_NO_STDIO) -+# if defined(OPENSSL_NO_FP_API) - - # define DECLARE_PEM_read_fp(name, type) /**/ - # define DECLARE_PEM_write_fp(name, type) /**/ -@@ -244,6 +343,7 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ - - # endif - -+# ifndef OPENSSL_NO_BIO - # define DECLARE_PEM_read_bio(name, type) \ - type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u); - -@@ -257,6 +357,13 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ - int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ - unsigned char *kstr, int klen, pem_password_cb *cb, void *u); - -+# else -+ -+# define DECLARE_PEM_read_bio(name, type) /**/ -+# define DECLARE_PEM_write_bio(name, type) /**/ -+# define DECLARE_PEM_write_bio_const(name, type) /**/ -+# define DECLARE_PEM_write_cb_bio(name, type) /**/ -+# endif - # define DECLARE_PEM_write(name, type) \ - DECLARE_PEM_write_bio(name, type) \ - DECLARE_PEM_write_fp(name, type) -@@ -278,12 +385,19 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ - # define DECLARE_PEM_rw_cb(name, type) \ - DECLARE_PEM_read(name, type) \ - DECLARE_PEM_write_cb(name, type) -+# if 1 -+/* "userdata": new with OpenSSL 0.9.4 */ - typedef int pem_password_cb (char *buf, int size, int rwflag, void *userdata); -+# else -+/* OpenSSL 0.9.3, 0.9.3a */ -+typedef int pem_password_cb (char *buf, int size, int rwflag); -+# endif - - int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher); - int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *len, - pem_password_cb *callback, void *u); - -+# ifndef OPENSSL_NO_BIO - int PEM_read_bio(BIO *bp, char **name, char **header, - unsigned char **data, long *len); - int PEM_write_bio(BIO *bp, const char *name, const char *hdr, -@@ -302,8 +416,9 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, - int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, - unsigned char *kstr, int klen, - pem_password_cb *cd, void *u); -+# endif - --#ifndef OPENSSL_NO_STDIO -+#ifndef OPENSSL_NO_FP_API - int PEM_read(FILE *fp, char **name, char **header, - unsigned char **data, long *len); - int PEM_write(FILE *fp, const char *name, const char *hdr, -@@ -317,8 +432,16 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, - pem_password_cb *cb, void *u); - #endif - --int PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type); --int PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *d, unsigned int cnt); -+int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, -+ EVP_MD *md_type, unsigned char **ek, int *ekl, -+ unsigned char *iv, EVP_PKEY **pubk, int npubk); -+void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl, -+ unsigned char *in, int inl); -+int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl, -+ unsigned char *out, int *outl, EVP_PKEY *priv); -+ -+void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type); -+void PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *d, unsigned int cnt); - int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, - unsigned int *siglen, EVP_PKEY *pkey); - -@@ -330,6 +453,7 @@ void PEM_dek_info(char *buf, const char *type, int len, char *str); - - DECLARE_PEM_rw(X509, X509) - DECLARE_PEM_rw(X509_AUX, X509) -+DECLARE_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR) - DECLARE_PEM_rw(X509_REQ, X509_REQ) - DECLARE_PEM_write(X509_REQ_NEW, X509_REQ) - DECLARE_PEM_rw(X509_CRL, X509_CRL) -@@ -359,11 +483,6 @@ DECLARE_PEM_write_const(DHxparams, DH) - DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY) - DECLARE_PEM_rw(PUBKEY, EVP_PKEY) - --int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x, -- const EVP_CIPHER *enc, -- unsigned char *kstr, int klen, -- pem_password_cb *cb, void *u); -- - int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid, - char *kstr, int klen, - pem_password_cb *cb, void *u); -@@ -378,7 +497,7 @@ int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid, - EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, - void *u); - --# ifndef OPENSSL_NO_STDIO -+#ifndef OPENSSL_NO_FP_API - int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, - char *kstr, int klen, - pem_password_cb *cb, void *u); -@@ -395,22 +514,21 @@ EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, - int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, - char *kstr, int klen, pem_password_cb *cd, - void *u); --# endif -+#endif -+ - EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x); - int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x); - --# ifndef OPENSSL_NO_DSA - EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length); - EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length); - EVP_PKEY *b2i_PrivateKey_bio(BIO *in); - EVP_PKEY *b2i_PublicKey_bio(BIO *in); - int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk); - int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk); --# ifndef OPENSSL_NO_RC4 -+# ifndef OPENSSL_NO_RC4 - EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u); - int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel, - pem_password_cb *cb, void *u); --# endif - # endif - - /* BEGIN ERROR CODES */ -@@ -419,7 +537,7 @@ int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel, - * made after this point may be overwritten when the script is next run. - */ - --int ERR_load_PEM_strings(void); -+void ERR_load_PEM_strings(void); - - /* Error codes for the PEM functions. */ - -@@ -447,7 +565,9 @@ int ERR_load_PEM_strings(void); - # define PEM_F_PEM_ASN1_WRITE_BIO 105 - # define PEM_F_PEM_DEF_CALLBACK 100 - # define PEM_F_PEM_DO_HEADER 106 -+# define PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY 118 - # define PEM_F_PEM_GET_EVP_CIPHER_INFO 107 -+# define PEM_F_PEM_PK8PKEY 119 - # define PEM_F_PEM_READ 108 - # define PEM_F_PEM_READ_BIO 109 - # define PEM_F_PEM_READ_BIO_DHPARAMS 141 -@@ -455,6 +575,8 @@ int ERR_load_PEM_strings(void); - # define PEM_F_PEM_READ_BIO_PRIVATEKEY 123 - # define PEM_F_PEM_READ_DHPARAMS 142 - # define PEM_F_PEM_READ_PRIVATEKEY 124 -+# define PEM_F_PEM_SEALFINAL 110 -+# define PEM_F_PEM_SEALINIT 111 - # define PEM_F_PEM_SIGNFINAL 112 - # define PEM_F_PEM_WRITE 113 - # define PEM_F_PEM_WRITE_BIO 114 -@@ -480,17 +602,16 @@ int ERR_load_PEM_strings(void); - # define PEM_R_INCONSISTENT_HEADER 121 - # define PEM_R_KEYBLOB_HEADER_PARSE_ERROR 122 - # define PEM_R_KEYBLOB_TOO_SHORT 123 --# define PEM_R_MISSING_DEK_IV 129 - # define PEM_R_NOT_DEK_INFO 105 - # define PEM_R_NOT_ENCRYPTED 106 - # define PEM_R_NOT_PROC_TYPE 107 - # define PEM_R_NO_START_LINE 108 - # define PEM_R_PROBLEMS_GETTING_PASSWORD 109 -+# define PEM_R_PUBLIC_KEY_NO_RSA 110 - # define PEM_R_PVK_DATA_TOO_SHORT 124 - # define PEM_R_PVK_TOO_SHORT 125 - # define PEM_R_READ_KEY 111 - # define PEM_R_SHORT_HEADER 112 --# define PEM_R_UNEXPECTED_DEK_IV 130 - # define PEM_R_UNSUPPORTED_CIPHER 113 - # define PEM_R_UNSUPPORTED_ENCRYPTION 114 - # define PEM_R_UNSUPPORTED_KEY_COMPONENTS 126 -diff --git a/Cryptlib/Include/openssl/pem2.h b/Cryptlib/Include/openssl/pem2.h -index cfe73f1..84897d5 100644 ---- a/Cryptlib/Include/openssl/pem2.h -+++ b/Cryptlib/Include/openssl/pem2.h -@@ -1,10 +1,60 @@ --/* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* ==================================================================== -+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+/* -+ * This header only exists to break a circular dependency between pem and err -+ * Ben 30 Jan 1999. - */ - - #ifdef __cplusplus -@@ -12,7 +62,7 @@ extern "C" { - #endif - - #ifndef HEADER_PEM_H --int ERR_load_PEM_strings(void); -+void ERR_load_PEM_strings(void); - #endif - - #ifdef __cplusplus -diff --git a/Cryptlib/Include/openssl/pkcs12.h b/Cryptlib/Include/openssl/pkcs12.h -index deaded9..21f1f62 100644 ---- a/Cryptlib/Include/openssl/pkcs12.h -+++ b/Cryptlib/Include/openssl/pkcs12.h -@@ -1,10 +1,60 @@ -+/* pkcs12.h */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #ifndef HEADER_PKCS12_H -@@ -30,92 +80,114 @@ extern "C" { - - # define PKCS12_SALT_LEN 8 - --/* It's not clear if these are actually needed... */ --# define PKCS12_key_gen PKCS12_key_gen_utf8 --# define PKCS12_add_friendlyname PKCS12_add_friendlyname_utf8 -+/* Uncomment out next line for unicode password and names, otherwise ASCII */ -+ -+/* -+ * #define PBE_UNICODE -+ */ -+ -+# ifdef PBE_UNICODE -+# define PKCS12_key_gen PKCS12_key_gen_uni -+# define PKCS12_add_friendlyname PKCS12_add_friendlyname_uni -+# else -+# define PKCS12_key_gen PKCS12_key_gen_asc -+# define PKCS12_add_friendlyname PKCS12_add_friendlyname_asc -+# endif - - /* MS key usage constants */ - - # define KEY_EX 0x10 - # define KEY_SIG 0x80 - --typedef struct PKCS12_MAC_DATA_st PKCS12_MAC_DATA; -+typedef struct { -+ X509_SIG *dinfo; -+ ASN1_OCTET_STRING *salt; -+ ASN1_INTEGER *iter; /* defaults to 1 */ -+} PKCS12_MAC_DATA; -+ -+typedef struct { -+ ASN1_INTEGER *version; -+ PKCS12_MAC_DATA *mac; -+ PKCS7 *authsafes; -+} PKCS12; -+ -+typedef struct { -+ ASN1_OBJECT *type; -+ union { -+ struct pkcs12_bag_st *bag; /* secret, crl and certbag */ -+ struct pkcs8_priv_key_info_st *keybag; /* keybag */ -+ X509_SIG *shkeybag; /* shrouded key bag */ -+ STACK_OF(PKCS12_SAFEBAG) *safes; -+ ASN1_TYPE *other; -+ } value; -+ STACK_OF(X509_ATTRIBUTE) *attrib; -+} PKCS12_SAFEBAG; -+ -+DECLARE_STACK_OF(PKCS12_SAFEBAG) -+DECLARE_ASN1_SET_OF(PKCS12_SAFEBAG) -+DECLARE_PKCS12_STACK_OF(PKCS12_SAFEBAG) -+ -+typedef struct pkcs12_bag_st { -+ ASN1_OBJECT *type; -+ union { -+ ASN1_OCTET_STRING *x509cert; -+ ASN1_OCTET_STRING *x509crl; -+ ASN1_OCTET_STRING *octet; -+ ASN1_IA5STRING *sdsicert; -+ ASN1_TYPE *other; /* Secret or other bag */ -+ } value; -+} PKCS12_BAGS; - --typedef struct PKCS12_st PKCS12; -+# define PKCS12_ERROR 0 -+# define PKCS12_OK 1 - --typedef struct PKCS12_SAFEBAG_st PKCS12_SAFEBAG; -+/* Compatibility macros */ - --DEFINE_STACK_OF(PKCS12_SAFEBAG) -+# define M_PKCS12_x5092certbag PKCS12_x5092certbag -+# define M_PKCS12_x509crl2certbag PKCS12_x509crl2certbag - --typedef struct pkcs12_bag_st PKCS12_BAGS; -+# define M_PKCS12_certbag2x509 PKCS12_certbag2x509 -+# define M_PKCS12_certbag2x509crl PKCS12_certbag2x509crl - --# define PKCS12_ERROR 0 --# define PKCS12_OK 1 -+# define M_PKCS12_unpack_p7data PKCS12_unpack_p7data -+# define M_PKCS12_pack_authsafes PKCS12_pack_authsafes -+# define M_PKCS12_unpack_authsafes PKCS12_unpack_authsafes -+# define M_PKCS12_unpack_p7encdata PKCS12_unpack_p7encdata - --/* Compatibility macros */ -+# define M_PKCS12_decrypt_skey PKCS12_decrypt_skey -+# define M_PKCS8_decrypt PKCS8_decrypt - --#if OPENSSL_API_COMPAT < 0x10100000L -+# define M_PKCS12_bag_type(bg) OBJ_obj2nid((bg)->type) -+# define M_PKCS12_cert_bag_type(bg) OBJ_obj2nid((bg)->value.bag->type) -+# define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type - --# define M_PKCS12_bag_type PKCS12_bag_type --# define M_PKCS12_cert_bag_type PKCS12_cert_bag_type --# define M_PKCS12_crl_bag_type PKCS12_cert_bag_type -+# define PKCS12_get_attr(bag, attr_nid) \ -+ PKCS12_get_attr_gen(bag->attrib, attr_nid) - --# define PKCS12_certbag2x509 PKCS12_SAFEBAG_get1_cert --# define PKCS12_certbag2scrl PKCS12_SAFEBAG_get1_crl --# define PKCS12_bag_type PKCS12_SAFEBAG_get_nid --# define PKCS12_cert_bag_type PKCS12_SAFEBAG_get_bag_nid --# define PKCS12_x5092certbag PKCS12_SAFEBAG_create_cert --# define PKCS12_x509crl2certbag PKCS12_SAFEBAG_create_crl --# define PKCS12_MAKE_KEYBAG PKCS12_SAFEBAG_create0_p8inf --# define PKCS12_MAKE_SHKEYBAG PKCS12_SAFEBAG_create_pkcs8_encrypt -+# define PKCS8_get_attr(p8, attr_nid) \ -+ PKCS12_get_attr_gen(p8->attributes, attr_nid) - --#endif -+# define PKCS12_mac_present(p12) ((p12)->mac ? 1 : 0) - --DEPRECATEDIN_1_1_0(ASN1_TYPE *PKCS12_get_attr(const PKCS12_SAFEBAG *bag, int attr_nid)) -- --ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid); --int PKCS12_mac_present(const PKCS12 *p12); --void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac, -- const X509_ALGOR **pmacalg, -- const ASN1_OCTET_STRING **psalt, -- const ASN1_INTEGER **piter, -- const PKCS12 *p12); -- --const ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG *bag, -- int attr_nid); --const ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag); --int PKCS12_SAFEBAG_get_nid(const PKCS12_SAFEBAG *bag); --int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag); -- --X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag); --X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag); --const STACK_OF(PKCS12_SAFEBAG) * --PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag); --const PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag); --const X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag); -- --PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509); --PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl); --PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8); --PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8); --PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid, -- const char *pass, -- int passlen, -- unsigned char *salt, -- int saltlen, int iter, -- PKCS8_PRIV_KEY_INFO *p8inf); -+PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509); -+PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl); -+X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag); -+X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag); - - PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, - int nid1, int nid2); --PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass, -+PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8); -+PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, - int passlen); --PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag, -+PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, - const char *pass, int passlen); - X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, - const char *pass, int passlen, unsigned char *salt, - int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8); --X509_SIG *PKCS8_set0_pbe(const char *pass, int passlen, -- PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe); -+PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, -+ int passlen, unsigned char *salt, -+ int saltlen, int iter, -+ PKCS8_PRIV_KEY_INFO *p8); - PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk); - STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7); - PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, -@@ -125,32 +197,26 @@ STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, - int passlen); - - int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes); --STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12); -+STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12); - - int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, - int namelen); - int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, - int namelen); --int PKCS12_add_friendlyname_utf8(PKCS12_SAFEBAG *bag, const char *name, -- int namelen); - int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, - int namelen); - int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, - const unsigned char *name, int namelen); - int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage); --ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, -- int attr_nid); -+ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid); - char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag); --const STACK_OF(X509_ATTRIBUTE) * --PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag); --unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, -- const char *pass, int passlen, -- const unsigned char *in, int inlen, -+unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, -+ int passlen, unsigned char *in, int inlen, - unsigned char **data, int *datalen, - int en_de); --void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it, -+void *PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it, - const char *pass, int passlen, -- const ASN1_OCTET_STRING *oct, int zbuf); -+ ASN1_OCTET_STRING *oct, int zbuf); - ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, - const ASN1_ITEM *it, - const char *pass, int passlen, -@@ -162,9 +228,6 @@ int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, - int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, - int saltlen, int id, int iter, int n, - unsigned char *out, const EVP_MD *md_type); --int PKCS12_key_gen_utf8(const char *pass, int passlen, unsigned char *salt, -- int saltlen, int id, int iter, int n, -- unsigned char *out, const EVP_MD *md_type); - int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *cipher, - const EVP_MD *md_type, int en_de); -@@ -178,10 +241,7 @@ int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, - int saltlen, const EVP_MD *md_type); - unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, - unsigned char **uni, int *unilen); --char *OPENSSL_uni2asc(const unsigned char *uni, int unilen); --unsigned char *OPENSSL_utf82uni(const char *asc, int asclen, -- unsigned char **uni, int *unilen); --char *OPENSSL_uni2utf8(const unsigned char *uni, int unilen); -+char *OPENSSL_uni2asc(unsigned char *uni, int unilen); - - DECLARE_ASN1_FUNCTIONS(PKCS12) - DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA) -@@ -194,26 +254,22 @@ DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES) - void PKCS12_PBE_add(void); - int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, - STACK_OF(X509) **ca); --PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, -- X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, -- int iter, int mac_iter, int keytype); -+PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, -+ STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, -+ int mac_iter, int keytype); - - PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert); - PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, - EVP_PKEY *key, int key_usage, int iter, -- int key_nid, const char *pass); -+ int key_nid, char *pass); - int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, -- int safe_nid, int iter, const char *pass); -+ int safe_nid, int iter, char *pass); - PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid); - - int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12); --# ifndef OPENSSL_NO_STDIO - int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12); --# endif - PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12); --# ifndef OPENSSL_NO_STDIO - PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12); --# endif - int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass); - - /* BEGIN ERROR CODES */ -@@ -221,12 +277,17 @@ int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass); - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -- --int ERR_load_PKCS12_strings(void); -+void ERR_load_PKCS12_strings(void); - - /* Error codes for the PKCS12 functions. */ - - /* Function codes. */ -+# define PKCS12_F_PARSE_BAG 129 -+# define PKCS12_F_PARSE_BAGS 103 -+# define PKCS12_F_PKCS12_ADD_FRIENDLYNAME 100 -+# define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC 127 -+# define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI 102 -+# define PKCS12_F_PKCS12_ADD_LOCALKEYID 104 - # define PKCS12_F_PKCS12_CREATE 105 - # define PKCS12_F_PKCS12_GEN_MAC 107 - # define PKCS12_F_PKCS12_INIT 109 -@@ -235,23 +296,21 @@ int ERR_load_PKCS12_strings(void); - # define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG 117 - # define PKCS12_F_PKCS12_KEY_GEN_ASC 110 - # define PKCS12_F_PKCS12_KEY_GEN_UNI 111 --# define PKCS12_F_PKCS12_KEY_GEN_UTF8 116 -+# define PKCS12_F_PKCS12_MAKE_KEYBAG 112 -+# define PKCS12_F_PKCS12_MAKE_SHKEYBAG 113 - # define PKCS12_F_PKCS12_NEWPASS 128 - # define PKCS12_F_PKCS12_PACK_P7DATA 114 - # define PKCS12_F_PKCS12_PACK_P7ENCDATA 115 - # define PKCS12_F_PKCS12_PARSE 118 - # define PKCS12_F_PKCS12_PBE_CRYPT 119 - # define PKCS12_F_PKCS12_PBE_KEYIVGEN 120 --# define PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF 112 --# define PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8 113 --# define PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT 133 - # define PKCS12_F_PKCS12_SETUP_MAC 122 - # define PKCS12_F_PKCS12_SET_MAC 123 - # define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 130 - # define PKCS12_F_PKCS12_UNPACK_P7DATA 131 - # define PKCS12_F_PKCS12_VERIFY_MAC 126 -+# define PKCS12_F_PKCS8_ADD_KEYUSAGE 124 - # define PKCS12_F_PKCS8_ENCRYPT 125 --# define PKCS12_F_PKCS8_SET0_PBE 132 - - /* Reason codes. */ - # define PKCS12_R_CANT_PACK_STRUCTURE 100 -@@ -268,6 +327,7 @@ int ERR_load_PKCS12_strings(void); - # define PKCS12_R_MAC_GENERATION_ERROR 109 - # define PKCS12_R_MAC_SETUP_ERROR 110 - # define PKCS12_R_MAC_STRING_SET_ERROR 111 -+# define PKCS12_R_MAC_VERIFY_ERROR 112 - # define PKCS12_R_MAC_VERIFY_FAILURE 113 - # define PKCS12_R_PARSE_ERROR 114 - # define PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR 115 -@@ -276,7 +336,7 @@ int ERR_load_PKCS12_strings(void); - # define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM 118 - # define PKCS12_R_UNSUPPORTED_PKCS12_MODE 119 - --# ifdef __cplusplus -+#ifdef __cplusplus - } --# endif -+#endif - #endif -diff --git a/Cryptlib/Include/openssl/pkcs7.h b/Cryptlib/Include/openssl/pkcs7.h -index 691f722..b51b386 100644 ---- a/Cryptlib/Include/openssl/pkcs7.h -+++ b/Cryptlib/Include/openssl/pkcs7.h -@@ -1,10 +1,59 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/pkcs7/pkcs7.h */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #ifndef HEADER_PKCS7_H -@@ -21,6 +70,12 @@ - extern "C" { - #endif - -+# ifdef OPENSSL_SYS_WIN32 -+/* Under Win32 thes are defined in wincrypt.h */ -+# undef PKCS7_ISSUER_AND_SERIAL -+# undef PKCS7_SIGNER_INFO -+# endif -+ - /*- - Encryption_ID DES-CBC - Digest_ID MD5 -@@ -45,7 +100,8 @@ typedef struct pkcs7_signer_info_st { - EVP_PKEY *pkey; - } PKCS7_SIGNER_INFO; - --DEFINE_STACK_OF(PKCS7_SIGNER_INFO) -+DECLARE_STACK_OF(PKCS7_SIGNER_INFO) -+DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO) - - typedef struct pkcs7_recip_info_st { - ASN1_INTEGER *version; /* version 0 */ -@@ -55,7 +111,8 @@ typedef struct pkcs7_recip_info_st { - X509 *cert; /* get the pub-key from this */ - } PKCS7_RECIP_INFO; - --DEFINE_STACK_OF(PKCS7_RECIP_INFO) -+DECLARE_STACK_OF(PKCS7_RECIP_INFO) -+DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO) - - typedef struct pkcs7_signed_st { - ASN1_INTEGER *version; /* version 1 */ -@@ -142,7 +199,9 @@ typedef struct pkcs7_st { - } d; - } PKCS7; - --DEFINE_STACK_OF(PKCS7) -+DECLARE_STACK_OF(PKCS7) -+DECLARE_ASN1_SET_OF(PKCS7) -+DECLARE_PKCS12_STACK_OF(PKCS7) - - # define PKCS7_OP_SET_DETACHED_SIGNATURE 1 - # define PKCS7_OP_GET_DETACHED_SIGNATURE 2 -@@ -183,7 +242,6 @@ DEFINE_STACK_OF(PKCS7) - # define PKCS7_NOCRL 0x2000 - # define PKCS7_PARTIAL 0x4000 - # define PKCS7_REUSE_DIGEST 0x8000 --# define PKCS7_NO_DUAL_CONTENT 0x10000 - - /* Flags: for compatibility with older code */ - -@@ -197,15 +255,12 @@ DEFINE_STACK_OF(PKCS7) - # define SMIME_BINARY PKCS7_BINARY - # define SMIME_NOATTR PKCS7_NOATTR - --/* CRLF ASCII canonicalisation */ --# define SMIME_ASCIICRLF 0x80000 -- - DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL) - - int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, - const EVP_MD *type, unsigned char *md, - unsigned int *len); --# ifndef OPENSSL_NO_STDIO -+# ifndef OPENSSL_NO_FP_API - PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7); - int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7); - # endif -@@ -317,13 +372,15 @@ BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7); - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -- --int ERR_load_PKCS7_strings(void); -+void ERR_load_PKCS7_strings(void); - - /* Error codes for the PKCS7 functions. */ - - /* Function codes. */ -+# define PKCS7_F_B64_READ_PKCS7 120 -+# define PKCS7_F_B64_WRITE_PKCS7 121 - # define PKCS7_F_DO_PKCS7_SIGNED_ATTRIB 136 -+# define PKCS7_F_I2D_PKCS7_BIO_STREAM 140 - # define PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME 135 - # define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP 118 - # define PKCS7_F_PKCS7_ADD_CERTIFICATE 100 -@@ -337,6 +394,7 @@ int ERR_load_PKCS7_strings(void); - # define PKCS7_F_PKCS7_DATADECODE 112 - # define PKCS7_F_PKCS7_DATAFINAL 128 - # define PKCS7_F_PKCS7_DATAINIT 105 -+# define PKCS7_F_PKCS7_DATASIGN 106 - # define PKCS7_F_PKCS7_DATAVERIFY 107 - # define PKCS7_F_PKCS7_DECRYPT 114 - # define PKCS7_F_PKCS7_DECRYPT_RINFO 133 -@@ -357,6 +415,8 @@ int ERR_load_PKCS7_strings(void); - # define PKCS7_F_PKCS7_SIGN_ADD_SIGNER 137 - # define PKCS7_F_PKCS7_SIMPLE_SMIMECAP 119 - # define PKCS7_F_PKCS7_VERIFY 117 -+# define PKCS7_F_SMIME_READ_PKCS7 122 -+# define PKCS7_F_SMIME_TEXT 123 - - /* Reason codes. */ - # define PKCS7_R_CERTIFICATE_VERIFY_ERROR 117 -@@ -364,29 +424,46 @@ int ERR_load_PKCS7_strings(void); - # define PKCS7_R_CIPHER_NOT_INITIALIZED 116 - # define PKCS7_R_CONTENT_AND_DATA_PRESENT 118 - # define PKCS7_R_CTRL_ERROR 152 -+# define PKCS7_R_DECODE_ERROR 130 -+# define PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH 100 - # define PKCS7_R_DECRYPT_ERROR 119 - # define PKCS7_R_DIGEST_FAILURE 101 - # define PKCS7_R_ENCRYPTION_CTRL_FAILURE 149 - # define PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 150 - # define PKCS7_R_ERROR_ADDING_RECIPIENT 120 - # define PKCS7_R_ERROR_SETTING_CIPHER 121 -+# define PKCS7_R_INVALID_MIME_TYPE 131 - # define PKCS7_R_INVALID_NULL_POINTER 143 - # define PKCS7_R_INVALID_SIGNED_DATA_TYPE 155 -+# define PKCS7_R_MIME_NO_CONTENT_TYPE 132 -+# define PKCS7_R_MIME_PARSE_ERROR 133 -+# define PKCS7_R_MIME_SIG_PARSE_ERROR 134 -+# define PKCS7_R_MISSING_CERIPEND_INFO 103 - # define PKCS7_R_NO_CONTENT 122 -+# define PKCS7_R_NO_CONTENT_TYPE 135 - # define PKCS7_R_NO_DEFAULT_DIGEST 151 - # define PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND 154 -+# define PKCS7_R_NO_MULTIPART_BODY_FAILURE 136 -+# define PKCS7_R_NO_MULTIPART_BOUNDARY 137 - # define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 115 -+# define PKCS7_R_NO_RECIPIENT_MATCHES_KEY 146 - # define PKCS7_R_NO_SIGNATURES_ON_DATA 123 - # define PKCS7_R_NO_SIGNERS 142 -+# define PKCS7_R_NO_SIG_CONTENT_TYPE 138 - # define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 104 - # define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 124 - # define PKCS7_R_PKCS7_ADD_SIGNER_ERROR 153 -+# define PKCS7_R_PKCS7_DATAFINAL 126 -+# define PKCS7_R_PKCS7_DATAFINAL_ERROR 125 - # define PKCS7_R_PKCS7_DATASIGN 145 -+# define PKCS7_R_PKCS7_PARSE_ERROR 139 -+# define PKCS7_R_PKCS7_SIG_PARSE_ERROR 140 - # define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 127 - # define PKCS7_R_SIGNATURE_FAILURE 105 - # define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND 128 - # define PKCS7_R_SIGNING_CTRL_FAILURE 147 - # define PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 148 -+# define PKCS7_R_SIG_INVALID_MIME_TYPE 141 - # define PKCS7_R_SMIME_TEXT_ERROR 129 - # define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE 106 - # define PKCS7_R_UNABLE_TO_FIND_MEM_BIO 107 -@@ -398,7 +475,7 @@ int ERR_load_PKCS7_strings(void); - # define PKCS7_R_WRONG_CONTENT_TYPE 113 - # define PKCS7_R_WRONG_PKCS7_TYPE 114 - --# ifdef __cplusplus -+#ifdef __cplusplus - } --# endif -+#endif - #endif -diff --git a/Cryptlib/Include/openssl/pqueue.h b/Cryptlib/Include/openssl/pqueue.h -new file mode 100644 -index 0000000..d40d9c7 ---- /dev/null -+++ b/Cryptlib/Include/openssl/pqueue.h -@@ -0,0 +1,99 @@ -+/* crypto/pqueue/pqueue.h */ -+/* -+ * DTLS implementation written by Nagendra Modadugu -+ * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+#ifndef HEADER_PQUEUE_H -+# define HEADER_PQUEUE_H -+ -+# include -+# include -+# include -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+typedef struct _pqueue *pqueue; -+ -+typedef struct _pitem { -+ unsigned char priority[8]; /* 64-bit value in big-endian encoding */ -+ void *data; -+ struct _pitem *next; -+} pitem; -+ -+typedef struct _pitem *piterator; -+ -+pitem *pitem_new(unsigned char *prio64be, void *data); -+void pitem_free(pitem *item); -+ -+pqueue pqueue_new(void); -+void pqueue_free(pqueue pq); -+ -+pitem *pqueue_insert(pqueue pq, pitem *item); -+pitem *pqueue_peek(pqueue pq); -+pitem *pqueue_pop(pqueue pq); -+pitem *pqueue_find(pqueue pq, unsigned char *prio64be); -+pitem *pqueue_iterator(pqueue pq); -+pitem *pqueue_next(piterator *iter); -+ -+void pqueue_print(pqueue pq); -+int pqueue_size(pqueue pq); -+ -+#ifdef __cplusplus -+} -+#endif -+#endif /* ! HEADER_PQUEUE_H */ -diff --git a/Cryptlib/Include/openssl/rand.h b/Cryptlib/Include/openssl/rand.h -index d521ae1..2553afd 100644 ---- a/Cryptlib/Include/openssl/rand.h -+++ b/Cryptlib/Include/openssl/rand.h -@@ -1,10 +1,59 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/rand/rand.h */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #ifndef HEADER_RAND_H -@@ -14,18 +63,26 @@ - # include - # include - -+# if defined(OPENSSL_SYS_WINDOWS) -+# include -+# endif -+ - #ifdef __cplusplus - extern "C" { - #endif - -+# if defined(OPENSSL_FIPS) -+# define FIPS_RAND_SIZE_T size_t -+# endif -+ - /* Already defined in ossl_typ.h */ - /* typedef struct rand_meth_st RAND_METHOD; */ - - struct rand_meth_st { -- int (*seed) (const void *buf, int num); -+ void (*seed) (const void *buf, int num); - int (*bytes) (unsigned char *buf, int num); - void (*cleanup) (void); -- int (*add) (const void *buf, int num, double entropy); -+ void (*add) (const void *buf, int num, double entropy); - int (*pseudorand) (unsigned char *buf, int num); - int (*status) (void); - }; -@@ -39,51 +96,55 @@ const RAND_METHOD *RAND_get_rand_method(void); - # ifndef OPENSSL_NO_ENGINE - int RAND_set_rand_engine(ENGINE *engine); - # endif --RAND_METHOD *RAND_OpenSSL(void); --#if OPENSSL_API_COMPAT < 0x10100000L --# define RAND_cleanup() while(0) continue --#endif -+RAND_METHOD *RAND_SSLeay(void); -+void RAND_cleanup(void); - int RAND_bytes(unsigned char *buf, int num); --DEPRECATEDIN_1_1_0(int RAND_pseudo_bytes(unsigned char *buf, int num)) -+int RAND_pseudo_bytes(unsigned char *buf, int num); - void RAND_seed(const void *buf, int num); --#if defined(__ANDROID__) && defined(__NDK_FPABI__) --__NDK_FPABI__ /* __attribute__((pcs("aapcs"))) on ARM */ --#endif - void RAND_add(const void *buf, int num, double entropy); - int RAND_load_file(const char *file, long max_bytes); - int RAND_write_file(const char *file); - const char *RAND_file_name(char *file, size_t num); - int RAND_status(void); --# ifndef OPENSSL_NO_EGD - int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes); - int RAND_egd(const char *path); - int RAND_egd_bytes(const char *path, int bytes); --# endif - int RAND_poll(void); - --#if defined(_WIN32) && (defined(BASETYPES) || defined(_WINDEF_H)) --/* application has to include in order to use these */ --DEPRECATEDIN_1_1_0(void RAND_screen(void)) --DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM)) --#endif -+# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) -+ -+void RAND_screen(void); -+int RAND_event(UINT, WPARAM, LPARAM); -+ -+# endif -+ -+# ifdef OPENSSL_FIPS -+void RAND_set_fips_drbg_type(int type, int flags); -+int RAND_init_fips(void); -+# endif - - /* BEGIN ERROR CODES */ - /* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -- --int ERR_load_RAND_strings(void); -+void ERR_load_RAND_strings(void); - - /* Error codes for the RAND functions. */ - - /* Function codes. */ --# define RAND_F_RAND_BYTES 100 -+# define RAND_F_RAND_GET_RAND_METHOD 101 -+# define RAND_F_RAND_INIT_FIPS 102 -+# define RAND_F_SSLEAY_RAND_BYTES 100 - - /* Reason codes. */ -+# define RAND_R_DUAL_EC_DRBG_DISABLED 104 -+# define RAND_R_ERROR_INITIALISING_DRBG 102 -+# define RAND_R_ERROR_INSTANTIATING_DRBG 103 -+# define RAND_R_NO_FIPS_RANDOM_METHOD_SET 101 - # define RAND_R_PRNG_NOT_SEEDED 100 - --# ifdef __cplusplus -+#ifdef __cplusplus - } --# endif -+#endif - #endif -diff --git a/Cryptlib/Include/openssl/rc2.h b/Cryptlib/Include/openssl/rc2.h -index 585f9e4..29d02d7 100644 ---- a/Cryptlib/Include/openssl/rc2.h -+++ b/Cryptlib/Include/openssl/rc2.h -@@ -1,34 +1,87 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/rc2/rc2.h */ -+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #ifndef HEADER_RC2_H - # define HEADER_RC2_H - --# include -- --# ifndef OPENSSL_NO_RC2 --# ifdef __cplusplus --extern "C" { -+# include /* OPENSSL_NO_RC2, RC2_INT */ -+# ifdef OPENSSL_NO_RC2 -+# error RC2 is disabled. - # endif - --typedef unsigned int RC2_INT; -- - # define RC2_ENCRYPT 1 - # define RC2_DECRYPT 0 - - # define RC2_BLOCK 8 - # define RC2_KEY_LENGTH 16 - -+#ifdef __cplusplus -+extern "C" { -+#endif -+ - typedef struct rc2_key_st { - RC2_INT data[64]; - } RC2_KEY; - -+# ifdef OPENSSL_FIPS -+void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, -+ int bits); -+# endif - void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits); - void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out, - RC2_KEY *key, int enc); -@@ -43,9 +96,8 @@ void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out, - long length, RC2_KEY *schedule, unsigned char *ivec, - int *num); - --# ifdef __cplusplus -+#ifdef __cplusplus - } --# endif --# endif -+#endif - - #endif -diff --git a/Cryptlib/Include/openssl/rc4.h b/Cryptlib/Include/openssl/rc4.h -index 86803b3..39162b1 100644 ---- a/Cryptlib/Include/openssl/rc4.h -+++ b/Cryptlib/Include/openssl/rc4.h -@@ -1,19 +1,71 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/rc4/rc4.h */ -+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #ifndef HEADER_RC4_H - # define HEADER_RC4_H - --# include -+# include /* OPENSSL_NO_RC4, RC4_INT */ -+# ifdef OPENSSL_NO_RC4 -+# error RC4 is disabled. -+# endif - --# ifndef OPENSSL_NO_RC4 - # include -+ - #ifdef __cplusplus - extern "C" { - #endif -@@ -25,12 +77,12 @@ typedef struct rc4_key_st { - - const char *RC4_options(void); - void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); -+void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); - void RC4(RC4_KEY *key, size_t len, const unsigned char *indata, - unsigned char *outdata); - --# ifdef __cplusplus -+#ifdef __cplusplus - } --# endif --# endif -+#endif - - #endif -diff --git a/Cryptlib/Include/openssl/rc5.h b/Cryptlib/Include/openssl/rc5.h -deleted file mode 100644 -index 793f88e..0000000 ---- a/Cryptlib/Include/openssl/rc5.h -+++ /dev/null -@@ -1,63 +0,0 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#ifndef HEADER_RC5_H --# define HEADER_RC5_H -- --# include -- --# ifndef OPENSSL_NO_RC5 --# ifdef __cplusplus --extern "C" { --# endif -- --# define RC5_ENCRYPT 1 --# define RC5_DECRYPT 0 -- --# define RC5_32_INT unsigned int -- --# define RC5_32_BLOCK 8 --# define RC5_32_KEY_LENGTH 16/* This is a default, max is 255 */ -- --/* -- * This are the only values supported. Tweak the code if you want more The -- * most supported modes will be RC5-32/12/16 RC5-32/16/8 -- */ --# define RC5_8_ROUNDS 8 --# define RC5_12_ROUNDS 12 --# define RC5_16_ROUNDS 16 -- --typedef struct rc5_key_st { -- /* Number of rounds */ -- int rounds; -- RC5_32_INT data[2 * (RC5_16_ROUNDS + 1)]; --} RC5_32_KEY; -- --void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data, -- int rounds); --void RC5_32_ecb_encrypt(const unsigned char *in, unsigned char *out, -- RC5_32_KEY *key, int enc); --void RC5_32_encrypt(unsigned long *data, RC5_32_KEY *key); --void RC5_32_decrypt(unsigned long *data, RC5_32_KEY *key); --void RC5_32_cbc_encrypt(const unsigned char *in, unsigned char *out, -- long length, RC5_32_KEY *ks, unsigned char *iv, -- int enc); --void RC5_32_cfb64_encrypt(const unsigned char *in, unsigned char *out, -- long length, RC5_32_KEY *schedule, -- unsigned char *ivec, int *num, int enc); --void RC5_32_ofb64_encrypt(const unsigned char *in, unsigned char *out, -- long length, RC5_32_KEY *schedule, -- unsigned char *ivec, int *num); -- --# ifdef __cplusplus --} --# endif --# endif -- --#endif -diff --git a/Cryptlib/Include/openssl/ripemd.h b/Cryptlib/Include/openssl/ripemd.h -index c42026a..b88ef25 100644 ---- a/Cryptlib/Include/openssl/ripemd.h -+++ b/Cryptlib/Include/openssl/ripemd.h -@@ -1,25 +1,83 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/ripemd/ripemd.h */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #ifndef HEADER_RIPEMD_H - # define HEADER_RIPEMD_H - --# include -- --#ifndef OPENSSL_NO_RMD160 - # include - # include --# ifdef __cplusplus -+ -+#ifdef __cplusplus - extern "C" { -+#endif -+ -+# ifdef OPENSSL_NO_RIPEMD -+# error RIPEMD is disabled. - # endif - --# define RIPEMD160_LONG unsigned int -+# if defined(__LP32__) -+# define RIPEMD160_LONG unsigned long -+# elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) -+# define RIPEMD160_LONG unsigned long -+# define RIPEMD160_LONG_LOG2 3 -+# else -+# define RIPEMD160_LONG unsigned int -+# endif - - # define RIPEMD160_CBLOCK 64 - # define RIPEMD160_LBLOCK (RIPEMD160_CBLOCK/4) -@@ -32,16 +90,16 @@ typedef struct RIPEMD160state_st { - unsigned int num; - } RIPEMD160_CTX; - -+# ifdef OPENSSL_FIPS -+int private_RIPEMD160_Init(RIPEMD160_CTX *c); -+# endif - int RIPEMD160_Init(RIPEMD160_CTX *c); - int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len); - int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); - unsigned char *RIPEMD160(const unsigned char *d, size_t n, unsigned char *md); - void RIPEMD160_Transform(RIPEMD160_CTX *c, const unsigned char *b); -- --# ifdef __cplusplus -+#ifdef __cplusplus - } --# endif --# endif -- -+#endif - - #endif -diff --git a/Cryptlib/Include/openssl/rsa.h b/Cryptlib/Include/openssl/rsa.h -index d97d6e0..d2ee374 100644 ---- a/Cryptlib/Include/openssl/rsa.h -+++ b/Cryptlib/Include/openssl/rsa.h -@@ -1,37 +1,173 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/rsa/rsa.h */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #ifndef HEADER_RSA_H - # define HEADER_RSA_H - --# include -- --# ifndef OPENSSL_NO_RSA - # include --# include -+ -+# ifndef OPENSSL_NO_BIO -+# include -+# endif - # include - # include --# if OPENSSL_API_COMPAT < 0x10100000L -+# ifndef OPENSSL_NO_DEPRECATED - # include - # endif --# ifdef __cplusplus --extern "C" { -+ -+# ifdef OPENSSL_NO_RSA -+# error RSA is disabled. - # endif - --/* The types RSA and RSA_METHOD are defined in ossl_typ.h */ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+/* Declared already in ossl_typ.h */ -+/* typedef struct rsa_st RSA; */ -+/* typedef struct rsa_meth_st RSA_METHOD; */ -+ -+struct rsa_meth_st { -+ const char *name; -+ int (*rsa_pub_enc) (int flen, const unsigned char *from, -+ unsigned char *to, RSA *rsa, int padding); -+ int (*rsa_pub_dec) (int flen, const unsigned char *from, -+ unsigned char *to, RSA *rsa, int padding); -+ int (*rsa_priv_enc) (int flen, const unsigned char *from, -+ unsigned char *to, RSA *rsa, int padding); -+ int (*rsa_priv_dec) (int flen, const unsigned char *from, -+ unsigned char *to, RSA *rsa, int padding); -+ /* Can be null */ -+ int (*rsa_mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); -+ /* Can be null */ -+ int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, -+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); -+ /* called at new */ -+ int (*init) (RSA *rsa); -+ /* called at free */ -+ int (*finish) (RSA *rsa); -+ /* RSA_METHOD_FLAG_* things */ -+ int flags; -+ /* may be needed! */ -+ char *app_data; -+ /* -+ * New sign and verify functions: some libraries don't allow arbitrary -+ * data to be signed/verified: this allows them to be used. Note: for -+ * this to work the RSA_public_decrypt() and RSA_private_encrypt() should -+ * *NOT* be used RSA_sign(), RSA_verify() should be used instead. Note: -+ * for backwards compatibility this functionality is only enabled if the -+ * RSA_FLAG_SIGN_VER option is set in 'flags'. -+ */ -+ int (*rsa_sign) (int type, -+ const unsigned char *m, unsigned int m_length, -+ unsigned char *sigret, unsigned int *siglen, -+ const RSA *rsa); -+ int (*rsa_verify) (int dtype, const unsigned char *m, -+ unsigned int m_length, const unsigned char *sigbuf, -+ unsigned int siglen, const RSA *rsa); -+ /* -+ * If this callback is NULL, the builtin software RSA key-gen will be -+ * used. This is for behavioural compatibility whilst the code gets -+ * rewired, but one day it would be nice to assume there are no such -+ * things as "builtin software" implementations. -+ */ -+ int (*rsa_keygen) (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); -+}; -+ -+struct rsa_st { -+ /* -+ * The first parameter is used to pickup errors where this is passed -+ * instead of aEVP_PKEY, it is set to 0 -+ */ -+ int pad; -+ long version; -+ const RSA_METHOD *meth; -+ /* functional reference if 'meth' is ENGINE-provided */ -+ ENGINE *engine; -+ BIGNUM *n; -+ BIGNUM *e; -+ BIGNUM *d; -+ BIGNUM *p; -+ BIGNUM *q; -+ BIGNUM *dmp1; -+ BIGNUM *dmq1; -+ BIGNUM *iqmp; -+ /* be careful using this if the RSA structure is shared */ -+ CRYPTO_EX_DATA ex_data; -+ int references; -+ int flags; -+ /* Used to cache montgomery values */ -+ BN_MONT_CTX *_method_mod_n; -+ BN_MONT_CTX *_method_mod_p; -+ BN_MONT_CTX *_method_mod_q; -+ /* -+ * all BIGNUM values are actually in the following data, if it is not -+ * NULL -+ */ -+ char *bignum_data; -+ BN_BLINDING *blinding; -+ BN_BLINDING *mt_blinding; -+}; - - # ifndef OPENSSL_RSA_MAX_MODULUS_BITS - # define OPENSSL_RSA_MAX_MODULUS_BITS 16384 - # endif - --# define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024 -- - # ifndef OPENSSL_RSA_SMALL_MODULUS_BITS - # define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 - # endif -@@ -59,6 +195,12 @@ extern "C" { - */ - # define RSA_FLAG_EXT_PKEY 0x0020 - -+/* -+ * This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify -+ * functions. -+ */ -+# define RSA_FLAG_SIGN_VER 0x0040 -+ - /* - * new with 0.9.6j and 0.9.7b; the built-in - * RSA implementation now uses blinding by -@@ -66,13 +208,19 @@ extern "C" { - * but other engines might not need it - */ - # define RSA_FLAG_NO_BLINDING 0x0080 --# if OPENSSL_API_COMPAT < 0x10100000L - /* -- * Does nothing. Previously this switched off constant time behaviour. -+ * new with 0.9.8f; the built-in RSA -+ * implementation now uses constant time -+ * operations by default in private key operations, -+ * e.g., constant time modular exponentiation, -+ * modular inverse without leaking branches, -+ * division without leaking branches. This -+ * flag disables these constant time -+ * operations and results in faster RSA -+ * private key operations. - */ --# define RSA_FLAG_NO_CONSTTIME 0x0000 --# endif --# if OPENSSL_API_COMPAT < 0x00908000L -+# define RSA_FLAG_NO_CONSTTIME 0x0100 -+# ifdef OPENSSL_USE_DEPRECATED - /* deprecated name for the flag*/ - /* - * new with 0.9.7h; the built-in RSA -@@ -171,41 +319,18 @@ extern "C" { - - RSA *RSA_new(void); - RSA *RSA_new_method(ENGINE *engine); --int RSA_bits(const RSA *rsa); - int RSA_size(const RSA *rsa); --int RSA_security_bits(const RSA *rsa); -- --int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); --int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q); --int RSA_set0_crt_params(RSA *r,BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp); --void RSA_get0_key(const RSA *r, -- const BIGNUM **n, const BIGNUM **e, const BIGNUM **d); --void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q); --void RSA_get0_crt_params(const RSA *r, -- const BIGNUM **dmp1, const BIGNUM **dmq1, -- const BIGNUM **iqmp); --void RSA_clear_flags(RSA *r, int flags); --int RSA_test_flags(const RSA *r, int flags); --void RSA_set_flags(RSA *r, int flags); --ENGINE *RSA_get0_engine(const RSA *r); - - /* Deprecated version */ --DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void -- (*callback) (int, int, void *), -- void *cb_arg)) -+# ifndef OPENSSL_NO_DEPRECATED -+RSA *RSA_generate_key(int bits, unsigned long e, void -+ (*callback) (int, int, void *), void *cb_arg); -+# endif /* !defined(OPENSSL_NO_DEPRECATED) */ - - /* New version */ - int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); - --int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, -- BIGNUM *q2, const BIGNUM *Xp1, const BIGNUM *Xp2, -- const BIGNUM *Xp, const BIGNUM *Xq1, const BIGNUM *Xq2, -- const BIGNUM *Xq, const BIGNUM *e, BN_GENCB *cb); --int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, -- BN_GENCB *cb); -- - int RSA_check_key(const RSA *); --int RSA_check_key_ex(const RSA *, BN_GENCB *cb); - /* next 4 return -1 on error */ - int RSA_public_encrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); -@@ -226,8 +351,11 @@ const RSA_METHOD *RSA_get_default_method(void); - const RSA_METHOD *RSA_get_method(const RSA *rsa); - int RSA_set_method(RSA *rsa, const RSA_METHOD *meth); - --/* these are the actual RSA functions */ --const RSA_METHOD *RSA_PKCS1_OpenSSL(void); -+/* This function needs the memory locking malloc callbacks to be installed */ -+int RSA_memory_lock(RSA *r); -+ -+/* these are the actual SSLeay RSA functions */ -+const RSA_METHOD *RSA_PKCS1_SSLeay(void); - - const RSA_METHOD *RSA_null_method(void); - -@@ -251,11 +379,29 @@ typedef struct rsa_oaep_params_st { - - DECLARE_ASN1_FUNCTIONS(RSA_OAEP_PARAMS) - --# ifndef OPENSSL_NO_STDIO -+# ifndef OPENSSL_NO_FP_API - int RSA_print_fp(FILE *fp, const RSA *r, int offset); - # endif - -+# ifndef OPENSSL_NO_BIO - int RSA_print(BIO *bp, const RSA *r, int offset); -+# endif -+ -+# ifndef OPENSSL_NO_RC4 -+int i2d_RSA_NET(const RSA *a, unsigned char **pp, -+ int (*cb) (char *buf, int len, const char *prompt, -+ int verify), int sgckey); -+RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, -+ int (*cb) (char *buf, int len, const char *prompt, -+ int verify), int sgckey); -+ -+int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, -+ int (*cb) (char *buf, int len, const char *prompt, -+ int verify)); -+RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, -+ int (*cb) (char *buf, int len, const char *prompt, -+ int verify)); -+# endif - - /* - * The following 2 functions sign and verify a X509_SIG ASN1 object inside -@@ -339,8 +485,8 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, - const EVP_MD *Hash, const EVP_MD *mgf1Hash, - int sLen); - --#define RSA_get_ex_new_index(l, p, newf, dupf, freef) \ -- CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, l, p, newf, dupf, freef) -+int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, -+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); - int RSA_set_ex_data(RSA *r, int idx, void *arg); - void *RSA_get_ex_data(const RSA *r, int idx); - -@@ -369,154 +515,79 @@ RSA *RSAPrivateKey_dup(RSA *rsa); - */ - # define RSA_FLAG_CHECKED 0x0800 - --RSA_METHOD *RSA_meth_new(const char *name, int flags); --void RSA_meth_free(RSA_METHOD *meth); --RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth); --const char *RSA_meth_get0_name(const RSA_METHOD *meth); --int RSA_meth_set1_name(RSA_METHOD *meth, const char *name); --int RSA_meth_get_flags(RSA_METHOD *meth); --int RSA_meth_set_flags(RSA_METHOD *meth, int flags); --void *RSA_meth_get0_app_data(const RSA_METHOD *meth); --int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data); --int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth)) -- (int flen, const unsigned char *from, -- unsigned char *to, RSA *rsa, int padding); --int RSA_meth_set_pub_enc(RSA_METHOD *rsa, -- int (*pub_enc) (int flen, const unsigned char *from, -- unsigned char *to, RSA *rsa, -- int padding)); --int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth)) -- (int flen, const unsigned char *from, -- unsigned char *to, RSA *rsa, int padding); --int RSA_meth_set_pub_dec(RSA_METHOD *rsa, -- int (*pub_dec) (int flen, const unsigned char *from, -- unsigned char *to, RSA *rsa, -- int padding)); --int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth)) -- (int flen, const unsigned char *from, -- unsigned char *to, RSA *rsa, int padding); --int RSA_meth_set_priv_enc(RSA_METHOD *rsa, -- int (*priv_enc) (int flen, const unsigned char *from, -- unsigned char *to, RSA *rsa, -- int padding)); --int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth)) -- (int flen, const unsigned char *from, -- unsigned char *to, RSA *rsa, int padding); --int RSA_meth_set_priv_dec(RSA_METHOD *rsa, -- int (*priv_dec) (int flen, const unsigned char *from, -- unsigned char *to, RSA *rsa, -- int padding)); --int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth)) -- (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); --int RSA_meth_set_mod_exp(RSA_METHOD *rsa, -- int (*mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa, -- BN_CTX *ctx)); --int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth)) -- (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, -- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); --int RSA_meth_set_bn_mod_exp(RSA_METHOD *rsa, -- int (*bn_mod_exp) (BIGNUM *r, -- const BIGNUM *a, -- const BIGNUM *p, -- const BIGNUM *m, -- BN_CTX *ctx, -- BN_MONT_CTX *m_ctx)); --int (*RSA_meth_get_init(const RSA_METHOD *meth)) (RSA *rsa); --int RSA_meth_set_init(RSA_METHOD *rsa, int (*init) (RSA *rsa)); --int (*RSA_meth_get_finish(const RSA_METHOD *meth)) (RSA *rsa); --int RSA_meth_set_finish(RSA_METHOD *rsa, int (*finish) (RSA *rsa)); --int (*RSA_meth_get_sign(const RSA_METHOD *meth)) -- (int type, -- const unsigned char *m, unsigned int m_length, -- unsigned char *sigret, unsigned int *siglen, -- const RSA *rsa); --int RSA_meth_set_sign(RSA_METHOD *rsa, -- int (*sign) (int type, const unsigned char *m, -- unsigned int m_length, -- unsigned char *sigret, unsigned int *siglen, -- const RSA *rsa)); --int (*RSA_meth_get_verify(const RSA_METHOD *meth)) -- (int dtype, const unsigned char *m, -- unsigned int m_length, const unsigned char *sigbuf, -- unsigned int siglen, const RSA *rsa); --int RSA_meth_set_verify(RSA_METHOD *rsa, -- int (*verify) (int dtype, const unsigned char *m, -- unsigned int m_length, -- const unsigned char *sigbuf, -- unsigned int siglen, const RSA *rsa)); --int (*RSA_meth_get_keygen(const RSA_METHOD *meth)) -- (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); --int RSA_meth_set_keygen(RSA_METHOD *rsa, -- int (*keygen) (RSA *rsa, int bits, BIGNUM *e, -- BN_GENCB *cb)); -- - /* BEGIN ERROR CODES */ - /* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -- --int ERR_load_RSA_strings(void); -+void ERR_load_RSA_strings(void); - - /* Error codes for the RSA functions. */ - - /* Function codes. */ - # define RSA_F_CHECK_PADDING_MD 140 --# define RSA_F_ENCODE_PKCS1 146 -+# define RSA_F_DO_RSA_PRINT 146 - # define RSA_F_INT_RSA_VERIFY 145 -+# define RSA_F_MEMORY_LOCK 100 - # define RSA_F_OLD_RSA_PRIV_DECODE 147 - # define RSA_F_PKEY_RSA_CTRL 143 - # define RSA_F_PKEY_RSA_CTRL_STR 144 - # define RSA_F_PKEY_RSA_SIGN 142 --# define RSA_F_PKEY_RSA_VERIFY 149 -+# define RSA_F_PKEY_RSA_VERIFY 154 - # define RSA_F_PKEY_RSA_VERIFYRECOVER 141 --# define RSA_F_RSA_ALGOR_TO_MD 156 -+# define RSA_F_RSA_ALGOR_TO_MD 157 - # define RSA_F_RSA_BUILTIN_KEYGEN 129 - # define RSA_F_RSA_CHECK_KEY 123 --# define RSA_F_RSA_CHECK_KEY_EX 160 --# define RSA_F_RSA_CMS_DECRYPT 159 --# define RSA_F_RSA_ITEM_VERIFY 148 --# define RSA_F_RSA_METH_DUP 161 --# define RSA_F_RSA_METH_NEW 162 --# define RSA_F_RSA_METH_SET1_NAME 163 --# define RSA_F_RSA_MGF1_TO_MD 157 -+# define RSA_F_RSA_CMS_DECRYPT 158 -+# define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101 -+# define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 102 -+# define RSA_F_RSA_EAY_PUBLIC_DECRYPT 103 -+# define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 104 -+# define RSA_F_RSA_GENERATE_KEY 105 -+# define RSA_F_RSA_GENERATE_KEY_EX 155 -+# define RSA_F_RSA_ITEM_VERIFY 156 -+# define RSA_F_RSA_MEMORY_LOCK 130 -+# define RSA_F_RSA_MGF1_TO_MD 159 - # define RSA_F_RSA_NEW_METHOD 106 - # define RSA_F_RSA_NULL 124 -+# define RSA_F_RSA_NULL_MOD_EXP 131 - # define RSA_F_RSA_NULL_PRIVATE_DECRYPT 132 - # define RSA_F_RSA_NULL_PRIVATE_ENCRYPT 133 - # define RSA_F_RSA_NULL_PUBLIC_DECRYPT 134 - # define RSA_F_RSA_NULL_PUBLIC_ENCRYPT 135 --# define RSA_F_RSA_OSSL_PRIVATE_DECRYPT 101 --# define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT 102 --# define RSA_F_RSA_OSSL_PUBLIC_DECRYPT 103 --# define RSA_F_RSA_OSSL_PUBLIC_ENCRYPT 104 - # define RSA_F_RSA_PADDING_ADD_NONE 107 - # define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121 --# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1 154 -+# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1 160 - # define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 125 --# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1 152 -+# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1 148 - # define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108 - # define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109 - # define RSA_F_RSA_PADDING_ADD_SSLV23 110 - # define RSA_F_RSA_PADDING_ADD_X931 127 - # define RSA_F_RSA_PADDING_CHECK_NONE 111 - # define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 122 --# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1 153 -+# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1 161 - # define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112 - # define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113 - # define RSA_F_RSA_PADDING_CHECK_SSLV23 114 - # define RSA_F_RSA_PADDING_CHECK_X931 128 - # define RSA_F_RSA_PRINT 115 - # define RSA_F_RSA_PRINT_FP 116 -+# define RSA_F_RSA_PRIVATE_DECRYPT 150 -+# define RSA_F_RSA_PRIVATE_ENCRYPT 151 -+# define RSA_F_RSA_PRIV_DECODE 137 - # define RSA_F_RSA_PRIV_ENCODE 138 --# define RSA_F_RSA_PSS_TO_CTX 155 -+# define RSA_F_RSA_PSS_TO_CTX 162 -+# define RSA_F_RSA_PUBLIC_DECRYPT 152 -+# define RSA_F_RSA_PUBLIC_ENCRYPT 153 - # define RSA_F_RSA_PUB_DECODE 139 - # define RSA_F_RSA_SETUP_BLINDING 136 - # define RSA_F_RSA_SIGN 117 - # define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 - # define RSA_F_RSA_VERIFY 119 - # define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120 --# define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 126 -+# define RSA_F_RSA_VERIFY_PKCS1_PSS 126 -+# define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 149 - - /* Reason codes. */ - # define RSA_R_ALGORITHM_MISMATCH 100 -@@ -532,20 +603,21 @@ int ERR_load_RSA_strings(void); - # define RSA_R_DATA_TOO_LARGE_FOR_MODULUS 132 - # define RSA_R_DATA_TOO_SMALL 111 - # define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122 --# define RSA_R_DIGEST_DOES_NOT_MATCH 158 -+# define RSA_R_DIGEST_DOES_NOT_MATCH 166 - # define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112 - # define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124 - # define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125 - # define RSA_R_D_E_NOT_CONGRUENT_TO_1 123 - # define RSA_R_FIRST_OCTET_INVALID 133 - # define RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 144 --# define RSA_R_INVALID_DIGEST 157 -+# define RSA_R_INVALID_DIGEST 160 - # define RSA_R_INVALID_DIGEST_LENGTH 143 - # define RSA_R_INVALID_HEADER 137 --# define RSA_R_INVALID_LABEL 160 -+# define RSA_R_INVALID_KEYBITS 145 -+# define RSA_R_INVALID_LABEL 161 - # define RSA_R_INVALID_MESSAGE_LENGTH 131 - # define RSA_R_INVALID_MGF1_MD 156 --# define RSA_R_INVALID_OAEP_PARAMETERS 161 -+# define RSA_R_INVALID_OAEP_PARAMETERS 162 - # define RSA_R_INVALID_PADDING 138 - # define RSA_R_INVALID_PADDING_MODE 141 - # define RSA_R_INVALID_PSS_PARAMETERS 149 -@@ -557,10 +629,12 @@ int ERR_load_RSA_strings(void); - # define RSA_R_KEY_SIZE_TOO_SMALL 120 - # define RSA_R_LAST_OCTET_INVALID 134 - # define RSA_R_MODULUS_TOO_LARGE 105 -+# define RSA_R_NON_FIPS_RSA_METHOD 157 - # define RSA_R_NO_PUBLIC_EXPONENT 140 - # define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 - # define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 - # define RSA_R_OAEP_DECODING_ERROR 121 -+# define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 158 - # define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 - # define RSA_R_PADDING_CHECK_FAILED 114 - # define RSA_R_PKCS_DECODING_ERROR 159 -@@ -572,19 +646,19 @@ int ERR_load_RSA_strings(void); - # define RSA_R_SSLV3_ROLLBACK_ATTACK 115 - # define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 - # define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 --# define RSA_R_UNKNOWN_DIGEST 166 -+# define RSA_R_UNKNOWN_DIGEST 163 - # define RSA_R_UNKNOWN_MASK_DIGEST 151 - # define RSA_R_UNKNOWN_PADDING_TYPE 118 --# define RSA_R_UNSUPPORTED_ENCRYPTION_TYPE 162 --# define RSA_R_UNSUPPORTED_LABEL_SOURCE 163 -+# define RSA_R_UNKNOWN_PSS_DIGEST 152 -+# define RSA_R_UNSUPPORTED_ENCRYPTION_TYPE 164 -+# define RSA_R_UNSUPPORTED_LABEL_SOURCE 165 - # define RSA_R_UNSUPPORTED_MASK_ALGORITHM 153 - # define RSA_R_UNSUPPORTED_MASK_PARAMETER 154 - # define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155 - # define RSA_R_VALUE_MISSING 147 - # define RSA_R_WRONG_SIGNATURE_LENGTH 119 - --# ifdef __cplusplus -+#ifdef __cplusplus - } --# endif --# endif -+#endif - #endif -diff --git a/Cryptlib/Include/openssl/safestack.h b/Cryptlib/Include/openssl/safestack.h -index 9fe733c..1d4f87e 100644 ---- a/Cryptlib/Include/openssl/safestack.h -+++ b/Cryptlib/Include/openssl/safestack.h -@@ -1,128 +1,106 @@ --/* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* ==================================================================== -+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #ifndef HEADER_SAFESTACK_H - # define HEADER_SAFESTACK_H - - # include --# include - - #ifdef __cplusplus - extern "C" { - #endif - -+# ifndef CHECKED_PTR_OF -+# define CHECKED_PTR_OF(type, p) \ -+ ((void*) (1 ? p : (type*)0)) -+# endif -+ -+/* -+ * In C++ we get problems because an explicit cast is needed from (void *) we -+ * use CHECKED_STACK_OF to ensure the correct type is passed in the macros -+ * below. -+ */ -+ -+# define CHECKED_STACK_OF(type, p) \ -+ ((_STACK*) (1 ? p : (STACK_OF(type)*)0)) -+ -+# define CHECKED_SK_COPY_FUNC(type, p) \ -+ ((void *(*)(void *)) ((1 ? p : (type *(*)(const type *))0))) -+ -+# define CHECKED_SK_FREE_FUNC(type, p) \ -+ ((void (*)(void *)) ((1 ? p : (void (*)(type *))0))) -+ -+# define CHECKED_SK_CMP_FUNC(type, p) \ -+ ((int (*)(const void *, const void *)) \ -+ ((1 ? p : (int (*)(const type * const *, const type * const *))0))) -+ - # define STACK_OF(type) struct stack_st_##type -+# define PREDECLARE_STACK_OF(type) STACK_OF(type); - --# define SKM_DEFINE_STACK_OF(t1, t2, t3) \ -- STACK_OF(t1); \ -- typedef int (*sk_##t1##_compfunc)(const t3 * const *a, const t3 *const *b); \ -- typedef void (*sk_##t1##_freefunc)(t3 *a); \ -- typedef t3 * (*sk_##t1##_copyfunc)(const t3 *a); \ -- static ossl_inline int sk_##t1##_num(const STACK_OF(t1) *sk) \ -- { \ -- return OPENSSL_sk_num((const OPENSSL_STACK *)sk); \ -- } \ -- static ossl_inline t2 *sk_##t1##_value(const STACK_OF(t1) *sk, int idx) \ -- { \ -- return (t2 *)OPENSSL_sk_value((const OPENSSL_STACK *)sk, idx); \ -- } \ -- static ossl_inline STACK_OF(t1) *sk_##t1##_new(sk_##t1##_compfunc compare) \ -- { \ -- return (STACK_OF(t1) *)OPENSSL_sk_new((OPENSSL_sk_compfunc)compare); \ -- } \ -- static ossl_inline STACK_OF(t1) *sk_##t1##_new_null(void) \ -- { \ -- return (STACK_OF(t1) *)OPENSSL_sk_new_null(); \ -- } \ -- static ossl_inline void sk_##t1##_free(STACK_OF(t1) *sk) \ -- { \ -- OPENSSL_sk_free((OPENSSL_STACK *)sk); \ -- } \ -- static ossl_inline void sk_##t1##_zero(STACK_OF(t1) *sk) \ -+# define DECLARE_STACK_OF(type) \ -+STACK_OF(type) \ - { \ -- OPENSSL_sk_zero((OPENSSL_STACK *)sk); \ -- } \ -- static ossl_inline t2 *sk_##t1##_delete(STACK_OF(t1) *sk, int i) \ -+ _STACK stack; \ -+ }; -+# define DECLARE_SPECIAL_STACK_OF(type, type2) \ -+STACK_OF(type) \ - { \ -- return (t2 *)OPENSSL_sk_delete((OPENSSL_STACK *)sk, i); \ -- } \ -- static ossl_inline t2 *sk_##t1##_delete_ptr(STACK_OF(t1) *sk, t2 *ptr) \ -- { \ -- return (t2 *)OPENSSL_sk_delete_ptr((OPENSSL_STACK *)sk, \ -- (const void *)ptr); \ -- } \ -- static ossl_inline int sk_##t1##_push(STACK_OF(t1) *sk, t2 *ptr) \ -- { \ -- return OPENSSL_sk_push((OPENSSL_STACK *)sk, (const void *)ptr); \ -- } \ -- static ossl_inline int sk_##t1##_unshift(STACK_OF(t1) *sk, t2 *ptr) \ -- { \ -- return OPENSSL_sk_unshift((OPENSSL_STACK *)sk, (const void *)ptr); \ -- } \ -- static ossl_inline t2 *sk_##t1##_pop(STACK_OF(t1) *sk) \ -- { \ -- return (t2 *)OPENSSL_sk_pop((OPENSSL_STACK *)sk); \ -- } \ -- static ossl_inline t2 *sk_##t1##_shift(STACK_OF(t1) *sk) \ -- { \ -- return (t2 *)OPENSSL_sk_shift((OPENSSL_STACK *)sk); \ -- } \ -- static ossl_inline void sk_##t1##_pop_free(STACK_OF(t1) *sk, sk_##t1##_freefunc freefunc) \ -- { \ -- OPENSSL_sk_pop_free((OPENSSL_STACK *)sk, (OPENSSL_sk_freefunc)freefunc); \ -- } \ -- static ossl_inline int sk_##t1##_insert(STACK_OF(t1) *sk, t2 *ptr, int idx) \ -- { \ -- return OPENSSL_sk_insert((OPENSSL_STACK *)sk, (const void *)ptr, idx); \ -- } \ -- static ossl_inline t2 *sk_##t1##_set(STACK_OF(t1) *sk, int idx, t2 *ptr) \ -- { \ -- return (t2 *)OPENSSL_sk_set((OPENSSL_STACK *)sk, idx, (const void *)ptr); \ -- } \ -- static ossl_inline int sk_##t1##_find(STACK_OF(t1) *sk, t2 *ptr) \ -- { \ -- return OPENSSL_sk_find((OPENSSL_STACK *)sk, (const void *)ptr); \ -- } \ -- static ossl_inline int sk_##t1##_find_ex(STACK_OF(t1) *sk, t2 *ptr) \ -- { \ -- return OPENSSL_sk_find_ex((OPENSSL_STACK *)sk, (const void *)ptr); \ -- } \ -- static ossl_inline void sk_##t1##_sort(STACK_OF(t1) *sk) \ -- { \ -- OPENSSL_sk_sort((OPENSSL_STACK *)sk); \ -- } \ -- static ossl_inline int sk_##t1##_is_sorted(const STACK_OF(t1) *sk) \ -- { \ -- return OPENSSL_sk_is_sorted((const OPENSSL_STACK *)sk); \ -- } \ -- static ossl_inline STACK_OF(t1) * sk_##t1##_dup(const STACK_OF(t1) *sk) \ -- { \ -- return (STACK_OF(t1) *)OPENSSL_sk_dup((const OPENSSL_STACK *)sk); \ -- } \ -- static ossl_inline STACK_OF(t1) *sk_##t1##_deep_copy(const STACK_OF(t1) *sk, \ -- sk_##t1##_copyfunc copyfunc, \ -- sk_##t1##_freefunc freefunc) \ -- { \ -- return (STACK_OF(t1) *)OPENSSL_sk_deep_copy((const OPENSSL_STACK *)sk, \ -- (OPENSSL_sk_copyfunc)copyfunc, \ -- (OPENSSL_sk_freefunc)freefunc); \ -- } \ -- static ossl_inline sk_##t1##_compfunc sk_##t1##_set_cmp_func(STACK_OF(t1) *sk, sk_##t1##_compfunc compare) \ -- { \ -- return (sk_##t1##_compfunc)OPENSSL_sk_set_cmp_func((OPENSSL_STACK *)sk, (OPENSSL_sk_compfunc)compare); \ -- } -+ _STACK stack; \ -+ }; - --# define DEFINE_SPECIAL_STACK_OF(t1, t2) SKM_DEFINE_STACK_OF(t1, t2, t2) --# define DEFINE_STACK_OF(t) SKM_DEFINE_STACK_OF(t, t, t) --# define DEFINE_SPECIAL_STACK_OF_CONST(t1, t2) \ -- SKM_DEFINE_STACK_OF(t1, const t2, t2) --# define DEFINE_STACK_OF_CONST(t) SKM_DEFINE_STACK_OF(t, const t, t) -+/* nada (obsolete in new safestack approach)*/ -+# define IMPLEMENT_STACK_OF(type) - - /*- - * Strings are special: normally an lhash entry will point to a single -@@ -139,26 +117,2556 @@ extern "C" { - * string at all. - */ - typedef char *OPENSSL_STRING; -+ - typedef const char *OPENSSL_CSTRING; - --/*- -+/* - * Confusingly, LHASH_OF(STRING) deals with char ** throughout, but - * STACK_OF(STRING) is really more like STACK_OF(char), only, as mentioned - * above, instead of a single char each entry is a NUL-terminated array of - * chars. So, we have to implement STRING specially for STACK_OF. This is - * dealt with in the autogenerated macros below. - */ --DEFINE_SPECIAL_STACK_OF(OPENSSL_STRING, char) --DEFINE_SPECIAL_STACK_OF_CONST(OPENSSL_CSTRING, char) -+ -+DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) - - /* - * Similarly, we sometimes use a block of characters, NOT nul-terminated. - * These should also be distinguished from "normal" stacks. - */ - typedef void *OPENSSL_BLOCK; --DEFINE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) -+DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) - --# ifdef __cplusplus -+/* -+ * SKM_sk_... stack macros are internal to safestack.h: never use them -+ * directly, use sk__... instead -+ */ -+# define SKM_sk_new(type, cmp) \ -+ ((STACK_OF(type) *)sk_new(CHECKED_SK_CMP_FUNC(type, cmp))) -+# define SKM_sk_new_null(type) \ -+ ((STACK_OF(type) *)sk_new_null()) -+# define SKM_sk_free(type, st) \ -+ sk_free(CHECKED_STACK_OF(type, st)) -+# define SKM_sk_num(type, st) \ -+ sk_num(CHECKED_STACK_OF(type, st)) -+# define SKM_sk_value(type, st,i) \ -+ ((type *)sk_value(CHECKED_STACK_OF(type, st), i)) -+# define SKM_sk_set(type, st,i,val) \ -+ sk_set(CHECKED_STACK_OF(type, st), i, CHECKED_PTR_OF(type, val)) -+# define SKM_sk_zero(type, st) \ -+ sk_zero(CHECKED_STACK_OF(type, st)) -+# define SKM_sk_push(type, st, val) \ -+ sk_push(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val)) -+# define SKM_sk_unshift(type, st, val) \ -+ sk_unshift(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val)) -+# define SKM_sk_find(type, st, val) \ -+ sk_find(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val)) -+# define SKM_sk_find_ex(type, st, val) \ -+ sk_find_ex(CHECKED_STACK_OF(type, st), \ -+ CHECKED_PTR_OF(type, val)) -+# define SKM_sk_delete(type, st, i) \ -+ (type *)sk_delete(CHECKED_STACK_OF(type, st), i) -+# define SKM_sk_delete_ptr(type, st, ptr) \ -+ (type *)sk_delete_ptr(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, ptr)) -+# define SKM_sk_insert(type, st,val, i) \ -+ sk_insert(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val), i) -+# define SKM_sk_set_cmp_func(type, st, cmp) \ -+ ((int (*)(const type * const *,const type * const *)) \ -+ sk_set_cmp_func(CHECKED_STACK_OF(type, st), CHECKED_SK_CMP_FUNC(type, cmp))) -+# define SKM_sk_dup(type, st) \ -+ (STACK_OF(type) *)sk_dup(CHECKED_STACK_OF(type, st)) -+# define SKM_sk_pop_free(type, st, free_func) \ -+ sk_pop_free(CHECKED_STACK_OF(type, st), CHECKED_SK_FREE_FUNC(type, free_func)) -+# define SKM_sk_deep_copy(type, st, copy_func, free_func) \ -+ (STACK_OF(type) *)sk_deep_copy(CHECKED_STACK_OF(type, st), CHECKED_SK_COPY_FUNC(type, copy_func), CHECKED_SK_FREE_FUNC(type, free_func)) -+# define SKM_sk_shift(type, st) \ -+ (type *)sk_shift(CHECKED_STACK_OF(type, st)) -+# define SKM_sk_pop(type, st) \ -+ (type *)sk_pop(CHECKED_STACK_OF(type, st)) -+# define SKM_sk_sort(type, st) \ -+ sk_sort(CHECKED_STACK_OF(type, st)) -+# define SKM_sk_is_sorted(type, st) \ -+ sk_is_sorted(CHECKED_STACK_OF(type, st)) -+# define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ (STACK_OF(type) *)d2i_ASN1_SET( \ -+ (STACK_OF(OPENSSL_BLOCK) **)CHECKED_PTR_OF(STACK_OF(type)*, st), \ -+ pp, length, \ -+ CHECKED_D2I_OF(type, d2i_func), \ -+ CHECKED_SK_FREE_FUNC(type, free_func), \ -+ ex_tag, ex_class) -+# define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ i2d_ASN1_SET((STACK_OF(OPENSSL_BLOCK) *)CHECKED_STACK_OF(type, st), pp, \ -+ CHECKED_I2D_OF(type, i2d_func), \ -+ ex_tag, ex_class, is_set) -+# define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \ -+ ASN1_seq_pack(CHECKED_PTR_OF(STACK_OF(type), st), \ -+ CHECKED_I2D_OF(type, i2d_func), buf, len) -+# define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \ -+ (STACK_OF(type) *)ASN1_seq_unpack(buf, len, CHECKED_D2I_OF(type, d2i_func), CHECKED_SK_FREE_FUNC(type, free_func)) -+# define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \ -+ (STACK_OF(type) *)PKCS12_decrypt_d2i(algor, \ -+ CHECKED_D2I_OF(type, d2i_func), \ -+ CHECKED_SK_FREE_FUNC(type, free_func), \ -+ pass, passlen, oct, seq) -+/* -+ * This block of defines is updated by util/mkstack.pl, please do not touch! -+ */ -+# define sk_ACCESS_DESCRIPTION_new(cmp) SKM_sk_new(ACCESS_DESCRIPTION, (cmp)) -+# define sk_ACCESS_DESCRIPTION_new_null() SKM_sk_new_null(ACCESS_DESCRIPTION) -+# define sk_ACCESS_DESCRIPTION_free(st) SKM_sk_free(ACCESS_DESCRIPTION, (st)) -+# define sk_ACCESS_DESCRIPTION_num(st) SKM_sk_num(ACCESS_DESCRIPTION, (st)) -+# define sk_ACCESS_DESCRIPTION_value(st, i) SKM_sk_value(ACCESS_DESCRIPTION, (st), (i)) -+# define sk_ACCESS_DESCRIPTION_set(st, i, val) SKM_sk_set(ACCESS_DESCRIPTION, (st), (i), (val)) -+# define sk_ACCESS_DESCRIPTION_zero(st) SKM_sk_zero(ACCESS_DESCRIPTION, (st)) -+# define sk_ACCESS_DESCRIPTION_push(st, val) SKM_sk_push(ACCESS_DESCRIPTION, (st), (val)) -+# define sk_ACCESS_DESCRIPTION_unshift(st, val) SKM_sk_unshift(ACCESS_DESCRIPTION, (st), (val)) -+# define sk_ACCESS_DESCRIPTION_find(st, val) SKM_sk_find(ACCESS_DESCRIPTION, (st), (val)) -+# define sk_ACCESS_DESCRIPTION_find_ex(st, val) SKM_sk_find_ex(ACCESS_DESCRIPTION, (st), (val)) -+# define sk_ACCESS_DESCRIPTION_delete(st, i) SKM_sk_delete(ACCESS_DESCRIPTION, (st), (i)) -+# define sk_ACCESS_DESCRIPTION_delete_ptr(st, ptr) SKM_sk_delete_ptr(ACCESS_DESCRIPTION, (st), (ptr)) -+# define sk_ACCESS_DESCRIPTION_insert(st, val, i) SKM_sk_insert(ACCESS_DESCRIPTION, (st), (val), (i)) -+# define sk_ACCESS_DESCRIPTION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ACCESS_DESCRIPTION, (st), (cmp)) -+# define sk_ACCESS_DESCRIPTION_dup(st) SKM_sk_dup(ACCESS_DESCRIPTION, st) -+# define sk_ACCESS_DESCRIPTION_pop_free(st, free_func) SKM_sk_pop_free(ACCESS_DESCRIPTION, (st), (free_func)) -+# define sk_ACCESS_DESCRIPTION_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ACCESS_DESCRIPTION, (st), (copy_func), (free_func)) -+# define sk_ACCESS_DESCRIPTION_shift(st) SKM_sk_shift(ACCESS_DESCRIPTION, (st)) -+# define sk_ACCESS_DESCRIPTION_pop(st) SKM_sk_pop(ACCESS_DESCRIPTION, (st)) -+# define sk_ACCESS_DESCRIPTION_sort(st) SKM_sk_sort(ACCESS_DESCRIPTION, (st)) -+# define sk_ACCESS_DESCRIPTION_is_sorted(st) SKM_sk_is_sorted(ACCESS_DESCRIPTION, (st)) -+# define sk_ASIdOrRange_new(cmp) SKM_sk_new(ASIdOrRange, (cmp)) -+# define sk_ASIdOrRange_new_null() SKM_sk_new_null(ASIdOrRange) -+# define sk_ASIdOrRange_free(st) SKM_sk_free(ASIdOrRange, (st)) -+# define sk_ASIdOrRange_num(st) SKM_sk_num(ASIdOrRange, (st)) -+# define sk_ASIdOrRange_value(st, i) SKM_sk_value(ASIdOrRange, (st), (i)) -+# define sk_ASIdOrRange_set(st, i, val) SKM_sk_set(ASIdOrRange, (st), (i), (val)) -+# define sk_ASIdOrRange_zero(st) SKM_sk_zero(ASIdOrRange, (st)) -+# define sk_ASIdOrRange_push(st, val) SKM_sk_push(ASIdOrRange, (st), (val)) -+# define sk_ASIdOrRange_unshift(st, val) SKM_sk_unshift(ASIdOrRange, (st), (val)) -+# define sk_ASIdOrRange_find(st, val) SKM_sk_find(ASIdOrRange, (st), (val)) -+# define sk_ASIdOrRange_find_ex(st, val) SKM_sk_find_ex(ASIdOrRange, (st), (val)) -+# define sk_ASIdOrRange_delete(st, i) SKM_sk_delete(ASIdOrRange, (st), (i)) -+# define sk_ASIdOrRange_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASIdOrRange, (st), (ptr)) -+# define sk_ASIdOrRange_insert(st, val, i) SKM_sk_insert(ASIdOrRange, (st), (val), (i)) -+# define sk_ASIdOrRange_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASIdOrRange, (st), (cmp)) -+# define sk_ASIdOrRange_dup(st) SKM_sk_dup(ASIdOrRange, st) -+# define sk_ASIdOrRange_pop_free(st, free_func) SKM_sk_pop_free(ASIdOrRange, (st), (free_func)) -+# define sk_ASIdOrRange_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASIdOrRange, (st), (copy_func), (free_func)) -+# define sk_ASIdOrRange_shift(st) SKM_sk_shift(ASIdOrRange, (st)) -+# define sk_ASIdOrRange_pop(st) SKM_sk_pop(ASIdOrRange, (st)) -+# define sk_ASIdOrRange_sort(st) SKM_sk_sort(ASIdOrRange, (st)) -+# define sk_ASIdOrRange_is_sorted(st) SKM_sk_is_sorted(ASIdOrRange, (st)) -+# define sk_ASN1_GENERALSTRING_new(cmp) SKM_sk_new(ASN1_GENERALSTRING, (cmp)) -+# define sk_ASN1_GENERALSTRING_new_null() SKM_sk_new_null(ASN1_GENERALSTRING) -+# define sk_ASN1_GENERALSTRING_free(st) SKM_sk_free(ASN1_GENERALSTRING, (st)) -+# define sk_ASN1_GENERALSTRING_num(st) SKM_sk_num(ASN1_GENERALSTRING, (st)) -+# define sk_ASN1_GENERALSTRING_value(st, i) SKM_sk_value(ASN1_GENERALSTRING, (st), (i)) -+# define sk_ASN1_GENERALSTRING_set(st, i, val) SKM_sk_set(ASN1_GENERALSTRING, (st), (i), (val)) -+# define sk_ASN1_GENERALSTRING_zero(st) SKM_sk_zero(ASN1_GENERALSTRING, (st)) -+# define sk_ASN1_GENERALSTRING_push(st, val) SKM_sk_push(ASN1_GENERALSTRING, (st), (val)) -+# define sk_ASN1_GENERALSTRING_unshift(st, val) SKM_sk_unshift(ASN1_GENERALSTRING, (st), (val)) -+# define sk_ASN1_GENERALSTRING_find(st, val) SKM_sk_find(ASN1_GENERALSTRING, (st), (val)) -+# define sk_ASN1_GENERALSTRING_find_ex(st, val) SKM_sk_find_ex(ASN1_GENERALSTRING, (st), (val)) -+# define sk_ASN1_GENERALSTRING_delete(st, i) SKM_sk_delete(ASN1_GENERALSTRING, (st), (i)) -+# define sk_ASN1_GENERALSTRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_GENERALSTRING, (st), (ptr)) -+# define sk_ASN1_GENERALSTRING_insert(st, val, i) SKM_sk_insert(ASN1_GENERALSTRING, (st), (val), (i)) -+# define sk_ASN1_GENERALSTRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_GENERALSTRING, (st), (cmp)) -+# define sk_ASN1_GENERALSTRING_dup(st) SKM_sk_dup(ASN1_GENERALSTRING, st) -+# define sk_ASN1_GENERALSTRING_pop_free(st, free_func) SKM_sk_pop_free(ASN1_GENERALSTRING, (st), (free_func)) -+# define sk_ASN1_GENERALSTRING_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_GENERALSTRING, (st), (copy_func), (free_func)) -+# define sk_ASN1_GENERALSTRING_shift(st) SKM_sk_shift(ASN1_GENERALSTRING, (st)) -+# define sk_ASN1_GENERALSTRING_pop(st) SKM_sk_pop(ASN1_GENERALSTRING, (st)) -+# define sk_ASN1_GENERALSTRING_sort(st) SKM_sk_sort(ASN1_GENERALSTRING, (st)) -+# define sk_ASN1_GENERALSTRING_is_sorted(st) SKM_sk_is_sorted(ASN1_GENERALSTRING, (st)) -+# define sk_ASN1_INTEGER_new(cmp) SKM_sk_new(ASN1_INTEGER, (cmp)) -+# define sk_ASN1_INTEGER_new_null() SKM_sk_new_null(ASN1_INTEGER) -+# define sk_ASN1_INTEGER_free(st) SKM_sk_free(ASN1_INTEGER, (st)) -+# define sk_ASN1_INTEGER_num(st) SKM_sk_num(ASN1_INTEGER, (st)) -+# define sk_ASN1_INTEGER_value(st, i) SKM_sk_value(ASN1_INTEGER, (st), (i)) -+# define sk_ASN1_INTEGER_set(st, i, val) SKM_sk_set(ASN1_INTEGER, (st), (i), (val)) -+# define sk_ASN1_INTEGER_zero(st) SKM_sk_zero(ASN1_INTEGER, (st)) -+# define sk_ASN1_INTEGER_push(st, val) SKM_sk_push(ASN1_INTEGER, (st), (val)) -+# define sk_ASN1_INTEGER_unshift(st, val) SKM_sk_unshift(ASN1_INTEGER, (st), (val)) -+# define sk_ASN1_INTEGER_find(st, val) SKM_sk_find(ASN1_INTEGER, (st), (val)) -+# define sk_ASN1_INTEGER_find_ex(st, val) SKM_sk_find_ex(ASN1_INTEGER, (st), (val)) -+# define sk_ASN1_INTEGER_delete(st, i) SKM_sk_delete(ASN1_INTEGER, (st), (i)) -+# define sk_ASN1_INTEGER_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_INTEGER, (st), (ptr)) -+# define sk_ASN1_INTEGER_insert(st, val, i) SKM_sk_insert(ASN1_INTEGER, (st), (val), (i)) -+# define sk_ASN1_INTEGER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_INTEGER, (st), (cmp)) -+# define sk_ASN1_INTEGER_dup(st) SKM_sk_dup(ASN1_INTEGER, st) -+# define sk_ASN1_INTEGER_pop_free(st, free_func) SKM_sk_pop_free(ASN1_INTEGER, (st), (free_func)) -+# define sk_ASN1_INTEGER_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_INTEGER, (st), (copy_func), (free_func)) -+# define sk_ASN1_INTEGER_shift(st) SKM_sk_shift(ASN1_INTEGER, (st)) -+# define sk_ASN1_INTEGER_pop(st) SKM_sk_pop(ASN1_INTEGER, (st)) -+# define sk_ASN1_INTEGER_sort(st) SKM_sk_sort(ASN1_INTEGER, (st)) -+# define sk_ASN1_INTEGER_is_sorted(st) SKM_sk_is_sorted(ASN1_INTEGER, (st)) -+# define sk_ASN1_OBJECT_new(cmp) SKM_sk_new(ASN1_OBJECT, (cmp)) -+# define sk_ASN1_OBJECT_new_null() SKM_sk_new_null(ASN1_OBJECT) -+# define sk_ASN1_OBJECT_free(st) SKM_sk_free(ASN1_OBJECT, (st)) -+# define sk_ASN1_OBJECT_num(st) SKM_sk_num(ASN1_OBJECT, (st)) -+# define sk_ASN1_OBJECT_value(st, i) SKM_sk_value(ASN1_OBJECT, (st), (i)) -+# define sk_ASN1_OBJECT_set(st, i, val) SKM_sk_set(ASN1_OBJECT, (st), (i), (val)) -+# define sk_ASN1_OBJECT_zero(st) SKM_sk_zero(ASN1_OBJECT, (st)) -+# define sk_ASN1_OBJECT_push(st, val) SKM_sk_push(ASN1_OBJECT, (st), (val)) -+# define sk_ASN1_OBJECT_unshift(st, val) SKM_sk_unshift(ASN1_OBJECT, (st), (val)) -+# define sk_ASN1_OBJECT_find(st, val) SKM_sk_find(ASN1_OBJECT, (st), (val)) -+# define sk_ASN1_OBJECT_find_ex(st, val) SKM_sk_find_ex(ASN1_OBJECT, (st), (val)) -+# define sk_ASN1_OBJECT_delete(st, i) SKM_sk_delete(ASN1_OBJECT, (st), (i)) -+# define sk_ASN1_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_OBJECT, (st), (ptr)) -+# define sk_ASN1_OBJECT_insert(st, val, i) SKM_sk_insert(ASN1_OBJECT, (st), (val), (i)) -+# define sk_ASN1_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_OBJECT, (st), (cmp)) -+# define sk_ASN1_OBJECT_dup(st) SKM_sk_dup(ASN1_OBJECT, st) -+# define sk_ASN1_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(ASN1_OBJECT, (st), (free_func)) -+# define sk_ASN1_OBJECT_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_OBJECT, (st), (copy_func), (free_func)) -+# define sk_ASN1_OBJECT_shift(st) SKM_sk_shift(ASN1_OBJECT, (st)) -+# define sk_ASN1_OBJECT_pop(st) SKM_sk_pop(ASN1_OBJECT, (st)) -+# define sk_ASN1_OBJECT_sort(st) SKM_sk_sort(ASN1_OBJECT, (st)) -+# define sk_ASN1_OBJECT_is_sorted(st) SKM_sk_is_sorted(ASN1_OBJECT, (st)) -+# define sk_ASN1_STRING_TABLE_new(cmp) SKM_sk_new(ASN1_STRING_TABLE, (cmp)) -+# define sk_ASN1_STRING_TABLE_new_null() SKM_sk_new_null(ASN1_STRING_TABLE) -+# define sk_ASN1_STRING_TABLE_free(st) SKM_sk_free(ASN1_STRING_TABLE, (st)) -+# define sk_ASN1_STRING_TABLE_num(st) SKM_sk_num(ASN1_STRING_TABLE, (st)) -+# define sk_ASN1_STRING_TABLE_value(st, i) SKM_sk_value(ASN1_STRING_TABLE, (st), (i)) -+# define sk_ASN1_STRING_TABLE_set(st, i, val) SKM_sk_set(ASN1_STRING_TABLE, (st), (i), (val)) -+# define sk_ASN1_STRING_TABLE_zero(st) SKM_sk_zero(ASN1_STRING_TABLE, (st)) -+# define sk_ASN1_STRING_TABLE_push(st, val) SKM_sk_push(ASN1_STRING_TABLE, (st), (val)) -+# define sk_ASN1_STRING_TABLE_unshift(st, val) SKM_sk_unshift(ASN1_STRING_TABLE, (st), (val)) -+# define sk_ASN1_STRING_TABLE_find(st, val) SKM_sk_find(ASN1_STRING_TABLE, (st), (val)) -+# define sk_ASN1_STRING_TABLE_find_ex(st, val) SKM_sk_find_ex(ASN1_STRING_TABLE, (st), (val)) -+# define sk_ASN1_STRING_TABLE_delete(st, i) SKM_sk_delete(ASN1_STRING_TABLE, (st), (i)) -+# define sk_ASN1_STRING_TABLE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_STRING_TABLE, (st), (ptr)) -+# define sk_ASN1_STRING_TABLE_insert(st, val, i) SKM_sk_insert(ASN1_STRING_TABLE, (st), (val), (i)) -+# define sk_ASN1_STRING_TABLE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_STRING_TABLE, (st), (cmp)) -+# define sk_ASN1_STRING_TABLE_dup(st) SKM_sk_dup(ASN1_STRING_TABLE, st) -+# define sk_ASN1_STRING_TABLE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_STRING_TABLE, (st), (free_func)) -+# define sk_ASN1_STRING_TABLE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_STRING_TABLE, (st), (copy_func), (free_func)) -+# define sk_ASN1_STRING_TABLE_shift(st) SKM_sk_shift(ASN1_STRING_TABLE, (st)) -+# define sk_ASN1_STRING_TABLE_pop(st) SKM_sk_pop(ASN1_STRING_TABLE, (st)) -+# define sk_ASN1_STRING_TABLE_sort(st) SKM_sk_sort(ASN1_STRING_TABLE, (st)) -+# define sk_ASN1_STRING_TABLE_is_sorted(st) SKM_sk_is_sorted(ASN1_STRING_TABLE, (st)) -+# define sk_ASN1_TYPE_new(cmp) SKM_sk_new(ASN1_TYPE, (cmp)) -+# define sk_ASN1_TYPE_new_null() SKM_sk_new_null(ASN1_TYPE) -+# define sk_ASN1_TYPE_free(st) SKM_sk_free(ASN1_TYPE, (st)) -+# define sk_ASN1_TYPE_num(st) SKM_sk_num(ASN1_TYPE, (st)) -+# define sk_ASN1_TYPE_value(st, i) SKM_sk_value(ASN1_TYPE, (st), (i)) -+# define sk_ASN1_TYPE_set(st, i, val) SKM_sk_set(ASN1_TYPE, (st), (i), (val)) -+# define sk_ASN1_TYPE_zero(st) SKM_sk_zero(ASN1_TYPE, (st)) -+# define sk_ASN1_TYPE_push(st, val) SKM_sk_push(ASN1_TYPE, (st), (val)) -+# define sk_ASN1_TYPE_unshift(st, val) SKM_sk_unshift(ASN1_TYPE, (st), (val)) -+# define sk_ASN1_TYPE_find(st, val) SKM_sk_find(ASN1_TYPE, (st), (val)) -+# define sk_ASN1_TYPE_find_ex(st, val) SKM_sk_find_ex(ASN1_TYPE, (st), (val)) -+# define sk_ASN1_TYPE_delete(st, i) SKM_sk_delete(ASN1_TYPE, (st), (i)) -+# define sk_ASN1_TYPE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_TYPE, (st), (ptr)) -+# define sk_ASN1_TYPE_insert(st, val, i) SKM_sk_insert(ASN1_TYPE, (st), (val), (i)) -+# define sk_ASN1_TYPE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_TYPE, (st), (cmp)) -+# define sk_ASN1_TYPE_dup(st) SKM_sk_dup(ASN1_TYPE, st) -+# define sk_ASN1_TYPE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_TYPE, (st), (free_func)) -+# define sk_ASN1_TYPE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_TYPE, (st), (copy_func), (free_func)) -+# define sk_ASN1_TYPE_shift(st) SKM_sk_shift(ASN1_TYPE, (st)) -+# define sk_ASN1_TYPE_pop(st) SKM_sk_pop(ASN1_TYPE, (st)) -+# define sk_ASN1_TYPE_sort(st) SKM_sk_sort(ASN1_TYPE, (st)) -+# define sk_ASN1_TYPE_is_sorted(st) SKM_sk_is_sorted(ASN1_TYPE, (st)) -+# define sk_ASN1_UTF8STRING_new(cmp) SKM_sk_new(ASN1_UTF8STRING, (cmp)) -+# define sk_ASN1_UTF8STRING_new_null() SKM_sk_new_null(ASN1_UTF8STRING) -+# define sk_ASN1_UTF8STRING_free(st) SKM_sk_free(ASN1_UTF8STRING, (st)) -+# define sk_ASN1_UTF8STRING_num(st) SKM_sk_num(ASN1_UTF8STRING, (st)) -+# define sk_ASN1_UTF8STRING_value(st, i) SKM_sk_value(ASN1_UTF8STRING, (st), (i)) -+# define sk_ASN1_UTF8STRING_set(st, i, val) SKM_sk_set(ASN1_UTF8STRING, (st), (i), (val)) -+# define sk_ASN1_UTF8STRING_zero(st) SKM_sk_zero(ASN1_UTF8STRING, (st)) -+# define sk_ASN1_UTF8STRING_push(st, val) SKM_sk_push(ASN1_UTF8STRING, (st), (val)) -+# define sk_ASN1_UTF8STRING_unshift(st, val) SKM_sk_unshift(ASN1_UTF8STRING, (st), (val)) -+# define sk_ASN1_UTF8STRING_find(st, val) SKM_sk_find(ASN1_UTF8STRING, (st), (val)) -+# define sk_ASN1_UTF8STRING_find_ex(st, val) SKM_sk_find_ex(ASN1_UTF8STRING, (st), (val)) -+# define sk_ASN1_UTF8STRING_delete(st, i) SKM_sk_delete(ASN1_UTF8STRING, (st), (i)) -+# define sk_ASN1_UTF8STRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_UTF8STRING, (st), (ptr)) -+# define sk_ASN1_UTF8STRING_insert(st, val, i) SKM_sk_insert(ASN1_UTF8STRING, (st), (val), (i)) -+# define sk_ASN1_UTF8STRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_UTF8STRING, (st), (cmp)) -+# define sk_ASN1_UTF8STRING_dup(st) SKM_sk_dup(ASN1_UTF8STRING, st) -+# define sk_ASN1_UTF8STRING_pop_free(st, free_func) SKM_sk_pop_free(ASN1_UTF8STRING, (st), (free_func)) -+# define sk_ASN1_UTF8STRING_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_UTF8STRING, (st), (copy_func), (free_func)) -+# define sk_ASN1_UTF8STRING_shift(st) SKM_sk_shift(ASN1_UTF8STRING, (st)) -+# define sk_ASN1_UTF8STRING_pop(st) SKM_sk_pop(ASN1_UTF8STRING, (st)) -+# define sk_ASN1_UTF8STRING_sort(st) SKM_sk_sort(ASN1_UTF8STRING, (st)) -+# define sk_ASN1_UTF8STRING_is_sorted(st) SKM_sk_is_sorted(ASN1_UTF8STRING, (st)) -+# define sk_ASN1_VALUE_new(cmp) SKM_sk_new(ASN1_VALUE, (cmp)) -+# define sk_ASN1_VALUE_new_null() SKM_sk_new_null(ASN1_VALUE) -+# define sk_ASN1_VALUE_free(st) SKM_sk_free(ASN1_VALUE, (st)) -+# define sk_ASN1_VALUE_num(st) SKM_sk_num(ASN1_VALUE, (st)) -+# define sk_ASN1_VALUE_value(st, i) SKM_sk_value(ASN1_VALUE, (st), (i)) -+# define sk_ASN1_VALUE_set(st, i, val) SKM_sk_set(ASN1_VALUE, (st), (i), (val)) -+# define sk_ASN1_VALUE_zero(st) SKM_sk_zero(ASN1_VALUE, (st)) -+# define sk_ASN1_VALUE_push(st, val) SKM_sk_push(ASN1_VALUE, (st), (val)) -+# define sk_ASN1_VALUE_unshift(st, val) SKM_sk_unshift(ASN1_VALUE, (st), (val)) -+# define sk_ASN1_VALUE_find(st, val) SKM_sk_find(ASN1_VALUE, (st), (val)) -+# define sk_ASN1_VALUE_find_ex(st, val) SKM_sk_find_ex(ASN1_VALUE, (st), (val)) -+# define sk_ASN1_VALUE_delete(st, i) SKM_sk_delete(ASN1_VALUE, (st), (i)) -+# define sk_ASN1_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_VALUE, (st), (ptr)) -+# define sk_ASN1_VALUE_insert(st, val, i) SKM_sk_insert(ASN1_VALUE, (st), (val), (i)) -+# define sk_ASN1_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_VALUE, (st), (cmp)) -+# define sk_ASN1_VALUE_dup(st) SKM_sk_dup(ASN1_VALUE, st) -+# define sk_ASN1_VALUE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_VALUE, (st), (free_func)) -+# define sk_ASN1_VALUE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_VALUE, (st), (copy_func), (free_func)) -+# define sk_ASN1_VALUE_shift(st) SKM_sk_shift(ASN1_VALUE, (st)) -+# define sk_ASN1_VALUE_pop(st) SKM_sk_pop(ASN1_VALUE, (st)) -+# define sk_ASN1_VALUE_sort(st) SKM_sk_sort(ASN1_VALUE, (st)) -+# define sk_ASN1_VALUE_is_sorted(st) SKM_sk_is_sorted(ASN1_VALUE, (st)) -+# define sk_BIO_new(cmp) SKM_sk_new(BIO, (cmp)) -+# define sk_BIO_new_null() SKM_sk_new_null(BIO) -+# define sk_BIO_free(st) SKM_sk_free(BIO, (st)) -+# define sk_BIO_num(st) SKM_sk_num(BIO, (st)) -+# define sk_BIO_value(st, i) SKM_sk_value(BIO, (st), (i)) -+# define sk_BIO_set(st, i, val) SKM_sk_set(BIO, (st), (i), (val)) -+# define sk_BIO_zero(st) SKM_sk_zero(BIO, (st)) -+# define sk_BIO_push(st, val) SKM_sk_push(BIO, (st), (val)) -+# define sk_BIO_unshift(st, val) SKM_sk_unshift(BIO, (st), (val)) -+# define sk_BIO_find(st, val) SKM_sk_find(BIO, (st), (val)) -+# define sk_BIO_find_ex(st, val) SKM_sk_find_ex(BIO, (st), (val)) -+# define sk_BIO_delete(st, i) SKM_sk_delete(BIO, (st), (i)) -+# define sk_BIO_delete_ptr(st, ptr) SKM_sk_delete_ptr(BIO, (st), (ptr)) -+# define sk_BIO_insert(st, val, i) SKM_sk_insert(BIO, (st), (val), (i)) -+# define sk_BIO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BIO, (st), (cmp)) -+# define sk_BIO_dup(st) SKM_sk_dup(BIO, st) -+# define sk_BIO_pop_free(st, free_func) SKM_sk_pop_free(BIO, (st), (free_func)) -+# define sk_BIO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(BIO, (st), (copy_func), (free_func)) -+# define sk_BIO_shift(st) SKM_sk_shift(BIO, (st)) -+# define sk_BIO_pop(st) SKM_sk_pop(BIO, (st)) -+# define sk_BIO_sort(st) SKM_sk_sort(BIO, (st)) -+# define sk_BIO_is_sorted(st) SKM_sk_is_sorted(BIO, (st)) -+# define sk_BY_DIR_ENTRY_new(cmp) SKM_sk_new(BY_DIR_ENTRY, (cmp)) -+# define sk_BY_DIR_ENTRY_new_null() SKM_sk_new_null(BY_DIR_ENTRY) -+# define sk_BY_DIR_ENTRY_free(st) SKM_sk_free(BY_DIR_ENTRY, (st)) -+# define sk_BY_DIR_ENTRY_num(st) SKM_sk_num(BY_DIR_ENTRY, (st)) -+# define sk_BY_DIR_ENTRY_value(st, i) SKM_sk_value(BY_DIR_ENTRY, (st), (i)) -+# define sk_BY_DIR_ENTRY_set(st, i, val) SKM_sk_set(BY_DIR_ENTRY, (st), (i), (val)) -+# define sk_BY_DIR_ENTRY_zero(st) SKM_sk_zero(BY_DIR_ENTRY, (st)) -+# define sk_BY_DIR_ENTRY_push(st, val) SKM_sk_push(BY_DIR_ENTRY, (st), (val)) -+# define sk_BY_DIR_ENTRY_unshift(st, val) SKM_sk_unshift(BY_DIR_ENTRY, (st), (val)) -+# define sk_BY_DIR_ENTRY_find(st, val) SKM_sk_find(BY_DIR_ENTRY, (st), (val)) -+# define sk_BY_DIR_ENTRY_find_ex(st, val) SKM_sk_find_ex(BY_DIR_ENTRY, (st), (val)) -+# define sk_BY_DIR_ENTRY_delete(st, i) SKM_sk_delete(BY_DIR_ENTRY, (st), (i)) -+# define sk_BY_DIR_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(BY_DIR_ENTRY, (st), (ptr)) -+# define sk_BY_DIR_ENTRY_insert(st, val, i) SKM_sk_insert(BY_DIR_ENTRY, (st), (val), (i)) -+# define sk_BY_DIR_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BY_DIR_ENTRY, (st), (cmp)) -+# define sk_BY_DIR_ENTRY_dup(st) SKM_sk_dup(BY_DIR_ENTRY, st) -+# define sk_BY_DIR_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(BY_DIR_ENTRY, (st), (free_func)) -+# define sk_BY_DIR_ENTRY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(BY_DIR_ENTRY, (st), (copy_func), (free_func)) -+# define sk_BY_DIR_ENTRY_shift(st) SKM_sk_shift(BY_DIR_ENTRY, (st)) -+# define sk_BY_DIR_ENTRY_pop(st) SKM_sk_pop(BY_DIR_ENTRY, (st)) -+# define sk_BY_DIR_ENTRY_sort(st) SKM_sk_sort(BY_DIR_ENTRY, (st)) -+# define sk_BY_DIR_ENTRY_is_sorted(st) SKM_sk_is_sorted(BY_DIR_ENTRY, (st)) -+# define sk_BY_DIR_HASH_new(cmp) SKM_sk_new(BY_DIR_HASH, (cmp)) -+# define sk_BY_DIR_HASH_new_null() SKM_sk_new_null(BY_DIR_HASH) -+# define sk_BY_DIR_HASH_free(st) SKM_sk_free(BY_DIR_HASH, (st)) -+# define sk_BY_DIR_HASH_num(st) SKM_sk_num(BY_DIR_HASH, (st)) -+# define sk_BY_DIR_HASH_value(st, i) SKM_sk_value(BY_DIR_HASH, (st), (i)) -+# define sk_BY_DIR_HASH_set(st, i, val) SKM_sk_set(BY_DIR_HASH, (st), (i), (val)) -+# define sk_BY_DIR_HASH_zero(st) SKM_sk_zero(BY_DIR_HASH, (st)) -+# define sk_BY_DIR_HASH_push(st, val) SKM_sk_push(BY_DIR_HASH, (st), (val)) -+# define sk_BY_DIR_HASH_unshift(st, val) SKM_sk_unshift(BY_DIR_HASH, (st), (val)) -+# define sk_BY_DIR_HASH_find(st, val) SKM_sk_find(BY_DIR_HASH, (st), (val)) -+# define sk_BY_DIR_HASH_find_ex(st, val) SKM_sk_find_ex(BY_DIR_HASH, (st), (val)) -+# define sk_BY_DIR_HASH_delete(st, i) SKM_sk_delete(BY_DIR_HASH, (st), (i)) -+# define sk_BY_DIR_HASH_delete_ptr(st, ptr) SKM_sk_delete_ptr(BY_DIR_HASH, (st), (ptr)) -+# define sk_BY_DIR_HASH_insert(st, val, i) SKM_sk_insert(BY_DIR_HASH, (st), (val), (i)) -+# define sk_BY_DIR_HASH_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BY_DIR_HASH, (st), (cmp)) -+# define sk_BY_DIR_HASH_dup(st) SKM_sk_dup(BY_DIR_HASH, st) -+# define sk_BY_DIR_HASH_pop_free(st, free_func) SKM_sk_pop_free(BY_DIR_HASH, (st), (free_func)) -+# define sk_BY_DIR_HASH_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(BY_DIR_HASH, (st), (copy_func), (free_func)) -+# define sk_BY_DIR_HASH_shift(st) SKM_sk_shift(BY_DIR_HASH, (st)) -+# define sk_BY_DIR_HASH_pop(st) SKM_sk_pop(BY_DIR_HASH, (st)) -+# define sk_BY_DIR_HASH_sort(st) SKM_sk_sort(BY_DIR_HASH, (st)) -+# define sk_BY_DIR_HASH_is_sorted(st) SKM_sk_is_sorted(BY_DIR_HASH, (st)) -+# define sk_CMS_CertificateChoices_new(cmp) SKM_sk_new(CMS_CertificateChoices, (cmp)) -+# define sk_CMS_CertificateChoices_new_null() SKM_sk_new_null(CMS_CertificateChoices) -+# define sk_CMS_CertificateChoices_free(st) SKM_sk_free(CMS_CertificateChoices, (st)) -+# define sk_CMS_CertificateChoices_num(st) SKM_sk_num(CMS_CertificateChoices, (st)) -+# define sk_CMS_CertificateChoices_value(st, i) SKM_sk_value(CMS_CertificateChoices, (st), (i)) -+# define sk_CMS_CertificateChoices_set(st, i, val) SKM_sk_set(CMS_CertificateChoices, (st), (i), (val)) -+# define sk_CMS_CertificateChoices_zero(st) SKM_sk_zero(CMS_CertificateChoices, (st)) -+# define sk_CMS_CertificateChoices_push(st, val) SKM_sk_push(CMS_CertificateChoices, (st), (val)) -+# define sk_CMS_CertificateChoices_unshift(st, val) SKM_sk_unshift(CMS_CertificateChoices, (st), (val)) -+# define sk_CMS_CertificateChoices_find(st, val) SKM_sk_find(CMS_CertificateChoices, (st), (val)) -+# define sk_CMS_CertificateChoices_find_ex(st, val) SKM_sk_find_ex(CMS_CertificateChoices, (st), (val)) -+# define sk_CMS_CertificateChoices_delete(st, i) SKM_sk_delete(CMS_CertificateChoices, (st), (i)) -+# define sk_CMS_CertificateChoices_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_CertificateChoices, (st), (ptr)) -+# define sk_CMS_CertificateChoices_insert(st, val, i) SKM_sk_insert(CMS_CertificateChoices, (st), (val), (i)) -+# define sk_CMS_CertificateChoices_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_CertificateChoices, (st), (cmp)) -+# define sk_CMS_CertificateChoices_dup(st) SKM_sk_dup(CMS_CertificateChoices, st) -+# define sk_CMS_CertificateChoices_pop_free(st, free_func) SKM_sk_pop_free(CMS_CertificateChoices, (st), (free_func)) -+# define sk_CMS_CertificateChoices_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CMS_CertificateChoices, (st), (copy_func), (free_func)) -+# define sk_CMS_CertificateChoices_shift(st) SKM_sk_shift(CMS_CertificateChoices, (st)) -+# define sk_CMS_CertificateChoices_pop(st) SKM_sk_pop(CMS_CertificateChoices, (st)) -+# define sk_CMS_CertificateChoices_sort(st) SKM_sk_sort(CMS_CertificateChoices, (st)) -+# define sk_CMS_CertificateChoices_is_sorted(st) SKM_sk_is_sorted(CMS_CertificateChoices, (st)) -+# define sk_CMS_RecipientEncryptedKey_new(cmp) SKM_sk_new(CMS_RecipientEncryptedKey, (cmp)) -+# define sk_CMS_RecipientEncryptedKey_new_null() SKM_sk_new_null(CMS_RecipientEncryptedKey) -+# define sk_CMS_RecipientEncryptedKey_free(st) SKM_sk_free(CMS_RecipientEncryptedKey, (st)) -+# define sk_CMS_RecipientEncryptedKey_num(st) SKM_sk_num(CMS_RecipientEncryptedKey, (st)) -+# define sk_CMS_RecipientEncryptedKey_value(st, i) SKM_sk_value(CMS_RecipientEncryptedKey, (st), (i)) -+# define sk_CMS_RecipientEncryptedKey_set(st, i, val) SKM_sk_set(CMS_RecipientEncryptedKey, (st), (i), (val)) -+# define sk_CMS_RecipientEncryptedKey_zero(st) SKM_sk_zero(CMS_RecipientEncryptedKey, (st)) -+# define sk_CMS_RecipientEncryptedKey_push(st, val) SKM_sk_push(CMS_RecipientEncryptedKey, (st), (val)) -+# define sk_CMS_RecipientEncryptedKey_unshift(st, val) SKM_sk_unshift(CMS_RecipientEncryptedKey, (st), (val)) -+# define sk_CMS_RecipientEncryptedKey_find(st, val) SKM_sk_find(CMS_RecipientEncryptedKey, (st), (val)) -+# define sk_CMS_RecipientEncryptedKey_find_ex(st, val) SKM_sk_find_ex(CMS_RecipientEncryptedKey, (st), (val)) -+# define sk_CMS_RecipientEncryptedKey_delete(st, i) SKM_sk_delete(CMS_RecipientEncryptedKey, (st), (i)) -+# define sk_CMS_RecipientEncryptedKey_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RecipientEncryptedKey, (st), (ptr)) -+# define sk_CMS_RecipientEncryptedKey_insert(st, val, i) SKM_sk_insert(CMS_RecipientEncryptedKey, (st), (val), (i)) -+# define sk_CMS_RecipientEncryptedKey_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RecipientEncryptedKey, (st), (cmp)) -+# define sk_CMS_RecipientEncryptedKey_dup(st) SKM_sk_dup(CMS_RecipientEncryptedKey, st) -+# define sk_CMS_RecipientEncryptedKey_pop_free(st, free_func) SKM_sk_pop_free(CMS_RecipientEncryptedKey, (st), (free_func)) -+# define sk_CMS_RecipientEncryptedKey_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CMS_RecipientEncryptedKey, (st), (copy_func), (free_func)) -+# define sk_CMS_RecipientEncryptedKey_shift(st) SKM_sk_shift(CMS_RecipientEncryptedKey, (st)) -+# define sk_CMS_RecipientEncryptedKey_pop(st) SKM_sk_pop(CMS_RecipientEncryptedKey, (st)) -+# define sk_CMS_RecipientEncryptedKey_sort(st) SKM_sk_sort(CMS_RecipientEncryptedKey, (st)) -+# define sk_CMS_RecipientEncryptedKey_is_sorted(st) SKM_sk_is_sorted(CMS_RecipientEncryptedKey, (st)) -+# define sk_CMS_RecipientInfo_new(cmp) SKM_sk_new(CMS_RecipientInfo, (cmp)) -+# define sk_CMS_RecipientInfo_new_null() SKM_sk_new_null(CMS_RecipientInfo) -+# define sk_CMS_RecipientInfo_free(st) SKM_sk_free(CMS_RecipientInfo, (st)) -+# define sk_CMS_RecipientInfo_num(st) SKM_sk_num(CMS_RecipientInfo, (st)) -+# define sk_CMS_RecipientInfo_value(st, i) SKM_sk_value(CMS_RecipientInfo, (st), (i)) -+# define sk_CMS_RecipientInfo_set(st, i, val) SKM_sk_set(CMS_RecipientInfo, (st), (i), (val)) -+# define sk_CMS_RecipientInfo_zero(st) SKM_sk_zero(CMS_RecipientInfo, (st)) -+# define sk_CMS_RecipientInfo_push(st, val) SKM_sk_push(CMS_RecipientInfo, (st), (val)) -+# define sk_CMS_RecipientInfo_unshift(st, val) SKM_sk_unshift(CMS_RecipientInfo, (st), (val)) -+# define sk_CMS_RecipientInfo_find(st, val) SKM_sk_find(CMS_RecipientInfo, (st), (val)) -+# define sk_CMS_RecipientInfo_find_ex(st, val) SKM_sk_find_ex(CMS_RecipientInfo, (st), (val)) -+# define sk_CMS_RecipientInfo_delete(st, i) SKM_sk_delete(CMS_RecipientInfo, (st), (i)) -+# define sk_CMS_RecipientInfo_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RecipientInfo, (st), (ptr)) -+# define sk_CMS_RecipientInfo_insert(st, val, i) SKM_sk_insert(CMS_RecipientInfo, (st), (val), (i)) -+# define sk_CMS_RecipientInfo_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RecipientInfo, (st), (cmp)) -+# define sk_CMS_RecipientInfo_dup(st) SKM_sk_dup(CMS_RecipientInfo, st) -+# define sk_CMS_RecipientInfo_pop_free(st, free_func) SKM_sk_pop_free(CMS_RecipientInfo, (st), (free_func)) -+# define sk_CMS_RecipientInfo_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CMS_RecipientInfo, (st), (copy_func), (free_func)) -+# define sk_CMS_RecipientInfo_shift(st) SKM_sk_shift(CMS_RecipientInfo, (st)) -+# define sk_CMS_RecipientInfo_pop(st) SKM_sk_pop(CMS_RecipientInfo, (st)) -+# define sk_CMS_RecipientInfo_sort(st) SKM_sk_sort(CMS_RecipientInfo, (st)) -+# define sk_CMS_RecipientInfo_is_sorted(st) SKM_sk_is_sorted(CMS_RecipientInfo, (st)) -+# define sk_CMS_RevocationInfoChoice_new(cmp) SKM_sk_new(CMS_RevocationInfoChoice, (cmp)) -+# define sk_CMS_RevocationInfoChoice_new_null() SKM_sk_new_null(CMS_RevocationInfoChoice) -+# define sk_CMS_RevocationInfoChoice_free(st) SKM_sk_free(CMS_RevocationInfoChoice, (st)) -+# define sk_CMS_RevocationInfoChoice_num(st) SKM_sk_num(CMS_RevocationInfoChoice, (st)) -+# define sk_CMS_RevocationInfoChoice_value(st, i) SKM_sk_value(CMS_RevocationInfoChoice, (st), (i)) -+# define sk_CMS_RevocationInfoChoice_set(st, i, val) SKM_sk_set(CMS_RevocationInfoChoice, (st), (i), (val)) -+# define sk_CMS_RevocationInfoChoice_zero(st) SKM_sk_zero(CMS_RevocationInfoChoice, (st)) -+# define sk_CMS_RevocationInfoChoice_push(st, val) SKM_sk_push(CMS_RevocationInfoChoice, (st), (val)) -+# define sk_CMS_RevocationInfoChoice_unshift(st, val) SKM_sk_unshift(CMS_RevocationInfoChoice, (st), (val)) -+# define sk_CMS_RevocationInfoChoice_find(st, val) SKM_sk_find(CMS_RevocationInfoChoice, (st), (val)) -+# define sk_CMS_RevocationInfoChoice_find_ex(st, val) SKM_sk_find_ex(CMS_RevocationInfoChoice, (st), (val)) -+# define sk_CMS_RevocationInfoChoice_delete(st, i) SKM_sk_delete(CMS_RevocationInfoChoice, (st), (i)) -+# define sk_CMS_RevocationInfoChoice_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RevocationInfoChoice, (st), (ptr)) -+# define sk_CMS_RevocationInfoChoice_insert(st, val, i) SKM_sk_insert(CMS_RevocationInfoChoice, (st), (val), (i)) -+# define sk_CMS_RevocationInfoChoice_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RevocationInfoChoice, (st), (cmp)) -+# define sk_CMS_RevocationInfoChoice_dup(st) SKM_sk_dup(CMS_RevocationInfoChoice, st) -+# define sk_CMS_RevocationInfoChoice_pop_free(st, free_func) SKM_sk_pop_free(CMS_RevocationInfoChoice, (st), (free_func)) -+# define sk_CMS_RevocationInfoChoice_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CMS_RevocationInfoChoice, (st), (copy_func), (free_func)) -+# define sk_CMS_RevocationInfoChoice_shift(st) SKM_sk_shift(CMS_RevocationInfoChoice, (st)) -+# define sk_CMS_RevocationInfoChoice_pop(st) SKM_sk_pop(CMS_RevocationInfoChoice, (st)) -+# define sk_CMS_RevocationInfoChoice_sort(st) SKM_sk_sort(CMS_RevocationInfoChoice, (st)) -+# define sk_CMS_RevocationInfoChoice_is_sorted(st) SKM_sk_is_sorted(CMS_RevocationInfoChoice, (st)) -+# define sk_CMS_SignerInfo_new(cmp) SKM_sk_new(CMS_SignerInfo, (cmp)) -+# define sk_CMS_SignerInfo_new_null() SKM_sk_new_null(CMS_SignerInfo) -+# define sk_CMS_SignerInfo_free(st) SKM_sk_free(CMS_SignerInfo, (st)) -+# define sk_CMS_SignerInfo_num(st) SKM_sk_num(CMS_SignerInfo, (st)) -+# define sk_CMS_SignerInfo_value(st, i) SKM_sk_value(CMS_SignerInfo, (st), (i)) -+# define sk_CMS_SignerInfo_set(st, i, val) SKM_sk_set(CMS_SignerInfo, (st), (i), (val)) -+# define sk_CMS_SignerInfo_zero(st) SKM_sk_zero(CMS_SignerInfo, (st)) -+# define sk_CMS_SignerInfo_push(st, val) SKM_sk_push(CMS_SignerInfo, (st), (val)) -+# define sk_CMS_SignerInfo_unshift(st, val) SKM_sk_unshift(CMS_SignerInfo, (st), (val)) -+# define sk_CMS_SignerInfo_find(st, val) SKM_sk_find(CMS_SignerInfo, (st), (val)) -+# define sk_CMS_SignerInfo_find_ex(st, val) SKM_sk_find_ex(CMS_SignerInfo, (st), (val)) -+# define sk_CMS_SignerInfo_delete(st, i) SKM_sk_delete(CMS_SignerInfo, (st), (i)) -+# define sk_CMS_SignerInfo_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_SignerInfo, (st), (ptr)) -+# define sk_CMS_SignerInfo_insert(st, val, i) SKM_sk_insert(CMS_SignerInfo, (st), (val), (i)) -+# define sk_CMS_SignerInfo_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_SignerInfo, (st), (cmp)) -+# define sk_CMS_SignerInfo_dup(st) SKM_sk_dup(CMS_SignerInfo, st) -+# define sk_CMS_SignerInfo_pop_free(st, free_func) SKM_sk_pop_free(CMS_SignerInfo, (st), (free_func)) -+# define sk_CMS_SignerInfo_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CMS_SignerInfo, (st), (copy_func), (free_func)) -+# define sk_CMS_SignerInfo_shift(st) SKM_sk_shift(CMS_SignerInfo, (st)) -+# define sk_CMS_SignerInfo_pop(st) SKM_sk_pop(CMS_SignerInfo, (st)) -+# define sk_CMS_SignerInfo_sort(st) SKM_sk_sort(CMS_SignerInfo, (st)) -+# define sk_CMS_SignerInfo_is_sorted(st) SKM_sk_is_sorted(CMS_SignerInfo, (st)) -+# define sk_CONF_IMODULE_new(cmp) SKM_sk_new(CONF_IMODULE, (cmp)) -+# define sk_CONF_IMODULE_new_null() SKM_sk_new_null(CONF_IMODULE) -+# define sk_CONF_IMODULE_free(st) SKM_sk_free(CONF_IMODULE, (st)) -+# define sk_CONF_IMODULE_num(st) SKM_sk_num(CONF_IMODULE, (st)) -+# define sk_CONF_IMODULE_value(st, i) SKM_sk_value(CONF_IMODULE, (st), (i)) -+# define sk_CONF_IMODULE_set(st, i, val) SKM_sk_set(CONF_IMODULE, (st), (i), (val)) -+# define sk_CONF_IMODULE_zero(st) SKM_sk_zero(CONF_IMODULE, (st)) -+# define sk_CONF_IMODULE_push(st, val) SKM_sk_push(CONF_IMODULE, (st), (val)) -+# define sk_CONF_IMODULE_unshift(st, val) SKM_sk_unshift(CONF_IMODULE, (st), (val)) -+# define sk_CONF_IMODULE_find(st, val) SKM_sk_find(CONF_IMODULE, (st), (val)) -+# define sk_CONF_IMODULE_find_ex(st, val) SKM_sk_find_ex(CONF_IMODULE, (st), (val)) -+# define sk_CONF_IMODULE_delete(st, i) SKM_sk_delete(CONF_IMODULE, (st), (i)) -+# define sk_CONF_IMODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_IMODULE, (st), (ptr)) -+# define sk_CONF_IMODULE_insert(st, val, i) SKM_sk_insert(CONF_IMODULE, (st), (val), (i)) -+# define sk_CONF_IMODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_IMODULE, (st), (cmp)) -+# define sk_CONF_IMODULE_dup(st) SKM_sk_dup(CONF_IMODULE, st) -+# define sk_CONF_IMODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_IMODULE, (st), (free_func)) -+# define sk_CONF_IMODULE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CONF_IMODULE, (st), (copy_func), (free_func)) -+# define sk_CONF_IMODULE_shift(st) SKM_sk_shift(CONF_IMODULE, (st)) -+# define sk_CONF_IMODULE_pop(st) SKM_sk_pop(CONF_IMODULE, (st)) -+# define sk_CONF_IMODULE_sort(st) SKM_sk_sort(CONF_IMODULE, (st)) -+# define sk_CONF_IMODULE_is_sorted(st) SKM_sk_is_sorted(CONF_IMODULE, (st)) -+# define sk_CONF_MODULE_new(cmp) SKM_sk_new(CONF_MODULE, (cmp)) -+# define sk_CONF_MODULE_new_null() SKM_sk_new_null(CONF_MODULE) -+# define sk_CONF_MODULE_free(st) SKM_sk_free(CONF_MODULE, (st)) -+# define sk_CONF_MODULE_num(st) SKM_sk_num(CONF_MODULE, (st)) -+# define sk_CONF_MODULE_value(st, i) SKM_sk_value(CONF_MODULE, (st), (i)) -+# define sk_CONF_MODULE_set(st, i, val) SKM_sk_set(CONF_MODULE, (st), (i), (val)) -+# define sk_CONF_MODULE_zero(st) SKM_sk_zero(CONF_MODULE, (st)) -+# define sk_CONF_MODULE_push(st, val) SKM_sk_push(CONF_MODULE, (st), (val)) -+# define sk_CONF_MODULE_unshift(st, val) SKM_sk_unshift(CONF_MODULE, (st), (val)) -+# define sk_CONF_MODULE_find(st, val) SKM_sk_find(CONF_MODULE, (st), (val)) -+# define sk_CONF_MODULE_find_ex(st, val) SKM_sk_find_ex(CONF_MODULE, (st), (val)) -+# define sk_CONF_MODULE_delete(st, i) SKM_sk_delete(CONF_MODULE, (st), (i)) -+# define sk_CONF_MODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_MODULE, (st), (ptr)) -+# define sk_CONF_MODULE_insert(st, val, i) SKM_sk_insert(CONF_MODULE, (st), (val), (i)) -+# define sk_CONF_MODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_MODULE, (st), (cmp)) -+# define sk_CONF_MODULE_dup(st) SKM_sk_dup(CONF_MODULE, st) -+# define sk_CONF_MODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_MODULE, (st), (free_func)) -+# define sk_CONF_MODULE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CONF_MODULE, (st), (copy_func), (free_func)) -+# define sk_CONF_MODULE_shift(st) SKM_sk_shift(CONF_MODULE, (st)) -+# define sk_CONF_MODULE_pop(st) SKM_sk_pop(CONF_MODULE, (st)) -+# define sk_CONF_MODULE_sort(st) SKM_sk_sort(CONF_MODULE, (st)) -+# define sk_CONF_MODULE_is_sorted(st) SKM_sk_is_sorted(CONF_MODULE, (st)) -+# define sk_CONF_VALUE_new(cmp) SKM_sk_new(CONF_VALUE, (cmp)) -+# define sk_CONF_VALUE_new_null() SKM_sk_new_null(CONF_VALUE) -+# define sk_CONF_VALUE_free(st) SKM_sk_free(CONF_VALUE, (st)) -+# define sk_CONF_VALUE_num(st) SKM_sk_num(CONF_VALUE, (st)) -+# define sk_CONF_VALUE_value(st, i) SKM_sk_value(CONF_VALUE, (st), (i)) -+# define sk_CONF_VALUE_set(st, i, val) SKM_sk_set(CONF_VALUE, (st), (i), (val)) -+# define sk_CONF_VALUE_zero(st) SKM_sk_zero(CONF_VALUE, (st)) -+# define sk_CONF_VALUE_push(st, val) SKM_sk_push(CONF_VALUE, (st), (val)) -+# define sk_CONF_VALUE_unshift(st, val) SKM_sk_unshift(CONF_VALUE, (st), (val)) -+# define sk_CONF_VALUE_find(st, val) SKM_sk_find(CONF_VALUE, (st), (val)) -+# define sk_CONF_VALUE_find_ex(st, val) SKM_sk_find_ex(CONF_VALUE, (st), (val)) -+# define sk_CONF_VALUE_delete(st, i) SKM_sk_delete(CONF_VALUE, (st), (i)) -+# define sk_CONF_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_VALUE, (st), (ptr)) -+# define sk_CONF_VALUE_insert(st, val, i) SKM_sk_insert(CONF_VALUE, (st), (val), (i)) -+# define sk_CONF_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_VALUE, (st), (cmp)) -+# define sk_CONF_VALUE_dup(st) SKM_sk_dup(CONF_VALUE, st) -+# define sk_CONF_VALUE_pop_free(st, free_func) SKM_sk_pop_free(CONF_VALUE, (st), (free_func)) -+# define sk_CONF_VALUE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CONF_VALUE, (st), (copy_func), (free_func)) -+# define sk_CONF_VALUE_shift(st) SKM_sk_shift(CONF_VALUE, (st)) -+# define sk_CONF_VALUE_pop(st) SKM_sk_pop(CONF_VALUE, (st)) -+# define sk_CONF_VALUE_sort(st) SKM_sk_sort(CONF_VALUE, (st)) -+# define sk_CONF_VALUE_is_sorted(st) SKM_sk_is_sorted(CONF_VALUE, (st)) -+# define sk_CRYPTO_EX_DATA_FUNCS_new(cmp) SKM_sk_new(CRYPTO_EX_DATA_FUNCS, (cmp)) -+# define sk_CRYPTO_EX_DATA_FUNCS_new_null() SKM_sk_new_null(CRYPTO_EX_DATA_FUNCS) -+# define sk_CRYPTO_EX_DATA_FUNCS_free(st) SKM_sk_free(CRYPTO_EX_DATA_FUNCS, (st)) -+# define sk_CRYPTO_EX_DATA_FUNCS_num(st) SKM_sk_num(CRYPTO_EX_DATA_FUNCS, (st)) -+# define sk_CRYPTO_EX_DATA_FUNCS_value(st, i) SKM_sk_value(CRYPTO_EX_DATA_FUNCS, (st), (i)) -+# define sk_CRYPTO_EX_DATA_FUNCS_set(st, i, val) SKM_sk_set(CRYPTO_EX_DATA_FUNCS, (st), (i), (val)) -+# define sk_CRYPTO_EX_DATA_FUNCS_zero(st) SKM_sk_zero(CRYPTO_EX_DATA_FUNCS, (st)) -+# define sk_CRYPTO_EX_DATA_FUNCS_push(st, val) SKM_sk_push(CRYPTO_EX_DATA_FUNCS, (st), (val)) -+# define sk_CRYPTO_EX_DATA_FUNCS_unshift(st, val) SKM_sk_unshift(CRYPTO_EX_DATA_FUNCS, (st), (val)) -+# define sk_CRYPTO_EX_DATA_FUNCS_find(st, val) SKM_sk_find(CRYPTO_EX_DATA_FUNCS, (st), (val)) -+# define sk_CRYPTO_EX_DATA_FUNCS_find_ex(st, val) SKM_sk_find_ex(CRYPTO_EX_DATA_FUNCS, (st), (val)) -+# define sk_CRYPTO_EX_DATA_FUNCS_delete(st, i) SKM_sk_delete(CRYPTO_EX_DATA_FUNCS, (st), (i)) -+# define sk_CRYPTO_EX_DATA_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_EX_DATA_FUNCS, (st), (ptr)) -+# define sk_CRYPTO_EX_DATA_FUNCS_insert(st, val, i) SKM_sk_insert(CRYPTO_EX_DATA_FUNCS, (st), (val), (i)) -+# define sk_CRYPTO_EX_DATA_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_EX_DATA_FUNCS, (st), (cmp)) -+# define sk_CRYPTO_EX_DATA_FUNCS_dup(st) SKM_sk_dup(CRYPTO_EX_DATA_FUNCS, st) -+# define sk_CRYPTO_EX_DATA_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_EX_DATA_FUNCS, (st), (free_func)) -+# define sk_CRYPTO_EX_DATA_FUNCS_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CRYPTO_EX_DATA_FUNCS, (st), (copy_func), (free_func)) -+# define sk_CRYPTO_EX_DATA_FUNCS_shift(st) SKM_sk_shift(CRYPTO_EX_DATA_FUNCS, (st)) -+# define sk_CRYPTO_EX_DATA_FUNCS_pop(st) SKM_sk_pop(CRYPTO_EX_DATA_FUNCS, (st)) -+# define sk_CRYPTO_EX_DATA_FUNCS_sort(st) SKM_sk_sort(CRYPTO_EX_DATA_FUNCS, (st)) -+# define sk_CRYPTO_EX_DATA_FUNCS_is_sorted(st) SKM_sk_is_sorted(CRYPTO_EX_DATA_FUNCS, (st)) -+# define sk_CRYPTO_dynlock_new(cmp) SKM_sk_new(CRYPTO_dynlock, (cmp)) -+# define sk_CRYPTO_dynlock_new_null() SKM_sk_new_null(CRYPTO_dynlock) -+# define sk_CRYPTO_dynlock_free(st) SKM_sk_free(CRYPTO_dynlock, (st)) -+# define sk_CRYPTO_dynlock_num(st) SKM_sk_num(CRYPTO_dynlock, (st)) -+# define sk_CRYPTO_dynlock_value(st, i) SKM_sk_value(CRYPTO_dynlock, (st), (i)) -+# define sk_CRYPTO_dynlock_set(st, i, val) SKM_sk_set(CRYPTO_dynlock, (st), (i), (val)) -+# define sk_CRYPTO_dynlock_zero(st) SKM_sk_zero(CRYPTO_dynlock, (st)) -+# define sk_CRYPTO_dynlock_push(st, val) SKM_sk_push(CRYPTO_dynlock, (st), (val)) -+# define sk_CRYPTO_dynlock_unshift(st, val) SKM_sk_unshift(CRYPTO_dynlock, (st), (val)) -+# define sk_CRYPTO_dynlock_find(st, val) SKM_sk_find(CRYPTO_dynlock, (st), (val)) -+# define sk_CRYPTO_dynlock_find_ex(st, val) SKM_sk_find_ex(CRYPTO_dynlock, (st), (val)) -+# define sk_CRYPTO_dynlock_delete(st, i) SKM_sk_delete(CRYPTO_dynlock, (st), (i)) -+# define sk_CRYPTO_dynlock_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_dynlock, (st), (ptr)) -+# define sk_CRYPTO_dynlock_insert(st, val, i) SKM_sk_insert(CRYPTO_dynlock, (st), (val), (i)) -+# define sk_CRYPTO_dynlock_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_dynlock, (st), (cmp)) -+# define sk_CRYPTO_dynlock_dup(st) SKM_sk_dup(CRYPTO_dynlock, st) -+# define sk_CRYPTO_dynlock_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_dynlock, (st), (free_func)) -+# define sk_CRYPTO_dynlock_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CRYPTO_dynlock, (st), (copy_func), (free_func)) -+# define sk_CRYPTO_dynlock_shift(st) SKM_sk_shift(CRYPTO_dynlock, (st)) -+# define sk_CRYPTO_dynlock_pop(st) SKM_sk_pop(CRYPTO_dynlock, (st)) -+# define sk_CRYPTO_dynlock_sort(st) SKM_sk_sort(CRYPTO_dynlock, (st)) -+# define sk_CRYPTO_dynlock_is_sorted(st) SKM_sk_is_sorted(CRYPTO_dynlock, (st)) -+# define sk_DIST_POINT_new(cmp) SKM_sk_new(DIST_POINT, (cmp)) -+# define sk_DIST_POINT_new_null() SKM_sk_new_null(DIST_POINT) -+# define sk_DIST_POINT_free(st) SKM_sk_free(DIST_POINT, (st)) -+# define sk_DIST_POINT_num(st) SKM_sk_num(DIST_POINT, (st)) -+# define sk_DIST_POINT_value(st, i) SKM_sk_value(DIST_POINT, (st), (i)) -+# define sk_DIST_POINT_set(st, i, val) SKM_sk_set(DIST_POINT, (st), (i), (val)) -+# define sk_DIST_POINT_zero(st) SKM_sk_zero(DIST_POINT, (st)) -+# define sk_DIST_POINT_push(st, val) SKM_sk_push(DIST_POINT, (st), (val)) -+# define sk_DIST_POINT_unshift(st, val) SKM_sk_unshift(DIST_POINT, (st), (val)) -+# define sk_DIST_POINT_find(st, val) SKM_sk_find(DIST_POINT, (st), (val)) -+# define sk_DIST_POINT_find_ex(st, val) SKM_sk_find_ex(DIST_POINT, (st), (val)) -+# define sk_DIST_POINT_delete(st, i) SKM_sk_delete(DIST_POINT, (st), (i)) -+# define sk_DIST_POINT_delete_ptr(st, ptr) SKM_sk_delete_ptr(DIST_POINT, (st), (ptr)) -+# define sk_DIST_POINT_insert(st, val, i) SKM_sk_insert(DIST_POINT, (st), (val), (i)) -+# define sk_DIST_POINT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(DIST_POINT, (st), (cmp)) -+# define sk_DIST_POINT_dup(st) SKM_sk_dup(DIST_POINT, st) -+# define sk_DIST_POINT_pop_free(st, free_func) SKM_sk_pop_free(DIST_POINT, (st), (free_func)) -+# define sk_DIST_POINT_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(DIST_POINT, (st), (copy_func), (free_func)) -+# define sk_DIST_POINT_shift(st) SKM_sk_shift(DIST_POINT, (st)) -+# define sk_DIST_POINT_pop(st) SKM_sk_pop(DIST_POINT, (st)) -+# define sk_DIST_POINT_sort(st) SKM_sk_sort(DIST_POINT, (st)) -+# define sk_DIST_POINT_is_sorted(st) SKM_sk_is_sorted(DIST_POINT, (st)) -+# define sk_ENGINE_new(cmp) SKM_sk_new(ENGINE, (cmp)) -+# define sk_ENGINE_new_null() SKM_sk_new_null(ENGINE) -+# define sk_ENGINE_free(st) SKM_sk_free(ENGINE, (st)) -+# define sk_ENGINE_num(st) SKM_sk_num(ENGINE, (st)) -+# define sk_ENGINE_value(st, i) SKM_sk_value(ENGINE, (st), (i)) -+# define sk_ENGINE_set(st, i, val) SKM_sk_set(ENGINE, (st), (i), (val)) -+# define sk_ENGINE_zero(st) SKM_sk_zero(ENGINE, (st)) -+# define sk_ENGINE_push(st, val) SKM_sk_push(ENGINE, (st), (val)) -+# define sk_ENGINE_unshift(st, val) SKM_sk_unshift(ENGINE, (st), (val)) -+# define sk_ENGINE_find(st, val) SKM_sk_find(ENGINE, (st), (val)) -+# define sk_ENGINE_find_ex(st, val) SKM_sk_find_ex(ENGINE, (st), (val)) -+# define sk_ENGINE_delete(st, i) SKM_sk_delete(ENGINE, (st), (i)) -+# define sk_ENGINE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE, (st), (ptr)) -+# define sk_ENGINE_insert(st, val, i) SKM_sk_insert(ENGINE, (st), (val), (i)) -+# define sk_ENGINE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE, (st), (cmp)) -+# define sk_ENGINE_dup(st) SKM_sk_dup(ENGINE, st) -+# define sk_ENGINE_pop_free(st, free_func) SKM_sk_pop_free(ENGINE, (st), (free_func)) -+# define sk_ENGINE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ENGINE, (st), (copy_func), (free_func)) -+# define sk_ENGINE_shift(st) SKM_sk_shift(ENGINE, (st)) -+# define sk_ENGINE_pop(st) SKM_sk_pop(ENGINE, (st)) -+# define sk_ENGINE_sort(st) SKM_sk_sort(ENGINE, (st)) -+# define sk_ENGINE_is_sorted(st) SKM_sk_is_sorted(ENGINE, (st)) -+# define sk_ENGINE_CLEANUP_ITEM_new(cmp) SKM_sk_new(ENGINE_CLEANUP_ITEM, (cmp)) -+# define sk_ENGINE_CLEANUP_ITEM_new_null() SKM_sk_new_null(ENGINE_CLEANUP_ITEM) -+# define sk_ENGINE_CLEANUP_ITEM_free(st) SKM_sk_free(ENGINE_CLEANUP_ITEM, (st)) -+# define sk_ENGINE_CLEANUP_ITEM_num(st) SKM_sk_num(ENGINE_CLEANUP_ITEM, (st)) -+# define sk_ENGINE_CLEANUP_ITEM_value(st, i) SKM_sk_value(ENGINE_CLEANUP_ITEM, (st), (i)) -+# define sk_ENGINE_CLEANUP_ITEM_set(st, i, val) SKM_sk_set(ENGINE_CLEANUP_ITEM, (st), (i), (val)) -+# define sk_ENGINE_CLEANUP_ITEM_zero(st) SKM_sk_zero(ENGINE_CLEANUP_ITEM, (st)) -+# define sk_ENGINE_CLEANUP_ITEM_push(st, val) SKM_sk_push(ENGINE_CLEANUP_ITEM, (st), (val)) -+# define sk_ENGINE_CLEANUP_ITEM_unshift(st, val) SKM_sk_unshift(ENGINE_CLEANUP_ITEM, (st), (val)) -+# define sk_ENGINE_CLEANUP_ITEM_find(st, val) SKM_sk_find(ENGINE_CLEANUP_ITEM, (st), (val)) -+# define sk_ENGINE_CLEANUP_ITEM_find_ex(st, val) SKM_sk_find_ex(ENGINE_CLEANUP_ITEM, (st), (val)) -+# define sk_ENGINE_CLEANUP_ITEM_delete(st, i) SKM_sk_delete(ENGINE_CLEANUP_ITEM, (st), (i)) -+# define sk_ENGINE_CLEANUP_ITEM_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE_CLEANUP_ITEM, (st), (ptr)) -+# define sk_ENGINE_CLEANUP_ITEM_insert(st, val, i) SKM_sk_insert(ENGINE_CLEANUP_ITEM, (st), (val), (i)) -+# define sk_ENGINE_CLEANUP_ITEM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE_CLEANUP_ITEM, (st), (cmp)) -+# define sk_ENGINE_CLEANUP_ITEM_dup(st) SKM_sk_dup(ENGINE_CLEANUP_ITEM, st) -+# define sk_ENGINE_CLEANUP_ITEM_pop_free(st, free_func) SKM_sk_pop_free(ENGINE_CLEANUP_ITEM, (st), (free_func)) -+# define sk_ENGINE_CLEANUP_ITEM_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ENGINE_CLEANUP_ITEM, (st), (copy_func), (free_func)) -+# define sk_ENGINE_CLEANUP_ITEM_shift(st) SKM_sk_shift(ENGINE_CLEANUP_ITEM, (st)) -+# define sk_ENGINE_CLEANUP_ITEM_pop(st) SKM_sk_pop(ENGINE_CLEANUP_ITEM, (st)) -+# define sk_ENGINE_CLEANUP_ITEM_sort(st) SKM_sk_sort(ENGINE_CLEANUP_ITEM, (st)) -+# define sk_ENGINE_CLEANUP_ITEM_is_sorted(st) SKM_sk_is_sorted(ENGINE_CLEANUP_ITEM, (st)) -+# define sk_ESS_CERT_ID_new(cmp) SKM_sk_new(ESS_CERT_ID, (cmp)) -+# define sk_ESS_CERT_ID_new_null() SKM_sk_new_null(ESS_CERT_ID) -+# define sk_ESS_CERT_ID_free(st) SKM_sk_free(ESS_CERT_ID, (st)) -+# define sk_ESS_CERT_ID_num(st) SKM_sk_num(ESS_CERT_ID, (st)) -+# define sk_ESS_CERT_ID_value(st, i) SKM_sk_value(ESS_CERT_ID, (st), (i)) -+# define sk_ESS_CERT_ID_set(st, i, val) SKM_sk_set(ESS_CERT_ID, (st), (i), (val)) -+# define sk_ESS_CERT_ID_zero(st) SKM_sk_zero(ESS_CERT_ID, (st)) -+# define sk_ESS_CERT_ID_push(st, val) SKM_sk_push(ESS_CERT_ID, (st), (val)) -+# define sk_ESS_CERT_ID_unshift(st, val) SKM_sk_unshift(ESS_CERT_ID, (st), (val)) -+# define sk_ESS_CERT_ID_find(st, val) SKM_sk_find(ESS_CERT_ID, (st), (val)) -+# define sk_ESS_CERT_ID_find_ex(st, val) SKM_sk_find_ex(ESS_CERT_ID, (st), (val)) -+# define sk_ESS_CERT_ID_delete(st, i) SKM_sk_delete(ESS_CERT_ID, (st), (i)) -+# define sk_ESS_CERT_ID_delete_ptr(st, ptr) SKM_sk_delete_ptr(ESS_CERT_ID, (st), (ptr)) -+# define sk_ESS_CERT_ID_insert(st, val, i) SKM_sk_insert(ESS_CERT_ID, (st), (val), (i)) -+# define sk_ESS_CERT_ID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ESS_CERT_ID, (st), (cmp)) -+# define sk_ESS_CERT_ID_dup(st) SKM_sk_dup(ESS_CERT_ID, st) -+# define sk_ESS_CERT_ID_pop_free(st, free_func) SKM_sk_pop_free(ESS_CERT_ID, (st), (free_func)) -+# define sk_ESS_CERT_ID_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ESS_CERT_ID, (st), (copy_func), (free_func)) -+# define sk_ESS_CERT_ID_shift(st) SKM_sk_shift(ESS_CERT_ID, (st)) -+# define sk_ESS_CERT_ID_pop(st) SKM_sk_pop(ESS_CERT_ID, (st)) -+# define sk_ESS_CERT_ID_sort(st) SKM_sk_sort(ESS_CERT_ID, (st)) -+# define sk_ESS_CERT_ID_is_sorted(st) SKM_sk_is_sorted(ESS_CERT_ID, (st)) -+# define sk_EVP_MD_new(cmp) SKM_sk_new(EVP_MD, (cmp)) -+# define sk_EVP_MD_new_null() SKM_sk_new_null(EVP_MD) -+# define sk_EVP_MD_free(st) SKM_sk_free(EVP_MD, (st)) -+# define sk_EVP_MD_num(st) SKM_sk_num(EVP_MD, (st)) -+# define sk_EVP_MD_value(st, i) SKM_sk_value(EVP_MD, (st), (i)) -+# define sk_EVP_MD_set(st, i, val) SKM_sk_set(EVP_MD, (st), (i), (val)) -+# define sk_EVP_MD_zero(st) SKM_sk_zero(EVP_MD, (st)) -+# define sk_EVP_MD_push(st, val) SKM_sk_push(EVP_MD, (st), (val)) -+# define sk_EVP_MD_unshift(st, val) SKM_sk_unshift(EVP_MD, (st), (val)) -+# define sk_EVP_MD_find(st, val) SKM_sk_find(EVP_MD, (st), (val)) -+# define sk_EVP_MD_find_ex(st, val) SKM_sk_find_ex(EVP_MD, (st), (val)) -+# define sk_EVP_MD_delete(st, i) SKM_sk_delete(EVP_MD, (st), (i)) -+# define sk_EVP_MD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_MD, (st), (ptr)) -+# define sk_EVP_MD_insert(st, val, i) SKM_sk_insert(EVP_MD, (st), (val), (i)) -+# define sk_EVP_MD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_MD, (st), (cmp)) -+# define sk_EVP_MD_dup(st) SKM_sk_dup(EVP_MD, st) -+# define sk_EVP_MD_pop_free(st, free_func) SKM_sk_pop_free(EVP_MD, (st), (free_func)) -+# define sk_EVP_MD_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(EVP_MD, (st), (copy_func), (free_func)) -+# define sk_EVP_MD_shift(st) SKM_sk_shift(EVP_MD, (st)) -+# define sk_EVP_MD_pop(st) SKM_sk_pop(EVP_MD, (st)) -+# define sk_EVP_MD_sort(st) SKM_sk_sort(EVP_MD, (st)) -+# define sk_EVP_MD_is_sorted(st) SKM_sk_is_sorted(EVP_MD, (st)) -+# define sk_EVP_PBE_CTL_new(cmp) SKM_sk_new(EVP_PBE_CTL, (cmp)) -+# define sk_EVP_PBE_CTL_new_null() SKM_sk_new_null(EVP_PBE_CTL) -+# define sk_EVP_PBE_CTL_free(st) SKM_sk_free(EVP_PBE_CTL, (st)) -+# define sk_EVP_PBE_CTL_num(st) SKM_sk_num(EVP_PBE_CTL, (st)) -+# define sk_EVP_PBE_CTL_value(st, i) SKM_sk_value(EVP_PBE_CTL, (st), (i)) -+# define sk_EVP_PBE_CTL_set(st, i, val) SKM_sk_set(EVP_PBE_CTL, (st), (i), (val)) -+# define sk_EVP_PBE_CTL_zero(st) SKM_sk_zero(EVP_PBE_CTL, (st)) -+# define sk_EVP_PBE_CTL_push(st, val) SKM_sk_push(EVP_PBE_CTL, (st), (val)) -+# define sk_EVP_PBE_CTL_unshift(st, val) SKM_sk_unshift(EVP_PBE_CTL, (st), (val)) -+# define sk_EVP_PBE_CTL_find(st, val) SKM_sk_find(EVP_PBE_CTL, (st), (val)) -+# define sk_EVP_PBE_CTL_find_ex(st, val) SKM_sk_find_ex(EVP_PBE_CTL, (st), (val)) -+# define sk_EVP_PBE_CTL_delete(st, i) SKM_sk_delete(EVP_PBE_CTL, (st), (i)) -+# define sk_EVP_PBE_CTL_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PBE_CTL, (st), (ptr)) -+# define sk_EVP_PBE_CTL_insert(st, val, i) SKM_sk_insert(EVP_PBE_CTL, (st), (val), (i)) -+# define sk_EVP_PBE_CTL_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PBE_CTL, (st), (cmp)) -+# define sk_EVP_PBE_CTL_dup(st) SKM_sk_dup(EVP_PBE_CTL, st) -+# define sk_EVP_PBE_CTL_pop_free(st, free_func) SKM_sk_pop_free(EVP_PBE_CTL, (st), (free_func)) -+# define sk_EVP_PBE_CTL_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(EVP_PBE_CTL, (st), (copy_func), (free_func)) -+# define sk_EVP_PBE_CTL_shift(st) SKM_sk_shift(EVP_PBE_CTL, (st)) -+# define sk_EVP_PBE_CTL_pop(st) SKM_sk_pop(EVP_PBE_CTL, (st)) -+# define sk_EVP_PBE_CTL_sort(st) SKM_sk_sort(EVP_PBE_CTL, (st)) -+# define sk_EVP_PBE_CTL_is_sorted(st) SKM_sk_is_sorted(EVP_PBE_CTL, (st)) -+# define sk_EVP_PKEY_ASN1_METHOD_new(cmp) SKM_sk_new(EVP_PKEY_ASN1_METHOD, (cmp)) -+# define sk_EVP_PKEY_ASN1_METHOD_new_null() SKM_sk_new_null(EVP_PKEY_ASN1_METHOD) -+# define sk_EVP_PKEY_ASN1_METHOD_free(st) SKM_sk_free(EVP_PKEY_ASN1_METHOD, (st)) -+# define sk_EVP_PKEY_ASN1_METHOD_num(st) SKM_sk_num(EVP_PKEY_ASN1_METHOD, (st)) -+# define sk_EVP_PKEY_ASN1_METHOD_value(st, i) SKM_sk_value(EVP_PKEY_ASN1_METHOD, (st), (i)) -+# define sk_EVP_PKEY_ASN1_METHOD_set(st, i, val) SKM_sk_set(EVP_PKEY_ASN1_METHOD, (st), (i), (val)) -+# define sk_EVP_PKEY_ASN1_METHOD_zero(st) SKM_sk_zero(EVP_PKEY_ASN1_METHOD, (st)) -+# define sk_EVP_PKEY_ASN1_METHOD_push(st, val) SKM_sk_push(EVP_PKEY_ASN1_METHOD, (st), (val)) -+# define sk_EVP_PKEY_ASN1_METHOD_unshift(st, val) SKM_sk_unshift(EVP_PKEY_ASN1_METHOD, (st), (val)) -+# define sk_EVP_PKEY_ASN1_METHOD_find(st, val) SKM_sk_find(EVP_PKEY_ASN1_METHOD, (st), (val)) -+# define sk_EVP_PKEY_ASN1_METHOD_find_ex(st, val) SKM_sk_find_ex(EVP_PKEY_ASN1_METHOD, (st), (val)) -+# define sk_EVP_PKEY_ASN1_METHOD_delete(st, i) SKM_sk_delete(EVP_PKEY_ASN1_METHOD, (st), (i)) -+# define sk_EVP_PKEY_ASN1_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PKEY_ASN1_METHOD, (st), (ptr)) -+# define sk_EVP_PKEY_ASN1_METHOD_insert(st, val, i) SKM_sk_insert(EVP_PKEY_ASN1_METHOD, (st), (val), (i)) -+# define sk_EVP_PKEY_ASN1_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PKEY_ASN1_METHOD, (st), (cmp)) -+# define sk_EVP_PKEY_ASN1_METHOD_dup(st) SKM_sk_dup(EVP_PKEY_ASN1_METHOD, st) -+# define sk_EVP_PKEY_ASN1_METHOD_pop_free(st, free_func) SKM_sk_pop_free(EVP_PKEY_ASN1_METHOD, (st), (free_func)) -+# define sk_EVP_PKEY_ASN1_METHOD_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(EVP_PKEY_ASN1_METHOD, (st), (copy_func), (free_func)) -+# define sk_EVP_PKEY_ASN1_METHOD_shift(st) SKM_sk_shift(EVP_PKEY_ASN1_METHOD, (st)) -+# define sk_EVP_PKEY_ASN1_METHOD_pop(st) SKM_sk_pop(EVP_PKEY_ASN1_METHOD, (st)) -+# define sk_EVP_PKEY_ASN1_METHOD_sort(st) SKM_sk_sort(EVP_PKEY_ASN1_METHOD, (st)) -+# define sk_EVP_PKEY_ASN1_METHOD_is_sorted(st) SKM_sk_is_sorted(EVP_PKEY_ASN1_METHOD, (st)) -+# define sk_EVP_PKEY_METHOD_new(cmp) SKM_sk_new(EVP_PKEY_METHOD, (cmp)) -+# define sk_EVP_PKEY_METHOD_new_null() SKM_sk_new_null(EVP_PKEY_METHOD) -+# define sk_EVP_PKEY_METHOD_free(st) SKM_sk_free(EVP_PKEY_METHOD, (st)) -+# define sk_EVP_PKEY_METHOD_num(st) SKM_sk_num(EVP_PKEY_METHOD, (st)) -+# define sk_EVP_PKEY_METHOD_value(st, i) SKM_sk_value(EVP_PKEY_METHOD, (st), (i)) -+# define sk_EVP_PKEY_METHOD_set(st, i, val) SKM_sk_set(EVP_PKEY_METHOD, (st), (i), (val)) -+# define sk_EVP_PKEY_METHOD_zero(st) SKM_sk_zero(EVP_PKEY_METHOD, (st)) -+# define sk_EVP_PKEY_METHOD_push(st, val) SKM_sk_push(EVP_PKEY_METHOD, (st), (val)) -+# define sk_EVP_PKEY_METHOD_unshift(st, val) SKM_sk_unshift(EVP_PKEY_METHOD, (st), (val)) -+# define sk_EVP_PKEY_METHOD_find(st, val) SKM_sk_find(EVP_PKEY_METHOD, (st), (val)) -+# define sk_EVP_PKEY_METHOD_find_ex(st, val) SKM_sk_find_ex(EVP_PKEY_METHOD, (st), (val)) -+# define sk_EVP_PKEY_METHOD_delete(st, i) SKM_sk_delete(EVP_PKEY_METHOD, (st), (i)) -+# define sk_EVP_PKEY_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PKEY_METHOD, (st), (ptr)) -+# define sk_EVP_PKEY_METHOD_insert(st, val, i) SKM_sk_insert(EVP_PKEY_METHOD, (st), (val), (i)) -+# define sk_EVP_PKEY_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PKEY_METHOD, (st), (cmp)) -+# define sk_EVP_PKEY_METHOD_dup(st) SKM_sk_dup(EVP_PKEY_METHOD, st) -+# define sk_EVP_PKEY_METHOD_pop_free(st, free_func) SKM_sk_pop_free(EVP_PKEY_METHOD, (st), (free_func)) -+# define sk_EVP_PKEY_METHOD_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(EVP_PKEY_METHOD, (st), (copy_func), (free_func)) -+# define sk_EVP_PKEY_METHOD_shift(st) SKM_sk_shift(EVP_PKEY_METHOD, (st)) -+# define sk_EVP_PKEY_METHOD_pop(st) SKM_sk_pop(EVP_PKEY_METHOD, (st)) -+# define sk_EVP_PKEY_METHOD_sort(st) SKM_sk_sort(EVP_PKEY_METHOD, (st)) -+# define sk_EVP_PKEY_METHOD_is_sorted(st) SKM_sk_is_sorted(EVP_PKEY_METHOD, (st)) -+# define sk_GENERAL_NAME_new(cmp) SKM_sk_new(GENERAL_NAME, (cmp)) -+# define sk_GENERAL_NAME_new_null() SKM_sk_new_null(GENERAL_NAME) -+# define sk_GENERAL_NAME_free(st) SKM_sk_free(GENERAL_NAME, (st)) -+# define sk_GENERAL_NAME_num(st) SKM_sk_num(GENERAL_NAME, (st)) -+# define sk_GENERAL_NAME_value(st, i) SKM_sk_value(GENERAL_NAME, (st), (i)) -+# define sk_GENERAL_NAME_set(st, i, val) SKM_sk_set(GENERAL_NAME, (st), (i), (val)) -+# define sk_GENERAL_NAME_zero(st) SKM_sk_zero(GENERAL_NAME, (st)) -+# define sk_GENERAL_NAME_push(st, val) SKM_sk_push(GENERAL_NAME, (st), (val)) -+# define sk_GENERAL_NAME_unshift(st, val) SKM_sk_unshift(GENERAL_NAME, (st), (val)) -+# define sk_GENERAL_NAME_find(st, val) SKM_sk_find(GENERAL_NAME, (st), (val)) -+# define sk_GENERAL_NAME_find_ex(st, val) SKM_sk_find_ex(GENERAL_NAME, (st), (val)) -+# define sk_GENERAL_NAME_delete(st, i) SKM_sk_delete(GENERAL_NAME, (st), (i)) -+# define sk_GENERAL_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAME, (st), (ptr)) -+# define sk_GENERAL_NAME_insert(st, val, i) SKM_sk_insert(GENERAL_NAME, (st), (val), (i)) -+# define sk_GENERAL_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAME, (st), (cmp)) -+# define sk_GENERAL_NAME_dup(st) SKM_sk_dup(GENERAL_NAME, st) -+# define sk_GENERAL_NAME_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAME, (st), (free_func)) -+# define sk_GENERAL_NAME_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(GENERAL_NAME, (st), (copy_func), (free_func)) -+# define sk_GENERAL_NAME_shift(st) SKM_sk_shift(GENERAL_NAME, (st)) -+# define sk_GENERAL_NAME_pop(st) SKM_sk_pop(GENERAL_NAME, (st)) -+# define sk_GENERAL_NAME_sort(st) SKM_sk_sort(GENERAL_NAME, (st)) -+# define sk_GENERAL_NAME_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAME, (st)) -+# define sk_GENERAL_NAMES_new(cmp) SKM_sk_new(GENERAL_NAMES, (cmp)) -+# define sk_GENERAL_NAMES_new_null() SKM_sk_new_null(GENERAL_NAMES) -+# define sk_GENERAL_NAMES_free(st) SKM_sk_free(GENERAL_NAMES, (st)) -+# define sk_GENERAL_NAMES_num(st) SKM_sk_num(GENERAL_NAMES, (st)) -+# define sk_GENERAL_NAMES_value(st, i) SKM_sk_value(GENERAL_NAMES, (st), (i)) -+# define sk_GENERAL_NAMES_set(st, i, val) SKM_sk_set(GENERAL_NAMES, (st), (i), (val)) -+# define sk_GENERAL_NAMES_zero(st) SKM_sk_zero(GENERAL_NAMES, (st)) -+# define sk_GENERAL_NAMES_push(st, val) SKM_sk_push(GENERAL_NAMES, (st), (val)) -+# define sk_GENERAL_NAMES_unshift(st, val) SKM_sk_unshift(GENERAL_NAMES, (st), (val)) -+# define sk_GENERAL_NAMES_find(st, val) SKM_sk_find(GENERAL_NAMES, (st), (val)) -+# define sk_GENERAL_NAMES_find_ex(st, val) SKM_sk_find_ex(GENERAL_NAMES, (st), (val)) -+# define sk_GENERAL_NAMES_delete(st, i) SKM_sk_delete(GENERAL_NAMES, (st), (i)) -+# define sk_GENERAL_NAMES_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAMES, (st), (ptr)) -+# define sk_GENERAL_NAMES_insert(st, val, i) SKM_sk_insert(GENERAL_NAMES, (st), (val), (i)) -+# define sk_GENERAL_NAMES_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAMES, (st), (cmp)) -+# define sk_GENERAL_NAMES_dup(st) SKM_sk_dup(GENERAL_NAMES, st) -+# define sk_GENERAL_NAMES_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAMES, (st), (free_func)) -+# define sk_GENERAL_NAMES_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(GENERAL_NAMES, (st), (copy_func), (free_func)) -+# define sk_GENERAL_NAMES_shift(st) SKM_sk_shift(GENERAL_NAMES, (st)) -+# define sk_GENERAL_NAMES_pop(st) SKM_sk_pop(GENERAL_NAMES, (st)) -+# define sk_GENERAL_NAMES_sort(st) SKM_sk_sort(GENERAL_NAMES, (st)) -+# define sk_GENERAL_NAMES_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAMES, (st)) -+# define sk_GENERAL_SUBTREE_new(cmp) SKM_sk_new(GENERAL_SUBTREE, (cmp)) -+# define sk_GENERAL_SUBTREE_new_null() SKM_sk_new_null(GENERAL_SUBTREE) -+# define sk_GENERAL_SUBTREE_free(st) SKM_sk_free(GENERAL_SUBTREE, (st)) -+# define sk_GENERAL_SUBTREE_num(st) SKM_sk_num(GENERAL_SUBTREE, (st)) -+# define sk_GENERAL_SUBTREE_value(st, i) SKM_sk_value(GENERAL_SUBTREE, (st), (i)) -+# define sk_GENERAL_SUBTREE_set(st, i, val) SKM_sk_set(GENERAL_SUBTREE, (st), (i), (val)) -+# define sk_GENERAL_SUBTREE_zero(st) SKM_sk_zero(GENERAL_SUBTREE, (st)) -+# define sk_GENERAL_SUBTREE_push(st, val) SKM_sk_push(GENERAL_SUBTREE, (st), (val)) -+# define sk_GENERAL_SUBTREE_unshift(st, val) SKM_sk_unshift(GENERAL_SUBTREE, (st), (val)) -+# define sk_GENERAL_SUBTREE_find(st, val) SKM_sk_find(GENERAL_SUBTREE, (st), (val)) -+# define sk_GENERAL_SUBTREE_find_ex(st, val) SKM_sk_find_ex(GENERAL_SUBTREE, (st), (val)) -+# define sk_GENERAL_SUBTREE_delete(st, i) SKM_sk_delete(GENERAL_SUBTREE, (st), (i)) -+# define sk_GENERAL_SUBTREE_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_SUBTREE, (st), (ptr)) -+# define sk_GENERAL_SUBTREE_insert(st, val, i) SKM_sk_insert(GENERAL_SUBTREE, (st), (val), (i)) -+# define sk_GENERAL_SUBTREE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_SUBTREE, (st), (cmp)) -+# define sk_GENERAL_SUBTREE_dup(st) SKM_sk_dup(GENERAL_SUBTREE, st) -+# define sk_GENERAL_SUBTREE_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_SUBTREE, (st), (free_func)) -+# define sk_GENERAL_SUBTREE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(GENERAL_SUBTREE, (st), (copy_func), (free_func)) -+# define sk_GENERAL_SUBTREE_shift(st) SKM_sk_shift(GENERAL_SUBTREE, (st)) -+# define sk_GENERAL_SUBTREE_pop(st) SKM_sk_pop(GENERAL_SUBTREE, (st)) -+# define sk_GENERAL_SUBTREE_sort(st) SKM_sk_sort(GENERAL_SUBTREE, (st)) -+# define sk_GENERAL_SUBTREE_is_sorted(st) SKM_sk_is_sorted(GENERAL_SUBTREE, (st)) -+# define sk_IPAddressFamily_new(cmp) SKM_sk_new(IPAddressFamily, (cmp)) -+# define sk_IPAddressFamily_new_null() SKM_sk_new_null(IPAddressFamily) -+# define sk_IPAddressFamily_free(st) SKM_sk_free(IPAddressFamily, (st)) -+# define sk_IPAddressFamily_num(st) SKM_sk_num(IPAddressFamily, (st)) -+# define sk_IPAddressFamily_value(st, i) SKM_sk_value(IPAddressFamily, (st), (i)) -+# define sk_IPAddressFamily_set(st, i, val) SKM_sk_set(IPAddressFamily, (st), (i), (val)) -+# define sk_IPAddressFamily_zero(st) SKM_sk_zero(IPAddressFamily, (st)) -+# define sk_IPAddressFamily_push(st, val) SKM_sk_push(IPAddressFamily, (st), (val)) -+# define sk_IPAddressFamily_unshift(st, val) SKM_sk_unshift(IPAddressFamily, (st), (val)) -+# define sk_IPAddressFamily_find(st, val) SKM_sk_find(IPAddressFamily, (st), (val)) -+# define sk_IPAddressFamily_find_ex(st, val) SKM_sk_find_ex(IPAddressFamily, (st), (val)) -+# define sk_IPAddressFamily_delete(st, i) SKM_sk_delete(IPAddressFamily, (st), (i)) -+# define sk_IPAddressFamily_delete_ptr(st, ptr) SKM_sk_delete_ptr(IPAddressFamily, (st), (ptr)) -+# define sk_IPAddressFamily_insert(st, val, i) SKM_sk_insert(IPAddressFamily, (st), (val), (i)) -+# define sk_IPAddressFamily_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(IPAddressFamily, (st), (cmp)) -+# define sk_IPAddressFamily_dup(st) SKM_sk_dup(IPAddressFamily, st) -+# define sk_IPAddressFamily_pop_free(st, free_func) SKM_sk_pop_free(IPAddressFamily, (st), (free_func)) -+# define sk_IPAddressFamily_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(IPAddressFamily, (st), (copy_func), (free_func)) -+# define sk_IPAddressFamily_shift(st) SKM_sk_shift(IPAddressFamily, (st)) -+# define sk_IPAddressFamily_pop(st) SKM_sk_pop(IPAddressFamily, (st)) -+# define sk_IPAddressFamily_sort(st) SKM_sk_sort(IPAddressFamily, (st)) -+# define sk_IPAddressFamily_is_sorted(st) SKM_sk_is_sorted(IPAddressFamily, (st)) -+# define sk_IPAddressOrRange_new(cmp) SKM_sk_new(IPAddressOrRange, (cmp)) -+# define sk_IPAddressOrRange_new_null() SKM_sk_new_null(IPAddressOrRange) -+# define sk_IPAddressOrRange_free(st) SKM_sk_free(IPAddressOrRange, (st)) -+# define sk_IPAddressOrRange_num(st) SKM_sk_num(IPAddressOrRange, (st)) -+# define sk_IPAddressOrRange_value(st, i) SKM_sk_value(IPAddressOrRange, (st), (i)) -+# define sk_IPAddressOrRange_set(st, i, val) SKM_sk_set(IPAddressOrRange, (st), (i), (val)) -+# define sk_IPAddressOrRange_zero(st) SKM_sk_zero(IPAddressOrRange, (st)) -+# define sk_IPAddressOrRange_push(st, val) SKM_sk_push(IPAddressOrRange, (st), (val)) -+# define sk_IPAddressOrRange_unshift(st, val) SKM_sk_unshift(IPAddressOrRange, (st), (val)) -+# define sk_IPAddressOrRange_find(st, val) SKM_sk_find(IPAddressOrRange, (st), (val)) -+# define sk_IPAddressOrRange_find_ex(st, val) SKM_sk_find_ex(IPAddressOrRange, (st), (val)) -+# define sk_IPAddressOrRange_delete(st, i) SKM_sk_delete(IPAddressOrRange, (st), (i)) -+# define sk_IPAddressOrRange_delete_ptr(st, ptr) SKM_sk_delete_ptr(IPAddressOrRange, (st), (ptr)) -+# define sk_IPAddressOrRange_insert(st, val, i) SKM_sk_insert(IPAddressOrRange, (st), (val), (i)) -+# define sk_IPAddressOrRange_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(IPAddressOrRange, (st), (cmp)) -+# define sk_IPAddressOrRange_dup(st) SKM_sk_dup(IPAddressOrRange, st) -+# define sk_IPAddressOrRange_pop_free(st, free_func) SKM_sk_pop_free(IPAddressOrRange, (st), (free_func)) -+# define sk_IPAddressOrRange_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(IPAddressOrRange, (st), (copy_func), (free_func)) -+# define sk_IPAddressOrRange_shift(st) SKM_sk_shift(IPAddressOrRange, (st)) -+# define sk_IPAddressOrRange_pop(st) SKM_sk_pop(IPAddressOrRange, (st)) -+# define sk_IPAddressOrRange_sort(st) SKM_sk_sort(IPAddressOrRange, (st)) -+# define sk_IPAddressOrRange_is_sorted(st) SKM_sk_is_sorted(IPAddressOrRange, (st)) -+# define sk_KRB5_APREQBODY_new(cmp) SKM_sk_new(KRB5_APREQBODY, (cmp)) -+# define sk_KRB5_APREQBODY_new_null() SKM_sk_new_null(KRB5_APREQBODY) -+# define sk_KRB5_APREQBODY_free(st) SKM_sk_free(KRB5_APREQBODY, (st)) -+# define sk_KRB5_APREQBODY_num(st) SKM_sk_num(KRB5_APREQBODY, (st)) -+# define sk_KRB5_APREQBODY_value(st, i) SKM_sk_value(KRB5_APREQBODY, (st), (i)) -+# define sk_KRB5_APREQBODY_set(st, i, val) SKM_sk_set(KRB5_APREQBODY, (st), (i), (val)) -+# define sk_KRB5_APREQBODY_zero(st) SKM_sk_zero(KRB5_APREQBODY, (st)) -+# define sk_KRB5_APREQBODY_push(st, val) SKM_sk_push(KRB5_APREQBODY, (st), (val)) -+# define sk_KRB5_APREQBODY_unshift(st, val) SKM_sk_unshift(KRB5_APREQBODY, (st), (val)) -+# define sk_KRB5_APREQBODY_find(st, val) SKM_sk_find(KRB5_APREQBODY, (st), (val)) -+# define sk_KRB5_APREQBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_APREQBODY, (st), (val)) -+# define sk_KRB5_APREQBODY_delete(st, i) SKM_sk_delete(KRB5_APREQBODY, (st), (i)) -+# define sk_KRB5_APREQBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_APREQBODY, (st), (ptr)) -+# define sk_KRB5_APREQBODY_insert(st, val, i) SKM_sk_insert(KRB5_APREQBODY, (st), (val), (i)) -+# define sk_KRB5_APREQBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_APREQBODY, (st), (cmp)) -+# define sk_KRB5_APREQBODY_dup(st) SKM_sk_dup(KRB5_APREQBODY, st) -+# define sk_KRB5_APREQBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_APREQBODY, (st), (free_func)) -+# define sk_KRB5_APREQBODY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_APREQBODY, (st), (copy_func), (free_func)) -+# define sk_KRB5_APREQBODY_shift(st) SKM_sk_shift(KRB5_APREQBODY, (st)) -+# define sk_KRB5_APREQBODY_pop(st) SKM_sk_pop(KRB5_APREQBODY, (st)) -+# define sk_KRB5_APREQBODY_sort(st) SKM_sk_sort(KRB5_APREQBODY, (st)) -+# define sk_KRB5_APREQBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_APREQBODY, (st)) -+# define sk_KRB5_AUTHDATA_new(cmp) SKM_sk_new(KRB5_AUTHDATA, (cmp)) -+# define sk_KRB5_AUTHDATA_new_null() SKM_sk_new_null(KRB5_AUTHDATA) -+# define sk_KRB5_AUTHDATA_free(st) SKM_sk_free(KRB5_AUTHDATA, (st)) -+# define sk_KRB5_AUTHDATA_num(st) SKM_sk_num(KRB5_AUTHDATA, (st)) -+# define sk_KRB5_AUTHDATA_value(st, i) SKM_sk_value(KRB5_AUTHDATA, (st), (i)) -+# define sk_KRB5_AUTHDATA_set(st, i, val) SKM_sk_set(KRB5_AUTHDATA, (st), (i), (val)) -+# define sk_KRB5_AUTHDATA_zero(st) SKM_sk_zero(KRB5_AUTHDATA, (st)) -+# define sk_KRB5_AUTHDATA_push(st, val) SKM_sk_push(KRB5_AUTHDATA, (st), (val)) -+# define sk_KRB5_AUTHDATA_unshift(st, val) SKM_sk_unshift(KRB5_AUTHDATA, (st), (val)) -+# define sk_KRB5_AUTHDATA_find(st, val) SKM_sk_find(KRB5_AUTHDATA, (st), (val)) -+# define sk_KRB5_AUTHDATA_find_ex(st, val) SKM_sk_find_ex(KRB5_AUTHDATA, (st), (val)) -+# define sk_KRB5_AUTHDATA_delete(st, i) SKM_sk_delete(KRB5_AUTHDATA, (st), (i)) -+# define sk_KRB5_AUTHDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHDATA, (st), (ptr)) -+# define sk_KRB5_AUTHDATA_insert(st, val, i) SKM_sk_insert(KRB5_AUTHDATA, (st), (val), (i)) -+# define sk_KRB5_AUTHDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHDATA, (st), (cmp)) -+# define sk_KRB5_AUTHDATA_dup(st) SKM_sk_dup(KRB5_AUTHDATA, st) -+# define sk_KRB5_AUTHDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHDATA, (st), (free_func)) -+# define sk_KRB5_AUTHDATA_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_AUTHDATA, (st), (copy_func), (free_func)) -+# define sk_KRB5_AUTHDATA_shift(st) SKM_sk_shift(KRB5_AUTHDATA, (st)) -+# define sk_KRB5_AUTHDATA_pop(st) SKM_sk_pop(KRB5_AUTHDATA, (st)) -+# define sk_KRB5_AUTHDATA_sort(st) SKM_sk_sort(KRB5_AUTHDATA, (st)) -+# define sk_KRB5_AUTHDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHDATA, (st)) -+# define sk_KRB5_AUTHENTBODY_new(cmp) SKM_sk_new(KRB5_AUTHENTBODY, (cmp)) -+# define sk_KRB5_AUTHENTBODY_new_null() SKM_sk_new_null(KRB5_AUTHENTBODY) -+# define sk_KRB5_AUTHENTBODY_free(st) SKM_sk_free(KRB5_AUTHENTBODY, (st)) -+# define sk_KRB5_AUTHENTBODY_num(st) SKM_sk_num(KRB5_AUTHENTBODY, (st)) -+# define sk_KRB5_AUTHENTBODY_value(st, i) SKM_sk_value(KRB5_AUTHENTBODY, (st), (i)) -+# define sk_KRB5_AUTHENTBODY_set(st, i, val) SKM_sk_set(KRB5_AUTHENTBODY, (st), (i), (val)) -+# define sk_KRB5_AUTHENTBODY_zero(st) SKM_sk_zero(KRB5_AUTHENTBODY, (st)) -+# define sk_KRB5_AUTHENTBODY_push(st, val) SKM_sk_push(KRB5_AUTHENTBODY, (st), (val)) -+# define sk_KRB5_AUTHENTBODY_unshift(st, val) SKM_sk_unshift(KRB5_AUTHENTBODY, (st), (val)) -+# define sk_KRB5_AUTHENTBODY_find(st, val) SKM_sk_find(KRB5_AUTHENTBODY, (st), (val)) -+# define sk_KRB5_AUTHENTBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_AUTHENTBODY, (st), (val)) -+# define sk_KRB5_AUTHENTBODY_delete(st, i) SKM_sk_delete(KRB5_AUTHENTBODY, (st), (i)) -+# define sk_KRB5_AUTHENTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHENTBODY, (st), (ptr)) -+# define sk_KRB5_AUTHENTBODY_insert(st, val, i) SKM_sk_insert(KRB5_AUTHENTBODY, (st), (val), (i)) -+# define sk_KRB5_AUTHENTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHENTBODY, (st), (cmp)) -+# define sk_KRB5_AUTHENTBODY_dup(st) SKM_sk_dup(KRB5_AUTHENTBODY, st) -+# define sk_KRB5_AUTHENTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHENTBODY, (st), (free_func)) -+# define sk_KRB5_AUTHENTBODY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_AUTHENTBODY, (st), (copy_func), (free_func)) -+# define sk_KRB5_AUTHENTBODY_shift(st) SKM_sk_shift(KRB5_AUTHENTBODY, (st)) -+# define sk_KRB5_AUTHENTBODY_pop(st) SKM_sk_pop(KRB5_AUTHENTBODY, (st)) -+# define sk_KRB5_AUTHENTBODY_sort(st) SKM_sk_sort(KRB5_AUTHENTBODY, (st)) -+# define sk_KRB5_AUTHENTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHENTBODY, (st)) -+# define sk_KRB5_CHECKSUM_new(cmp) SKM_sk_new(KRB5_CHECKSUM, (cmp)) -+# define sk_KRB5_CHECKSUM_new_null() SKM_sk_new_null(KRB5_CHECKSUM) -+# define sk_KRB5_CHECKSUM_free(st) SKM_sk_free(KRB5_CHECKSUM, (st)) -+# define sk_KRB5_CHECKSUM_num(st) SKM_sk_num(KRB5_CHECKSUM, (st)) -+# define sk_KRB5_CHECKSUM_value(st, i) SKM_sk_value(KRB5_CHECKSUM, (st), (i)) -+# define sk_KRB5_CHECKSUM_set(st, i, val) SKM_sk_set(KRB5_CHECKSUM, (st), (i), (val)) -+# define sk_KRB5_CHECKSUM_zero(st) SKM_sk_zero(KRB5_CHECKSUM, (st)) -+# define sk_KRB5_CHECKSUM_push(st, val) SKM_sk_push(KRB5_CHECKSUM, (st), (val)) -+# define sk_KRB5_CHECKSUM_unshift(st, val) SKM_sk_unshift(KRB5_CHECKSUM, (st), (val)) -+# define sk_KRB5_CHECKSUM_find(st, val) SKM_sk_find(KRB5_CHECKSUM, (st), (val)) -+# define sk_KRB5_CHECKSUM_find_ex(st, val) SKM_sk_find_ex(KRB5_CHECKSUM, (st), (val)) -+# define sk_KRB5_CHECKSUM_delete(st, i) SKM_sk_delete(KRB5_CHECKSUM, (st), (i)) -+# define sk_KRB5_CHECKSUM_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_CHECKSUM, (st), (ptr)) -+# define sk_KRB5_CHECKSUM_insert(st, val, i) SKM_sk_insert(KRB5_CHECKSUM, (st), (val), (i)) -+# define sk_KRB5_CHECKSUM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_CHECKSUM, (st), (cmp)) -+# define sk_KRB5_CHECKSUM_dup(st) SKM_sk_dup(KRB5_CHECKSUM, st) -+# define sk_KRB5_CHECKSUM_pop_free(st, free_func) SKM_sk_pop_free(KRB5_CHECKSUM, (st), (free_func)) -+# define sk_KRB5_CHECKSUM_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_CHECKSUM, (st), (copy_func), (free_func)) -+# define sk_KRB5_CHECKSUM_shift(st) SKM_sk_shift(KRB5_CHECKSUM, (st)) -+# define sk_KRB5_CHECKSUM_pop(st) SKM_sk_pop(KRB5_CHECKSUM, (st)) -+# define sk_KRB5_CHECKSUM_sort(st) SKM_sk_sort(KRB5_CHECKSUM, (st)) -+# define sk_KRB5_CHECKSUM_is_sorted(st) SKM_sk_is_sorted(KRB5_CHECKSUM, (st)) -+# define sk_KRB5_ENCDATA_new(cmp) SKM_sk_new(KRB5_ENCDATA, (cmp)) -+# define sk_KRB5_ENCDATA_new_null() SKM_sk_new_null(KRB5_ENCDATA) -+# define sk_KRB5_ENCDATA_free(st) SKM_sk_free(KRB5_ENCDATA, (st)) -+# define sk_KRB5_ENCDATA_num(st) SKM_sk_num(KRB5_ENCDATA, (st)) -+# define sk_KRB5_ENCDATA_value(st, i) SKM_sk_value(KRB5_ENCDATA, (st), (i)) -+# define sk_KRB5_ENCDATA_set(st, i, val) SKM_sk_set(KRB5_ENCDATA, (st), (i), (val)) -+# define sk_KRB5_ENCDATA_zero(st) SKM_sk_zero(KRB5_ENCDATA, (st)) -+# define sk_KRB5_ENCDATA_push(st, val) SKM_sk_push(KRB5_ENCDATA, (st), (val)) -+# define sk_KRB5_ENCDATA_unshift(st, val) SKM_sk_unshift(KRB5_ENCDATA, (st), (val)) -+# define sk_KRB5_ENCDATA_find(st, val) SKM_sk_find(KRB5_ENCDATA, (st), (val)) -+# define sk_KRB5_ENCDATA_find_ex(st, val) SKM_sk_find_ex(KRB5_ENCDATA, (st), (val)) -+# define sk_KRB5_ENCDATA_delete(st, i) SKM_sk_delete(KRB5_ENCDATA, (st), (i)) -+# define sk_KRB5_ENCDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCDATA, (st), (ptr)) -+# define sk_KRB5_ENCDATA_insert(st, val, i) SKM_sk_insert(KRB5_ENCDATA, (st), (val), (i)) -+# define sk_KRB5_ENCDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCDATA, (st), (cmp)) -+# define sk_KRB5_ENCDATA_dup(st) SKM_sk_dup(KRB5_ENCDATA, st) -+# define sk_KRB5_ENCDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCDATA, (st), (free_func)) -+# define sk_KRB5_ENCDATA_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_ENCDATA, (st), (copy_func), (free_func)) -+# define sk_KRB5_ENCDATA_shift(st) SKM_sk_shift(KRB5_ENCDATA, (st)) -+# define sk_KRB5_ENCDATA_pop(st) SKM_sk_pop(KRB5_ENCDATA, (st)) -+# define sk_KRB5_ENCDATA_sort(st) SKM_sk_sort(KRB5_ENCDATA, (st)) -+# define sk_KRB5_ENCDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCDATA, (st)) -+# define sk_KRB5_ENCKEY_new(cmp) SKM_sk_new(KRB5_ENCKEY, (cmp)) -+# define sk_KRB5_ENCKEY_new_null() SKM_sk_new_null(KRB5_ENCKEY) -+# define sk_KRB5_ENCKEY_free(st) SKM_sk_free(KRB5_ENCKEY, (st)) -+# define sk_KRB5_ENCKEY_num(st) SKM_sk_num(KRB5_ENCKEY, (st)) -+# define sk_KRB5_ENCKEY_value(st, i) SKM_sk_value(KRB5_ENCKEY, (st), (i)) -+# define sk_KRB5_ENCKEY_set(st, i, val) SKM_sk_set(KRB5_ENCKEY, (st), (i), (val)) -+# define sk_KRB5_ENCKEY_zero(st) SKM_sk_zero(KRB5_ENCKEY, (st)) -+# define sk_KRB5_ENCKEY_push(st, val) SKM_sk_push(KRB5_ENCKEY, (st), (val)) -+# define sk_KRB5_ENCKEY_unshift(st, val) SKM_sk_unshift(KRB5_ENCKEY, (st), (val)) -+# define sk_KRB5_ENCKEY_find(st, val) SKM_sk_find(KRB5_ENCKEY, (st), (val)) -+# define sk_KRB5_ENCKEY_find_ex(st, val) SKM_sk_find_ex(KRB5_ENCKEY, (st), (val)) -+# define sk_KRB5_ENCKEY_delete(st, i) SKM_sk_delete(KRB5_ENCKEY, (st), (i)) -+# define sk_KRB5_ENCKEY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCKEY, (st), (ptr)) -+# define sk_KRB5_ENCKEY_insert(st, val, i) SKM_sk_insert(KRB5_ENCKEY, (st), (val), (i)) -+# define sk_KRB5_ENCKEY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCKEY, (st), (cmp)) -+# define sk_KRB5_ENCKEY_dup(st) SKM_sk_dup(KRB5_ENCKEY, st) -+# define sk_KRB5_ENCKEY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCKEY, (st), (free_func)) -+# define sk_KRB5_ENCKEY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_ENCKEY, (st), (copy_func), (free_func)) -+# define sk_KRB5_ENCKEY_shift(st) SKM_sk_shift(KRB5_ENCKEY, (st)) -+# define sk_KRB5_ENCKEY_pop(st) SKM_sk_pop(KRB5_ENCKEY, (st)) -+# define sk_KRB5_ENCKEY_sort(st) SKM_sk_sort(KRB5_ENCKEY, (st)) -+# define sk_KRB5_ENCKEY_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCKEY, (st)) -+# define sk_KRB5_PRINCNAME_new(cmp) SKM_sk_new(KRB5_PRINCNAME, (cmp)) -+# define sk_KRB5_PRINCNAME_new_null() SKM_sk_new_null(KRB5_PRINCNAME) -+# define sk_KRB5_PRINCNAME_free(st) SKM_sk_free(KRB5_PRINCNAME, (st)) -+# define sk_KRB5_PRINCNAME_num(st) SKM_sk_num(KRB5_PRINCNAME, (st)) -+# define sk_KRB5_PRINCNAME_value(st, i) SKM_sk_value(KRB5_PRINCNAME, (st), (i)) -+# define sk_KRB5_PRINCNAME_set(st, i, val) SKM_sk_set(KRB5_PRINCNAME, (st), (i), (val)) -+# define sk_KRB5_PRINCNAME_zero(st) SKM_sk_zero(KRB5_PRINCNAME, (st)) -+# define sk_KRB5_PRINCNAME_push(st, val) SKM_sk_push(KRB5_PRINCNAME, (st), (val)) -+# define sk_KRB5_PRINCNAME_unshift(st, val) SKM_sk_unshift(KRB5_PRINCNAME, (st), (val)) -+# define sk_KRB5_PRINCNAME_find(st, val) SKM_sk_find(KRB5_PRINCNAME, (st), (val)) -+# define sk_KRB5_PRINCNAME_find_ex(st, val) SKM_sk_find_ex(KRB5_PRINCNAME, (st), (val)) -+# define sk_KRB5_PRINCNAME_delete(st, i) SKM_sk_delete(KRB5_PRINCNAME, (st), (i)) -+# define sk_KRB5_PRINCNAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_PRINCNAME, (st), (ptr)) -+# define sk_KRB5_PRINCNAME_insert(st, val, i) SKM_sk_insert(KRB5_PRINCNAME, (st), (val), (i)) -+# define sk_KRB5_PRINCNAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_PRINCNAME, (st), (cmp)) -+# define sk_KRB5_PRINCNAME_dup(st) SKM_sk_dup(KRB5_PRINCNAME, st) -+# define sk_KRB5_PRINCNAME_pop_free(st, free_func) SKM_sk_pop_free(KRB5_PRINCNAME, (st), (free_func)) -+# define sk_KRB5_PRINCNAME_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_PRINCNAME, (st), (copy_func), (free_func)) -+# define sk_KRB5_PRINCNAME_shift(st) SKM_sk_shift(KRB5_PRINCNAME, (st)) -+# define sk_KRB5_PRINCNAME_pop(st) SKM_sk_pop(KRB5_PRINCNAME, (st)) -+# define sk_KRB5_PRINCNAME_sort(st) SKM_sk_sort(KRB5_PRINCNAME, (st)) -+# define sk_KRB5_PRINCNAME_is_sorted(st) SKM_sk_is_sorted(KRB5_PRINCNAME, (st)) -+# define sk_KRB5_TKTBODY_new(cmp) SKM_sk_new(KRB5_TKTBODY, (cmp)) -+# define sk_KRB5_TKTBODY_new_null() SKM_sk_new_null(KRB5_TKTBODY) -+# define sk_KRB5_TKTBODY_free(st) SKM_sk_free(KRB5_TKTBODY, (st)) -+# define sk_KRB5_TKTBODY_num(st) SKM_sk_num(KRB5_TKTBODY, (st)) -+# define sk_KRB5_TKTBODY_value(st, i) SKM_sk_value(KRB5_TKTBODY, (st), (i)) -+# define sk_KRB5_TKTBODY_set(st, i, val) SKM_sk_set(KRB5_TKTBODY, (st), (i), (val)) -+# define sk_KRB5_TKTBODY_zero(st) SKM_sk_zero(KRB5_TKTBODY, (st)) -+# define sk_KRB5_TKTBODY_push(st, val) SKM_sk_push(KRB5_TKTBODY, (st), (val)) -+# define sk_KRB5_TKTBODY_unshift(st, val) SKM_sk_unshift(KRB5_TKTBODY, (st), (val)) -+# define sk_KRB5_TKTBODY_find(st, val) SKM_sk_find(KRB5_TKTBODY, (st), (val)) -+# define sk_KRB5_TKTBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_TKTBODY, (st), (val)) -+# define sk_KRB5_TKTBODY_delete(st, i) SKM_sk_delete(KRB5_TKTBODY, (st), (i)) -+# define sk_KRB5_TKTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_TKTBODY, (st), (ptr)) -+# define sk_KRB5_TKTBODY_insert(st, val, i) SKM_sk_insert(KRB5_TKTBODY, (st), (val), (i)) -+# define sk_KRB5_TKTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_TKTBODY, (st), (cmp)) -+# define sk_KRB5_TKTBODY_dup(st) SKM_sk_dup(KRB5_TKTBODY, st) -+# define sk_KRB5_TKTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_TKTBODY, (st), (free_func)) -+# define sk_KRB5_TKTBODY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_TKTBODY, (st), (copy_func), (free_func)) -+# define sk_KRB5_TKTBODY_shift(st) SKM_sk_shift(KRB5_TKTBODY, (st)) -+# define sk_KRB5_TKTBODY_pop(st) SKM_sk_pop(KRB5_TKTBODY, (st)) -+# define sk_KRB5_TKTBODY_sort(st) SKM_sk_sort(KRB5_TKTBODY, (st)) -+# define sk_KRB5_TKTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_TKTBODY, (st)) -+# define sk_MEM_OBJECT_DATA_new(cmp) SKM_sk_new(MEM_OBJECT_DATA, (cmp)) -+# define sk_MEM_OBJECT_DATA_new_null() SKM_sk_new_null(MEM_OBJECT_DATA) -+# define sk_MEM_OBJECT_DATA_free(st) SKM_sk_free(MEM_OBJECT_DATA, (st)) -+# define sk_MEM_OBJECT_DATA_num(st) SKM_sk_num(MEM_OBJECT_DATA, (st)) -+# define sk_MEM_OBJECT_DATA_value(st, i) SKM_sk_value(MEM_OBJECT_DATA, (st), (i)) -+# define sk_MEM_OBJECT_DATA_set(st, i, val) SKM_sk_set(MEM_OBJECT_DATA, (st), (i), (val)) -+# define sk_MEM_OBJECT_DATA_zero(st) SKM_sk_zero(MEM_OBJECT_DATA, (st)) -+# define sk_MEM_OBJECT_DATA_push(st, val) SKM_sk_push(MEM_OBJECT_DATA, (st), (val)) -+# define sk_MEM_OBJECT_DATA_unshift(st, val) SKM_sk_unshift(MEM_OBJECT_DATA, (st), (val)) -+# define sk_MEM_OBJECT_DATA_find(st, val) SKM_sk_find(MEM_OBJECT_DATA, (st), (val)) -+# define sk_MEM_OBJECT_DATA_find_ex(st, val) SKM_sk_find_ex(MEM_OBJECT_DATA, (st), (val)) -+# define sk_MEM_OBJECT_DATA_delete(st, i) SKM_sk_delete(MEM_OBJECT_DATA, (st), (i)) -+# define sk_MEM_OBJECT_DATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(MEM_OBJECT_DATA, (st), (ptr)) -+# define sk_MEM_OBJECT_DATA_insert(st, val, i) SKM_sk_insert(MEM_OBJECT_DATA, (st), (val), (i)) -+# define sk_MEM_OBJECT_DATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MEM_OBJECT_DATA, (st), (cmp)) -+# define sk_MEM_OBJECT_DATA_dup(st) SKM_sk_dup(MEM_OBJECT_DATA, st) -+# define sk_MEM_OBJECT_DATA_pop_free(st, free_func) SKM_sk_pop_free(MEM_OBJECT_DATA, (st), (free_func)) -+# define sk_MEM_OBJECT_DATA_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(MEM_OBJECT_DATA, (st), (copy_func), (free_func)) -+# define sk_MEM_OBJECT_DATA_shift(st) SKM_sk_shift(MEM_OBJECT_DATA, (st)) -+# define sk_MEM_OBJECT_DATA_pop(st) SKM_sk_pop(MEM_OBJECT_DATA, (st)) -+# define sk_MEM_OBJECT_DATA_sort(st) SKM_sk_sort(MEM_OBJECT_DATA, (st)) -+# define sk_MEM_OBJECT_DATA_is_sorted(st) SKM_sk_is_sorted(MEM_OBJECT_DATA, (st)) -+# define sk_MIME_HEADER_new(cmp) SKM_sk_new(MIME_HEADER, (cmp)) -+# define sk_MIME_HEADER_new_null() SKM_sk_new_null(MIME_HEADER) -+# define sk_MIME_HEADER_free(st) SKM_sk_free(MIME_HEADER, (st)) -+# define sk_MIME_HEADER_num(st) SKM_sk_num(MIME_HEADER, (st)) -+# define sk_MIME_HEADER_value(st, i) SKM_sk_value(MIME_HEADER, (st), (i)) -+# define sk_MIME_HEADER_set(st, i, val) SKM_sk_set(MIME_HEADER, (st), (i), (val)) -+# define sk_MIME_HEADER_zero(st) SKM_sk_zero(MIME_HEADER, (st)) -+# define sk_MIME_HEADER_push(st, val) SKM_sk_push(MIME_HEADER, (st), (val)) -+# define sk_MIME_HEADER_unshift(st, val) SKM_sk_unshift(MIME_HEADER, (st), (val)) -+# define sk_MIME_HEADER_find(st, val) SKM_sk_find(MIME_HEADER, (st), (val)) -+# define sk_MIME_HEADER_find_ex(st, val) SKM_sk_find_ex(MIME_HEADER, (st), (val)) -+# define sk_MIME_HEADER_delete(st, i) SKM_sk_delete(MIME_HEADER, (st), (i)) -+# define sk_MIME_HEADER_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_HEADER, (st), (ptr)) -+# define sk_MIME_HEADER_insert(st, val, i) SKM_sk_insert(MIME_HEADER, (st), (val), (i)) -+# define sk_MIME_HEADER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_HEADER, (st), (cmp)) -+# define sk_MIME_HEADER_dup(st) SKM_sk_dup(MIME_HEADER, st) -+# define sk_MIME_HEADER_pop_free(st, free_func) SKM_sk_pop_free(MIME_HEADER, (st), (free_func)) -+# define sk_MIME_HEADER_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(MIME_HEADER, (st), (copy_func), (free_func)) -+# define sk_MIME_HEADER_shift(st) SKM_sk_shift(MIME_HEADER, (st)) -+# define sk_MIME_HEADER_pop(st) SKM_sk_pop(MIME_HEADER, (st)) -+# define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st)) -+# define sk_MIME_HEADER_is_sorted(st) SKM_sk_is_sorted(MIME_HEADER, (st)) -+# define sk_MIME_PARAM_new(cmp) SKM_sk_new(MIME_PARAM, (cmp)) -+# define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM) -+# define sk_MIME_PARAM_free(st) SKM_sk_free(MIME_PARAM, (st)) -+# define sk_MIME_PARAM_num(st) SKM_sk_num(MIME_PARAM, (st)) -+# define sk_MIME_PARAM_value(st, i) SKM_sk_value(MIME_PARAM, (st), (i)) -+# define sk_MIME_PARAM_set(st, i, val) SKM_sk_set(MIME_PARAM, (st), (i), (val)) -+# define sk_MIME_PARAM_zero(st) SKM_sk_zero(MIME_PARAM, (st)) -+# define sk_MIME_PARAM_push(st, val) SKM_sk_push(MIME_PARAM, (st), (val)) -+# define sk_MIME_PARAM_unshift(st, val) SKM_sk_unshift(MIME_PARAM, (st), (val)) -+# define sk_MIME_PARAM_find(st, val) SKM_sk_find(MIME_PARAM, (st), (val)) -+# define sk_MIME_PARAM_find_ex(st, val) SKM_sk_find_ex(MIME_PARAM, (st), (val)) -+# define sk_MIME_PARAM_delete(st, i) SKM_sk_delete(MIME_PARAM, (st), (i)) -+# define sk_MIME_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_PARAM, (st), (ptr)) -+# define sk_MIME_PARAM_insert(st, val, i) SKM_sk_insert(MIME_PARAM, (st), (val), (i)) -+# define sk_MIME_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_PARAM, (st), (cmp)) -+# define sk_MIME_PARAM_dup(st) SKM_sk_dup(MIME_PARAM, st) -+# define sk_MIME_PARAM_pop_free(st, free_func) SKM_sk_pop_free(MIME_PARAM, (st), (free_func)) -+# define sk_MIME_PARAM_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(MIME_PARAM, (st), (copy_func), (free_func)) -+# define sk_MIME_PARAM_shift(st) SKM_sk_shift(MIME_PARAM, (st)) -+# define sk_MIME_PARAM_pop(st) SKM_sk_pop(MIME_PARAM, (st)) -+# define sk_MIME_PARAM_sort(st) SKM_sk_sort(MIME_PARAM, (st)) -+# define sk_MIME_PARAM_is_sorted(st) SKM_sk_is_sorted(MIME_PARAM, (st)) -+# define sk_NAME_FUNCS_new(cmp) SKM_sk_new(NAME_FUNCS, (cmp)) -+# define sk_NAME_FUNCS_new_null() SKM_sk_new_null(NAME_FUNCS) -+# define sk_NAME_FUNCS_free(st) SKM_sk_free(NAME_FUNCS, (st)) -+# define sk_NAME_FUNCS_num(st) SKM_sk_num(NAME_FUNCS, (st)) -+# define sk_NAME_FUNCS_value(st, i) SKM_sk_value(NAME_FUNCS, (st), (i)) -+# define sk_NAME_FUNCS_set(st, i, val) SKM_sk_set(NAME_FUNCS, (st), (i), (val)) -+# define sk_NAME_FUNCS_zero(st) SKM_sk_zero(NAME_FUNCS, (st)) -+# define sk_NAME_FUNCS_push(st, val) SKM_sk_push(NAME_FUNCS, (st), (val)) -+# define sk_NAME_FUNCS_unshift(st, val) SKM_sk_unshift(NAME_FUNCS, (st), (val)) -+# define sk_NAME_FUNCS_find(st, val) SKM_sk_find(NAME_FUNCS, (st), (val)) -+# define sk_NAME_FUNCS_find_ex(st, val) SKM_sk_find_ex(NAME_FUNCS, (st), (val)) -+# define sk_NAME_FUNCS_delete(st, i) SKM_sk_delete(NAME_FUNCS, (st), (i)) -+# define sk_NAME_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(NAME_FUNCS, (st), (ptr)) -+# define sk_NAME_FUNCS_insert(st, val, i) SKM_sk_insert(NAME_FUNCS, (st), (val), (i)) -+# define sk_NAME_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(NAME_FUNCS, (st), (cmp)) -+# define sk_NAME_FUNCS_dup(st) SKM_sk_dup(NAME_FUNCS, st) -+# define sk_NAME_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(NAME_FUNCS, (st), (free_func)) -+# define sk_NAME_FUNCS_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(NAME_FUNCS, (st), (copy_func), (free_func)) -+# define sk_NAME_FUNCS_shift(st) SKM_sk_shift(NAME_FUNCS, (st)) -+# define sk_NAME_FUNCS_pop(st) SKM_sk_pop(NAME_FUNCS, (st)) -+# define sk_NAME_FUNCS_sort(st) SKM_sk_sort(NAME_FUNCS, (st)) -+# define sk_NAME_FUNCS_is_sorted(st) SKM_sk_is_sorted(NAME_FUNCS, (st)) -+# define sk_OCSP_CERTID_new(cmp) SKM_sk_new(OCSP_CERTID, (cmp)) -+# define sk_OCSP_CERTID_new_null() SKM_sk_new_null(OCSP_CERTID) -+# define sk_OCSP_CERTID_free(st) SKM_sk_free(OCSP_CERTID, (st)) -+# define sk_OCSP_CERTID_num(st) SKM_sk_num(OCSP_CERTID, (st)) -+# define sk_OCSP_CERTID_value(st, i) SKM_sk_value(OCSP_CERTID, (st), (i)) -+# define sk_OCSP_CERTID_set(st, i, val) SKM_sk_set(OCSP_CERTID, (st), (i), (val)) -+# define sk_OCSP_CERTID_zero(st) SKM_sk_zero(OCSP_CERTID, (st)) -+# define sk_OCSP_CERTID_push(st, val) SKM_sk_push(OCSP_CERTID, (st), (val)) -+# define sk_OCSP_CERTID_unshift(st, val) SKM_sk_unshift(OCSP_CERTID, (st), (val)) -+# define sk_OCSP_CERTID_find(st, val) SKM_sk_find(OCSP_CERTID, (st), (val)) -+# define sk_OCSP_CERTID_find_ex(st, val) SKM_sk_find_ex(OCSP_CERTID, (st), (val)) -+# define sk_OCSP_CERTID_delete(st, i) SKM_sk_delete(OCSP_CERTID, (st), (i)) -+# define sk_OCSP_CERTID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_CERTID, (st), (ptr)) -+# define sk_OCSP_CERTID_insert(st, val, i) SKM_sk_insert(OCSP_CERTID, (st), (val), (i)) -+# define sk_OCSP_CERTID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_CERTID, (st), (cmp)) -+# define sk_OCSP_CERTID_dup(st) SKM_sk_dup(OCSP_CERTID, st) -+# define sk_OCSP_CERTID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_CERTID, (st), (free_func)) -+# define sk_OCSP_CERTID_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(OCSP_CERTID, (st), (copy_func), (free_func)) -+# define sk_OCSP_CERTID_shift(st) SKM_sk_shift(OCSP_CERTID, (st)) -+# define sk_OCSP_CERTID_pop(st) SKM_sk_pop(OCSP_CERTID, (st)) -+# define sk_OCSP_CERTID_sort(st) SKM_sk_sort(OCSP_CERTID, (st)) -+# define sk_OCSP_CERTID_is_sorted(st) SKM_sk_is_sorted(OCSP_CERTID, (st)) -+# define sk_OCSP_ONEREQ_new(cmp) SKM_sk_new(OCSP_ONEREQ, (cmp)) -+# define sk_OCSP_ONEREQ_new_null() SKM_sk_new_null(OCSP_ONEREQ) -+# define sk_OCSP_ONEREQ_free(st) SKM_sk_free(OCSP_ONEREQ, (st)) -+# define sk_OCSP_ONEREQ_num(st) SKM_sk_num(OCSP_ONEREQ, (st)) -+# define sk_OCSP_ONEREQ_value(st, i) SKM_sk_value(OCSP_ONEREQ, (st), (i)) -+# define sk_OCSP_ONEREQ_set(st, i, val) SKM_sk_set(OCSP_ONEREQ, (st), (i), (val)) -+# define sk_OCSP_ONEREQ_zero(st) SKM_sk_zero(OCSP_ONEREQ, (st)) -+# define sk_OCSP_ONEREQ_push(st, val) SKM_sk_push(OCSP_ONEREQ, (st), (val)) -+# define sk_OCSP_ONEREQ_unshift(st, val) SKM_sk_unshift(OCSP_ONEREQ, (st), (val)) -+# define sk_OCSP_ONEREQ_find(st, val) SKM_sk_find(OCSP_ONEREQ, (st), (val)) -+# define sk_OCSP_ONEREQ_find_ex(st, val) SKM_sk_find_ex(OCSP_ONEREQ, (st), (val)) -+# define sk_OCSP_ONEREQ_delete(st, i) SKM_sk_delete(OCSP_ONEREQ, (st), (i)) -+# define sk_OCSP_ONEREQ_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_ONEREQ, (st), (ptr)) -+# define sk_OCSP_ONEREQ_insert(st, val, i) SKM_sk_insert(OCSP_ONEREQ, (st), (val), (i)) -+# define sk_OCSP_ONEREQ_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_ONEREQ, (st), (cmp)) -+# define sk_OCSP_ONEREQ_dup(st) SKM_sk_dup(OCSP_ONEREQ, st) -+# define sk_OCSP_ONEREQ_pop_free(st, free_func) SKM_sk_pop_free(OCSP_ONEREQ, (st), (free_func)) -+# define sk_OCSP_ONEREQ_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(OCSP_ONEREQ, (st), (copy_func), (free_func)) -+# define sk_OCSP_ONEREQ_shift(st) SKM_sk_shift(OCSP_ONEREQ, (st)) -+# define sk_OCSP_ONEREQ_pop(st) SKM_sk_pop(OCSP_ONEREQ, (st)) -+# define sk_OCSP_ONEREQ_sort(st) SKM_sk_sort(OCSP_ONEREQ, (st)) -+# define sk_OCSP_ONEREQ_is_sorted(st) SKM_sk_is_sorted(OCSP_ONEREQ, (st)) -+# define sk_OCSP_RESPID_new(cmp) SKM_sk_new(OCSP_RESPID, (cmp)) -+# define sk_OCSP_RESPID_new_null() SKM_sk_new_null(OCSP_RESPID) -+# define sk_OCSP_RESPID_free(st) SKM_sk_free(OCSP_RESPID, (st)) -+# define sk_OCSP_RESPID_num(st) SKM_sk_num(OCSP_RESPID, (st)) -+# define sk_OCSP_RESPID_value(st, i) SKM_sk_value(OCSP_RESPID, (st), (i)) -+# define sk_OCSP_RESPID_set(st, i, val) SKM_sk_set(OCSP_RESPID, (st), (i), (val)) -+# define sk_OCSP_RESPID_zero(st) SKM_sk_zero(OCSP_RESPID, (st)) -+# define sk_OCSP_RESPID_push(st, val) SKM_sk_push(OCSP_RESPID, (st), (val)) -+# define sk_OCSP_RESPID_unshift(st, val) SKM_sk_unshift(OCSP_RESPID, (st), (val)) -+# define sk_OCSP_RESPID_find(st, val) SKM_sk_find(OCSP_RESPID, (st), (val)) -+# define sk_OCSP_RESPID_find_ex(st, val) SKM_sk_find_ex(OCSP_RESPID, (st), (val)) -+# define sk_OCSP_RESPID_delete(st, i) SKM_sk_delete(OCSP_RESPID, (st), (i)) -+# define sk_OCSP_RESPID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_RESPID, (st), (ptr)) -+# define sk_OCSP_RESPID_insert(st, val, i) SKM_sk_insert(OCSP_RESPID, (st), (val), (i)) -+# define sk_OCSP_RESPID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_RESPID, (st), (cmp)) -+# define sk_OCSP_RESPID_dup(st) SKM_sk_dup(OCSP_RESPID, st) -+# define sk_OCSP_RESPID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_RESPID, (st), (free_func)) -+# define sk_OCSP_RESPID_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(OCSP_RESPID, (st), (copy_func), (free_func)) -+# define sk_OCSP_RESPID_shift(st) SKM_sk_shift(OCSP_RESPID, (st)) -+# define sk_OCSP_RESPID_pop(st) SKM_sk_pop(OCSP_RESPID, (st)) -+# define sk_OCSP_RESPID_sort(st) SKM_sk_sort(OCSP_RESPID, (st)) -+# define sk_OCSP_RESPID_is_sorted(st) SKM_sk_is_sorted(OCSP_RESPID, (st)) -+# define sk_OCSP_SINGLERESP_new(cmp) SKM_sk_new(OCSP_SINGLERESP, (cmp)) -+# define sk_OCSP_SINGLERESP_new_null() SKM_sk_new_null(OCSP_SINGLERESP) -+# define sk_OCSP_SINGLERESP_free(st) SKM_sk_free(OCSP_SINGLERESP, (st)) -+# define sk_OCSP_SINGLERESP_num(st) SKM_sk_num(OCSP_SINGLERESP, (st)) -+# define sk_OCSP_SINGLERESP_value(st, i) SKM_sk_value(OCSP_SINGLERESP, (st), (i)) -+# define sk_OCSP_SINGLERESP_set(st, i, val) SKM_sk_set(OCSP_SINGLERESP, (st), (i), (val)) -+# define sk_OCSP_SINGLERESP_zero(st) SKM_sk_zero(OCSP_SINGLERESP, (st)) -+# define sk_OCSP_SINGLERESP_push(st, val) SKM_sk_push(OCSP_SINGLERESP, (st), (val)) -+# define sk_OCSP_SINGLERESP_unshift(st, val) SKM_sk_unshift(OCSP_SINGLERESP, (st), (val)) -+# define sk_OCSP_SINGLERESP_find(st, val) SKM_sk_find(OCSP_SINGLERESP, (st), (val)) -+# define sk_OCSP_SINGLERESP_find_ex(st, val) SKM_sk_find_ex(OCSP_SINGLERESP, (st), (val)) -+# define sk_OCSP_SINGLERESP_delete(st, i) SKM_sk_delete(OCSP_SINGLERESP, (st), (i)) -+# define sk_OCSP_SINGLERESP_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_SINGLERESP, (st), (ptr)) -+# define sk_OCSP_SINGLERESP_insert(st, val, i) SKM_sk_insert(OCSP_SINGLERESP, (st), (val), (i)) -+# define sk_OCSP_SINGLERESP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_SINGLERESP, (st), (cmp)) -+# define sk_OCSP_SINGLERESP_dup(st) SKM_sk_dup(OCSP_SINGLERESP, st) -+# define sk_OCSP_SINGLERESP_pop_free(st, free_func) SKM_sk_pop_free(OCSP_SINGLERESP, (st), (free_func)) -+# define sk_OCSP_SINGLERESP_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(OCSP_SINGLERESP, (st), (copy_func), (free_func)) -+# define sk_OCSP_SINGLERESP_shift(st) SKM_sk_shift(OCSP_SINGLERESP, (st)) -+# define sk_OCSP_SINGLERESP_pop(st) SKM_sk_pop(OCSP_SINGLERESP, (st)) -+# define sk_OCSP_SINGLERESP_sort(st) SKM_sk_sort(OCSP_SINGLERESP, (st)) -+# define sk_OCSP_SINGLERESP_is_sorted(st) SKM_sk_is_sorted(OCSP_SINGLERESP, (st)) -+# define sk_PKCS12_SAFEBAG_new(cmp) SKM_sk_new(PKCS12_SAFEBAG, (cmp)) -+# define sk_PKCS12_SAFEBAG_new_null() SKM_sk_new_null(PKCS12_SAFEBAG) -+# define sk_PKCS12_SAFEBAG_free(st) SKM_sk_free(PKCS12_SAFEBAG, (st)) -+# define sk_PKCS12_SAFEBAG_num(st) SKM_sk_num(PKCS12_SAFEBAG, (st)) -+# define sk_PKCS12_SAFEBAG_value(st, i) SKM_sk_value(PKCS12_SAFEBAG, (st), (i)) -+# define sk_PKCS12_SAFEBAG_set(st, i, val) SKM_sk_set(PKCS12_SAFEBAG, (st), (i), (val)) -+# define sk_PKCS12_SAFEBAG_zero(st) SKM_sk_zero(PKCS12_SAFEBAG, (st)) -+# define sk_PKCS12_SAFEBAG_push(st, val) SKM_sk_push(PKCS12_SAFEBAG, (st), (val)) -+# define sk_PKCS12_SAFEBAG_unshift(st, val) SKM_sk_unshift(PKCS12_SAFEBAG, (st), (val)) -+# define sk_PKCS12_SAFEBAG_find(st, val) SKM_sk_find(PKCS12_SAFEBAG, (st), (val)) -+# define sk_PKCS12_SAFEBAG_find_ex(st, val) SKM_sk_find_ex(PKCS12_SAFEBAG, (st), (val)) -+# define sk_PKCS12_SAFEBAG_delete(st, i) SKM_sk_delete(PKCS12_SAFEBAG, (st), (i)) -+# define sk_PKCS12_SAFEBAG_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS12_SAFEBAG, (st), (ptr)) -+# define sk_PKCS12_SAFEBAG_insert(st, val, i) SKM_sk_insert(PKCS12_SAFEBAG, (st), (val), (i)) -+# define sk_PKCS12_SAFEBAG_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS12_SAFEBAG, (st), (cmp)) -+# define sk_PKCS12_SAFEBAG_dup(st) SKM_sk_dup(PKCS12_SAFEBAG, st) -+# define sk_PKCS12_SAFEBAG_pop_free(st, free_func) SKM_sk_pop_free(PKCS12_SAFEBAG, (st), (free_func)) -+# define sk_PKCS12_SAFEBAG_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(PKCS12_SAFEBAG, (st), (copy_func), (free_func)) -+# define sk_PKCS12_SAFEBAG_shift(st) SKM_sk_shift(PKCS12_SAFEBAG, (st)) -+# define sk_PKCS12_SAFEBAG_pop(st) SKM_sk_pop(PKCS12_SAFEBAG, (st)) -+# define sk_PKCS12_SAFEBAG_sort(st) SKM_sk_sort(PKCS12_SAFEBAG, (st)) -+# define sk_PKCS12_SAFEBAG_is_sorted(st) SKM_sk_is_sorted(PKCS12_SAFEBAG, (st)) -+# define sk_PKCS7_new(cmp) SKM_sk_new(PKCS7, (cmp)) -+# define sk_PKCS7_new_null() SKM_sk_new_null(PKCS7) -+# define sk_PKCS7_free(st) SKM_sk_free(PKCS7, (st)) -+# define sk_PKCS7_num(st) SKM_sk_num(PKCS7, (st)) -+# define sk_PKCS7_value(st, i) SKM_sk_value(PKCS7, (st), (i)) -+# define sk_PKCS7_set(st, i, val) SKM_sk_set(PKCS7, (st), (i), (val)) -+# define sk_PKCS7_zero(st) SKM_sk_zero(PKCS7, (st)) -+# define sk_PKCS7_push(st, val) SKM_sk_push(PKCS7, (st), (val)) -+# define sk_PKCS7_unshift(st, val) SKM_sk_unshift(PKCS7, (st), (val)) -+# define sk_PKCS7_find(st, val) SKM_sk_find(PKCS7, (st), (val)) -+# define sk_PKCS7_find_ex(st, val) SKM_sk_find_ex(PKCS7, (st), (val)) -+# define sk_PKCS7_delete(st, i) SKM_sk_delete(PKCS7, (st), (i)) -+# define sk_PKCS7_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7, (st), (ptr)) -+# define sk_PKCS7_insert(st, val, i) SKM_sk_insert(PKCS7, (st), (val), (i)) -+# define sk_PKCS7_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7, (st), (cmp)) -+# define sk_PKCS7_dup(st) SKM_sk_dup(PKCS7, st) -+# define sk_PKCS7_pop_free(st, free_func) SKM_sk_pop_free(PKCS7, (st), (free_func)) -+# define sk_PKCS7_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(PKCS7, (st), (copy_func), (free_func)) -+# define sk_PKCS7_shift(st) SKM_sk_shift(PKCS7, (st)) -+# define sk_PKCS7_pop(st) SKM_sk_pop(PKCS7, (st)) -+# define sk_PKCS7_sort(st) SKM_sk_sort(PKCS7, (st)) -+# define sk_PKCS7_is_sorted(st) SKM_sk_is_sorted(PKCS7, (st)) -+# define sk_PKCS7_RECIP_INFO_new(cmp) SKM_sk_new(PKCS7_RECIP_INFO, (cmp)) -+# define sk_PKCS7_RECIP_INFO_new_null() SKM_sk_new_null(PKCS7_RECIP_INFO) -+# define sk_PKCS7_RECIP_INFO_free(st) SKM_sk_free(PKCS7_RECIP_INFO, (st)) -+# define sk_PKCS7_RECIP_INFO_num(st) SKM_sk_num(PKCS7_RECIP_INFO, (st)) -+# define sk_PKCS7_RECIP_INFO_value(st, i) SKM_sk_value(PKCS7_RECIP_INFO, (st), (i)) -+# define sk_PKCS7_RECIP_INFO_set(st, i, val) SKM_sk_set(PKCS7_RECIP_INFO, (st), (i), (val)) -+# define sk_PKCS7_RECIP_INFO_zero(st) SKM_sk_zero(PKCS7_RECIP_INFO, (st)) -+# define sk_PKCS7_RECIP_INFO_push(st, val) SKM_sk_push(PKCS7_RECIP_INFO, (st), (val)) -+# define sk_PKCS7_RECIP_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_RECIP_INFO, (st), (val)) -+# define sk_PKCS7_RECIP_INFO_find(st, val) SKM_sk_find(PKCS7_RECIP_INFO, (st), (val)) -+# define sk_PKCS7_RECIP_INFO_find_ex(st, val) SKM_sk_find_ex(PKCS7_RECIP_INFO, (st), (val)) -+# define sk_PKCS7_RECIP_INFO_delete(st, i) SKM_sk_delete(PKCS7_RECIP_INFO, (st), (i)) -+# define sk_PKCS7_RECIP_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_RECIP_INFO, (st), (ptr)) -+# define sk_PKCS7_RECIP_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_RECIP_INFO, (st), (val), (i)) -+# define sk_PKCS7_RECIP_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_RECIP_INFO, (st), (cmp)) -+# define sk_PKCS7_RECIP_INFO_dup(st) SKM_sk_dup(PKCS7_RECIP_INFO, st) -+# define sk_PKCS7_RECIP_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_RECIP_INFO, (st), (free_func)) -+# define sk_PKCS7_RECIP_INFO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(PKCS7_RECIP_INFO, (st), (copy_func), (free_func)) -+# define sk_PKCS7_RECIP_INFO_shift(st) SKM_sk_shift(PKCS7_RECIP_INFO, (st)) -+# define sk_PKCS7_RECIP_INFO_pop(st) SKM_sk_pop(PKCS7_RECIP_INFO, (st)) -+# define sk_PKCS7_RECIP_INFO_sort(st) SKM_sk_sort(PKCS7_RECIP_INFO, (st)) -+# define sk_PKCS7_RECIP_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_RECIP_INFO, (st)) -+# define sk_PKCS7_SIGNER_INFO_new(cmp) SKM_sk_new(PKCS7_SIGNER_INFO, (cmp)) -+# define sk_PKCS7_SIGNER_INFO_new_null() SKM_sk_new_null(PKCS7_SIGNER_INFO) -+# define sk_PKCS7_SIGNER_INFO_free(st) SKM_sk_free(PKCS7_SIGNER_INFO, (st)) -+# define sk_PKCS7_SIGNER_INFO_num(st) SKM_sk_num(PKCS7_SIGNER_INFO, (st)) -+# define sk_PKCS7_SIGNER_INFO_value(st, i) SKM_sk_value(PKCS7_SIGNER_INFO, (st), (i)) -+# define sk_PKCS7_SIGNER_INFO_set(st, i, val) SKM_sk_set(PKCS7_SIGNER_INFO, (st), (i), (val)) -+# define sk_PKCS7_SIGNER_INFO_zero(st) SKM_sk_zero(PKCS7_SIGNER_INFO, (st)) -+# define sk_PKCS7_SIGNER_INFO_push(st, val) SKM_sk_push(PKCS7_SIGNER_INFO, (st), (val)) -+# define sk_PKCS7_SIGNER_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_SIGNER_INFO, (st), (val)) -+# define sk_PKCS7_SIGNER_INFO_find(st, val) SKM_sk_find(PKCS7_SIGNER_INFO, (st), (val)) -+# define sk_PKCS7_SIGNER_INFO_find_ex(st, val) SKM_sk_find_ex(PKCS7_SIGNER_INFO, (st), (val)) -+# define sk_PKCS7_SIGNER_INFO_delete(st, i) SKM_sk_delete(PKCS7_SIGNER_INFO, (st), (i)) -+# define sk_PKCS7_SIGNER_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_SIGNER_INFO, (st), (ptr)) -+# define sk_PKCS7_SIGNER_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_SIGNER_INFO, (st), (val), (i)) -+# define sk_PKCS7_SIGNER_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_SIGNER_INFO, (st), (cmp)) -+# define sk_PKCS7_SIGNER_INFO_dup(st) SKM_sk_dup(PKCS7_SIGNER_INFO, st) -+# define sk_PKCS7_SIGNER_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_SIGNER_INFO, (st), (free_func)) -+# define sk_PKCS7_SIGNER_INFO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(PKCS7_SIGNER_INFO, (st), (copy_func), (free_func)) -+# define sk_PKCS7_SIGNER_INFO_shift(st) SKM_sk_shift(PKCS7_SIGNER_INFO, (st)) -+# define sk_PKCS7_SIGNER_INFO_pop(st) SKM_sk_pop(PKCS7_SIGNER_INFO, (st)) -+# define sk_PKCS7_SIGNER_INFO_sort(st) SKM_sk_sort(PKCS7_SIGNER_INFO, (st)) -+# define sk_PKCS7_SIGNER_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_SIGNER_INFO, (st)) -+# define sk_POLICYINFO_new(cmp) SKM_sk_new(POLICYINFO, (cmp)) -+# define sk_POLICYINFO_new_null() SKM_sk_new_null(POLICYINFO) -+# define sk_POLICYINFO_free(st) SKM_sk_free(POLICYINFO, (st)) -+# define sk_POLICYINFO_num(st) SKM_sk_num(POLICYINFO, (st)) -+# define sk_POLICYINFO_value(st, i) SKM_sk_value(POLICYINFO, (st), (i)) -+# define sk_POLICYINFO_set(st, i, val) SKM_sk_set(POLICYINFO, (st), (i), (val)) -+# define sk_POLICYINFO_zero(st) SKM_sk_zero(POLICYINFO, (st)) -+# define sk_POLICYINFO_push(st, val) SKM_sk_push(POLICYINFO, (st), (val)) -+# define sk_POLICYINFO_unshift(st, val) SKM_sk_unshift(POLICYINFO, (st), (val)) -+# define sk_POLICYINFO_find(st, val) SKM_sk_find(POLICYINFO, (st), (val)) -+# define sk_POLICYINFO_find_ex(st, val) SKM_sk_find_ex(POLICYINFO, (st), (val)) -+# define sk_POLICYINFO_delete(st, i) SKM_sk_delete(POLICYINFO, (st), (i)) -+# define sk_POLICYINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYINFO, (st), (ptr)) -+# define sk_POLICYINFO_insert(st, val, i) SKM_sk_insert(POLICYINFO, (st), (val), (i)) -+# define sk_POLICYINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYINFO, (st), (cmp)) -+# define sk_POLICYINFO_dup(st) SKM_sk_dup(POLICYINFO, st) -+# define sk_POLICYINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYINFO, (st), (free_func)) -+# define sk_POLICYINFO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(POLICYINFO, (st), (copy_func), (free_func)) -+# define sk_POLICYINFO_shift(st) SKM_sk_shift(POLICYINFO, (st)) -+# define sk_POLICYINFO_pop(st) SKM_sk_pop(POLICYINFO, (st)) -+# define sk_POLICYINFO_sort(st) SKM_sk_sort(POLICYINFO, (st)) -+# define sk_POLICYINFO_is_sorted(st) SKM_sk_is_sorted(POLICYINFO, (st)) -+# define sk_POLICYQUALINFO_new(cmp) SKM_sk_new(POLICYQUALINFO, (cmp)) -+# define sk_POLICYQUALINFO_new_null() SKM_sk_new_null(POLICYQUALINFO) -+# define sk_POLICYQUALINFO_free(st) SKM_sk_free(POLICYQUALINFO, (st)) -+# define sk_POLICYQUALINFO_num(st) SKM_sk_num(POLICYQUALINFO, (st)) -+# define sk_POLICYQUALINFO_value(st, i) SKM_sk_value(POLICYQUALINFO, (st), (i)) -+# define sk_POLICYQUALINFO_set(st, i, val) SKM_sk_set(POLICYQUALINFO, (st), (i), (val)) -+# define sk_POLICYQUALINFO_zero(st) SKM_sk_zero(POLICYQUALINFO, (st)) -+# define sk_POLICYQUALINFO_push(st, val) SKM_sk_push(POLICYQUALINFO, (st), (val)) -+# define sk_POLICYQUALINFO_unshift(st, val) SKM_sk_unshift(POLICYQUALINFO, (st), (val)) -+# define sk_POLICYQUALINFO_find(st, val) SKM_sk_find(POLICYQUALINFO, (st), (val)) -+# define sk_POLICYQUALINFO_find_ex(st, val) SKM_sk_find_ex(POLICYQUALINFO, (st), (val)) -+# define sk_POLICYQUALINFO_delete(st, i) SKM_sk_delete(POLICYQUALINFO, (st), (i)) -+# define sk_POLICYQUALINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYQUALINFO, (st), (ptr)) -+# define sk_POLICYQUALINFO_insert(st, val, i) SKM_sk_insert(POLICYQUALINFO, (st), (val), (i)) -+# define sk_POLICYQUALINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYQUALINFO, (st), (cmp)) -+# define sk_POLICYQUALINFO_dup(st) SKM_sk_dup(POLICYQUALINFO, st) -+# define sk_POLICYQUALINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYQUALINFO, (st), (free_func)) -+# define sk_POLICYQUALINFO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(POLICYQUALINFO, (st), (copy_func), (free_func)) -+# define sk_POLICYQUALINFO_shift(st) SKM_sk_shift(POLICYQUALINFO, (st)) -+# define sk_POLICYQUALINFO_pop(st) SKM_sk_pop(POLICYQUALINFO, (st)) -+# define sk_POLICYQUALINFO_sort(st) SKM_sk_sort(POLICYQUALINFO, (st)) -+# define sk_POLICYQUALINFO_is_sorted(st) SKM_sk_is_sorted(POLICYQUALINFO, (st)) -+# define sk_POLICY_MAPPING_new(cmp) SKM_sk_new(POLICY_MAPPING, (cmp)) -+# define sk_POLICY_MAPPING_new_null() SKM_sk_new_null(POLICY_MAPPING) -+# define sk_POLICY_MAPPING_free(st) SKM_sk_free(POLICY_MAPPING, (st)) -+# define sk_POLICY_MAPPING_num(st) SKM_sk_num(POLICY_MAPPING, (st)) -+# define sk_POLICY_MAPPING_value(st, i) SKM_sk_value(POLICY_MAPPING, (st), (i)) -+# define sk_POLICY_MAPPING_set(st, i, val) SKM_sk_set(POLICY_MAPPING, (st), (i), (val)) -+# define sk_POLICY_MAPPING_zero(st) SKM_sk_zero(POLICY_MAPPING, (st)) -+# define sk_POLICY_MAPPING_push(st, val) SKM_sk_push(POLICY_MAPPING, (st), (val)) -+# define sk_POLICY_MAPPING_unshift(st, val) SKM_sk_unshift(POLICY_MAPPING, (st), (val)) -+# define sk_POLICY_MAPPING_find(st, val) SKM_sk_find(POLICY_MAPPING, (st), (val)) -+# define sk_POLICY_MAPPING_find_ex(st, val) SKM_sk_find_ex(POLICY_MAPPING, (st), (val)) -+# define sk_POLICY_MAPPING_delete(st, i) SKM_sk_delete(POLICY_MAPPING, (st), (i)) -+# define sk_POLICY_MAPPING_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICY_MAPPING, (st), (ptr)) -+# define sk_POLICY_MAPPING_insert(st, val, i) SKM_sk_insert(POLICY_MAPPING, (st), (val), (i)) -+# define sk_POLICY_MAPPING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICY_MAPPING, (st), (cmp)) -+# define sk_POLICY_MAPPING_dup(st) SKM_sk_dup(POLICY_MAPPING, st) -+# define sk_POLICY_MAPPING_pop_free(st, free_func) SKM_sk_pop_free(POLICY_MAPPING, (st), (free_func)) -+# define sk_POLICY_MAPPING_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(POLICY_MAPPING, (st), (copy_func), (free_func)) -+# define sk_POLICY_MAPPING_shift(st) SKM_sk_shift(POLICY_MAPPING, (st)) -+# define sk_POLICY_MAPPING_pop(st) SKM_sk_pop(POLICY_MAPPING, (st)) -+# define sk_POLICY_MAPPING_sort(st) SKM_sk_sort(POLICY_MAPPING, (st)) -+# define sk_POLICY_MAPPING_is_sorted(st) SKM_sk_is_sorted(POLICY_MAPPING, (st)) -+# define sk_SCT_new(cmp) SKM_sk_new(SCT, (cmp)) -+# define sk_SCT_new_null() SKM_sk_new_null(SCT) -+# define sk_SCT_free(st) SKM_sk_free(SCT, (st)) -+# define sk_SCT_num(st) SKM_sk_num(SCT, (st)) -+# define sk_SCT_value(st, i) SKM_sk_value(SCT, (st), (i)) -+# define sk_SCT_set(st, i, val) SKM_sk_set(SCT, (st), (i), (val)) -+# define sk_SCT_zero(st) SKM_sk_zero(SCT, (st)) -+# define sk_SCT_push(st, val) SKM_sk_push(SCT, (st), (val)) -+# define sk_SCT_unshift(st, val) SKM_sk_unshift(SCT, (st), (val)) -+# define sk_SCT_find(st, val) SKM_sk_find(SCT, (st), (val)) -+# define sk_SCT_find_ex(st, val) SKM_sk_find_ex(SCT, (st), (val)) -+# define sk_SCT_delete(st, i) SKM_sk_delete(SCT, (st), (i)) -+# define sk_SCT_delete_ptr(st, ptr) SKM_sk_delete_ptr(SCT, (st), (ptr)) -+# define sk_SCT_insert(st, val, i) SKM_sk_insert(SCT, (st), (val), (i)) -+# define sk_SCT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SCT, (st), (cmp)) -+# define sk_SCT_dup(st) SKM_sk_dup(SCT, st) -+# define sk_SCT_pop_free(st, free_func) SKM_sk_pop_free(SCT, (st), (free_func)) -+# define sk_SCT_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SCT, (st), (copy_func), (free_func)) -+# define sk_SCT_shift(st) SKM_sk_shift(SCT, (st)) -+# define sk_SCT_pop(st) SKM_sk_pop(SCT, (st)) -+# define sk_SCT_sort(st) SKM_sk_sort(SCT, (st)) -+# define sk_SCT_is_sorted(st) SKM_sk_is_sorted(SCT, (st)) -+# define sk_SRP_gN_new(cmp) SKM_sk_new(SRP_gN, (cmp)) -+# define sk_SRP_gN_new_null() SKM_sk_new_null(SRP_gN) -+# define sk_SRP_gN_free(st) SKM_sk_free(SRP_gN, (st)) -+# define sk_SRP_gN_num(st) SKM_sk_num(SRP_gN, (st)) -+# define sk_SRP_gN_value(st, i) SKM_sk_value(SRP_gN, (st), (i)) -+# define sk_SRP_gN_set(st, i, val) SKM_sk_set(SRP_gN, (st), (i), (val)) -+# define sk_SRP_gN_zero(st) SKM_sk_zero(SRP_gN, (st)) -+# define sk_SRP_gN_push(st, val) SKM_sk_push(SRP_gN, (st), (val)) -+# define sk_SRP_gN_unshift(st, val) SKM_sk_unshift(SRP_gN, (st), (val)) -+# define sk_SRP_gN_find(st, val) SKM_sk_find(SRP_gN, (st), (val)) -+# define sk_SRP_gN_find_ex(st, val) SKM_sk_find_ex(SRP_gN, (st), (val)) -+# define sk_SRP_gN_delete(st, i) SKM_sk_delete(SRP_gN, (st), (i)) -+# define sk_SRP_gN_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRP_gN, (st), (ptr)) -+# define sk_SRP_gN_insert(st, val, i) SKM_sk_insert(SRP_gN, (st), (val), (i)) -+# define sk_SRP_gN_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRP_gN, (st), (cmp)) -+# define sk_SRP_gN_dup(st) SKM_sk_dup(SRP_gN, st) -+# define sk_SRP_gN_pop_free(st, free_func) SKM_sk_pop_free(SRP_gN, (st), (free_func)) -+# define sk_SRP_gN_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SRP_gN, (st), (copy_func), (free_func)) -+# define sk_SRP_gN_shift(st) SKM_sk_shift(SRP_gN, (st)) -+# define sk_SRP_gN_pop(st) SKM_sk_pop(SRP_gN, (st)) -+# define sk_SRP_gN_sort(st) SKM_sk_sort(SRP_gN, (st)) -+# define sk_SRP_gN_is_sorted(st) SKM_sk_is_sorted(SRP_gN, (st)) -+# define sk_SRP_gN_cache_new(cmp) SKM_sk_new(SRP_gN_cache, (cmp)) -+# define sk_SRP_gN_cache_new_null() SKM_sk_new_null(SRP_gN_cache) -+# define sk_SRP_gN_cache_free(st) SKM_sk_free(SRP_gN_cache, (st)) -+# define sk_SRP_gN_cache_num(st) SKM_sk_num(SRP_gN_cache, (st)) -+# define sk_SRP_gN_cache_value(st, i) SKM_sk_value(SRP_gN_cache, (st), (i)) -+# define sk_SRP_gN_cache_set(st, i, val) SKM_sk_set(SRP_gN_cache, (st), (i), (val)) -+# define sk_SRP_gN_cache_zero(st) SKM_sk_zero(SRP_gN_cache, (st)) -+# define sk_SRP_gN_cache_push(st, val) SKM_sk_push(SRP_gN_cache, (st), (val)) -+# define sk_SRP_gN_cache_unshift(st, val) SKM_sk_unshift(SRP_gN_cache, (st), (val)) -+# define sk_SRP_gN_cache_find(st, val) SKM_sk_find(SRP_gN_cache, (st), (val)) -+# define sk_SRP_gN_cache_find_ex(st, val) SKM_sk_find_ex(SRP_gN_cache, (st), (val)) -+# define sk_SRP_gN_cache_delete(st, i) SKM_sk_delete(SRP_gN_cache, (st), (i)) -+# define sk_SRP_gN_cache_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRP_gN_cache, (st), (ptr)) -+# define sk_SRP_gN_cache_insert(st, val, i) SKM_sk_insert(SRP_gN_cache, (st), (val), (i)) -+# define sk_SRP_gN_cache_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRP_gN_cache, (st), (cmp)) -+# define sk_SRP_gN_cache_dup(st) SKM_sk_dup(SRP_gN_cache, st) -+# define sk_SRP_gN_cache_pop_free(st, free_func) SKM_sk_pop_free(SRP_gN_cache, (st), (free_func)) -+# define sk_SRP_gN_cache_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SRP_gN_cache, (st), (copy_func), (free_func)) -+# define sk_SRP_gN_cache_shift(st) SKM_sk_shift(SRP_gN_cache, (st)) -+# define sk_SRP_gN_cache_pop(st) SKM_sk_pop(SRP_gN_cache, (st)) -+# define sk_SRP_gN_cache_sort(st) SKM_sk_sort(SRP_gN_cache, (st)) -+# define sk_SRP_gN_cache_is_sorted(st) SKM_sk_is_sorted(SRP_gN_cache, (st)) -+# define sk_SRP_user_pwd_new(cmp) SKM_sk_new(SRP_user_pwd, (cmp)) -+# define sk_SRP_user_pwd_new_null() SKM_sk_new_null(SRP_user_pwd) -+# define sk_SRP_user_pwd_free(st) SKM_sk_free(SRP_user_pwd, (st)) -+# define sk_SRP_user_pwd_num(st) SKM_sk_num(SRP_user_pwd, (st)) -+# define sk_SRP_user_pwd_value(st, i) SKM_sk_value(SRP_user_pwd, (st), (i)) -+# define sk_SRP_user_pwd_set(st, i, val) SKM_sk_set(SRP_user_pwd, (st), (i), (val)) -+# define sk_SRP_user_pwd_zero(st) SKM_sk_zero(SRP_user_pwd, (st)) -+# define sk_SRP_user_pwd_push(st, val) SKM_sk_push(SRP_user_pwd, (st), (val)) -+# define sk_SRP_user_pwd_unshift(st, val) SKM_sk_unshift(SRP_user_pwd, (st), (val)) -+# define sk_SRP_user_pwd_find(st, val) SKM_sk_find(SRP_user_pwd, (st), (val)) -+# define sk_SRP_user_pwd_find_ex(st, val) SKM_sk_find_ex(SRP_user_pwd, (st), (val)) -+# define sk_SRP_user_pwd_delete(st, i) SKM_sk_delete(SRP_user_pwd, (st), (i)) -+# define sk_SRP_user_pwd_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRP_user_pwd, (st), (ptr)) -+# define sk_SRP_user_pwd_insert(st, val, i) SKM_sk_insert(SRP_user_pwd, (st), (val), (i)) -+# define sk_SRP_user_pwd_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRP_user_pwd, (st), (cmp)) -+# define sk_SRP_user_pwd_dup(st) SKM_sk_dup(SRP_user_pwd, st) -+# define sk_SRP_user_pwd_pop_free(st, free_func) SKM_sk_pop_free(SRP_user_pwd, (st), (free_func)) -+# define sk_SRP_user_pwd_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SRP_user_pwd, (st), (copy_func), (free_func)) -+# define sk_SRP_user_pwd_shift(st) SKM_sk_shift(SRP_user_pwd, (st)) -+# define sk_SRP_user_pwd_pop(st) SKM_sk_pop(SRP_user_pwd, (st)) -+# define sk_SRP_user_pwd_sort(st) SKM_sk_sort(SRP_user_pwd, (st)) -+# define sk_SRP_user_pwd_is_sorted(st) SKM_sk_is_sorted(SRP_user_pwd, (st)) -+# define sk_SRTP_PROTECTION_PROFILE_new(cmp) SKM_sk_new(SRTP_PROTECTION_PROFILE, (cmp)) -+# define sk_SRTP_PROTECTION_PROFILE_new_null() SKM_sk_new_null(SRTP_PROTECTION_PROFILE) -+# define sk_SRTP_PROTECTION_PROFILE_free(st) SKM_sk_free(SRTP_PROTECTION_PROFILE, (st)) -+# define sk_SRTP_PROTECTION_PROFILE_num(st) SKM_sk_num(SRTP_PROTECTION_PROFILE, (st)) -+# define sk_SRTP_PROTECTION_PROFILE_value(st, i) SKM_sk_value(SRTP_PROTECTION_PROFILE, (st), (i)) -+# define sk_SRTP_PROTECTION_PROFILE_set(st, i, val) SKM_sk_set(SRTP_PROTECTION_PROFILE, (st), (i), (val)) -+# define sk_SRTP_PROTECTION_PROFILE_zero(st) SKM_sk_zero(SRTP_PROTECTION_PROFILE, (st)) -+# define sk_SRTP_PROTECTION_PROFILE_push(st, val) SKM_sk_push(SRTP_PROTECTION_PROFILE, (st), (val)) -+# define sk_SRTP_PROTECTION_PROFILE_unshift(st, val) SKM_sk_unshift(SRTP_PROTECTION_PROFILE, (st), (val)) -+# define sk_SRTP_PROTECTION_PROFILE_find(st, val) SKM_sk_find(SRTP_PROTECTION_PROFILE, (st), (val)) -+# define sk_SRTP_PROTECTION_PROFILE_find_ex(st, val) SKM_sk_find_ex(SRTP_PROTECTION_PROFILE, (st), (val)) -+# define sk_SRTP_PROTECTION_PROFILE_delete(st, i) SKM_sk_delete(SRTP_PROTECTION_PROFILE, (st), (i)) -+# define sk_SRTP_PROTECTION_PROFILE_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRTP_PROTECTION_PROFILE, (st), (ptr)) -+# define sk_SRTP_PROTECTION_PROFILE_insert(st, val, i) SKM_sk_insert(SRTP_PROTECTION_PROFILE, (st), (val), (i)) -+# define sk_SRTP_PROTECTION_PROFILE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRTP_PROTECTION_PROFILE, (st), (cmp)) -+# define sk_SRTP_PROTECTION_PROFILE_dup(st) SKM_sk_dup(SRTP_PROTECTION_PROFILE, st) -+# define sk_SRTP_PROTECTION_PROFILE_pop_free(st, free_func) SKM_sk_pop_free(SRTP_PROTECTION_PROFILE, (st), (free_func)) -+# define sk_SRTP_PROTECTION_PROFILE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SRTP_PROTECTION_PROFILE, (st), (copy_func), (free_func)) -+# define sk_SRTP_PROTECTION_PROFILE_shift(st) SKM_sk_shift(SRTP_PROTECTION_PROFILE, (st)) -+# define sk_SRTP_PROTECTION_PROFILE_pop(st) SKM_sk_pop(SRTP_PROTECTION_PROFILE, (st)) -+# define sk_SRTP_PROTECTION_PROFILE_sort(st) SKM_sk_sort(SRTP_PROTECTION_PROFILE, (st)) -+# define sk_SRTP_PROTECTION_PROFILE_is_sorted(st) SKM_sk_is_sorted(SRTP_PROTECTION_PROFILE, (st)) -+# define sk_SSL_CIPHER_new(cmp) SKM_sk_new(SSL_CIPHER, (cmp)) -+# define sk_SSL_CIPHER_new_null() SKM_sk_new_null(SSL_CIPHER) -+# define sk_SSL_CIPHER_free(st) SKM_sk_free(SSL_CIPHER, (st)) -+# define sk_SSL_CIPHER_num(st) SKM_sk_num(SSL_CIPHER, (st)) -+# define sk_SSL_CIPHER_value(st, i) SKM_sk_value(SSL_CIPHER, (st), (i)) -+# define sk_SSL_CIPHER_set(st, i, val) SKM_sk_set(SSL_CIPHER, (st), (i), (val)) -+# define sk_SSL_CIPHER_zero(st) SKM_sk_zero(SSL_CIPHER, (st)) -+# define sk_SSL_CIPHER_push(st, val) SKM_sk_push(SSL_CIPHER, (st), (val)) -+# define sk_SSL_CIPHER_unshift(st, val) SKM_sk_unshift(SSL_CIPHER, (st), (val)) -+# define sk_SSL_CIPHER_find(st, val) SKM_sk_find(SSL_CIPHER, (st), (val)) -+# define sk_SSL_CIPHER_find_ex(st, val) SKM_sk_find_ex(SSL_CIPHER, (st), (val)) -+# define sk_SSL_CIPHER_delete(st, i) SKM_sk_delete(SSL_CIPHER, (st), (i)) -+# define sk_SSL_CIPHER_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_CIPHER, (st), (ptr)) -+# define sk_SSL_CIPHER_insert(st, val, i) SKM_sk_insert(SSL_CIPHER, (st), (val), (i)) -+# define sk_SSL_CIPHER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_CIPHER, (st), (cmp)) -+# define sk_SSL_CIPHER_dup(st) SKM_sk_dup(SSL_CIPHER, st) -+# define sk_SSL_CIPHER_pop_free(st, free_func) SKM_sk_pop_free(SSL_CIPHER, (st), (free_func)) -+# define sk_SSL_CIPHER_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SSL_CIPHER, (st), (copy_func), (free_func)) -+# define sk_SSL_CIPHER_shift(st) SKM_sk_shift(SSL_CIPHER, (st)) -+# define sk_SSL_CIPHER_pop(st) SKM_sk_pop(SSL_CIPHER, (st)) -+# define sk_SSL_CIPHER_sort(st) SKM_sk_sort(SSL_CIPHER, (st)) -+# define sk_SSL_CIPHER_is_sorted(st) SKM_sk_is_sorted(SSL_CIPHER, (st)) -+# define sk_SSL_COMP_new(cmp) SKM_sk_new(SSL_COMP, (cmp)) -+# define sk_SSL_COMP_new_null() SKM_sk_new_null(SSL_COMP) -+# define sk_SSL_COMP_free(st) SKM_sk_free(SSL_COMP, (st)) -+# define sk_SSL_COMP_num(st) SKM_sk_num(SSL_COMP, (st)) -+# define sk_SSL_COMP_value(st, i) SKM_sk_value(SSL_COMP, (st), (i)) -+# define sk_SSL_COMP_set(st, i, val) SKM_sk_set(SSL_COMP, (st), (i), (val)) -+# define sk_SSL_COMP_zero(st) SKM_sk_zero(SSL_COMP, (st)) -+# define sk_SSL_COMP_push(st, val) SKM_sk_push(SSL_COMP, (st), (val)) -+# define sk_SSL_COMP_unshift(st, val) SKM_sk_unshift(SSL_COMP, (st), (val)) -+# define sk_SSL_COMP_find(st, val) SKM_sk_find(SSL_COMP, (st), (val)) -+# define sk_SSL_COMP_find_ex(st, val) SKM_sk_find_ex(SSL_COMP, (st), (val)) -+# define sk_SSL_COMP_delete(st, i) SKM_sk_delete(SSL_COMP, (st), (i)) -+# define sk_SSL_COMP_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_COMP, (st), (ptr)) -+# define sk_SSL_COMP_insert(st, val, i) SKM_sk_insert(SSL_COMP, (st), (val), (i)) -+# define sk_SSL_COMP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_COMP, (st), (cmp)) -+# define sk_SSL_COMP_dup(st) SKM_sk_dup(SSL_COMP, st) -+# define sk_SSL_COMP_pop_free(st, free_func) SKM_sk_pop_free(SSL_COMP, (st), (free_func)) -+# define sk_SSL_COMP_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SSL_COMP, (st), (copy_func), (free_func)) -+# define sk_SSL_COMP_shift(st) SKM_sk_shift(SSL_COMP, (st)) -+# define sk_SSL_COMP_pop(st) SKM_sk_pop(SSL_COMP, (st)) -+# define sk_SSL_COMP_sort(st) SKM_sk_sort(SSL_COMP, (st)) -+# define sk_SSL_COMP_is_sorted(st) SKM_sk_is_sorted(SSL_COMP, (st)) -+# define sk_STACK_OF_X509_NAME_ENTRY_new(cmp) SKM_sk_new(STACK_OF_X509_NAME_ENTRY, (cmp)) -+# define sk_STACK_OF_X509_NAME_ENTRY_new_null() SKM_sk_new_null(STACK_OF_X509_NAME_ENTRY) -+# define sk_STACK_OF_X509_NAME_ENTRY_free(st) SKM_sk_free(STACK_OF_X509_NAME_ENTRY, (st)) -+# define sk_STACK_OF_X509_NAME_ENTRY_num(st) SKM_sk_num(STACK_OF_X509_NAME_ENTRY, (st)) -+# define sk_STACK_OF_X509_NAME_ENTRY_value(st, i) SKM_sk_value(STACK_OF_X509_NAME_ENTRY, (st), (i)) -+# define sk_STACK_OF_X509_NAME_ENTRY_set(st, i, val) SKM_sk_set(STACK_OF_X509_NAME_ENTRY, (st), (i), (val)) -+# define sk_STACK_OF_X509_NAME_ENTRY_zero(st) SKM_sk_zero(STACK_OF_X509_NAME_ENTRY, (st)) -+# define sk_STACK_OF_X509_NAME_ENTRY_push(st, val) SKM_sk_push(STACK_OF_X509_NAME_ENTRY, (st), (val)) -+# define sk_STACK_OF_X509_NAME_ENTRY_unshift(st, val) SKM_sk_unshift(STACK_OF_X509_NAME_ENTRY, (st), (val)) -+# define sk_STACK_OF_X509_NAME_ENTRY_find(st, val) SKM_sk_find(STACK_OF_X509_NAME_ENTRY, (st), (val)) -+# define sk_STACK_OF_X509_NAME_ENTRY_find_ex(st, val) SKM_sk_find_ex(STACK_OF_X509_NAME_ENTRY, (st), (val)) -+# define sk_STACK_OF_X509_NAME_ENTRY_delete(st, i) SKM_sk_delete(STACK_OF_X509_NAME_ENTRY, (st), (i)) -+# define sk_STACK_OF_X509_NAME_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(STACK_OF_X509_NAME_ENTRY, (st), (ptr)) -+# define sk_STACK_OF_X509_NAME_ENTRY_insert(st, val, i) SKM_sk_insert(STACK_OF_X509_NAME_ENTRY, (st), (val), (i)) -+# define sk_STACK_OF_X509_NAME_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STACK_OF_X509_NAME_ENTRY, (st), (cmp)) -+# define sk_STACK_OF_X509_NAME_ENTRY_dup(st) SKM_sk_dup(STACK_OF_X509_NAME_ENTRY, st) -+# define sk_STACK_OF_X509_NAME_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(STACK_OF_X509_NAME_ENTRY, (st), (free_func)) -+# define sk_STACK_OF_X509_NAME_ENTRY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(STACK_OF_X509_NAME_ENTRY, (st), (copy_func), (free_func)) -+# define sk_STACK_OF_X509_NAME_ENTRY_shift(st) SKM_sk_shift(STACK_OF_X509_NAME_ENTRY, (st)) -+# define sk_STACK_OF_X509_NAME_ENTRY_pop(st) SKM_sk_pop(STACK_OF_X509_NAME_ENTRY, (st)) -+# define sk_STACK_OF_X509_NAME_ENTRY_sort(st) SKM_sk_sort(STACK_OF_X509_NAME_ENTRY, (st)) -+# define sk_STACK_OF_X509_NAME_ENTRY_is_sorted(st) SKM_sk_is_sorted(STACK_OF_X509_NAME_ENTRY, (st)) -+# define sk_STORE_ATTR_INFO_new(cmp) SKM_sk_new(STORE_ATTR_INFO, (cmp)) -+# define sk_STORE_ATTR_INFO_new_null() SKM_sk_new_null(STORE_ATTR_INFO) -+# define sk_STORE_ATTR_INFO_free(st) SKM_sk_free(STORE_ATTR_INFO, (st)) -+# define sk_STORE_ATTR_INFO_num(st) SKM_sk_num(STORE_ATTR_INFO, (st)) -+# define sk_STORE_ATTR_INFO_value(st, i) SKM_sk_value(STORE_ATTR_INFO, (st), (i)) -+# define sk_STORE_ATTR_INFO_set(st, i, val) SKM_sk_set(STORE_ATTR_INFO, (st), (i), (val)) -+# define sk_STORE_ATTR_INFO_zero(st) SKM_sk_zero(STORE_ATTR_INFO, (st)) -+# define sk_STORE_ATTR_INFO_push(st, val) SKM_sk_push(STORE_ATTR_INFO, (st), (val)) -+# define sk_STORE_ATTR_INFO_unshift(st, val) SKM_sk_unshift(STORE_ATTR_INFO, (st), (val)) -+# define sk_STORE_ATTR_INFO_find(st, val) SKM_sk_find(STORE_ATTR_INFO, (st), (val)) -+# define sk_STORE_ATTR_INFO_find_ex(st, val) SKM_sk_find_ex(STORE_ATTR_INFO, (st), (val)) -+# define sk_STORE_ATTR_INFO_delete(st, i) SKM_sk_delete(STORE_ATTR_INFO, (st), (i)) -+# define sk_STORE_ATTR_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(STORE_ATTR_INFO, (st), (ptr)) -+# define sk_STORE_ATTR_INFO_insert(st, val, i) SKM_sk_insert(STORE_ATTR_INFO, (st), (val), (i)) -+# define sk_STORE_ATTR_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STORE_ATTR_INFO, (st), (cmp)) -+# define sk_STORE_ATTR_INFO_dup(st) SKM_sk_dup(STORE_ATTR_INFO, st) -+# define sk_STORE_ATTR_INFO_pop_free(st, free_func) SKM_sk_pop_free(STORE_ATTR_INFO, (st), (free_func)) -+# define sk_STORE_ATTR_INFO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(STORE_ATTR_INFO, (st), (copy_func), (free_func)) -+# define sk_STORE_ATTR_INFO_shift(st) SKM_sk_shift(STORE_ATTR_INFO, (st)) -+# define sk_STORE_ATTR_INFO_pop(st) SKM_sk_pop(STORE_ATTR_INFO, (st)) -+# define sk_STORE_ATTR_INFO_sort(st) SKM_sk_sort(STORE_ATTR_INFO, (st)) -+# define sk_STORE_ATTR_INFO_is_sorted(st) SKM_sk_is_sorted(STORE_ATTR_INFO, (st)) -+# define sk_STORE_OBJECT_new(cmp) SKM_sk_new(STORE_OBJECT, (cmp)) -+# define sk_STORE_OBJECT_new_null() SKM_sk_new_null(STORE_OBJECT) -+# define sk_STORE_OBJECT_free(st) SKM_sk_free(STORE_OBJECT, (st)) -+# define sk_STORE_OBJECT_num(st) SKM_sk_num(STORE_OBJECT, (st)) -+# define sk_STORE_OBJECT_value(st, i) SKM_sk_value(STORE_OBJECT, (st), (i)) -+# define sk_STORE_OBJECT_set(st, i, val) SKM_sk_set(STORE_OBJECT, (st), (i), (val)) -+# define sk_STORE_OBJECT_zero(st) SKM_sk_zero(STORE_OBJECT, (st)) -+# define sk_STORE_OBJECT_push(st, val) SKM_sk_push(STORE_OBJECT, (st), (val)) -+# define sk_STORE_OBJECT_unshift(st, val) SKM_sk_unshift(STORE_OBJECT, (st), (val)) -+# define sk_STORE_OBJECT_find(st, val) SKM_sk_find(STORE_OBJECT, (st), (val)) -+# define sk_STORE_OBJECT_find_ex(st, val) SKM_sk_find_ex(STORE_OBJECT, (st), (val)) -+# define sk_STORE_OBJECT_delete(st, i) SKM_sk_delete(STORE_OBJECT, (st), (i)) -+# define sk_STORE_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(STORE_OBJECT, (st), (ptr)) -+# define sk_STORE_OBJECT_insert(st, val, i) SKM_sk_insert(STORE_OBJECT, (st), (val), (i)) -+# define sk_STORE_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STORE_OBJECT, (st), (cmp)) -+# define sk_STORE_OBJECT_dup(st) SKM_sk_dup(STORE_OBJECT, st) -+# define sk_STORE_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(STORE_OBJECT, (st), (free_func)) -+# define sk_STORE_OBJECT_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(STORE_OBJECT, (st), (copy_func), (free_func)) -+# define sk_STORE_OBJECT_shift(st) SKM_sk_shift(STORE_OBJECT, (st)) -+# define sk_STORE_OBJECT_pop(st) SKM_sk_pop(STORE_OBJECT, (st)) -+# define sk_STORE_OBJECT_sort(st) SKM_sk_sort(STORE_OBJECT, (st)) -+# define sk_STORE_OBJECT_is_sorted(st) SKM_sk_is_sorted(STORE_OBJECT, (st)) -+# define sk_SXNETID_new(cmp) SKM_sk_new(SXNETID, (cmp)) -+# define sk_SXNETID_new_null() SKM_sk_new_null(SXNETID) -+# define sk_SXNETID_free(st) SKM_sk_free(SXNETID, (st)) -+# define sk_SXNETID_num(st) SKM_sk_num(SXNETID, (st)) -+# define sk_SXNETID_value(st, i) SKM_sk_value(SXNETID, (st), (i)) -+# define sk_SXNETID_set(st, i, val) SKM_sk_set(SXNETID, (st), (i), (val)) -+# define sk_SXNETID_zero(st) SKM_sk_zero(SXNETID, (st)) -+# define sk_SXNETID_push(st, val) SKM_sk_push(SXNETID, (st), (val)) -+# define sk_SXNETID_unshift(st, val) SKM_sk_unshift(SXNETID, (st), (val)) -+# define sk_SXNETID_find(st, val) SKM_sk_find(SXNETID, (st), (val)) -+# define sk_SXNETID_find_ex(st, val) SKM_sk_find_ex(SXNETID, (st), (val)) -+# define sk_SXNETID_delete(st, i) SKM_sk_delete(SXNETID, (st), (i)) -+# define sk_SXNETID_delete_ptr(st, ptr) SKM_sk_delete_ptr(SXNETID, (st), (ptr)) -+# define sk_SXNETID_insert(st, val, i) SKM_sk_insert(SXNETID, (st), (val), (i)) -+# define sk_SXNETID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SXNETID, (st), (cmp)) -+# define sk_SXNETID_dup(st) SKM_sk_dup(SXNETID, st) -+# define sk_SXNETID_pop_free(st, free_func) SKM_sk_pop_free(SXNETID, (st), (free_func)) -+# define sk_SXNETID_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SXNETID, (st), (copy_func), (free_func)) -+# define sk_SXNETID_shift(st) SKM_sk_shift(SXNETID, (st)) -+# define sk_SXNETID_pop(st) SKM_sk_pop(SXNETID, (st)) -+# define sk_SXNETID_sort(st) SKM_sk_sort(SXNETID, (st)) -+# define sk_SXNETID_is_sorted(st) SKM_sk_is_sorted(SXNETID, (st)) -+# define sk_UI_STRING_new(cmp) SKM_sk_new(UI_STRING, (cmp)) -+# define sk_UI_STRING_new_null() SKM_sk_new_null(UI_STRING) -+# define sk_UI_STRING_free(st) SKM_sk_free(UI_STRING, (st)) -+# define sk_UI_STRING_num(st) SKM_sk_num(UI_STRING, (st)) -+# define sk_UI_STRING_value(st, i) SKM_sk_value(UI_STRING, (st), (i)) -+# define sk_UI_STRING_set(st, i, val) SKM_sk_set(UI_STRING, (st), (i), (val)) -+# define sk_UI_STRING_zero(st) SKM_sk_zero(UI_STRING, (st)) -+# define sk_UI_STRING_push(st, val) SKM_sk_push(UI_STRING, (st), (val)) -+# define sk_UI_STRING_unshift(st, val) SKM_sk_unshift(UI_STRING, (st), (val)) -+# define sk_UI_STRING_find(st, val) SKM_sk_find(UI_STRING, (st), (val)) -+# define sk_UI_STRING_find_ex(st, val) SKM_sk_find_ex(UI_STRING, (st), (val)) -+# define sk_UI_STRING_delete(st, i) SKM_sk_delete(UI_STRING, (st), (i)) -+# define sk_UI_STRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(UI_STRING, (st), (ptr)) -+# define sk_UI_STRING_insert(st, val, i) SKM_sk_insert(UI_STRING, (st), (val), (i)) -+# define sk_UI_STRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(UI_STRING, (st), (cmp)) -+# define sk_UI_STRING_dup(st) SKM_sk_dup(UI_STRING, st) -+# define sk_UI_STRING_pop_free(st, free_func) SKM_sk_pop_free(UI_STRING, (st), (free_func)) -+# define sk_UI_STRING_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(UI_STRING, (st), (copy_func), (free_func)) -+# define sk_UI_STRING_shift(st) SKM_sk_shift(UI_STRING, (st)) -+# define sk_UI_STRING_pop(st) SKM_sk_pop(UI_STRING, (st)) -+# define sk_UI_STRING_sort(st) SKM_sk_sort(UI_STRING, (st)) -+# define sk_UI_STRING_is_sorted(st) SKM_sk_is_sorted(UI_STRING, (st)) -+# define sk_X509_new(cmp) SKM_sk_new(X509, (cmp)) -+# define sk_X509_new_null() SKM_sk_new_null(X509) -+# define sk_X509_free(st) SKM_sk_free(X509, (st)) -+# define sk_X509_num(st) SKM_sk_num(X509, (st)) -+# define sk_X509_value(st, i) SKM_sk_value(X509, (st), (i)) -+# define sk_X509_set(st, i, val) SKM_sk_set(X509, (st), (i), (val)) -+# define sk_X509_zero(st) SKM_sk_zero(X509, (st)) -+# define sk_X509_push(st, val) SKM_sk_push(X509, (st), (val)) -+# define sk_X509_unshift(st, val) SKM_sk_unshift(X509, (st), (val)) -+# define sk_X509_find(st, val) SKM_sk_find(X509, (st), (val)) -+# define sk_X509_find_ex(st, val) SKM_sk_find_ex(X509, (st), (val)) -+# define sk_X509_delete(st, i) SKM_sk_delete(X509, (st), (i)) -+# define sk_X509_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509, (st), (ptr)) -+# define sk_X509_insert(st, val, i) SKM_sk_insert(X509, (st), (val), (i)) -+# define sk_X509_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509, (st), (cmp)) -+# define sk_X509_dup(st) SKM_sk_dup(X509, st) -+# define sk_X509_pop_free(st, free_func) SKM_sk_pop_free(X509, (st), (free_func)) -+# define sk_X509_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509, (st), (copy_func), (free_func)) -+# define sk_X509_shift(st) SKM_sk_shift(X509, (st)) -+# define sk_X509_pop(st) SKM_sk_pop(X509, (st)) -+# define sk_X509_sort(st) SKM_sk_sort(X509, (st)) -+# define sk_X509_is_sorted(st) SKM_sk_is_sorted(X509, (st)) -+# define sk_X509V3_EXT_METHOD_new(cmp) SKM_sk_new(X509V3_EXT_METHOD, (cmp)) -+# define sk_X509V3_EXT_METHOD_new_null() SKM_sk_new_null(X509V3_EXT_METHOD) -+# define sk_X509V3_EXT_METHOD_free(st) SKM_sk_free(X509V3_EXT_METHOD, (st)) -+# define sk_X509V3_EXT_METHOD_num(st) SKM_sk_num(X509V3_EXT_METHOD, (st)) -+# define sk_X509V3_EXT_METHOD_value(st, i) SKM_sk_value(X509V3_EXT_METHOD, (st), (i)) -+# define sk_X509V3_EXT_METHOD_set(st, i, val) SKM_sk_set(X509V3_EXT_METHOD, (st), (i), (val)) -+# define sk_X509V3_EXT_METHOD_zero(st) SKM_sk_zero(X509V3_EXT_METHOD, (st)) -+# define sk_X509V3_EXT_METHOD_push(st, val) SKM_sk_push(X509V3_EXT_METHOD, (st), (val)) -+# define sk_X509V3_EXT_METHOD_unshift(st, val) SKM_sk_unshift(X509V3_EXT_METHOD, (st), (val)) -+# define sk_X509V3_EXT_METHOD_find(st, val) SKM_sk_find(X509V3_EXT_METHOD, (st), (val)) -+# define sk_X509V3_EXT_METHOD_find_ex(st, val) SKM_sk_find_ex(X509V3_EXT_METHOD, (st), (val)) -+# define sk_X509V3_EXT_METHOD_delete(st, i) SKM_sk_delete(X509V3_EXT_METHOD, (st), (i)) -+# define sk_X509V3_EXT_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509V3_EXT_METHOD, (st), (ptr)) -+# define sk_X509V3_EXT_METHOD_insert(st, val, i) SKM_sk_insert(X509V3_EXT_METHOD, (st), (val), (i)) -+# define sk_X509V3_EXT_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509V3_EXT_METHOD, (st), (cmp)) -+# define sk_X509V3_EXT_METHOD_dup(st) SKM_sk_dup(X509V3_EXT_METHOD, st) -+# define sk_X509V3_EXT_METHOD_pop_free(st, free_func) SKM_sk_pop_free(X509V3_EXT_METHOD, (st), (free_func)) -+# define sk_X509V3_EXT_METHOD_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509V3_EXT_METHOD, (st), (copy_func), (free_func)) -+# define sk_X509V3_EXT_METHOD_shift(st) SKM_sk_shift(X509V3_EXT_METHOD, (st)) -+# define sk_X509V3_EXT_METHOD_pop(st) SKM_sk_pop(X509V3_EXT_METHOD, (st)) -+# define sk_X509V3_EXT_METHOD_sort(st) SKM_sk_sort(X509V3_EXT_METHOD, (st)) -+# define sk_X509V3_EXT_METHOD_is_sorted(st) SKM_sk_is_sorted(X509V3_EXT_METHOD, (st)) -+# define sk_X509_ALGOR_new(cmp) SKM_sk_new(X509_ALGOR, (cmp)) -+# define sk_X509_ALGOR_new_null() SKM_sk_new_null(X509_ALGOR) -+# define sk_X509_ALGOR_free(st) SKM_sk_free(X509_ALGOR, (st)) -+# define sk_X509_ALGOR_num(st) SKM_sk_num(X509_ALGOR, (st)) -+# define sk_X509_ALGOR_value(st, i) SKM_sk_value(X509_ALGOR, (st), (i)) -+# define sk_X509_ALGOR_set(st, i, val) SKM_sk_set(X509_ALGOR, (st), (i), (val)) -+# define sk_X509_ALGOR_zero(st) SKM_sk_zero(X509_ALGOR, (st)) -+# define sk_X509_ALGOR_push(st, val) SKM_sk_push(X509_ALGOR, (st), (val)) -+# define sk_X509_ALGOR_unshift(st, val) SKM_sk_unshift(X509_ALGOR, (st), (val)) -+# define sk_X509_ALGOR_find(st, val) SKM_sk_find(X509_ALGOR, (st), (val)) -+# define sk_X509_ALGOR_find_ex(st, val) SKM_sk_find_ex(X509_ALGOR, (st), (val)) -+# define sk_X509_ALGOR_delete(st, i) SKM_sk_delete(X509_ALGOR, (st), (i)) -+# define sk_X509_ALGOR_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ALGOR, (st), (ptr)) -+# define sk_X509_ALGOR_insert(st, val, i) SKM_sk_insert(X509_ALGOR, (st), (val), (i)) -+# define sk_X509_ALGOR_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ALGOR, (st), (cmp)) -+# define sk_X509_ALGOR_dup(st) SKM_sk_dup(X509_ALGOR, st) -+# define sk_X509_ALGOR_pop_free(st, free_func) SKM_sk_pop_free(X509_ALGOR, (st), (free_func)) -+# define sk_X509_ALGOR_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_ALGOR, (st), (copy_func), (free_func)) -+# define sk_X509_ALGOR_shift(st) SKM_sk_shift(X509_ALGOR, (st)) -+# define sk_X509_ALGOR_pop(st) SKM_sk_pop(X509_ALGOR, (st)) -+# define sk_X509_ALGOR_sort(st) SKM_sk_sort(X509_ALGOR, (st)) -+# define sk_X509_ALGOR_is_sorted(st) SKM_sk_is_sorted(X509_ALGOR, (st)) -+# define sk_X509_ATTRIBUTE_new(cmp) SKM_sk_new(X509_ATTRIBUTE, (cmp)) -+# define sk_X509_ATTRIBUTE_new_null() SKM_sk_new_null(X509_ATTRIBUTE) -+# define sk_X509_ATTRIBUTE_free(st) SKM_sk_free(X509_ATTRIBUTE, (st)) -+# define sk_X509_ATTRIBUTE_num(st) SKM_sk_num(X509_ATTRIBUTE, (st)) -+# define sk_X509_ATTRIBUTE_value(st, i) SKM_sk_value(X509_ATTRIBUTE, (st), (i)) -+# define sk_X509_ATTRIBUTE_set(st, i, val) SKM_sk_set(X509_ATTRIBUTE, (st), (i), (val)) -+# define sk_X509_ATTRIBUTE_zero(st) SKM_sk_zero(X509_ATTRIBUTE, (st)) -+# define sk_X509_ATTRIBUTE_push(st, val) SKM_sk_push(X509_ATTRIBUTE, (st), (val)) -+# define sk_X509_ATTRIBUTE_unshift(st, val) SKM_sk_unshift(X509_ATTRIBUTE, (st), (val)) -+# define sk_X509_ATTRIBUTE_find(st, val) SKM_sk_find(X509_ATTRIBUTE, (st), (val)) -+# define sk_X509_ATTRIBUTE_find_ex(st, val) SKM_sk_find_ex(X509_ATTRIBUTE, (st), (val)) -+# define sk_X509_ATTRIBUTE_delete(st, i) SKM_sk_delete(X509_ATTRIBUTE, (st), (i)) -+# define sk_X509_ATTRIBUTE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ATTRIBUTE, (st), (ptr)) -+# define sk_X509_ATTRIBUTE_insert(st, val, i) SKM_sk_insert(X509_ATTRIBUTE, (st), (val), (i)) -+# define sk_X509_ATTRIBUTE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ATTRIBUTE, (st), (cmp)) -+# define sk_X509_ATTRIBUTE_dup(st) SKM_sk_dup(X509_ATTRIBUTE, st) -+# define sk_X509_ATTRIBUTE_pop_free(st, free_func) SKM_sk_pop_free(X509_ATTRIBUTE, (st), (free_func)) -+# define sk_X509_ATTRIBUTE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_ATTRIBUTE, (st), (copy_func), (free_func)) -+# define sk_X509_ATTRIBUTE_shift(st) SKM_sk_shift(X509_ATTRIBUTE, (st)) -+# define sk_X509_ATTRIBUTE_pop(st) SKM_sk_pop(X509_ATTRIBUTE, (st)) -+# define sk_X509_ATTRIBUTE_sort(st) SKM_sk_sort(X509_ATTRIBUTE, (st)) -+# define sk_X509_ATTRIBUTE_is_sorted(st) SKM_sk_is_sorted(X509_ATTRIBUTE, (st)) -+# define sk_X509_CRL_new(cmp) SKM_sk_new(X509_CRL, (cmp)) -+# define sk_X509_CRL_new_null() SKM_sk_new_null(X509_CRL) -+# define sk_X509_CRL_free(st) SKM_sk_free(X509_CRL, (st)) -+# define sk_X509_CRL_num(st) SKM_sk_num(X509_CRL, (st)) -+# define sk_X509_CRL_value(st, i) SKM_sk_value(X509_CRL, (st), (i)) -+# define sk_X509_CRL_set(st, i, val) SKM_sk_set(X509_CRL, (st), (i), (val)) -+# define sk_X509_CRL_zero(st) SKM_sk_zero(X509_CRL, (st)) -+# define sk_X509_CRL_push(st, val) SKM_sk_push(X509_CRL, (st), (val)) -+# define sk_X509_CRL_unshift(st, val) SKM_sk_unshift(X509_CRL, (st), (val)) -+# define sk_X509_CRL_find(st, val) SKM_sk_find(X509_CRL, (st), (val)) -+# define sk_X509_CRL_find_ex(st, val) SKM_sk_find_ex(X509_CRL, (st), (val)) -+# define sk_X509_CRL_delete(st, i) SKM_sk_delete(X509_CRL, (st), (i)) -+# define sk_X509_CRL_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_CRL, (st), (ptr)) -+# define sk_X509_CRL_insert(st, val, i) SKM_sk_insert(X509_CRL, (st), (val), (i)) -+# define sk_X509_CRL_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_CRL, (st), (cmp)) -+# define sk_X509_CRL_dup(st) SKM_sk_dup(X509_CRL, st) -+# define sk_X509_CRL_pop_free(st, free_func) SKM_sk_pop_free(X509_CRL, (st), (free_func)) -+# define sk_X509_CRL_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_CRL, (st), (copy_func), (free_func)) -+# define sk_X509_CRL_shift(st) SKM_sk_shift(X509_CRL, (st)) -+# define sk_X509_CRL_pop(st) SKM_sk_pop(X509_CRL, (st)) -+# define sk_X509_CRL_sort(st) SKM_sk_sort(X509_CRL, (st)) -+# define sk_X509_CRL_is_sorted(st) SKM_sk_is_sorted(X509_CRL, (st)) -+# define sk_X509_EXTENSION_new(cmp) SKM_sk_new(X509_EXTENSION, (cmp)) -+# define sk_X509_EXTENSION_new_null() SKM_sk_new_null(X509_EXTENSION) -+# define sk_X509_EXTENSION_free(st) SKM_sk_free(X509_EXTENSION, (st)) -+# define sk_X509_EXTENSION_num(st) SKM_sk_num(X509_EXTENSION, (st)) -+# define sk_X509_EXTENSION_value(st, i) SKM_sk_value(X509_EXTENSION, (st), (i)) -+# define sk_X509_EXTENSION_set(st, i, val) SKM_sk_set(X509_EXTENSION, (st), (i), (val)) -+# define sk_X509_EXTENSION_zero(st) SKM_sk_zero(X509_EXTENSION, (st)) -+# define sk_X509_EXTENSION_push(st, val) SKM_sk_push(X509_EXTENSION, (st), (val)) -+# define sk_X509_EXTENSION_unshift(st, val) SKM_sk_unshift(X509_EXTENSION, (st), (val)) -+# define sk_X509_EXTENSION_find(st, val) SKM_sk_find(X509_EXTENSION, (st), (val)) -+# define sk_X509_EXTENSION_find_ex(st, val) SKM_sk_find_ex(X509_EXTENSION, (st), (val)) -+# define sk_X509_EXTENSION_delete(st, i) SKM_sk_delete(X509_EXTENSION, (st), (i)) -+# define sk_X509_EXTENSION_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_EXTENSION, (st), (ptr)) -+# define sk_X509_EXTENSION_insert(st, val, i) SKM_sk_insert(X509_EXTENSION, (st), (val), (i)) -+# define sk_X509_EXTENSION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_EXTENSION, (st), (cmp)) -+# define sk_X509_EXTENSION_dup(st) SKM_sk_dup(X509_EXTENSION, st) -+# define sk_X509_EXTENSION_pop_free(st, free_func) SKM_sk_pop_free(X509_EXTENSION, (st), (free_func)) -+# define sk_X509_EXTENSION_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_EXTENSION, (st), (copy_func), (free_func)) -+# define sk_X509_EXTENSION_shift(st) SKM_sk_shift(X509_EXTENSION, (st)) -+# define sk_X509_EXTENSION_pop(st) SKM_sk_pop(X509_EXTENSION, (st)) -+# define sk_X509_EXTENSION_sort(st) SKM_sk_sort(X509_EXTENSION, (st)) -+# define sk_X509_EXTENSION_is_sorted(st) SKM_sk_is_sorted(X509_EXTENSION, (st)) -+# define sk_X509_INFO_new(cmp) SKM_sk_new(X509_INFO, (cmp)) -+# define sk_X509_INFO_new_null() SKM_sk_new_null(X509_INFO) -+# define sk_X509_INFO_free(st) SKM_sk_free(X509_INFO, (st)) -+# define sk_X509_INFO_num(st) SKM_sk_num(X509_INFO, (st)) -+# define sk_X509_INFO_value(st, i) SKM_sk_value(X509_INFO, (st), (i)) -+# define sk_X509_INFO_set(st, i, val) SKM_sk_set(X509_INFO, (st), (i), (val)) -+# define sk_X509_INFO_zero(st) SKM_sk_zero(X509_INFO, (st)) -+# define sk_X509_INFO_push(st, val) SKM_sk_push(X509_INFO, (st), (val)) -+# define sk_X509_INFO_unshift(st, val) SKM_sk_unshift(X509_INFO, (st), (val)) -+# define sk_X509_INFO_find(st, val) SKM_sk_find(X509_INFO, (st), (val)) -+# define sk_X509_INFO_find_ex(st, val) SKM_sk_find_ex(X509_INFO, (st), (val)) -+# define sk_X509_INFO_delete(st, i) SKM_sk_delete(X509_INFO, (st), (i)) -+# define sk_X509_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_INFO, (st), (ptr)) -+# define sk_X509_INFO_insert(st, val, i) SKM_sk_insert(X509_INFO, (st), (val), (i)) -+# define sk_X509_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_INFO, (st), (cmp)) -+# define sk_X509_INFO_dup(st) SKM_sk_dup(X509_INFO, st) -+# define sk_X509_INFO_pop_free(st, free_func) SKM_sk_pop_free(X509_INFO, (st), (free_func)) -+# define sk_X509_INFO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_INFO, (st), (copy_func), (free_func)) -+# define sk_X509_INFO_shift(st) SKM_sk_shift(X509_INFO, (st)) -+# define sk_X509_INFO_pop(st) SKM_sk_pop(X509_INFO, (st)) -+# define sk_X509_INFO_sort(st) SKM_sk_sort(X509_INFO, (st)) -+# define sk_X509_INFO_is_sorted(st) SKM_sk_is_sorted(X509_INFO, (st)) -+# define sk_X509_LOOKUP_new(cmp) SKM_sk_new(X509_LOOKUP, (cmp)) -+# define sk_X509_LOOKUP_new_null() SKM_sk_new_null(X509_LOOKUP) -+# define sk_X509_LOOKUP_free(st) SKM_sk_free(X509_LOOKUP, (st)) -+# define sk_X509_LOOKUP_num(st) SKM_sk_num(X509_LOOKUP, (st)) -+# define sk_X509_LOOKUP_value(st, i) SKM_sk_value(X509_LOOKUP, (st), (i)) -+# define sk_X509_LOOKUP_set(st, i, val) SKM_sk_set(X509_LOOKUP, (st), (i), (val)) -+# define sk_X509_LOOKUP_zero(st) SKM_sk_zero(X509_LOOKUP, (st)) -+# define sk_X509_LOOKUP_push(st, val) SKM_sk_push(X509_LOOKUP, (st), (val)) -+# define sk_X509_LOOKUP_unshift(st, val) SKM_sk_unshift(X509_LOOKUP, (st), (val)) -+# define sk_X509_LOOKUP_find(st, val) SKM_sk_find(X509_LOOKUP, (st), (val)) -+# define sk_X509_LOOKUP_find_ex(st, val) SKM_sk_find_ex(X509_LOOKUP, (st), (val)) -+# define sk_X509_LOOKUP_delete(st, i) SKM_sk_delete(X509_LOOKUP, (st), (i)) -+# define sk_X509_LOOKUP_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_LOOKUP, (st), (ptr)) -+# define sk_X509_LOOKUP_insert(st, val, i) SKM_sk_insert(X509_LOOKUP, (st), (val), (i)) -+# define sk_X509_LOOKUP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_LOOKUP, (st), (cmp)) -+# define sk_X509_LOOKUP_dup(st) SKM_sk_dup(X509_LOOKUP, st) -+# define sk_X509_LOOKUP_pop_free(st, free_func) SKM_sk_pop_free(X509_LOOKUP, (st), (free_func)) -+# define sk_X509_LOOKUP_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_LOOKUP, (st), (copy_func), (free_func)) -+# define sk_X509_LOOKUP_shift(st) SKM_sk_shift(X509_LOOKUP, (st)) -+# define sk_X509_LOOKUP_pop(st) SKM_sk_pop(X509_LOOKUP, (st)) -+# define sk_X509_LOOKUP_sort(st) SKM_sk_sort(X509_LOOKUP, (st)) -+# define sk_X509_LOOKUP_is_sorted(st) SKM_sk_is_sorted(X509_LOOKUP, (st)) -+# define sk_X509_NAME_new(cmp) SKM_sk_new(X509_NAME, (cmp)) -+# define sk_X509_NAME_new_null() SKM_sk_new_null(X509_NAME) -+# define sk_X509_NAME_free(st) SKM_sk_free(X509_NAME, (st)) -+# define sk_X509_NAME_num(st) SKM_sk_num(X509_NAME, (st)) -+# define sk_X509_NAME_value(st, i) SKM_sk_value(X509_NAME, (st), (i)) -+# define sk_X509_NAME_set(st, i, val) SKM_sk_set(X509_NAME, (st), (i), (val)) -+# define sk_X509_NAME_zero(st) SKM_sk_zero(X509_NAME, (st)) -+# define sk_X509_NAME_push(st, val) SKM_sk_push(X509_NAME, (st), (val)) -+# define sk_X509_NAME_unshift(st, val) SKM_sk_unshift(X509_NAME, (st), (val)) -+# define sk_X509_NAME_find(st, val) SKM_sk_find(X509_NAME, (st), (val)) -+# define sk_X509_NAME_find_ex(st, val) SKM_sk_find_ex(X509_NAME, (st), (val)) -+# define sk_X509_NAME_delete(st, i) SKM_sk_delete(X509_NAME, (st), (i)) -+# define sk_X509_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME, (st), (ptr)) -+# define sk_X509_NAME_insert(st, val, i) SKM_sk_insert(X509_NAME, (st), (val), (i)) -+# define sk_X509_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME, (st), (cmp)) -+# define sk_X509_NAME_dup(st) SKM_sk_dup(X509_NAME, st) -+# define sk_X509_NAME_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME, (st), (free_func)) -+# define sk_X509_NAME_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_NAME, (st), (copy_func), (free_func)) -+# define sk_X509_NAME_shift(st) SKM_sk_shift(X509_NAME, (st)) -+# define sk_X509_NAME_pop(st) SKM_sk_pop(X509_NAME, (st)) -+# define sk_X509_NAME_sort(st) SKM_sk_sort(X509_NAME, (st)) -+# define sk_X509_NAME_is_sorted(st) SKM_sk_is_sorted(X509_NAME, (st)) -+# define sk_X509_NAME_ENTRY_new(cmp) SKM_sk_new(X509_NAME_ENTRY, (cmp)) -+# define sk_X509_NAME_ENTRY_new_null() SKM_sk_new_null(X509_NAME_ENTRY) -+# define sk_X509_NAME_ENTRY_free(st) SKM_sk_free(X509_NAME_ENTRY, (st)) -+# define sk_X509_NAME_ENTRY_num(st) SKM_sk_num(X509_NAME_ENTRY, (st)) -+# define sk_X509_NAME_ENTRY_value(st, i) SKM_sk_value(X509_NAME_ENTRY, (st), (i)) -+# define sk_X509_NAME_ENTRY_set(st, i, val) SKM_sk_set(X509_NAME_ENTRY, (st), (i), (val)) -+# define sk_X509_NAME_ENTRY_zero(st) SKM_sk_zero(X509_NAME_ENTRY, (st)) -+# define sk_X509_NAME_ENTRY_push(st, val) SKM_sk_push(X509_NAME_ENTRY, (st), (val)) -+# define sk_X509_NAME_ENTRY_unshift(st, val) SKM_sk_unshift(X509_NAME_ENTRY, (st), (val)) -+# define sk_X509_NAME_ENTRY_find(st, val) SKM_sk_find(X509_NAME_ENTRY, (st), (val)) -+# define sk_X509_NAME_ENTRY_find_ex(st, val) SKM_sk_find_ex(X509_NAME_ENTRY, (st), (val)) -+# define sk_X509_NAME_ENTRY_delete(st, i) SKM_sk_delete(X509_NAME_ENTRY, (st), (i)) -+# define sk_X509_NAME_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME_ENTRY, (st), (ptr)) -+# define sk_X509_NAME_ENTRY_insert(st, val, i) SKM_sk_insert(X509_NAME_ENTRY, (st), (val), (i)) -+# define sk_X509_NAME_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME_ENTRY, (st), (cmp)) -+# define sk_X509_NAME_ENTRY_dup(st) SKM_sk_dup(X509_NAME_ENTRY, st) -+# define sk_X509_NAME_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME_ENTRY, (st), (free_func)) -+# define sk_X509_NAME_ENTRY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_NAME_ENTRY, (st), (copy_func), (free_func)) -+# define sk_X509_NAME_ENTRY_shift(st) SKM_sk_shift(X509_NAME_ENTRY, (st)) -+# define sk_X509_NAME_ENTRY_pop(st) SKM_sk_pop(X509_NAME_ENTRY, (st)) -+# define sk_X509_NAME_ENTRY_sort(st) SKM_sk_sort(X509_NAME_ENTRY, (st)) -+# define sk_X509_NAME_ENTRY_is_sorted(st) SKM_sk_is_sorted(X509_NAME_ENTRY, (st)) -+# define sk_X509_OBJECT_new(cmp) SKM_sk_new(X509_OBJECT, (cmp)) -+# define sk_X509_OBJECT_new_null() SKM_sk_new_null(X509_OBJECT) -+# define sk_X509_OBJECT_free(st) SKM_sk_free(X509_OBJECT, (st)) -+# define sk_X509_OBJECT_num(st) SKM_sk_num(X509_OBJECT, (st)) -+# define sk_X509_OBJECT_value(st, i) SKM_sk_value(X509_OBJECT, (st), (i)) -+# define sk_X509_OBJECT_set(st, i, val) SKM_sk_set(X509_OBJECT, (st), (i), (val)) -+# define sk_X509_OBJECT_zero(st) SKM_sk_zero(X509_OBJECT, (st)) -+# define sk_X509_OBJECT_push(st, val) SKM_sk_push(X509_OBJECT, (st), (val)) -+# define sk_X509_OBJECT_unshift(st, val) SKM_sk_unshift(X509_OBJECT, (st), (val)) -+# define sk_X509_OBJECT_find(st, val) SKM_sk_find(X509_OBJECT, (st), (val)) -+# define sk_X509_OBJECT_find_ex(st, val) SKM_sk_find_ex(X509_OBJECT, (st), (val)) -+# define sk_X509_OBJECT_delete(st, i) SKM_sk_delete(X509_OBJECT, (st), (i)) -+# define sk_X509_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_OBJECT, (st), (ptr)) -+# define sk_X509_OBJECT_insert(st, val, i) SKM_sk_insert(X509_OBJECT, (st), (val), (i)) -+# define sk_X509_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_OBJECT, (st), (cmp)) -+# define sk_X509_OBJECT_dup(st) SKM_sk_dup(X509_OBJECT, st) -+# define sk_X509_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(X509_OBJECT, (st), (free_func)) -+# define sk_X509_OBJECT_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_OBJECT, (st), (copy_func), (free_func)) -+# define sk_X509_OBJECT_shift(st) SKM_sk_shift(X509_OBJECT, (st)) -+# define sk_X509_OBJECT_pop(st) SKM_sk_pop(X509_OBJECT, (st)) -+# define sk_X509_OBJECT_sort(st) SKM_sk_sort(X509_OBJECT, (st)) -+# define sk_X509_OBJECT_is_sorted(st) SKM_sk_is_sorted(X509_OBJECT, (st)) -+# define sk_X509_POLICY_DATA_new(cmp) SKM_sk_new(X509_POLICY_DATA, (cmp)) -+# define sk_X509_POLICY_DATA_new_null() SKM_sk_new_null(X509_POLICY_DATA) -+# define sk_X509_POLICY_DATA_free(st) SKM_sk_free(X509_POLICY_DATA, (st)) -+# define sk_X509_POLICY_DATA_num(st) SKM_sk_num(X509_POLICY_DATA, (st)) -+# define sk_X509_POLICY_DATA_value(st, i) SKM_sk_value(X509_POLICY_DATA, (st), (i)) -+# define sk_X509_POLICY_DATA_set(st, i, val) SKM_sk_set(X509_POLICY_DATA, (st), (i), (val)) -+# define sk_X509_POLICY_DATA_zero(st) SKM_sk_zero(X509_POLICY_DATA, (st)) -+# define sk_X509_POLICY_DATA_push(st, val) SKM_sk_push(X509_POLICY_DATA, (st), (val)) -+# define sk_X509_POLICY_DATA_unshift(st, val) SKM_sk_unshift(X509_POLICY_DATA, (st), (val)) -+# define sk_X509_POLICY_DATA_find(st, val) SKM_sk_find(X509_POLICY_DATA, (st), (val)) -+# define sk_X509_POLICY_DATA_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_DATA, (st), (val)) -+# define sk_X509_POLICY_DATA_delete(st, i) SKM_sk_delete(X509_POLICY_DATA, (st), (i)) -+# define sk_X509_POLICY_DATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_DATA, (st), (ptr)) -+# define sk_X509_POLICY_DATA_insert(st, val, i) SKM_sk_insert(X509_POLICY_DATA, (st), (val), (i)) -+# define sk_X509_POLICY_DATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_DATA, (st), (cmp)) -+# define sk_X509_POLICY_DATA_dup(st) SKM_sk_dup(X509_POLICY_DATA, st) -+# define sk_X509_POLICY_DATA_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_DATA, (st), (free_func)) -+# define sk_X509_POLICY_DATA_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_POLICY_DATA, (st), (copy_func), (free_func)) -+# define sk_X509_POLICY_DATA_shift(st) SKM_sk_shift(X509_POLICY_DATA, (st)) -+# define sk_X509_POLICY_DATA_pop(st) SKM_sk_pop(X509_POLICY_DATA, (st)) -+# define sk_X509_POLICY_DATA_sort(st) SKM_sk_sort(X509_POLICY_DATA, (st)) -+# define sk_X509_POLICY_DATA_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_DATA, (st)) -+# define sk_X509_POLICY_NODE_new(cmp) SKM_sk_new(X509_POLICY_NODE, (cmp)) -+# define sk_X509_POLICY_NODE_new_null() SKM_sk_new_null(X509_POLICY_NODE) -+# define sk_X509_POLICY_NODE_free(st) SKM_sk_free(X509_POLICY_NODE, (st)) -+# define sk_X509_POLICY_NODE_num(st) SKM_sk_num(X509_POLICY_NODE, (st)) -+# define sk_X509_POLICY_NODE_value(st, i) SKM_sk_value(X509_POLICY_NODE, (st), (i)) -+# define sk_X509_POLICY_NODE_set(st, i, val) SKM_sk_set(X509_POLICY_NODE, (st), (i), (val)) -+# define sk_X509_POLICY_NODE_zero(st) SKM_sk_zero(X509_POLICY_NODE, (st)) -+# define sk_X509_POLICY_NODE_push(st, val) SKM_sk_push(X509_POLICY_NODE, (st), (val)) -+# define sk_X509_POLICY_NODE_unshift(st, val) SKM_sk_unshift(X509_POLICY_NODE, (st), (val)) -+# define sk_X509_POLICY_NODE_find(st, val) SKM_sk_find(X509_POLICY_NODE, (st), (val)) -+# define sk_X509_POLICY_NODE_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_NODE, (st), (val)) -+# define sk_X509_POLICY_NODE_delete(st, i) SKM_sk_delete(X509_POLICY_NODE, (st), (i)) -+# define sk_X509_POLICY_NODE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_NODE, (st), (ptr)) -+# define sk_X509_POLICY_NODE_insert(st, val, i) SKM_sk_insert(X509_POLICY_NODE, (st), (val), (i)) -+# define sk_X509_POLICY_NODE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_NODE, (st), (cmp)) -+# define sk_X509_POLICY_NODE_dup(st) SKM_sk_dup(X509_POLICY_NODE, st) -+# define sk_X509_POLICY_NODE_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_NODE, (st), (free_func)) -+# define sk_X509_POLICY_NODE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_POLICY_NODE, (st), (copy_func), (free_func)) -+# define sk_X509_POLICY_NODE_shift(st) SKM_sk_shift(X509_POLICY_NODE, (st)) -+# define sk_X509_POLICY_NODE_pop(st) SKM_sk_pop(X509_POLICY_NODE, (st)) -+# define sk_X509_POLICY_NODE_sort(st) SKM_sk_sort(X509_POLICY_NODE, (st)) -+# define sk_X509_POLICY_NODE_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_NODE, (st)) -+# define sk_X509_PURPOSE_new(cmp) SKM_sk_new(X509_PURPOSE, (cmp)) -+# define sk_X509_PURPOSE_new_null() SKM_sk_new_null(X509_PURPOSE) -+# define sk_X509_PURPOSE_free(st) SKM_sk_free(X509_PURPOSE, (st)) -+# define sk_X509_PURPOSE_num(st) SKM_sk_num(X509_PURPOSE, (st)) -+# define sk_X509_PURPOSE_value(st, i) SKM_sk_value(X509_PURPOSE, (st), (i)) -+# define sk_X509_PURPOSE_set(st, i, val) SKM_sk_set(X509_PURPOSE, (st), (i), (val)) -+# define sk_X509_PURPOSE_zero(st) SKM_sk_zero(X509_PURPOSE, (st)) -+# define sk_X509_PURPOSE_push(st, val) SKM_sk_push(X509_PURPOSE, (st), (val)) -+# define sk_X509_PURPOSE_unshift(st, val) SKM_sk_unshift(X509_PURPOSE, (st), (val)) -+# define sk_X509_PURPOSE_find(st, val) SKM_sk_find(X509_PURPOSE, (st), (val)) -+# define sk_X509_PURPOSE_find_ex(st, val) SKM_sk_find_ex(X509_PURPOSE, (st), (val)) -+# define sk_X509_PURPOSE_delete(st, i) SKM_sk_delete(X509_PURPOSE, (st), (i)) -+# define sk_X509_PURPOSE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_PURPOSE, (st), (ptr)) -+# define sk_X509_PURPOSE_insert(st, val, i) SKM_sk_insert(X509_PURPOSE, (st), (val), (i)) -+# define sk_X509_PURPOSE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_PURPOSE, (st), (cmp)) -+# define sk_X509_PURPOSE_dup(st) SKM_sk_dup(X509_PURPOSE, st) -+# define sk_X509_PURPOSE_pop_free(st, free_func) SKM_sk_pop_free(X509_PURPOSE, (st), (free_func)) -+# define sk_X509_PURPOSE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_PURPOSE, (st), (copy_func), (free_func)) -+# define sk_X509_PURPOSE_shift(st) SKM_sk_shift(X509_PURPOSE, (st)) -+# define sk_X509_PURPOSE_pop(st) SKM_sk_pop(X509_PURPOSE, (st)) -+# define sk_X509_PURPOSE_sort(st) SKM_sk_sort(X509_PURPOSE, (st)) -+# define sk_X509_PURPOSE_is_sorted(st) SKM_sk_is_sorted(X509_PURPOSE, (st)) -+# define sk_X509_REVOKED_new(cmp) SKM_sk_new(X509_REVOKED, (cmp)) -+# define sk_X509_REVOKED_new_null() SKM_sk_new_null(X509_REVOKED) -+# define sk_X509_REVOKED_free(st) SKM_sk_free(X509_REVOKED, (st)) -+# define sk_X509_REVOKED_num(st) SKM_sk_num(X509_REVOKED, (st)) -+# define sk_X509_REVOKED_value(st, i) SKM_sk_value(X509_REVOKED, (st), (i)) -+# define sk_X509_REVOKED_set(st, i, val) SKM_sk_set(X509_REVOKED, (st), (i), (val)) -+# define sk_X509_REVOKED_zero(st) SKM_sk_zero(X509_REVOKED, (st)) -+# define sk_X509_REVOKED_push(st, val) SKM_sk_push(X509_REVOKED, (st), (val)) -+# define sk_X509_REVOKED_unshift(st, val) SKM_sk_unshift(X509_REVOKED, (st), (val)) -+# define sk_X509_REVOKED_find(st, val) SKM_sk_find(X509_REVOKED, (st), (val)) -+# define sk_X509_REVOKED_find_ex(st, val) SKM_sk_find_ex(X509_REVOKED, (st), (val)) -+# define sk_X509_REVOKED_delete(st, i) SKM_sk_delete(X509_REVOKED, (st), (i)) -+# define sk_X509_REVOKED_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_REVOKED, (st), (ptr)) -+# define sk_X509_REVOKED_insert(st, val, i) SKM_sk_insert(X509_REVOKED, (st), (val), (i)) -+# define sk_X509_REVOKED_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_REVOKED, (st), (cmp)) -+# define sk_X509_REVOKED_dup(st) SKM_sk_dup(X509_REVOKED, st) -+# define sk_X509_REVOKED_pop_free(st, free_func) SKM_sk_pop_free(X509_REVOKED, (st), (free_func)) -+# define sk_X509_REVOKED_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_REVOKED, (st), (copy_func), (free_func)) -+# define sk_X509_REVOKED_shift(st) SKM_sk_shift(X509_REVOKED, (st)) -+# define sk_X509_REVOKED_pop(st) SKM_sk_pop(X509_REVOKED, (st)) -+# define sk_X509_REVOKED_sort(st) SKM_sk_sort(X509_REVOKED, (st)) -+# define sk_X509_REVOKED_is_sorted(st) SKM_sk_is_sorted(X509_REVOKED, (st)) -+# define sk_X509_TRUST_new(cmp) SKM_sk_new(X509_TRUST, (cmp)) -+# define sk_X509_TRUST_new_null() SKM_sk_new_null(X509_TRUST) -+# define sk_X509_TRUST_free(st) SKM_sk_free(X509_TRUST, (st)) -+# define sk_X509_TRUST_num(st) SKM_sk_num(X509_TRUST, (st)) -+# define sk_X509_TRUST_value(st, i) SKM_sk_value(X509_TRUST, (st), (i)) -+# define sk_X509_TRUST_set(st, i, val) SKM_sk_set(X509_TRUST, (st), (i), (val)) -+# define sk_X509_TRUST_zero(st) SKM_sk_zero(X509_TRUST, (st)) -+# define sk_X509_TRUST_push(st, val) SKM_sk_push(X509_TRUST, (st), (val)) -+# define sk_X509_TRUST_unshift(st, val) SKM_sk_unshift(X509_TRUST, (st), (val)) -+# define sk_X509_TRUST_find(st, val) SKM_sk_find(X509_TRUST, (st), (val)) -+# define sk_X509_TRUST_find_ex(st, val) SKM_sk_find_ex(X509_TRUST, (st), (val)) -+# define sk_X509_TRUST_delete(st, i) SKM_sk_delete(X509_TRUST, (st), (i)) -+# define sk_X509_TRUST_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_TRUST, (st), (ptr)) -+# define sk_X509_TRUST_insert(st, val, i) SKM_sk_insert(X509_TRUST, (st), (val), (i)) -+# define sk_X509_TRUST_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_TRUST, (st), (cmp)) -+# define sk_X509_TRUST_dup(st) SKM_sk_dup(X509_TRUST, st) -+# define sk_X509_TRUST_pop_free(st, free_func) SKM_sk_pop_free(X509_TRUST, (st), (free_func)) -+# define sk_X509_TRUST_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_TRUST, (st), (copy_func), (free_func)) -+# define sk_X509_TRUST_shift(st) SKM_sk_shift(X509_TRUST, (st)) -+# define sk_X509_TRUST_pop(st) SKM_sk_pop(X509_TRUST, (st)) -+# define sk_X509_TRUST_sort(st) SKM_sk_sort(X509_TRUST, (st)) -+# define sk_X509_TRUST_is_sorted(st) SKM_sk_is_sorted(X509_TRUST, (st)) -+# define sk_X509_VERIFY_PARAM_new(cmp) SKM_sk_new(X509_VERIFY_PARAM, (cmp)) -+# define sk_X509_VERIFY_PARAM_new_null() SKM_sk_new_null(X509_VERIFY_PARAM) -+# define sk_X509_VERIFY_PARAM_free(st) SKM_sk_free(X509_VERIFY_PARAM, (st)) -+# define sk_X509_VERIFY_PARAM_num(st) SKM_sk_num(X509_VERIFY_PARAM, (st)) -+# define sk_X509_VERIFY_PARAM_value(st, i) SKM_sk_value(X509_VERIFY_PARAM, (st), (i)) -+# define sk_X509_VERIFY_PARAM_set(st, i, val) SKM_sk_set(X509_VERIFY_PARAM, (st), (i), (val)) -+# define sk_X509_VERIFY_PARAM_zero(st) SKM_sk_zero(X509_VERIFY_PARAM, (st)) -+# define sk_X509_VERIFY_PARAM_push(st, val) SKM_sk_push(X509_VERIFY_PARAM, (st), (val)) -+# define sk_X509_VERIFY_PARAM_unshift(st, val) SKM_sk_unshift(X509_VERIFY_PARAM, (st), (val)) -+# define sk_X509_VERIFY_PARAM_find(st, val) SKM_sk_find(X509_VERIFY_PARAM, (st), (val)) -+# define sk_X509_VERIFY_PARAM_find_ex(st, val) SKM_sk_find_ex(X509_VERIFY_PARAM, (st), (val)) -+# define sk_X509_VERIFY_PARAM_delete(st, i) SKM_sk_delete(X509_VERIFY_PARAM, (st), (i)) -+# define sk_X509_VERIFY_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_VERIFY_PARAM, (st), (ptr)) -+# define sk_X509_VERIFY_PARAM_insert(st, val, i) SKM_sk_insert(X509_VERIFY_PARAM, (st), (val), (i)) -+# define sk_X509_VERIFY_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_VERIFY_PARAM, (st), (cmp)) -+# define sk_X509_VERIFY_PARAM_dup(st) SKM_sk_dup(X509_VERIFY_PARAM, st) -+# define sk_X509_VERIFY_PARAM_pop_free(st, free_func) SKM_sk_pop_free(X509_VERIFY_PARAM, (st), (free_func)) -+# define sk_X509_VERIFY_PARAM_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_VERIFY_PARAM, (st), (copy_func), (free_func)) -+# define sk_X509_VERIFY_PARAM_shift(st) SKM_sk_shift(X509_VERIFY_PARAM, (st)) -+# define sk_X509_VERIFY_PARAM_pop(st) SKM_sk_pop(X509_VERIFY_PARAM, (st)) -+# define sk_X509_VERIFY_PARAM_sort(st) SKM_sk_sort(X509_VERIFY_PARAM, (st)) -+# define sk_X509_VERIFY_PARAM_is_sorted(st) SKM_sk_is_sorted(X509_VERIFY_PARAM, (st)) -+# define sk_nid_triple_new(cmp) SKM_sk_new(nid_triple, (cmp)) -+# define sk_nid_triple_new_null() SKM_sk_new_null(nid_triple) -+# define sk_nid_triple_free(st) SKM_sk_free(nid_triple, (st)) -+# define sk_nid_triple_num(st) SKM_sk_num(nid_triple, (st)) -+# define sk_nid_triple_value(st, i) SKM_sk_value(nid_triple, (st), (i)) -+# define sk_nid_triple_set(st, i, val) SKM_sk_set(nid_triple, (st), (i), (val)) -+# define sk_nid_triple_zero(st) SKM_sk_zero(nid_triple, (st)) -+# define sk_nid_triple_push(st, val) SKM_sk_push(nid_triple, (st), (val)) -+# define sk_nid_triple_unshift(st, val) SKM_sk_unshift(nid_triple, (st), (val)) -+# define sk_nid_triple_find(st, val) SKM_sk_find(nid_triple, (st), (val)) -+# define sk_nid_triple_find_ex(st, val) SKM_sk_find_ex(nid_triple, (st), (val)) -+# define sk_nid_triple_delete(st, i) SKM_sk_delete(nid_triple, (st), (i)) -+# define sk_nid_triple_delete_ptr(st, ptr) SKM_sk_delete_ptr(nid_triple, (st), (ptr)) -+# define sk_nid_triple_insert(st, val, i) SKM_sk_insert(nid_triple, (st), (val), (i)) -+# define sk_nid_triple_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(nid_triple, (st), (cmp)) -+# define sk_nid_triple_dup(st) SKM_sk_dup(nid_triple, st) -+# define sk_nid_triple_pop_free(st, free_func) SKM_sk_pop_free(nid_triple, (st), (free_func)) -+# define sk_nid_triple_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(nid_triple, (st), (copy_func), (free_func)) -+# define sk_nid_triple_shift(st) SKM_sk_shift(nid_triple, (st)) -+# define sk_nid_triple_pop(st) SKM_sk_pop(nid_triple, (st)) -+# define sk_nid_triple_sort(st) SKM_sk_sort(nid_triple, (st)) -+# define sk_nid_triple_is_sorted(st) SKM_sk_is_sorted(nid_triple, (st)) -+# define sk_void_new(cmp) SKM_sk_new(void, (cmp)) -+# define sk_void_new_null() SKM_sk_new_null(void) -+# define sk_void_free(st) SKM_sk_free(void, (st)) -+# define sk_void_num(st) SKM_sk_num(void, (st)) -+# define sk_void_value(st, i) SKM_sk_value(void, (st), (i)) -+# define sk_void_set(st, i, val) SKM_sk_set(void, (st), (i), (val)) -+# define sk_void_zero(st) SKM_sk_zero(void, (st)) -+# define sk_void_push(st, val) SKM_sk_push(void, (st), (val)) -+# define sk_void_unshift(st, val) SKM_sk_unshift(void, (st), (val)) -+# define sk_void_find(st, val) SKM_sk_find(void, (st), (val)) -+# define sk_void_find_ex(st, val) SKM_sk_find_ex(void, (st), (val)) -+# define sk_void_delete(st, i) SKM_sk_delete(void, (st), (i)) -+# define sk_void_delete_ptr(st, ptr) SKM_sk_delete_ptr(void, (st), (ptr)) -+# define sk_void_insert(st, val, i) SKM_sk_insert(void, (st), (val), (i)) -+# define sk_void_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(void, (st), (cmp)) -+# define sk_void_dup(st) SKM_sk_dup(void, st) -+# define sk_void_pop_free(st, free_func) SKM_sk_pop_free(void, (st), (free_func)) -+# define sk_void_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(void, (st), (copy_func), (free_func)) -+# define sk_void_shift(st) SKM_sk_shift(void, (st)) -+# define sk_void_pop(st) SKM_sk_pop(void, (st)) -+# define sk_void_sort(st) SKM_sk_sort(void, (st)) -+# define sk_void_is_sorted(st) SKM_sk_is_sorted(void, (st)) -+# define sk_OPENSSL_STRING_new(cmp) ((STACK_OF(OPENSSL_STRING) *)sk_new(CHECKED_SK_CMP_FUNC(char, cmp))) -+# define sk_OPENSSL_STRING_new_null() ((STACK_OF(OPENSSL_STRING) *)sk_new_null()) -+# define sk_OPENSSL_STRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) -+# define sk_OPENSSL_STRING_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) -+# define sk_OPENSSL_STRING_value(st, i) ((OPENSSL_STRING)sk_value(CHECKED_STACK_OF(OPENSSL_STRING, st), i)) -+# define sk_OPENSSL_STRING_num(st) SKM_sk_num(OPENSSL_STRING, st) -+# define sk_OPENSSL_STRING_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_FREE_FUNC(char, free_func)) -+# define sk_OPENSSL_STRING_deep_copy(st, copy_func, free_func) ((STACK_OF(OPENSSL_STRING) *)sk_deep_copy(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_COPY_FUNC(char, copy_func), CHECKED_SK_FREE_FUNC(char, free_func))) -+# define sk_OPENSSL_STRING_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val), i) -+# define sk_OPENSSL_STRING_free(st) SKM_sk_free(OPENSSL_STRING, st) -+# define sk_OPENSSL_STRING_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_STRING, st), i, CHECKED_PTR_OF(char, val)) -+# define sk_OPENSSL_STRING_zero(st) SKM_sk_zero(OPENSSL_STRING, (st)) -+# define sk_OPENSSL_STRING_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) -+# define sk_OPENSSL_STRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_CONST_PTR_OF(char, val)) -+# define sk_OPENSSL_STRING_delete(st, i) SKM_sk_delete(OPENSSL_STRING, (st), (i)) -+# define sk_OPENSSL_STRING_delete_ptr(st, ptr) (OPENSSL_STRING *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, ptr)) -+# define sk_OPENSSL_STRING_set_cmp_func(st, cmp) \ -+ ((int (*)(const char * const *,const char * const *)) \ -+ sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_CMP_FUNC(char, cmp))) -+# define sk_OPENSSL_STRING_dup(st) SKM_sk_dup(OPENSSL_STRING, st) -+# define sk_OPENSSL_STRING_shift(st) SKM_sk_shift(OPENSSL_STRING, (st)) -+# define sk_OPENSSL_STRING_pop(st) (char *)sk_pop(CHECKED_STACK_OF(OPENSSL_STRING, st)) -+# define sk_OPENSSL_STRING_sort(st) SKM_sk_sort(OPENSSL_STRING, (st)) -+# define sk_OPENSSL_STRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_STRING, (st)) -+# define sk_OPENSSL_BLOCK_new(cmp) ((STACK_OF(OPENSSL_BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp))) -+# define sk_OPENSSL_BLOCK_new_null() ((STACK_OF(OPENSSL_BLOCK) *)sk_new_null()) -+# define sk_OPENSSL_BLOCK_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val)) -+# define sk_OPENSSL_BLOCK_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val)) -+# define sk_OPENSSL_BLOCK_value(st, i) ((OPENSSL_BLOCK)sk_value(CHECKED_STACK_OF(OPENSSL_BLOCK, st), i)) -+# define sk_OPENSSL_BLOCK_num(st) SKM_sk_num(OPENSSL_BLOCK, st) -+# define sk_OPENSSL_BLOCK_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_FREE_FUNC(void, free_func)) -+# define sk_OPENSSL_BLOCK_deep_copy(st, copy_func, free_func) ((STACK_OF(OPENSSL_BLOCK) *)sk_deep_copy(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_COPY_FUNC(void, copy_func), CHECKED_SK_FREE_FUNC(void, free_func))) -+# define sk_OPENSSL_BLOCK_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val), i) -+# define sk_OPENSSL_BLOCK_free(st) SKM_sk_free(OPENSSL_BLOCK, st) -+# define sk_OPENSSL_BLOCK_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_BLOCK, st), i, CHECKED_PTR_OF(void, val)) -+# define sk_OPENSSL_BLOCK_zero(st) SKM_sk_zero(OPENSSL_BLOCK, (st)) -+# define sk_OPENSSL_BLOCK_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val)) -+# define sk_OPENSSL_BLOCK_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_CONST_PTR_OF(void, val)) -+# define sk_OPENSSL_BLOCK_delete(st, i) SKM_sk_delete(OPENSSL_BLOCK, (st), (i)) -+# define sk_OPENSSL_BLOCK_delete_ptr(st, ptr) (OPENSSL_BLOCK *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, ptr)) -+# define sk_OPENSSL_BLOCK_set_cmp_func(st, cmp) \ -+ ((int (*)(const void * const *,const void * const *)) \ -+ sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_CMP_FUNC(void, cmp))) -+# define sk_OPENSSL_BLOCK_dup(st) SKM_sk_dup(OPENSSL_BLOCK, st) -+# define sk_OPENSSL_BLOCK_shift(st) SKM_sk_shift(OPENSSL_BLOCK, (st)) -+# define sk_OPENSSL_BLOCK_pop(st) (void *)sk_pop(CHECKED_STACK_OF(OPENSSL_BLOCK, st)) -+# define sk_OPENSSL_BLOCK_sort(st) SKM_sk_sort(OPENSSL_BLOCK, (st)) -+# define sk_OPENSSL_BLOCK_is_sorted(st) SKM_sk_is_sorted(OPENSSL_BLOCK, (st)) -+# define sk_OPENSSL_PSTRING_new(cmp) ((STACK_OF(OPENSSL_PSTRING) *)sk_new(CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp))) -+# define sk_OPENSSL_PSTRING_new_null() ((STACK_OF(OPENSSL_PSTRING) *)sk_new_null()) -+# define sk_OPENSSL_PSTRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) -+# define sk_OPENSSL_PSTRING_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) -+# define sk_OPENSSL_PSTRING_value(st, i) ((OPENSSL_PSTRING)sk_value(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i)) -+# define sk_OPENSSL_PSTRING_num(st) SKM_sk_num(OPENSSL_PSTRING, st) -+# define sk_OPENSSL_PSTRING_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_FREE_FUNC(OPENSSL_STRING, free_func)) -+# define sk_OPENSSL_PSTRING_deep_copy(st, copy_func, free_func) ((STACK_OF(OPENSSL_PSTRING) *)sk_deep_copy(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_COPY_FUNC(OPENSSL_STRING, copy_func), CHECKED_SK_FREE_FUNC(OPENSSL_STRING, free_func))) -+# define sk_OPENSSL_PSTRING_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val), i) -+# define sk_OPENSSL_PSTRING_free(st) SKM_sk_free(OPENSSL_PSTRING, st) -+# define sk_OPENSSL_PSTRING_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i, CHECKED_PTR_OF(OPENSSL_STRING, val)) -+# define sk_OPENSSL_PSTRING_zero(st) SKM_sk_zero(OPENSSL_PSTRING, (st)) -+# define sk_OPENSSL_PSTRING_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) -+# define sk_OPENSSL_PSTRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_CONST_PTR_OF(OPENSSL_STRING, val)) -+# define sk_OPENSSL_PSTRING_delete(st, i) SKM_sk_delete(OPENSSL_PSTRING, (st), (i)) -+# define sk_OPENSSL_PSTRING_delete_ptr(st, ptr) (OPENSSL_PSTRING *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, ptr)) -+# define sk_OPENSSL_PSTRING_set_cmp_func(st, cmp) \ -+ ((int (*)(const OPENSSL_STRING * const *,const OPENSSL_STRING * const *)) \ -+ sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp))) -+# define sk_OPENSSL_PSTRING_dup(st) SKM_sk_dup(OPENSSL_PSTRING, st) -+# define sk_OPENSSL_PSTRING_shift(st) SKM_sk_shift(OPENSSL_PSTRING, (st)) -+# define sk_OPENSSL_PSTRING_pop(st) (OPENSSL_STRING *)sk_pop(CHECKED_STACK_OF(OPENSSL_PSTRING, st)) -+# define sk_OPENSSL_PSTRING_sort(st) SKM_sk_sort(OPENSSL_PSTRING, (st)) -+# define sk_OPENSSL_PSTRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_PSTRING, (st)) -+# define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -+# define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ SKM_ASN1_SET_OF_i2d(ACCESS_DESCRIPTION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -+# define ASN1_seq_pack_ACCESS_DESCRIPTION(st, i2d_func, buf, len) \ -+ SKM_ASN1_seq_pack(ACCESS_DESCRIPTION, (st), (i2d_func), (buf), (len)) -+# define ASN1_seq_unpack_ACCESS_DESCRIPTION(buf, len, d2i_func, free_func) \ -+ SKM_ASN1_seq_unpack(ACCESS_DESCRIPTION, (buf), (len), (d2i_func), (free_func)) -+# define d2i_ASN1_SET_OF_ASN1_INTEGER(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ SKM_ASN1_SET_OF_d2i(ASN1_INTEGER, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -+# define i2d_ASN1_SET_OF_ASN1_INTEGER(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ SKM_ASN1_SET_OF_i2d(ASN1_INTEGER, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -+# define ASN1_seq_pack_ASN1_INTEGER(st, i2d_func, buf, len) \ -+ SKM_ASN1_seq_pack(ASN1_INTEGER, (st), (i2d_func), (buf), (len)) -+# define ASN1_seq_unpack_ASN1_INTEGER(buf, len, d2i_func, free_func) \ -+ SKM_ASN1_seq_unpack(ASN1_INTEGER, (buf), (len), (d2i_func), (free_func)) -+# define d2i_ASN1_SET_OF_ASN1_OBJECT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ SKM_ASN1_SET_OF_d2i(ASN1_OBJECT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -+# define i2d_ASN1_SET_OF_ASN1_OBJECT(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ SKM_ASN1_SET_OF_i2d(ASN1_OBJECT, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -+# define ASN1_seq_pack_ASN1_OBJECT(st, i2d_func, buf, len) \ -+ SKM_ASN1_seq_pack(ASN1_OBJECT, (st), (i2d_func), (buf), (len)) -+# define ASN1_seq_unpack_ASN1_OBJECT(buf, len, d2i_func, free_func) \ -+ SKM_ASN1_seq_unpack(ASN1_OBJECT, (buf), (len), (d2i_func), (free_func)) -+# define d2i_ASN1_SET_OF_ASN1_TYPE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ SKM_ASN1_SET_OF_d2i(ASN1_TYPE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -+# define i2d_ASN1_SET_OF_ASN1_TYPE(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ SKM_ASN1_SET_OF_i2d(ASN1_TYPE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -+# define ASN1_seq_pack_ASN1_TYPE(st, i2d_func, buf, len) \ -+ SKM_ASN1_seq_pack(ASN1_TYPE, (st), (i2d_func), (buf), (len)) -+# define ASN1_seq_unpack_ASN1_TYPE(buf, len, d2i_func, free_func) \ -+ SKM_ASN1_seq_unpack(ASN1_TYPE, (buf), (len), (d2i_func), (free_func)) -+# define d2i_ASN1_SET_OF_ASN1_UTF8STRING(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ SKM_ASN1_SET_OF_d2i(ASN1_UTF8STRING, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -+# define i2d_ASN1_SET_OF_ASN1_UTF8STRING(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ SKM_ASN1_SET_OF_i2d(ASN1_UTF8STRING, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -+# define ASN1_seq_pack_ASN1_UTF8STRING(st, i2d_func, buf, len) \ -+ SKM_ASN1_seq_pack(ASN1_UTF8STRING, (st), (i2d_func), (buf), (len)) -+# define ASN1_seq_unpack_ASN1_UTF8STRING(buf, len, d2i_func, free_func) \ -+ SKM_ASN1_seq_unpack(ASN1_UTF8STRING, (buf), (len), (d2i_func), (free_func)) -+# define d2i_ASN1_SET_OF_DIST_POINT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ SKM_ASN1_SET_OF_d2i(DIST_POINT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -+# define i2d_ASN1_SET_OF_DIST_POINT(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ SKM_ASN1_SET_OF_i2d(DIST_POINT, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -+# define ASN1_seq_pack_DIST_POINT(st, i2d_func, buf, len) \ -+ SKM_ASN1_seq_pack(DIST_POINT, (st), (i2d_func), (buf), (len)) -+# define ASN1_seq_unpack_DIST_POINT(buf, len, d2i_func, free_func) \ -+ SKM_ASN1_seq_unpack(DIST_POINT, (buf), (len), (d2i_func), (free_func)) -+# define d2i_ASN1_SET_OF_ESS_CERT_ID(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ SKM_ASN1_SET_OF_d2i(ESS_CERT_ID, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -+# define i2d_ASN1_SET_OF_ESS_CERT_ID(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ SKM_ASN1_SET_OF_i2d(ESS_CERT_ID, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -+# define ASN1_seq_pack_ESS_CERT_ID(st, i2d_func, buf, len) \ -+ SKM_ASN1_seq_pack(ESS_CERT_ID, (st), (i2d_func), (buf), (len)) -+# define ASN1_seq_unpack_ESS_CERT_ID(buf, len, d2i_func, free_func) \ -+ SKM_ASN1_seq_unpack(ESS_CERT_ID, (buf), (len), (d2i_func), (free_func)) -+# define d2i_ASN1_SET_OF_EVP_MD(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ SKM_ASN1_SET_OF_d2i(EVP_MD, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -+# define i2d_ASN1_SET_OF_EVP_MD(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ SKM_ASN1_SET_OF_i2d(EVP_MD, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -+# define ASN1_seq_pack_EVP_MD(st, i2d_func, buf, len) \ -+ SKM_ASN1_seq_pack(EVP_MD, (st), (i2d_func), (buf), (len)) -+# define ASN1_seq_unpack_EVP_MD(buf, len, d2i_func, free_func) \ -+ SKM_ASN1_seq_unpack(EVP_MD, (buf), (len), (d2i_func), (free_func)) -+# define d2i_ASN1_SET_OF_GENERAL_NAME(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ SKM_ASN1_SET_OF_d2i(GENERAL_NAME, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -+# define i2d_ASN1_SET_OF_GENERAL_NAME(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ SKM_ASN1_SET_OF_i2d(GENERAL_NAME, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -+# define ASN1_seq_pack_GENERAL_NAME(st, i2d_func, buf, len) \ -+ SKM_ASN1_seq_pack(GENERAL_NAME, (st), (i2d_func), (buf), (len)) -+# define ASN1_seq_unpack_GENERAL_NAME(buf, len, d2i_func, free_func) \ -+ SKM_ASN1_seq_unpack(GENERAL_NAME, (buf), (len), (d2i_func), (free_func)) -+# define d2i_ASN1_SET_OF_OCSP_ONEREQ(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ SKM_ASN1_SET_OF_d2i(OCSP_ONEREQ, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -+# define i2d_ASN1_SET_OF_OCSP_ONEREQ(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ SKM_ASN1_SET_OF_i2d(OCSP_ONEREQ, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -+# define ASN1_seq_pack_OCSP_ONEREQ(st, i2d_func, buf, len) \ -+ SKM_ASN1_seq_pack(OCSP_ONEREQ, (st), (i2d_func), (buf), (len)) -+# define ASN1_seq_unpack_OCSP_ONEREQ(buf, len, d2i_func, free_func) \ -+ SKM_ASN1_seq_unpack(OCSP_ONEREQ, (buf), (len), (d2i_func), (free_func)) -+# define d2i_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ SKM_ASN1_SET_OF_d2i(OCSP_SINGLERESP, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -+# define i2d_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ SKM_ASN1_SET_OF_i2d(OCSP_SINGLERESP, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -+# define ASN1_seq_pack_OCSP_SINGLERESP(st, i2d_func, buf, len) \ -+ SKM_ASN1_seq_pack(OCSP_SINGLERESP, (st), (i2d_func), (buf), (len)) -+# define ASN1_seq_unpack_OCSP_SINGLERESP(buf, len, d2i_func, free_func) \ -+ SKM_ASN1_seq_unpack(OCSP_SINGLERESP, (buf), (len), (d2i_func), (free_func)) -+# define d2i_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ SKM_ASN1_SET_OF_d2i(PKCS12_SAFEBAG, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -+# define i2d_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ SKM_ASN1_SET_OF_i2d(PKCS12_SAFEBAG, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -+# define ASN1_seq_pack_PKCS12_SAFEBAG(st, i2d_func, buf, len) \ -+ SKM_ASN1_seq_pack(PKCS12_SAFEBAG, (st), (i2d_func), (buf), (len)) -+# define ASN1_seq_unpack_PKCS12_SAFEBAG(buf, len, d2i_func, free_func) \ -+ SKM_ASN1_seq_unpack(PKCS12_SAFEBAG, (buf), (len), (d2i_func), (free_func)) -+# define d2i_ASN1_SET_OF_PKCS7(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ SKM_ASN1_SET_OF_d2i(PKCS7, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -+# define i2d_ASN1_SET_OF_PKCS7(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ SKM_ASN1_SET_OF_i2d(PKCS7, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -+# define ASN1_seq_pack_PKCS7(st, i2d_func, buf, len) \ -+ SKM_ASN1_seq_pack(PKCS7, (st), (i2d_func), (buf), (len)) -+# define ASN1_seq_unpack_PKCS7(buf, len, d2i_func, free_func) \ -+ SKM_ASN1_seq_unpack(PKCS7, (buf), (len), (d2i_func), (free_func)) -+# define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ SKM_ASN1_SET_OF_d2i(PKCS7_RECIP_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -+# define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ SKM_ASN1_SET_OF_i2d(PKCS7_RECIP_INFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -+# define ASN1_seq_pack_PKCS7_RECIP_INFO(st, i2d_func, buf, len) \ -+ SKM_ASN1_seq_pack(PKCS7_RECIP_INFO, (st), (i2d_func), (buf), (len)) -+# define ASN1_seq_unpack_PKCS7_RECIP_INFO(buf, len, d2i_func, free_func) \ -+ SKM_ASN1_seq_unpack(PKCS7_RECIP_INFO, (buf), (len), (d2i_func), (free_func)) -+# define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ SKM_ASN1_SET_OF_d2i(PKCS7_SIGNER_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -+# define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ SKM_ASN1_SET_OF_i2d(PKCS7_SIGNER_INFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -+# define ASN1_seq_pack_PKCS7_SIGNER_INFO(st, i2d_func, buf, len) \ -+ SKM_ASN1_seq_pack(PKCS7_SIGNER_INFO, (st), (i2d_func), (buf), (len)) -+# define ASN1_seq_unpack_PKCS7_SIGNER_INFO(buf, len, d2i_func, free_func) \ -+ SKM_ASN1_seq_unpack(PKCS7_SIGNER_INFO, (buf), (len), (d2i_func), (free_func)) -+# define d2i_ASN1_SET_OF_POLICYINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ SKM_ASN1_SET_OF_d2i(POLICYINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -+# define i2d_ASN1_SET_OF_POLICYINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ SKM_ASN1_SET_OF_i2d(POLICYINFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -+# define ASN1_seq_pack_POLICYINFO(st, i2d_func, buf, len) \ -+ SKM_ASN1_seq_pack(POLICYINFO, (st), (i2d_func), (buf), (len)) -+# define ASN1_seq_unpack_POLICYINFO(buf, len, d2i_func, free_func) \ -+ SKM_ASN1_seq_unpack(POLICYINFO, (buf), (len), (d2i_func), (free_func)) -+# define d2i_ASN1_SET_OF_POLICYQUALINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ SKM_ASN1_SET_OF_d2i(POLICYQUALINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -+# define i2d_ASN1_SET_OF_POLICYQUALINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ SKM_ASN1_SET_OF_i2d(POLICYQUALINFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -+# define ASN1_seq_pack_POLICYQUALINFO(st, i2d_func, buf, len) \ -+ SKM_ASN1_seq_pack(POLICYQUALINFO, (st), (i2d_func), (buf), (len)) -+# define ASN1_seq_unpack_POLICYQUALINFO(buf, len, d2i_func, free_func) \ -+ SKM_ASN1_seq_unpack(POLICYQUALINFO, (buf), (len), (d2i_func), (free_func)) -+# define d2i_ASN1_SET_OF_SXNETID(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ SKM_ASN1_SET_OF_d2i(SXNETID, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -+# define i2d_ASN1_SET_OF_SXNETID(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ SKM_ASN1_SET_OF_i2d(SXNETID, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -+# define ASN1_seq_pack_SXNETID(st, i2d_func, buf, len) \ -+ SKM_ASN1_seq_pack(SXNETID, (st), (i2d_func), (buf), (len)) -+# define ASN1_seq_unpack_SXNETID(buf, len, d2i_func, free_func) \ -+ SKM_ASN1_seq_unpack(SXNETID, (buf), (len), (d2i_func), (free_func)) -+# define d2i_ASN1_SET_OF_X509(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ SKM_ASN1_SET_OF_d2i(X509, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -+# define i2d_ASN1_SET_OF_X509(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ SKM_ASN1_SET_OF_i2d(X509, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -+# define ASN1_seq_pack_X509(st, i2d_func, buf, len) \ -+ SKM_ASN1_seq_pack(X509, (st), (i2d_func), (buf), (len)) -+# define ASN1_seq_unpack_X509(buf, len, d2i_func, free_func) \ -+ SKM_ASN1_seq_unpack(X509, (buf), (len), (d2i_func), (free_func)) -+# define d2i_ASN1_SET_OF_X509_ALGOR(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ SKM_ASN1_SET_OF_d2i(X509_ALGOR, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -+# define i2d_ASN1_SET_OF_X509_ALGOR(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ SKM_ASN1_SET_OF_i2d(X509_ALGOR, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -+# define ASN1_seq_pack_X509_ALGOR(st, i2d_func, buf, len) \ -+ SKM_ASN1_seq_pack(X509_ALGOR, (st), (i2d_func), (buf), (len)) -+# define ASN1_seq_unpack_X509_ALGOR(buf, len, d2i_func, free_func) \ -+ SKM_ASN1_seq_unpack(X509_ALGOR, (buf), (len), (d2i_func), (free_func)) -+# define d2i_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ SKM_ASN1_SET_OF_d2i(X509_ATTRIBUTE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -+# define i2d_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ SKM_ASN1_SET_OF_i2d(X509_ATTRIBUTE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -+# define ASN1_seq_pack_X509_ATTRIBUTE(st, i2d_func, buf, len) \ -+ SKM_ASN1_seq_pack(X509_ATTRIBUTE, (st), (i2d_func), (buf), (len)) -+# define ASN1_seq_unpack_X509_ATTRIBUTE(buf, len, d2i_func, free_func) \ -+ SKM_ASN1_seq_unpack(X509_ATTRIBUTE, (buf), (len), (d2i_func), (free_func)) -+# define d2i_ASN1_SET_OF_X509_CRL(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ SKM_ASN1_SET_OF_d2i(X509_CRL, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -+# define i2d_ASN1_SET_OF_X509_CRL(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ SKM_ASN1_SET_OF_i2d(X509_CRL, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -+# define ASN1_seq_pack_X509_CRL(st, i2d_func, buf, len) \ -+ SKM_ASN1_seq_pack(X509_CRL, (st), (i2d_func), (buf), (len)) -+# define ASN1_seq_unpack_X509_CRL(buf, len, d2i_func, free_func) \ -+ SKM_ASN1_seq_unpack(X509_CRL, (buf), (len), (d2i_func), (free_func)) -+# define d2i_ASN1_SET_OF_X509_EXTENSION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ SKM_ASN1_SET_OF_d2i(X509_EXTENSION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -+# define i2d_ASN1_SET_OF_X509_EXTENSION(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ SKM_ASN1_SET_OF_i2d(X509_EXTENSION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -+# define ASN1_seq_pack_X509_EXTENSION(st, i2d_func, buf, len) \ -+ SKM_ASN1_seq_pack(X509_EXTENSION, (st), (i2d_func), (buf), (len)) -+# define ASN1_seq_unpack_X509_EXTENSION(buf, len, d2i_func, free_func) \ -+ SKM_ASN1_seq_unpack(X509_EXTENSION, (buf), (len), (d2i_func), (free_func)) -+# define d2i_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ SKM_ASN1_SET_OF_d2i(X509_NAME_ENTRY, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -+# define i2d_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ SKM_ASN1_SET_OF_i2d(X509_NAME_ENTRY, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -+# define ASN1_seq_pack_X509_NAME_ENTRY(st, i2d_func, buf, len) \ -+ SKM_ASN1_seq_pack(X509_NAME_ENTRY, (st), (i2d_func), (buf), (len)) -+# define ASN1_seq_unpack_X509_NAME_ENTRY(buf, len, d2i_func, free_func) \ -+ SKM_ASN1_seq_unpack(X509_NAME_ENTRY, (buf), (len), (d2i_func), (free_func)) -+# define d2i_ASN1_SET_OF_X509_REVOKED(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ SKM_ASN1_SET_OF_d2i(X509_REVOKED, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -+# define i2d_ASN1_SET_OF_X509_REVOKED(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ SKM_ASN1_SET_OF_i2d(X509_REVOKED, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -+# define ASN1_seq_pack_X509_REVOKED(st, i2d_func, buf, len) \ -+ SKM_ASN1_seq_pack(X509_REVOKED, (st), (i2d_func), (buf), (len)) -+# define ASN1_seq_unpack_X509_REVOKED(buf, len, d2i_func, free_func) \ -+ SKM_ASN1_seq_unpack(X509_REVOKED, (buf), (len), (d2i_func), (free_func)) -+# define PKCS12_decrypt_d2i_PKCS12_SAFEBAG(algor, d2i_func, free_func, pass, passlen, oct, seq) \ -+ SKM_PKCS12_decrypt_d2i(PKCS12_SAFEBAG, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq)) -+# define PKCS12_decrypt_d2i_PKCS7(algor, d2i_func, free_func, pass, passlen, oct, seq) \ -+ SKM_PKCS12_decrypt_d2i(PKCS7, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq)) -+# define lh_ADDED_OBJ_new() LHM_lh_new(ADDED_OBJ,added_obj) -+# define lh_ADDED_OBJ_insert(lh,inst) LHM_lh_insert(ADDED_OBJ,lh,inst) -+# define lh_ADDED_OBJ_retrieve(lh,inst) LHM_lh_retrieve(ADDED_OBJ,lh,inst) -+# define lh_ADDED_OBJ_delete(lh,inst) LHM_lh_delete(ADDED_OBJ,lh,inst) -+# define lh_ADDED_OBJ_doall(lh,fn) LHM_lh_doall(ADDED_OBJ,lh,fn) -+# define lh_ADDED_OBJ_doall_arg(lh,fn,arg_type,arg) \ -+ LHM_lh_doall_arg(ADDED_OBJ,lh,fn,arg_type,arg) -+# define lh_ADDED_OBJ_error(lh) LHM_lh_error(ADDED_OBJ,lh) -+# define lh_ADDED_OBJ_num_items(lh) LHM_lh_num_items(ADDED_OBJ,lh) -+# define lh_ADDED_OBJ_down_load(lh) LHM_lh_down_load(ADDED_OBJ,lh) -+# define lh_ADDED_OBJ_node_stats_bio(lh,out) \ -+ LHM_lh_node_stats_bio(ADDED_OBJ,lh,out) -+# define lh_ADDED_OBJ_node_usage_stats_bio(lh,out) \ -+ LHM_lh_node_usage_stats_bio(ADDED_OBJ,lh,out) -+# define lh_ADDED_OBJ_stats_bio(lh,out) \ -+ LHM_lh_stats_bio(ADDED_OBJ,lh,out) -+# define lh_ADDED_OBJ_free(lh) LHM_lh_free(ADDED_OBJ,lh) -+# define lh_APP_INFO_new() LHM_lh_new(APP_INFO,app_info) -+# define lh_APP_INFO_insert(lh,inst) LHM_lh_insert(APP_INFO,lh,inst) -+# define lh_APP_INFO_retrieve(lh,inst) LHM_lh_retrieve(APP_INFO,lh,inst) -+# define lh_APP_INFO_delete(lh,inst) LHM_lh_delete(APP_INFO,lh,inst) -+# define lh_APP_INFO_doall(lh,fn) LHM_lh_doall(APP_INFO,lh,fn) -+# define lh_APP_INFO_doall_arg(lh,fn,arg_type,arg) \ -+ LHM_lh_doall_arg(APP_INFO,lh,fn,arg_type,arg) -+# define lh_APP_INFO_error(lh) LHM_lh_error(APP_INFO,lh) -+# define lh_APP_INFO_num_items(lh) LHM_lh_num_items(APP_INFO,lh) -+# define lh_APP_INFO_down_load(lh) LHM_lh_down_load(APP_INFO,lh) -+# define lh_APP_INFO_node_stats_bio(lh,out) \ -+ LHM_lh_node_stats_bio(APP_INFO,lh,out) -+# define lh_APP_INFO_node_usage_stats_bio(lh,out) \ -+ LHM_lh_node_usage_stats_bio(APP_INFO,lh,out) -+# define lh_APP_INFO_stats_bio(lh,out) \ -+ LHM_lh_stats_bio(APP_INFO,lh,out) -+# define lh_APP_INFO_free(lh) LHM_lh_free(APP_INFO,lh) -+# define lh_CONF_VALUE_new() LHM_lh_new(CONF_VALUE,conf_value) -+# define lh_CONF_VALUE_insert(lh,inst) LHM_lh_insert(CONF_VALUE,lh,inst) -+# define lh_CONF_VALUE_retrieve(lh,inst) LHM_lh_retrieve(CONF_VALUE,lh,inst) -+# define lh_CONF_VALUE_delete(lh,inst) LHM_lh_delete(CONF_VALUE,lh,inst) -+# define lh_CONF_VALUE_doall(lh,fn) LHM_lh_doall(CONF_VALUE,lh,fn) -+# define lh_CONF_VALUE_doall_arg(lh,fn,arg_type,arg) \ -+ LHM_lh_doall_arg(CONF_VALUE,lh,fn,arg_type,arg) -+# define lh_CONF_VALUE_error(lh) LHM_lh_error(CONF_VALUE,lh) -+# define lh_CONF_VALUE_num_items(lh) LHM_lh_num_items(CONF_VALUE,lh) -+# define lh_CONF_VALUE_down_load(lh) LHM_lh_down_load(CONF_VALUE,lh) -+# define lh_CONF_VALUE_node_stats_bio(lh,out) \ -+ LHM_lh_node_stats_bio(CONF_VALUE,lh,out) -+# define lh_CONF_VALUE_node_usage_stats_bio(lh,out) \ -+ LHM_lh_node_usage_stats_bio(CONF_VALUE,lh,out) -+# define lh_CONF_VALUE_stats_bio(lh,out) \ -+ LHM_lh_stats_bio(CONF_VALUE,lh,out) -+# define lh_CONF_VALUE_free(lh) LHM_lh_free(CONF_VALUE,lh) -+# define lh_ENGINE_PILE_new() LHM_lh_new(ENGINE_PILE,engine_pile) -+# define lh_ENGINE_PILE_insert(lh,inst) LHM_lh_insert(ENGINE_PILE,lh,inst) -+# define lh_ENGINE_PILE_retrieve(lh,inst) LHM_lh_retrieve(ENGINE_PILE,lh,inst) -+# define lh_ENGINE_PILE_delete(lh,inst) LHM_lh_delete(ENGINE_PILE,lh,inst) -+# define lh_ENGINE_PILE_doall(lh,fn) LHM_lh_doall(ENGINE_PILE,lh,fn) -+# define lh_ENGINE_PILE_doall_arg(lh,fn,arg_type,arg) \ -+ LHM_lh_doall_arg(ENGINE_PILE,lh,fn,arg_type,arg) -+# define lh_ENGINE_PILE_error(lh) LHM_lh_error(ENGINE_PILE,lh) -+# define lh_ENGINE_PILE_num_items(lh) LHM_lh_num_items(ENGINE_PILE,lh) -+# define lh_ENGINE_PILE_down_load(lh) LHM_lh_down_load(ENGINE_PILE,lh) -+# define lh_ENGINE_PILE_node_stats_bio(lh,out) \ -+ LHM_lh_node_stats_bio(ENGINE_PILE,lh,out) -+# define lh_ENGINE_PILE_node_usage_stats_bio(lh,out) \ -+ LHM_lh_node_usage_stats_bio(ENGINE_PILE,lh,out) -+# define lh_ENGINE_PILE_stats_bio(lh,out) \ -+ LHM_lh_stats_bio(ENGINE_PILE,lh,out) -+# define lh_ENGINE_PILE_free(lh) LHM_lh_free(ENGINE_PILE,lh) -+# define lh_ERR_STATE_new() LHM_lh_new(ERR_STATE,err_state) -+# define lh_ERR_STATE_insert(lh,inst) LHM_lh_insert(ERR_STATE,lh,inst) -+# define lh_ERR_STATE_retrieve(lh,inst) LHM_lh_retrieve(ERR_STATE,lh,inst) -+# define lh_ERR_STATE_delete(lh,inst) LHM_lh_delete(ERR_STATE,lh,inst) -+# define lh_ERR_STATE_doall(lh,fn) LHM_lh_doall(ERR_STATE,lh,fn) -+# define lh_ERR_STATE_doall_arg(lh,fn,arg_type,arg) \ -+ LHM_lh_doall_arg(ERR_STATE,lh,fn,arg_type,arg) -+# define lh_ERR_STATE_error(lh) LHM_lh_error(ERR_STATE,lh) -+# define lh_ERR_STATE_num_items(lh) LHM_lh_num_items(ERR_STATE,lh) -+# define lh_ERR_STATE_down_load(lh) LHM_lh_down_load(ERR_STATE,lh) -+# define lh_ERR_STATE_node_stats_bio(lh,out) \ -+ LHM_lh_node_stats_bio(ERR_STATE,lh,out) -+# define lh_ERR_STATE_node_usage_stats_bio(lh,out) \ -+ LHM_lh_node_usage_stats_bio(ERR_STATE,lh,out) -+# define lh_ERR_STATE_stats_bio(lh,out) \ -+ LHM_lh_stats_bio(ERR_STATE,lh,out) -+# define lh_ERR_STATE_free(lh) LHM_lh_free(ERR_STATE,lh) -+# define lh_ERR_STRING_DATA_new() LHM_lh_new(ERR_STRING_DATA,err_string_data) -+# define lh_ERR_STRING_DATA_insert(lh,inst) LHM_lh_insert(ERR_STRING_DATA,lh,inst) -+# define lh_ERR_STRING_DATA_retrieve(lh,inst) LHM_lh_retrieve(ERR_STRING_DATA,lh,inst) -+# define lh_ERR_STRING_DATA_delete(lh,inst) LHM_lh_delete(ERR_STRING_DATA,lh,inst) -+# define lh_ERR_STRING_DATA_doall(lh,fn) LHM_lh_doall(ERR_STRING_DATA,lh,fn) -+# define lh_ERR_STRING_DATA_doall_arg(lh,fn,arg_type,arg) \ -+ LHM_lh_doall_arg(ERR_STRING_DATA,lh,fn,arg_type,arg) -+# define lh_ERR_STRING_DATA_error(lh) LHM_lh_error(ERR_STRING_DATA,lh) -+# define lh_ERR_STRING_DATA_num_items(lh) LHM_lh_num_items(ERR_STRING_DATA,lh) -+# define lh_ERR_STRING_DATA_down_load(lh) LHM_lh_down_load(ERR_STRING_DATA,lh) -+# define lh_ERR_STRING_DATA_node_stats_bio(lh,out) \ -+ LHM_lh_node_stats_bio(ERR_STRING_DATA,lh,out) -+# define lh_ERR_STRING_DATA_node_usage_stats_bio(lh,out) \ -+ LHM_lh_node_usage_stats_bio(ERR_STRING_DATA,lh,out) -+# define lh_ERR_STRING_DATA_stats_bio(lh,out) \ -+ LHM_lh_stats_bio(ERR_STRING_DATA,lh,out) -+# define lh_ERR_STRING_DATA_free(lh) LHM_lh_free(ERR_STRING_DATA,lh) -+# define lh_EX_CLASS_ITEM_new() LHM_lh_new(EX_CLASS_ITEM,ex_class_item) -+# define lh_EX_CLASS_ITEM_insert(lh,inst) LHM_lh_insert(EX_CLASS_ITEM,lh,inst) -+# define lh_EX_CLASS_ITEM_retrieve(lh,inst) LHM_lh_retrieve(EX_CLASS_ITEM,lh,inst) -+# define lh_EX_CLASS_ITEM_delete(lh,inst) LHM_lh_delete(EX_CLASS_ITEM,lh,inst) -+# define lh_EX_CLASS_ITEM_doall(lh,fn) LHM_lh_doall(EX_CLASS_ITEM,lh,fn) -+# define lh_EX_CLASS_ITEM_doall_arg(lh,fn,arg_type,arg) \ -+ LHM_lh_doall_arg(EX_CLASS_ITEM,lh,fn,arg_type,arg) -+# define lh_EX_CLASS_ITEM_error(lh) LHM_lh_error(EX_CLASS_ITEM,lh) -+# define lh_EX_CLASS_ITEM_num_items(lh) LHM_lh_num_items(EX_CLASS_ITEM,lh) -+# define lh_EX_CLASS_ITEM_down_load(lh) LHM_lh_down_load(EX_CLASS_ITEM,lh) -+# define lh_EX_CLASS_ITEM_node_stats_bio(lh,out) \ -+ LHM_lh_node_stats_bio(EX_CLASS_ITEM,lh,out) -+# define lh_EX_CLASS_ITEM_node_usage_stats_bio(lh,out) \ -+ LHM_lh_node_usage_stats_bio(EX_CLASS_ITEM,lh,out) -+# define lh_EX_CLASS_ITEM_stats_bio(lh,out) \ -+ LHM_lh_stats_bio(EX_CLASS_ITEM,lh,out) -+# define lh_EX_CLASS_ITEM_free(lh) LHM_lh_free(EX_CLASS_ITEM,lh) -+# define lh_FUNCTION_new() LHM_lh_new(FUNCTION,function) -+# define lh_FUNCTION_insert(lh,inst) LHM_lh_insert(FUNCTION,lh,inst) -+# define lh_FUNCTION_retrieve(lh,inst) LHM_lh_retrieve(FUNCTION,lh,inst) -+# define lh_FUNCTION_delete(lh,inst) LHM_lh_delete(FUNCTION,lh,inst) -+# define lh_FUNCTION_doall(lh,fn) LHM_lh_doall(FUNCTION,lh,fn) -+# define lh_FUNCTION_doall_arg(lh,fn,arg_type,arg) \ -+ LHM_lh_doall_arg(FUNCTION,lh,fn,arg_type,arg) -+# define lh_FUNCTION_error(lh) LHM_lh_error(FUNCTION,lh) -+# define lh_FUNCTION_num_items(lh) LHM_lh_num_items(FUNCTION,lh) -+# define lh_FUNCTION_down_load(lh) LHM_lh_down_load(FUNCTION,lh) -+# define lh_FUNCTION_node_stats_bio(lh,out) \ -+ LHM_lh_node_stats_bio(FUNCTION,lh,out) -+# define lh_FUNCTION_node_usage_stats_bio(lh,out) \ -+ LHM_lh_node_usage_stats_bio(FUNCTION,lh,out) -+# define lh_FUNCTION_stats_bio(lh,out) \ -+ LHM_lh_stats_bio(FUNCTION,lh,out) -+# define lh_FUNCTION_free(lh) LHM_lh_free(FUNCTION,lh) -+# define lh_MEM_new() LHM_lh_new(MEM,mem) -+# define lh_MEM_insert(lh,inst) LHM_lh_insert(MEM,lh,inst) -+# define lh_MEM_retrieve(lh,inst) LHM_lh_retrieve(MEM,lh,inst) -+# define lh_MEM_delete(lh,inst) LHM_lh_delete(MEM,lh,inst) -+# define lh_MEM_doall(lh,fn) LHM_lh_doall(MEM,lh,fn) -+# define lh_MEM_doall_arg(lh,fn,arg_type,arg) \ -+ LHM_lh_doall_arg(MEM,lh,fn,arg_type,arg) -+# define lh_MEM_error(lh) LHM_lh_error(MEM,lh) -+# define lh_MEM_num_items(lh) LHM_lh_num_items(MEM,lh) -+# define lh_MEM_down_load(lh) LHM_lh_down_load(MEM,lh) -+# define lh_MEM_node_stats_bio(lh,out) \ -+ LHM_lh_node_stats_bio(MEM,lh,out) -+# define lh_MEM_node_usage_stats_bio(lh,out) \ -+ LHM_lh_node_usage_stats_bio(MEM,lh,out) -+# define lh_MEM_stats_bio(lh,out) \ -+ LHM_lh_stats_bio(MEM,lh,out) -+# define lh_MEM_free(lh) LHM_lh_free(MEM,lh) -+# define lh_OBJ_NAME_new() LHM_lh_new(OBJ_NAME,obj_name) -+# define lh_OBJ_NAME_insert(lh,inst) LHM_lh_insert(OBJ_NAME,lh,inst) -+# define lh_OBJ_NAME_retrieve(lh,inst) LHM_lh_retrieve(OBJ_NAME,lh,inst) -+# define lh_OBJ_NAME_delete(lh,inst) LHM_lh_delete(OBJ_NAME,lh,inst) -+# define lh_OBJ_NAME_doall(lh,fn) LHM_lh_doall(OBJ_NAME,lh,fn) -+# define lh_OBJ_NAME_doall_arg(lh,fn,arg_type,arg) \ -+ LHM_lh_doall_arg(OBJ_NAME,lh,fn,arg_type,arg) -+# define lh_OBJ_NAME_error(lh) LHM_lh_error(OBJ_NAME,lh) -+# define lh_OBJ_NAME_num_items(lh) LHM_lh_num_items(OBJ_NAME,lh) -+# define lh_OBJ_NAME_down_load(lh) LHM_lh_down_load(OBJ_NAME,lh) -+# define lh_OBJ_NAME_node_stats_bio(lh,out) \ -+ LHM_lh_node_stats_bio(OBJ_NAME,lh,out) -+# define lh_OBJ_NAME_node_usage_stats_bio(lh,out) \ -+ LHM_lh_node_usage_stats_bio(OBJ_NAME,lh,out) -+# define lh_OBJ_NAME_stats_bio(lh,out) \ -+ LHM_lh_stats_bio(OBJ_NAME,lh,out) -+# define lh_OBJ_NAME_free(lh) LHM_lh_free(OBJ_NAME,lh) -+# define lh_OPENSSL_CSTRING_new() LHM_lh_new(OPENSSL_CSTRING,openssl_cstring) -+# define lh_OPENSSL_CSTRING_insert(lh,inst) LHM_lh_insert(OPENSSL_CSTRING,lh,inst) -+# define lh_OPENSSL_CSTRING_retrieve(lh,inst) LHM_lh_retrieve(OPENSSL_CSTRING,lh,inst) -+# define lh_OPENSSL_CSTRING_delete(lh,inst) LHM_lh_delete(OPENSSL_CSTRING,lh,inst) -+# define lh_OPENSSL_CSTRING_doall(lh,fn) LHM_lh_doall(OPENSSL_CSTRING,lh,fn) -+# define lh_OPENSSL_CSTRING_doall_arg(lh,fn,arg_type,arg) \ -+ LHM_lh_doall_arg(OPENSSL_CSTRING,lh,fn,arg_type,arg) -+# define lh_OPENSSL_CSTRING_error(lh) LHM_lh_error(OPENSSL_CSTRING,lh) -+# define lh_OPENSSL_CSTRING_num_items(lh) LHM_lh_num_items(OPENSSL_CSTRING,lh) -+# define lh_OPENSSL_CSTRING_down_load(lh) LHM_lh_down_load(OPENSSL_CSTRING,lh) -+# define lh_OPENSSL_CSTRING_node_stats_bio(lh,out) \ -+ LHM_lh_node_stats_bio(OPENSSL_CSTRING,lh,out) -+# define lh_OPENSSL_CSTRING_node_usage_stats_bio(lh,out) \ -+ LHM_lh_node_usage_stats_bio(OPENSSL_CSTRING,lh,out) -+# define lh_OPENSSL_CSTRING_stats_bio(lh,out) \ -+ LHM_lh_stats_bio(OPENSSL_CSTRING,lh,out) -+# define lh_OPENSSL_CSTRING_free(lh) LHM_lh_free(OPENSSL_CSTRING,lh) -+# define lh_OPENSSL_STRING_new() LHM_lh_new(OPENSSL_STRING,openssl_string) -+# define lh_OPENSSL_STRING_insert(lh,inst) LHM_lh_insert(OPENSSL_STRING,lh,inst) -+# define lh_OPENSSL_STRING_retrieve(lh,inst) LHM_lh_retrieve(OPENSSL_STRING,lh,inst) -+# define lh_OPENSSL_STRING_delete(lh,inst) LHM_lh_delete(OPENSSL_STRING,lh,inst) -+# define lh_OPENSSL_STRING_doall(lh,fn) LHM_lh_doall(OPENSSL_STRING,lh,fn) -+# define lh_OPENSSL_STRING_doall_arg(lh,fn,arg_type,arg) \ -+ LHM_lh_doall_arg(OPENSSL_STRING,lh,fn,arg_type,arg) -+# define lh_OPENSSL_STRING_error(lh) LHM_lh_error(OPENSSL_STRING,lh) -+# define lh_OPENSSL_STRING_num_items(lh) LHM_lh_num_items(OPENSSL_STRING,lh) -+# define lh_OPENSSL_STRING_down_load(lh) LHM_lh_down_load(OPENSSL_STRING,lh) -+# define lh_OPENSSL_STRING_node_stats_bio(lh,out) \ -+ LHM_lh_node_stats_bio(OPENSSL_STRING,lh,out) -+# define lh_OPENSSL_STRING_node_usage_stats_bio(lh,out) \ -+ LHM_lh_node_usage_stats_bio(OPENSSL_STRING,lh,out) -+# define lh_OPENSSL_STRING_stats_bio(lh,out) \ -+ LHM_lh_stats_bio(OPENSSL_STRING,lh,out) -+# define lh_OPENSSL_STRING_free(lh) LHM_lh_free(OPENSSL_STRING,lh) -+# define lh_SSL_SESSION_new() LHM_lh_new(SSL_SESSION,ssl_session) -+# define lh_SSL_SESSION_insert(lh,inst) LHM_lh_insert(SSL_SESSION,lh,inst) -+# define lh_SSL_SESSION_retrieve(lh,inst) LHM_lh_retrieve(SSL_SESSION,lh,inst) -+# define lh_SSL_SESSION_delete(lh,inst) LHM_lh_delete(SSL_SESSION,lh,inst) -+# define lh_SSL_SESSION_doall(lh,fn) LHM_lh_doall(SSL_SESSION,lh,fn) -+# define lh_SSL_SESSION_doall_arg(lh,fn,arg_type,arg) \ -+ LHM_lh_doall_arg(SSL_SESSION,lh,fn,arg_type,arg) -+# define lh_SSL_SESSION_error(lh) LHM_lh_error(SSL_SESSION,lh) -+# define lh_SSL_SESSION_num_items(lh) LHM_lh_num_items(SSL_SESSION,lh) -+# define lh_SSL_SESSION_down_load(lh) LHM_lh_down_load(SSL_SESSION,lh) -+# define lh_SSL_SESSION_node_stats_bio(lh,out) \ -+ LHM_lh_node_stats_bio(SSL_SESSION,lh,out) -+# define lh_SSL_SESSION_node_usage_stats_bio(lh,out) \ -+ LHM_lh_node_usage_stats_bio(SSL_SESSION,lh,out) -+# define lh_SSL_SESSION_stats_bio(lh,out) \ -+ LHM_lh_stats_bio(SSL_SESSION,lh,out) -+# define lh_SSL_SESSION_free(lh) LHM_lh_free(SSL_SESSION,lh) -+#ifdef __cplusplus - } --# endif - #endif -+#endif /* !defined HEADER_SAFESTACK_H */ -diff --git a/Cryptlib/Include/openssl/seed.h b/Cryptlib/Include/openssl/seed.h -index bb97131..8cbf0d9 100644 ---- a/Cryptlib/Include/openssl/seed.h -+++ b/Cryptlib/Include/openssl/seed.h -@@ -1,12 +1,3 @@ --/* -- * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- - /* - * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved. - * -@@ -30,20 +21,72 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -+ * -+ */ -+/* ==================================================================== -+ * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * - */ - - #ifndef HEADER_SEED_H - # define HEADER_SEED_H - - # include -- --# ifndef OPENSSL_NO_SEED - # include - # include - --#ifdef __cplusplus --extern "C" { --#endif -+# ifdef OPENSSL_NO_SEED -+# error SEED is disabled. -+# endif - - /* look whether we need 'long' to get 32 bits */ - # ifdef AES_LONG -@@ -59,6 +102,11 @@ extern "C" { - # define SEED_BLOCK_SIZE 16 - # define SEED_KEY_LENGTH 16 - -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ - typedef struct seed_key_st { - # ifdef SEED_LONG - unsigned long data[32]; -@@ -67,6 +115,10 @@ typedef struct seed_key_st { - # endif - } SEED_KEY_SCHEDULE; - -+# ifdef OPENSSL_FIPS -+void private_SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], -+ SEED_KEY_SCHEDULE *ks); -+# endif - void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], - SEED_KEY_SCHEDULE *ks); - -@@ -90,9 +142,8 @@ void SEED_ofb128_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const SEED_KEY_SCHEDULE *ks, - unsigned char ivec[SEED_BLOCK_SIZE], int *num); - --# ifdef __cplusplus -+#ifdef __cplusplus - } --# endif --# endif -- - #endif -+ -+#endif /* HEADER_SEED_H */ -diff --git a/Cryptlib/Include/openssl/sha.h b/Cryptlib/Include/openssl/sha.h -index 6a1eb0d..e5169e4 100644 ---- a/Cryptlib/Include/openssl/sha.h -+++ b/Cryptlib/Include/openssl/sha.h -@@ -1,10 +1,59 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/sha/sha.h */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #ifndef HEADER_SHA_H -@@ -17,12 +66,29 @@ - extern "C" { - #endif - -+# if defined(OPENSSL_NO_SHA) || (defined(OPENSSL_NO_SHA0) && defined(OPENSSL_NO_SHA1)) -+# error SHA is disabled. -+# endif -+ -+# if defined(OPENSSL_FIPS) -+# define FIPS_SHA_SIZE_T size_t -+# endif -+ - /*- - * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -- * ! SHA_LONG has to be at least 32 bits wide. ! -+ * ! SHA_LONG has to be at least 32 bits wide. If it's wider, then ! -+ * ! SHA_LONG_LOG2 has to be defined along. ! - * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! - */ --# define SHA_LONG unsigned int -+ -+# if defined(__LP32__) -+# define SHA_LONG unsigned long -+# elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) -+# define SHA_LONG unsigned long -+# define SHA_LONG_LOG2 3 -+# else -+# define SHA_LONG unsigned int -+# endif - - # define SHA_LBLOCK 16 - # define SHA_CBLOCK (SHA_LBLOCK*4)/* SHA treats input data as a -@@ -38,15 +104,32 @@ typedef struct SHAstate_st { - unsigned int num; - } SHA_CTX; - -+# ifndef OPENSSL_NO_SHA0 -+# ifdef OPENSSL_FIPS -+int private_SHA_Init(SHA_CTX *c); -+# endif -+int SHA_Init(SHA_CTX *c); -+int SHA_Update(SHA_CTX *c, const void *data, size_t len); -+int SHA_Final(unsigned char *md, SHA_CTX *c); -+unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md); -+void SHA_Transform(SHA_CTX *c, const unsigned char *data); -+# endif -+# ifndef OPENSSL_NO_SHA1 -+# ifdef OPENSSL_FIPS -+int private_SHA1_Init(SHA_CTX *c); -+# endif - int SHA1_Init(SHA_CTX *c); - int SHA1_Update(SHA_CTX *c, const void *data, size_t len); - int SHA1_Final(unsigned char *md, SHA_CTX *c); - unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md); - void SHA1_Transform(SHA_CTX *c, const unsigned char *data); -+# endif - - # define SHA256_CBLOCK (SHA_LBLOCK*4)/* SHA-256 treats input data as a - * contiguous array of 32 bit wide - * big-endian values. */ -+# define SHA224_DIGEST_LENGTH 28 -+# define SHA256_DIGEST_LENGTH 32 - - typedef struct SHA256state_st { - SHA_LONG h[8]; -@@ -55,6 +138,11 @@ typedef struct SHA256state_st { - unsigned int num, md_len; - } SHA256_CTX; - -+# ifndef OPENSSL_NO_SHA256 -+# ifdef OPENSSL_FIPS -+int private_SHA224_Init(SHA256_CTX *c); -+int private_SHA256_Init(SHA256_CTX *c); -+# endif - int SHA224_Init(SHA256_CTX *c); - int SHA224_Update(SHA256_CTX *c, const void *data, size_t len); - int SHA224_Final(unsigned char *md, SHA256_CTX *c); -@@ -64,12 +152,12 @@ int SHA256_Update(SHA256_CTX *c, const void *data, size_t len); - int SHA256_Final(unsigned char *md, SHA256_CTX *c); - unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md); - void SHA256_Transform(SHA256_CTX *c, const unsigned char *data); -+# endif - --# define SHA224_DIGEST_LENGTH 28 --# define SHA256_DIGEST_LENGTH 32 - # define SHA384_DIGEST_LENGTH 48 - # define SHA512_DIGEST_LENGTH 64 - -+# ifndef OPENSSL_NO_SHA512 - /* - * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64 - * being exactly 64-bit wide. See Implementation Notes in sha512.c -@@ -80,17 +168,17 @@ void SHA256_Transform(SHA256_CTX *c, const unsigned char *data); - * contiguous array of 64 bit - * wide big-endian values. - */ --# define SHA512_CBLOCK (SHA_LBLOCK*8) --# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) --# define SHA_LONG64 unsigned __int64 --# define U64(C) C##UI64 --# elif defined(__arch64__) --# define SHA_LONG64 unsigned long --# define U64(C) C##UL --# else --# define SHA_LONG64 unsigned long long --# define U64(C) C##ULL --# endif -+# define SHA512_CBLOCK (SHA_LBLOCK*8) -+# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) -+# define SHA_LONG64 unsigned __int64 -+# define U64(C) C##UI64 -+# elif defined(__arch64__) -+# define SHA_LONG64 unsigned long -+# define U64(C) C##UL -+# else -+# define SHA_LONG64 unsigned long long -+# define U64(C) C##ULL -+# endif - - typedef struct SHA512state_st { - SHA_LONG64 h[8]; -@@ -101,7 +189,13 @@ typedef struct SHA512state_st { - } u; - unsigned int num, md_len; - } SHA512_CTX; -+# endif - -+# ifndef OPENSSL_NO_SHA512 -+# ifdef OPENSSL_FIPS -+int private_SHA384_Init(SHA512_CTX *c); -+int private_SHA512_Init(SHA512_CTX *c); -+# endif - int SHA384_Init(SHA512_CTX *c); - int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); - int SHA384_Final(unsigned char *md, SHA512_CTX *c); -@@ -111,6 +205,7 @@ int SHA512_Update(SHA512_CTX *c, const void *data, size_t len); - int SHA512_Final(unsigned char *md, SHA512_CTX *c); - unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md); - void SHA512_Transform(SHA512_CTX *c, const unsigned char *data); -+# endif - - #ifdef __cplusplus - } -diff --git a/Cryptlib/Include/openssl/srp.h b/Cryptlib/Include/openssl/srp.h -index f2b6ec7..4ed4bfe 100644 ---- a/Cryptlib/Include/openssl/srp.h -+++ b/Cryptlib/Include/openssl/srp.h -@@ -1,27 +1,77 @@ -+/* crypto/srp/srp.h */ - /* -- * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Christophe Renou (christophe.renou@edelweb.fr) with the -+ * precious help of Peter Sylvester (peter.sylvester@edelweb.fr) for the -+ * EdelKey project and contributed to the OpenSSL project 2004. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ -+#ifndef __SRP_H__ -+# define __SRP_H__ - --#ifndef HEADER_SRP_H --# define HEADER_SRP_H -- --#include -+# ifndef OPENSSL_NO_SRP - --#ifndef OPENSSL_NO_SRP --# include --# include --# include --# include --# include -+# include -+# include - --# ifdef __cplusplus -+#ifdef __cplusplus - extern "C" { --# endif -+#endif -+ -+# include -+# include -+# include - - typedef struct SRP_gN_cache_st { - char *b64_bn; -@@ -29,7 +79,7 @@ typedef struct SRP_gN_cache_st { - } SRP_gN_cache; - - --DEFINE_STACK_OF(SRP_gN_cache) -+DECLARE_STACK_OF(SRP_gN_cache) - - typedef struct SRP_user_pwd_st { - /* Owned by us. */ -@@ -43,89 +93,89 @@ typedef struct SRP_user_pwd_st { - char *info; - } SRP_user_pwd; - --void SRP_user_pwd_free(SRP_user_pwd *user_pwd); -+DECLARE_STACK_OF(SRP_user_pwd) - --DEFINE_STACK_OF(SRP_user_pwd) -+void SRP_user_pwd_free(SRP_user_pwd *user_pwd); - - typedef struct SRP_VBASE_st { - STACK_OF(SRP_user_pwd) *users_pwd; - STACK_OF(SRP_gN_cache) *gN_cache; - /* to simulate a user */ - char *seed_key; -- const BIGNUM *default_g; -- const BIGNUM *default_N; -+ BIGNUM *default_g; -+ BIGNUM *default_N; - } SRP_VBASE; - - /* -- * Internal structure storing N and g pair -+ * Structure interne pour retenir les couples N et g - */ - typedef struct SRP_gN_st { - char *id; -- const BIGNUM *g; -- const BIGNUM *N; -+ BIGNUM *g; -+ BIGNUM *N; - } SRP_gN; - --DEFINE_STACK_OF(SRP_gN) -+DECLARE_STACK_OF(SRP_gN) - - SRP_VBASE *SRP_VBASE_new(char *seed_key); --void SRP_VBASE_free(SRP_VBASE *vb); -+int SRP_VBASE_free(SRP_VBASE *vb); -+#ifndef OPENSSL_NO_STDIO - int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file); -+#endif - - /* This method ignores the configured seed and fails for an unknown user. */ --DEPRECATEDIN_1_1_0(SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username)) -+SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username); - /* NOTE: unlike in SRP_VBASE_get_by_user, caller owns the returned pointer.*/ - SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username); - - char *SRP_create_verifier(const char *user, const char *pass, char **salt, - char **verifier, const char *N, const char *g); - int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, -- BIGNUM **verifier, const BIGNUM *N, -- const BIGNUM *g); -- --# define SRP_NO_ERROR 0 --# define SRP_ERR_VBASE_INCOMPLETE_FILE 1 --# define SRP_ERR_VBASE_BN_LIB 2 --# define SRP_ERR_OPEN_FILE 3 --# define SRP_ERR_MEMORY 4 -- --# define DB_srptype 0 --# define DB_srpverifier 1 --# define DB_srpsalt 2 --# define DB_srpid 3 --# define DB_srpgN 4 --# define DB_srpinfo 5 --# undef DB_NUMBER --# define DB_NUMBER 6 -- --# define DB_SRP_INDEX 'I' --# define DB_SRP_VALID 'V' --# define DB_SRP_REVOKED 'R' --# define DB_SRP_MODIF 'v' -+ BIGNUM **verifier, BIGNUM *N, BIGNUM *g); -+ -+# define SRP_NO_ERROR 0 -+# define SRP_ERR_VBASE_INCOMPLETE_FILE 1 -+# define SRP_ERR_VBASE_BN_LIB 2 -+# define SRP_ERR_OPEN_FILE 3 -+# define SRP_ERR_MEMORY 4 -+ -+# define DB_srptype 0 -+# define DB_srpverifier 1 -+# define DB_srpsalt 2 -+# define DB_srpid 3 -+# define DB_srpgN 4 -+# define DB_srpinfo 5 -+# undef DB_NUMBER -+# define DB_NUMBER 6 -+ -+# define DB_SRP_INDEX 'I' -+# define DB_SRP_VALID 'V' -+# define DB_SRP_REVOKED 'R' -+# define DB_SRP_MODIF 'v' - - /* see srp.c */ --char *SRP_check_known_gN_param(const BIGNUM *g, const BIGNUM *N); -+char *SRP_check_known_gN_param(BIGNUM *g, BIGNUM *N); - SRP_gN *SRP_get_default_gN(const char *id); - - /* server side .... */ --BIGNUM *SRP_Calc_server_key(const BIGNUM *A, const BIGNUM *v, const BIGNUM *u, -- const BIGNUM *b, const BIGNUM *N); --BIGNUM *SRP_Calc_B(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g, -- const BIGNUM *v); --int SRP_Verify_A_mod_N(const BIGNUM *A, const BIGNUM *N); --BIGNUM *SRP_Calc_u(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N); -+BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b, -+ BIGNUM *N); -+BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v); -+int SRP_Verify_A_mod_N(BIGNUM *A, BIGNUM *N); -+BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N); - - /* client side .... */ --BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass); --BIGNUM *SRP_Calc_A(const BIGNUM *a, const BIGNUM *N, const BIGNUM *g); --BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, -- const BIGNUM *x, const BIGNUM *a, const BIGNUM *u); --int SRP_Verify_B_mod_N(const BIGNUM *B, const BIGNUM *N); -+BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass); -+BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g); -+BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x, -+ BIGNUM *a, BIGNUM *u); -+int SRP_Verify_B_mod_N(BIGNUM *B, BIGNUM *N); - --# define SRP_MINIMAL_N 1024 -+# define SRP_MINIMAL_N 1024 - --# ifdef __cplusplus -+#ifdef __cplusplus - } --# endif --# endif -+#endif - -+# endif - #endif -diff --git a/Cryptlib/Include/openssl/srtp.h b/Cryptlib/Include/openssl/srtp.h -index 5ddfa46..2279c32 100644 ---- a/Cryptlib/Include/openssl/srtp.h -+++ b/Cryptlib/Include/openssl/srtp.h -@@ -1,12 +1,113 @@ --/* -- * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* ssl/srtp.h */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+/* ==================================================================== -+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ -- - /* - * DTLS code by Eric Rescorla - * -@@ -29,17 +130,13 @@ extern "C" { - # define SRTP_NULL_SHA1_80 0x0005 - # define SRTP_NULL_SHA1_32 0x0006 - --/* AEAD SRTP protection profiles from RFC 7714 */ --# define SRTP_AEAD_AES_128_GCM 0x0007 --# define SRTP_AEAD_AES_256_GCM 0x0008 -- - # ifndef OPENSSL_NO_SRTP - --__owur int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); --__owur int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles); -+int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); -+int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles); - --__owur STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl); --__owur SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); -+STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl); -+SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); - - # endif - -diff --git a/Cryptlib/Include/openssl/ssl.h b/Cryptlib/Include/openssl/ssl.h -index 8d75d53..90aeb0c 100644 ---- a/Cryptlib/Include/openssl/ssl.h -+++ b/Cryptlib/Include/openssl/ssl.h -@@ -1,12 +1,113 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* ssl/ssl.h */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+/* ==================================================================== -+ * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ -- - /* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECC cipher suite support in OpenSSL originally developed by -@@ -43,34 +144,78 @@ - # define HEADER_SSL_H - - # include --# include --# include --# include --# if OPENSSL_API_COMPAT < 0x10100000L --# include -+ -+# ifndef OPENSSL_NO_COMP -+# include -+# endif -+# ifndef OPENSSL_NO_BIO -+# include -+# endif -+# ifndef OPENSSL_NO_DEPRECATED -+# ifndef OPENSSL_NO_X509 -+# include -+# endif - # include - # include - # include - # endif - # include - # include --# include - -+# include - # include - # include --# include - - #ifdef __cplusplus - extern "C" { - #endif - --/* OpenSSL version number for ASN.1 encoding of the session information */ -+/* SSLeay version number for ASN.1 encoding of the session information */ - /*- - * Version 0 - initial version - * Version 1 - added the optional peer certificate - */ - # define SSL_SESSION_ASN1_VERSION 0x0001 - -+/* text strings for the ciphers */ -+# define SSL_TXT_NULL_WITH_MD5 SSL2_TXT_NULL_WITH_MD5 -+# define SSL_TXT_RC4_128_WITH_MD5 SSL2_TXT_RC4_128_WITH_MD5 -+# define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5 -+# define SSL_TXT_RC2_128_CBC_WITH_MD5 SSL2_TXT_RC2_128_CBC_WITH_MD5 -+# define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 -+# define SSL_TXT_IDEA_128_CBC_WITH_MD5 SSL2_TXT_IDEA_128_CBC_WITH_MD5 -+# define SSL_TXT_DES_64_CBC_WITH_MD5 SSL2_TXT_DES_64_CBC_WITH_MD5 -+# define SSL_TXT_DES_64_CBC_WITH_SHA SSL2_TXT_DES_64_CBC_WITH_SHA -+# define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 -+# define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA -+ -+/* -+ * VRS Additional Kerberos5 entries -+ */ -+# define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA -+# define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA -+# define SSL_TXT_KRB5_RC4_128_SHA SSL3_TXT_KRB5_RC4_128_SHA -+# define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA -+# define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5 -+# define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5 -+# define SSL_TXT_KRB5_RC4_128_MD5 SSL3_TXT_KRB5_RC4_128_MD5 -+# define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5 -+ -+# define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA -+# define SSL_TXT_KRB5_RC2_40_CBC_SHA SSL3_TXT_KRB5_RC2_40_CBC_SHA -+# define SSL_TXT_KRB5_RC4_40_SHA SSL3_TXT_KRB5_RC4_40_SHA -+# define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5 -+# define SSL_TXT_KRB5_RC2_40_CBC_MD5 SSL3_TXT_KRB5_RC2_40_CBC_MD5 -+# define SSL_TXT_KRB5_RC4_40_MD5 SSL3_TXT_KRB5_RC4_40_MD5 -+ -+# define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA -+# define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5 -+# define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA -+# define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5 -+# define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA -+# define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5 -+# define SSL_MAX_KRB5_PRINCIPAL_LENGTH 256 -+ - # define SSL_MAX_SSL_SESSION_ID_LENGTH 32 - # define SSL_MAX_SID_CTX_LENGTH 32 - -@@ -78,18 +223,20 @@ extern "C" { - # define SSL_MAX_KEY_ARG_LENGTH 8 - # define SSL_MAX_MASTER_KEY_LENGTH 48 - --/* The maximum number of encrypt/decrypt pipelines we can support */ --# define SSL_MAX_PIPELINES 32 -- --/* text strings for the ciphers */ -- - /* These are used to specify which ciphers to use and not to use */ - -+# define SSL_TXT_EXP40 "EXPORT40" -+# define SSL_TXT_EXP56 "EXPORT56" - # define SSL_TXT_LOW "LOW" - # define SSL_TXT_MEDIUM "MEDIUM" - # define SSL_TXT_HIGH "HIGH" - # define SSL_TXT_FIPS "FIPS" - -+# define SSL_TXT_kFZA "kFZA"/* unused! */ -+# define SSL_TXT_aFZA "aFZA"/* unused! */ -+# define SSL_TXT_eFZA "eFZA"/* unused! */ -+# define SSL_TXT_FZA "FZA"/* unused! */ -+ - # define SSL_TXT_aNULL "aNULL" - # define SSL_TXT_eNULL "eNULL" - # define SSL_TXT_NULL "NULL" -@@ -98,17 +245,15 @@ extern "C" { - # define SSL_TXT_kDHr "kDHr" - # define SSL_TXT_kDHd "kDHd" - # define SSL_TXT_kDH "kDH" --# define SSL_TXT_kEDH "kEDH"/* alias for kDHE */ --# define SSL_TXT_kDHE "kDHE" -+# define SSL_TXT_kEDH "kEDH" -+# define SSL_TXT_kDHE "kDHE"/* alias for kEDH */ -+# define SSL_TXT_kKRB5 "kKRB5" - # define SSL_TXT_kECDHr "kECDHr" - # define SSL_TXT_kECDHe "kECDHe" - # define SSL_TXT_kECDH "kECDH" --# define SSL_TXT_kEECDH "kEECDH"/* alias for kECDHE */ --# define SSL_TXT_kECDHE "kECDHE" -+# define SSL_TXT_kEECDH "kEECDH" -+# define SSL_TXT_kECDHE "kECDHE"/* alias for kEECDH */ - # define SSL_TXT_kPSK "kPSK" --# define SSL_TXT_kRSAPSK "kRSAPSK" --# define SSL_TXT_kECDHEPSK "kECDHEPSK" --# define SSL_TXT_kDHEPSK "kDHEPSK" - # define SSL_TXT_kGOST "kGOST" - # define SSL_TXT_kSRP "kSRP" - -@@ -116,25 +261,26 @@ extern "C" { - # define SSL_TXT_aDSS "aDSS" - # define SSL_TXT_aDH "aDH" - # define SSL_TXT_aECDH "aECDH" -+# define SSL_TXT_aKRB5 "aKRB5" - # define SSL_TXT_aECDSA "aECDSA" - # define SSL_TXT_aPSK "aPSK" --# define SSL_TXT_aGOST94 "aGOST94" --# define SSL_TXT_aGOST01 "aGOST01" --# define SSL_TXT_aGOST12 "aGOST12" --# define SSL_TXT_aGOST "aGOST" -+# define SSL_TXT_aGOST94 "aGOST94" -+# define SSL_TXT_aGOST01 "aGOST01" -+# define SSL_TXT_aGOST "aGOST" - # define SSL_TXT_aSRP "aSRP" - - # define SSL_TXT_DSS "DSS" - # define SSL_TXT_DH "DH" --# define SSL_TXT_DHE "DHE"/* same as "kDHE:-ADH" */ --# define SSL_TXT_EDH "EDH"/* alias for DHE */ -+# define SSL_TXT_EDH "EDH"/* same as "kEDH:-ADH" */ -+# define SSL_TXT_DHE "DHE"/* alias for EDH */ - # define SSL_TXT_ADH "ADH" - # define SSL_TXT_RSA "RSA" - # define SSL_TXT_ECDH "ECDH" --# define SSL_TXT_EECDH "EECDH"/* alias for ECDHE" */ --# define SSL_TXT_ECDHE "ECDHE"/* same as "kECDHE:-AECDH" */ -+# define SSL_TXT_EECDH "EECDH"/* same as "kEECDH:-AECDH" */ -+# define SSL_TXT_ECDHE "ECDHE"/* alias for ECDHE" */ - # define SSL_TXT_AECDH "AECDH" - # define SSL_TXT_ECDSA "ECDSA" -+# define SSL_TXT_KRB5 "KRB5" - # define SSL_TXT_PSK "PSK" - # define SSL_TXT_SRP "SRP" - -@@ -148,29 +294,27 @@ extern "C" { - # define SSL_TXT_AES256 "AES256" - # define SSL_TXT_AES "AES" - # define SSL_TXT_AES_GCM "AESGCM" --# define SSL_TXT_AES_CCM "AESCCM" --# define SSL_TXT_AES_CCM_8 "AESCCM8" - # define SSL_TXT_CAMELLIA128 "CAMELLIA128" - # define SSL_TXT_CAMELLIA256 "CAMELLIA256" - # define SSL_TXT_CAMELLIA "CAMELLIA" --# define SSL_TXT_CHACHA20 "CHACHA20" --# define SSL_TXT_GOST "GOST89" - - # define SSL_TXT_MD5 "MD5" - # define SSL_TXT_SHA1 "SHA1" - # define SSL_TXT_SHA "SHA"/* same as "SHA1" */ - # define SSL_TXT_GOST94 "GOST94" --# define SSL_TXT_GOST89MAC "GOST89MAC" --# define SSL_TXT_GOST12 "GOST12" --# define SSL_TXT_GOST89MAC12 "GOST89MAC12" -+# define SSL_TXT_GOST89MAC "GOST89MAC" - # define SSL_TXT_SHA256 "SHA256" - # define SSL_TXT_SHA384 "SHA384" - -+# define SSL_TXT_SSLV2 "SSLv2" - # define SSL_TXT_SSLV3 "SSLv3" - # define SSL_TXT_TLSV1 "TLSv1" - # define SSL_TXT_TLSV1_1 "TLSv1.1" - # define SSL_TXT_TLSV1_2 "TLSv1.2" - -+# define SSL_TXT_EXP "EXP" -+# define SSL_TXT_EXPORT "EXPORT" -+ - # define SSL_TXT_ALL "ALL" - - /*- -@@ -194,7 +338,7 @@ extern "C" { - * The following cipher list is used by default. It also is substituted when - * an application-defined cipher list string starts with 'DEFAULT'. - */ --# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL" -+# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2" - /* - * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always - * starts with a reasonable order, and all we have to do for DEFAULT is -@@ -214,6 +358,10 @@ extern "C" { - extern "C" { - #endif - -+# if (defined(OPENSSL_NO_RSA) || defined(OPENSSL_NO_MD5)) && !defined(OPENSSL_NO_SSL2) -+# define OPENSSL_NO_SSL2 -+# endif -+ - # define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 - # define SSL_FILETYPE_PEM X509_FILETYPE_PEM - -@@ -228,10 +376,8 @@ typedef struct ssl_cipher_st SSL_CIPHER; - typedef struct ssl_session_st SSL_SESSION; - typedef struct tls_sigalgs_st TLS_SIGALGS; - typedef struct ssl_conf_ctx_st SSL_CONF_CTX; --typedef struct ssl_comp_st SSL_COMP; - --STACK_OF(SSL_CIPHER); --STACK_OF(SSL_COMP); -+DECLARE_STACK_OF(SSL_CIPHER) - - /* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/ - typedef struct srtp_protection_profile_st { -@@ -239,7 +385,7 @@ typedef struct srtp_protection_profile_st { - unsigned long id; - } SRTP_PROTECTION_PROFILE; - --DEFINE_STACK_OF(SRTP_PROTECTION_PROFILE) -+DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE) - - typedef int (*tls_session_ticket_ext_cb_fn) (SSL *s, - const unsigned char *data, -@@ -247,7 +393,9 @@ typedef int (*tls_session_ticket_ext_cb_fn) (SSL *s, - typedef int (*tls_session_secret_cb_fn) (SSL *s, void *secret, - int *secret_len, - STACK_OF(SSL_CIPHER) *peer_ciphers, -- const SSL_CIPHER **cipher, void *arg); -+ SSL_CIPHER **cipher, void *arg); -+ -+# ifndef OPENSSL_NO_TLSEXT - - /* Typedefs for handling custom extensions */ - -@@ -262,30 +410,187 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type, - const unsigned char *in, - size_t inlen, int *al, void *parse_arg); - --/* Typedef for verification callback */ --typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); -+# endif -+ -+# ifndef OPENSSL_NO_SSL_INTERN -+ -+/* used to hold info on the particular ciphers used */ -+struct ssl_cipher_st { -+ int valid; -+ const char *name; /* text name */ -+ unsigned long id; /* id, 4 bytes, first is version */ -+ /* -+ * changed in 0.9.9: these four used to be portions of a single value -+ * 'algorithms' -+ */ -+ unsigned long algorithm_mkey; /* key exchange algorithm */ -+ unsigned long algorithm_auth; /* server authentication */ -+ unsigned long algorithm_enc; /* symmetric encryption */ -+ unsigned long algorithm_mac; /* symmetric authentication */ -+ unsigned long algorithm_ssl; /* (major) protocol version */ -+ unsigned long algo_strength; /* strength and export flags */ -+ unsigned long algorithm2; /* Extra flags */ -+ int strength_bits; /* Number of bits really used */ -+ int alg_bits; /* Number of bits for algorithm */ -+}; -+ -+/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */ -+struct ssl_method_st { -+ int version; -+ int (*ssl_new) (SSL *s); -+ void (*ssl_clear) (SSL *s); -+ void (*ssl_free) (SSL *s); -+ int (*ssl_accept) (SSL *s); -+ int (*ssl_connect) (SSL *s); -+ int (*ssl_read) (SSL *s, void *buf, int len); -+ int (*ssl_peek) (SSL *s, void *buf, int len); -+ int (*ssl_write) (SSL *s, const void *buf, int len); -+ int (*ssl_shutdown) (SSL *s); -+ int (*ssl_renegotiate) (SSL *s); -+ int (*ssl_renegotiate_check) (SSL *s); -+ long (*ssl_get_message) (SSL *s, int st1, int stn, int mt, long -+ max, int *ok); -+ int (*ssl_read_bytes) (SSL *s, int type, unsigned char *buf, int len, -+ int peek); -+ int (*ssl_write_bytes) (SSL *s, int type, const void *buf_, int len); -+ int (*ssl_dispatch_alert) (SSL *s); -+ long (*ssl_ctrl) (SSL *s, int cmd, long larg, void *parg); -+ long (*ssl_ctx_ctrl) (SSL_CTX *ctx, int cmd, long larg, void *parg); -+ const SSL_CIPHER *(*get_cipher_by_char) (const unsigned char *ptr); -+ int (*put_cipher_by_char) (const SSL_CIPHER *cipher, unsigned char *ptr); -+ int (*ssl_pending) (const SSL *s); -+ int (*num_ciphers) (void); -+ const SSL_CIPHER *(*get_cipher) (unsigned ncipher); -+ const struct ssl_method_st *(*get_ssl_method) (int version); -+ long (*get_timeout) (void); -+ struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */ -+ int (*ssl_version) (void); -+ long (*ssl_callback_ctrl) (SSL *s, int cb_id, void (*fp) (void)); -+ long (*ssl_ctx_callback_ctrl) (SSL_CTX *s, int cb_id, void (*fp) (void)); -+}; -+ -+/*- -+ * Lets make this into an ASN.1 type structure as follows -+ * SSL_SESSION_ID ::= SEQUENCE { -+ * version INTEGER, -- structure version number -+ * SSLversion INTEGER, -- SSL version number -+ * Cipher OCTET STRING, -- the 3 byte cipher ID -+ * Session_ID OCTET STRING, -- the Session ID -+ * Master_key OCTET STRING, -- the master key -+ * KRB5_principal OCTET STRING -- optional Kerberos principal -+ * Key_Arg [ 0 ] IMPLICIT OCTET STRING, -- the optional Key argument -+ * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time -+ * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds -+ * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate -+ * Session_ID_context [ 4 ] EXPLICIT OCTET STRING, -- the Session ID context -+ * Verify_result [ 5 ] EXPLICIT INTEGER, -- X509_V_... code for `Peer' -+ * HostName [ 6 ] EXPLICIT OCTET STRING, -- optional HostName from servername TLS extension -+ * PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint -+ * PSK_identity [ 8 ] EXPLICIT OCTET STRING, -- optional PSK identity -+ * Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket -+ * Ticket [10] EXPLICIT OCTET STRING, -- session ticket (clients only) -+ * Compression_meth [11] EXPLICIT OCTET STRING, -- optional compression method -+ * SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username -+ * } -+ * Look in ssl/ssl_asn1.c for more details -+ * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-). -+ */ -+struct ssl_session_st { -+ int ssl_version; /* what ssl version session info is being -+ * kept in here? */ -+ /* only really used in SSLv2 */ -+ unsigned int key_arg_length; -+ unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH]; -+ int master_key_length; -+ unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; -+ /* session_id - valid? */ -+ unsigned int session_id_length; -+ unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; -+ /* -+ * this is used to determine whether the session is being reused in the -+ * appropriate context. It is up to the application to set this, via -+ * SSL_new -+ */ -+ unsigned int sid_ctx_length; -+ unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; -+# ifndef OPENSSL_NO_KRB5 -+ unsigned int krb5_client_princ_len; -+ unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH]; -+# endif /* OPENSSL_NO_KRB5 */ -+# ifndef OPENSSL_NO_PSK -+ char *psk_identity_hint; -+ char *psk_identity; -+# endif -+ /* -+ * Used to indicate that session resumption is not allowed. Applications -+ * can also set this bit for a new session via not_resumable_session_cb -+ * to disable session caching and tickets. -+ */ -+ int not_resumable; -+ /* The cert is the certificate used to establish this connection */ -+ struct sess_cert_st /* SESS_CERT */ *sess_cert; -+ /* -+ * This is the cert for the other end. On clients, it will be the same as -+ * sess_cert->peer_key->x509 (the latter is not enough as sess_cert is -+ * not retained in the external representation of sessions, see -+ * ssl_asn1.c). -+ */ -+ X509 *peer; -+ /* -+ * when app_verify_callback accepts a session where the peer's -+ * certificate is not ok, we must remember the error for session reuse: -+ */ -+ long verify_result; /* only for servers */ -+ int references; -+ long timeout; -+ long time; -+ unsigned int compress_meth; /* Need to lookup the method */ -+ const SSL_CIPHER *cipher; -+ unsigned long cipher_id; /* when ASN.1 loaded, this needs to be used -+ * to load the 'cipher' structure */ -+ STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */ -+ CRYPTO_EX_DATA ex_data; /* application specific data */ -+ /* -+ * These are used to make removal of session-ids more efficient and to -+ * implement a maximum cache size. -+ */ -+ struct ssl_session_st *prev, *next; -+# ifndef OPENSSL_NO_TLSEXT -+ char *tlsext_hostname; -+# ifndef OPENSSL_NO_EC -+ size_t tlsext_ecpointformatlist_length; -+ unsigned char *tlsext_ecpointformatlist; /* peer's list */ -+ size_t tlsext_ellipticcurvelist_length; -+ unsigned char *tlsext_ellipticcurvelist; /* peer's list */ -+# endif /* OPENSSL_NO_EC */ -+ /* RFC4507 info */ -+ unsigned char *tlsext_tick; /* Session ticket */ -+ size_t tlsext_ticklen; /* Session ticket length */ -+ long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ -+# endif -+# ifndef OPENSSL_NO_SRP -+ char *srp_username; -+# endif -+}; -+ -+# endif - -+# define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L -+# define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L - /* Allow initial connection to servers that don't support RI */ --# define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004U --/* Removed from OpenSSL 0.9.8q and 1.0.0c */ --/* Dead forever, see CVE-2010-4180. */ --# define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x0U --# define SSL_OP_TLSEXT_PADDING 0x00000010U --# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x0U --# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040U --/* Ancient SSLeay version, retained for compatibility */ --# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0 --# define SSL_OP_TLS_D5_BUG 0x0U --/* Removed from OpenSSL 1.1.0 */ --# define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0U -+# define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L -+# define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L -+# define SSL_OP_TLSEXT_PADDING 0x00000010L -+# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L -+# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L -+# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L -+# define SSL_OP_TLS_D5_BUG 0x00000100L -+# define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L - - /* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */ - # define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0 - /* Refers to ancient SSLREF and SSLv2, retained for compatibility */ - # define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 --/* Related to removed SSLv2 */ --# define SSL_OP_MICROSOFT_SESS_ID_BUG 0x0 --# define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x0 - - /* - * Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added in -@@ -295,107 +600,110 @@ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); - * SSL_OP_ALL. - */ - /* added in 0.9.6e */ --# define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800U -+# define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L - - /* - * SSL_OP_ALL: various bug workarounds that should be rather harmless. This - * used to be 0x000FFFFFL before 0.9.7. - */ --# define SSL_OP_ALL 0x80000BFFU -+# define SSL_OP_ALL 0x80000BFFL - - /* DTLS options */ --# define SSL_OP_NO_QUERY_MTU 0x00001000U -+# define SSL_OP_NO_QUERY_MTU 0x00001000L - /* Turn on Cookie Exchange (on relevant for servers) */ --# define SSL_OP_COOKIE_EXCHANGE 0x00002000U -+# define SSL_OP_COOKIE_EXCHANGE 0x00002000L - /* Don't use RFC4507 ticket extension */ --# define SSL_OP_NO_TICKET 0x00004000U --# ifndef OPENSSL_NO_DTLS1_METHOD --/* Use Cisco's "speshul" version of DTLS_BAD_VER -- * (only with deprecated DTLSv1_client_method()) */ --# define SSL_OP_CISCO_ANYCONNECT 0x00008000U --# endif -+# define SSL_OP_NO_TICKET 0x00004000L -+/* Use Cisco's "speshul" version of DTLS_BAD_VER (as client) */ -+# define SSL_OP_CISCO_ANYCONNECT 0x00008000L - - /* As server, disallow session resumption on renegotiation */ --# define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000U -+# define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L - /* Don't use compression even if supported */ --# define SSL_OP_NO_COMPRESSION 0x00020000U -+# define SSL_OP_NO_COMPRESSION 0x00020000L - /* Permit unsafe legacy renegotiation */ --# define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000U --/* Does nothing: retained for compatibility */ --# define SSL_OP_SINGLE_ECDH_USE 0x0 --/* Does nothing: retained for compatibility */ --# define SSL_OP_SINGLE_DH_USE 0x0 -+# define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L -+/* If set, always create a new key when using tmp_ecdh parameters */ -+# define SSL_OP_SINGLE_ECDH_USE 0x00080000L - /* Does nothing: retained for compatibility */ -+# define SSL_OP_SINGLE_DH_USE 0x00100000L -+/* Does nothing: retained for compatibiity */ - # define SSL_OP_EPHEMERAL_RSA 0x0 - /* - * Set on servers to choose the cipher according to the server's preferences - */ --# define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000U -+# define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L - /* - * If set, a server will allow a client to issue a SSLv3.0 version number as - * latest version supported in the premaster secret, even when TLSv1.0 - * (version 3.1) was announced in the client hello. Normally this is - * forbidden to prevent version rollback attacks. - */ --# define SSL_OP_TLS_ROLLBACK_BUG 0x00800000U -+# define SSL_OP_TLS_ROLLBACK_BUG 0x00800000L - --# define SSL_OP_NO_SSLv2 0x00000000U --# define SSL_OP_NO_SSLv3 0x02000000U --# define SSL_OP_NO_TLSv1 0x04000000U --# define SSL_OP_NO_TLSv1_2 0x08000000U --# define SSL_OP_NO_TLSv1_1 0x10000000U -+# define SSL_OP_NO_SSLv2 0x01000000L -+# define SSL_OP_NO_SSLv3 0x02000000L -+# define SSL_OP_NO_TLSv1 0x04000000L -+# define SSL_OP_NO_TLSv1_2 0x08000000L -+# define SSL_OP_NO_TLSv1_1 0x10000000L - --# define SSL_OP_NO_DTLSv1 0x04000000U --# define SSL_OP_NO_DTLSv1_2 0x08000000U -+# define SSL_OP_NO_DTLSv1 0x04000000L -+# define SSL_OP_NO_DTLSv1_2 0x08000000L - --# define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv3|\ -+# define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|\ - SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2) --# define SSL_OP_NO_DTLS_MASK (SSL_OP_NO_DTLSv1|SSL_OP_NO_DTLSv1_2) - -- --/* Removed from previous versions */ -+/* -+ * These next two were never actually used for anything since SSLeay zap so -+ * we have some more flags. -+ */ -+/* -+ * The next flag deliberately changes the ciphertest, this is a check for the -+ * PKCS#1 attack -+ */ - # define SSL_OP_PKCS1_CHECK_1 0x0 - # define SSL_OP_PKCS1_CHECK_2 0x0 --# define SSL_OP_NETSCAPE_CA_DN_BUG 0x0 --# define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x0U -+ -+# define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L -+# define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L - /* - * Make server add server-hello extension from early version of cryptopro - * draft, when GOST ciphersuite is negotiated. Required for interoperability - * with CryptoPro CSP 3.x - */ --# define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x80000000U -+# define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x80000000L - - /* - * Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success - * when just a single record has been written): - */ --# define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001U -+# define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L - /* - * Make it possible to retry SSL_write() with changed buffer location (buffer - * contents must stay the same!); this is not the default to avoid the - * misconception that non-blocking SSL_write() behaves like non-blocking - * write(): - */ --# define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002U -+# define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L - /* - * Never bother the application with retries if the transport is blocking: - */ --# define SSL_MODE_AUTO_RETRY 0x00000004U -+# define SSL_MODE_AUTO_RETRY 0x00000004L - /* Don't attempt to automatically build certificate chain */ --# define SSL_MODE_NO_AUTO_CHAIN 0x00000008U -+# define SSL_MODE_NO_AUTO_CHAIN 0x00000008L - /* - * Save RAM by releasing read and write buffers when they're empty. (SSL3 and - * TLS only.) "Released" buffers are put onto a free-list in the context or - * just freed (depending on the context's setting for freelist_max_len). - */ --# define SSL_MODE_RELEASE_BUFFERS 0x00000010U -+# define SSL_MODE_RELEASE_BUFFERS 0x00000010L - /* - * Send the current time in the Random fields of the ClientHello and - * ServerHello records for compatibility with hypothetical implementations - * that require it. - */ --# define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020U --# define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040U -+# define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L -+# define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L - /* - * Send TLS_FALLBACK_SCSV in the ClientHello. To be set only by applications - * that reconnect with a downgraded protocol version; see -@@ -404,18 +712,14 @@ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); - * fallback retries, following the guidance in - * draft-ietf-tls-downgrade-scsv-00. - */ --# define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080U --/* -- * Support Asynchronous operation -- */ --# define SSL_MODE_ASYNC 0x00000100U -+# define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L - - /* Cert related flags */ - /* - * Many implementations ignore some aspects of the TLS standards such as -- * enforcing certificate chain algorithms. When this is set we enforce them. -+ * enforcing certifcate chain algorithms. When this is set we enforce them. - */ --# define SSL_CERT_FLAG_TLS_STRICT 0x00000001U -+# define SSL_CERT_FLAG_TLS_STRICT 0x00000001L - - /* Suite B modes, takes same values as certificate verify flags */ - # define SSL_CERT_FLAG_SUITEB_128_LOS_ONLY 0x10000 -@@ -467,25 +771,29 @@ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); - # define SSL_CONF_FLAG_SERVER 0x8 - # define SSL_CONF_FLAG_SHOW_ERRORS 0x10 - # define SSL_CONF_FLAG_CERTIFICATE 0x20 --# define SSL_CONF_FLAG_REQUIRE_PRIVATE 0x40 - /* Configuration value types */ - # define SSL_CONF_TYPE_UNKNOWN 0x0 - # define SSL_CONF_TYPE_STRING 0x1 - # define SSL_CONF_TYPE_FILE 0x2 - # define SSL_CONF_TYPE_DIR 0x3 --# define SSL_CONF_TYPE_NONE 0x4 - - /* - * Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, they - * cannot be used to clear bits. - */ - --unsigned long SSL_CTX_get_options(const SSL_CTX *ctx); --unsigned long SSL_get_options(const SSL* s); --unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op); --unsigned long SSL_clear_options(SSL *s, unsigned long op); --unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op); --unsigned long SSL_set_options(SSL *s, unsigned long op); -+# define SSL_CTX_set_options(ctx,op) \ -+ SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL) -+# define SSL_CTX_clear_options(ctx,op) \ -+ SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL) -+# define SSL_CTX_get_options(ctx) \ -+ SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL) -+# define SSL_set_options(ssl,op) \ -+ SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL) -+# define SSL_clear_options(ssl,op) \ -+ SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL) -+# define SSL_get_options(ssl) \ -+ SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL) - - # define SSL_CTX_set_mode(ctx,op) \ - SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL) -@@ -511,7 +819,7 @@ unsigned long SSL_set_options(SSL *s, unsigned long op); - - # ifndef OPENSSL_NO_HEARTBEATS - # define SSL_heartbeat(ssl) \ -- SSL_ctrl((ssl),SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT,0,NULL) -+ SSL_ctrl((ssl),SSL_CTRL_TLS_EXT_SEND_HEARTBEAT,0,NULL) - # endif - - # define SSL_CTX_set_cert_flags(ctx,op) \ -@@ -534,23 +842,48 @@ void SSL_set_msg_callback(SSL *ssl, - # define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) - # define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) - --# define SSL_get_extms_support(s) \ -- SSL_ctrl((s),SSL_CTRL_GET_EXTMS_SUPPORT,0,NULL) -- - # ifndef OPENSSL_NO_SRP - -+# ifndef OPENSSL_NO_SSL_INTERN -+ -+typedef struct srp_ctx_st { -+ /* param for all the callbacks */ -+ void *SRP_cb_arg; -+ /* set client Hello login callback */ -+ int (*TLS_ext_srp_username_callback) (SSL *, int *, void *); -+ /* set SRP N/g param callback for verification */ -+ int (*SRP_verify_param_callback) (SSL *, void *); -+ /* set SRP client passwd callback */ -+ char *(*SRP_give_srp_client_pwd_callback) (SSL *, void *); -+ char *login; -+ BIGNUM *N, *g, *s, *B, *A; -+ BIGNUM *a, *b, *v; -+ char *info; -+ int strength; -+ unsigned long srp_Mask; -+} SRP_CTX; -+ -+# endif -+ - /* see tls_srp.c */ --__owur int SSL_SRP_CTX_init(SSL *s); --__owur int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx); -+int SSL_SRP_CTX_init(SSL *s); -+int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx); - int SSL_SRP_CTX_free(SSL *ctx); - int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx); --__owur int SSL_srp_server_param_with_username(SSL *s, int *ad); --__owur int SRP_Calc_A_param(SSL *s); -+int SSL_srp_server_param_with_username(SSL *s, int *ad); -+int SRP_generate_server_master_secret(SSL *s, unsigned char *master_key); -+int SRP_Calc_A_param(SSL *s); -+int SRP_generate_client_master_secret(SSL *s, unsigned char *master_key); - - # endif - --/* 100k max cert list */ --# define SSL_MAX_CERT_LIST_DEFAULT 1024*100 -+# if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32) -+# define SSL_MAX_CERT_LIST_DEFAULT 1024*30 -+ /* 30k max cert list :-) */ -+# else -+# define SSL_MAX_CERT_LIST_DEFAULT 1024*100 -+ /* 100k max cert list :-) */ -+# endif - - # define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20) - -@@ -562,13 +895,296 @@ __owur int SRP_Calc_A_param(SSL *s); - * otherwise the SSL handshake will fail with an error - callbacks can do - * this using the 'ssl' value they're passed by; - * SSL_has_matching_session_id(ssl, id, *id_len) The length value passed in -- * is set at the maximum size the session ID can be. In SSLv3/TLSv1 it is 32 -- * bytes. The callback can alter this length to be less if desired. It is -- * also an error for the callback to set the size to zero. -+ * is set at the maximum size the session ID can be. In SSLv2 this is 16 -+ * bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback can alter this -+ * length to be less if desired, but under SSLv2 session IDs are supposed to -+ * be fixed at 16 bytes so the id will be padded after the callback returns -+ * in this case. It is also an error for the callback to set the size to -+ * zero. - */ - typedef int (*GEN_SESSION_CB) (const SSL *ssl, unsigned char *id, - unsigned int *id_len); - -+typedef struct ssl_comp_st SSL_COMP; -+ -+# ifndef OPENSSL_NO_SSL_INTERN -+ -+struct ssl_comp_st { -+ int id; -+ const char *name; -+# ifndef OPENSSL_NO_COMP -+ COMP_METHOD *method; -+# else -+ char *method; -+# endif -+}; -+ -+DECLARE_STACK_OF(SSL_COMP) -+DECLARE_LHASH_OF(SSL_SESSION); -+ -+struct ssl_ctx_st { -+ const SSL_METHOD *method; -+ STACK_OF(SSL_CIPHER) *cipher_list; -+ /* same as above but sorted for lookup */ -+ STACK_OF(SSL_CIPHER) *cipher_list_by_id; -+ struct x509_store_st /* X509_STORE */ *cert_store; -+ LHASH_OF(SSL_SESSION) *sessions; -+ /* -+ * Most session-ids that will be cached, default is -+ * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. -+ */ -+ unsigned long session_cache_size; -+ struct ssl_session_st *session_cache_head; -+ struct ssl_session_st *session_cache_tail; -+ /* -+ * This can have one of 2 values, ored together, SSL_SESS_CACHE_CLIENT, -+ * SSL_SESS_CACHE_SERVER, Default is SSL_SESSION_CACHE_SERVER, which -+ * means only SSL_accept which cache SSL_SESSIONS. -+ */ -+ int session_cache_mode; -+ /* -+ * If timeout is not 0, it is the default timeout value set when -+ * SSL_new() is called. This has been put in to make life easier to set -+ * things up -+ */ -+ long session_timeout; -+ /* -+ * If this callback is not null, it will be called each time a session id -+ * is added to the cache. If this function returns 1, it means that the -+ * callback will do a SSL_SESSION_free() when it has finished using it. -+ * Otherwise, on 0, it means the callback has finished with it. If -+ * remove_session_cb is not null, it will be called when a session-id is -+ * removed from the cache. After the call, OpenSSL will -+ * SSL_SESSION_free() it. -+ */ -+ int (*new_session_cb) (struct ssl_st *ssl, SSL_SESSION *sess); -+ void (*remove_session_cb) (struct ssl_ctx_st *ctx, SSL_SESSION *sess); -+ SSL_SESSION *(*get_session_cb) (struct ssl_st *ssl, -+ unsigned char *data, int len, int *copy); -+ struct { -+ int sess_connect; /* SSL new conn - started */ -+ int sess_connect_renegotiate; /* SSL reneg - requested */ -+ int sess_connect_good; /* SSL new conne/reneg - finished */ -+ int sess_accept; /* SSL new accept - started */ -+ int sess_accept_renegotiate; /* SSL reneg - requested */ -+ int sess_accept_good; /* SSL accept/reneg - finished */ -+ int sess_miss; /* session lookup misses */ -+ int sess_timeout; /* reuse attempt on timeouted session */ -+ int sess_cache_full; /* session removed due to full cache */ -+ int sess_hit; /* session reuse actually done */ -+ int sess_cb_hit; /* session-id that was not in the cache was -+ * passed back via the callback. This -+ * indicates that the application is -+ * supplying session-id's from other -+ * processes - spooky :-) */ -+ } stats; -+ -+ int references; -+ -+ /* if defined, these override the X509_verify_cert() calls */ -+ int (*app_verify_callback) (X509_STORE_CTX *, void *); -+ void *app_verify_arg; -+ /* -+ * before OpenSSL 0.9.7, 'app_verify_arg' was ignored -+ * ('app_verify_callback' was called with just one argument) -+ */ -+ -+ /* Default password callback. */ -+ pem_password_cb *default_passwd_callback; -+ -+ /* Default password callback user data. */ -+ void *default_passwd_callback_userdata; -+ -+ /* get client cert callback */ -+ int (*client_cert_cb) (SSL *ssl, X509 **x509, EVP_PKEY **pkey); -+ -+ /* cookie generate callback */ -+ int (*app_gen_cookie_cb) (SSL *ssl, unsigned char *cookie, -+ unsigned int *cookie_len); -+ -+ /* verify cookie callback */ -+ int (*app_verify_cookie_cb) (SSL *ssl, unsigned char *cookie, -+ unsigned int cookie_len); -+ -+ CRYPTO_EX_DATA ex_data; -+ -+ const EVP_MD *rsa_md5; /* For SSLv2 - name is 'ssl2-md5' */ -+ const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ -+ const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */ -+ -+ STACK_OF(X509) *extra_certs; -+ STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */ -+ -+ /* Default values used when no per-SSL value is defined follow */ -+ -+ /* used if SSL's info_callback is NULL */ -+ void (*info_callback) (const SSL *ssl, int type, int val); -+ -+ /* what we put in client cert requests */ -+ STACK_OF(X509_NAME) *client_CA; -+ -+ /* -+ * Default values to use in SSL structures follow (these are copied by -+ * SSL_new) -+ */ -+ -+ unsigned long options; -+ unsigned long mode; -+ long max_cert_list; -+ -+ struct cert_st /* CERT */ *cert; -+ int read_ahead; -+ -+ /* callback that allows applications to peek at protocol messages */ -+ void (*msg_callback) (int write_p, int version, int content_type, -+ const void *buf, size_t len, SSL *ssl, void *arg); -+ void *msg_callback_arg; -+ -+ int verify_mode; -+ unsigned int sid_ctx_length; -+ unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; -+ /* called 'verify_callback' in the SSL */ -+ int (*default_verify_callback) (int ok, X509_STORE_CTX *ctx); -+ -+ /* Default generate session ID callback. */ -+ GEN_SESSION_CB generate_session_id; -+ -+ X509_VERIFY_PARAM *param; -+ -+# if 0 -+ int purpose; /* Purpose setting */ -+ int trust; /* Trust setting */ -+# endif -+ -+ int quiet_shutdown; -+ -+ /* -+ * Maximum amount of data to send in one fragment. actual record size can -+ * be more than this due to padding and MAC overheads. -+ */ -+ unsigned int max_send_fragment; -+ -+# ifndef OPENSSL_NO_ENGINE -+ /* -+ * Engine to pass requests for client certs to -+ */ -+ ENGINE *client_cert_engine; -+# endif -+ -+# ifndef OPENSSL_NO_TLSEXT -+ /* TLS extensions servername callback */ -+ int (*tlsext_servername_callback) (SSL *, int *, void *); -+ void *tlsext_servername_arg; -+ /* RFC 4507 session ticket keys */ -+ unsigned char tlsext_tick_key_name[16]; -+ unsigned char tlsext_tick_hmac_key[16]; -+ unsigned char tlsext_tick_aes_key[16]; -+ /* Callback to support customisation of ticket key setting */ -+ int (*tlsext_ticket_key_cb) (SSL *ssl, -+ unsigned char *name, unsigned char *iv, -+ EVP_CIPHER_CTX *ectx, -+ HMAC_CTX *hctx, int enc); -+ -+ /* certificate status request info */ -+ /* Callback for status request */ -+ int (*tlsext_status_cb) (SSL *ssl, void *arg); -+ void *tlsext_status_arg; -+ -+ /* draft-rescorla-tls-opaque-prf-input-00.txt information */ -+ int (*tlsext_opaque_prf_input_callback) (SSL *, void *peerinput, -+ size_t len, void *arg); -+ void *tlsext_opaque_prf_input_callback_arg; -+# endif -+ -+# ifndef OPENSSL_NO_PSK -+ char *psk_identity_hint; -+ unsigned int (*psk_client_callback) (SSL *ssl, const char *hint, -+ char *identity, -+ unsigned int max_identity_len, -+ unsigned char *psk, -+ unsigned int max_psk_len); -+ unsigned int (*psk_server_callback) (SSL *ssl, const char *identity, -+ unsigned char *psk, -+ unsigned int max_psk_len); -+# endif -+ -+# ifndef OPENSSL_NO_BUF_FREELISTS -+# define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32 -+ unsigned int freelist_max_len; -+ struct ssl3_buf_freelist_st *wbuf_freelist; -+ struct ssl3_buf_freelist_st *rbuf_freelist; -+# endif -+# ifndef OPENSSL_NO_SRP -+ SRP_CTX srp_ctx; /* ctx for SRP authentication */ -+# endif -+ -+# ifndef OPENSSL_NO_TLSEXT -+ -+# ifndef OPENSSL_NO_NEXTPROTONEG -+ /* Next protocol negotiation information */ -+ /* (for experimental NPN extension). */ -+ -+ /* -+ * For a server, this contains a callback function by which the set of -+ * advertised protocols can be provided. -+ */ -+ int (*next_protos_advertised_cb) (SSL *s, const unsigned char **buf, -+ unsigned int *len, void *arg); -+ void *next_protos_advertised_cb_arg; -+ /* -+ * For a client, this contains a callback function that selects the next -+ * protocol from the list provided by the server. -+ */ -+ int (*next_proto_select_cb) (SSL *s, unsigned char **out, -+ unsigned char *outlen, -+ const unsigned char *in, -+ unsigned int inlen, void *arg); -+ void *next_proto_select_cb_arg; -+# endif -+ /* SRTP profiles we are willing to do from RFC 5764 */ -+ STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; -+ -+ /* -+ * ALPN information (we are in the process of transitioning from NPN to -+ * ALPN.) -+ */ -+ -+ /*- -+ * For a server, this contains a callback function that allows the -+ * server to select the protocol for the connection. -+ * out: on successful return, this must point to the raw protocol -+ * name (without the length prefix). -+ * outlen: on successful return, this contains the length of |*out|. -+ * in: points to the client's list of supported protocols in -+ * wire-format. -+ * inlen: the length of |in|. -+ */ -+ int (*alpn_select_cb) (SSL *s, -+ const unsigned char **out, -+ unsigned char *outlen, -+ const unsigned char *in, -+ unsigned int inlen, void *arg); -+ void *alpn_select_cb_arg; -+ -+ /* -+ * For a client, this contains the list of supported protocols in wire -+ * format. -+ */ -+ unsigned char *alpn_client_proto_list; -+ unsigned alpn_client_proto_list_len; -+ -+# ifndef OPENSSL_NO_EC -+ /* EC extension values inherited by SSL structure */ -+ size_t tlsext_ecpointformatlist_length; -+ unsigned char *tlsext_ecpointformatlist; -+ size_t tlsext_ellipticcurvelist_length; -+ unsigned char *tlsext_ellipticcurvelist; -+# endif /* OPENSSL_NO_EC */ -+# endif -+}; -+ -+# endif -+ - # define SSL_SESS_CACHE_OFF 0x0000 - # define SSL_SESS_CACHE_CLIENT 0x0001 - # define SSL_SESS_CACHE_SERVER 0x0002 -@@ -621,11 +1237,11 @@ void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (struct ssl_ctx_st *ctx, - void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, - SSL_SESSION *(*get_session_cb) (struct ssl_st - *ssl, -- const unsigned char -+ unsigned char - *data, int len, - int *copy)); - SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (struct ssl_st *ssl, -- const unsigned char *data, -+ unsigned char *Data, - int len, int *copy); - void SSL_CTX_set_info_callback(SSL_CTX *ctx, - void (*cb) (const SSL *ssl, int type, -@@ -638,7 +1254,7 @@ void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, - int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509, - EVP_PKEY **pkey); - # ifndef OPENSSL_NO_ENGINE --__owur int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); -+int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); - # endif - void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, - int (*app_gen_cookie_cb) (SSL *ssl, -@@ -648,7 +1264,7 @@ void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, - *cookie_len)); - void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, - int (*app_verify_cookie_cb) (SSL *ssl, -- const unsigned char -+ unsigned char - *cookie, - unsigned int - cookie_len)); -@@ -670,19 +1286,21 @@ void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, - unsigned *len); - # endif - --__owur int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, -+# ifndef OPENSSL_NO_TLSEXT -+int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, - const unsigned char *in, unsigned int inlen, - const unsigned char *client, - unsigned int client_len); -+# endif - - # define OPENSSL_NPN_UNSUPPORTED 0 - # define OPENSSL_NPN_NEGOTIATED 1 - # define OPENSSL_NPN_NO_OVERLAP 2 - --__owur int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, -- unsigned int protos_len); --__owur int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, -- unsigned int protos_len); -+int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, -+ unsigned protos_len); -+int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, -+ unsigned protos_len); - void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, - int (*cb) (SSL *ssl, - const unsigned char **out, -@@ -691,7 +1309,7 @@ void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, - unsigned int inlen, - void *arg), void *arg); - void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, -- unsigned int *len); -+ unsigned *len); - - # ifndef OPENSSL_NO_PSK - /* -@@ -758,51 +1376,319 @@ void SSL_set_psk_server_callback(SSL *ssl, - unsigned - int - max_psk_len)); --__owur int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint); --__owur int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint); -+int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint); -+int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint); - const char *SSL_get_psk_identity_hint(const SSL *s); - const char *SSL_get_psk_identity(const SSL *s); - # endif - -+# ifndef OPENSSL_NO_TLSEXT - /* Register callbacks to handle custom TLS Extensions for client or server. */ - --__owur int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, -- unsigned int ext_type); -- --__owur int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type, -+int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type, - custom_ext_add_cb add_cb, - custom_ext_free_cb free_cb, - void *add_arg, - custom_ext_parse_cb parse_cb, - void *parse_arg); - --__owur int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type, -+int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type, - custom_ext_add_cb add_cb, - custom_ext_free_cb free_cb, - void *add_arg, - custom_ext_parse_cb parse_cb, - void *parse_arg); - --__owur int SSL_extension_supported(unsigned int ext_type); -+int SSL_extension_supported(unsigned int ext_type); -+ -+# endif - --# define SSL_NOTHING 1 --# define SSL_WRITING 2 --# define SSL_READING 3 --# define SSL_X509_LOOKUP 4 --# define SSL_ASYNC_PAUSED 5 --# define SSL_ASYNC_NO_JOBS 6 -+# define SSL_NOTHING 1 -+# define SSL_WRITING 2 -+# define SSL_READING 3 -+# define SSL_X509_LOOKUP 4 - - /* These will only be used when doing non-blocking IO */ - # define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) - # define SSL_want_read(s) (SSL_want(s) == SSL_READING) - # define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) - # define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) --# define SSL_want_async(s) (SSL_want(s) == SSL_ASYNC_PAUSED) --# define SSL_want_async_job(s) (SSL_want(s) == SSL_ASYNC_NO_JOBS) - - # define SSL_MAC_FLAG_READ_MAC_STREAM 1 - # define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 - -+# ifndef OPENSSL_NO_SSL_INTERN -+ -+struct ssl_st { -+ /* -+ * protocol version (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, -+ * DTLS1_VERSION) -+ */ -+ int version; -+ /* SSL_ST_CONNECT or SSL_ST_ACCEPT */ -+ int type; -+ /* SSLv3 */ -+ const SSL_METHOD *method; -+ /* -+ * There are 2 BIO's even though they are normally both the same. This -+ * is so data can be read and written to different handlers -+ */ -+# ifndef OPENSSL_NO_BIO -+ /* used by SSL_read */ -+ BIO *rbio; -+ /* used by SSL_write */ -+ BIO *wbio; -+ /* used during session-id reuse to concatenate messages */ -+ BIO *bbio; -+# else -+ /* used by SSL_read */ -+ char *rbio; -+ /* used by SSL_write */ -+ char *wbio; -+ char *bbio; -+# endif -+ /* -+ * This holds a variable that indicates what we were doing when a 0 or -1 -+ * is returned. This is needed for non-blocking IO so we know what -+ * request needs re-doing when in SSL_accept or SSL_connect -+ */ -+ int rwstate; -+ /* true when we are actually in SSL_accept() or SSL_connect() */ -+ int in_handshake; -+ int (*handshake_func) (SSL *); -+ /* -+ * Imagine that here's a boolean member "init" that is switched as soon -+ * as SSL_set_{accept/connect}_state is called for the first time, so -+ * that "state" and "handshake_func" are properly initialized. But as -+ * handshake_func is == 0 until then, we use this test instead of an -+ * "init" member. -+ */ -+ /* are we the server side? - mostly used by SSL_clear */ -+ int server; -+ /* -+ * Generate a new session or reuse an old one. -+ * NB: For servers, the 'new' session may actually be a previously -+ * cached session or even the previous session unless -+ * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set -+ */ -+ int new_session; -+ /* don't send shutdown packets */ -+ int quiet_shutdown; -+ /* we have shut things down, 0x01 sent, 0x02 for received */ -+ int shutdown; -+ /* where we are */ -+ int state; -+ /* where we are when reading */ -+ int rstate; -+ BUF_MEM *init_buf; /* buffer used during init */ -+ void *init_msg; /* pointer to handshake message body, set by -+ * ssl3_get_message() */ -+ int init_num; /* amount read/written */ -+ int init_off; /* amount read/written */ -+ /* used internally to point at a raw packet */ -+ unsigned char *packet; -+ unsigned int packet_length; -+ struct ssl2_state_st *s2; /* SSLv2 variables */ -+ struct ssl3_state_st *s3; /* SSLv3 variables */ -+ struct dtls1_state_st *d1; /* DTLSv1 variables */ -+ int read_ahead; /* Read as many input bytes as possible (for -+ * non-blocking reads) */ -+ /* callback that allows applications to peek at protocol messages */ -+ void (*msg_callback) (int write_p, int version, int content_type, -+ const void *buf, size_t len, SSL *ssl, void *arg); -+ void *msg_callback_arg; -+ int hit; /* reusing a previous session */ -+ X509_VERIFY_PARAM *param; -+# if 0 -+ int purpose; /* Purpose setting */ -+ int trust; /* Trust setting */ -+# endif -+ /* crypto */ -+ STACK_OF(SSL_CIPHER) *cipher_list; -+ STACK_OF(SSL_CIPHER) *cipher_list_by_id; -+ /* -+ * These are the ones being used, the ones in SSL_SESSION are the ones to -+ * be 'copied' into these ones -+ */ -+ int mac_flags; -+ EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ -+ EVP_MD_CTX *read_hash; /* used for mac generation */ -+# ifndef OPENSSL_NO_COMP -+ COMP_CTX *expand; /* uncompress */ -+# else -+ char *expand; -+# endif -+ EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ -+ EVP_MD_CTX *write_hash; /* used for mac generation */ -+# ifndef OPENSSL_NO_COMP -+ COMP_CTX *compress; /* compression */ -+# else -+ char *compress; -+# endif -+ /* session info */ -+ /* client cert? */ -+ /* This is used to hold the server certificate used */ -+ struct cert_st /* CERT */ *cert; -+ /* -+ * the session_id_context is used to ensure sessions are only reused in -+ * the appropriate context -+ */ -+ unsigned int sid_ctx_length; -+ unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; -+ /* This can also be in the session once a session is established */ -+ SSL_SESSION *session; -+ /* Default generate session ID callback. */ -+ GEN_SESSION_CB generate_session_id; -+ /* Used in SSL2 and SSL3 */ -+ /* -+ * 0 don't care about verify failure. -+ * 1 fail if verify fails -+ */ -+ int verify_mode; -+ /* fail if callback returns 0 */ -+ int (*verify_callback) (int ok, X509_STORE_CTX *ctx); -+ /* optional informational callback */ -+ void (*info_callback) (const SSL *ssl, int type, int val); -+ /* error bytes to be written */ -+ int error; -+ /* actual code */ -+ int error_code; -+# ifndef OPENSSL_NO_KRB5 -+ /* Kerberos 5 context */ -+ KSSL_CTX *kssl_ctx; -+# endif /* OPENSSL_NO_KRB5 */ -+# ifndef OPENSSL_NO_PSK -+ unsigned int (*psk_client_callback) (SSL *ssl, const char *hint, -+ char *identity, -+ unsigned int max_identity_len, -+ unsigned char *psk, -+ unsigned int max_psk_len); -+ unsigned int (*psk_server_callback) (SSL *ssl, const char *identity, -+ unsigned char *psk, -+ unsigned int max_psk_len); -+# endif -+ SSL_CTX *ctx; -+ /* -+ * set this flag to 1 and a sleep(1) is put into all SSL_read() and -+ * SSL_write() calls, good for nbio debuging :-) -+ */ -+ int debug; -+ /* extra application data */ -+ long verify_result; -+ CRYPTO_EX_DATA ex_data; -+ /* for server side, keep the list of CA_dn we can use */ -+ STACK_OF(X509_NAME) *client_CA; -+ int references; -+ /* protocol behaviour */ -+ unsigned long options; -+ /* API behaviour */ -+ unsigned long mode; -+ long max_cert_list; -+ int first_packet; -+ /* what was passed, used for SSLv3/TLS rollback check */ -+ int client_version; -+ unsigned int max_send_fragment; -+# ifndef OPENSSL_NO_TLSEXT -+ /* TLS extension debug callback */ -+ void (*tlsext_debug_cb) (SSL *s, int client_server, int type, -+ unsigned char *data, int len, void *arg); -+ void *tlsext_debug_arg; -+ char *tlsext_hostname; -+ /*- -+ * no further mod of servername -+ * 0 : call the servername extension callback. -+ * 1 : prepare 2, allow last ack just after in server callback. -+ * 2 : don't call servername callback, no ack in server hello -+ */ -+ int servername_done; -+ /* certificate status request info */ -+ /* Status type or -1 if no status type */ -+ int tlsext_status_type; -+ /* Expect OCSP CertificateStatus message */ -+ int tlsext_status_expected; -+ /* OCSP status request only */ -+ STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids; -+ X509_EXTENSIONS *tlsext_ocsp_exts; -+ /* OCSP response received or to be sent */ -+ unsigned char *tlsext_ocsp_resp; -+ int tlsext_ocsp_resplen; -+ /* RFC4507 session ticket expected to be received or sent */ -+ int tlsext_ticket_expected; -+# ifndef OPENSSL_NO_EC -+ size_t tlsext_ecpointformatlist_length; -+ /* our list */ -+ unsigned char *tlsext_ecpointformatlist; -+ size_t tlsext_ellipticcurvelist_length; -+ /* our list */ -+ unsigned char *tlsext_ellipticcurvelist; -+# endif /* OPENSSL_NO_EC */ -+ /* -+ * draft-rescorla-tls-opaque-prf-input-00.txt information to be used for -+ * handshakes -+ */ -+ void *tlsext_opaque_prf_input; -+ size_t tlsext_opaque_prf_input_len; -+ /* TLS Session Ticket extension override */ -+ TLS_SESSION_TICKET_EXT *tlsext_session_ticket; -+ /* TLS Session Ticket extension callback */ -+ tls_session_ticket_ext_cb_fn tls_session_ticket_ext_cb; -+ void *tls_session_ticket_ext_cb_arg; -+ /* TLS pre-shared secret session resumption */ -+ tls_session_secret_cb_fn tls_session_secret_cb; -+ void *tls_session_secret_cb_arg; -+ SSL_CTX *initial_ctx; /* initial ctx, used to store sessions */ -+# ifndef OPENSSL_NO_NEXTPROTONEG -+ /* -+ * Next protocol negotiation. For the client, this is the protocol that -+ * we sent in NextProtocol and is set when handling ServerHello -+ * extensions. For a server, this is the client's selected_protocol from -+ * NextProtocol and is set when handling the NextProtocol message, before -+ * the Finished message. -+ */ -+ unsigned char *next_proto_negotiated; -+ unsigned char next_proto_negotiated_len; -+# endif -+# define session_ctx initial_ctx -+ /* What we'll do */ -+ STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; -+ /* What's been chosen */ -+ SRTP_PROTECTION_PROFILE *srtp_profile; -+ /*- -+ * Is use of the Heartbeat extension negotiated? -+ * 0: disabled -+ * 1: enabled -+ * 2: enabled, but not allowed to send Requests -+ */ -+ unsigned int tlsext_heartbeat; -+ /* Indicates if a HeartbeatRequest is in flight */ -+ unsigned int tlsext_hb_pending; -+ /* HeartbeatRequest sequence number */ -+ unsigned int tlsext_hb_seq; -+# else -+# define session_ctx ctx -+# endif /* OPENSSL_NO_TLSEXT */ -+ /*- -+ * 1 if we are renegotiating. -+ * 2 if we are a server and are inside a handshake -+ * (i.e. not just sending a HelloRequest) -+ */ -+ int renegotiate; -+# ifndef OPENSSL_NO_SRP -+ /* ctx for SRP authentication */ -+ SRP_CTX srp_ctx; -+# endif -+# ifndef OPENSSL_NO_TLSEXT -+ /* -+ * For a client, this contains the list of supported protocols in wire -+ * format. -+ */ -+ unsigned char *alpn_client_proto_list; -+ unsigned alpn_client_proto_list_len; -+# endif /* OPENSSL_NO_TLSEXT */ -+}; -+ -+# endif -+ - #ifdef __cplusplus - } - #endif -@@ -811,19 +1697,13 @@ __owur int SSL_extension_supported(unsigned int ext_type); - # include - # include /* This is mostly sslv3 with a few tweaks */ - # include /* Datagram TLS */ -+# include - # include /* Support for the use_srtp extension */ - - #ifdef __cplusplus - extern "C" { - #endif - --/* -- * These need to be after the above set of includes due to a compiler bug -- * in VisualStudio 2015 -- */ --DEFINE_STACK_OF_CONST(SSL_CIPHER) --DEFINE_STACK_OF(SSL_COMP) -- - /* compatibility */ - # define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)arg)) - # define SSL_get_app_data(s) (SSL_get_ex_data(s,0)) -@@ -831,73 +1711,23 @@ DEFINE_STACK_OF(SSL_COMP) - # define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s,0)) - # define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0)) - # define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0,(char *)arg)) --DEPRECATEDIN_1_1_0(void SSL_set_debug(SSL *s, int debug)) -- - - /* -- * The valid handshake states (one for each type message sent and one for each -- * type of message received). There are also two "special" states: -- * TLS = TLS or DTLS state -- * DTLS = DTLS specific state -- * CR/SR = Client Read/Server Read -- * CW/SW = Client Write/Server Write -- * -- * The "special" states are: -- * TLS_ST_BEFORE = No handshake has been initiated yet -- * TLS_ST_OK = A handshake has been successfully completed -- */ --typedef enum { -- TLS_ST_BEFORE, -- TLS_ST_OK, -- DTLS_ST_CR_HELLO_VERIFY_REQUEST, -- TLS_ST_CR_SRVR_HELLO, -- TLS_ST_CR_CERT, -- TLS_ST_CR_CERT_STATUS, -- TLS_ST_CR_KEY_EXCH, -- TLS_ST_CR_CERT_REQ, -- TLS_ST_CR_SRVR_DONE, -- TLS_ST_CR_SESSION_TICKET, -- TLS_ST_CR_CHANGE, -- TLS_ST_CR_FINISHED, -- TLS_ST_CW_CLNT_HELLO, -- TLS_ST_CW_CERT, -- TLS_ST_CW_KEY_EXCH, -- TLS_ST_CW_CERT_VRFY, -- TLS_ST_CW_CHANGE, -- TLS_ST_CW_NEXT_PROTO, -- TLS_ST_CW_FINISHED, -- TLS_ST_SW_HELLO_REQ, -- TLS_ST_SR_CLNT_HELLO, -- DTLS_ST_SW_HELLO_VERIFY_REQUEST, -- TLS_ST_SW_SRVR_HELLO, -- TLS_ST_SW_CERT, -- TLS_ST_SW_KEY_EXCH, -- TLS_ST_SW_CERT_REQ, -- TLS_ST_SW_SRVR_DONE, -- TLS_ST_SR_CERT, -- TLS_ST_SR_KEY_EXCH, -- TLS_ST_SR_CERT_VRFY, -- TLS_ST_SR_NEXT_PROTO, -- TLS_ST_SR_CHANGE, -- TLS_ST_SR_FINISHED, -- TLS_ST_SW_SESSION_TICKET, -- TLS_ST_SW_CERT_STATUS, -- TLS_ST_SW_CHANGE, -- TLS_ST_SW_FINISHED --} OSSL_HANDSHAKE_STATE; -- --/* -- * Most of the following state values are no longer used and are defined to be -- * the closest equivalent value in the current state machine code. Not all -- * defines have an equivalent and are set to a dummy value (-1). SSL_ST_CONNECT -- * and SSL_ST_ACCEPT are still in use in the definition of SSL_CB_ACCEPT_LOOP, -- * SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP and SSL_CB_CONNECT_EXIT. -+ * The following are the possible values for ssl->state are are used to -+ * indicate where we are up to in the SSL connection establishment. The -+ * macros that follow are about the only things you should need to use and -+ * even then, only when using non-blocking IO. It can also be useful to work -+ * out where you were when the connection failed - */ - - # define SSL_ST_CONNECT 0x1000 - # define SSL_ST_ACCEPT 0x2000 -- - # define SSL_ST_MASK 0x0FFF -+# define SSL_ST_INIT (SSL_ST_CONNECT|SSL_ST_ACCEPT) -+# define SSL_ST_BEFORE 0x4000 -+# define SSL_ST_OK 0x03 -+# define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT) -+# define SSL_ST_ERR 0x05 - - # define SSL_CB_LOOP 0x01 - # define SSL_CB_EXIT 0x02 -@@ -914,15 +1744,16 @@ typedef enum { - # define SSL_CB_HANDSHAKE_DONE 0x20 - - /* Is the SSL_connection established? */ --# define SSL_in_connect_init(a) (SSL_in_init(a) && !SSL_is_server(a)) --# define SSL_in_accept_init(a) (SSL_in_init(a) && SSL_is_server(a)) --int SSL_in_init(SSL *s); --int SSL_in_before(SSL *s); --int SSL_is_init_finished(SSL *s); -+# define SSL_get_state(a) SSL_state(a) -+# define SSL_is_init_finished(a) (SSL_state(a) == SSL_ST_OK) -+# define SSL_in_init(a) (SSL_state(a)&SSL_ST_INIT) -+# define SSL_in_before(a) (SSL_state(a)&SSL_ST_BEFORE) -+# define SSL_in_connect_init(a) (SSL_state(a)&SSL_ST_CONNECT) -+# define SSL_in_accept_init(a) (SSL_state(a)&SSL_ST_ACCEPT) - - /* -- * The following 3 states are kept in ssl->rlayer.rstate when reads fail, you -- * should not need these -+ * The following 2 states are kept in ssl->rstate when reads fail, you should -+ * not need these - */ - # define SSL_ST_READ_HEADER 0xF0 - # define SSL_ST_READ_BODY 0xF1 -@@ -947,10 +1778,16 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); - # define SSL_VERIFY_CLIENT_ONCE 0x04 - - # define OpenSSL_add_ssl_algorithms() SSL_library_init() --# if OPENSSL_API_COMPAT < 0x10100000L --# define SSLeay_add_ssl_algorithms() SSL_library_init() -+# define SSLeay_add_ssl_algorithms() SSL_library_init() -+ -+/* this is for backward compatibility */ -+# if 0 /* NEW_SSLEAY */ -+# define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c) -+# define SSL_set_pref_cipher(c,n) SSL_set_cipher_list(c,n) -+# define SSL_add_session(a,b) SSL_CTX_add_session((a),(b)) -+# define SSL_remove_session(a,b) SSL_CTX_remove_session((a),(b)) -+# define SSL_flush_sessions(a,b) SSL_CTX_flush_sessions((a),(b)) - # endif -- - /* More backward compatibility */ - # define SSL_get_cipher(s) \ - SSL_CIPHER_get_name(SSL_get_current_cipher(s)) -@@ -1018,7 +1855,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) - # define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY - /* fatal */ - # define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK --# define SSL_AD_NO_APPLICATION_PROTOCOL TLS1_AD_NO_APPLICATION_PROTOCOL - # define SSL_ERROR_NONE 0 - # define SSL_ERROR_SSL 1 - # define SSL_ERROR_WANT_READ 2 -@@ -1029,11 +1865,14 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) - # define SSL_ERROR_ZERO_RETURN 6 - # define SSL_ERROR_WANT_CONNECT 7 - # define SSL_ERROR_WANT_ACCEPT 8 --# define SSL_ERROR_WANT_ASYNC 9 --# define SSL_ERROR_WANT_ASYNC_JOB 10 -+# define SSL_CTRL_NEED_TMP_RSA 1 -+# define SSL_CTRL_SET_TMP_RSA 2 - # define SSL_CTRL_SET_TMP_DH 3 - # define SSL_CTRL_SET_TMP_ECDH 4 -+# define SSL_CTRL_SET_TMP_RSA_CB 5 - # define SSL_CTRL_SET_TMP_DH_CB 6 -+# define SSL_CTRL_SET_TMP_ECDH_CB 7 -+# define SSL_CTRL_GET_SESSION_REUSED 8 - # define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9 - # define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10 - # define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11 -@@ -1057,6 +1896,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) - # define SSL_CTRL_SESS_MISSES 29 - # define SSL_CTRL_SESS_TIMEOUTS 30 - # define SSL_CTRL_SESS_CACHE_FULL 31 -+# define SSL_CTRL_OPTIONS 32 - # define SSL_CTRL_MODE 33 - # define SSL_CTRL_GET_READ_AHEAD 40 - # define SSL_CTRL_SET_READ_AHEAD 41 -@@ -1068,43 +1908,46 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) - # define SSL_CTRL_SET_MAX_CERT_LIST 51 - # define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52 - /* see tls1.h for macros based on these */ --# define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 --# define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 --# define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 --# define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56 --# define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 --# define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 --# define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 --/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60 */ --/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61 */ --/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62 */ --# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 --# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 --# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 --# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 --# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67 --# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68 --# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69 --# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 --# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 --# define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 --# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75 --# define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76 --# define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77 --# define SSL_CTRL_SET_SRP_ARG 78 --# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79 --# define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80 --# define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81 --# ifndef OPENSSL_NO_HEARTBEATS --# define SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT 85 --# define SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING 86 --# define SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS 87 --# endif -+# ifndef OPENSSL_NO_TLSEXT -+# define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 -+# define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 -+# define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 -+# define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56 -+# define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 -+# define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 -+# define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 -+# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60 -+# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61 -+# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62 -+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 -+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 -+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 -+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 -+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67 -+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68 -+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69 -+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 -+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 -+# define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 -+# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75 -+# define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76 -+# define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77 -+# define SSL_CTRL_SET_SRP_ARG 78 -+# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79 -+# define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80 -+# define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81 -+# ifndef OPENSSL_NO_HEARTBEATS -+# define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT 85 -+# define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING 86 -+# define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS 87 -+# endif -+# endif /* OPENSSL_NO_TLSEXT */ - # define DTLS_CTRL_GET_TIMEOUT 73 - # define DTLS_CTRL_HANDLE_TIMEOUT 74 -+# define DTLS_CTRL_LISTEN 75 - # define SSL_CTRL_GET_RI_SUPPORT 76 -+# define SSL_CTRL_CLEAR_OPTIONS 77 - # define SSL_CTRL_CLEAR_MODE 78 --# define SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB 79 - # define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 - # define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 - # define SSL_CTRL_CHAIN 88 -@@ -1113,6 +1956,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) - # define SSL_CTRL_SET_CURVES 91 - # define SSL_CTRL_SET_CURVES_LIST 92 - # define SSL_CTRL_GET_SHARED_CURVE 93 -+# define SSL_CTRL_SET_ECDH_AUTO 94 - # define SSL_CTRL_SET_SIGALGS 97 - # define SSL_CTRL_SET_SIGALGS_LIST 98 - # define SSL_CTRL_CERT_FLAGS 99 -@@ -1131,17 +1975,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) - # define SSL_CTRL_GET_CHAIN_CERTS 115 - # define SSL_CTRL_SELECT_CURRENT_CERT 116 - # define SSL_CTRL_SET_CURRENT_CERT 117 --# define SSL_CTRL_SET_DH_AUTO 118 -+# define SSL_CTRL_CHECK_PROTO_VERSION 119 - # define DTLS_CTRL_SET_LINK_MTU 120 - # define DTLS_CTRL_GET_LINK_MIN_MTU 121 --# define SSL_CTRL_GET_EXTMS_SUPPORT 122 --# define SSL_CTRL_SET_MIN_PROTO_VERSION 123 --# define SSL_CTRL_SET_MAX_PROTO_VERSION 124 --# define SSL_CTRL_SET_SPLIT_SEND_FRAGMENT 125 --# define SSL_CTRL_SET_MAX_PIPELINES 126 --# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE 127 --# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB 128 --# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129 - # define SSL_CERT_SET_FIRST 1 - # define SSL_CERT_SET_NEXT 2 - # define SSL_CERT_SET_SERVER 3 -@@ -1149,20 +1985,28 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) - SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) - # define DTLSv1_handle_timeout(ssl) \ - SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL) -+# define DTLSv1_listen(ssl, peer) \ -+ SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer) -+# define SSL_session_reused(ssl) \ -+ SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL) - # define SSL_num_renegotiations(ssl) \ - SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL) - # define SSL_clear_num_renegotiations(ssl) \ - SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL) - # define SSL_total_renegotiations(ssl) \ - SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL) -+# define SSL_CTX_need_tmp_RSA(ctx) \ -+ SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL) -+# define SSL_CTX_set_tmp_rsa(ctx,rsa) \ -+ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) - # define SSL_CTX_set_tmp_dh(ctx,dh) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh) - # define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) --# define SSL_CTX_set_dh_auto(ctx, onoff) \ -- SSL_CTX_ctrl(ctx,SSL_CTRL_SET_DH_AUTO,onoff,NULL) --# define SSL_set_dh_auto(s, onoff) \ -- SSL_ctrl(s,SSL_CTRL_SET_DH_AUTO,onoff,NULL) -+# define SSL_need_tmp_RSA(ssl) \ -+ SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL) -+# define SSL_set_tmp_rsa(ssl,rsa) \ -+ SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) - # define SSL_set_tmp_dh(ssl,dh) \ - SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh) - # define SSL_set_tmp_ecdh(ssl,ecdh) \ -@@ -1239,6 +2083,10 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) - SSL_ctrl(ctx,SSL_CTRL_SET_CURVES_LIST,0,(char *)s) - # define SSL_get_shared_curve(s, n) \ - SSL_ctrl(s,SSL_CTRL_GET_SHARED_CURVE,n,NULL) -+# define SSL_CTX_set_ecdh_auto(ctx, onoff) \ -+ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL) -+# define SSL_set_ecdh_auto(s, onoff) \ -+ SSL_ctrl(s,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL) - # define SSL_CTX_set1_sigalgs(ctx, slist, slistlen) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)slist) - # define SSL_CTX_set1_sigalgs_list(ctx, s) \ -@@ -1266,187 +2114,153 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) - # define SSL_get_server_tmp_key(s, pk) \ - SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk) - # define SSL_get0_raw_cipherlist(s, plst) \ -- SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,plst) -+ SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,(char *)plst) - # define SSL_get0_ec_point_formats(s, plst) \ -- SSL_ctrl(s,SSL_CTRL_GET_EC_POINT_FORMATS,0,plst) --#define SSL_CTX_set_min_proto_version(ctx, version) \ -- SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) --#define SSL_CTX_set_max_proto_version(ctx, version) \ -- SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) --#define SSL_set_min_proto_version(s, version) \ -- SSL_ctrl(s, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) --#define SSL_set_max_proto_version(s, version) \ -- SSL_ctrl(s, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) -- --#if OPENSSL_API_COMPAT < 0x10100000L --/* Provide some compatibility macros for removed functionality. */ --# define SSL_CTX_need_tmp_RSA(ctx) 0 --# define SSL_CTX_set_tmp_rsa(ctx,rsa) 1 --# define SSL_need_tmp_RSA(ssl) 0 --# define SSL_set_tmp_rsa(ssl,rsa) 1 --# define SSL_CTX_set_ecdh_auto(dummy, onoff) ((onoff) != 0) --# define SSL_set_ecdh_auto(dummy, onoff) ((onoff) != 0) --/* -- * We "pretend" to call the callback to avoid warnings about unused static -- * functions. -- */ --# define SSL_CTX_set_tmp_rsa_callback(ctx, cb) while(0) (cb)(NULL, 0, 0) --# define SSL_set_tmp_rsa_callback(ssl, cb) while(0) (cb)(NULL, 0, 0) --#endif -- --__owur const BIO_METHOD *BIO_f_ssl(void); --__owur BIO *BIO_new_ssl(SSL_CTX *ctx, int client); --__owur BIO *BIO_new_ssl_connect(SSL_CTX *ctx); --__owur BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx); --__owur int BIO_ssl_copy_session_id(BIO *to, BIO *from); -+ SSL_ctrl(s,SSL_CTRL_GET_EC_POINT_FORMATS,0,(char *)plst) -+# ifndef OPENSSL_NO_BIO -+BIO_METHOD *BIO_f_ssl(void); -+BIO *BIO_new_ssl(SSL_CTX *ctx, int client); -+BIO *BIO_new_ssl_connect(SSL_CTX *ctx); -+BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx); -+int BIO_ssl_copy_session_id(BIO *to, BIO *from); - void BIO_ssl_shutdown(BIO *ssl_bio); - --__owur int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str); --__owur SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth); --int SSL_CTX_up_ref(SSL_CTX *ctx); -+# endif -+ -+int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str); -+SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth); - void SSL_CTX_free(SSL_CTX *); --__owur long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); --__owur long SSL_CTX_get_timeout(const SSL_CTX *ctx); --__owur X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); -+long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); -+long SSL_CTX_get_timeout(const SSL_CTX *ctx); -+X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); - void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *); --__owur int SSL_want(const SSL *s); --__owur int SSL_clear(SSL *s); -+int SSL_want(const SSL *s); -+int SSL_clear(SSL *s); - - void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); - --__owur const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); --__owur int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits); --__owur const char *SSL_CIPHER_get_version(const SSL_CIPHER *c); --__owur const char *SSL_CIPHER_get_name(const SSL_CIPHER *c); --__owur uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c); --__owur int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c); --__owur int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c); --__owur int SSL_CIPHER_is_aead(const SSL_CIPHER *c); -- --__owur int SSL_get_fd(const SSL *s); --__owur int SSL_get_rfd(const SSL *s); --__owur int SSL_get_wfd(const SSL *s); --__owur const char *SSL_get_cipher_list(const SSL *s, int n); --__owur char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len); --__owur int SSL_get_read_ahead(const SSL *s); --__owur int SSL_pending(const SSL *s); --__owur int SSL_has_pending(const SSL *s); -+const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); -+int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits); -+char *SSL_CIPHER_get_version(const SSL_CIPHER *c); -+const char *SSL_CIPHER_get_name(const SSL_CIPHER *c); -+unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c); -+ -+int SSL_get_fd(const SSL *s); -+int SSL_get_rfd(const SSL *s); -+int SSL_get_wfd(const SSL *s); -+const char *SSL_get_cipher_list(const SSL *s, int n); -+char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len); -+int SSL_get_read_ahead(const SSL *s); -+int SSL_pending(const SSL *s); - # ifndef OPENSSL_NO_SOCK --__owur int SSL_set_fd(SSL *s, int fd); --__owur int SSL_set_rfd(SSL *s, int fd); --__owur int SSL_set_wfd(SSL *s, int fd); -+int SSL_set_fd(SSL *s, int fd); -+int SSL_set_rfd(SSL *s, int fd); -+int SSL_set_wfd(SSL *s, int fd); - # endif --void SSL_set0_rbio(SSL *s, BIO *rbio); --void SSL_set0_wbio(SSL *s, BIO *wbio); -+# ifndef OPENSSL_NO_BIO - void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio); --__owur BIO *SSL_get_rbio(const SSL *s); --__owur BIO *SSL_get_wbio(const SSL *s); --__owur int SSL_set_cipher_list(SSL *s, const char *str); -+BIO *SSL_get_rbio(const SSL *s); -+BIO *SSL_get_wbio(const SSL *s); -+# endif -+int SSL_set_cipher_list(SSL *s, const char *str); - void SSL_set_read_ahead(SSL *s, int yes); --__owur int SSL_get_verify_mode(const SSL *s); --__owur int SSL_get_verify_depth(const SSL *s); --__owur SSL_verify_cb SSL_get_verify_callback(const SSL *s); --void SSL_set_verify(SSL *s, int mode, SSL_verify_cb callback); -+int SSL_get_verify_mode(const SSL *s); -+int SSL_get_verify_depth(const SSL *s); -+int (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *); -+void SSL_set_verify(SSL *s, int mode, -+ int (*callback) (int ok, X509_STORE_CTX *ctx)); - void SSL_set_verify_depth(SSL *s, int depth); - void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg); - # ifndef OPENSSL_NO_RSA --__owur int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); --__owur int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, long len); -+int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); - # endif --__owur int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); --__owur int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, -+int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); -+int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); -+int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, - long len); --__owur int SSL_use_certificate(SSL *ssl, X509 *x); --__owur int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); -+int SSL_use_certificate(SSL *ssl, X509 *x); -+int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); - -+# ifndef OPENSSL_NO_TLSEXT - /* Set serverinfo data for the current active cert. */ --__owur int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, -+int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, - size_t serverinfo_length); --__owur int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file); -- --#ifndef OPENSSL_NO_RSA --__owur int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); --#endif -+# ifndef OPENSSL_NO_STDIO -+int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file); -+# endif /* NO_STDIO */ - --__owur int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); --__owur int SSL_use_certificate_file(SSL *ssl, const char *file, int type); -+# endif - --#ifndef OPENSSL_NO_RSA --__owur int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); --#endif --__owur int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); --__owur int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); -+# ifndef OPENSSL_NO_STDIO -+int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); -+int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); -+int SSL_use_certificate_file(SSL *ssl, const char *file, int type); -+int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); -+int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); -+int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); - /* PEM type */ --__owur int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); --__owur int SSL_use_certificate_chain_file(SSL *ssl, const char *file); --__owur STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); --__owur int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, -+int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); -+STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); -+int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, - const char *file); -+# ifndef OPENSSL_SYS_VMS -+/* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */ -+# ifndef OPENSSL_SYS_MACINTOSH_CLASSIC - int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, - const char *dir); -+# endif -+# endif - --#if OPENSSL_API_COMPAT < 0x10100000L --# define SSL_load_error_strings() \ -- OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \ -- | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) --#endif -+# endif - --__owur const char *SSL_state_string(const SSL *s); --__owur const char *SSL_rstate_string(const SSL *s); --__owur const char *SSL_state_string_long(const SSL *s); --__owur const char *SSL_rstate_string_long(const SSL *s); --__owur long SSL_SESSION_get_time(const SSL_SESSION *s); --__owur long SSL_SESSION_set_time(SSL_SESSION *s, long t); --__owur long SSL_SESSION_get_timeout(const SSL_SESSION *s); --__owur long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); --__owur int SSL_SESSION_get_protocol_version(const SSL_SESSION *s); --__owur const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s); --__owur const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s); --__owur int SSL_SESSION_has_ticket(const SSL_SESSION *s); --__owur unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s); --void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick, -- size_t *len); --__owur int SSL_copy_session_id(SSL *to, const SSL *from); --__owur X509 *SSL_SESSION_get0_peer(SSL_SESSION *s); --__owur int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, -+void SSL_load_error_strings(void); -+const char *SSL_state_string(const SSL *s); -+const char *SSL_rstate_string(const SSL *s); -+const char *SSL_state_string_long(const SSL *s); -+const char *SSL_rstate_string_long(const SSL *s); -+long SSL_SESSION_get_time(const SSL_SESSION *s); -+long SSL_SESSION_set_time(SSL_SESSION *s, long t); -+long SSL_SESSION_get_timeout(const SSL_SESSION *s); -+long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); -+void SSL_copy_session_id(SSL *to, const SSL *from); -+X509 *SSL_SESSION_get0_peer(SSL_SESSION *s); -+int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, - unsigned int sid_ctx_len); --__owur int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, -- unsigned int sid_len); - --__owur SSL_SESSION *SSL_SESSION_new(void); -+SSL_SESSION *SSL_SESSION_new(void); - const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, - unsigned int *len); --const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s, -- unsigned int *len); --__owur unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s); --# ifndef OPENSSL_NO_STDIO -+unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s); -+# ifndef OPENSSL_NO_FP_API - int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses); - # endif -+# ifndef OPENSSL_NO_BIO - int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses); --int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x); --int SSL_SESSION_up_ref(SSL_SESSION *ses); -+# endif - void SSL_SESSION_free(SSL_SESSION *ses); --__owur int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); --__owur int SSL_set_session(SSL *to, SSL_SESSION *session); --__owur int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); -+int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); -+int SSL_set_session(SSL *to, SSL_SESSION *session); -+int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); - int SSL_CTX_remove_session(SSL_CTX *, SSL_SESSION *c); --__owur int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB); --__owur int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB); --__owur int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, -+int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB); -+int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB); -+int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, - unsigned int id_len); - SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, - long length); - - # ifdef HEADER_X509_H --__owur X509 *SSL_get_peer_certificate(const SSL *s); -+X509 *SSL_get_peer_certificate(const SSL *s); - # endif - --__owur STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s); -+STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s); - --__owur int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); --__owur int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); --__owur SSL_verify_cb SSL_CTX_get_verify_callback(const SSL_CTX *ctx); --void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, SSL_verify_cb callback); -+int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); -+int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); -+int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int, -+ X509_STORE_CTX *); -+void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, -+ int (*callback) (int, X509_STORE_CTX *)); - void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth); - void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, - int (*cb) (X509_STORE_CTX *, void *), -@@ -1454,76 +2268,40 @@ void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, - void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), - void *arg); - # ifndef OPENSSL_NO_RSA --__owur int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); --__owur int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, -- long len); -+int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); - # endif --__owur int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); --__owur int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, -+int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, -+ long len); -+int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); -+int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, - const unsigned char *d, long len); --__owur int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); --__owur int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, -+int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); -+int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, - const unsigned char *d); - - void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); - void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); --pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx); --void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx); --void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb); --void SSL_set_default_passwd_cb_userdata(SSL *s, void *u); --pem_password_cb *SSL_get_default_passwd_cb(SSL *s); --void *SSL_get_default_passwd_cb_userdata(SSL *s); - --__owur int SSL_CTX_check_private_key(const SSL_CTX *ctx); --__owur int SSL_check_private_key(const SSL *ctx); -+int SSL_CTX_check_private_key(const SSL_CTX *ctx); -+int SSL_check_private_key(const SSL *ctx); - --__owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, -+int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, - unsigned int sid_ctx_len); - - SSL *SSL_new(SSL_CTX *ctx); --int SSL_up_ref(SSL *s); --int SSL_is_dtls(const SSL *s); --__owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, -+int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, - unsigned int sid_ctx_len); - --__owur int SSL_CTX_set_purpose(SSL_CTX *s, int purpose); --__owur int SSL_set_purpose(SSL *s, int purpose); --__owur int SSL_CTX_set_trust(SSL_CTX *s, int trust); --__owur int SSL_set_trust(SSL *s, int trust); -- --__owur int SSL_set1_host(SSL *s, const char *hostname); --__owur int SSL_add1_host(SSL *s, const char *hostname); --__owur const char *SSL_get0_peername(SSL *s); --void SSL_set_hostflags(SSL *s, unsigned int flags); -- --__owur int SSL_CTX_dane_enable(SSL_CTX *ctx); --__owur int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, -- uint8_t mtype, uint8_t ord); --__owur int SSL_dane_enable(SSL *s, const char *basedomain); --__owur int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector, -- uint8_t mtype, unsigned char *data, size_t dlen); --__owur int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki); --__owur int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector, -- uint8_t *mtype, unsigned const char **data, -- size_t *dlen); --/* -- * Bridge opacity barrier between libcrypt and libssl, also needed to support -- * offline testing in test/danetest.c -- */ --SSL_DANE *SSL_get0_dane(SSL *ssl); --/* -- * DANE flags -- */ --unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags); --unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags); --unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags); --unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags); -+int SSL_CTX_set_purpose(SSL_CTX *s, int purpose); -+int SSL_set_purpose(SSL *s, int purpose); -+int SSL_CTX_set_trust(SSL_CTX *s, int trust); -+int SSL_set_trust(SSL *s, int trust); - --__owur int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm); --__owur int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm); -+int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm); -+int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm); - --__owur X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx); --__owur X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl); -+X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx); -+X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl); - - # ifndef OPENSSL_NO_SRP - int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name); -@@ -1542,187 +2320,161 @@ int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, - int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, - const char *grp); - --__owur BIGNUM *SSL_get_srp_g(SSL *s); --__owur BIGNUM *SSL_get_srp_N(SSL *s); -+BIGNUM *SSL_get_srp_g(SSL *s); -+BIGNUM *SSL_get_srp_N(SSL *s); - --__owur char *SSL_get_srp_username(SSL *s); --__owur char *SSL_get_srp_userinfo(SSL *s); -+char *SSL_get_srp_username(SSL *s); -+char *SSL_get_srp_userinfo(SSL *s); - # endif - - void SSL_certs_clear(SSL *s); - void SSL_free(SSL *ssl); --# ifdef OSSL_ASYNC_FD --/* -- * Windows application developer has to include windows.h to use these. -- */ --__owur int SSL_waiting_for_async(SSL *s); --__owur int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds); --__owur int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, -- size_t *numaddfds, OSSL_ASYNC_FD *delfd, -- size_t *numdelfds); --# endif --__owur int SSL_accept(SSL *ssl); --__owur int SSL_connect(SSL *ssl); --__owur int SSL_read(SSL *ssl, void *buf, int num); --__owur int SSL_peek(SSL *ssl, void *buf, int num); --__owur int SSL_write(SSL *ssl, const void *buf, int num); -+int SSL_accept(SSL *ssl); -+int SSL_connect(SSL *ssl); -+int SSL_read(SSL *ssl, void *buf, int num); -+int SSL_peek(SSL *ssl, void *buf, int num); -+int SSL_write(SSL *ssl, const void *buf, int num); - long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); - long SSL_callback_ctrl(SSL *, int, void (*)(void)); - long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); - long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void)); - --__owur int SSL_get_error(const SSL *s, int ret_code); --__owur const char *SSL_get_version(const SSL *s); -+int SSL_get_error(const SSL *s, int ret_code); -+const char *SSL_get_version(const SSL *s); - - /* This sets the 'default' SSL version that SSL_new() will create */ --__owur int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); -+int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); -+ -+# ifndef OPENSSL_NO_SSL2_METHOD -+const SSL_METHOD *SSLv2_method(void); /* SSLv2 */ -+const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */ -+const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */ -+# endif - - # ifndef OPENSSL_NO_SSL3_METHOD --DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_method(void)) /* SSLv3 */ --DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_server_method(void)) /* SSLv3 */ --DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_client_method(void)) /* SSLv3 */ -+const SSL_METHOD *SSLv3_method(void); /* SSLv3 */ -+const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */ -+const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */ - # endif - --#define SSLv23_method TLS_method --#define SSLv23_server_method TLS_server_method --#define SSLv23_client_method TLS_client_method -+const SSL_METHOD *SSLv23_method(void); /* Negotiate highest available SSL/TLS -+ * version */ -+const SSL_METHOD *SSLv23_server_method(void); /* Negotiate highest available -+ * SSL/TLS version */ -+const SSL_METHOD *SSLv23_client_method(void); /* Negotiate highest available -+ * SSL/TLS version */ - --/* Negotiate highest available SSL/TLS version */ --__owur const SSL_METHOD *TLS_method(void); --__owur const SSL_METHOD *TLS_server_method(void); --__owur const SSL_METHOD *TLS_client_method(void); -+const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ -+const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ -+const SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */ - --# ifndef OPENSSL_NO_TLS1_METHOD --DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_method(void)) /* TLSv1.0 */ --DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_server_method(void)) /* TLSv1.0 */ --DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_client_method(void)) /* TLSv1.0 */ --# endif -- --# ifndef OPENSSL_NO_TLS1_1_METHOD --DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_method(void)) /* TLSv1.1 */ --DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_server_method(void)) /* TLSv1.1 */ --DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_client_method(void)) /* TLSv1.1 */ --# endif -+const SSL_METHOD *TLSv1_1_method(void); /* TLSv1.1 */ -+const SSL_METHOD *TLSv1_1_server_method(void); /* TLSv1.1 */ -+const SSL_METHOD *TLSv1_1_client_method(void); /* TLSv1.1 */ - --# ifndef OPENSSL_NO_TLS1_2_METHOD --DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_method(void)) /* TLSv1.2 */ --DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_server_method(void)) /* TLSv1.2 */ --DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_client_method(void)) /* TLSv1.2 */ --# endif -+const SSL_METHOD *TLSv1_2_method(void); /* TLSv1.2 */ -+const SSL_METHOD *TLSv1_2_server_method(void); /* TLSv1.2 */ -+const SSL_METHOD *TLSv1_2_client_method(void); /* TLSv1.2 */ - --# ifndef OPENSSL_NO_DTLS1_METHOD --DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_method(void)) /* DTLSv1.0 */ --DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_server_method(void)) /* DTLSv1.0 */ --DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_client_method(void)) /* DTLSv1.0 */ --# endif -+const SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */ -+const SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */ -+const SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */ - --# ifndef OPENSSL_NO_DTLS1_2_METHOD --DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_method(void)) /* DTLSv1.2 */ --DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_server_method(void)) /* DTLSv1.2 */ --DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_client_method(void)) /* DTLSv1.2 */ --#endif -+const SSL_METHOD *DTLSv1_2_method(void); /* DTLSv1.2 */ -+const SSL_METHOD *DTLSv1_2_server_method(void); /* DTLSv1.2 */ -+const SSL_METHOD *DTLSv1_2_client_method(void); /* DTLSv1.2 */ - --__owur const SSL_METHOD *DTLS_method(void); /* DTLS 1.0 and 1.2 */ --__owur const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */ --__owur const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */ -+const SSL_METHOD *DTLS_method(void); /* DTLS 1.0 and 1.2 */ -+const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */ -+const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */ - --__owur STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); --__owur STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx); --__owur STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s); --__owur STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s); -+STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); - --__owur int SSL_do_handshake(SSL *s); -+int SSL_do_handshake(SSL *s); - int SSL_renegotiate(SSL *s); --__owur int SSL_renegotiate_abbreviated(SSL *s); --__owur int SSL_renegotiate_pending(SSL *s); -+int SSL_renegotiate_abbreviated(SSL *s); -+int SSL_renegotiate_pending(SSL *s); - int SSL_shutdown(SSL *s); - --__owur const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx); --__owur const SSL_METHOD *SSL_get_ssl_method(SSL *s); --__owur int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); --__owur const char *SSL_alert_type_string_long(int value); --__owur const char *SSL_alert_type_string(int value); --__owur const char *SSL_alert_desc_string_long(int value); --__owur const char *SSL_alert_desc_string(int value); -+const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx); -+const SSL_METHOD *SSL_get_ssl_method(SSL *s); -+int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); -+const char *SSL_alert_type_string_long(int value); -+const char *SSL_alert_type_string(int value); -+const char *SSL_alert_desc_string_long(int value); -+const char *SSL_alert_desc_string(int value); - - void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); - void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); --__owur STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); --__owur STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s); --__owur int SSL_add_client_CA(SSL *ssl, X509 *x); --__owur int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x); -+STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); -+STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s); -+int SSL_add_client_CA(SSL *ssl, X509 *x); -+int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x); - - void SSL_set_connect_state(SSL *s); - void SSL_set_accept_state(SSL *s); - --__owur long SSL_get_default_timeout(const SSL *s); -+long SSL_get_default_timeout(const SSL *s); - --#if OPENSSL_API_COMPAT < 0x10100000L --# define SSL_library_init() OPENSSL_init_ssl(0, NULL) --#endif -+int SSL_library_init(void); - --__owur char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size); --__owur STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk); -+char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size); -+STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk); - --__owur SSL *SSL_dup(SSL *ssl); -+SSL *SSL_dup(SSL *ssl); - --__owur X509 *SSL_get_certificate(const SSL *ssl); -+X509 *SSL_get_certificate(const SSL *ssl); - /* - * EVP_PKEY - */ struct evp_pkey_st *SSL_get_privatekey(const SSL *ssl); - --__owur X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx); --__owur EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx); -+X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx); -+EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx); - - void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode); --__owur int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); -+int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); - void SSL_set_quiet_shutdown(SSL *ssl, int mode); --__owur int SSL_get_quiet_shutdown(const SSL *ssl); -+int SSL_get_quiet_shutdown(const SSL *ssl); - void SSL_set_shutdown(SSL *ssl, int mode); --__owur int SSL_get_shutdown(const SSL *ssl); --__owur int SSL_version(const SSL *ssl); --__owur int SSL_client_version(const SSL *s); --__owur int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); --__owur int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx); --__owur int SSL_CTX_set_default_verify_file(SSL_CTX *ctx); --__owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, -+int SSL_get_shutdown(const SSL *ssl); -+int SSL_version(const SSL *ssl); -+int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); -+int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, - const char *CApath); - # define SSL_get0_session SSL_get_session/* just peek at pointer */ --__owur SSL_SESSION *SSL_get_session(const SSL *ssl); --__owur SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ --__owur SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); -+SSL_SESSION *SSL_get_session(const SSL *ssl); -+SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ -+SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); - SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx); - void SSL_set_info_callback(SSL *ssl, - void (*cb) (const SSL *ssl, int type, int val)); - void (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type, - int val); --__owur OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl); -+int SSL_state(const SSL *ssl); -+void SSL_set_state(SSL *ssl, int state); - - void SSL_set_verify_result(SSL *ssl, long v); --__owur long SSL_get_verify_result(const SSL *ssl); --__owur STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s); -- --__owur size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, -- size_t outlen); --__owur size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, -- size_t outlen); --__owur size_t SSL_SESSION_get_master_key(const SSL_SESSION *ssl, -- unsigned char *out, size_t outlen); -- --#define SSL_get_ex_new_index(l, p, newf, dupf, freef) \ -- CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, l, p, newf, dupf, freef) --__owur int SSL_set_ex_data(SSL *ssl, int idx, void *data); -+long SSL_get_verify_result(const SSL *ssl); -+ -+int SSL_set_ex_data(SSL *ssl, int idx, void *data); - void *SSL_get_ex_data(const SSL *ssl, int idx); --#define SSL_SESSION_get_ex_new_index(l, p, newf, dupf, freef) \ -- CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, l, p, newf, dupf, freef) --__owur int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data); -+int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, -+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); -+ -+int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data); - void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss, int idx); --#define SSL_CTX_get_ex_new_index(l, p, newf, dupf, freef) \ -- CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, l, p, newf, dupf, freef) --__owur int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data); -+int SSL_SESSION_get_ex_new_index(long argl, void *argp, -+ CRYPTO_EX_new *new_func, -+ CRYPTO_EX_dup *dup_func, -+ CRYPTO_EX_free *free_func); -+ -+int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data); - void *SSL_CTX_get_ex_data(const SSL_CTX *ssl, int idx); -+int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, -+ CRYPTO_EX_dup *dup_func, -+ CRYPTO_EX_free *free_func); - --__owur int SSL_get_ex_data_X509_STORE_CTX_idx(void); -+int SSL_get_ex_data_X509_STORE_CTX_idx(void); - - # define SSL_CTX_sess_set_cache_size(ctx,t) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL) -@@ -1752,20 +2504,18 @@ __owur int SSL_get_ex_data_X509_STORE_CTX_idx(void); - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) - # define SSL_set_max_send_fragment(ssl,m) \ - SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) --# define SSL_CTX_set_split_send_fragment(ctx,m) \ -- SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL) --# define SSL_set_split_send_fragment(ssl,m) \ -- SSL_ctrl(ssl,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL) --# define SSL_CTX_set_max_pipelines(ctx,m) \ -- SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_PIPELINES,m,NULL) --# define SSL_set_max_pipelines(ssl,m) \ -- SSL_ctrl(ssl,SSL_CTRL_SET_MAX_PIPELINES,m,NULL) -- --void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len); --void SSL_set_default_read_buffer_len(SSL *s, size_t len); - -+ /* NB: the keylength is only applicable when is_export is true */ -+# ifndef OPENSSL_NO_RSA -+void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, -+ RSA *(*cb) (SSL *ssl, int is_export, -+ int keylength)); -+ -+void SSL_set_tmp_rsa_callback(SSL *ssl, -+ RSA *(*cb) (SSL *ssl, int is_export, -+ int keylength)); -+# endif - # ifndef OPENSSL_NO_DH --/* NB: the |keylength| is only applicable when is_export is true */ - void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, - DH *(*dh) (SSL *ssl, int is_export, - int keylength)); -@@ -1773,336 +2523,192 @@ void SSL_set_tmp_dh_callback(SSL *ssl, - DH *(*dh) (SSL *ssl, int is_export, - int keylength)); - # endif -+# ifndef OPENSSL_NO_ECDH -+void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, -+ EC_KEY *(*ecdh) (SSL *ssl, int is_export, -+ int keylength)); -+void SSL_set_tmp_ecdh_callback(SSL *ssl, -+ EC_KEY *(*ecdh) (SSL *ssl, int is_export, -+ int keylength)); -+# endif - --__owur const COMP_METHOD *SSL_get_current_compression(SSL *s); --__owur const COMP_METHOD *SSL_get_current_expansion(SSL *s); --__owur const char *SSL_COMP_get_name(const COMP_METHOD *comp); --__owur const char *SSL_COMP_get0_name(const SSL_COMP *comp); --__owur int SSL_COMP_get_id(const SSL_COMP *comp); -+const COMP_METHOD *SSL_get_current_compression(SSL *s); -+const COMP_METHOD *SSL_get_current_expansion(SSL *s); -+const char *SSL_COMP_get_name(const COMP_METHOD *comp); - STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); --__owur STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) -+STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) - *meths); --#if OPENSSL_API_COMPAT < 0x10100000L --# define SSL_COMP_free_compression_methods() while(0) continue --#endif --__owur int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); -+void SSL_COMP_free_compression_methods(void); -+int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); - - const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr); --int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c); --int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c); - - /* TLS extensions functions */ --__owur int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len); -+int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len); - --__owur int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, -+int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, - void *arg); - - /* Pre-shared secret session resumption functions */ --__owur int SSL_set_session_secret_cb(SSL *s, -+int SSL_set_session_secret_cb(SSL *s, - tls_session_secret_cb_fn tls_session_secret_cb, - void *arg); - --void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx, -- int (*cb) (SSL *ssl, -- int -- is_forward_secure)); -- --void SSL_set_not_resumable_session_callback(SSL *ssl, -- int (*cb) (SSL *ssl, -- int -- is_forward_secure)); --# if OPENSSL_API_COMPAT < 0x10100000L --# define SSL_cache_hit(s) SSL_session_reused(s) --# endif -- --__owur int SSL_session_reused(SSL *s); --__owur int SSL_is_server(SSL *s); -+void SSL_set_debug(SSL *s, int debug); -+int SSL_cache_hit(SSL *s); -+int SSL_is_server(SSL *s); - --__owur __owur SSL_CONF_CTX *SSL_CONF_CTX_new(void); -+SSL_CONF_CTX *SSL_CONF_CTX_new(void); - int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx); - void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx); - unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags); --__owur unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, unsigned int flags); --__owur int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *pre); -+unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, unsigned int flags); -+int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *pre); - - void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl); - void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx); - --__owur int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value); --__owur int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv); --__owur int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd); -- --void SSL_add_ssl_module(void); --int SSL_config(SSL *s, const char *name); --int SSL_CTX_config(SSL_CTX *ctx, const char *name); -+int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value); -+int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv); -+int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd); - - # ifndef OPENSSL_NO_SSL_TRACE - void SSL_trace(int write_p, int version, int content_type, - const void *buf, size_t len, SSL *ssl, void *arg); --__owur const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c); -+const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c); - # endif - --# ifndef OPENSSL_NO_SOCK --int DTLSv1_listen(SSL *s, BIO_ADDR *client); --# endif -- --# ifndef OPENSSL_NO_CT -- --/* -- * A callback for verifying that the received SCTs are sufficient. -- * Expected to return 1 if they are sufficient, otherwise 0. -- * May return a negative integer if an error occurs. -- * A connection should be aborted if the SCTs are deemed insufficient. -- */ --typedef int(*ssl_ct_validation_cb)(const CT_POLICY_EVAL_CTX *ctx, -- const STACK_OF(SCT) *scts, void *arg); -- --/* -- * Sets a |callback| that is invoked upon receipt of ServerHelloDone to validate -- * the received SCTs. -- * If the callback returns a non-positive result, the connection is terminated. -- * Call this function before beginning a handshake. -- * If a NULL |callback| is provided, SCT validation is disabled. -- * |arg| is arbitrary userdata that will be passed to the callback whenever it -- * is invoked. Ownership of |arg| remains with the caller. -- * -- * NOTE: A side-effect of setting a CT callback is that an OCSP stapled response -- * will be requested. -- */ --int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback, -- void *arg); --int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx, -- ssl_ct_validation_cb callback, -- void *arg); --#define SSL_disable_ct(s) \ -- ((void) SSL_set_validation_callback((s), NULL, NULL)) --#define SSL_CTX_disable_ct(ctx) \ -- ((void) SSL_CTX_set_validation_callback((ctx), NULL, NULL)) -- --/* -- * The validation type enumerates the available behaviours of the built-in SSL -- * CT validation callback selected via SSL_enable_ct() and SSL_CTX_enable_ct(). -- * The underlying callback is a static function in libssl. -- */ --enum { -- SSL_CT_VALIDATION_PERMISSIVE = 0, -- SSL_CT_VALIDATION_STRICT --}; -- --/* -- * Enable CT by setting up a callback that implements one of the built-in -- * validation variants. The SSL_CT_VALIDATION_PERMISSIVE variant always -- * continues the handshake, the application can make appropriate decisions at -- * handshake completion. The SSL_CT_VALIDATION_STRICT variant requires at -- * least one valid SCT, or else handshake termination will be requested. The -- * handshake may continue anyway if SSL_VERIFY_NONE is in effect. -- */ --int SSL_enable_ct(SSL *s, int validation_mode); --int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode); -- --/* -- * Report whether a non-NULL callback is enabled. -- */ --int SSL_ct_is_enabled(const SSL *s); --int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx); -- --/* Gets the SCTs received from a connection */ --const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s); -- --/* -- * Loads the CT log list from the default location. -- * If a CTLOG_STORE has previously been set using SSL_CTX_set_ctlog_store, -- * the log information loaded from this file will be appended to the -- * CTLOG_STORE. -- * Returns 1 on success, 0 otherwise. -- */ --int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx); -- --/* -- * Loads the CT log list from the specified file path. -- * If a CTLOG_STORE has previously been set using SSL_CTX_set_ctlog_store, -- * the log information loaded from this file will be appended to the -- * CTLOG_STORE. -- * Returns 1 on success, 0 otherwise. -- */ --int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path); -- --/* -- * Sets the CT log list used by all SSL connections created from this SSL_CTX. -- * Ownership of the CTLOG_STORE is transferred to the SSL_CTX. -- */ --void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE *logs); -- --/* -- * Gets the CT log list used by all SSL connections created from this SSL_CTX. -- * This will be NULL unless one of the following functions has been called: -- * - SSL_CTX_set_default_ctlog_list_file -- * - SSL_CTX_set_ctlog_list_file -- * - SSL_CTX_set_ctlog_store -- */ --const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx); -- --# endif /* OPENSSL_NO_CT */ -- --/* What the "other" parameter contains in security callback */ --/* Mask for type */ --# define SSL_SECOP_OTHER_TYPE 0xffff0000 --# define SSL_SECOP_OTHER_NONE 0 --# define SSL_SECOP_OTHER_CIPHER (1 << 16) --# define SSL_SECOP_OTHER_CURVE (2 << 16) --# define SSL_SECOP_OTHER_DH (3 << 16) --# define SSL_SECOP_OTHER_PKEY (4 << 16) --# define SSL_SECOP_OTHER_SIGALG (5 << 16) --# define SSL_SECOP_OTHER_CERT (6 << 16) -- --/* Indicated operation refers to peer key or certificate */ --# define SSL_SECOP_PEER 0x1000 -- --/* Values for "op" parameter in security callback */ -- --/* Called to filter ciphers */ --/* Ciphers client supports */ --# define SSL_SECOP_CIPHER_SUPPORTED (1 | SSL_SECOP_OTHER_CIPHER) --/* Cipher shared by client/server */ --# define SSL_SECOP_CIPHER_SHARED (2 | SSL_SECOP_OTHER_CIPHER) --/* Sanity check of cipher server selects */ --# define SSL_SECOP_CIPHER_CHECK (3 | SSL_SECOP_OTHER_CIPHER) --/* Curves supported by client */ --# define SSL_SECOP_CURVE_SUPPORTED (4 | SSL_SECOP_OTHER_CURVE) --/* Curves shared by client/server */ --# define SSL_SECOP_CURVE_SHARED (5 | SSL_SECOP_OTHER_CURVE) --/* Sanity check of curve server selects */ --# define SSL_SECOP_CURVE_CHECK (6 | SSL_SECOP_OTHER_CURVE) --/* Temporary DH key */ --# define SSL_SECOP_TMP_DH (7 | SSL_SECOP_OTHER_PKEY) --/* SSL/TLS version */ --# define SSL_SECOP_VERSION (9 | SSL_SECOP_OTHER_NONE) --/* Session tickets */ --# define SSL_SECOP_TICKET (10 | SSL_SECOP_OTHER_NONE) --/* Supported signature algorithms sent to peer */ --# define SSL_SECOP_SIGALG_SUPPORTED (11 | SSL_SECOP_OTHER_SIGALG) --/* Shared signature algorithm */ --# define SSL_SECOP_SIGALG_SHARED (12 | SSL_SECOP_OTHER_SIGALG) --/* Sanity check signature algorithm allowed */ --# define SSL_SECOP_SIGALG_CHECK (13 | SSL_SECOP_OTHER_SIGALG) --/* Used to get mask of supported public key signature algorithms */ --# define SSL_SECOP_SIGALG_MASK (14 | SSL_SECOP_OTHER_SIGALG) --/* Use to see if compression is allowed */ --# define SSL_SECOP_COMPRESSION (15 | SSL_SECOP_OTHER_NONE) --/* EE key in certificate */ --# define SSL_SECOP_EE_KEY (16 | SSL_SECOP_OTHER_CERT) --/* CA key in certificate */ --# define SSL_SECOP_CA_KEY (17 | SSL_SECOP_OTHER_CERT) --/* CA digest algorithm in certificate */ --# define SSL_SECOP_CA_MD (18 | SSL_SECOP_OTHER_CERT) --/* Peer EE key in certificate */ --# define SSL_SECOP_PEER_EE_KEY (SSL_SECOP_EE_KEY | SSL_SECOP_PEER) --/* Peer CA key in certificate */ --# define SSL_SECOP_PEER_CA_KEY (SSL_SECOP_CA_KEY | SSL_SECOP_PEER) --/* Peer CA digest algorithm in certificate */ --# define SSL_SECOP_PEER_CA_MD (SSL_SECOP_CA_MD | SSL_SECOP_PEER) -- --void SSL_set_security_level(SSL *s, int level); --__owur int SSL_get_security_level(const SSL *s); --void SSL_set_security_callback(SSL *s, -- int (*cb) (const SSL *s, const SSL_CTX *ctx, int op, -- int bits, int nid, void *other, -- void *ex)); --int (*SSL_get_security_callback(const SSL *s)) (const SSL *s, const SSL_CTX *ctx, int op, -- int bits, int nid, -- void *other, void *ex); --void SSL_set0_security_ex_data(SSL *s, void *ex); --__owur void *SSL_get0_security_ex_data(const SSL *s); -- --void SSL_CTX_set_security_level(SSL_CTX *ctx, int level); --__owur int SSL_CTX_get_security_level(const SSL_CTX *ctx); --void SSL_CTX_set_security_callback(SSL_CTX *ctx, -- int (*cb) (const SSL *s, const SSL_CTX *ctx, int op, -- int bits, int nid, void *other, -- void *ex)); --int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s, -- const SSL_CTX *ctx, -- int op, int bits, -- int nid, -- void *other, -- void *ex); --void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex); --__owur void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx); -- --/* OPENSSL_INIT flag 0x010000 reserved for internal use */ --#define OPENSSL_INIT_NO_LOAD_SSL_STRINGS 0x00100000L --#define OPENSSL_INIT_LOAD_SSL_STRINGS 0x00200000L -- --#define OPENSSL_INIT_SSL_DEFAULT \ -- (OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS) -- --int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); -- - # ifndef OPENSSL_NO_UNIT_TEST --__owur const struct openssl_ssl_test_functions *SSL_test_functions(void); -+const struct openssl_ssl_test_functions *SSL_test_functions(void); - # endif - --extern const char SSL_version_str[]; -- - /* BEGIN ERROR CODES */ - /* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -- --int ERR_load_SSL_strings(void); -+void ERR_load_SSL_strings(void); - - /* Error codes for the SSL functions. */ - - /* Function codes. */ - # define SSL_F_CHECK_SUITEB_CIPHER_LIST 331 --# define SSL_F_CT_MOVE_SCTS 345 --# define SSL_F_CT_STRICT 349 -+# define SSL_F_CLIENT_CERTIFICATE 100 -+# define SSL_F_CLIENT_FINISHED 167 -+# define SSL_F_CLIENT_HELLO 101 -+# define SSL_F_CLIENT_MASTER_KEY 102 - # define SSL_F_D2I_SSL_SESSION 103 --# define SSL_F_DANE_CTX_ENABLE 347 --# define SSL_F_DANE_MTYPE_SET 393 --# define SSL_F_DANE_TLSA_ADD 394 - # define SSL_F_DO_DTLS1_WRITE 245 - # define SSL_F_DO_SSL3_WRITE 104 -+# define SSL_F_DTLS1_ACCEPT 246 -+# define SSL_F_DTLS1_ADD_CERT_TO_BUF 295 - # define SSL_F_DTLS1_BUFFER_RECORD 247 --# define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 318 -+# define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 316 -+# define SSL_F_DTLS1_CLIENT_HELLO 248 -+# define SSL_F_DTLS1_CONNECT 249 -+# define SSL_F_DTLS1_ENC 250 -+# define SSL_F_DTLS1_GET_HELLO_VERIFY 251 -+# define SSL_F_DTLS1_GET_MESSAGE 252 -+# define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253 -+# define SSL_F_DTLS1_GET_RECORD 254 -+# define SSL_F_DTLS1_HANDLE_TIMEOUT 297 - # define SSL_F_DTLS1_HEARTBEAT 305 -+# define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255 - # define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288 - # define SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS 424 -+# define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256 - # define SSL_F_DTLS1_PROCESS_RECORD 257 - # define SSL_F_DTLS1_READ_BYTES 258 --# define SSL_F_DTLS1_READ_FAILED 339 --# define SSL_F_DTLS1_RETRANSMIT_MESSAGE 390 -+# define SSL_F_DTLS1_READ_FAILED 259 -+# define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST 260 -+# define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE 261 -+# define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE 262 -+# define SSL_F_DTLS1_SEND_CLIENT_VERIFY 263 -+# define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST 264 -+# define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE 265 -+# define SSL_F_DTLS1_SEND_SERVER_HELLO 266 -+# define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE 267 - # define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268 --# define SSL_F_DTLSV1_LISTEN 350 --# define SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC 371 --# define SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST 385 --# define SSL_F_DTLS_GET_REASSEMBLED_MESSAGE 370 --# define SSL_F_DTLS_PROCESS_HELLO_VERIFY 386 --# define SSL_F_OPENSSL_INIT_SSL 342 --# define SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION 417 --# define SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION 418 --# define SSL_F_READ_STATE_MACHINE 352 -+# define SSL_F_GET_CLIENT_FINISHED 105 -+# define SSL_F_GET_CLIENT_HELLO 106 -+# define SSL_F_GET_CLIENT_MASTER_KEY 107 -+# define SSL_F_GET_SERVER_FINISHED 108 -+# define SSL_F_GET_SERVER_HELLO 109 -+# define SSL_F_GET_SERVER_STATIC_DH_KEY 340 -+# define SSL_F_GET_SERVER_VERIFY 110 -+# define SSL_F_I2D_SSL_SESSION 111 -+# define SSL_F_READ_N 112 -+# define SSL_F_REQUEST_CERTIFICATE 113 -+# define SSL_F_SERVER_FINISH 239 -+# define SSL_F_SERVER_HELLO 114 -+# define SSL_F_SERVER_VERIFY 240 -+# define SSL_F_SSL23_ACCEPT 115 -+# define SSL_F_SSL23_CLIENT_HELLO 116 -+# define SSL_F_SSL23_CONNECT 117 -+# define SSL_F_SSL23_GET_CLIENT_HELLO 118 -+# define SSL_F_SSL23_GET_SERVER_HELLO 119 -+# define SSL_F_SSL23_PEEK 237 -+# define SSL_F_SSL23_READ 120 -+# define SSL_F_SSL23_WRITE 121 -+# define SSL_F_SSL2_ACCEPT 122 -+# define SSL_F_SSL2_CONNECT 123 -+# define SSL_F_SSL2_ENC_INIT 124 -+# define SSL_F_SSL2_GENERATE_KEY_MATERIAL 241 -+# define SSL_F_SSL2_PEEK 234 -+# define SSL_F_SSL2_READ 125 -+# define SSL_F_SSL2_READ_INTERNAL 236 -+# define SSL_F_SSL2_SET_CERTIFICATE 126 -+# define SSL_F_SSL2_WRITE 127 -+# define SSL_F_SSL3_ACCEPT 128 -+# define SSL_F_SSL3_ADD_CERT_TO_BUF 296 -+# define SSL_F_SSL3_CALLBACK_CTRL 233 - # define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 - # define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 -+# define SSL_F_SSL3_CHECK_CLIENT_HELLO 304 -+# define SSL_F_SSL3_CHECK_FINISHED 339 -+# define SSL_F_SSL3_CLIENT_HELLO 131 -+# define SSL_F_SSL3_CONNECT 132 - # define SSL_F_SSL3_CTRL 213 - # define SSL_F_SSL3_CTX_CTRL 133 - # define SSL_F_SSL3_DIGEST_CACHED_RECORDS 293 - # define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292 --# define SSL_F_SSL3_FINAL_FINISH_MAC 285 -+# define SSL_F_SSL3_ENC 134 - # define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 - # define SSL_F_SSL3_GENERATE_MASTER_SECRET 388 -+# define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135 -+# define SSL_F_SSL3_GET_CERT_STATUS 289 -+# define SSL_F_SSL3_GET_CERT_VERIFY 136 -+# define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137 -+# define SSL_F_SSL3_GET_CLIENT_HELLO 138 -+# define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE 139 -+# define SSL_F_SSL3_GET_FINISHED 140 -+# define SSL_F_SSL3_GET_KEY_EXCHANGE 141 -+# define SSL_F_SSL3_GET_MESSAGE 142 -+# define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283 -+# define SSL_F_SSL3_GET_NEXT_PROTO 306 - # define SSL_F_SSL3_GET_RECORD 143 --# define SSL_F_SSL3_INIT_FINISHED_MAC 397 -+# define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144 -+# define SSL_F_SSL3_GET_SERVER_DONE 145 -+# define SSL_F_SSL3_GET_SERVER_HELLO 146 -+# define SSL_F_SSL3_HANDSHAKE_MAC 285 -+# define SSL_F_SSL3_NEW_SESSION_TICKET 287 - # define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147 -+# define SSL_F_SSL3_PEEK 235 - # define SSL_F_SSL3_READ_BYTES 148 - # define SSL_F_SSL3_READ_N 149 -+# define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST 150 -+# define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE 151 -+# define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152 -+# define SSL_F_SSL3_SEND_CLIENT_VERIFY 153 -+# define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154 -+# define SSL_F_SSL3_SEND_SERVER_HELLO 242 -+# define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155 - # define SSL_F_SSL3_SETUP_KEY_BLOCK 157 - # define SSL_F_SSL3_SETUP_READ_BUFFER 156 - # define SSL_F_SSL3_SETUP_WRITE_BUFFER 291 - # define SSL_F_SSL3_WRITE_BYTES 158 - # define SSL_F_SSL3_WRITE_PENDING 159 --# define SSL_F_SSL_ADD_CERT_CHAIN 316 -+# define SSL_F_SSL_ADD_CERT_CHAIN 318 - # define SSL_F_SSL_ADD_CERT_TO_BUF 319 - # define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 298 - # define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 277 -@@ -2115,10 +2721,10 @@ int ERR_load_SSL_strings(void); - # define SSL_F_SSL_BAD_METHOD 160 - # define SSL_F_SSL_BUILD_CERT_CHAIN 332 - # define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161 --# define SSL_F_SSL_CERT_ADD0_CHAIN_CERT 346 - # define SSL_F_SSL_CERT_DUP 221 -+# define SSL_F_SSL_CERT_INST 222 -+# define SSL_F_SSL_CERT_INSTANTIATE 214 - # define SSL_F_SSL_CERT_NEW 162 --# define SSL_F_SSL_CERT_SET0_CHAIN 340 - # define SSL_F_SSL_CHECK_PRIVATE_KEY 163 - # define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 280 - # define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG 279 -@@ -2130,17 +2736,17 @@ int ERR_load_SSL_strings(void); - # define SSL_F_SSL_CREATE_CIPHER_LIST 166 - # define SSL_F_SSL_CTRL 232 - # define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168 --# define SSL_F_SSL_CTX_ENABLE_CT 398 - # define SSL_F_SSL_CTX_MAKE_PROFILES 309 - # define SSL_F_SSL_CTX_NEW 169 --# define SSL_F_SSL_CTX_SET_ALPN_PROTOS 343 - # define SSL_F_SSL_CTX_SET_CIPHER_LIST 269 - # define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 290 --# define SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK 396 -+# define SSL_F_SSL_CTX_SET_PURPOSE 226 - # define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219 - # define SSL_F_SSL_CTX_SET_SSL_VERSION 170 -+# define SSL_F_SSL_CTX_SET_TRUST 229 - # define SSL_F_SSL_CTX_USE_CERTIFICATE 171 - # define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172 -+# define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE 220 - # define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173 - # define SSL_F_SSL_CTX_USE_PRIVATEKEY 174 - # define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175 -@@ -2151,19 +2757,15 @@ int ERR_load_SSL_strings(void); - # define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179 - # define SSL_F_SSL_CTX_USE_SERVERINFO 336 - # define SSL_F_SSL_CTX_USE_SERVERINFO_FILE 337 --# define SSL_F_SSL_DANE_DUP 403 --# define SSL_F_SSL_DANE_ENABLE 395 --# define SSL_F_SSL_DO_CONFIG 391 - # define SSL_F_SSL_DO_HANDSHAKE 180 --# define SSL_F_SSL_DUP_CA_LIST 408 --# define SSL_F_SSL_ENABLE_CT 402 - # define SSL_F_SSL_GET_NEW_SESSION 181 - # define SSL_F_SSL_GET_PREV_SESSION 217 - # define SSL_F_SSL_GET_SERVER_CERT_INDEX 322 -+# define SSL_F_SSL_GET_SERVER_SEND_CERT 182 -+# define SSL_F_SSL_GET_SERVER_SEND_PKEY 317 - # define SSL_F_SSL_GET_SIGN_PKEY 183 - # define SSL_F_SSL_INIT_WBIO_BUFFER 184 - # define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 --# define SSL_F_SSL_MODULE_INIT 392 - # define SSL_F_SSL_NEW 186 - # define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 300 - # define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 302 -@@ -2172,28 +2774,32 @@ int ERR_load_SSL_strings(void); - # define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303 - # define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 311 - # define SSL_F_SSL_PEEK 270 -+# define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 281 -+# define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 282 - # define SSL_F_SSL_READ 223 -+# define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187 -+# define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188 - # define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT 320 - # define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT 321 - # define SSL_F_SSL_SESSION_DUP 348 - # define SSL_F_SSL_SESSION_NEW 189 - # define SSL_F_SSL_SESSION_PRINT_FP 190 --# define SSL_F_SSL_SESSION_SET1_ID 423 - # define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312 --# define SSL_F_SSL_SET_ALPN_PROTOS 344 -+# define SSL_F_SSL_SESS_CERT_NEW 225 - # define SSL_F_SSL_SET_CERT 191 - # define SSL_F_SSL_SET_CIPHER_LIST 271 --# define SSL_F_SSL_SET_CT_VALIDATION_CALLBACK 399 - # define SSL_F_SSL_SET_FD 192 - # define SSL_F_SSL_SET_PKEY 193 -+# define SSL_F_SSL_SET_PURPOSE 227 - # define SSL_F_SSL_SET_RFD 194 - # define SSL_F_SSL_SET_SESSION 195 - # define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218 - # define SSL_F_SSL_SET_SESSION_TICKET_EXT 294 -+# define SSL_F_SSL_SET_TRUST 228 - # define SSL_F_SSL_SET_WFD 196 - # define SSL_F_SSL_SHUTDOWN 224 - # define SSL_F_SSL_SRP_CTX_INIT 313 --# define SSL_F_SSL_START_ASYNC_JOB 389 -+# define SSL_F_SSL_UNDEFINED_CONST_FUNCTION 243 - # define SSL_F_SSL_UNDEFINED_FUNCTION 197 - # define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244 - # define SSL_F_SSL_USE_CERTIFICATE 198 -@@ -2206,228 +2812,243 @@ int ERR_load_SSL_strings(void); - # define SSL_F_SSL_USE_RSAPRIVATEKEY 204 - # define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205 - # define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206 --# define SSL_F_SSL_VALIDATE_CT 400 - # define SSL_F_SSL_VERIFY_CERT_CHAIN 207 - # define SSL_F_SSL_WRITE 208 --# define SSL_F_STATE_MACHINE 353 - # define SSL_F_TLS12_CHECK_PEER_SIGALG 333 -+# define SSL_F_TLS1_CERT_VERIFY_MAC 286 - # define SSL_F_TLS1_CHANGE_CIPHER_STATE 209 --# define SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS 341 --# define SSL_F_TLS1_ENC 401 -+# define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT 274 -+# define SSL_F_TLS1_ENC 210 - # define SSL_F_TLS1_EXPORT_KEYING_MATERIAL 314 - # define SSL_F_TLS1_GET_CURVELIST 338 -+# define SSL_F_TLS1_HEARTBEAT 315 -+# define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT 275 -+# define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT 276 - # define SSL_F_TLS1_PRF 284 - # define SSL_F_TLS1_SETUP_KEY_BLOCK 211 - # define SSL_F_TLS1_SET_SERVER_SIGALGS 335 --# define SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK 354 --# define SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST 372 --# define SSL_F_TLS_CONSTRUCT_CKE_DHE 404 --# define SSL_F_TLS_CONSTRUCT_CKE_ECDHE 405 --# define SSL_F_TLS_CONSTRUCT_CKE_GOST 406 --# define SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE 407 --# define SSL_F_TLS_CONSTRUCT_CKE_RSA 409 --# define SSL_F_TLS_CONSTRUCT_CKE_SRP 410 --# define SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE 355 --# define SSL_F_TLS_CONSTRUCT_CLIENT_HELLO 356 --# define SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE 357 --# define SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY 358 --# define SSL_F_TLS_CONSTRUCT_FINISHED 359 --# define SSL_F_TLS_CONSTRUCT_HELLO_REQUEST 373 --# define SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET 428 --# define SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE 374 --# define SSL_F_TLS_CONSTRUCT_SERVER_DONE 375 --# define SSL_F_TLS_CONSTRUCT_SERVER_HELLO 376 --# define SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE 377 --# define SSL_F_TLS_GET_MESSAGE_BODY 351 --# define SSL_F_TLS_GET_MESSAGE_HEADER 387 --# define SSL_F_TLS_POST_PROCESS_CLIENT_HELLO 378 --# define SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE 384 --# define SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE 360 --# define SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST 361 --# define SSL_F_TLS_PROCESS_CERT_STATUS 362 --# define SSL_F_TLS_PROCESS_CERT_VERIFY 379 --# define SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC 363 --# define SSL_F_TLS_PROCESS_CKE_DHE 411 --# define SSL_F_TLS_PROCESS_CKE_ECDHE 412 --# define SSL_F_TLS_PROCESS_CKE_GOST 413 --# define SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE 414 --# define SSL_F_TLS_PROCESS_CKE_RSA 415 --# define SSL_F_TLS_PROCESS_CKE_SRP 416 --# define SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE 380 --# define SSL_F_TLS_PROCESS_CLIENT_HELLO 381 --# define SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE 382 --# define SSL_F_TLS_PROCESS_FINISHED 364 --# define SSL_F_TLS_PROCESS_KEY_EXCHANGE 365 --# define SSL_F_TLS_PROCESS_NEW_SESSION_TICKET 366 --# define SSL_F_TLS_PROCESS_NEXT_PROTO 383 --# define SSL_F_TLS_PROCESS_SERVER_CERTIFICATE 367 --# define SSL_F_TLS_PROCESS_SERVER_DONE 368 --# define SSL_F_TLS_PROCESS_SERVER_HELLO 369 --# define SSL_F_TLS_PROCESS_SKE_DHE 419 --# define SSL_F_TLS_PROCESS_SKE_ECDHE 420 --# define SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE 421 --# define SSL_F_TLS_PROCESS_SKE_SRP 422 --# define SSL_F_USE_CERTIFICATE_CHAIN_FILE 220 -+# define SSL_F_WRITE_PENDING 212 - - /* Reason codes. */ - # define SSL_R_APP_DATA_IN_HANDSHAKE 100 - # define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272 --# define SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE 143 --# define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE 158 -+# define SSL_R_BAD_ALERT_RECORD 101 -+# define SSL_R_BAD_AUTHENTICATION_TYPE 102 - # define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 -+# define SSL_R_BAD_CHECKSUM 104 - # define SSL_R_BAD_DATA 390 - # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 - # define SSL_R_BAD_DECOMPRESSION 107 --# define SSL_R_BAD_DH_VALUE 102 -+# define SSL_R_BAD_DH_G_LENGTH 108 -+# define SSL_R_BAD_DH_G_VALUE 375 -+# define SSL_R_BAD_DH_PUB_KEY_LENGTH 109 -+# define SSL_R_BAD_DH_PUB_KEY_VALUE 393 -+# define SSL_R_BAD_DH_P_LENGTH 110 -+# define SSL_R_BAD_DH_P_VALUE 395 - # define SSL_R_BAD_DIGEST_LENGTH 111 -+# define SSL_R_BAD_DSA_SIGNATURE 112 - # define SSL_R_BAD_ECC_CERT 304 -+# define SSL_R_BAD_ECDSA_SIGNATURE 305 - # define SSL_R_BAD_ECPOINT 306 - # define SSL_R_BAD_HANDSHAKE_LENGTH 332 - # define SSL_R_BAD_HELLO_REQUEST 105 - # define SSL_R_BAD_LENGTH 271 -+# define SSL_R_BAD_MAC_DECODE 113 -+# define SSL_R_BAD_MAC_LENGTH 333 -+# define SSL_R_BAD_MESSAGE_TYPE 114 - # define SSL_R_BAD_PACKET_LENGTH 115 - # define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116 -+# define SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH 316 -+# define SSL_R_BAD_RESPONSE_ARGUMENT 117 -+# define SSL_R_BAD_RSA_DECRYPT 118 - # define SSL_R_BAD_RSA_ENCRYPT 119 -+# define SSL_R_BAD_RSA_E_LENGTH 120 -+# define SSL_R_BAD_RSA_MODULUS_LENGTH 121 -+# define SSL_R_BAD_RSA_SIGNATURE 122 - # define SSL_R_BAD_SIGNATURE 123 - # define SSL_R_BAD_SRP_A_LENGTH 347 -+# define SSL_R_BAD_SRP_B_LENGTH 348 -+# define SSL_R_BAD_SRP_G_LENGTH 349 -+# define SSL_R_BAD_SRP_N_LENGTH 350 - # define SSL_R_BAD_SRP_PARAMETERS 371 -+# define SSL_R_BAD_SRP_S_LENGTH 351 - # define SSL_R_BAD_SRTP_MKI_VALUE 352 - # define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 353 - # define SSL_R_BAD_SSL_FILETYPE 124 -+# define SSL_R_BAD_SSL_SESSION_ID_LENGTH 125 -+# define SSL_R_BAD_STATE 126 - # define SSL_R_BAD_VALUE 384 - # define SSL_R_BAD_WRITE_RETRY 127 - # define SSL_R_BIO_NOT_SET 128 - # define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129 - # define SSL_R_BN_LIB 130 - # define SSL_R_CA_DN_LENGTH_MISMATCH 131 --# define SSL_R_CA_KEY_TOO_SMALL 397 --# define SSL_R_CA_MD_TOO_WEAK 398 -+# define SSL_R_CA_DN_TOO_LONG 132 - # define SSL_R_CCS_RECEIVED_EARLY 133 - # define SSL_R_CERTIFICATE_VERIFY_FAILED 134 - # define SSL_R_CERT_CB_ERROR 377 - # define SSL_R_CERT_LENGTH_MISMATCH 135 -+# define SSL_R_CHALLENGE_IS_DIFFERENT 136 - # define SSL_R_CIPHER_CODE_WRONG_LENGTH 137 - # define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138 -+# define SSL_R_CIPHER_TABLE_SRC_ERROR 139 - # define SSL_R_CLIENTHELLO_TLSEXT 226 - # define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140 - # define SSL_R_COMPRESSION_DISABLED 343 - # define SSL_R_COMPRESSION_FAILURE 141 - # define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307 - # define SSL_R_COMPRESSION_LIBRARY_ERROR 142 -+# define SSL_R_CONNECTION_ID_IS_DIFFERENT 143 - # define SSL_R_CONNECTION_TYPE_NOT_SET 144 --# define SSL_R_CONTEXT_NOT_DANE_ENABLED 167 --# define SSL_R_COOKIE_GEN_CALLBACK_FAILURE 400 - # define SSL_R_COOKIE_MISMATCH 308 --# define SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED 206 --# define SSL_R_DANE_ALREADY_ENABLED 172 --# define SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL 173 --# define SSL_R_DANE_NOT_ENABLED 175 --# define SSL_R_DANE_TLSA_BAD_CERTIFICATE 180 --# define SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE 184 --# define SSL_R_DANE_TLSA_BAD_DATA_LENGTH 189 --# define SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH 192 --# define SSL_R_DANE_TLSA_BAD_MATCHING_TYPE 200 --# define SSL_R_DANE_TLSA_BAD_PUBLIC_KEY 201 --# define SSL_R_DANE_TLSA_BAD_SELECTOR 202 --# define SSL_R_DANE_TLSA_NULL_DATA 203 - # define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145 - # define SSL_R_DATA_LENGTH_TOO_LONG 146 - # define SSL_R_DECRYPTION_FAILED 147 - # define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 --# define SSL_R_DH_KEY_TOO_SMALL 394 -+# define SSL_R_DH_KEY_TOO_SMALL 372 - # define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 - # define SSL_R_DIGEST_CHECK_FAILED 149 - # define SSL_R_DTLS_MESSAGE_TOO_BIG 334 - # define SSL_R_DUPLICATE_COMPRESSION_ID 309 -+# define SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT 317 - # define SSL_R_ECC_CERT_NOT_FOR_SIGNING 318 -+# define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE 322 -+# define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE 323 - # define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE 374 --# define SSL_R_EE_KEY_TOO_SMALL 399 -+# define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310 - # define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354 - # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 -+# define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282 - # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 --# define SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN 204 - # define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 - # define SSL_R_EXTRA_DATA_IN_MESSAGE 153 --# define SSL_R_FAILED_TO_INIT_ASYNC 405 --# define SSL_R_FRAGMENTED_CLIENT_HELLO 401 - # define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 -+# define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 355 -+# define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 356 - # define SSL_R_HTTPS_PROXY_REQUEST 155 - # define SSL_R_HTTP_REQUEST 156 -+# define SSL_R_ILLEGAL_PADDING 283 - # define SSL_R_ILLEGAL_SUITEB_DIGEST 380 - # define SSL_R_INAPPROPRIATE_FALLBACK 373 - # define SSL_R_INCONSISTENT_COMPRESSION 340 --# define SSL_R_INCONSISTENT_EXTMS 104 -+# define SSL_R_INVALID_CHALLENGE_LENGTH 158 - # define SSL_R_INVALID_COMMAND 280 - # define SSL_R_INVALID_COMPRESSION_ALGORITHM 341 --# define SSL_R_INVALID_CONFIGURATION_NAME 113 --# define SSL_R_INVALID_CT_VALIDATION_TYPE 212 - # define SSL_R_INVALID_NULL_CMD_NAME 385 --# define SSL_R_INVALID_SEQUENCE_NUMBER 402 -+# define SSL_R_INVALID_PURPOSE 278 - # define SSL_R_INVALID_SERVERINFO_DATA 388 - # define SSL_R_INVALID_SRP_USERNAME 357 - # define SSL_R_INVALID_STATUS_RESPONSE 328 - # define SSL_R_INVALID_TICKET_KEYS_LENGTH 325 -+# define SSL_R_INVALID_TRUST 279 -+# define SSL_R_KEY_ARG_TOO_LONG 284 -+# define SSL_R_KRB5 285 -+# define SSL_R_KRB5_C_CC_PRINC 286 -+# define SSL_R_KRB5_C_GET_CRED 287 -+# define SSL_R_KRB5_C_INIT 288 -+# define SSL_R_KRB5_C_MK_REQ 289 -+# define SSL_R_KRB5_S_BAD_TICKET 290 -+# define SSL_R_KRB5_S_INIT 291 -+# define SSL_R_KRB5_S_RD_REQ 292 -+# define SSL_R_KRB5_S_TKT_EXPIRED 293 -+# define SSL_R_KRB5_S_TKT_NYV 294 -+# define SSL_R_KRB5_S_TKT_SKEW 295 - # define SSL_R_LENGTH_MISMATCH 159 --# define SSL_R_LENGTH_TOO_LONG 404 - # define SSL_R_LENGTH_TOO_SHORT 160 - # define SSL_R_LIBRARY_BUG 274 - # define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 -+# define SSL_R_MESSAGE_TOO_LONG 296 -+# define SSL_R_MISSING_DH_DSA_CERT 162 -+# define SSL_R_MISSING_DH_KEY 163 -+# define SSL_R_MISSING_DH_RSA_CERT 164 - # define SSL_R_MISSING_DSA_SIGNING_CERT 165 -+# define SSL_R_MISSING_ECDH_CERT 382 - # define SSL_R_MISSING_ECDSA_SIGNING_CERT 381 -+# define SSL_R_MISSING_EXPORT_TMP_DH_KEY 166 -+# define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 167 - # define SSL_R_MISSING_RSA_CERTIFICATE 168 - # define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169 - # define SSL_R_MISSING_RSA_SIGNING_CERT 170 - # define SSL_R_MISSING_SRP_PARAM 358 - # define SSL_R_MISSING_TMP_DH_KEY 171 - # define SSL_R_MISSING_TMP_ECDH_KEY 311 -+# define SSL_R_MISSING_TMP_RSA_KEY 172 -+# define SSL_R_MISSING_TMP_RSA_PKEY 173 -+# define SSL_R_MISSING_VERIFY_MESSAGE 174 -+# define SSL_R_MULTIPLE_SGC_RESTARTS 346 -+# define SSL_R_NON_SSLV2_INITIAL_PACKET 175 - # define SSL_R_NO_CERTIFICATES_RETURNED 176 - # define SSL_R_NO_CERTIFICATE_ASSIGNED 177 -+# define SSL_R_NO_CERTIFICATE_RETURNED 178 - # define SSL_R_NO_CERTIFICATE_SET 179 -+# define SSL_R_NO_CERTIFICATE_SPECIFIED 180 - # define SSL_R_NO_CIPHERS_AVAILABLE 181 -+# define SSL_R_NO_CIPHERS_PASSED 182 - # define SSL_R_NO_CIPHERS_SPECIFIED 183 -+# define SSL_R_NO_CIPHER_LIST 184 - # define SSL_R_NO_CIPHER_MATCH 185 - # define SSL_R_NO_CLIENT_CERT_METHOD 331 -+# define SSL_R_NO_CLIENT_CERT_RECEIVED 186 - # define SSL_R_NO_COMPRESSION_SPECIFIED 187 - # define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 330 - # define SSL_R_NO_METHOD_SPECIFIED 188 - # define SSL_R_NO_PEM_EXTENSIONS 389 -+# define SSL_R_NO_PRIVATEKEY 189 - # define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 - # define SSL_R_NO_PROTOCOLS_AVAILABLE 191 -+# define SSL_R_NO_PUBLICKEY 192 - # define SSL_R_NO_RENEGOTIATION 339 - # define SSL_R_NO_REQUIRED_DIGEST 324 - # define SSL_R_NO_SHARED_CIPHER 193 --# define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS 376 -+# define SSL_R_NO_SHARED_SIGATURE_ALGORITHMS 376 - # define SSL_R_NO_SRTP_PROFILES 359 --# define SSL_R_NO_VALID_SCTS 216 --# define SSL_R_NO_VERIFY_COOKIE_CALLBACK 403 -+# define SSL_R_NO_VERIFY_CALLBACK 194 - # define SSL_R_NULL_SSL_CTX 195 - # define SSL_R_NULL_SSL_METHOD_PASSED 196 - # define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 - # define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344 -+# define SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE 387 -+# define SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE 379 -+# define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297 -+# define SSL_R_OPAQUE_PRF_INPUT_TOO_LONG 327 - # define SSL_R_PACKET_LENGTH_TOO_LONG 198 - # define SSL_R_PARSE_TLSEXT 227 - # define SSL_R_PATH_TOO_LONG 270 - # define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 -+# define SSL_R_PEER_ERROR 200 -+# define SSL_R_PEER_ERROR_CERTIFICATE 201 -+# define SSL_R_PEER_ERROR_NO_CERTIFICATE 202 -+# define SSL_R_PEER_ERROR_NO_CIPHER 203 -+# define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 204 - # define SSL_R_PEM_NAME_BAD_PREFIX 391 - # define SSL_R_PEM_NAME_TOO_SHORT 392 --# define SSL_R_PIPELINE_FAILURE 406 -+# define SSL_R_PRE_MAC_LENGTH_TOO_LONG 205 -+# define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 206 - # define SSL_R_PROTOCOL_IS_SHUTDOWN 207 - # define SSL_R_PSK_IDENTITY_NOT_FOUND 223 - # define SSL_R_PSK_NO_CLIENT_CB 224 - # define SSL_R_PSK_NO_SERVER_CB 225 -+# define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 208 -+# define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209 -+# define SSL_R_PUBLIC_KEY_NOT_RSA 210 - # define SSL_R_READ_BIO_NOT_SET 211 - # define SSL_R_READ_TIMEOUT_EXPIRED 312 -+# define SSL_R_READ_WRONG_PACKET_TYPE 212 - # define SSL_R_RECORD_LENGTH_MISMATCH 213 -+# define SSL_R_RECORD_TOO_LARGE 214 - # define SSL_R_RECORD_TOO_SMALL 298 - # define SSL_R_RENEGOTIATE_EXT_TOO_LONG 335 - # define SSL_R_RENEGOTIATION_ENCODING_ERR 336 - # define SSL_R_RENEGOTIATION_MISMATCH 337 - # define SSL_R_REQUIRED_CIPHER_MISSING 215 --# define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING 342 -+# define SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING 342 -+# define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 -+# define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 -+# define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218 - # define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 345 --# define SSL_R_SCT_VERIFICATION_FAILED 208 - # define SSL_R_SERVERHELLO_TLSEXT 275 - # define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 -+# define SSL_R_SHORT_READ 219 - # define SSL_R_SHUTDOWN_WHILE_IN_INIT 407 - # define SSL_R_SIGNATURE_ALGORITHMS_ERROR 360 - # define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 -@@ -2435,9 +3056,13 @@ int ERR_load_SSL_strings(void); - # define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 362 - # define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 363 - # define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 364 -+# define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 -+# define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299 -+# define SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT 321 - # define SSL_R_SSL3_EXT_INVALID_SERVERNAME 319 - # define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 320 - # define SSL_R_SSL3_SESSION_ID_TOO_LONG 300 -+# define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 - # define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 - # define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 - # define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045 -@@ -2449,20 +3074,14 @@ int ERR_load_SSL_strings(void); - # define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 - # define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 - # define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 --# define SSL_R_SSL_COMMAND_SECTION_EMPTY 117 --# define SSL_R_SSL_COMMAND_SECTION_NOT_FOUND 125 - # define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228 - # define SSL_R_SSL_HANDSHAKE_FAILURE 229 - # define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230 --# define SSL_R_SSL_NEGATIVE_LENGTH 372 --# define SSL_R_SSL_SECTION_EMPTY 126 --# define SSL_R_SSL_SECTION_NOT_FOUND 136 - # define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301 - # define SSL_R_SSL_SESSION_ID_CONFLICT 302 --# define SSL_R_SSL_SESSION_ID_TOO_LONG 408 - # define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273 - # define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303 --# define SSL_R_SSL_SESSION_VERSION_MISMATCH 210 -+# define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231 - # define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 - # define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 - # define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 -@@ -2481,13 +3100,23 @@ int ERR_load_SSL_strings(void); - # define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 - # define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 - # define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 -+# define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232 - # define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT 365 - # define SSL_R_TLS_HEARTBEAT_PENDING 366 - # define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367 - # define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157 -+# define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 -+# define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234 - # define SSL_R_TOO_MANY_WARN_ALERTS 409 -+# define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235 -+# define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236 -+# define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313 -+# define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 237 -+# define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238 - # define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314 - # define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239 -+# define SSL_R_UNABLE_TO_FIND_SSL_METHOD 240 -+# define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 241 - # define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242 - # define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243 - # define SSL_R_UNEXPECTED_MESSAGE 244 -@@ -2498,25 +3127,28 @@ int ERR_load_SSL_strings(void); - # define SSL_R_UNKNOWN_CIPHER_RETURNED 248 - # define SSL_R_UNKNOWN_CIPHER_TYPE 249 - # define SSL_R_UNKNOWN_CMD_NAME 386 --# define SSL_R_UNKNOWN_COMMAND 139 - # define SSL_R_UNKNOWN_DIGEST 368 - # define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250 - # define SSL_R_UNKNOWN_PKEY_TYPE 251 - # define SSL_R_UNKNOWN_PROTOCOL 252 -+# define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253 - # define SSL_R_UNKNOWN_SSL_VERSION 254 - # define SSL_R_UNKNOWN_STATE 255 - # define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 338 -+# define SSL_R_UNSUPPORTED_CIPHER 256 - # define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 -+# define SSL_R_UNSUPPORTED_DIGEST_TYPE 326 - # define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315 - # define SSL_R_UNSUPPORTED_PROTOCOL 258 - # define SSL_R_UNSUPPORTED_SSL_VERSION 259 - # define SSL_R_UNSUPPORTED_STATUS_TYPE 329 - # define SSL_R_USE_SRTP_NOT_NEGOTIATED 369 --# define SSL_R_VERSION_TOO_HIGH 166 --# define SSL_R_VERSION_TOO_LOW 396 -+# define SSL_R_WRITE_BIO_NOT_SET 260 - # define SSL_R_WRONG_CERTIFICATE_TYPE 383 - # define SSL_R_WRONG_CIPHER_RETURNED 261 - # define SSL_R_WRONG_CURVE 378 -+# define SSL_R_WRONG_MESSAGE_TYPE 262 -+# define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263 - # define SSL_R_WRONG_SIGNATURE_LENGTH 264 - # define SSL_R_WRONG_SIGNATURE_SIZE 265 - # define SSL_R_WRONG_SIGNATURE_TYPE 370 -@@ -2525,7 +3157,7 @@ int ERR_load_SSL_strings(void); - # define SSL_R_X509_LIB 268 - # define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269 - --# ifdef __cplusplus -+#ifdef __cplusplus - } --# endif -+#endif - #endif -diff --git a/Cryptlib/Include/openssl/ssl2.h b/Cryptlib/Include/openssl/ssl2.h -index 5321bd2..03c7dd8 100644 ---- a/Cryptlib/Include/openssl/ssl2.h -+++ b/Cryptlib/Include/openssl/ssl2.h -@@ -1,10 +1,59 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* ssl/ssl2.h */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #ifndef HEADER_SSL2_H -@@ -14,9 +63,201 @@ - extern "C" { - #endif - -+/* Protocol Version Codes */ - # define SSL2_VERSION 0x0002 -+# define SSL2_VERSION_MAJOR 0x00 -+# define SSL2_VERSION_MINOR 0x02 -+/* #define SSL2_CLIENT_VERSION 0x0002 */ -+/* #define SSL2_SERVER_VERSION 0x0002 */ - -+/* Protocol Message Codes */ -+# define SSL2_MT_ERROR 0 - # define SSL2_MT_CLIENT_HELLO 1 -+# define SSL2_MT_CLIENT_MASTER_KEY 2 -+# define SSL2_MT_CLIENT_FINISHED 3 -+# define SSL2_MT_SERVER_HELLO 4 -+# define SSL2_MT_SERVER_VERIFY 5 -+# define SSL2_MT_SERVER_FINISHED 6 -+# define SSL2_MT_REQUEST_CERTIFICATE 7 -+# define SSL2_MT_CLIENT_CERTIFICATE 8 -+ -+/* Error Message Codes */ -+# define SSL2_PE_UNDEFINED_ERROR 0x0000 -+# define SSL2_PE_NO_CIPHER 0x0001 -+# define SSL2_PE_NO_CERTIFICATE 0x0002 -+# define SSL2_PE_BAD_CERTIFICATE 0x0004 -+# define SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006 -+ -+/* Cipher Kind Values */ -+# define SSL2_CK_NULL_WITH_MD5 0x02000000/* v3 */ -+# define SSL2_CK_RC4_128_WITH_MD5 0x02010080 -+# define SSL2_CK_RC4_128_EXPORT40_WITH_MD5 0x02020080 -+# define SSL2_CK_RC2_128_CBC_WITH_MD5 0x02030080 -+# define SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5 0x02040080 -+# define SSL2_CK_IDEA_128_CBC_WITH_MD5 0x02050080 -+# define SSL2_CK_DES_64_CBC_WITH_MD5 0x02060040 -+# define SSL2_CK_DES_64_CBC_WITH_SHA 0x02060140/* v3 */ -+# define SSL2_CK_DES_192_EDE3_CBC_WITH_MD5 0x020700c0 -+# define SSL2_CK_DES_192_EDE3_CBC_WITH_SHA 0x020701c0/* v3 */ -+# define SSL2_CK_RC4_64_WITH_MD5 0x02080080/* MS hack */ -+ -+# define SSL2_CK_DES_64_CFB64_WITH_MD5_1 0x02ff0800/* SSLeay */ -+# define SSL2_CK_NULL 0x02ff0810/* SSLeay */ -+ -+# define SSL2_TXT_DES_64_CFB64_WITH_MD5_1 "DES-CFB-M1" -+# define SSL2_TXT_NULL_WITH_MD5 "NULL-MD5" -+# define SSL2_TXT_RC4_128_WITH_MD5 "RC4-MD5" -+# define SSL2_TXT_RC4_128_EXPORT40_WITH_MD5 "EXP-RC4-MD5" -+# define SSL2_TXT_RC2_128_CBC_WITH_MD5 "RC2-CBC-MD5" -+# define SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 "EXP-RC2-CBC-MD5" -+# define SSL2_TXT_IDEA_128_CBC_WITH_MD5 "IDEA-CBC-MD5" -+# define SSL2_TXT_DES_64_CBC_WITH_MD5 "DES-CBC-MD5" -+# define SSL2_TXT_DES_64_CBC_WITH_SHA "DES-CBC-SHA" -+# define SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 "DES-CBC3-MD5" -+# define SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA "DES-CBC3-SHA" -+# define SSL2_TXT_RC4_64_WITH_MD5 "RC4-64-MD5" -+ -+# define SSL2_TXT_NULL "NULL" -+ -+/* Flags for the SSL_CIPHER.algorithm2 field */ -+# define SSL2_CF_5_BYTE_ENC 0x01 -+# define SSL2_CF_8_BYTE_ENC 0x02 -+ -+/* Certificate Type Codes */ -+# define SSL2_CT_X509_CERTIFICATE 0x01 -+ -+/* Authentication Type Code */ -+# define SSL2_AT_MD5_WITH_RSA_ENCRYPTION 0x01 -+ -+# define SSL2_MAX_SSL_SESSION_ID_LENGTH 32 -+ -+/* Upper/Lower Bounds */ -+# define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS 256 -+# ifdef OPENSSL_SYS_MPE -+# define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 29998u -+# else -+# define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 32767u -+ /* 2^15-1 */ -+# endif -+# define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER 16383/* 2^14-1 */ -+ -+# define SSL2_CHALLENGE_LENGTH 16 -+/* -+ * #define SSL2_CHALLENGE_LENGTH 32 -+ */ -+# define SSL2_MIN_CHALLENGE_LENGTH 16 -+# define SSL2_MAX_CHALLENGE_LENGTH 32 -+# define SSL2_CONNECTION_ID_LENGTH 16 -+# define SSL2_MAX_CONNECTION_ID_LENGTH 16 -+# define SSL2_SSL_SESSION_ID_LENGTH 16 -+# define SSL2_MAX_CERT_CHALLENGE_LENGTH 32 -+# define SSL2_MIN_CERT_CHALLENGE_LENGTH 16 -+# define SSL2_MAX_KEY_MATERIAL_LENGTH 24 -+ -+# ifndef HEADER_SSL_LOCL_H -+# define CERT char -+# endif -+ -+# ifndef OPENSSL_NO_SSL_INTERN -+ -+typedef struct ssl2_state_st { -+ int three_byte_header; -+ int clear_text; /* clear text */ -+ int escape; /* not used in SSLv2 */ -+ int ssl2_rollback; /* used if SSLv23 rolled back to SSLv2 */ -+ /* -+ * non-blocking io info, used to make sure the same args were passwd -+ */ -+ unsigned int wnum; /* number of bytes sent so far */ -+ int wpend_tot; -+ const unsigned char *wpend_buf; -+ int wpend_off; /* offset to data to write */ -+ int wpend_len; /* number of bytes passwd to write */ -+ int wpend_ret; /* number of bytes to return to caller */ -+ /* buffer raw data */ -+ int rbuf_left; -+ int rbuf_offs; -+ unsigned char *rbuf; -+ unsigned char *wbuf; -+ unsigned char *write_ptr; /* used to point to the start due to 2/3 byte -+ * header. */ -+ unsigned int padding; -+ unsigned int rlength; /* passed to ssl2_enc */ -+ int ract_data_length; /* Set when things are encrypted. */ -+ unsigned int wlength; /* passed to ssl2_enc */ -+ int wact_data_length; /* Set when things are decrypted. */ -+ unsigned char *ract_data; -+ unsigned char *wact_data; -+ unsigned char *mac_data; -+ unsigned char *read_key; -+ unsigned char *write_key; -+ /* Stuff specifically to do with this SSL session */ -+ unsigned int challenge_length; -+ unsigned char challenge[SSL2_MAX_CHALLENGE_LENGTH]; -+ unsigned int conn_id_length; -+ unsigned char conn_id[SSL2_MAX_CONNECTION_ID_LENGTH]; -+ unsigned int key_material_length; -+ unsigned char key_material[SSL2_MAX_KEY_MATERIAL_LENGTH * 2]; -+ unsigned long read_sequence; -+ unsigned long write_sequence; -+ struct { -+ unsigned int conn_id_length; -+ unsigned int cert_type; -+ unsigned int cert_length; -+ unsigned int csl; -+ unsigned int clear; -+ unsigned int enc; -+ unsigned char ccl[SSL2_MAX_CERT_CHALLENGE_LENGTH]; -+ unsigned int cipher_spec_length; -+ unsigned int session_id_length; -+ unsigned int clen; -+ unsigned int rlen; -+ } tmp; -+} SSL2_STATE; -+ -+# endif -+ -+/* SSLv2 */ -+/* client */ -+# define SSL2_ST_SEND_CLIENT_HELLO_A (0x10|SSL_ST_CONNECT) -+# define SSL2_ST_SEND_CLIENT_HELLO_B (0x11|SSL_ST_CONNECT) -+# define SSL2_ST_GET_SERVER_HELLO_A (0x20|SSL_ST_CONNECT) -+# define SSL2_ST_GET_SERVER_HELLO_B (0x21|SSL_ST_CONNECT) -+# define SSL2_ST_SEND_CLIENT_MASTER_KEY_A (0x30|SSL_ST_CONNECT) -+# define SSL2_ST_SEND_CLIENT_MASTER_KEY_B (0x31|SSL_ST_CONNECT) -+# define SSL2_ST_SEND_CLIENT_FINISHED_A (0x40|SSL_ST_CONNECT) -+# define SSL2_ST_SEND_CLIENT_FINISHED_B (0x41|SSL_ST_CONNECT) -+# define SSL2_ST_SEND_CLIENT_CERTIFICATE_A (0x50|SSL_ST_CONNECT) -+# define SSL2_ST_SEND_CLIENT_CERTIFICATE_B (0x51|SSL_ST_CONNECT) -+# define SSL2_ST_SEND_CLIENT_CERTIFICATE_C (0x52|SSL_ST_CONNECT) -+# define SSL2_ST_SEND_CLIENT_CERTIFICATE_D (0x53|SSL_ST_CONNECT) -+# define SSL2_ST_GET_SERVER_VERIFY_A (0x60|SSL_ST_CONNECT) -+# define SSL2_ST_GET_SERVER_VERIFY_B (0x61|SSL_ST_CONNECT) -+# define SSL2_ST_GET_SERVER_FINISHED_A (0x70|SSL_ST_CONNECT) -+# define SSL2_ST_GET_SERVER_FINISHED_B (0x71|SSL_ST_CONNECT) -+# define SSL2_ST_CLIENT_START_ENCRYPTION (0x80|SSL_ST_CONNECT) -+# define SSL2_ST_X509_GET_CLIENT_CERTIFICATE (0x90|SSL_ST_CONNECT) -+/* server */ -+# define SSL2_ST_GET_CLIENT_HELLO_A (0x10|SSL_ST_ACCEPT) -+# define SSL2_ST_GET_CLIENT_HELLO_B (0x11|SSL_ST_ACCEPT) -+# define SSL2_ST_GET_CLIENT_HELLO_C (0x12|SSL_ST_ACCEPT) -+# define SSL2_ST_SEND_SERVER_HELLO_A (0x20|SSL_ST_ACCEPT) -+# define SSL2_ST_SEND_SERVER_HELLO_B (0x21|SSL_ST_ACCEPT) -+# define SSL2_ST_GET_CLIENT_MASTER_KEY_A (0x30|SSL_ST_ACCEPT) -+# define SSL2_ST_GET_CLIENT_MASTER_KEY_B (0x31|SSL_ST_ACCEPT) -+# define SSL2_ST_SEND_SERVER_VERIFY_A (0x40|SSL_ST_ACCEPT) -+# define SSL2_ST_SEND_SERVER_VERIFY_B (0x41|SSL_ST_ACCEPT) -+# define SSL2_ST_SEND_SERVER_VERIFY_C (0x42|SSL_ST_ACCEPT) -+# define SSL2_ST_GET_CLIENT_FINISHED_A (0x50|SSL_ST_ACCEPT) -+# define SSL2_ST_GET_CLIENT_FINISHED_B (0x51|SSL_ST_ACCEPT) -+# define SSL2_ST_SEND_SERVER_FINISHED_A (0x60|SSL_ST_ACCEPT) -+# define SSL2_ST_SEND_SERVER_FINISHED_B (0x61|SSL_ST_ACCEPT) -+# define SSL2_ST_SEND_REQUEST_CERTIFICATE_A (0x70|SSL_ST_ACCEPT) -+# define SSL2_ST_SEND_REQUEST_CERTIFICATE_B (0x71|SSL_ST_ACCEPT) -+# define SSL2_ST_SEND_REQUEST_CERTIFICATE_C (0x72|SSL_ST_ACCEPT) -+# define SSL2_ST_SEND_REQUEST_CERTIFICATE_D (0x73|SSL_ST_ACCEPT) -+# define SSL2_ST_SERVER_START_ENCRYPTION (0x80|SSL_ST_ACCEPT) -+# define SSL2_ST_X509_GET_SERVER_CERTIFICATE (0x90|SSL_ST_ACCEPT) - - #ifdef __cplusplus - } -diff --git a/Cryptlib/Include/openssl/ssl23.h b/Cryptlib/Include/openssl/ssl23.h -new file mode 100644 -index 0000000..9de4685 ---- /dev/null -+++ b/Cryptlib/Include/openssl/ssl23.h -@@ -0,0 +1,84 @@ -+/* ssl/ssl23.h */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#ifndef HEADER_SSL23_H -+# define HEADER_SSL23_H -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+/* -+ * client -+ */ -+/* write to server */ -+# define SSL23_ST_CW_CLNT_HELLO_A (0x210|SSL_ST_CONNECT) -+# define SSL23_ST_CW_CLNT_HELLO_B (0x211|SSL_ST_CONNECT) -+/* read from server */ -+# define SSL23_ST_CR_SRVR_HELLO_A (0x220|SSL_ST_CONNECT) -+# define SSL23_ST_CR_SRVR_HELLO_B (0x221|SSL_ST_CONNECT) -+ -+/* server */ -+/* read from client */ -+# define SSL23_ST_SR_CLNT_HELLO_A (0x210|SSL_ST_ACCEPT) -+# define SSL23_ST_SR_CLNT_HELLO_B (0x211|SSL_ST_ACCEPT) -+ -+#ifdef __cplusplus -+} -+#endif -+#endif -diff --git a/Cryptlib/Include/openssl/ssl3.h b/Cryptlib/Include/openssl/ssl3.h -index 4ca434e..e681d50 100644 ---- a/Cryptlib/Include/openssl/ssl3.h -+++ b/Cryptlib/Include/openssl/ssl3.h -@@ -1,12 +1,113 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* ssl/ssl3.h */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+/* ==================================================================== -+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ -- - /* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECC cipher suite support in OpenSSL originally developed by -@@ -16,7 +117,9 @@ - #ifndef HEADER_SSL3_H - # define HEADER_SSL3_H - --# include -+# ifndef OPENSSL_NO_COMP -+# include -+# endif - # include - # include - # include -@@ -55,18 +158,18 @@ extern "C" { - # define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F - # define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010 - --# define SSL3_CK_DHE_DSS_DES_40_CBC_SHA 0x03000011 --# define SSL3_CK_EDH_DSS_DES_40_CBC_SHA SSL3_CK_DHE_DSS_DES_40_CBC_SHA --# define SSL3_CK_DHE_DSS_DES_64_CBC_SHA 0x03000012 --# define SSL3_CK_EDH_DSS_DES_64_CBC_SHA SSL3_CK_DHE_DSS_DES_64_CBC_SHA --# define SSL3_CK_DHE_DSS_DES_192_CBC3_SHA 0x03000013 --# define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA SSL3_CK_DHE_DSS_DES_192_CBC3_SHA --# define SSL3_CK_DHE_RSA_DES_40_CBC_SHA 0x03000014 --# define SSL3_CK_EDH_RSA_DES_40_CBC_SHA SSL3_CK_DHE_RSA_DES_40_CBC_SHA --# define SSL3_CK_DHE_RSA_DES_64_CBC_SHA 0x03000015 --# define SSL3_CK_EDH_RSA_DES_64_CBC_SHA SSL3_CK_DHE_RSA_DES_64_CBC_SHA --# define SSL3_CK_DHE_RSA_DES_192_CBC3_SHA 0x03000016 --# define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA SSL3_CK_DHE_RSA_DES_192_CBC3_SHA -+# define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011 -+# define SSL3_CK_DHE_DSS_DES_40_CBC_SHA SSL3_CK_EDH_DSS_DES_40_CBC_SHA -+# define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012 -+# define SSL3_CK_DHE_DSS_DES_64_CBC_SHA SSL3_CK_EDH_DSS_DES_64_CBC_SHA -+# define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA 0x03000013 -+# define SSL3_CK_DHE_DSS_DES_192_CBC3_SHA SSL3_CK_EDH_DSS_DES_192_CBC3_SHA -+# define SSL3_CK_EDH_RSA_DES_40_CBC_SHA 0x03000014 -+# define SSL3_CK_DHE_RSA_DES_40_CBC_SHA SSL3_CK_EDH_RSA_DES_40_CBC_SHA -+# define SSL3_CK_EDH_RSA_DES_64_CBC_SHA 0x03000015 -+# define SSL3_CK_DHE_RSA_DES_64_CBC_SHA SSL3_CK_EDH_RSA_DES_64_CBC_SHA -+# define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA 0x03000016 -+# define SSL3_CK_DHE_RSA_DES_192_CBC3_SHA SSL3_CK_EDH_RSA_DES_192_CBC3_SHA - - # define SSL3_CK_ADH_RC4_40_MD5 0x03000017 - # define SSL3_CK_ADH_RC4_128_MD5 0x03000018 -@@ -74,6 +177,37 @@ extern "C" { - # define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A - # define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B - -+# if 0 -+# define SSL3_CK_FZA_DMS_NULL_SHA 0x0300001C -+# define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D -+# if 0 /* Because it clashes with KRB5, is never -+ * used any more, and is safe to remove -+ * according to David Hopwood -+ * of the -+ * ietf-tls list */ -+# define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E -+# endif -+# endif -+ -+/* -+ * VRS Additional Kerberos5 entries -+ */ -+# define SSL3_CK_KRB5_DES_64_CBC_SHA 0x0300001E -+# define SSL3_CK_KRB5_DES_192_CBC3_SHA 0x0300001F -+# define SSL3_CK_KRB5_RC4_128_SHA 0x03000020 -+# define SSL3_CK_KRB5_IDEA_128_CBC_SHA 0x03000021 -+# define SSL3_CK_KRB5_DES_64_CBC_MD5 0x03000022 -+# define SSL3_CK_KRB5_DES_192_CBC3_MD5 0x03000023 -+# define SSL3_CK_KRB5_RC4_128_MD5 0x03000024 -+# define SSL3_CK_KRB5_IDEA_128_CBC_MD5 0x03000025 -+ -+# define SSL3_CK_KRB5_DES_40_CBC_SHA 0x03000026 -+# define SSL3_CK_KRB5_RC2_40_CBC_SHA 0x03000027 -+# define SSL3_CK_KRB5_RC4_40_SHA 0x03000028 -+# define SSL3_CK_KRB5_DES_40_CBC_MD5 0x03000029 -+# define SSL3_CK_KRB5_RC2_40_CBC_MD5 0x0300002A -+# define SSL3_CK_KRB5_RC4_40_MD5 0x0300002B -+ - # define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5" - # define SSL3_TXT_RSA_NULL_SHA "NULL-SHA" - # define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5" -@@ -117,6 +251,28 @@ extern "C" { - # define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA" - # define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA" - -+# if 0 -+# define SSL3_TXT_FZA_DMS_NULL_SHA "FZA-NULL-SHA" -+# define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA" -+# define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA" -+# endif -+ -+# define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA" -+# define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA" -+# define SSL3_TXT_KRB5_RC4_128_SHA "KRB5-RC4-SHA" -+# define SSL3_TXT_KRB5_IDEA_128_CBC_SHA "KRB5-IDEA-CBC-SHA" -+# define SSL3_TXT_KRB5_DES_64_CBC_MD5 "KRB5-DES-CBC-MD5" -+# define SSL3_TXT_KRB5_DES_192_CBC3_MD5 "KRB5-DES-CBC3-MD5" -+# define SSL3_TXT_KRB5_RC4_128_MD5 "KRB5-RC4-MD5" -+# define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 "KRB5-IDEA-CBC-MD5" -+ -+# define SSL3_TXT_KRB5_DES_40_CBC_SHA "EXP-KRB5-DES-CBC-SHA" -+# define SSL3_TXT_KRB5_RC2_40_CBC_SHA "EXP-KRB5-RC2-CBC-SHA" -+# define SSL3_TXT_KRB5_RC4_40_SHA "EXP-KRB5-RC4-SHA" -+# define SSL3_TXT_KRB5_DES_40_CBC_MD5 "EXP-KRB5-DES-CBC-MD5" -+# define SSL3_TXT_KRB5_RC2_40_CBC_MD5 "EXP-KRB5-RC2-CBC-MD5" -+# define SSL3_TXT_KRB5_RC4_40_MD5 "EXP-KRB5-RC4-MD5" -+ - # define SSL3_SSL_SESSION_ID_LENGTH 32 - # define SSL3_MAX_SSL_SESSION_ID_LENGTH 32 - -@@ -204,7 +360,7 @@ extern "C" { - # define SSL3_RT_ALERT 21 - # define SSL3_RT_HANDSHAKE 22 - # define SSL3_RT_APPLICATION_DATA 23 --# define DTLS1_RT_HEARTBEAT 24 -+# define TLS1_RT_HEARTBEAT 24 - - /* Pseudo content types to indicate additional parameters */ - # define TLS1_RT_CRYPTO 0x1000 -@@ -242,6 +398,55 @@ extern "C" { - # define TLS1_HB_REQUEST 1 - # define TLS1_HB_RESPONSE 2 - -+# ifndef OPENSSL_NO_SSL_INTERN -+ -+typedef struct ssl3_record_st { -+ /* type of record */ -+ /* -+ * r -+ */ int type; -+ /* How many bytes available */ -+ /* -+ * rw -+ */ unsigned int length; -+ /* read/write offset into 'buf' */ -+ /* -+ * r -+ */ unsigned int off; -+ /* pointer to the record data */ -+ /* -+ * rw -+ */ unsigned char *data; -+ /* where the decode bytes are */ -+ /* -+ * rw -+ */ unsigned char *input; -+ /* only used with decompression - malloc()ed */ -+ /* -+ * r -+ */ unsigned char *comp; -+ /* epoch number, needed by DTLS1 */ -+ /* -+ * r -+ */ unsigned long epoch; -+ /* sequence number, needed by DTLS1 */ -+ /* -+ * r -+ */ unsigned char seq_num[8]; -+} SSL3_RECORD; -+ -+typedef struct ssl3_buffer_st { -+ /* at least SSL3_RT_MAX_PACKET_SIZE bytes, see ssl3_setup_buffers() */ -+ unsigned char *buf; -+ /* buffer size */ -+ size_t len; -+ /* where to 'copy from' */ -+ int offset; -+ /* how many bytes left */ -+ int left; -+} SSL3_BUFFER; -+ -+# endif - - # define SSL3_CT_RSA_SIGN 1 - # define SSL3_CT_DSS_SIGN 2 -@@ -257,20 +462,282 @@ extern "C" { - # define SSL3_CT_NUMBER 9 - - # define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 -- --/* Removed from OpenSSL 1.1.0 */ --# define TLS1_FLAGS_TLS_PADDING_BUG 0x0 -- -+# define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 -+# define SSL3_FLAGS_POP_BUFFER 0x0004 -+# define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 - # define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 -+# define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020 -+/* -+ * Set when the handshake is ready to process peer's ChangeCipherSpec message. -+ * Cleared after the message has been processed. -+ */ -+# define SSL3_FLAGS_CCS_OK 0x0080 -+ -+/* SSL3_FLAGS_SGC_RESTART_DONE is no longer used */ -+# define SSL3_FLAGS_SGC_RESTART_DONE 0x0040 -+ -+# ifndef OPENSSL_NO_SSL_INTERN -+ -+typedef struct ssl3_state_st { -+ long flags; -+ int delay_buf_pop_ret; -+ unsigned char read_sequence[8]; -+ int read_mac_secret_size; -+ unsigned char read_mac_secret[EVP_MAX_MD_SIZE]; -+ unsigned char write_sequence[8]; -+ int write_mac_secret_size; -+ unsigned char write_mac_secret[EVP_MAX_MD_SIZE]; -+ unsigned char server_random[SSL3_RANDOM_SIZE]; -+ unsigned char client_random[SSL3_RANDOM_SIZE]; -+ /* flags for countermeasure against known-IV weakness */ -+ int need_empty_fragments; -+ int empty_fragment_done; -+ /* The value of 'extra' when the buffers were initialized */ -+ int init_extra; -+ SSL3_BUFFER rbuf; /* read IO goes into here */ -+ SSL3_BUFFER wbuf; /* write IO goes into here */ -+ SSL3_RECORD rrec; /* each decoded record goes in here */ -+ SSL3_RECORD wrec; /* goes out from here */ -+ /* -+ * storage for Alert/Handshake protocol data received but not yet -+ * processed by ssl3_read_bytes: -+ */ -+ unsigned char alert_fragment[2]; -+ unsigned int alert_fragment_len; -+ unsigned char handshake_fragment[4]; -+ unsigned int handshake_fragment_len; -+ /* partial write - check the numbers match */ -+ unsigned int wnum; /* number of bytes sent so far */ -+ int wpend_tot; /* number bytes written */ -+ int wpend_type; -+ int wpend_ret; /* number of bytes submitted */ -+ const unsigned char *wpend_buf; -+ /* used during startup, digest all incoming/outgoing packets */ -+ BIO *handshake_buffer; -+ /* -+ * When set of handshake digests is determined, buffer is hashed and -+ * freed and MD_CTX-es for all required digests are stored in this array -+ */ -+ EVP_MD_CTX **handshake_dgst; -+ /* -+ * Set whenever an expected ChangeCipherSpec message is processed. -+ * Unset when the peer's Finished message is received. -+ * Unexpected ChangeCipherSpec messages trigger a fatal alert. -+ */ -+ int change_cipher_spec; -+ int warn_alert; -+ int fatal_alert; -+ /* -+ * we allow one fatal and one warning alert to be outstanding, send close -+ * alert via the warning alert -+ */ -+ int alert_dispatch; -+ unsigned char send_alert[2]; -+ /* -+ * This flag is set when we should renegotiate ASAP, basically when there -+ * is no more data in the read or write buffers -+ */ -+ int renegotiate; -+ int total_renegotiations; -+ int num_renegotiations; -+ int in_read_app_data; -+ /* -+ * Opaque PRF input as used for the current handshake. These fields are -+ * used only if TLSEXT_TYPE_opaque_prf_input is defined (otherwise, they -+ * are merely present to improve binary compatibility) -+ */ -+ void *client_opaque_prf_input; -+ size_t client_opaque_prf_input_len; -+ void *server_opaque_prf_input; -+ size_t server_opaque_prf_input_len; -+ struct { -+ /* actually only needs to be 16+20 */ -+ unsigned char cert_verify_md[EVP_MAX_MD_SIZE * 2]; -+ /* actually only need to be 16+20 for SSLv3 and 12 for TLS */ -+ unsigned char finish_md[EVP_MAX_MD_SIZE * 2]; -+ int finish_md_len; -+ unsigned char peer_finish_md[EVP_MAX_MD_SIZE * 2]; -+ int peer_finish_md_len; -+ unsigned long message_size; -+ int message_type; -+ /* used to hold the new cipher we are going to use */ -+ const SSL_CIPHER *new_cipher; -+# ifndef OPENSSL_NO_DH -+ DH *dh; -+# endif -+# ifndef OPENSSL_NO_ECDH -+ EC_KEY *ecdh; /* holds short lived ECDH key */ -+# endif -+ /* used when SSL_ST_FLUSH_DATA is entered */ -+ int next_state; -+ int reuse_message; -+ /* used for certificate requests */ -+ int cert_req; -+ int ctype_num; -+ char ctype[SSL3_CT_NUMBER]; -+ STACK_OF(X509_NAME) *ca_names; -+ int use_rsa_tmp; -+ int key_block_length; -+ unsigned char *key_block; -+ const EVP_CIPHER *new_sym_enc; -+ const EVP_MD *new_hash; -+ int new_mac_pkey_type; -+ int new_mac_secret_size; -+# ifndef OPENSSL_NO_COMP -+ const SSL_COMP *new_compression; -+# else -+ char *new_compression; -+# endif -+ int cert_request; -+ } tmp; -+ -+ /* Connection binding to prevent renegotiation attacks */ -+ unsigned char previous_client_finished[EVP_MAX_MD_SIZE]; -+ unsigned char previous_client_finished_len; -+ unsigned char previous_server_finished[EVP_MAX_MD_SIZE]; -+ unsigned char previous_server_finished_len; -+ int send_connection_binding; /* TODOEKR */ -+ -+# ifndef OPENSSL_NO_NEXTPROTONEG -+ /* -+ * Set if we saw the Next Protocol Negotiation extension from our peer. -+ */ -+ int next_proto_neg_seen; -+# endif - --/* Set if we encrypt then mac instead of usual mac then encrypt */ --# define TLS1_FLAGS_ENCRYPT_THEN_MAC_READ 0x0100 --# define TLS1_FLAGS_ENCRYPT_THEN_MAC TLS1_FLAGS_ENCRYPT_THEN_MAC_READ -+# ifndef OPENSSL_NO_TLSEXT -+# ifndef OPENSSL_NO_EC -+ /* -+ * This is set to true if we believe that this is a version of Safari -+ * running on OS X 10.6 or newer. We wish to know this because Safari on -+ * 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. -+ */ -+ char is_probably_safari; -+# endif /* !OPENSSL_NO_EC */ -+ -+ /* -+ * ALPN information (we are in the process of transitioning from NPN to -+ * ALPN.) -+ */ -+ -+ /* -+ * In a server these point to the selected ALPN protocol after the -+ * ClientHello has been processed. In a client these contain the protocol -+ * that the server selected once the ServerHello has been processed. -+ */ -+ unsigned char *alpn_selected; -+ unsigned alpn_selected_len; -+# endif /* OPENSSL_NO_TLSEXT */ -+} SSL3_STATE; - --/* Set if extended master secret extension received from peer */ --# define TLS1_FLAGS_RECEIVED_EXTMS 0x0200 -+# endif - --# define TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE 0x0400 -+/* SSLv3 */ -+/* -+ * client -+ */ -+/* extra state */ -+# define SSL3_ST_CW_FLUSH (0x100|SSL_ST_CONNECT) -+# ifndef OPENSSL_NO_SCTP -+# define DTLS1_SCTP_ST_CW_WRITE_SOCK (0x310|SSL_ST_CONNECT) -+# define DTLS1_SCTP_ST_CR_READ_SOCK (0x320|SSL_ST_CONNECT) -+# endif -+/* write to server */ -+# define SSL3_ST_CW_CLNT_HELLO_A (0x110|SSL_ST_CONNECT) -+# define SSL3_ST_CW_CLNT_HELLO_B (0x111|SSL_ST_CONNECT) -+/* read from server */ -+# define SSL3_ST_CR_SRVR_HELLO_A (0x120|SSL_ST_CONNECT) -+# define SSL3_ST_CR_SRVR_HELLO_B (0x121|SSL_ST_CONNECT) -+# define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126|SSL_ST_CONNECT) -+# define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127|SSL_ST_CONNECT) -+# define SSL3_ST_CR_CERT_A (0x130|SSL_ST_CONNECT) -+# define SSL3_ST_CR_CERT_B (0x131|SSL_ST_CONNECT) -+# define SSL3_ST_CR_KEY_EXCH_A (0x140|SSL_ST_CONNECT) -+# define SSL3_ST_CR_KEY_EXCH_B (0x141|SSL_ST_CONNECT) -+# define SSL3_ST_CR_CERT_REQ_A (0x150|SSL_ST_CONNECT) -+# define SSL3_ST_CR_CERT_REQ_B (0x151|SSL_ST_CONNECT) -+# define SSL3_ST_CR_SRVR_DONE_A (0x160|SSL_ST_CONNECT) -+# define SSL3_ST_CR_SRVR_DONE_B (0x161|SSL_ST_CONNECT) -+/* write to server */ -+# define SSL3_ST_CW_CERT_A (0x170|SSL_ST_CONNECT) -+# define SSL3_ST_CW_CERT_B (0x171|SSL_ST_CONNECT) -+# define SSL3_ST_CW_CERT_C (0x172|SSL_ST_CONNECT) -+# define SSL3_ST_CW_CERT_D (0x173|SSL_ST_CONNECT) -+# define SSL3_ST_CW_KEY_EXCH_A (0x180|SSL_ST_CONNECT) -+# define SSL3_ST_CW_KEY_EXCH_B (0x181|SSL_ST_CONNECT) -+# define SSL3_ST_CW_CERT_VRFY_A (0x190|SSL_ST_CONNECT) -+# define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT) -+# define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT) -+# define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT) -+# ifndef OPENSSL_NO_NEXTPROTONEG -+# define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT) -+# define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT) -+# endif -+# define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT) -+# define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT) -+/* read from server */ -+# define SSL3_ST_CR_CHANGE_A (0x1C0|SSL_ST_CONNECT) -+# define SSL3_ST_CR_CHANGE_B (0x1C1|SSL_ST_CONNECT) -+# define SSL3_ST_CR_FINISHED_A (0x1D0|SSL_ST_CONNECT) -+# define SSL3_ST_CR_FINISHED_B (0x1D1|SSL_ST_CONNECT) -+# define SSL3_ST_CR_SESSION_TICKET_A (0x1E0|SSL_ST_CONNECT) -+# define SSL3_ST_CR_SESSION_TICKET_B (0x1E1|SSL_ST_CONNECT) -+# define SSL3_ST_CR_CERT_STATUS_A (0x1F0|SSL_ST_CONNECT) -+# define SSL3_ST_CR_CERT_STATUS_B (0x1F1|SSL_ST_CONNECT) -+ -+/* server */ -+/* extra state */ -+# define SSL3_ST_SW_FLUSH (0x100|SSL_ST_ACCEPT) -+# ifndef OPENSSL_NO_SCTP -+# define DTLS1_SCTP_ST_SW_WRITE_SOCK (0x310|SSL_ST_ACCEPT) -+# define DTLS1_SCTP_ST_SR_READ_SOCK (0x320|SSL_ST_ACCEPT) -+# endif -+/* read from client */ -+/* Do not change the number values, they do matter */ -+# define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT) -+# define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT) -+# define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT) -+# define SSL3_ST_SR_CLNT_HELLO_D (0x115|SSL_ST_ACCEPT) -+/* write to client */ -+# define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT) -+# define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT) -+# define SSL3_ST_SW_HELLO_REQ_A (0x120|SSL_ST_ACCEPT) -+# define SSL3_ST_SW_HELLO_REQ_B (0x121|SSL_ST_ACCEPT) -+# define SSL3_ST_SW_HELLO_REQ_C (0x122|SSL_ST_ACCEPT) -+# define SSL3_ST_SW_SRVR_HELLO_A (0x130|SSL_ST_ACCEPT) -+# define SSL3_ST_SW_SRVR_HELLO_B (0x131|SSL_ST_ACCEPT) -+# define SSL3_ST_SW_CERT_A (0x140|SSL_ST_ACCEPT) -+# define SSL3_ST_SW_CERT_B (0x141|SSL_ST_ACCEPT) -+# define SSL3_ST_SW_KEY_EXCH_A (0x150|SSL_ST_ACCEPT) -+# define SSL3_ST_SW_KEY_EXCH_B (0x151|SSL_ST_ACCEPT) -+# define SSL3_ST_SW_CERT_REQ_A (0x160|SSL_ST_ACCEPT) -+# define SSL3_ST_SW_CERT_REQ_B (0x161|SSL_ST_ACCEPT) -+# define SSL3_ST_SW_SRVR_DONE_A (0x170|SSL_ST_ACCEPT) -+# define SSL3_ST_SW_SRVR_DONE_B (0x171|SSL_ST_ACCEPT) -+/* read from client */ -+# define SSL3_ST_SR_CERT_A (0x180|SSL_ST_ACCEPT) -+# define SSL3_ST_SR_CERT_B (0x181|SSL_ST_ACCEPT) -+# define SSL3_ST_SR_KEY_EXCH_A (0x190|SSL_ST_ACCEPT) -+# define SSL3_ST_SR_KEY_EXCH_B (0x191|SSL_ST_ACCEPT) -+# define SSL3_ST_SR_CERT_VRFY_A (0x1A0|SSL_ST_ACCEPT) -+# define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT) -+# define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT) -+# define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT) -+# ifndef OPENSSL_NO_NEXTPROTONEG -+# define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT) -+# define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT) -+# endif -+# define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT) -+# define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT) -+/* write to client */ -+# define SSL3_ST_SW_CHANGE_A (0x1D0|SSL_ST_ACCEPT) -+# define SSL3_ST_SW_CHANGE_B (0x1D1|SSL_ST_ACCEPT) -+# define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT) -+# define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT) -+# define SSL3_ST_SW_SESSION_TICKET_A (0x1F0|SSL_ST_ACCEPT) -+# define SSL3_ST_SW_SESSION_TICKET_B (0x1F1|SSL_ST_ACCEPT) -+# define SSL3_ST_SW_CERT_STATUS_A (0x200|SSL_ST_ACCEPT) -+# define SSL3_ST_SW_CERT_STATUS_B (0x201|SSL_ST_ACCEPT) - - # define SSL3_MT_HELLO_REQUEST 0 - # define SSL3_MT_CLIENT_HELLO 1 -@@ -289,9 +756,6 @@ extern "C" { - # endif - # define DTLS1_MT_HELLO_VERIFY_REQUEST 3 - --/* Dummy message type for handling CCS like a normal handshake message */ --# define SSL3_MT_CHANGE_CIPHER_SPEC 0x0101 -- - # define SSL3_MT_CCS 1 - - /* These are used when changing over to a new cipher */ -diff --git a/Cryptlib/Include/openssl/stack.h b/Cryptlib/Include/openssl/stack.h -index 23ad3b8..eb07216 100644 ---- a/Cryptlib/Include/openssl/stack.h -+++ b/Cryptlib/Include/openssl/stack.h -@@ -1,10 +1,59 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/stack/stack.h */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #ifndef HEADER_STACK_H -@@ -14,62 +63,42 @@ - extern "C" { - #endif - --typedef struct stack_st OPENSSL_STACK; /* Use STACK_OF(...) instead */ -- --typedef int (*OPENSSL_sk_compfunc)(const void *, const void *); --typedef void (*OPENSSL_sk_freefunc)(void *); --typedef void *(*OPENSSL_sk_copyfunc)(const void *); -+typedef struct stack_st { -+ int num; -+ char **data; -+ int sorted; -+ int num_alloc; -+ int (*comp) (const void *, const void *); -+} _STACK; /* Use STACK_OF(...) instead */ - --int OPENSSL_sk_num(const OPENSSL_STACK *); --void *OPENSSL_sk_value(const OPENSSL_STACK *, int); -+# define M_sk_num(sk) ((sk) ? (sk)->num:-1) -+# define M_sk_value(sk,n) ((sk) ? (sk)->data[n] : NULL) - --void *OPENSSL_sk_set(OPENSSL_STACK *st, int i, const void *data); -+int sk_num(const _STACK *); -+void *sk_value(const _STACK *, int); - --OPENSSL_STACK *OPENSSL_sk_new(OPENSSL_sk_compfunc cmp); --OPENSSL_STACK *OPENSSL_sk_new_null(void); --void OPENSSL_sk_free(OPENSSL_STACK *); --void OPENSSL_sk_pop_free(OPENSSL_STACK *st, void (*func) (void *)); --OPENSSL_STACK *OPENSSL_sk_deep_copy(const OPENSSL_STACK *, OPENSSL_sk_copyfunc c, OPENSSL_sk_freefunc f); --int OPENSSL_sk_insert(OPENSSL_STACK *sk, const void *data, int where); --void *OPENSSL_sk_delete(OPENSSL_STACK *st, int loc); --void *OPENSSL_sk_delete_ptr(OPENSSL_STACK *st, const void *p); --int OPENSSL_sk_find(OPENSSL_STACK *st, const void *data); --int OPENSSL_sk_find_ex(OPENSSL_STACK *st, const void *data); --int OPENSSL_sk_push(OPENSSL_STACK *st, const void *data); --int OPENSSL_sk_unshift(OPENSSL_STACK *st, const void *data); --void *OPENSSL_sk_shift(OPENSSL_STACK *st); --void *OPENSSL_sk_pop(OPENSSL_STACK *st); --void OPENSSL_sk_zero(OPENSSL_STACK *st); --OPENSSL_sk_compfunc OPENSSL_sk_set_cmp_func(OPENSSL_STACK *sk, OPENSSL_sk_compfunc cmp); --OPENSSL_STACK *OPENSSL_sk_dup(const OPENSSL_STACK *st); --void OPENSSL_sk_sort(OPENSSL_STACK *st); --int OPENSSL_sk_is_sorted(const OPENSSL_STACK *st); -+void *sk_set(_STACK *, int, void *); - --# if OPENSSL_API_COMPAT < 0x10100000L --# define _STACK OPENSSL_STACK --# define sk_num OPENSSL_sk_num --# define sk_value OPENSSL_sk_value --# define sk_set OPENSSL_sk_set --# define sk_new OPENSSL_sk_new --# define sk_new_null OPENSSL_sk_new_null --# define sk_free OPENSSL_sk_free --# define sk_pop_free OPENSSL_sk_pop_free --# define sk_deep_copy OPENSSL_sk_deep_copy --# define sk_insert OPENSSL_sk_insert --# define sk_delete OPENSSL_sk_delete --# define sk_delete_ptr OPENSSL_sk_delete_ptr --# define sk_find OPENSSL_sk_find --# define sk_find_ex OPENSSL_sk_find_ex --# define sk_push OPENSSL_sk_push --# define sk_unshift OPENSSL_sk_unshift --# define sk_shift OPENSSL_sk_shift --# define sk_pop OPENSSL_sk_pop --# define sk_zero OPENSSL_sk_zero --# define sk_set_cmp_func OPENSSL_sk_set_cmp_func --# define sk_dup OPENSSL_sk_dup --# define sk_sort OPENSSL_sk_sort --# define sk_is_sorted OPENSSL_sk_is_sorted --# endif -+_STACK *sk_new(int (*cmp) (const void *, const void *)); -+_STACK *sk_new_null(void); -+void sk_free(_STACK *); -+void sk_pop_free(_STACK *st, void (*func) (void *)); -+_STACK *sk_deep_copy(_STACK *, void *(*)(void *), void (*)(void *)); -+int sk_insert(_STACK *sk, void *data, int where); -+void *sk_delete(_STACK *st, int loc); -+void *sk_delete_ptr(_STACK *st, void *p); -+int sk_find(_STACK *st, void *data); -+int sk_find_ex(_STACK *st, void *data); -+int sk_push(_STACK *st, void *data); -+int sk_unshift(_STACK *st, void *data); -+void *sk_shift(_STACK *st); -+void *sk_pop(_STACK *st); -+void sk_zero(_STACK *st); -+int (*sk_set_cmp_func(_STACK *sk, int (*c) (const void *, const void *))) -+ (const void *, const void *); -+_STACK *sk_dup(_STACK *st); -+void sk_sort(_STACK *st); -+int sk_is_sorted(const _STACK *st); - - #ifdef __cplusplus - } -diff --git a/Cryptlib/Include/openssl/symhacks.h b/Cryptlib/Include/openssl/symhacks.h -index caf1f1a..239fa4f 100644 ---- a/Cryptlib/Include/openssl/symhacks.h -+++ b/Cryptlib/Include/openssl/symhacks.h -@@ -1,10 +1,55 @@ --/* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* ==================================================================== -+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #ifndef HEADER_SYMHACKS_H -@@ -12,8 +57,427 @@ - - # include - -+/* -+ * Hacks to solve the problem with linkers incapable of handling very long -+ * symbol names. In the case of VMS, the limit is 31 characters on VMS for -+ * VAX. -+ */ -+/* -+ * Note that this affects util/libeay.num and util/ssleay.num... you may -+ * change those manually, but that's not recommended, as those files are -+ * controlled centrally and updated on Unix, and the central definition may -+ * disagree with yours, which in turn may come with shareable library -+ * incompatibilities. -+ */ -+# ifdef OPENSSL_SYS_VMS -+ -+/* Hack a long name in crypto/ex_data.c */ -+# undef CRYPTO_get_ex_data_implementation -+# define CRYPTO_get_ex_data_implementation CRYPTO_get_ex_data_impl -+# undef CRYPTO_set_ex_data_implementation -+# define CRYPTO_set_ex_data_implementation CRYPTO_set_ex_data_impl -+ -+/* Hack a long name in crypto/asn1/a_mbstr.c */ -+# undef ASN1_STRING_set_default_mask_asc -+# define ASN1_STRING_set_default_mask_asc ASN1_STRING_set_def_mask_asc -+ -+# if 0 /* No longer needed, since safestack macro -+ * magic does the job */ -+/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO) */ -+# undef i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO -+# define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO i2d_ASN1_SET_OF_PKCS7_SIGINF -+# undef d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO -+# define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO d2i_ASN1_SET_OF_PKCS7_SIGINF -+# endif -+ -+# if 0 /* No longer needed, since safestack macro -+ * magic does the job */ -+/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO) */ -+# undef i2d_ASN1_SET_OF_PKCS7_RECIP_INFO -+# define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO i2d_ASN1_SET_OF_PKCS7_RECINF -+# undef d2i_ASN1_SET_OF_PKCS7_RECIP_INFO -+# define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO d2i_ASN1_SET_OF_PKCS7_RECINF -+# endif -+ -+# if 0 /* No longer needed, since safestack macro -+ * magic does the job */ -+/* Hack the names created with DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION) */ -+# undef i2d_ASN1_SET_OF_ACCESS_DESCRIPTION -+# define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION i2d_ASN1_SET_OF_ACC_DESC -+# undef d2i_ASN1_SET_OF_ACCESS_DESCRIPTION -+# define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION d2i_ASN1_SET_OF_ACC_DESC -+# endif -+ -+/* Hack the names created with DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE) */ -+# undef PEM_read_NETSCAPE_CERT_SEQUENCE -+# define PEM_read_NETSCAPE_CERT_SEQUENCE PEM_read_NS_CERT_SEQ -+# undef PEM_write_NETSCAPE_CERT_SEQUENCE -+# define PEM_write_NETSCAPE_CERT_SEQUENCE PEM_write_NS_CERT_SEQ -+# undef PEM_read_bio_NETSCAPE_CERT_SEQUENCE -+# define PEM_read_bio_NETSCAPE_CERT_SEQUENCE PEM_read_bio_NS_CERT_SEQ -+# undef PEM_write_bio_NETSCAPE_CERT_SEQUENCE -+# define PEM_write_bio_NETSCAPE_CERT_SEQUENCE PEM_write_bio_NS_CERT_SEQ -+# undef PEM_write_cb_bio_NETSCAPE_CERT_SEQUENCE -+# define PEM_write_cb_bio_NETSCAPE_CERT_SEQUENCE PEM_write_cb_bio_NS_CERT_SEQ -+ -+/* Hack the names created with DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO) */ -+# undef PEM_read_PKCS8_PRIV_KEY_INFO -+# define PEM_read_PKCS8_PRIV_KEY_INFO PEM_read_P8_PRIV_KEY_INFO -+# undef PEM_write_PKCS8_PRIV_KEY_INFO -+# define PEM_write_PKCS8_PRIV_KEY_INFO PEM_write_P8_PRIV_KEY_INFO -+# undef PEM_read_bio_PKCS8_PRIV_KEY_INFO -+# define PEM_read_bio_PKCS8_PRIV_KEY_INFO PEM_read_bio_P8_PRIV_KEY_INFO -+# undef PEM_write_bio_PKCS8_PRIV_KEY_INFO -+# define PEM_write_bio_PKCS8_PRIV_KEY_INFO PEM_write_bio_P8_PRIV_KEY_INFO -+# undef PEM_write_cb_bio_PKCS8_PRIV_KEY_INFO -+# define PEM_write_cb_bio_PKCS8_PRIV_KEY_INFO PEM_wrt_cb_bio_P8_PRIV_KEY_INFO -+ -+/* Hack other PEM names */ -+# undef PEM_write_bio_PKCS8PrivateKey_nid -+# define PEM_write_bio_PKCS8PrivateKey_nid PEM_write_bio_PKCS8PrivKey_nid -+ -+/* Hack some long X509 names */ -+# undef X509_REVOKED_get_ext_by_critical -+# define X509_REVOKED_get_ext_by_critical X509_REVOKED_get_ext_by_critic -+# undef X509_policy_tree_get0_user_policies -+# define X509_policy_tree_get0_user_policies X509_pcy_tree_get0_usr_policies -+# undef X509_policy_node_get0_qualifiers -+# define X509_policy_node_get0_qualifiers X509_pcy_node_get0_qualifiers -+# undef X509_STORE_CTX_get_explicit_policy -+# define X509_STORE_CTX_get_explicit_policy X509_STORE_CTX_get_expl_policy -+# undef X509_STORE_CTX_get0_current_issuer -+# define X509_STORE_CTX_get0_current_issuer X509_STORE_CTX_get0_cur_issuer -+ -+/* Hack some long CRYPTO names */ -+# undef CRYPTO_set_dynlock_destroy_callback -+# define CRYPTO_set_dynlock_destroy_callback CRYPTO_set_dynlock_destroy_cb -+# undef CRYPTO_set_dynlock_create_callback -+# define CRYPTO_set_dynlock_create_callback CRYPTO_set_dynlock_create_cb -+# undef CRYPTO_set_dynlock_lock_callback -+# define CRYPTO_set_dynlock_lock_callback CRYPTO_set_dynlock_lock_cb -+# undef CRYPTO_get_dynlock_lock_callback -+# define CRYPTO_get_dynlock_lock_callback CRYPTO_get_dynlock_lock_cb -+# undef CRYPTO_get_dynlock_destroy_callback -+# define CRYPTO_get_dynlock_destroy_callback CRYPTO_get_dynlock_destroy_cb -+# undef CRYPTO_get_dynlock_create_callback -+# define CRYPTO_get_dynlock_create_callback CRYPTO_get_dynlock_create_cb -+# undef CRYPTO_set_locked_mem_ex_functions -+# define CRYPTO_set_locked_mem_ex_functions CRYPTO_set_locked_mem_ex_funcs -+# undef CRYPTO_get_locked_mem_ex_functions -+# define CRYPTO_get_locked_mem_ex_functions CRYPTO_get_locked_mem_ex_funcs -+ -+/* Hack some long SSL/TLS names */ -+# undef SSL_CTX_set_default_verify_paths -+# define SSL_CTX_set_default_verify_paths SSL_CTX_set_def_verify_paths -+# undef SSL_get_ex_data_X509_STORE_CTX_idx -+# define SSL_get_ex_data_X509_STORE_CTX_idx SSL_get_ex_d_X509_STORE_CTX_idx -+# undef SSL_add_file_cert_subjects_to_stack -+# define SSL_add_file_cert_subjects_to_stack SSL_add_file_cert_subjs_to_stk -+# undef SSL_add_dir_cert_subjects_to_stack -+# define SSL_add_dir_cert_subjects_to_stack SSL_add_dir_cert_subjs_to_stk -+# undef SSL_CTX_use_certificate_chain_file -+# define SSL_CTX_use_certificate_chain_file SSL_CTX_use_cert_chain_file -+# undef SSL_CTX_set_cert_verify_callback -+# define SSL_CTX_set_cert_verify_callback SSL_CTX_set_cert_verify_cb -+# undef SSL_CTX_set_default_passwd_cb_userdata -+# define SSL_CTX_set_default_passwd_cb_userdata SSL_CTX_set_def_passwd_cb_ud -+# undef SSL_COMP_get_compression_methods -+# define SSL_COMP_get_compression_methods SSL_COMP_get_compress_methods -+# undef SSL_COMP_set0_compression_methods -+# define SSL_COMP_set0_compression_methods SSL_COMP_set0_compress_methods -+# undef SSL_COMP_free_compression_methods -+# define SSL_COMP_free_compression_methods SSL_COMP_free_compress_methods -+# undef ssl_add_clienthello_renegotiate_ext -+# define ssl_add_clienthello_renegotiate_ext ssl_add_clienthello_reneg_ext -+# undef ssl_add_serverhello_renegotiate_ext -+# define ssl_add_serverhello_renegotiate_ext ssl_add_serverhello_reneg_ext -+# undef ssl_parse_clienthello_renegotiate_ext -+# define ssl_parse_clienthello_renegotiate_ext ssl_parse_clienthello_reneg_ext -+# undef ssl_parse_serverhello_renegotiate_ext -+# define ssl_parse_serverhello_renegotiate_ext ssl_parse_serverhello_reneg_ext -+# undef SSL_srp_server_param_with_username -+# define SSL_srp_server_param_with_username SSL_srp_server_param_with_un -+# undef SSL_CTX_set_srp_client_pwd_callback -+# define SSL_CTX_set_srp_client_pwd_callback SSL_CTX_set_srp_client_pwd_cb -+# undef SSL_CTX_set_srp_verify_param_callback -+# define SSL_CTX_set_srp_verify_param_callback SSL_CTX_set_srp_vfy_param_cb -+# undef SSL_CTX_set_srp_username_callback -+# define SSL_CTX_set_srp_username_callback SSL_CTX_set_srp_un_cb -+# undef ssl_add_clienthello_use_srtp_ext -+# define ssl_add_clienthello_use_srtp_ext ssl_add_clihello_use_srtp_ext -+# undef ssl_add_serverhello_use_srtp_ext -+# define ssl_add_serverhello_use_srtp_ext ssl_add_serhello_use_srtp_ext -+# undef ssl_parse_clienthello_use_srtp_ext -+# define ssl_parse_clienthello_use_srtp_ext ssl_parse_clihello_use_srtp_ext -+# undef ssl_parse_serverhello_use_srtp_ext -+# define ssl_parse_serverhello_use_srtp_ext ssl_parse_serhello_use_srtp_ext -+# undef SSL_CTX_set_next_protos_advertised_cb -+# define SSL_CTX_set_next_protos_advertised_cb SSL_CTX_set_next_protos_adv_cb -+# undef SSL_CTX_set_next_proto_select_cb -+# define SSL_CTX_set_next_proto_select_cb SSL_CTX_set_next_proto_sel_cb -+ -+# undef tls1_send_server_supplemental_data -+# define tls1_send_server_supplemental_data tls1_send_server_suppl_data -+# undef tls1_send_client_supplemental_data -+# define tls1_send_client_supplemental_data tls1_send_client_suppl_data -+# undef tls1_get_server_supplemental_data -+# define tls1_get_server_supplemental_data tls1_get_server_suppl_data -+# undef tls1_get_client_supplemental_data -+# define tls1_get_client_supplemental_data tls1_get_client_suppl_data -+ -+# undef ssl3_cbc_record_digest_supported -+# define ssl3_cbc_record_digest_supported ssl3_cbc_record_digest_support -+# undef ssl_check_clienthello_tlsext_late -+# define ssl_check_clienthello_tlsext_late ssl_check_clihello_tlsext_late -+# undef ssl_check_clienthello_tlsext_early -+# define ssl_check_clienthello_tlsext_early ssl_check_clihello_tlsext_early -+ -+/* Hack some RSA long names */ -+# undef RSA_padding_check_PKCS1_OAEP_mgf1 -+# define RSA_padding_check_PKCS1_OAEP_mgf1 RSA_pad_check_PKCS1_OAEP_mgf1 -+ -+/* Hack some ENGINE long names */ -+# undef ENGINE_get_default_BN_mod_exp_crt -+# define ENGINE_get_default_BN_mod_exp_crt ENGINE_get_def_BN_mod_exp_crt -+# undef ENGINE_set_default_BN_mod_exp_crt -+# define ENGINE_set_default_BN_mod_exp_crt ENGINE_set_def_BN_mod_exp_crt -+# undef ENGINE_set_load_privkey_function -+# define ENGINE_set_load_privkey_function ENGINE_set_load_privkey_fn -+# undef ENGINE_get_load_privkey_function -+# define ENGINE_get_load_privkey_function ENGINE_get_load_privkey_fn -+# undef ENGINE_unregister_pkey_asn1_meths -+# define ENGINE_unregister_pkey_asn1_meths ENGINE_unreg_pkey_asn1_meths -+# undef ENGINE_register_all_pkey_asn1_meths -+# define ENGINE_register_all_pkey_asn1_meths ENGINE_reg_all_pkey_asn1_meths -+# undef ENGINE_set_default_pkey_asn1_meths -+# define ENGINE_set_default_pkey_asn1_meths ENGINE_set_def_pkey_asn1_meths -+# undef ENGINE_get_pkey_asn1_meth_engine -+# define ENGINE_get_pkey_asn1_meth_engine ENGINE_get_pkey_asn1_meth_eng -+# undef ENGINE_set_load_ssl_client_cert_function -+# define ENGINE_set_load_ssl_client_cert_function \ -+ ENGINE_set_ld_ssl_clnt_cert_fn -+# undef ENGINE_get_ssl_client_cert_function -+# define ENGINE_get_ssl_client_cert_function ENGINE_get_ssl_client_cert_fn -+ -+/* Hack some long OCSP names */ -+# undef OCSP_REQUEST_get_ext_by_critical -+# define OCSP_REQUEST_get_ext_by_critical OCSP_REQUEST_get_ext_by_crit -+# undef OCSP_BASICRESP_get_ext_by_critical -+# define OCSP_BASICRESP_get_ext_by_critical OCSP_BASICRESP_get_ext_by_crit -+# undef OCSP_SINGLERESP_get_ext_by_critical -+# define OCSP_SINGLERESP_get_ext_by_critical OCSP_SINGLERESP_get_ext_by_crit -+ -+/* Hack some long DES names */ -+# undef _ossl_old_des_ede3_cfb64_encrypt -+# define _ossl_old_des_ede3_cfb64_encrypt _ossl_odes_ede3_cfb64_encrypt -+# undef _ossl_old_des_ede3_ofb64_encrypt -+# define _ossl_old_des_ede3_ofb64_encrypt _ossl_odes_ede3_ofb64_encrypt -+ -+/* Hack some long EVP names */ -+# undef OPENSSL_add_all_algorithms_noconf -+# define OPENSSL_add_all_algorithms_noconf OPENSSL_add_all_algo_noconf -+# undef OPENSSL_add_all_algorithms_conf -+# define OPENSSL_add_all_algorithms_conf OPENSSL_add_all_algo_conf -+# undef EVP_PKEY_meth_set_verify_recover -+# define EVP_PKEY_meth_set_verify_recover EVP_PKEY_meth_set_vrfy_recover -+ -+/* Hack some long EC names */ -+# undef EC_GROUP_set_point_conversion_form -+# define EC_GROUP_set_point_conversion_form EC_GROUP_set_point_conv_form -+# undef EC_GROUP_get_point_conversion_form -+# define EC_GROUP_get_point_conversion_form EC_GROUP_get_point_conv_form -+# undef EC_GROUP_clear_free_all_extra_data -+# define EC_GROUP_clear_free_all_extra_data EC_GROUP_clr_free_all_xtra_data -+# undef EC_KEY_set_public_key_affine_coordinates -+# define EC_KEY_set_public_key_affine_coordinates \ -+ EC_KEY_set_pub_key_aff_coords -+# undef EC_POINT_set_Jprojective_coordinates_GFp -+# define EC_POINT_set_Jprojective_coordinates_GFp \ -+ EC_POINT_set_Jproj_coords_GFp -+# undef EC_POINT_get_Jprojective_coordinates_GFp -+# define EC_POINT_get_Jprojective_coordinates_GFp \ -+ EC_POINT_get_Jproj_coords_GFp -+# undef EC_POINT_set_affine_coordinates_GFp -+# define EC_POINT_set_affine_coordinates_GFp EC_POINT_set_affine_coords_GFp -+# undef EC_POINT_get_affine_coordinates_GFp -+# define EC_POINT_get_affine_coordinates_GFp EC_POINT_get_affine_coords_GFp -+# undef EC_POINT_set_compressed_coordinates_GFp -+# define EC_POINT_set_compressed_coordinates_GFp EC_POINT_set_compr_coords_GFp -+# undef EC_POINT_set_affine_coordinates_GF2m -+# define EC_POINT_set_affine_coordinates_GF2m EC_POINT_set_affine_coords_GF2m -+# undef EC_POINT_get_affine_coordinates_GF2m -+# define EC_POINT_get_affine_coordinates_GF2m EC_POINT_get_affine_coords_GF2m -+# undef EC_POINT_set_compressed_coordinates_GF2m -+# define EC_POINT_set_compressed_coordinates_GF2m \ -+ EC_POINT_set_compr_coords_GF2m -+# undef ec_GF2m_simple_group_clear_finish -+# define ec_GF2m_simple_group_clear_finish ec_GF2m_simple_grp_clr_finish -+# undef ec_GF2m_simple_group_check_discriminant -+# define ec_GF2m_simple_group_check_discriminant ec_GF2m_simple_grp_chk_discrim -+# undef ec_GF2m_simple_point_clear_finish -+# define ec_GF2m_simple_point_clear_finish ec_GF2m_simple_pt_clr_finish -+# undef ec_GF2m_simple_point_set_to_infinity -+# define ec_GF2m_simple_point_set_to_infinity ec_GF2m_simple_pt_set_to_inf -+# undef ec_GF2m_simple_points_make_affine -+# define ec_GF2m_simple_points_make_affine ec_GF2m_simple_pts_make_affine -+# undef ec_GF2m_simple_point_set_affine_coordinates -+# define ec_GF2m_simple_point_set_affine_coordinates \ -+ ec_GF2m_smp_pt_set_af_coords -+# undef ec_GF2m_simple_point_get_affine_coordinates -+# define ec_GF2m_simple_point_get_affine_coordinates \ -+ ec_GF2m_smp_pt_get_af_coords -+# undef ec_GF2m_simple_set_compressed_coordinates -+# define ec_GF2m_simple_set_compressed_coordinates \ -+ ec_GF2m_smp_set_compr_coords -+# undef ec_GFp_simple_group_set_curve_GFp -+# define ec_GFp_simple_group_set_curve_GFp ec_GFp_simple_grp_set_curve_GFp -+# undef ec_GFp_simple_group_get_curve_GFp -+# define ec_GFp_simple_group_get_curve_GFp ec_GFp_simple_grp_get_curve_GFp -+# undef ec_GFp_simple_group_clear_finish -+# define ec_GFp_simple_group_clear_finish ec_GFp_simple_grp_clear_finish -+# undef ec_GFp_simple_group_set_generator -+# define ec_GFp_simple_group_set_generator ec_GFp_simple_grp_set_generator -+# undef ec_GFp_simple_group_get0_generator -+# define ec_GFp_simple_group_get0_generator ec_GFp_simple_grp_gt0_generator -+# undef ec_GFp_simple_group_get_cofactor -+# define ec_GFp_simple_group_get_cofactor ec_GFp_simple_grp_get_cofactor -+# undef ec_GFp_simple_point_clear_finish -+# define ec_GFp_simple_point_clear_finish ec_GFp_simple_pt_clear_finish -+# undef ec_GFp_simple_point_set_to_infinity -+# define ec_GFp_simple_point_set_to_infinity ec_GFp_simple_pt_set_to_inf -+# undef ec_GFp_simple_points_make_affine -+# define ec_GFp_simple_points_make_affine ec_GFp_simple_pts_make_affine -+# undef ec_GFp_simple_set_Jprojective_coordinates_GFp -+# define ec_GFp_simple_set_Jprojective_coordinates_GFp \ -+ ec_GFp_smp_set_Jproj_coords_GFp -+# undef ec_GFp_simple_get_Jprojective_coordinates_GFp -+# define ec_GFp_simple_get_Jprojective_coordinates_GFp \ -+ ec_GFp_smp_get_Jproj_coords_GFp -+# undef ec_GFp_simple_point_set_affine_coordinates_GFp -+# define ec_GFp_simple_point_set_affine_coordinates_GFp \ -+ ec_GFp_smp_pt_set_af_coords_GFp -+# undef ec_GFp_simple_point_get_affine_coordinates_GFp -+# define ec_GFp_simple_point_get_affine_coordinates_GFp \ -+ ec_GFp_smp_pt_get_af_coords_GFp -+# undef ec_GFp_simple_set_compressed_coordinates_GFp -+# define ec_GFp_simple_set_compressed_coordinates_GFp \ -+ ec_GFp_smp_set_compr_coords_GFp -+# undef ec_GFp_simple_point_set_affine_coordinates -+# define ec_GFp_simple_point_set_affine_coordinates \ -+ ec_GFp_smp_pt_set_af_coords -+# undef ec_GFp_simple_point_get_affine_coordinates -+# define ec_GFp_simple_point_get_affine_coordinates \ -+ ec_GFp_smp_pt_get_af_coords -+# undef ec_GFp_simple_set_compressed_coordinates -+# define ec_GFp_simple_set_compressed_coordinates \ -+ ec_GFp_smp_set_compr_coords -+# undef ec_GFp_simple_group_check_discriminant -+# define ec_GFp_simple_group_check_discriminant ec_GFp_simple_grp_chk_discrim -+ -+/* Hack som long STORE names */ -+# undef STORE_method_set_initialise_function -+# define STORE_method_set_initialise_function STORE_meth_set_initialise_fn -+# undef STORE_method_set_cleanup_function -+# define STORE_method_set_cleanup_function STORE_meth_set_cleanup_fn -+# undef STORE_method_set_generate_function -+# define STORE_method_set_generate_function STORE_meth_set_generate_fn -+# undef STORE_method_set_modify_function -+# define STORE_method_set_modify_function STORE_meth_set_modify_fn -+# undef STORE_method_set_revoke_function -+# define STORE_method_set_revoke_function STORE_meth_set_revoke_fn -+# undef STORE_method_set_delete_function -+# define STORE_method_set_delete_function STORE_meth_set_delete_fn -+# undef STORE_method_set_list_start_function -+# define STORE_method_set_list_start_function STORE_meth_set_list_start_fn -+# undef STORE_method_set_list_next_function -+# define STORE_method_set_list_next_function STORE_meth_set_list_next_fn -+# undef STORE_method_set_list_end_function -+# define STORE_method_set_list_end_function STORE_meth_set_list_end_fn -+# undef STORE_method_set_update_store_function -+# define STORE_method_set_update_store_function STORE_meth_set_update_store_fn -+# undef STORE_method_set_lock_store_function -+# define STORE_method_set_lock_store_function STORE_meth_set_lock_store_fn -+# undef STORE_method_set_unlock_store_function -+# define STORE_method_set_unlock_store_function STORE_meth_set_unlock_store_fn -+# undef STORE_method_get_initialise_function -+# define STORE_method_get_initialise_function STORE_meth_get_initialise_fn -+# undef STORE_method_get_cleanup_function -+# define STORE_method_get_cleanup_function STORE_meth_get_cleanup_fn -+# undef STORE_method_get_generate_function -+# define STORE_method_get_generate_function STORE_meth_get_generate_fn -+# undef STORE_method_get_modify_function -+# define STORE_method_get_modify_function STORE_meth_get_modify_fn -+# undef STORE_method_get_revoke_function -+# define STORE_method_get_revoke_function STORE_meth_get_revoke_fn -+# undef STORE_method_get_delete_function -+# define STORE_method_get_delete_function STORE_meth_get_delete_fn -+# undef STORE_method_get_list_start_function -+# define STORE_method_get_list_start_function STORE_meth_get_list_start_fn -+# undef STORE_method_get_list_next_function -+# define STORE_method_get_list_next_function STORE_meth_get_list_next_fn -+# undef STORE_method_get_list_end_function -+# define STORE_method_get_list_end_function STORE_meth_get_list_end_fn -+# undef STORE_method_get_update_store_function -+# define STORE_method_get_update_store_function STORE_meth_get_update_store_fn -+# undef STORE_method_get_lock_store_function -+# define STORE_method_get_lock_store_function STORE_meth_get_lock_store_fn -+# undef STORE_method_get_unlock_store_function -+# define STORE_method_get_unlock_store_function STORE_meth_get_unlock_store_fn -+ -+/* Hack some long TS names */ -+# undef TS_RESP_CTX_set_status_info_cond -+# define TS_RESP_CTX_set_status_info_cond TS_RESP_CTX_set_stat_info_cond -+# undef TS_RESP_CTX_set_clock_precision_digits -+# define TS_RESP_CTX_set_clock_precision_digits TS_RESP_CTX_set_clk_prec_digits -+# undef TS_CONF_set_clock_precision_digits -+# define TS_CONF_set_clock_precision_digits TS_CONF_set_clk_prec_digits -+ -+/* Hack some long CMS names */ -+# undef CMS_RecipientInfo_ktri_get0_algs -+# define CMS_RecipientInfo_ktri_get0_algs CMS_RecipInfo_ktri_get0_algs -+# undef CMS_RecipientInfo_ktri_get0_signer_id -+# define CMS_RecipientInfo_ktri_get0_signer_id CMS_RecipInfo_ktri_get0_sigr_id -+# undef CMS_OtherRevocationInfoFormat_it -+# define CMS_OtherRevocationInfoFormat_it CMS_OtherRevocInfoFormat_it -+# undef CMS_KeyAgreeRecipientIdentifier_it -+# define CMS_KeyAgreeRecipientIdentifier_it CMS_KeyAgreeRecipIdentifier_it -+# undef CMS_OriginatorIdentifierOrKey_it -+# define CMS_OriginatorIdentifierOrKey_it CMS_OriginatorIdOrKey_it -+# undef cms_SignerIdentifier_get0_signer_id -+# define cms_SignerIdentifier_get0_signer_id cms_SignerId_get0_signer_id -+# undef CMS_RecipientInfo_kari_get0_orig_id -+# define CMS_RecipientInfo_kari_get0_orig_id CMS_RecipInfo_kari_get0_orig_id -+# undef CMS_RecipientInfo_kari_get0_reks -+# define CMS_RecipientInfo_kari_get0_reks CMS_RecipInfo_kari_get0_reks -+# undef CMS_RecipientEncryptedKey_cert_cmp -+# define CMS_RecipientEncryptedKey_cert_cmp CMS_RecipEncryptedKey_cert_cmp -+# undef CMS_RecipientInfo_kari_set0_pkey -+# define CMS_RecipientInfo_kari_set0_pkey CMS_RecipInfo_kari_set0_pkey -+# undef CMS_RecipientEncryptedKey_get0_id -+# define CMS_RecipientEncryptedKey_get0_id CMS_RecipEncryptedKey_get0_id -+# undef CMS_RecipientInfo_kari_orig_id_cmp -+# define CMS_RecipientInfo_kari_orig_id_cmp CMS_RecipInfo_kari_orig_id_cmp -+ -+/* Hack some long DTLS1 names */ -+# undef dtls1_retransmit_buffered_messages -+# define dtls1_retransmit_buffered_messages dtls1_retransmit_buffered_msgs -+ -+/* Hack some long SRP names */ -+# undef SRP_generate_server_master_secret -+# define SRP_generate_server_master_secret SRP_gen_server_master_secret -+# undef SRP_generate_client_master_secret -+# define SRP_generate_client_master_secret SRP_gen_client_master_secret -+ -+/* Hack some long UI names */ -+# undef UI_method_get_prompt_constructor -+# define UI_method_get_prompt_constructor UI_method_get_prompt_constructr -+# undef UI_method_set_prompt_constructor -+# define UI_method_set_prompt_constructor UI_method_set_prompt_constructr -+ -+# endif /* defined OPENSSL_SYS_VMS */ -+ - /* Case insensitive linking causes problems.... */ --# if defined(OPENSSL_SYS_VMS) -+# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) - # undef ERR_load_CRYPTO_strings - # define ERR_load_CRYPTO_strings ERR_load_CRYPTOlib_strings - # undef OCSP_crlID_new -diff --git a/Cryptlib/Include/openssl/tls1.h b/Cryptlib/Include/openssl/tls1.h -index 23e382c..7e237d0 100644 ---- a/Cryptlib/Include/openssl/tls1.h -+++ b/Cryptlib/Include/openssl/tls1.h -@@ -1,12 +1,113 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* ssl/tls1.h */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+/* ==================================================================== -+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ -- - /* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * -@@ -51,25 +152,18 @@ - # define HEADER_TLS1_H - - # include --# include - - #ifdef __cplusplus - extern "C" { - #endif - --/* Default security level if not overridden at config time */ --# ifndef OPENSSL_TLS_SECURITY_LEVEL --# define OPENSSL_TLS_SECURITY_LEVEL 1 --# endif -+# define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0 - - # define TLS1_VERSION 0x0301 - # define TLS1_1_VERSION 0x0302 - # define TLS1_2_VERSION 0x0303 - # define TLS_MAX_VERSION TLS1_2_VERSION - --/* Special value for method supporting multiple versions */ --# define TLS_ANY_VERSION 0x10000 -- - # define TLS1_VERSION_MAJOR 0x03 - # define TLS1_VERSION_MINOR 0x01 - -@@ -80,10 +174,10 @@ extern "C" { - # define TLS1_2_VERSION_MINOR 0x03 - - # define TLS1_get_version(s) \ -- ((SSL_version(s) >> 8) == TLS1_VERSION_MAJOR ? SSL_version(s) : 0) -+ ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0) - - # define TLS1_get_client_version(s) \ -- ((SSL_client_version(s) >> 8) == TLS1_VERSION_MAJOR ? SSL_client_version(s) : 0) -+ ((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0) - - # define TLS1_AD_DECRYPTION_FAILED 21 - # define TLS1_AD_RECORD_OVERFLOW 22 -@@ -105,7 +199,6 @@ extern "C" { - # define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113 - # define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114 - # define TLS1_AD_UNKNOWN_PSK_IDENTITY 115/* fatal */ --# define TLS1_AD_NO_APPLICATION_PROTOCOL 120 /* fatal */ - - /* ExtensionType values from RFC3546 / RFC4366 / RFC6066 */ - # define TLSEXT_TYPE_server_name 0 -@@ -141,27 +234,25 @@ extern "C" { - /* ExtensionType value from RFC7301 */ - # define TLSEXT_TYPE_application_layer_protocol_negotiation 16 - --/* -- * Extension type for Certificate Transparency -- * https://tools.ietf.org/html/rfc6962#section-3.3.1 -- */ --# define TLSEXT_TYPE_signed_certificate_timestamp 18 -- - /* - * ExtensionType value for TLS padding extension. - * http://tools.ietf.org/html/draft-agl-tls-padding - */ - # define TLSEXT_TYPE_padding 21 - --/* ExtensionType value from RFC7366 */ --# define TLSEXT_TYPE_encrypt_then_mac 22 -- --/* ExtensionType value from RFC7627 */ --# define TLSEXT_TYPE_extended_master_secret 23 -- - /* ExtensionType value from RFC4507 */ - # define TLSEXT_TYPE_session_ticket 35 - -+/* ExtensionType value from draft-rescorla-tls-opaque-prf-input-00.txt */ -+# if 0 -+/* -+ * will have to be provided externally for now , -+ * i.e. build with -DTLSEXT_TYPE_opaque_prf_input=38183 -+ * using whatever extension number you'd like to try -+ */ -+# define TLSEXT_TYPE_opaque_prf_input ?? -+# endif -+ - /* Temporary extension type */ - # define TLSEXT_TYPE_renegotiate 0xff01 - -@@ -187,12 +278,9 @@ extern "C" { - # define TLSEXT_signature_rsa 1 - # define TLSEXT_signature_dsa 2 - # define TLSEXT_signature_ecdsa 3 --# define TLSEXT_signature_gostr34102001 237 --# define TLSEXT_signature_gostr34102012_256 238 --# define TLSEXT_signature_gostr34102012_512 239 - - /* Total number of different signature algorithms */ --# define TLSEXT_signature_num 7 -+# define TLSEXT_signature_num 4 - - # define TLSEXT_hash_none 0 - # define TLSEXT_hash_md5 1 -@@ -201,13 +289,10 @@ extern "C" { - # define TLSEXT_hash_sha256 4 - # define TLSEXT_hash_sha384 5 - # define TLSEXT_hash_sha512 6 --# define TLSEXT_hash_gostr3411 237 --# define TLSEXT_hash_gostr34112012_256 238 --# define TLSEXT_hash_gostr34112012_512 239 - - /* Total number of different digest algorithms */ - --# define TLSEXT_hash_num 10 -+# define TLSEXT_hash_num 7 - - /* Flag set for unrecognised algorithms */ - # define TLSEXT_nid_unknown 0x1000000 -@@ -217,10 +302,12 @@ extern "C" { - # define TLSEXT_curve_P_256 23 - # define TLSEXT_curve_P_384 24 - --# define TLSEXT_MAXLEN_host_name 255 -+# ifndef OPENSSL_NO_TLSEXT -+ -+# define TLSEXT_MAXLEN_host_name 255 - --__owur const char *SSL_get_servername(const SSL *s, const int type); --__owur int SSL_get_servername_type(const SSL *s); -+const char *SSL_get_servername(const SSL *s, const int type); -+int SSL_get_servername_type(const SSL *s); - /* - * SSL_export_keying_material exports a value derived from the master secret, - * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and -@@ -228,7 +315,7 @@ __owur int SSL_get_servername_type(const SSL *s); - * flag controls whether a context is included.) It returns 1 on success and - * zero otherwise. - */ --__owur int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, -+int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, - const char *label, size_t llen, - const unsigned char *p, size_t plen, - int use_context); -@@ -241,102 +328,79 @@ int SSL_get_shared_sigalgs(SSL *s, int idx, - int *psign, int *phash, int *psignandhash, - unsigned char *rsig, unsigned char *rhash); - --__owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain); -+int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain); - --# define SSL_set_tlsext_host_name(s,name) \ -+# define SSL_set_tlsext_host_name(s,name) \ - SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name) - --# define SSL_set_tlsext_debug_callback(ssl, cb) \ -+# define SSL_set_tlsext_debug_callback(ssl, cb) \ - SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb) - --# define SSL_set_tlsext_debug_arg(ssl, arg) \ -+# define SSL_set_tlsext_debug_arg(ssl, arg) \ - SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg) - --# define SSL_get_tlsext_status_type(ssl) \ --SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE,0, NULL) -- --# define SSL_set_tlsext_status_type(ssl, type) \ -+# define SSL_set_tlsext_status_type(ssl, type) \ - SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL) - --# define SSL_get_tlsext_status_exts(ssl, arg) \ -+# define SSL_get_tlsext_status_exts(ssl, arg) \ - SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg) - --# define SSL_set_tlsext_status_exts(ssl, arg) \ -+# define SSL_set_tlsext_status_exts(ssl, arg) \ - SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg) - --# define SSL_get_tlsext_status_ids(ssl, arg) \ -+# define SSL_get_tlsext_status_ids(ssl, arg) \ - SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg) - --# define SSL_set_tlsext_status_ids(ssl, arg) \ -+# define SSL_set_tlsext_status_ids(ssl, arg) \ - SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg) - --# define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \ -+# define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \ - SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0, (void *)arg) - --# define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \ -+# define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \ - SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen, (void *)arg) - --# define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \ -+# define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \ - SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb) - --# define SSL_TLSEXT_ERR_OK 0 --# define SSL_TLSEXT_ERR_ALERT_WARNING 1 --# define SSL_TLSEXT_ERR_ALERT_FATAL 2 --# define SSL_TLSEXT_ERR_NOACK 3 -+# define SSL_TLSEXT_ERR_OK 0 -+# define SSL_TLSEXT_ERR_ALERT_WARNING 1 -+# define SSL_TLSEXT_ERR_ALERT_FATAL 2 -+# define SSL_TLSEXT_ERR_NOACK 3 - --# define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \ -+# define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg) - --# define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \ -+# define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \ - SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLSEXT_TICKET_KEYS,(keylen),(keys)) --# define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \ -+# define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \ - SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,(keylen),(keys)) - --# define SSL_CTX_get_tlsext_status_cb(ssl, cb) \ --SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB,0, (void (**)(void))cb) --# define SSL_CTX_set_tlsext_status_cb(ssl, cb) \ -+# define SSL_CTX_set_tlsext_status_cb(ssl, cb) \ - SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb) - --# define SSL_CTX_get_tlsext_status_arg(ssl, arg) \ --SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg --# define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ -+# define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ - SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg) - --#define SSL_CTX_set_tlsext_status_type(ssl, type) \ -- SSL_CTX_ctrl(ssl, SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE, type, NULL) -- --#define SSL_CTX_get_tlsext_status_type(ssl) \ -- SSL_CTX_ctrl(ssl, SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE, 0, NULL) -+# define SSL_set_tlsext_opaque_prf_input(s, src, len) \ -+SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT, len, src) -+# define SSL_CTX_set_tlsext_opaque_prf_input_callback(ctx, cb) \ -+SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB, (void (*)(void))cb) -+# define SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(ctx, arg) \ -+SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG, 0, arg) - --# define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ -+# define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ - SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) - --# ifndef OPENSSL_NO_HEARTBEATS --# define SSL_DTLSEXT_HB_ENABLED 0x01 --# define SSL_DTLSEXT_HB_DONT_SEND_REQUESTS 0x02 --# define SSL_DTLSEXT_HB_DONT_RECV_REQUESTS 0x04 --# define SSL_get_dtlsext_heartbeat_pending(ssl) \ -- SSL_ctrl((ssl),SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING,0,NULL) --# define SSL_set_dtlsext_heartbeat_no_requests(ssl, arg) \ -- SSL_ctrl((ssl),SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL) -- --# if OPENSSL_API_COMPAT < 0x10100000L --# define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT \ -- SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT --# define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING \ -- SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING --# define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS \ -- SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS --# define SSL_TLSEXT_HB_ENABLED \ -- SSL_DTLSEXT_HB_ENABLED --# define SSL_TLSEXT_HB_DONT_SEND_REQUESTS \ -- SSL_DTLSEXT_HB_DONT_SEND_REQUESTS --# define SSL_TLSEXT_HB_DONT_RECV_REQUESTS \ -- SSL_DTLSEXT_HB_DONT_RECV_REQUESTS -+# ifndef OPENSSL_NO_HEARTBEATS -+# define SSL_TLSEXT_HB_ENABLED 0x01 -+# define SSL_TLSEXT_HB_DONT_SEND_REQUESTS 0x02 -+# define SSL_TLSEXT_HB_DONT_RECV_REQUESTS 0x04 -+ - # define SSL_get_tlsext_heartbeat_pending(ssl) \ -- SSL_get_dtlsext_heartbeat_pending(ssl) -+ SSL_ctrl((ssl),SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING,0,NULL) - # define SSL_set_tlsext_heartbeat_no_requests(ssl, arg) \ -- SSL_set_dtlsext_heartbeat_no_requests(ssl, arg) -+ SSL_ctrl((ssl),SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL) - # endif - # endif - -@@ -346,43 +410,22 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) - # define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C - # define TLS1_CK_PSK_WITH_AES_256_CBC_SHA 0x0300008D - --# define TLS1_CK_DHE_PSK_WITH_RC4_128_SHA 0x0300008E --# define TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008F --# define TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA 0x03000090 --# define TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA 0x03000091 -- --# define TLS1_CK_RSA_PSK_WITH_RC4_128_SHA 0x03000092 --# define TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA 0x03000093 --# define TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA 0x03000094 --# define TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA 0x03000095 -- --/* PSK ciphersuites from 5487 */ --# define TLS1_CK_PSK_WITH_AES_128_GCM_SHA256 0x030000A8 --# define TLS1_CK_PSK_WITH_AES_256_GCM_SHA384 0x030000A9 --# define TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256 0x030000AA --# define TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384 0x030000AB --# define TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256 0x030000AC --# define TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384 0x030000AD -- --# define TLS1_CK_PSK_WITH_AES_128_CBC_SHA256 0x030000AE --# define TLS1_CK_PSK_WITH_AES_256_CBC_SHA384 0x030000AF --# define TLS1_CK_PSK_WITH_NULL_SHA256 0x030000B0 --# define TLS1_CK_PSK_WITH_NULL_SHA384 0x030000B1 -- --# define TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256 0x030000B2 --# define TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384 0x030000B3 --# define TLS1_CK_DHE_PSK_WITH_NULL_SHA256 0x030000B4 --# define TLS1_CK_DHE_PSK_WITH_NULL_SHA384 0x030000B5 -- --# define TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256 0x030000B6 --# define TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384 0x030000B7 --# define TLS1_CK_RSA_PSK_WITH_NULL_SHA256 0x030000B8 --# define TLS1_CK_RSA_PSK_WITH_NULL_SHA384 0x030000B9 -- --/* NULL PSK ciphersuites from RFC4785 */ --# define TLS1_CK_PSK_WITH_NULL_SHA 0x0300002C --# define TLS1_CK_DHE_PSK_WITH_NULL_SHA 0x0300002D --# define TLS1_CK_RSA_PSK_WITH_NULL_SHA 0x0300002E -+/* -+ * Additional TLS ciphersuites from expired Internet Draft -+ * draft-ietf-tls-56-bit-ciphersuites-01.txt (available if -+ * TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see s3_lib.c). We -+ * actually treat them like SSL 3.0 ciphers, which we probably shouldn't. -+ * Note that the first two are actually not in the IDs. -+ */ -+# define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060/* not in -+ * ID */ -+# define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061/* not in -+ * ID */ -+# define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062 -+# define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x03000063 -+# define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA 0x03000064 -+# define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065 -+# define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066 - - /* AES ciphersuites from RFC3268 */ - # define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F -@@ -454,46 +497,10 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) - # define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256 0x030000A6 - # define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384 0x030000A7 - --/* CCM ciphersuites from RFC6655 */ --# define TLS1_CK_RSA_WITH_AES_128_CCM 0x0300C09C --# define TLS1_CK_RSA_WITH_AES_256_CCM 0x0300C09D --# define TLS1_CK_DHE_RSA_WITH_AES_128_CCM 0x0300C09E --# define TLS1_CK_DHE_RSA_WITH_AES_256_CCM 0x0300C09F --# define TLS1_CK_RSA_WITH_AES_128_CCM_8 0x0300C0A0 --# define TLS1_CK_RSA_WITH_AES_256_CCM_8 0x0300C0A1 --# define TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8 0x0300C0A2 --# define TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8 0x0300C0A3 --# define TLS1_CK_PSK_WITH_AES_128_CCM 0x0300C0A4 --# define TLS1_CK_PSK_WITH_AES_256_CCM 0x0300C0A5 --# define TLS1_CK_DHE_PSK_WITH_AES_128_CCM 0x0300C0A6 --# define TLS1_CK_DHE_PSK_WITH_AES_256_CCM 0x0300C0A7 --# define TLS1_CK_PSK_WITH_AES_128_CCM_8 0x0300C0A8 --# define TLS1_CK_PSK_WITH_AES_256_CCM_8 0x0300C0A9 --# define TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8 0x0300C0AA --# define TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8 0x0300C0AB -- --/* CCM ciphersuites from RFC7251 */ --# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM 0x0300C0AC --# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM 0x0300C0AD --# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8 0x0300C0AE --# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8 0x0300C0AF -- --/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ --# define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BA --# define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x030000BB --# define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BC --# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x030000BD --# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BE --# define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256 0x030000BF -- --# define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C0 --# define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 0x030000C1 --# define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C2 --# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 0x030000C3 --# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C4 --# define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256 0x030000C5 -- --/* ECC ciphersuites from RFC4492 */ -+/* -+ * ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in -+ * draft 13 -+ */ - # define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001 - # define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002 - # define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003 -@@ -556,61 +563,20 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) - # define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031 - # define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032 - --/* ECDHE PSK ciphersuites from RFC5489 */ --# define TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA 0x0300C033 --# define TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 0x0300C034 --# define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA 0x0300C035 --# define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA 0x0300C036 -- --# define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0x0300C037 --# define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0x0300C038 -- --/* NULL PSK ciphersuites from RFC4785 */ -- --# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA 0x0300C039 --# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256 0x0300C03A --# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384 0x0300C03B -- --/* Camellia-CBC ciphersuites from RFC6367 */ --# define TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C072 --# define TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C073 --# define TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C074 --# define TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C075 --# define TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C076 --# define TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C077 --# define TLS1_CK_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C078 --# define TLS1_CK_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C079 -- --# define TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C094 --# define TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C095 --# define TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C096 --# define TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C097 --# define TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C098 --# define TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C099 --# define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C09A --# define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C09B -- --/* draft-ietf-tls-chacha20-poly1305-03 */ --# define TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305 0x0300CCA8 --# define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 0x0300CCA9 --# define TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305 0x0300CCAA --# define TLS1_CK_PSK_WITH_CHACHA20_POLY1305 0x0300CCAB --# define TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305 0x0300CCAC --# define TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305 0x0300CCAD --# define TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305 0x0300CCAE -- - /* -- * XXX Backward compatibility alert: Older versions of OpenSSL gave some DHE -- * ciphers names with "EDH" instead of "DHE". Going forward, we should be -- * using DHE everywhere, though we may indefinitely maintain aliases for -- * users or configurations that used "EDH" -+ * XXX * Backward compatibility alert: + * Older versions of OpenSSL gave -+ * some DHE ciphers names with "EDH" + * instead of "DHE". Going forward, we -+ * should be using DHE + * everywhere, though we may indefinitely maintain -+ * aliases for users + * or configurations that used "EDH" + - */ -+# define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5" -+# define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5" -+# define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DES-CBC-SHA" -+# define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DHE-DSS-DES-CBC-SHA" -+# define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA "EXP1024-RC4-SHA" -+# define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA" - # define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA" - --# define TLS1_TXT_PSK_WITH_NULL_SHA "PSK-NULL-SHA" --# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA "DHE-PSK-NULL-SHA" --# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA "RSA-PSK-NULL-SHA" -- - /* AES ciphersuites from RFC3268 */ - # define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA" - # define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA" -@@ -663,38 +629,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) - # define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA" - # define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA" - --# define TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA "DHE-PSK-RC4-SHA" --# define TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA "DHE-PSK-3DES-EDE-CBC-SHA" --# define TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA "DHE-PSK-AES128-CBC-SHA" --# define TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA "DHE-PSK-AES256-CBC-SHA" --# define TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA "RSA-PSK-RC4-SHA" --# define TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA "RSA-PSK-3DES-EDE-CBC-SHA" --# define TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA "RSA-PSK-AES128-CBC-SHA" --# define TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA "RSA-PSK-AES256-CBC-SHA" -- --/* PSK ciphersuites from RFC 5487 */ --# define TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256 "PSK-AES128-GCM-SHA256" --# define TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384 "PSK-AES256-GCM-SHA384" --# define TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256 "DHE-PSK-AES128-GCM-SHA256" --# define TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384 "DHE-PSK-AES256-GCM-SHA384" --# define TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256 "RSA-PSK-AES128-GCM-SHA256" --# define TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384 "RSA-PSK-AES256-GCM-SHA384" -- --# define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256 "PSK-AES128-CBC-SHA256" --# define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384 "PSK-AES256-CBC-SHA384" --# define TLS1_TXT_PSK_WITH_NULL_SHA256 "PSK-NULL-SHA256" --# define TLS1_TXT_PSK_WITH_NULL_SHA384 "PSK-NULL-SHA384" -- --# define TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256 "DHE-PSK-AES128-CBC-SHA256" --# define TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384 "DHE-PSK-AES256-CBC-SHA384" --# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA256 "DHE-PSK-NULL-SHA256" --# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA384 "DHE-PSK-NULL-SHA384" -- --# define TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256 "RSA-PSK-AES128-CBC-SHA256" --# define TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384 "RSA-PSK-AES256-CBC-SHA384" --# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA256 "RSA-PSK-NULL-SHA256" --# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA384 "RSA-PSK-NULL-SHA384" -- - /* SRP ciphersuite from RFC 5054 */ - # define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA "SRP-3DES-EDE-CBC-SHA" - # define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "SRP-RSA-3DES-EDE-CBC-SHA" -@@ -721,30 +655,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) - # define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA" - # define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA" - --/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ --# define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256 "CAMELLIA128-SHA256" --# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 "DH-DSS-CAMELLIA128-SHA256" --# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 "DH-RSA-CAMELLIA128-SHA256" --# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 "DHE-DSS-CAMELLIA128-SHA256" --# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "DHE-RSA-CAMELLIA128-SHA256" --# define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256 "ADH-CAMELLIA128-SHA256" -- --# define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256 "CAMELLIA256-SHA256" --# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 "DH-DSS-CAMELLIA256-SHA256" --# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 "DH-RSA-CAMELLIA256-SHA256" --# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 "DHE-DSS-CAMELLIA256-SHA256" --# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 "DHE-RSA-CAMELLIA256-SHA256" --# define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256 "ADH-CAMELLIA256-SHA256" -- --# define TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256 "PSK-CAMELLIA128-SHA256" --# define TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384 "PSK-CAMELLIA256-SHA384" --# define TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "DHE-PSK-CAMELLIA128-SHA256" --# define TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "DHE-PSK-CAMELLIA256-SHA384" --# define TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 "RSA-PSK-CAMELLIA128-SHA256" --# define TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 "RSA-PSK-CAMELLIA256-SHA384" --# define TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-PSK-CAMELLIA128-SHA256" --# define TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-PSK-CAMELLIA256-SHA384" -- - /* SEED ciphersuites from RFC4162 */ - # define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA" - # define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA" -@@ -782,35 +692,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) - # define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256 "ADH-AES128-GCM-SHA256" - # define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 "ADH-AES256-GCM-SHA384" - --/* CCM ciphersuites from RFC6655 */ -- --# define TLS1_TXT_RSA_WITH_AES_128_CCM "AES128-CCM" --# define TLS1_TXT_RSA_WITH_AES_256_CCM "AES256-CCM" --# define TLS1_TXT_DHE_RSA_WITH_AES_128_CCM "DHE-RSA-AES128-CCM" --# define TLS1_TXT_DHE_RSA_WITH_AES_256_CCM "DHE-RSA-AES256-CCM" -- --# define TLS1_TXT_RSA_WITH_AES_128_CCM_8 "AES128-CCM8" --# define TLS1_TXT_RSA_WITH_AES_256_CCM_8 "AES256-CCM8" --# define TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8 "DHE-RSA-AES128-CCM8" --# define TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8 "DHE-RSA-AES256-CCM8" -- --# define TLS1_TXT_PSK_WITH_AES_128_CCM "PSK-AES128-CCM" --# define TLS1_TXT_PSK_WITH_AES_256_CCM "PSK-AES256-CCM" --# define TLS1_TXT_DHE_PSK_WITH_AES_128_CCM "DHE-PSK-AES128-CCM" --# define TLS1_TXT_DHE_PSK_WITH_AES_256_CCM "DHE-PSK-AES256-CCM" -- --# define TLS1_TXT_PSK_WITH_AES_128_CCM_8 "PSK-AES128-CCM8" --# define TLS1_TXT_PSK_WITH_AES_256_CCM_8 "PSK-AES256-CCM8" --# define TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8 "DHE-PSK-AES128-CCM8" --# define TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8 "DHE-PSK-AES256-CCM8" -- --/* CCM ciphersuites from RFC7251 */ -- --# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM "ECDHE-ECDSA-AES128-CCM" --# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM "ECDHE-ECDSA-AES256-CCM" --# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8 "ECDHE-ECDSA-AES128-CCM8" --# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8 "ECDHE-ECDSA-AES256-CCM8" -- - /* ECDH HMAC based ciphersuites from RFC5289 */ - - # define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 "ECDHE-ECDSA-AES128-SHA256" -@@ -832,42 +713,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) - # define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256" - # define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384" - --/* TLS v1.2 PSK GCM ciphersuites from RFC5487 */ --# define TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256 "PSK-AES128-GCM-SHA256" --# define TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384 "PSK-AES256-GCM-SHA384" -- --/* ECDHE PSK ciphersuites from RFC 5489 */ --# define TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA "ECDHE-PSK-RC4-SHA" --# define TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA "ECDHE-PSK-3DES-EDE-CBC-SHA" --# define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA "ECDHE-PSK-AES128-CBC-SHA" --# define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA "ECDHE-PSK-AES256-CBC-SHA" -- --# define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256 "ECDHE-PSK-AES128-CBC-SHA256" --# define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384 "ECDHE-PSK-AES256-CBC-SHA384" -- --# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA "ECDHE-PSK-NULL-SHA" --# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256 "ECDHE-PSK-NULL-SHA256" --# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384 "ECDHE-PSK-NULL-SHA384" -- --/* Camellia-CBC ciphersuites from RFC6367 */ --# define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-ECDSA-CAMELLIA128-SHA256" --# define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-ECDSA-CAMELLIA256-SHA384" --# define TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDH-ECDSA-CAMELLIA128-SHA256" --# define TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDH-ECDSA-CAMELLIA256-SHA384" --# define TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-RSA-CAMELLIA128-SHA256" --# define TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-RSA-CAMELLIA256-SHA384" --# define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDH-RSA-CAMELLIA128-SHA256" --# define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDH-RSA-CAMELLIA256-SHA384" -- --/* draft-ietf-tls-chacha20-poly1305-03 */ --# define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305 "ECDHE-RSA-CHACHA20-POLY1305" --# define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "ECDHE-ECDSA-CHACHA20-POLY1305" --# define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305 "DHE-RSA-CHACHA20-POLY1305" --# define TLS1_TXT_PSK_WITH_CHACHA20_POLY1305 "PSK-CHACHA20-POLY1305" --# define TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305 "ECDHE-PSK-CHACHA20-POLY1305" --# define TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305 "DHE-PSK-CHACHA20-POLY1305" --# define TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305 "RSA-PSK-CHACHA20-POLY1305" -- - # define TLS_CT_RSA_SIGN 1 - # define TLS_CT_DSS_SIGN 2 - # define TLS_CT_RSA_FIXED_DH 3 -@@ -875,10 +720,8 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) - # define TLS_CT_ECDSA_SIGN 64 - # define TLS_CT_RSA_FIXED_ECDH 65 - # define TLS_CT_ECDSA_FIXED_ECDH 66 -+# define TLS_CT_GOST94_SIGN 21 - # define TLS_CT_GOST01_SIGN 22 --# define TLS_CT_GOST12_SIGN 238 --# define TLS_CT_GOST12_512_SIGN 239 -- - /* - * when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see - * comment there) -@@ -887,11 +730,13 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) - - # define TLS1_FINISH_MAC_LENGTH 12 - --# define TLS_MD_MAX_CONST_SIZE 22 -+# define TLS_MD_MAX_CONST_SIZE 20 - # define TLS_MD_CLIENT_FINISH_CONST "client finished" - # define TLS_MD_CLIENT_FINISH_CONST_SIZE 15 - # define TLS_MD_SERVER_FINISH_CONST "server finished" - # define TLS_MD_SERVER_FINISH_CONST_SIZE 15 -+# define TLS_MD_SERVER_WRITE_KEY_CONST "server write key" -+# define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16 - # define TLS_MD_KEY_EXPANSION_CONST "key expansion" - # define TLS_MD_KEY_EXPANSION_CONST_SIZE 13 - # define TLS_MD_CLIENT_WRITE_KEY_CONST "client write key" -@@ -902,8 +747,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) - # define TLS_MD_IV_BLOCK_CONST_SIZE 8 - # define TLS_MD_MASTER_SECRET_CONST "master secret" - # define TLS_MD_MASTER_SECRET_CONST_SIZE 13 --# define TLS_MD_EXTENDED_MASTER_SECRET_CONST "extended master secret" --# define TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE 22 - - # ifdef CHARSET_EBCDIC - # undef TLS_MD_CLIENT_FINISH_CONST -@@ -953,11 +796,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) - * master secret - */ - # define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" --# undef TLS_MD_EXTENDED_MASTER_SECRET_CONST --/* -- * extended master secret -- */ --# define TLS_MD_EXTENDED_MASTER_SECRET_CONST "\x65\x78\x74\x65\x63\x64\x65\x64\x20\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" - # endif - - /* TLS Session Ticket extension struct */ -diff --git a/Cryptlib/Include/openssl/ts.h b/Cryptlib/Include/openssl/ts.h -index a565982..5205bc5 100644 ---- a/Cryptlib/Include/openssl/ts.h -+++ b/Cryptlib/Include/openssl/ts.h -@@ -1,41 +1,197 @@ -+/* crypto/ts/ts.h */ - /* -- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL project -+ * 2002, 2003, 2004. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #ifndef HEADER_TS_H - # define HEADER_TS_H - - # include -- --# ifndef OPENSSL_NO_TS - # include --# include --# include --# include -+# ifndef OPENSSL_NO_BUFFER -+# include -+# endif -+# ifndef OPENSSL_NO_EVP -+# include -+# endif -+# ifndef OPENSSL_NO_BIO -+# include -+# endif - # include - # include - # include --# include --# include --# include --# ifdef __cplusplus -+ -+# ifndef OPENSSL_NO_RSA -+# include -+# endif -+ -+# ifndef OPENSSL_NO_DSA -+# include -+# endif -+ -+# ifndef OPENSSL_NO_DH -+# include -+# endif -+ -+#ifdef __cplusplus - extern "C" { -+#endif -+ -+# ifdef WIN32 -+/* Under Win32 this is defined in wincrypt.h */ -+# undef X509_NAME - # endif - - # include - # include - --typedef struct TS_msg_imprint_st TS_MSG_IMPRINT; --typedef struct TS_req_st TS_REQ; --typedef struct TS_accuracy_st TS_ACCURACY; --typedef struct TS_tst_info_st TS_TST_INFO; -+/*- -+MessageImprint ::= SEQUENCE { -+ hashAlgorithm AlgorithmIdentifier, -+ hashedMessage OCTET STRING } -+*/ -+ -+typedef struct TS_msg_imprint_st { -+ X509_ALGOR *hash_algo; -+ ASN1_OCTET_STRING *hashed_msg; -+} TS_MSG_IMPRINT; -+ -+/*- -+TimeStampReq ::= SEQUENCE { -+ version INTEGER { v1(1) }, -+ messageImprint MessageImprint, -+ --a hash algorithm OID and the hash value of the data to be -+ --time-stamped -+ reqPolicy TSAPolicyId OPTIONAL, -+ nonce INTEGER OPTIONAL, -+ certReq BOOLEAN DEFAULT FALSE, -+ extensions [0] IMPLICIT Extensions OPTIONAL } -+*/ -+ -+typedef struct TS_req_st { -+ ASN1_INTEGER *version; -+ TS_MSG_IMPRINT *msg_imprint; -+ ASN1_OBJECT *policy_id; /* OPTIONAL */ -+ ASN1_INTEGER *nonce; /* OPTIONAL */ -+ ASN1_BOOLEAN cert_req; /* DEFAULT FALSE */ -+ STACK_OF(X509_EXTENSION) *extensions; /* [0] OPTIONAL */ -+} TS_REQ; -+ -+/*- -+Accuracy ::= SEQUENCE { -+ seconds INTEGER OPTIONAL, -+ millis [0] INTEGER (1..999) OPTIONAL, -+ micros [1] INTEGER (1..999) OPTIONAL } -+*/ -+ -+typedef struct TS_accuracy_st { -+ ASN1_INTEGER *seconds; -+ ASN1_INTEGER *millis; -+ ASN1_INTEGER *micros; -+} TS_ACCURACY; -+ -+/*- -+TSTInfo ::= SEQUENCE { -+ version INTEGER { v1(1) }, -+ policy TSAPolicyId, -+ messageImprint MessageImprint, -+ -- MUST have the same value as the similar field in -+ -- TimeStampReq -+ serialNumber INTEGER, -+ -- Time-Stamping users MUST be ready to accommodate integers -+ -- up to 160 bits. -+ genTime GeneralizedTime, -+ accuracy Accuracy OPTIONAL, -+ ordering BOOLEAN DEFAULT FALSE, -+ nonce INTEGER OPTIONAL, -+ -- MUST be present if the similar field was present -+ -- in TimeStampReq. In that case it MUST have the same value. -+ tsa [0] GeneralName OPTIONAL, -+ extensions [1] IMPLICIT Extensions OPTIONAL } -+*/ -+ -+typedef struct TS_tst_info_st { -+ ASN1_INTEGER *version; -+ ASN1_OBJECT *policy_id; -+ TS_MSG_IMPRINT *msg_imprint; -+ ASN1_INTEGER *serial; -+ ASN1_GENERALIZEDTIME *time; -+ TS_ACCURACY *accuracy; -+ ASN1_BOOLEAN ordering; -+ ASN1_INTEGER *nonce; -+ GENERAL_NAME *tsa; -+ STACK_OF(X509_EXTENSION) *extensions; -+} TS_TST_INFO; -+ -+/*- -+PKIStatusInfo ::= SEQUENCE { -+ status PKIStatus, -+ statusString PKIFreeText OPTIONAL, -+ failInfo PKIFailureInfo OPTIONAL } -+ -+From RFC 1510 - section 3.1.1: -+PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String -+ -- text encoded as UTF-8 String (note: each UTF8String SHOULD -+ -- include an RFC 1766 language tag to indicate the language -+ -- of the contained text) -+*/ -+ -+/* Possible values for status. See ts_resp_print.c && ts_resp_verify.c. */ - --/* Possible values for status. */ - # define TS_STATUS_GRANTED 0 - # define TS_STATUS_GRANTED_WITH_MODS 1 - # define TS_STATUS_REJECTION 2 -@@ -43,7 +199,10 @@ typedef struct TS_tst_info_st TS_TST_INFO; - # define TS_STATUS_REVOCATION_WARNING 4 - # define TS_STATUS_REVOCATION_NOTIFICATION 5 - --/* Possible values for failure_info. */ -+/* -+ * Possible values for failure_info. See ts_resp_print.c && ts_resp_verify.c -+ */ -+ - # define TS_INFO_BAD_ALG 0 - # define TS_INFO_BAD_REQUEST 2 - # define TS_INFO_BAD_DATA_FORMAT 5 -@@ -53,15 +212,67 @@ typedef struct TS_tst_info_st TS_TST_INFO; - # define TS_INFO_ADD_INFO_NOT_AVAILABLE 17 - # define TS_INFO_SYSTEM_FAILURE 25 - -+typedef struct TS_status_info_st { -+ ASN1_INTEGER *status; -+ STACK_OF(ASN1_UTF8STRING) *text; -+ ASN1_BIT_STRING *failure_info; -+} TS_STATUS_INFO; -+ -+DECLARE_STACK_OF(ASN1_UTF8STRING) -+DECLARE_ASN1_SET_OF(ASN1_UTF8STRING) -+ -+/*- -+TimeStampResp ::= SEQUENCE { -+ status PKIStatusInfo, -+ timeStampToken TimeStampToken OPTIONAL } -+*/ -+ -+typedef struct TS_resp_st { -+ TS_STATUS_INFO *status_info; -+ PKCS7 *token; -+ TS_TST_INFO *tst_info; -+} TS_RESP; -+ -+/* The structure below would belong to the ESS component. */ -+ -+/*- -+IssuerSerial ::= SEQUENCE { -+ issuer GeneralNames, -+ serialNumber CertificateSerialNumber -+ } -+*/ -+ -+typedef struct ESS_issuer_serial { -+ STACK_OF(GENERAL_NAME) *issuer; -+ ASN1_INTEGER *serial; -+} ESS_ISSUER_SERIAL; - --typedef struct TS_status_info_st TS_STATUS_INFO; --typedef struct ESS_issuer_serial ESS_ISSUER_SERIAL; --typedef struct ESS_cert_id ESS_CERT_ID; --typedef struct ESS_signing_cert ESS_SIGNING_CERT; -+/*- -+ESSCertID ::= SEQUENCE { -+ certHash Hash, -+ issuerSerial IssuerSerial OPTIONAL -+} -+*/ - --DEFINE_STACK_OF(ESS_CERT_ID) -+typedef struct ESS_cert_id { -+ ASN1_OCTET_STRING *hash; /* Always SHA-1 digest. */ -+ ESS_ISSUER_SERIAL *issuer_serial; -+} ESS_CERT_ID; - --typedef struct TS_resp_st TS_RESP; -+DECLARE_STACK_OF(ESS_CERT_ID) -+DECLARE_ASN1_SET_OF(ESS_CERT_ID) -+ -+/*- -+SigningCertificate ::= SEQUENCE { -+ certs SEQUENCE OF ESSCertID, -+ policies SEQUENCE OF PolicyInformation OPTIONAL -+} -+*/ -+ -+typedef struct ESS_signing_cert { -+ STACK_OF(ESS_CERT_ID) *cert_ids; -+ STACK_OF(POLICYINFO) *policy_info; -+} ESS_SIGNING_CERT; - - TS_REQ *TS_REQ_new(void); - void TS_REQ_free(TS_REQ *a); -@@ -70,7 +281,7 @@ TS_REQ *d2i_TS_REQ(TS_REQ **a, const unsigned char **pp, long length); - - TS_REQ *TS_REQ_dup(TS_REQ *a); - --#ifndef OPENSSL_NO_STDIO -+#ifndef OPENSSL_NO_FP_API - TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a); - int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a); - #endif -@@ -85,7 +296,7 @@ TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT(TS_MSG_IMPRINT **a, - - TS_MSG_IMPRINT *TS_MSG_IMPRINT_dup(TS_MSG_IMPRINT *a); - --#ifndef OPENSSL_NO_STDIO -+#ifndef OPENSSL_NO_FP_API - TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a); - int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a); - #endif -@@ -99,7 +310,7 @@ TS_RESP *d2i_TS_RESP(TS_RESP **a, const unsigned char **pp, long length); - TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token); - TS_RESP *TS_RESP_dup(TS_RESP *a); - --#ifndef OPENSSL_NO_STDIO -+#ifndef OPENSSL_NO_FP_API - TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a); - int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a); - #endif -@@ -120,7 +331,7 @@ TS_TST_INFO *d2i_TS_TST_INFO(TS_TST_INFO **a, const unsigned char **pp, - long length); - TS_TST_INFO *TS_TST_INFO_dup(TS_TST_INFO *a); - --#ifndef OPENSSL_NO_STDIO -+#ifndef OPENSSL_NO_FP_API - TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a); - int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a); - #endif -@@ -156,18 +367,11 @@ ESS_SIGNING_CERT *d2i_ESS_SIGNING_CERT(ESS_SIGNING_CERT **a, - const unsigned char **pp, long length); - ESS_SIGNING_CERT *ESS_SIGNING_CERT_dup(ESS_SIGNING_CERT *a); - -+void ERR_load_TS_strings(void); -+ - int TS_REQ_set_version(TS_REQ *a, long version); - long TS_REQ_get_version(const TS_REQ *a); - --int TS_STATUS_INFO_set_status(TS_STATUS_INFO *a, int i); --const ASN1_INTEGER *TS_STATUS_INFO_get0_status(const TS_STATUS_INFO *a); -- --const STACK_OF(ASN1_UTF8STRING) * --TS_STATUS_INFO_get0_text(const TS_STATUS_INFO *a); -- --const ASN1_BIT_STRING * --TS_STATUS_INFO_get0_failure_info(const TS_STATUS_INFO *a); -- - int TS_REQ_set_msg_imprint(TS_REQ *a, TS_MSG_IMPRINT *msg_imprint); - TS_MSG_IMPRINT *TS_REQ_get_msg_imprint(TS_REQ *a); - -@@ -177,7 +381,7 @@ X509_ALGOR *TS_MSG_IMPRINT_get_algo(TS_MSG_IMPRINT *a); - int TS_MSG_IMPRINT_set_msg(TS_MSG_IMPRINT *a, unsigned char *d, int len); - ASN1_OCTET_STRING *TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a); - --int TS_REQ_set_policy_id(TS_REQ *a, const ASN1_OBJECT *policy); -+int TS_REQ_set_policy_id(TS_REQ *a, ASN1_OBJECT *policy); - ASN1_OBJECT *TS_REQ_get_policy_id(TS_REQ *a); - - int TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce); -@@ -190,7 +394,7 @@ STACK_OF(X509_EXTENSION) *TS_REQ_get_exts(TS_REQ *a); - void TS_REQ_ext_free(TS_REQ *a); - int TS_REQ_get_ext_count(TS_REQ *a); - int TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos); --int TS_REQ_get_ext_by_OBJ(TS_REQ *a, const ASN1_OBJECT *obj, int lastpos); -+int TS_REQ_get_ext_by_OBJ(TS_REQ *a, ASN1_OBJECT *obj, int lastpos); - int TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos); - X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc); - X509_EXTENSION *TS_REQ_delete_ext(TS_REQ *a, int loc); -@@ -251,8 +455,7 @@ STACK_OF(X509_EXTENSION) *TS_TST_INFO_get_exts(TS_TST_INFO *a); - void TS_TST_INFO_ext_free(TS_TST_INFO *a); - int TS_TST_INFO_get_ext_count(TS_TST_INFO *a); - int TS_TST_INFO_get_ext_by_NID(TS_TST_INFO *a, int nid, int lastpos); --int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, const ASN1_OBJECT *obj, -- int lastpos); -+int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, ASN1_OBJECT *obj, int lastpos); - int TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos); - X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc); - X509_EXTENSION *TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc); -@@ -300,9 +503,34 @@ typedef int (*TS_time_cb) (struct TS_resp_ctx *, void *, long *sec, - typedef int (*TS_extension_cb) (struct TS_resp_ctx *, X509_EXTENSION *, - void *); - --typedef struct TS_resp_ctx TS_RESP_CTX; -- --DEFINE_STACK_OF_CONST(EVP_MD) -+typedef struct TS_resp_ctx { -+ X509 *signer_cert; -+ EVP_PKEY *signer_key; -+ STACK_OF(X509) *certs; /* Certs to include in signed data. */ -+ STACK_OF(ASN1_OBJECT) *policies; /* Acceptable policies. */ -+ ASN1_OBJECT *default_policy; /* It may appear in policies, too. */ -+ STACK_OF(EVP_MD) *mds; /* Acceptable message digests. */ -+ ASN1_INTEGER *seconds; /* accuracy, 0 means not specified. */ -+ ASN1_INTEGER *millis; /* accuracy, 0 means not specified. */ -+ ASN1_INTEGER *micros; /* accuracy, 0 means not specified. */ -+ unsigned clock_precision_digits; /* fraction of seconds in time stamp -+ * token. */ -+ unsigned flags; /* Optional info, see values above. */ -+ /* Callback functions. */ -+ TS_serial_cb serial_cb; -+ void *serial_cb_data; /* User data for serial_cb. */ -+ TS_time_cb time_cb; -+ void *time_cb_data; /* User data for time_cb. */ -+ TS_extension_cb extension_cb; -+ void *extension_cb_data; /* User data for extension_cb. */ -+ /* These members are used only while creating the response. */ -+ TS_REQ *request; -+ TS_RESP *response; -+ TS_TST_INFO *tst_info; -+} TS_RESP_CTX; -+ -+DECLARE_STACK_OF(EVP_MD) -+DECLARE_ASN1_SET_OF(EVP_MD) - - /* Creates a response context that can be used for generating responses. */ - TS_RESP_CTX *TS_RESP_CTX_new(void); -@@ -314,11 +542,8 @@ int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer); - /* This parameter must be set. */ - int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key); - --int TS_RESP_CTX_set_signer_digest(TS_RESP_CTX *ctx, -- const EVP_MD *signer_digest); -- - /* This parameter must be set. */ --int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *def_policy); -+int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy); - - /* No additional certs are included in the response by default. */ - int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs); -@@ -327,7 +552,7 @@ int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs); - * Adds a new acceptable policy, only the default policy is accepted by - * default. - */ --int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *policy); -+int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *policy); - - /* - * Adds a new acceptable message digest. Note that no message digests are -@@ -440,25 +665,42 @@ int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs, - | TS_VFY_SIGNER \ - | TS_VFY_TSA_NAME) - --typedef struct TS_verify_ctx TS_VERIFY_CTX; -+typedef struct TS_verify_ctx { -+ /* Set this to the union of TS_VFY_... flags you want to carry out. */ -+ unsigned flags; -+ /* Must be set only with TS_VFY_SIGNATURE. certs is optional. */ -+ X509_STORE *store; -+ STACK_OF(X509) *certs; -+ /* Must be set only with TS_VFY_POLICY. */ -+ ASN1_OBJECT *policy; -+ /* -+ * Must be set only with TS_VFY_IMPRINT. If md_alg is NULL, the -+ * algorithm from the response is used. -+ */ -+ X509_ALGOR *md_alg; -+ unsigned char *imprint; -+ unsigned imprint_len; -+ /* Must be set only with TS_VFY_DATA. */ -+ BIO *data; -+ /* Must be set only with TS_VFY_TSA_NAME. */ -+ ASN1_INTEGER *nonce; -+ /* Must be set only with TS_VFY_TSA_NAME. */ -+ GENERAL_NAME *tsa_name; -+} TS_VERIFY_CTX; - - int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response); - int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token); - - /* - * Declarations related to response verification context, -+ * they are defined in ts/ts_verify_ctx.c. - */ -+ -+/* Set all fields to zero. */ - TS_VERIFY_CTX *TS_VERIFY_CTX_new(void); - void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx); - void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx); - void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx); --int TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int f); --int TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int f); --BIO *TS_VERIFY_CTX_set_data(TS_VERIFY_CTX *ctx, BIO *b); --unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx, -- unsigned char *hexstr, long len); --X509_STORE *TS_VERIFY_CTX_set_store(TS_VERIFY_CTX *ctx, X509_STORE *s); --STACK_OF(X509) *TS_VERIFY_CTS_set_certs(TS_VERIFY_CTX *ctx, STACK_OF(X509) *certs); - - /*- - * If ctx is NULL, it allocates and returns a new object, otherwise -@@ -497,17 +739,18 @@ int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *msg); - * ts/ts_conf.c - */ - -+#ifndef OPENSSL_NO_STDIO - X509 *TS_CONF_load_cert(const char *file); - STACK_OF(X509) *TS_CONF_load_certs(const char *file); - EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass); -+#endif - const char *TS_CONF_get_tsa_section(CONF *conf, const char *section); - int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb, - TS_RESP_CTX *ctx); --#ifndef OPENSSL_NO_ENGINE - int TS_CONF_set_crypto_device(CONF *conf, const char *section, - const char *device); - int TS_CONF_set_default_engine(const char *name); --#endif -+#ifndef OPENSSL_NO_STDIO - int TS_CONF_set_signer_cert(CONF *conf, const char *section, - const char *cert, TS_RESP_CTX *ctx); - int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs, -@@ -515,8 +758,7 @@ int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs, - int TS_CONF_set_signer_key(CONF *conf, const char *section, - const char *key, const char *pass, - TS_RESP_CTX *ctx); --int TS_CONF_set_signer_digest(CONF *conf, const char *section, -- const char *md, TS_RESP_CTX *ctx); -+#endif - int TS_CONF_set_def_policy(CONF *conf, const char *section, - const char *policy, TS_RESP_CTX *ctx); - int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx); -@@ -535,12 +777,12 @@ int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section, - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -- --int ERR_load_TS_strings(void); -+void ERR_load_TS_strings(void); - - /* Error codes for the TS functions. */ - - /* Function codes. */ -+# define TS_F_D2I_TS_RESP 147 - # define TS_F_DEF_SERIAL_CB 110 - # define TS_F_DEF_TIME_CB 111 - # define TS_F_ESS_ADD_SIGNING_CERT 112 -@@ -585,6 +827,7 @@ int ERR_load_TS_strings(void); - # define TS_F_TS_RESP_SET_TST_INFO 150 - # define TS_F_TS_RESP_SIGN 136 - # define TS_F_TS_RESP_VERIFY_SIGNATURE 106 -+# define TS_F_TS_RESP_VERIFY_TOKEN 107 - # define TS_F_TS_TST_INFO_SET_ACCURACY 137 - # define TS_F_TS_TST_INFO_SET_MSG_IMPRINT 138 - # define TS_F_TS_TST_INFO_SET_NONCE 139 -@@ -604,6 +847,7 @@ int ERR_load_TS_strings(void); - # define TS_R_CERTIFICATE_VERIFY_ERROR 100 - # define TS_R_COULD_NOT_SET_ENGINE 127 - # define TS_R_COULD_NOT_SET_TIME 115 -+# define TS_R_D2I_TS_RESP_INT_FAILED 128 - # define TS_R_DETACHED_CONTENT 134 - # define TS_R_ESS_ADD_SIGNING_CERT_ERROR 116 - # define TS_R_ESS_SIGNING_CERTIFICATE_ERROR 101 -@@ -636,8 +880,7 @@ int ERR_load_TS_strings(void); - # define TS_R_VAR_LOOKUP_FAILURE 136 - # define TS_R_WRONG_CONTENT_TYPE 114 - --# ifdef __cplusplus -+#ifdef __cplusplus - } --# endif --# endif -+#endif - #endif -diff --git a/Cryptlib/Include/openssl/txt_db.h b/Cryptlib/Include/openssl/txt_db.h -index 0e6c943..98e23a2 100644 ---- a/Cryptlib/Include/openssl/txt_db.h -+++ b/Cryptlib/Include/openssl/txt_db.h -@@ -1,17 +1,68 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/txt_db/txt_db.h */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #ifndef HEADER_TXT_DB_H - # define HEADER_TXT_DB_H - - # include --# include -+# ifndef OPENSSL_NO_BIO -+# include -+# endif - # include - # include - -@@ -21,14 +72,13 @@ - # define DB_ERROR_INDEX_OUT_OF_RANGE 3 - # define DB_ERROR_NO_INDEX 4 - # define DB_ERROR_INSERT_INDEX_CLASH 5 --# define DB_ERROR_WRONG_NUM_FIELDS 6 - - #ifdef __cplusplus - extern "C" { - #endif - - typedef OPENSSL_STRING *OPENSSL_PSTRING; --DEFINE_SPECIAL_STACK_OF(OPENSSL_PSTRING, OPENSSL_STRING) -+DECLARE_SPECIAL_STACK_OF(OPENSSL_PSTRING, OPENSSL_STRING) - - typedef struct txt_db_st { - int num_fields; -@@ -41,10 +91,15 @@ typedef struct txt_db_st { - OPENSSL_STRING *arg_row; - } TXT_DB; - -+# ifndef OPENSSL_NO_BIO - TXT_DB *TXT_DB_read(BIO *in, int num); - long TXT_DB_write(BIO *out, TXT_DB *db); -+# else -+TXT_DB *TXT_DB_read(char *in, int num); -+long TXT_DB_write(char *out, TXT_DB *db); -+# endif - int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *), -- OPENSSL_LH_HASHFUNC hash, OPENSSL_LH_COMPFUNC cmp); -+ LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp); - void TXT_DB_free(TXT_DB *db); - OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx, - OPENSSL_STRING *value); -diff --git a/Cryptlib/Include/openssl/ui.h b/Cryptlib/Include/openssl/ui.h -index 49e763d..0dc1633 100644 ---- a/Cryptlib/Include/openssl/ui.h -+++ b/Cryptlib/Include/openssl/ui.h -@@ -1,29 +1,79 @@ -+/* crypto/ui/ui.h */ - /* -- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project -+ * 2001. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #ifndef HEADER_UI_H - # define HEADER_UI_H - --# include -- --# ifndef OPENSSL_NO_UI -- --# if OPENSSL_API_COMPAT < 0x10100000L --# include --# endif --# include --# include -+# ifndef OPENSSL_NO_DEPRECATED -+# include -+# endif -+# include -+# include - - #ifdef __cplusplus - extern "C" { - #endif - -+/* Declared already in ossl_typ.h */ -+/* typedef struct ui_st UI; */ -+/* typedef struct ui_method_st UI_METHOD; */ -+ - /* - * All the following functions return -1 or NULL on error and in some cases - * (UI_process()) -2 if interrupted or in some other way cancelled. When -@@ -78,7 +128,7 @@ void UI_free(UI *ui); - added, so the result is *not* a string. - - On success, the all return an index of the added information. That index -- is useful when retrieving results with UI_get0_result(). */ -+ is usefull when retrieving results with UI_get0_result(). */ - int UI_add_input_string(UI *ui, const char *prompt, int flags, - char *result_buf, int minsize, int maxsize); - int UI_dup_input_string(UI *ui, const char *prompt, int flags, -@@ -110,7 +160,7 @@ int UI_dup_error_string(UI *ui, const char *text); - * each UI being marked with this flag, or the application might get - * confused. - */ --# define UI_INPUT_FLAG_DEFAULT_PWD 0x02 -+# define UI_INPUT_FLAG_DEFAULT_PWD 0x02 - - /*- - * The user of these routines may want to define flags of their own. The core -@@ -122,7 +172,7 @@ int UI_dup_error_string(UI *ui, const char *text); - * #define MY_UI_FLAG1 (0x01 << UI_INPUT_FLAG_USER_BASE) - * - */ --# define UI_INPUT_FLAG_USER_BASE 16 -+# define UI_INPUT_FLAG_USER_BASE 16 - - /*- - * The following function helps construct a prompt. object_desc is a -@@ -179,7 +229,7 @@ int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void)); - * OpenSSL error stack before printing any info or added error messages and - * before any prompting. - */ --# define UI_CTRL_PRINT_ERRORS 1 -+# define UI_CTRL_PRINT_ERRORS 1 - /* - * Check if a UI_process() is possible to do again with the same instance of - * a user interface. This makes UI_ctrl() return 1 if it is redoable, and 0 -@@ -190,9 +240,8 @@ int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void)); - /* Some methods may use extra data */ - # define UI_set_app_data(s,arg) UI_set_ex_data(s,0,arg) - # define UI_get_app_data(s) UI_get_ex_data(s,0) -- --#define UI_get_ex_new_index(l, p, newf, dupf, freef) \ -- CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI, l, p, newf, dupf, freef) -+int UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, -+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); - int UI_set_ex_data(UI *r, int idx, void *arg); - void *UI_get_ex_data(UI *r, int idx); - -@@ -220,7 +269,7 @@ UI_METHOD *UI_OpenSSL(void); - display a dialog box after it has been built. - a reader This function is called to read a given prompt, - maybe from the tty, maybe from a field in a -- window. Note that it's called with all string -+ window. Note that it's called wth all string - structures, not only the prompt ones, so it must - check such things itself. - a closer This function closes the session, maybe by closing -@@ -253,7 +302,7 @@ UI_METHOD *UI_OpenSSL(void); - * about a string or a prompt, including test data for a verification prompt. - */ - typedef struct ui_string_st UI_STRING; --DEFINE_STACK_OF(UI_STRING) -+DECLARE_STACK_OF(UI_STRING) - - /* - * The different types of strings that are currently supported. This is only -@@ -269,7 +318,7 @@ enum UI_string_types { - }; - - /* Create and manipulate methods */ --UI_METHOD *UI_create_method(const char *name); -+UI_METHOD *UI_create_method(char *name); - void UI_destroy_method(UI_METHOD *ui_method); - int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui)); - int UI_method_set_writer(UI_METHOD *method, -@@ -305,7 +354,7 @@ int UI_get_input_flags(UI_STRING *uis); - /* Return the actual string to output (the prompt, info or error) */ - const char *UI_get0_output_string(UI_STRING *uis); - /* -- * Return the optional action string to output (the boolean prompt -+ * Return the optional action string to output (the boolean promtp - * instruction) - */ - const char *UI_get0_action_string(UI_STRING *uis); -@@ -333,19 +382,14 @@ int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt, - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -- --int ERR_load_UI_strings(void); -+void ERR_load_UI_strings(void); - - /* Error codes for the UI functions. */ - - /* Function codes. */ --# define UI_F_CLOSE_CONSOLE 115 --# define UI_F_ECHO_CONSOLE 116 - # define UI_F_GENERAL_ALLOCATE_BOOLEAN 108 - # define UI_F_GENERAL_ALLOCATE_PROMPT 109 --# define UI_F_NOECHO_CONSOLE 117 --# define UI_F_OPEN_CONSOLE 114 --# define UI_F_UI_CREATE_METHOD 112 -+# define UI_F_GENERAL_ALLOCATE_STRING 100 - # define UI_F_UI_CTRL 111 - # define UI_F_UI_DUP_ERROR_STRING 101 - # define UI_F_UI_DUP_INFO_STRING 102 -@@ -354,7 +398,6 @@ int ERR_load_UI_strings(void); - # define UI_F_UI_DUP_VERIFY_STRING 106 - # define UI_F_UI_GET0_RESULT 107 - # define UI_F_UI_NEW_METHOD 104 --# define UI_F_UI_PROCESS 113 - # define UI_F_UI_SET_RESULT 105 - - /* Reason codes. */ -@@ -362,17 +405,11 @@ int ERR_load_UI_strings(void); - # define UI_R_INDEX_TOO_LARGE 102 - # define UI_R_INDEX_TOO_SMALL 103 - # define UI_R_NO_RESULT_BUFFER 105 --# define UI_R_PROCESSING_ERROR 107 - # define UI_R_RESULT_TOO_LARGE 100 - # define UI_R_RESULT_TOO_SMALL 101 --# define UI_R_SYSASSIGN_ERROR 109 --# define UI_R_SYSDASSGN_ERROR 110 --# define UI_R_SYSQIOW_ERROR 111 - # define UI_R_UNKNOWN_CONTROL_COMMAND 106 --# define UI_R_UNKNOWN_TTYGET_ERRNO_VALUE 108 - --# ifdef __cplusplus -+#ifdef __cplusplus - } --# endif --# endif -+#endif - #endif -diff --git a/Cryptlib/Include/openssl/ui_compat.h b/Cryptlib/Include/openssl/ui_compat.h -new file mode 100644 -index 0000000..bf54154 ---- /dev/null -+++ b/Cryptlib/Include/openssl/ui_compat.h -@@ -0,0 +1,88 @@ -+/* crypto/ui/ui.h */ -+/* -+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project -+ * 2001. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+#ifndef HEADER_UI_COMPAT_H -+# define HEADER_UI_COMPAT_H -+ -+# include -+# include -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+/* -+ * The following functions were previously part of the DES section, and are -+ * provided here for backward compatibility reasons. -+ */ -+ -+# define des_read_pw_string(b,l,p,v) \ -+ _ossl_old_des_read_pw_string((b),(l),(p),(v)) -+# define des_read_pw(b,bf,s,p,v) \ -+ _ossl_old_des_read_pw((b),(bf),(s),(p),(v)) -+ -+int _ossl_old_des_read_pw_string(char *buf, int length, const char *prompt, -+ int verify); -+int _ossl_old_des_read_pw(char *buf, char *buff, int size, const char *prompt, -+ int verify); -+ -+#ifdef __cplusplus -+} -+#endif -+#endif -diff --git a/Cryptlib/Include/openssl/whrlpool.h b/Cryptlib/Include/openssl/whrlpool.h -index 20ea350..73c749d 100644 ---- a/Cryptlib/Include/openssl/whrlpool.h -+++ b/Cryptlib/Include/openssl/whrlpool.h -@@ -1,23 +1,12 @@ --/* -- * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- - #ifndef HEADER_WHRLPOOL_H - # define HEADER_WHRLPOOL_H - --#include -- --# ifndef OPENSSL_NO_WHIRLPOOL - # include - # include --# ifdef __cplusplus -+ -+#ifdef __cplusplus - extern "C" { --# endif -+#endif - - # define WHIRLPOOL_DIGEST_LENGTH (512/8) - # define WHIRLPOOL_BBLOCK 512 -@@ -34,15 +23,19 @@ typedef struct { - size_t bitlen[WHIRLPOOL_COUNTER / sizeof(size_t)]; - } WHIRLPOOL_CTX; - -+# ifndef OPENSSL_NO_WHIRLPOOL -+# ifdef OPENSSL_FIPS -+int private_WHIRLPOOL_Init(WHIRLPOOL_CTX *c); -+# endif - int WHIRLPOOL_Init(WHIRLPOOL_CTX *c); - int WHIRLPOOL_Update(WHIRLPOOL_CTX *c, const void *inp, size_t bytes); - void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *inp, size_t bits); - int WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c); - unsigned char *WHIRLPOOL(const void *inp, size_t bytes, unsigned char *md); -+# endif - --# ifdef __cplusplus -+#ifdef __cplusplus - } --# endif --# endif -+#endif - - #endif -diff --git a/Cryptlib/Include/openssl/x509.h b/Cryptlib/Include/openssl/x509.h -index c8996f3..6fa28eb 100644 ---- a/Cryptlib/Include/openssl/x509.h -+++ b/Cryptlib/Include/openssl/x509.h -@@ -1,12 +1,60 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/x509/x509.h */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ -- - /* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECDH support in OpenSSL originally developed by -@@ -17,28 +65,60 @@ - # define HEADER_X509_H - - # include --# include - # include --# include --# include --# include -+# ifndef OPENSSL_NO_BUFFER -+# include -+# endif -+# ifndef OPENSSL_NO_EVP -+# include -+# endif -+# ifndef OPENSSL_NO_BIO -+# include -+# endif - # include - # include - # include --# include - --# if OPENSSL_API_COMPAT < 0x10100000L --# include --# include --# include -+# ifndef OPENSSL_NO_EC -+# include - # endif - --# include -+# ifndef OPENSSL_NO_ECDSA -+# include -+# endif -+ -+# ifndef OPENSSL_NO_ECDH -+# include -+# endif -+ -+# ifndef OPENSSL_NO_DEPRECATED -+# ifndef OPENSSL_NO_RSA -+# include -+# endif -+# ifndef OPENSSL_NO_DSA -+# include -+# endif -+# ifndef OPENSSL_NO_DH -+# include -+# endif -+# endif -+ -+# ifndef OPENSSL_NO_SHA -+# include -+# endif -+# include - - #ifdef __cplusplus - extern "C" { - #endif - -+# ifdef OPENSSL_SYS_WIN32 -+/* Under Win32 these are defined in wincrypt.h */ -+# undef X509_NAME -+# undef X509_CERT_PAIR -+# undef X509_EXTENSIONS -+# endif -+ - # define X509_FILETYPE_PEM 1 - # define X509_FILETYPE_ASN1 2 - # define X509_FILETYPE_DEFAULT 3 -@@ -54,11 +134,19 @@ extern "C" { - # define X509v3_KU_DECIPHER_ONLY 0x8000 - # define X509v3_KU_UNDEF 0xffff - -+typedef struct X509_objects_st { -+ int nid; -+ int (*a2i) (void); -+ int (*i2a) (void); -+} X509_OBJECTS; -+ - struct X509_algor_st { - ASN1_OBJECT *algorithm; - ASN1_TYPE *parameter; - } /* X509_ALGOR */ ; - -+DECLARE_ASN1_SET_OF(X509_ALGOR) -+ - typedef STACK_OF(X509_ALGOR) X509_ALGORS; - - typedef struct X509_val_st { -@@ -66,35 +154,152 @@ typedef struct X509_val_st { - ASN1_TIME *notAfter; - } X509_VAL; - --typedef struct X509_sig_st X509_SIG; -- --typedef struct X509_name_entry_st X509_NAME_ENTRY; -- --DEFINE_STACK_OF(X509_NAME_ENTRY) -+struct X509_pubkey_st { -+ X509_ALGOR *algor; -+ ASN1_BIT_STRING *public_key; -+ EVP_PKEY *pkey; -+}; -+ -+typedef struct X509_sig_st { -+ X509_ALGOR *algor; -+ ASN1_OCTET_STRING *digest; -+} X509_SIG; -+ -+typedef struct X509_name_entry_st { -+ ASN1_OBJECT *object; -+ ASN1_STRING *value; -+ int set; -+ int size; /* temp variable */ -+} X509_NAME_ENTRY; -+ -+DECLARE_STACK_OF(X509_NAME_ENTRY) -+DECLARE_ASN1_SET_OF(X509_NAME_ENTRY) -+ -+/* we always keep X509_NAMEs in 2 forms. */ -+struct X509_name_st { -+ STACK_OF(X509_NAME_ENTRY) *entries; -+ int modified; /* true if 'bytes' needs to be built */ -+# ifndef OPENSSL_NO_BUFFER -+ BUF_MEM *bytes; -+# else -+ char *bytes; -+# endif -+/* unsigned long hash; Keep the hash around for lookups */ -+ unsigned char *canon_enc; -+ int canon_enclen; -+} /* X509_NAME */ ; - --DEFINE_STACK_OF(X509_NAME) -+DECLARE_STACK_OF(X509_NAME) - - # define X509_EX_V_NETSCAPE_HACK 0x8000 - # define X509_EX_V_INIT 0x0001 --typedef struct X509_extension_st X509_EXTENSION; -+typedef struct X509_extension_st { -+ ASN1_OBJECT *object; -+ ASN1_BOOLEAN critical; -+ ASN1_OCTET_STRING *value; -+} X509_EXTENSION; - - typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS; - --DEFINE_STACK_OF(X509_EXTENSION) -- --typedef struct x509_attributes_st X509_ATTRIBUTE; -- --DEFINE_STACK_OF(X509_ATTRIBUTE) -- --typedef struct X509_req_info_st X509_REQ_INFO; -+DECLARE_STACK_OF(X509_EXTENSION) -+DECLARE_ASN1_SET_OF(X509_EXTENSION) -+ -+/* a sequence of these are used */ -+typedef struct x509_attributes_st { -+ ASN1_OBJECT *object; -+ int single; /* 0 for a set, 1 for a single item (which is -+ * wrong) */ -+ union { -+ char *ptr; -+ /* -+ * 0 -+ */ STACK_OF(ASN1_TYPE) *set; -+ /* -+ * 1 -+ */ ASN1_TYPE *single; -+ } value; -+} X509_ATTRIBUTE; -+ -+DECLARE_STACK_OF(X509_ATTRIBUTE) -+DECLARE_ASN1_SET_OF(X509_ATTRIBUTE) -+ -+typedef struct X509_req_info_st { -+ ASN1_ENCODING enc; -+ ASN1_INTEGER *version; -+ X509_NAME *subject; -+ X509_PUBKEY *pubkey; -+ /* d=2 hl=2 l= 0 cons: cont: 00 */ -+ STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ -+} X509_REQ_INFO; - --typedef struct X509_req_st X509_REQ; -+typedef struct X509_req_st { -+ X509_REQ_INFO *req_info; -+ X509_ALGOR *sig_alg; -+ ASN1_BIT_STRING *signature; -+ int references; -+} X509_REQ; -+ -+typedef struct x509_cinf_st { -+ ASN1_INTEGER *version; /* [ 0 ] default of v1 */ -+ ASN1_INTEGER *serialNumber; -+ X509_ALGOR *signature; -+ X509_NAME *issuer; -+ X509_VAL *validity; -+ X509_NAME *subject; -+ X509_PUBKEY *key; -+ ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */ -+ ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */ -+ STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */ -+ ASN1_ENCODING enc; -+} X509_CINF; - --typedef struct x509_cert_aux_st X509_CERT_AUX; -+/* -+ * This stuff is certificate "auxiliary info" it contains details which are -+ * useful in certificate stores and databases. When used this is tagged onto -+ * the end of the certificate itself -+ */ - --typedef struct x509_cinf_st X509_CINF; -+typedef struct x509_cert_aux_st { -+ STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */ -+ STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */ -+ ASN1_UTF8STRING *alias; /* "friendly name" */ -+ ASN1_OCTET_STRING *keyid; /* key id of private key */ -+ STACK_OF(X509_ALGOR) *other; /* other unspecified info */ -+} X509_CERT_AUX; -+ -+struct x509_st { -+ X509_CINF *cert_info; -+ X509_ALGOR *sig_alg; -+ ASN1_BIT_STRING *signature; -+ int valid; -+ int references; -+ char *name; -+ CRYPTO_EX_DATA ex_data; -+ /* These contain copies of various extension values */ -+ long ex_pathlen; -+ long ex_pcpathlen; -+ unsigned long ex_flags; -+ unsigned long ex_kusage; -+ unsigned long ex_xkusage; -+ unsigned long ex_nscert; -+ ASN1_OCTET_STRING *skid; -+ AUTHORITY_KEYID *akid; -+ X509_POLICY_CACHE *policy_cache; -+ STACK_OF(DIST_POINT) *crldp; -+ STACK_OF(GENERAL_NAME) *altname; -+ NAME_CONSTRAINTS *nc; -+# ifndef OPENSSL_NO_RFC3779 -+ STACK_OF(IPAddressFamily) *rfc3779_addr; -+ struct ASIdentifiers_st *rfc3779_asid; -+# endif -+# ifndef OPENSSL_NO_SHA -+ unsigned char sha1_hash[SHA_DIGEST_LENGTH]; -+# endif -+ X509_CERT_AUX *aux; -+} /* X509 */ ; - --DEFINE_STACK_OF(X509) -+DECLARE_STACK_OF(X509) -+DECLARE_ASN1_SET_OF(X509) - - /* This is used for a table of trust checking functions */ - -@@ -107,11 +312,16 @@ typedef struct x509_trust_st { - void *arg2; - } X509_TRUST; - --DEFINE_STACK_OF(X509_TRUST) -+DECLARE_STACK_OF(X509_TRUST) -+ -+typedef struct x509_cert_pair_st { -+ X509 *forward; -+ X509 *reverse; -+} X509_CERT_PAIR; - - /* standard trust ids */ - --# define X509_TRUST_DEFAULT 0 /* Only valid in purpose settings */ -+# define X509_TRUST_DEFAULT -1/* Only valid in purpose settings */ - - # define X509_TRUST_COMPAT 1 - # define X509_TRUST_SSL_CLIENT 2 -@@ -127,14 +337,8 @@ DEFINE_STACK_OF(X509_TRUST) - # define X509_TRUST_MAX 8 - - /* trust_flags values */ --# define X509_TRUST_DYNAMIC (1U << 0) --# define X509_TRUST_DYNAMIC_NAME (1U << 1) --/* No compat trust if self-signed, preempts "DO_SS" */ --# define X509_TRUST_NO_SS_COMPAT (1U << 2) --/* Compat trust if no explicit accepted trust EKUs */ --# define X509_TRUST_DO_SS_COMPAT (1U << 3) --/* Accept "anyEKU" as a wildcard trust OID */ --# define X509_TRUST_OK_ANY_EKU (1U << 4) -+# define X509_TRUST_DYNAMIC 1 -+# define X509_TRUST_DYNAMIC_NAME 2 - - /* check_trust return codes */ - -@@ -165,7 +369,8 @@ DEFINE_STACK_OF(X509_TRUST) - - # define XN_FLAG_SEP_MASK (0xf << 16) - --# define XN_FLAG_COMPAT 0/* Traditional; use old X509_NAME_print */ -+# define XN_FLAG_COMPAT 0/* Traditional SSLeay: use old -+ * X509_NAME_print */ - # define XN_FLAG_SEP_COMMA_PLUS (1 << 16)/* RFC2253 ,+ */ - # define XN_FLAG_SEP_CPLUS_SPC (2 << 16)/* ,+ spaced: more readable */ - # define XN_FLAG_SEP_SPLUS_SPC (3 << 16)/* ;+ spaced */ -@@ -219,11 +424,57 @@ DEFINE_STACK_OF(X509_TRUST) - XN_FLAG_FN_LN | \ - XN_FLAG_FN_ALIGN) - --DEFINE_STACK_OF(X509_REVOKED) -- --typedef struct X509_crl_info_st X509_CRL_INFO; -+struct x509_revoked_st { -+ ASN1_INTEGER *serialNumber; -+ ASN1_TIME *revocationDate; -+ STACK_OF(X509_EXTENSION) /* optional */ *extensions; -+ /* Set up if indirect CRL */ -+ STACK_OF(GENERAL_NAME) *issuer; -+ /* Revocation reason */ -+ int reason; -+ int sequence; /* load sequence */ -+}; -+ -+DECLARE_STACK_OF(X509_REVOKED) -+DECLARE_ASN1_SET_OF(X509_REVOKED) -+ -+typedef struct X509_crl_info_st { -+ ASN1_INTEGER *version; -+ X509_ALGOR *sig_alg; -+ X509_NAME *issuer; -+ ASN1_TIME *lastUpdate; -+ ASN1_TIME *nextUpdate; -+ STACK_OF(X509_REVOKED) *revoked; -+ STACK_OF(X509_EXTENSION) /* [0] */ *extensions; -+ ASN1_ENCODING enc; -+} X509_CRL_INFO; -+ -+struct X509_crl_st { -+ /* actual signature */ -+ X509_CRL_INFO *crl; -+ X509_ALGOR *sig_alg; -+ ASN1_BIT_STRING *signature; -+ int references; -+ int flags; -+ /* Copies of various extensions */ -+ AUTHORITY_KEYID *akid; -+ ISSUING_DIST_POINT *idp; -+ /* Convenient breakdown of IDP */ -+ int idp_flags; -+ int idp_reasons; -+ /* CRL and base CRL numbers for delta processing */ -+ ASN1_INTEGER *crl_number; -+ ASN1_INTEGER *base_crl_number; -+# ifndef OPENSSL_NO_SHA -+ unsigned char sha1_hash[SHA_DIGEST_LENGTH]; -+# endif -+ STACK_OF(GENERAL_NAMES) *issuers; -+ const X509_CRL_METHOD *meth; -+ void *meth_data; -+} /* X509_CRL */ ; - --DEFINE_STACK_OF(X509_CRL) -+DECLARE_STACK_OF(X509_CRL) -+DECLARE_ASN1_SET_OF(X509_CRL) - - typedef struct private_key_st { - int version; -@@ -238,8 +489,10 @@ typedef struct private_key_st { - int key_free; /* true if we should auto free key_data */ - /* expanded version of 'enc_algor' */ - EVP_CIPHER_INFO cipher; -+ int references; - } X509_PKEY; - -+# ifndef OPENSSL_NO_EVP - typedef struct X509_info_st { - X509 *x509; - X509_CRL *crl; -@@ -247,9 +500,11 @@ typedef struct X509_info_st { - EVP_CIPHER_INFO enc_cipher; - int enc_len; - char *enc_data; -+ int references; - } X509_INFO; - --DEFINE_STACK_OF(X509_INFO) -+DECLARE_STACK_OF(X509_INFO) -+# endif - - /* - * The next 2 structures and their 8 routines were sent to me by Pat Richard -@@ -263,7 +518,7 @@ typedef struct Netscape_spkac_st { - - typedef struct Netscape_spki_st { - NETSCAPE_SPKAC *spkac; /* signed public key and challenge */ -- X509_ALGOR sig_algor; -+ X509_ALGOR *sig_algor; - ASN1_BIT_STRING *signature; - } NETSCAPE_SPKI; - -@@ -302,6 +557,23 @@ typedef struct PBKDF2PARAM_st { - X509_ALGOR *prf; - } PBKDF2PARAM; - -+/* PKCS#8 private key info structure */ -+ -+struct pkcs8_priv_key_info_st { -+ /* Flag for various broken formats */ -+ int broken; -+# define PKCS8_OK 0 -+# define PKCS8_NO_OCTET 1 -+# define PKCS8_EMBEDDED_PARAM 2 -+# define PKCS8_NS_DB 3 -+# define PKCS8_NEG_PRIVKEY 4 -+ ASN1_INTEGER *version; -+ X509_ALGOR *pkeyalg; -+ /* Should be OCTET STRING but some are broken */ -+ ASN1_TYPE *pkey; -+ STACK_OF(X509_ATTRIBUTE) *attributes; -+}; -+ - #ifdef __cplusplus - } - #endif -@@ -316,9 +588,22 @@ extern "C" { - # define X509_EXT_PACK_UNKNOWN 1 - # define X509_EXT_PACK_STRING 2 - -+# define X509_get_version(x) ASN1_INTEGER_get((x)->cert_info->version) -+/* #define X509_get_serialNumber(x) ((x)->cert_info->serialNumber) */ -+# define X509_get_notBefore(x) ((x)->cert_info->validity->notBefore) -+# define X509_get_notAfter(x) ((x)->cert_info->validity->notAfter) - # define X509_extract_key(x) X509_get_pubkey(x)/*****/ -+# define X509_REQ_get_version(x) ASN1_INTEGER_get((x)->req_info->version) -+# define X509_REQ_get_subject_name(x) ((x)->req_info->subject) - # define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a) - # define X509_name_cmp(a,b) X509_NAME_cmp((a),(b)) -+# define X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm)) -+ -+# define X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version) -+# define X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate) -+# define X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate) -+# define X509_CRL_get_issuer(x) ((x)->crl->issuer) -+# define X509_CRL_get_REVOKED(x) ((x)->crl->revoked) - - void X509_CRL_set_default_method(const X509_CRL_METHOD *meth); - X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl), -@@ -334,8 +619,15 @@ void X509_CRL_METHOD_free(X509_CRL_METHOD *m); - void X509_CRL_set_meth_data(X509_CRL *crl, void *dat); - void *X509_CRL_get_meth_data(X509_CRL *crl); - -+/* -+ * This one is only used so that a binary form can output, as in -+ * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) -+ */ -+# define X509_get_X509_PUBKEY(x) ((x)->cert_info->key) -+ - const char *X509_verify_cert_error_string(long n); - -+# ifndef OPENSSL_NO_EVP - int X509_verify(X509 *a, EVP_PKEY *r); - - int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); -@@ -350,21 +642,16 @@ int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey); - int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki); - - int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent); --int X509_signature_print(BIO *bp, const X509_ALGOR *alg, -- const ASN1_STRING *sig); -+int X509_signature_print(BIO *bp, X509_ALGOR *alg, ASN1_STRING *sig); - - int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); - int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx); --# ifndef OPENSSL_NO_OCSP - int X509_http_nbio(OCSP_REQ_CTX *rctx, X509 **pcert); --# endif - int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md); - int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx); - int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md); - int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx); --# ifndef OPENSSL_NO_OCSP - int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl); --# endif - int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md); - - int X509_pubkey_digest(const X509 *data, const EVP_MD *type, -@@ -377,8 +664,9 @@ int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, - unsigned char *md, unsigned int *len); - int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, - unsigned char *md, unsigned int *len); -+# endif - --# ifndef OPENSSL_NO_STDIO -+# ifndef OPENSSL_NO_FP_API - X509 *d2i_X509_fp(FILE *fp, X509 **x509); - int i2d_X509_fp(FILE *fp, X509 *x509); - X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl); -@@ -417,6 +705,7 @@ int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey); - EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a); - # endif - -+# ifndef OPENSSL_NO_BIO - X509 *d2i_X509_bio(BIO *bp, X509 **x509); - int i2d_X509_bio(BIO *bp, X509 *x509); - X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl); -@@ -453,6 +742,7 @@ int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey); - EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a); - int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey); - EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a); -+# endif - - X509 *X509_dup(X509 *x509); - X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa); -@@ -463,8 +753,8 @@ X509_REQ *X509_REQ_dup(X509_REQ *req); - X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn); - int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, - void *pval); --void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, -- const void **ppval, const X509_ALGOR *algor); -+void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval, -+ X509_ALGOR *algor); - void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); - int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); - -@@ -495,10 +785,8 @@ DECLARE_ASN1_FUNCTIONS(X509_VAL) - DECLARE_ASN1_FUNCTIONS(X509_PUBKEY) - - int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey); --EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key); - EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key); - int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain); --long X509_get_pathlen(X509 *x); - int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp); - EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length); - # ifndef OPENSSL_NO_RSA -@@ -515,11 +803,6 @@ EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length); - # endif - - DECLARE_ASN1_FUNCTIONS(X509_SIG) --void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg, -- const ASN1_OCTET_STRING **pdigest); --void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg, -- ASN1_OCTET_STRING **pdigest); -- - DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO) - DECLARE_ASN1_FUNCTIONS(X509_REQ) - -@@ -540,8 +823,10 @@ DECLARE_ASN1_FUNCTIONS(X509_CINF) - DECLARE_ASN1_FUNCTIONS(X509) - DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX) - --#define X509_get_ex_new_index(l, p, newf, dupf, freef) \ -- CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, l, p, newf, dupf, freef) -+DECLARE_ASN1_FUNCTIONS(X509_CERT_PAIR) -+ -+int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, -+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); - int X509_set_ex_data(X509 *r, int idx, void *arg); - void *X509_get_ex_data(X509 *r, int idx); - int i2d_X509_AUX(X509 *a, unsigned char **pp); -@@ -549,26 +834,22 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length); - - int i2d_re_X509_tbs(X509 *x, unsigned char **pp); - --void X509_get0_signature(const ASN1_BIT_STRING **psig, -- const X509_ALGOR **palg, const X509 *x); -+void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, -+ const X509 *x); - int X509_get_signature_nid(const X509 *x); - --int X509_trusted(const X509 *x); --int X509_alias_set1(X509 *x, const unsigned char *name, int len); --int X509_keyid_set1(X509 *x, const unsigned char *id, int len); -+int X509_alias_set1(X509 *x, unsigned char *name, int len); -+int X509_keyid_set1(X509 *x, unsigned char *id, int len); - unsigned char *X509_alias_get0(X509 *x, int *len); - unsigned char *X509_keyid_get0(X509 *x, int *len); - int (*X509_TRUST_set_default(int (*trust) (int, X509 *, int))) (int, X509 *, - int); - int X509_TRUST_set(int *t, int trust); --int X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj); --int X509_add1_reject_object(X509 *x, const ASN1_OBJECT *obj); -+int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj); -+int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj); - void X509_trust_clear(X509 *x); - void X509_reject_clear(X509 *x); - --STACK_OF(ASN1_OBJECT) *X509_get0_trust_objects(X509 *x); --STACK_OF(ASN1_OBJECT) *X509_get0_reject_objects(X509 *x); -- - DECLARE_ASN1_FUNCTIONS(X509_REVOKED) - DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO) - DECLARE_ASN1_FUNCTIONS(X509_CRL) -@@ -580,14 +861,18 @@ int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x); - - X509_PKEY *X509_PKEY_new(void); - void X509_PKEY_free(X509_PKEY *a); -+int i2d_X509_PKEY(X509_PKEY *a, unsigned char **pp); -+X509_PKEY *d2i_X509_PKEY(X509_PKEY **a, const unsigned char **pp, -+ long length); - - DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI) - DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC) - DECLARE_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE) - -+# ifndef OPENSSL_NO_EVP - X509_INFO *X509_INFO_new(void); - void X509_INFO_free(X509_INFO *a); --char *X509_NAME_oneline(const X509_NAME *a, char *buf, int size); -+char *X509_NAME_oneline(X509_NAME *a, char *buf, int size); - - int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *algor1, - ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey); -@@ -611,61 +896,26 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, - int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, - X509_ALGOR *algor2, ASN1_BIT_STRING *signature, - void *asn, EVP_MD_CTX *ctx); -+# endif - --long X509_get_version(const X509 *x); - int X509_set_version(X509 *x, long version); - int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial); - ASN1_INTEGER *X509_get_serialNumber(X509 *x); --const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x); - int X509_set_issuer_name(X509 *x, X509_NAME *name); --X509_NAME *X509_get_issuer_name(const X509 *a); -+X509_NAME *X509_get_issuer_name(X509 *a); - int X509_set_subject_name(X509 *x, X509_NAME *name); --X509_NAME *X509_get_subject_name(const X509 *a); --const ASN1_TIME * X509_get0_notBefore(const X509 *x); --ASN1_TIME *X509_getm_notBefore(const X509 *x); --int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm); --const ASN1_TIME *X509_get0_notAfter(const X509 *x); --ASN1_TIME *X509_getm_notAfter(const X509 *x); --int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm); -+X509_NAME *X509_get_subject_name(X509 *a); -+int X509_set_notBefore(X509 *x, const ASN1_TIME *tm); -+int X509_set_notAfter(X509 *x, const ASN1_TIME *tm); - int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); --int X509_up_ref(X509 *x); --int X509_get_signature_type(const X509 *x); -- --# if OPENSSL_API_COMPAT < 0x10100000L --# define X509_get_notBefore X509_getm_notBefore --# define X509_get_notAfter X509_getm_notAfter --# define X509_set_notBefore X509_set1_notBefore --# define X509_set_notAfter X509_set1_notAfter --#endif -- -- --/* -- * This one is only used so that a binary form can output, as in -- * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) -- */ --X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x); --const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x); --void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid, -- const ASN1_BIT_STRING **psuid); --const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x); -- --EVP_PKEY *X509_get0_pubkey(const X509 *x); - EVP_PKEY *X509_get_pubkey(X509 *x); - ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x); --int X509_certificate_type(const X509 *x, const EVP_PKEY *pubkey); -+int X509_certificate_type(X509 *x, EVP_PKEY *pubkey /* optional */ ); - --long X509_REQ_get_version(const X509_REQ *req); - int X509_REQ_set_version(X509_REQ *x, long version); --X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req); - int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name); --void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, -- const X509_ALGOR **palg); --int X509_REQ_get_signature_nid(const X509_REQ *req); --int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp); - int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); - EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req); --EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req); --X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req); - int X509_REQ_extension_nid(int nid); - int *X509_REQ_get_extension_nids(void); - void X509_REQ_set_extension_nids(int *nids); -@@ -675,7 +925,7 @@ int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, - int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts); - int X509_REQ_get_attr_count(const X509_REQ *req); - int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos); --int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, const ASN1_OBJECT *obj, -+int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj, - int lastpos); - X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc); - X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc); -@@ -692,42 +942,19 @@ int X509_REQ_add1_attr_by_txt(X509_REQ *req, - - int X509_CRL_set_version(X509_CRL *x, long version); - int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name); --int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm); --int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm); -+int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm); -+int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm); - int X509_CRL_sort(X509_CRL *crl); --int X509_CRL_up_ref(X509_CRL *crl); - --# if OPENSSL_API_COMPAT < 0x10100000L --# define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate --# define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate --#endif -- --long X509_CRL_get_version(const X509_CRL *crl); --const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl); --const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl); --DEPRECATEDIN_1_1_0(ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl)) --DEPRECATEDIN_1_1_0(ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl)) --X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl); --const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl); --STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl); --void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, -- const X509_ALGOR **palg); --int X509_CRL_get_signature_nid(const X509_CRL *crl); --int i2d_re_X509_CRL_tbs(X509_CRL *req, unsigned char **pp); -- --const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x); - int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial); --const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *x); - int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm); --const STACK_OF(X509_EXTENSION) * --X509_REVOKED_get0_extensions(const X509_REVOKED *r); - - X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, - EVP_PKEY *skey, const EVP_MD *md, unsigned int flags); - - int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey); - --int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey); -+int X509_check_private_key(X509 *x509, EVP_PKEY *pkey); - int X509_chain_check_suiteb(int *perror_depth, - X509 *x, STACK_OF(X509) *chain, - unsigned long flags); -@@ -755,81 +982,78 @@ unsigned long X509_NAME_hash_old(X509_NAME *x); - - int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); - int X509_CRL_match(const X509_CRL *a, const X509_CRL *b); --int X509_aux_print(BIO *out, X509 *x, int indent); --# ifndef OPENSSL_NO_STDIO -+# ifndef OPENSSL_NO_FP_API - int X509_print_ex_fp(FILE *bp, X509 *x, unsigned long nmflag, - unsigned long cflag); - int X509_print_fp(FILE *bp, X509 *x); - int X509_CRL_print_fp(FILE *bp, X509_CRL *x); - int X509_REQ_print_fp(FILE *bp, X509_REQ *req); --int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent, -+int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, - unsigned long flags); - # endif - --int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase); --int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent, -+# ifndef OPENSSL_NO_BIO -+int X509_NAME_print(BIO *bp, X509_NAME *name, int obase); -+int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, - unsigned long flags); - int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflag, - unsigned long cflag); - int X509_print(BIO *bp, X509 *x); - int X509_ocspid_print(BIO *bp, X509 *x); -+int X509_CERT_AUX_print(BIO *bp, X509_CERT_AUX *x, int indent); - int X509_CRL_print(BIO *bp, X509_CRL *x); - int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, - unsigned long cflag); - int X509_REQ_print(BIO *bp, X509_REQ *req); -+# endif - --int X509_NAME_entry_count(const X509_NAME *name); -+int X509_NAME_entry_count(X509_NAME *name); - int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len); --int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, -+int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, - char *buf, int len); - - /* -- * NOTE: you should be passing -1, not 0 as lastpos. The functions that use -+ * NOTE: you should be passsing -1, not 0 as lastpos. The functions that use - * lastpos, search after that position on. - */ - int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos); --int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, -+int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, - int lastpos); --X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc); -+X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc); - X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); --int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, -+int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, - int loc, int set); --int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type, -- const unsigned char *bytes, int len, int loc, -+int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, -+ unsigned char *bytes, int len, int loc, - int set); - int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, -- const unsigned char *bytes, int len, int loc, -+ unsigned char *bytes, int len, int loc, - int set); - X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, - const char *field, int type, - const unsigned char *bytes, - int len); - X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, -- int type, -- const unsigned char *bytes, -+ int type, unsigned char *bytes, - int len); - int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, - const unsigned char *bytes, int len, int loc, - int set); - X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, -- const ASN1_OBJECT *obj, int type, -+ ASN1_OBJECT *obj, int type, - const unsigned char *bytes, - int len); --int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj); -+int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj); - int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, - const unsigned char *bytes, int len); --ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne); --ASN1_STRING * X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne); --int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne); -- --int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder, -- size_t *pderlen); -+ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne); -+ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne); - - int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x); - int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, - int nid, int lastpos); - int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x, -- const ASN1_OBJECT *obj, int lastpos); -+ ASN1_OBJECT *obj, int lastpos); - int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x, - int crit, int lastpos); - X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc); -@@ -837,40 +1061,37 @@ X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc); - STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, - X509_EXTENSION *ex, int loc); - --int X509_get_ext_count(const X509 *x); --int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos); --int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos); --int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos); --X509_EXTENSION *X509_get_ext(const X509 *x, int loc); -+int X509_get_ext_count(X509 *x); -+int X509_get_ext_by_NID(X509 *x, int nid, int lastpos); -+int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos); -+int X509_get_ext_by_critical(X509 *x, int crit, int lastpos); -+X509_EXTENSION *X509_get_ext(X509 *x, int loc); - X509_EXTENSION *X509_delete_ext(X509 *x, int loc); - int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); --void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx); -+void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx); - int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, - unsigned long flags); - --int X509_CRL_get_ext_count(const X509_CRL *x); --int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos); --int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj, -- int lastpos); --int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos); --X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc); -+int X509_CRL_get_ext_count(X509_CRL *x); -+int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos); -+int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos); -+int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos); -+X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc); - X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc); - int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); --void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx); -+void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx); - int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit, - unsigned long flags); - --int X509_REVOKED_get_ext_count(const X509_REVOKED *x); --int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos); --int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj, -+int X509_REVOKED_get_ext_count(X509_REVOKED *x); -+int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos); -+int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj, - int lastpos); --int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, -- int lastpos); --X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc); -+int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos); -+X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc); - X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc); - int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc); --void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *x, int nid, int *crit, -- int *idx); -+void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx); - int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit, - unsigned long flags); - -@@ -878,20 +1099,20 @@ X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, - int nid, int crit, - ASN1_OCTET_STRING *data); - X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, -- const ASN1_OBJECT *obj, int crit, -+ ASN1_OBJECT *obj, int crit, - ASN1_OCTET_STRING *data); --int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj); -+int X509_EXTENSION_set_object(X509_EXTENSION *ex, ASN1_OBJECT *obj); - int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit); - int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data); - ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex); - ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne); --int X509_EXTENSION_get_critical(const X509_EXTENSION *ex); -+int X509_EXTENSION_get_critical(X509_EXTENSION *ex); - - int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x); - int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, - int lastpos); - int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, -- const ASN1_OBJECT *obj, int lastpos); -+ ASN1_OBJECT *obj, int lastpos); - X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc); - X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc); - STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, -@@ -910,8 +1131,8 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) - int type, - const unsigned char *bytes, - int len); --void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, -- const ASN1_OBJECT *obj, int lastpos, int type); -+void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, ASN1_OBJECT *obj, -+ int lastpos, int type); - X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, - int atrtype, const void *data, - int len); -@@ -928,13 +1149,13 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, - const void *data, int len); - void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, int atrtype, - void *data); --int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr); -+int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr); - ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr); - ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx); - - int EVP_PKEY_get_attr_count(const EVP_PKEY *key); - int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos); --int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, const ASN1_OBJECT *obj, -+int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj, - int lastpos); - X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc); - X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc); -@@ -971,13 +1192,6 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, - unsigned char *salt, int saltlen, - unsigned char *aiv, int prf_nid); - --#ifndef OPENSSL_NO_SCRYPT --X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher, -- const unsigned char *salt, int saltlen, -- unsigned char *aiv, uint64_t N, uint64_t r, -- uint64_t p); --#endif -- - X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, - int prf_nid, int keylen); - -@@ -985,20 +1199,17 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, - - DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO) - --EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8); -+EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8); - PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey); -+PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken); -+PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken); - - int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, - int version, int ptype, void *pval, - unsigned char *penc, int penclen); --int PKCS8_pkey_get0(const ASN1_OBJECT **ppkalg, -+int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg, - const unsigned char **pk, int *ppklen, -- const X509_ALGOR **pa, const PKCS8_PRIV_KEY_INFO *p8); -- --const STACK_OF(X509_ATTRIBUTE) * --PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO *p8); --int PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type, -- const unsigned char *bytes, int len); -+ X509_ALGOR **pa, PKCS8_PRIV_KEY_INFO *p8); - - int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, - int ptype, void *pval, -@@ -1012,11 +1223,11 @@ int X509_TRUST_get_count(void); - X509_TRUST *X509_TRUST_get0(int idx); - int X509_TRUST_get_by_id(int id); - int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int), -- const char *name, int arg1, void *arg2); -+ char *name, int arg1, void *arg2); - void X509_TRUST_cleanup(void); --int X509_TRUST_get_flags(const X509_TRUST *xp); --char *X509_TRUST_get0_name(const X509_TRUST *xp); --int X509_TRUST_get_trust(const X509_TRUST *xp); -+int X509_TRUST_get_flags(X509_TRUST *xp); -+char *X509_TRUST_get0_name(X509_TRUST *xp); -+int X509_TRUST_get_trust(X509_TRUST *xp); - - /* BEGIN ERROR CODES */ - /* -@@ -1024,17 +1235,15 @@ int X509_TRUST_get_trust(const X509_TRUST *xp); - * made after this point may be overwritten when the script is next run. - */ - --int ERR_load_X509_strings(void); -+void ERR_load_X509_strings(void); - - /* Error codes for the X509 functions. */ - - /* Function codes. */ - # define X509_F_ADD_CERT_DIR 100 --# define X509_F_BUILD_CHAIN 106 - # define X509_F_BY_FILE_CTRL 101 --# define X509_F_CHECK_NAME_CONSTRAINTS 149 -+# define X509_F_CHECK_NAME_CONSTRAINTS 106 - # define X509_F_CHECK_POLICY 145 --# define X509_F_DANE_I2D 107 - # define X509_F_DIR_CTRL 102 - # define X509_F_GET_CERT_BY_SUBJECT 103 - # define X509_F_NETSCAPE_SPKI_B64_DECODE 129 -@@ -1061,10 +1270,8 @@ int ERR_load_X509_strings(void); - # define X509_F_X509_NAME_ENTRY_SET_OBJECT 115 - # define X509_F_X509_NAME_ONELINE 116 - # define X509_F_X509_NAME_PRINT 117 --# define X509_F_X509_OBJECT_NEW 150 - # define X509_F_X509_PRINT_EX_FP 118 --# define X509_F_X509_PUBKEY_DECODE 148 --# define X509_F_X509_PUBKEY_GET0 119 -+# define X509_F_X509_PUBKEY_GET 119 - # define X509_F_X509_PUBKEY_SET 120 - # define X509_F_X509_REQ_CHECK_PRIVATE_KEY 144 - # define X509_F_X509_REQ_PRINT_EX 121 -@@ -1083,13 +1290,13 @@ int ERR_load_X509_strings(void); - - /* Reason codes. */ - # define X509_R_AKID_MISMATCH 110 --# define X509_R_BAD_SELECTOR 133 - # define X509_R_BAD_X509_FILETYPE 100 - # define X509_R_BASE64_DECODE_ERROR 118 - # define X509_R_CANT_CHECK_DH_KEY 114 - # define X509_R_CERT_ALREADY_IN_HASH_TABLE 101 - # define X509_R_CRL_ALREADY_DELTA 127 - # define X509_R_CRL_VERIFY_FAILURE 131 -+# define X509_R_ERR_ASN1_LIB 102 - # define X509_R_IDP_MISMATCH 128 - # define X509_R_INVALID_DIRECTORY 113 - # define X509_R_INVALID_FIELD_NAME 119 -diff --git a/Cryptlib/Include/openssl/x509_vfy.h b/Cryptlib/Include/openssl/x509_vfy.h -index 64f56df..e90d931 100644 ---- a/Cryptlib/Include/openssl/x509_vfy.h -+++ b/Cryptlib/Include/openssl/x509_vfy.h -@@ -1,24 +1,76 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/x509/x509_vfy.h */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - --#ifndef HEADER_X509_VFY_H --# define HEADER_X509_VFY_H -- -+#ifndef HEADER_X509_H -+# include - /* -- * Protect against recursion, x509.h and x509_vfy.h each include the other. -+ * openssl/x509.h ends up #include-ing this file at about the only -+ * appropriate moment. - */ --# ifndef HEADER_X509_H --# include --# endif -+#endif -+ -+#ifndef HEADER_X509_VFY_H -+# define HEADER_X509_VFY_H - - # include --# include -+# ifndef OPENSSL_NO_LHASH -+# include -+# endif - # include - # include - # include -@@ -27,6 +79,24 @@ - extern "C" { - #endif - -+# if 0 -+/* Outer object */ -+typedef struct x509_hash_dir_st { -+ int num_dirs; -+ char **dirs; -+ int *dirs_type; -+ int num_dirs_alloced; -+} X509_HASH_DIR_CTX; -+# endif -+ -+typedef struct x509_file_st { -+ int num_paths; /* number of paths to files or directories */ -+ int num_alloced; -+ char **paths; /* the list of paths or directories */ -+ int *path_type; -+} X509_CERT_FILE_CTX; -+ -+/*******************************/ - /*- - SSL_CTX -> X509_STORE - -> X509_LOOKUP -@@ -44,41 +114,187 @@ The X509_STORE then calls a function to actually verify the - certificate chain. - */ - --typedef enum { -- X509_LU_NONE = 0, -- X509_LU_X509, X509_LU_CRL --} X509_LOOKUP_TYPE; -+# define X509_LU_RETRY -1 -+# define X509_LU_FAIL 0 -+# define X509_LU_X509 1 -+# define X509_LU_CRL 2 -+# define X509_LU_PKEY 3 -+ -+typedef struct x509_object_st { -+ /* one of the above types */ -+ int type; -+ union { -+ char *ptr; -+ X509 *x509; -+ X509_CRL *crl; -+ EVP_PKEY *pkey; -+ } data; -+} X509_OBJECT; -+ -+typedef struct x509_lookup_st X509_LOOKUP; -+ -+DECLARE_STACK_OF(X509_LOOKUP) -+DECLARE_STACK_OF(X509_OBJECT) -+ -+/* This is a static that defines the function interface */ -+typedef struct x509_lookup_method_st { -+ const char *name; -+ int (*new_item) (X509_LOOKUP *ctx); -+ void (*free) (X509_LOOKUP *ctx); -+ int (*init) (X509_LOOKUP *ctx); -+ int (*shutdown) (X509_LOOKUP *ctx); -+ int (*ctrl) (X509_LOOKUP *ctx, int cmd, const char *argc, long argl, -+ char **ret); -+ int (*get_by_subject) (X509_LOOKUP *ctx, int type, X509_NAME *name, -+ X509_OBJECT *ret); -+ int (*get_by_issuer_serial) (X509_LOOKUP *ctx, int type, X509_NAME *name, -+ ASN1_INTEGER *serial, X509_OBJECT *ret); -+ int (*get_by_fingerprint) (X509_LOOKUP *ctx, int type, -+ unsigned char *bytes, int len, -+ X509_OBJECT *ret); -+ int (*get_by_alias) (X509_LOOKUP *ctx, int type, char *str, int len, -+ X509_OBJECT *ret); -+} X509_LOOKUP_METHOD; - --#if OPENSSL_API_COMPAT < 0x10100000L --#define X509_LU_RETRY -1 --#define X509_LU_FAIL 0 --#endif -+typedef struct X509_VERIFY_PARAM_ID_st X509_VERIFY_PARAM_ID; -+ -+/* -+ * This structure hold all parameters associated with a verify operation by -+ * including an X509_VERIFY_PARAM structure in related structures the -+ * parameters used can be customized -+ */ -+ -+typedef struct X509_VERIFY_PARAM_st { -+ char *name; -+ time_t check_time; /* Time to use */ -+ unsigned long inh_flags; /* Inheritance flags */ -+ unsigned long flags; /* Various verify flags */ -+ int purpose; /* purpose to check untrusted certificates */ -+ int trust; /* trust setting to check */ -+ int depth; /* Verify depth */ -+ STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */ -+ X509_VERIFY_PARAM_ID *id; /* opaque ID data */ -+} X509_VERIFY_PARAM; - --DEFINE_STACK_OF(X509_LOOKUP) --DEFINE_STACK_OF(X509_OBJECT) --DEFINE_STACK_OF(X509_VERIFY_PARAM) -+DECLARE_STACK_OF(X509_VERIFY_PARAM) -+ -+/* -+ * This is used to hold everything. It is used for all certificate -+ * validation. Once we have a certificate chain, the 'verify' function is -+ * then called to actually check the cert chain. -+ */ -+struct x509_store_st { -+ /* The following is a cache of trusted certs */ -+ int cache; /* if true, stash any hits */ -+ STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */ -+ /* These are external lookup methods */ -+ STACK_OF(X509_LOOKUP) *get_cert_methods; -+ X509_VERIFY_PARAM *param; -+ /* Callbacks for various operations */ -+ /* called to verify a certificate */ -+ int (*verify) (X509_STORE_CTX *ctx); -+ /* error callback */ -+ int (*verify_cb) (int ok, X509_STORE_CTX *ctx); -+ /* get issuers cert from ctx */ -+ int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x); -+ /* check issued */ -+ int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer); -+ /* Check revocation status of chain */ -+ int (*check_revocation) (X509_STORE_CTX *ctx); -+ /* retrieve CRL */ -+ int (*get_crl) (X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); -+ /* Check CRL validity */ -+ int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl); -+ /* Check certificate against CRL */ -+ int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); -+ STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm); -+ STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm); -+ int (*cleanup) (X509_STORE_CTX *ctx); -+ CRYPTO_EX_DATA ex_data; -+ int references; -+} /* X509_STORE */ ; - - int X509_STORE_set_depth(X509_STORE *store, int depth); - --typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *); --typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *); --typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer, -- X509_STORE_CTX *ctx, X509 *x); --typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx, -- X509 *x, X509 *issuer); --typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx); --typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx, -- X509_CRL **crl, X509 *x); --typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl); --typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx, -- X509_CRL *crl, X509 *x); --typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx); --typedef STACK_OF(X509) *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx, -- X509_NAME *nm); --typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(X509_STORE_CTX *ctx, -- X509_NAME *nm); --typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx); -+# define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func)) -+# define X509_STORE_set_verify_func(ctx,func) ((ctx)->verify=(func)) - -+/* This is the functions plus an instance of the local variables. */ -+struct x509_lookup_st { -+ int init; /* have we been started */ -+ int skip; /* don't use us. */ -+ X509_LOOKUP_METHOD *method; /* the functions */ -+ char *method_data; /* method data */ -+ X509_STORE *store_ctx; /* who owns us */ -+} /* X509_LOOKUP */ ; -+ -+/* -+ * This is a used when verifying cert chains. Since the gathering of the -+ * cert chain can take some time (and have to be 'retried', this needs to be -+ * kept and passed around. -+ */ -+struct x509_store_ctx_st { /* X509_STORE_CTX */ -+ X509_STORE *ctx; -+ /* used when looking up certs */ -+ int current_method; -+ /* The following are set by the caller */ -+ /* The cert to check */ -+ X509 *cert; -+ /* chain of X509s - untrusted - passed in */ -+ STACK_OF(X509) *untrusted; -+ /* set of CRLs passed in */ -+ STACK_OF(X509_CRL) *crls; -+ X509_VERIFY_PARAM *param; -+ /* Other info for use with get_issuer() */ -+ void *other_ctx; -+ /* Callbacks for various operations */ -+ /* called to verify a certificate */ -+ int (*verify) (X509_STORE_CTX *ctx); -+ /* error callback */ -+ int (*verify_cb) (int ok, X509_STORE_CTX *ctx); -+ /* get issuers cert from ctx */ -+ int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x); -+ /* check issued */ -+ int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer); -+ /* Check revocation status of chain */ -+ int (*check_revocation) (X509_STORE_CTX *ctx); -+ /* retrieve CRL */ -+ int (*get_crl) (X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); -+ /* Check CRL validity */ -+ int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl); -+ /* Check certificate against CRL */ -+ int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); -+ int (*check_policy) (X509_STORE_CTX *ctx); -+ STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm); -+ STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm); -+ int (*cleanup) (X509_STORE_CTX *ctx); -+ /* The following is built up */ -+ /* if 0, rebuild chain */ -+ int valid; -+ /* index of last untrusted cert */ -+ int last_untrusted; -+ /* chain of X509s - built up and trusted */ -+ STACK_OF(X509) *chain; -+ /* Valid policy tree */ -+ X509_POLICY_TREE *tree; -+ /* Require explicit policy value */ -+ int explicit_policy; -+ /* When something goes wrong, this is why */ -+ int error_depth; -+ int error; -+ X509 *current_cert; -+ /* cert currently being tested as valid issuer */ -+ X509 *current_issuer; -+ /* current CRL */ -+ X509_CRL *current_crl; -+ /* score of current CRL */ -+ int current_crl_score; -+ /* Reason mask */ -+ unsigned int current_reasons; -+ /* For CRL path validation: parent context */ -+ X509_STORE_CTX *parent; -+ CRYPTO_EX_DATA ex_data; -+} /* X509_STORE_CTX */ ; - - void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); - -@@ -98,6 +314,7 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); - - # define X509_V_OK 0 - # define X509_V_ERR_UNSPECIFIED 1 -+ - # define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 - # define X509_V_ERR_UNABLE_TO_GET_CRL 3 - # define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4 -@@ -130,6 +347,7 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); - # define X509_V_ERR_AKID_SKID_MISMATCH 30 - # define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31 - # define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32 -+ - # define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33 - # define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 - # define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35 -@@ -138,23 +356,24 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); - # define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38 - # define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39 - # define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40 -+ - # define X509_V_ERR_INVALID_EXTENSION 41 - # define X509_V_ERR_INVALID_POLICY_EXTENSION 42 - # define X509_V_ERR_NO_EXPLICIT_POLICY 43 - # define X509_V_ERR_DIFFERENT_CRL_SCOPE 44 - # define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45 -+ - # define X509_V_ERR_UNNESTED_RESOURCE 46 -+ - # define X509_V_ERR_PERMITTED_VIOLATION 47 - # define X509_V_ERR_EXCLUDED_VIOLATION 48 - # define X509_V_ERR_SUBTREE_MINMAX 49 --/* The application is not happy */ - # define X509_V_ERR_APPLICATION_VERIFICATION 50 - # define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51 - # define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52 - # define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53 - # define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54 --/* Another issuer check debug option */ --# define X509_V_ERR_PATH_LOOP 55 -+ - /* Suite B mode algorithm violation */ - # define X509_V_ERR_SUITE_B_INVALID_VERSION 56 - # define X509_V_ERR_SUITE_B_INVALID_ALGORITHM 57 -@@ -162,30 +381,23 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); - # define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59 - # define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED 60 - # define X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61 -+ - /* Host, email and IP check errors */ - # define X509_V_ERR_HOSTNAME_MISMATCH 62 - # define X509_V_ERR_EMAIL_MISMATCH 63 - # define X509_V_ERR_IP_ADDRESS_MISMATCH 64 --/* DANE TLSA errors */ --# define X509_V_ERR_DANE_NO_MATCH 65 --/* security level errors */ --# define X509_V_ERR_EE_KEY_TOO_SMALL 66 --# define X509_V_ERR_CA_KEY_TOO_SMALL 67 --# define X509_V_ERR_CA_MD_TOO_WEAK 68 -+ - /* Caller error */ --# define X509_V_ERR_INVALID_CALL 69 -+# define X509_V_ERR_INVALID_CALL 65 - /* Issuer lookup error */ --# define X509_V_ERR_STORE_LOOKUP 70 --/* Certificate transparency */ --# define X509_V_ERR_NO_VALID_SCTS 71 -+# define X509_V_ERR_STORE_LOOKUP 66 - --# define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION 72 -+# define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION 67 - - /* Certificate verify flags */ - --# if OPENSSL_API_COMPAT < 0x10100000L --# define X509_V_FLAG_CB_ISSUER_CHECK 0x0 /* Deprecated */ --# endif -+/* Send issuer+subject checks to verify_cb */ -+# define X509_V_FLAG_CB_ISSUER_CHECK 0x1 - /* Use check time instead of current time */ - # define X509_V_FLAG_USE_CHECK_TIME 0x2 - /* Lookup CRLs */ -@@ -212,7 +424,7 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); - # define X509_V_FLAG_EXTENDED_CRL_SUPPORT 0x1000 - /* Delta CRL support */ - # define X509_V_FLAG_USE_DELTAS 0x2000 --/* Check self-signed CA signature */ -+/* Check selfsigned CA signature */ - # define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000 - /* Use trusted store first */ - # define X509_V_FLAG_TRUSTED_FIRST 0x8000 -@@ -222,11 +434,12 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); - # define X509_V_FLAG_SUITEB_192_LOS 0x20000 - /* Suite B 128 bit mode allowing 192 bit algorithms */ - # define X509_V_FLAG_SUITEB_128_LOS 0x30000 -+ - /* Allow partial chains if at least one certificate is in trusted store */ - # define X509_V_FLAG_PARTIAL_CHAIN 0x80000 - /* - * If the initial chain is not trusted, do not attempt to build an alternative -- * chain. Alternate chain checking was introduced in 1.1.0. Setting this flag -+ * chain. Alternate chain checking was introduced in 1.0.2b. Setting this flag - * will force the behaviour to match that of previous versions. - */ - # define X509_V_FLAG_NO_ALT_CHAINS 0x100000 -@@ -245,83 +458,31 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); - | X509_V_FLAG_INHIBIT_ANY \ - | X509_V_FLAG_INHIBIT_MAP) - --int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type, -+int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, - X509_NAME *name); - X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, -- X509_LOOKUP_TYPE type, -- X509_NAME *name); -+ int type, X509_NAME *name); - X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, - X509_OBJECT *x); --int X509_OBJECT_up_ref_count(X509_OBJECT *a); --X509_OBJECT *X509_OBJECT_new(void); --void X509_OBJECT_free(X509_OBJECT *a); --X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a); --X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a); --X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *a); -+void X509_OBJECT_up_ref_count(X509_OBJECT *a); -+void X509_OBJECT_free_contents(X509_OBJECT *a); - X509_STORE *X509_STORE_new(void); - void X509_STORE_free(X509_STORE *v); --int X509_STORE_lock(X509_STORE *ctx); --int X509_STORE_unlock(X509_STORE *ctx); --int X509_STORE_up_ref(X509_STORE *v); --STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v); - --STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st, X509_NAME *nm); --STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *st, X509_NAME *nm); -+STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *st, X509_NAME *nm); -+STACK_OF(X509_CRL) *X509_STORE_get1_crls(X509_STORE_CTX *st, X509_NAME *nm); - int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags); - int X509_STORE_set_purpose(X509_STORE *ctx, int purpose); - int X509_STORE_set_trust(X509_STORE *ctx, int trust); - int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm); --X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx); --int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags); - --void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify); --#define X509_STORE_set_verify_func(ctx, func) \ -- X509_STORE_set_verify((ctx),(func)) --void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, -- X509_STORE_CTX_verify_fn verify); --X509_STORE_CTX_verify_fn X509_STORE_get_verify(X509_STORE *ctx); - void X509_STORE_set_verify_cb(X509_STORE *ctx, -- X509_STORE_CTX_verify_cb verify_cb); --# define X509_STORE_set_verify_cb_func(ctx,func) \ -- X509_STORE_set_verify_cb((ctx),(func)) --X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE *ctx); --void X509_STORE_set_get_issuer(X509_STORE *ctx, -- X509_STORE_CTX_get_issuer_fn get_issuer); --X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE *ctx); --void X509_STORE_set_check_issued(X509_STORE *ctx, -- X509_STORE_CTX_check_issued_fn check_issued); --X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE *ctx); --void X509_STORE_set_check_revocation(X509_STORE *ctx, -- X509_STORE_CTX_check_revocation_fn check_revocation); --X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE *ctx); --void X509_STORE_set_get_crl(X509_STORE *ctx, -- X509_STORE_CTX_get_crl_fn get_crl); --X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE *ctx); --void X509_STORE_set_check_crl(X509_STORE *ctx, -- X509_STORE_CTX_check_crl_fn check_crl); --X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE *ctx); --void X509_STORE_set_cert_crl(X509_STORE *ctx, -- X509_STORE_CTX_cert_crl_fn cert_crl); --X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE *ctx); --void X509_STORE_set_check_policy(X509_STORE *ctx, -- X509_STORE_CTX_check_policy_fn check_policy); --X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE *ctx); --void X509_STORE_set_lookup_certs(X509_STORE *ctx, -- X509_STORE_CTX_lookup_certs_fn lookup_certs); --X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE *ctx); --void X509_STORE_set_lookup_crls(X509_STORE *ctx, -- X509_STORE_CTX_lookup_crls_fn lookup_crls); --#define X509_STORE_set_lookup_crls_cb(ctx, func) \ -- X509_STORE_set_lookup_crls((ctx), (func)) --X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE *ctx); --void X509_STORE_set_cleanup(X509_STORE *ctx, -- X509_STORE_CTX_cleanup_fn cleanup); --X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE *ctx); -- --#define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \ -- CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef) --int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data); --void *X509_STORE_get_ex_data(X509_STORE *ctx, int idx); -+ int (*verify_cb) (int, X509_STORE_CTX *)); -+ -+void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx, -+ STACK_OF(X509_CRL) *(*cb) (X509_STORE_CTX -+ *ctx, -+ X509_NAME *nm)); - - X509_STORE_CTX *X509_STORE_CTX_new(void); - -@@ -330,93 +491,70 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); - void X509_STORE_CTX_free(X509_STORE_CTX *ctx); - int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, - X509 *x509, STACK_OF(X509) *chain); --void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); -+void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); - void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); - - X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx); --X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx); --STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx); --void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); --void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, -- X509_STORE_CTX_verify_cb verify); --X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx); --X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx); --X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(X509_STORE_CTX *ctx); --X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx); --X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(X509_STORE_CTX *ctx); --X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(X509_STORE_CTX *ctx); --X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(X509_STORE_CTX *ctx); --X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(X509_STORE_CTX *ctx); --X509_STORE_CTX_check_policy_fn X509_STORE_CTX_get_check_policy(X509_STORE_CTX *ctx); --X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(X509_STORE_CTX *ctx); --X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(X509_STORE_CTX *ctx); --X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx); -- --#if OPENSSL_API_COMPAT < 0x10100000L --# define X509_STORE_CTX_get_chain X509_STORE_CTX_get0_chain --# define X509_STORE_CTX_set_chain X509_STORE_CTX_set0_untrusted --# define X509_STORE_CTX_trusted_stack X509_STORE_CTX_set0_trusted_stack --# define X509_STORE_get_by_subject X509_STORE_CTX_get_by_subject --# define X509_STORE_get1_cert X509_STORE_CTX_get1_certs --# define X509_STORE_get1_crl X509_STORE_CTX_get1_crls --#endif - - X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m); -+ -+#ifndef OPENSSL_NO_STDIO - X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void); - X509_LOOKUP_METHOD *X509_LOOKUP_file(void); -+#endif - - int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); - int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); - --int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, -- X509_NAME *name, X509_OBJECT *ret); --X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs, -- X509_LOOKUP_TYPE type, -- X509_NAME *name); -+int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name, -+ X509_OBJECT *ret); - - int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, - long argl, char **ret); - -+# ifndef OPENSSL_NO_STDIO - int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type); - int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type); - int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type); -+# endif - - X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method); - void X509_LOOKUP_free(X509_LOOKUP *ctx); - int X509_LOOKUP_init(X509_LOOKUP *ctx); --int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, -- X509_NAME *name, X509_OBJECT *ret); --int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, -- X509_NAME *name, ASN1_INTEGER *serial, -- X509_OBJECT *ret); --int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, -- const unsigned char *bytes, int len, -+int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name, -+ X509_OBJECT *ret); -+int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name, -+ ASN1_INTEGER *serial, X509_OBJECT *ret); -+int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type, -+ unsigned char *bytes, int len, - X509_OBJECT *ret); --int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, -- const char *str, int len, X509_OBJECT *ret); -+int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len, -+ X509_OBJECT *ret); - int X509_LOOKUP_shutdown(X509_LOOKUP *ctx); - -+# ifndef OPENSSL_NO_STDIO - int X509_STORE_load_locations(X509_STORE *ctx, - const char *file, const char *dir); - int X509_STORE_set_default_paths(X509_STORE *ctx); -+# endif - --#define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \ -- CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef) -+int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, -+ CRYPTO_EX_new *new_func, -+ CRYPTO_EX_dup *dup_func, -+ CRYPTO_EX_free *free_func); - int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data); - void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx); - int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); - void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s); - int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); --void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth); - X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); --void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x); - X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx); - X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx); - X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx); --STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx); -+STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx); - STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx); - void X509_STORE_CTX_set_cert(X509_STORE_CTX *c, X509 *x); --void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk); -+void X509_STORE_CTX_set_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk); - void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c, STACK_OF(X509_CRL) *sk); - int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose); - int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust); -@@ -425,22 +563,16 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, - void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags); - void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, - time_t t); -+void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, -+ int (*verify_cb) (int, X509_STORE_CTX *)); - - X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx); - int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx); --int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx); - - X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx); - void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param); - int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name); - --/* -- * Bridge opacity barrier between libcrypt and libssl, also needed to support -- * offline testing in test/danetest.c -- */ --void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, SSL_DANE *dane); --#define DANE_FLAG_NO_DANE_EE_NAMECHECKS (1L << 0) -- - /* X509_VERIFY_PARAM functions */ - - X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void); -@@ -458,18 +590,12 @@ unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param); - int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose); - int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust); - void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth); --void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, int auth_level); --time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param); - void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t); - int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, - ASN1_OBJECT *policy); - int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, - STACK_OF(ASN1_OBJECT) *policies); - --int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param, -- uint32_t flags); --uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param); -- - int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, - const char *name, size_t namelen); - int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, -@@ -477,7 +603,6 @@ int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, - void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, - unsigned int flags); - char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *); --void X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM *, X509_VERIFY_PARAM *); - int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, - const char *email, size_t emaillen); - int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, -@@ -486,7 +611,6 @@ int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, - const char *ipasc); - - int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param); --int X509_VERIFY_PARAM_get_auth_level(const X509_VERIFY_PARAM *param); - const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param); - - int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param); -@@ -495,19 +619,6 @@ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id); - const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name); - void X509_VERIFY_PARAM_table_cleanup(void); - --/* Non positive return values are errors */ --#define X509_PCY_TREE_FAILURE -2 /* Failure to satisfy explicit policy */ --#define X509_PCY_TREE_INVALID -1 /* Inconsistent or invalid extensions */ --#define X509_PCY_TREE_INTERNAL 0 /* Internal error, most likely malloc */ -- --/* -- * Positive return values form a bit mask, all but the first are internal to -- * the library and don't appear in results from X509_policy_check(). -- */ --#define X509_PCY_TREE_VALID 1 /* The policy tree is valid */ --#define X509_PCY_TREE_EMPTY 2 /* The policy tree is empty */ --#define X509_PCY_TREE_EXPLICIT 4 /* Explicit policy required */ -- - int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, - STACK_OF(X509) *certs, - STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags); -diff --git a/Cryptlib/Include/openssl/x509v3.h b/Cryptlib/Include/openssl/x509v3.h -index 1d8ef87..a2e78aa 100644 ---- a/Cryptlib/Include/openssl/x509v3.h -+++ b/Cryptlib/Include/openssl/x509v3.h -@@ -1,12 +1,61 @@ -+/* x509v3.h */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ -- - #ifndef HEADER_X509V3_H - # define HEADER_X509V3_H - -@@ -18,6 +67,13 @@ - extern "C" { - #endif - -+# ifdef OPENSSL_SYS_WIN32 -+/* Under Win32 these are defined in wincrypt.h */ -+# undef X509_NAME -+# undef X509_CERT_PAIR -+# undef X509_EXTENSIONS -+# endif -+ - /* Forward reference */ - struct v3_ext_method; - struct v3_ext_ctx; -@@ -68,8 +124,8 @@ struct v3_ext_method { - }; - - typedef struct X509V3_CONF_METHOD_st { -- char *(*get_string) (void *db, const char *section, const char *value); -- STACK_OF(CONF_VALUE) *(*get_section) (void *db, const char *section); -+ char *(*get_string) (void *db, char *section, char *value); -+ STACK_OF(CONF_VALUE) *(*get_section) (void *db, char *section); - void (*free_string) (void *db, char *string); - void (*free_section) (void *db, STACK_OF(CONF_VALUE) *section); - } X509V3_CONF_METHOD; -@@ -77,7 +133,6 @@ typedef struct X509V3_CONF_METHOD_st { - /* Context specific info */ - struct v3_ext_ctx { - # define CTX_TEST 0x1 --# define X509V3_CTX_REPLACE 0x2 - int flags; - X509 *issuer_cert; - X509 *subject_cert; -@@ -90,7 +145,7 @@ struct v3_ext_ctx { - - typedef struct v3_ext_method X509V3_EXT_METHOD; - --DEFINE_STACK_OF(X509V3_EXT_METHOD) -+DECLARE_STACK_OF(X509V3_EXT_METHOD) - - /* ext_flags values */ - # define X509V3_EXT_DYNAMIC 0x1 -@@ -151,6 +206,8 @@ typedef struct GENERAL_NAME_st { - } d; - } GENERAL_NAME; - -+typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES; -+ - typedef struct ACCESS_DESCRIPTION_st { - ASN1_OBJECT *method; - GENERAL_NAME *location; -@@ -160,13 +217,11 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; - - typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE; - --typedef STACK_OF(ASN1_INTEGER) TLS_FEATURE; -- --DEFINE_STACK_OF(GENERAL_NAME) --typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES; --DEFINE_STACK_OF(GENERAL_NAMES) -+DECLARE_STACK_OF(GENERAL_NAME) -+DECLARE_ASN1_SET_OF(GENERAL_NAME) - --DEFINE_STACK_OF(ACCESS_DESCRIPTION) -+DECLARE_STACK_OF(ACCESS_DESCRIPTION) -+DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION) - - typedef struct DIST_POINT_NAME_st { - int type; -@@ -201,7 +256,8 @@ struct DIST_POINT_st { - - typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS; - --DEFINE_STACK_OF(DIST_POINT) -+DECLARE_STACK_OF(DIST_POINT) -+DECLARE_ASN1_SET_OF(DIST_POINT) - - struct AUTHORITY_KEYID_st { - ASN1_OCTET_STRING *keyid; -@@ -216,7 +272,8 @@ typedef struct SXNET_ID_st { - ASN1_OCTET_STRING *user; - } SXNETID; - --DEFINE_STACK_OF(SXNETID) -+DECLARE_STACK_OF(SXNETID) -+DECLARE_ASN1_SET_OF(SXNETID) - - typedef struct SXNET_st { - ASN1_INTEGER *version; -@@ -242,7 +299,8 @@ typedef struct POLICYQUALINFO_st { - } d; - } POLICYQUALINFO; - --DEFINE_STACK_OF(POLICYQUALINFO) -+DECLARE_STACK_OF(POLICYQUALINFO) -+DECLARE_ASN1_SET_OF(POLICYQUALINFO) - - typedef struct POLICYINFO_st { - ASN1_OBJECT *policyid; -@@ -251,14 +309,15 @@ typedef struct POLICYINFO_st { - - typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES; - --DEFINE_STACK_OF(POLICYINFO) -+DECLARE_STACK_OF(POLICYINFO) -+DECLARE_ASN1_SET_OF(POLICYINFO) - - typedef struct POLICY_MAPPING_st { - ASN1_OBJECT *issuerDomainPolicy; - ASN1_OBJECT *subjectDomainPolicy; - } POLICY_MAPPING; - --DEFINE_STACK_OF(POLICY_MAPPING) -+DECLARE_STACK_OF(POLICY_MAPPING) - - typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS; - -@@ -268,7 +327,7 @@ typedef struct GENERAL_SUBTREE_st { - ASN1_INTEGER *maximum; - } GENERAL_SUBTREE; - --DEFINE_STACK_OF(GENERAL_SUBTREE) -+DECLARE_STACK_OF(GENERAL_SUBTREE) - - struct NAME_CONSTRAINTS_st { - STACK_OF(GENERAL_SUBTREE) *permittedSubtrees; -@@ -355,7 +414,6 @@ struct ISSUING_DIST_POINT_st { - # define EXFLAG_SI 0x20 - # define EXFLAG_V1 0x40 - # define EXFLAG_INVALID 0x80 --/* EXFLAG_SET is set to indicate that some values have been precomputed */ - # define EXFLAG_SET 0x100 - # define EXFLAG_CRITICAL 0x200 - # define EXFLAG_PROXY 0x400 -@@ -443,20 +501,20 @@ typedef struct x509_purpose_st { - # define X509V3_ADD_DELETE 5L - # define X509V3_ADD_SILENT 0x10 - --DEFINE_STACK_OF(X509_PURPOSE) -+DECLARE_STACK_OF(X509_PURPOSE) - - DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS) - - DECLARE_ASN1_FUNCTIONS(SXNET) - DECLARE_ASN1_FUNCTIONS(SXNETID) - --int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userlen); --int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user, -+int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen); -+int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, - int userlen); --int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, const char *user, -+int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, char *user, - int userlen); - --ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, const char *zone); -+ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone); - ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone); - ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone); - -@@ -474,9 +532,6 @@ ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, - STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, - ASN1_BIT_STRING *bits, - STACK_OF(CONF_VALUE) *extlist); --char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5); --ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, -- X509V3_CTX *ctx, const char *str); - - STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, - GENERAL_NAME *gen, -@@ -502,14 +557,12 @@ int GENERAL_NAME_get0_otherName(GENERAL_NAME *gen, - ASN1_OBJECT **poid, ASN1_TYPE **pvalue); - - char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, -- const ASN1_OCTET_STRING *ia5); -+ ASN1_OCTET_STRING *ia5); - ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, -- X509V3_CTX *ctx, const char *str); -+ X509V3_CTX *ctx, char *str); - - DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE) --int i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION *a); -- --DECLARE_ASN1_ALLOC_FUNCTIONS(TLS_FEATURE) -+int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION *a); - - DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES) - DECLARE_ASN1_FUNCTIONS(POLICYINFO) -@@ -525,7 +578,6 @@ DECLARE_ASN1_FUNCTIONS(ISSUING_DIST_POINT) - int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname); - - int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc); --int NAME_CONSTRAINTS_check_CN(X509 *x, NAME_CONSTRAINTS *nc); - - DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION) - DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS) -@@ -545,8 +597,8 @@ DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS) - - GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, - const X509V3_EXT_METHOD *method, -- X509V3_CTX *ctx, int gen_type, -- const char *value, int is_nc); -+ X509V3_CTX *ctx, int gen_type, char *value, -+ int is_nc); - - # ifdef HEADER_CONF_H - GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, -@@ -558,40 +610,40 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, - void X509V3_conf_free(CONF_VALUE *val); - - X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, -- const char *value); --X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name, -- const char *value); --int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section, -+ char *value); -+X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, -+ char *value); -+int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, - STACK_OF(X509_EXTENSION) **sk); --int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, -+int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, - X509 *cert); --int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, -+int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, - X509_REQ *req); --int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, -+int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, - X509_CRL *crl); - - X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, - X509V3_CTX *ctx, int ext_nid, -- const char *value); -+ char *value); - X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, -- const char *name, const char *value); -+ char *name, char *value); - int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, -- const char *section, X509 *cert); -+ char *section, X509 *cert); - int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, -- const char *section, X509_REQ *req); -+ char *section, X509_REQ *req); - int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, -- const char *section, X509_CRL *crl); -+ char *section, X509_CRL *crl); - --int X509V3_add_value_bool_nf(const char *name, int asn1_bool, -+int X509V3_add_value_bool_nf(char *name, int asn1_bool, - STACK_OF(CONF_VALUE) **extlist); --int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool); --int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint); -+int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool); -+int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint); - void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf); - void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash); - # endif - --char *X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section); --STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section); -+char *X509V3_get_string(X509V3_CTX *ctx, char *name, char *section); -+STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, char *section); - void X509V3_string_free(X509V3_CTX *ctx, char *str); - void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section); - void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject, -@@ -603,13 +655,13 @@ int X509V3_add_value_uchar(const char *name, const unsigned char *value, - STACK_OF(CONF_VALUE) **extlist); - int X509V3_add_value_bool(const char *name, int asn1_bool, - STACK_OF(CONF_VALUE) **extlist); --int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint, -+int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint, - STACK_OF(CONF_VALUE) **extlist); --char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const ASN1_INTEGER *aint); --ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const char *value); --char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, const ASN1_ENUMERATED *aint); -+char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint); -+ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value); -+char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint); - char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, -- const ASN1_ENUMERATED *aint); -+ ASN1_ENUMERATED *aint); - int X509V3_EXT_add(X509V3_EXT_METHOD *ext); - int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist); - int X509V3_EXT_add_alias(int nid_to, int nid_from); -@@ -620,28 +672,27 @@ const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid); - int X509V3_add_standard_extensions(void); - STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line); - void *X509V3_EXT_d2i(X509_EXTENSION *ext); --void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit, -+void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, - int *idx); -+int X509V3_EXT_free(int nid, void *ext_data); - - X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); - int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, - int crit, unsigned long flags); - --#if OPENSSL_API_COMPAT < 0x10100000L --/* The new declarations are in crypto.h, but the old ones were here. */ --# define hex_to_string OPENSSL_buf2hexstr --# define string_to_hex OPENSSL_hexstr2buf --#endif -+char *hex_to_string(const unsigned char *buffer, long len); -+unsigned char *string_to_hex(const char *str, long *len); -+int name_cmp(const char *name, const char *cmp); - - void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, - int ml); - int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, - int indent); --#ifndef OPENSSL_NO_STDIO -+#ifndef OPENSSL_NO_FP_API - int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); - #endif --int X509V3_extensions_print(BIO *out, const char *title, -- const STACK_OF(X509_EXTENSION) *exts, -+int X509V3_extensions_print(BIO *out, char *title, -+ STACK_OF(X509_EXTENSION) *exts, - unsigned long flag, int indent); - - int X509_check_ca(X509 *x); -@@ -650,27 +701,18 @@ int X509_supported_extension(X509_EXTENSION *ex); - int X509_PURPOSE_set(int *p, int purpose); - int X509_check_issued(X509 *issuer, X509 *subject); - int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid); --void X509_set_proxy_flag(X509 *x); --void X509_set_proxy_pathlen(X509 *x, long l); --long X509_get_proxy_pathlen(X509 *x); -- --uint32_t X509_get_extension_flags(X509 *x); --uint32_t X509_get_key_usage(X509 *x); --uint32_t X509_get_extended_key_usage(X509 *x); --const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x); -- - int X509_PURPOSE_get_count(void); - X509_PURPOSE *X509_PURPOSE_get0(int idx); --int X509_PURPOSE_get_by_sname(const char *sname); -+int X509_PURPOSE_get_by_sname(char *sname); - int X509_PURPOSE_get_by_id(int id); - int X509_PURPOSE_add(int id, int trust, int flags, - int (*ck) (const X509_PURPOSE *, const X509 *, int), -- const char *name, const char *sname, void *arg); --char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp); --char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp); --int X509_PURPOSE_get_trust(const X509_PURPOSE *xp); -+ char *name, char *sname, void *arg); -+char *X509_PURPOSE_get0_name(X509_PURPOSE *xp); -+char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp); -+int X509_PURPOSE_get_trust(X509_PURPOSE *xp); - void X509_PURPOSE_cleanup(void); --int X509_PURPOSE_get_id(const X509_PURPOSE *); -+int X509_PURPOSE_get_id(X509_PURPOSE *); - - STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x); - STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x); -@@ -690,8 +732,6 @@ STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x); - # define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0x8 - /* Constraint verifier subdomain patterns to match a single labels. */ - # define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10 --/* Never check the subject CN */ --# define X509_CHECK_FLAG_NEVER_CHECK_SUBJECT 0x20 - /* - * Match reference identifiers starting with "." to any sub-domain. - * This is a non-public flag, turned on implicitly when the subject -@@ -709,19 +749,21 @@ int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags); - - ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc); - ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc); -+int a2i_ipadd(unsigned char *ipout, const char *ipasc); - int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk, - unsigned long chtype); - - void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent); --DEFINE_STACK_OF(X509_POLICY_NODE) -+DECLARE_STACK_OF(X509_POLICY_NODE) -+ -+# ifndef OPENSSL_NO_RFC3779 - --#ifndef OPENSSL_NO_RFC3779 - typedef struct ASRange_st { - ASN1_INTEGER *min, *max; - } ASRange; - --# define ASIdOrRange_id 0 --# define ASIdOrRange_range 1 -+# define ASIdOrRange_id 0 -+# define ASIdOrRange_range 1 - - typedef struct ASIdOrRange_st { - int type; -@@ -732,10 +774,10 @@ typedef struct ASIdOrRange_st { - } ASIdOrRange; - - typedef STACK_OF(ASIdOrRange) ASIdOrRanges; --DEFINE_STACK_OF(ASIdOrRange) -+DECLARE_STACK_OF(ASIdOrRange) - --# define ASIdentifierChoice_inherit 0 --# define ASIdentifierChoice_asIdsOrRanges 1 -+# define ASIdentifierChoice_inherit 0 -+# define ASIdentifierChoice_asIdsOrRanges 1 - - typedef struct ASIdentifierChoice_st { - int type; -@@ -758,8 +800,8 @@ typedef struct IPAddressRange_st { - ASN1_BIT_STRING *min, *max; - } IPAddressRange; - --# define IPAddressOrRange_addressPrefix 0 --# define IPAddressOrRange_addressRange 1 -+# define IPAddressOrRange_addressPrefix 0 -+# define IPAddressOrRange_addressRange 1 - - typedef struct IPAddressOrRange_st { - int type; -@@ -770,10 +812,10 @@ typedef struct IPAddressOrRange_st { - } IPAddressOrRange; - - typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges; --DEFINE_STACK_OF(IPAddressOrRange) -+DECLARE_STACK_OF(IPAddressOrRange) - --# define IPAddressChoice_inherit 0 --# define IPAddressChoice_addressesOrRanges 1 -+# define IPAddressChoice_inherit 0 -+# define IPAddressChoice_addressesOrRanges 1 - - typedef struct IPAddressChoice_st { - int type; -@@ -789,7 +831,7 @@ typedef struct IPAddressFamily_st { - } IPAddressFamily; - - typedef STACK_OF(IPAddressFamily) IPAddrBlocks; --DEFINE_STACK_OF(IPAddressFamily) -+DECLARE_STACK_OF(IPAddressFamily) - - DECLARE_ASN1_FUNCTIONS(IPAddressRange) - DECLARE_ASN1_FUNCTIONS(IPAddressOrRange) -@@ -799,8 +841,8 @@ DECLARE_ASN1_FUNCTIONS(IPAddressFamily) - /* - * API tag for elements of the ASIdentifer SEQUENCE. - */ --# define V3_ASID_ASNUM 0 --# define V3_ASID_RDI 1 -+# define V3_ASID_ASNUM 0 -+# define V3_ASID_RDI 1 - - /* - * AFI values, assigned by IANA. It'd be nice to make the AFI -@@ -808,80 +850,80 @@ DECLARE_ASN1_FUNCTIONS(IPAddressFamily) - * that would need to be defined for other address families for it to - * be worth the trouble. - */ --# define IANA_AFI_IPV4 1 --# define IANA_AFI_IPV6 2 -+# define IANA_AFI_IPV4 1 -+# define IANA_AFI_IPV6 2 - - /* - * Utilities to construct and extract values from RFC3779 extensions, - * since some of the encodings (particularly for IP address prefixes - * and ranges) are a bit tedious to work with directly. - */ --int X509v3_asid_add_inherit(ASIdentifiers *asid, int which); --int X509v3_asid_add_id_or_range(ASIdentifiers *asid, int which, -- ASN1_INTEGER *min, ASN1_INTEGER *max); --int X509v3_addr_add_inherit(IPAddrBlocks *addr, -- const unsigned afi, const unsigned *safi); --int X509v3_addr_add_prefix(IPAddrBlocks *addr, -- const unsigned afi, const unsigned *safi, -- unsigned char *a, const int prefixlen); --int X509v3_addr_add_range(IPAddrBlocks *addr, -- const unsigned afi, const unsigned *safi, -- unsigned char *min, unsigned char *max); --unsigned X509v3_addr_get_afi(const IPAddressFamily *f); --int X509v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi, -- unsigned char *min, unsigned char *max, -- const int length); -+int v3_asid_add_inherit(ASIdentifiers *asid, int which); -+int v3_asid_add_id_or_range(ASIdentifiers *asid, int which, -+ ASN1_INTEGER *min, ASN1_INTEGER *max); -+int v3_addr_add_inherit(IPAddrBlocks *addr, -+ const unsigned afi, const unsigned *safi); -+int v3_addr_add_prefix(IPAddrBlocks *addr, -+ const unsigned afi, const unsigned *safi, -+ unsigned char *a, const int prefixlen); -+int v3_addr_add_range(IPAddrBlocks *addr, -+ const unsigned afi, const unsigned *safi, -+ unsigned char *min, unsigned char *max); -+unsigned v3_addr_get_afi(const IPAddressFamily *f); -+int v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi, -+ unsigned char *min, unsigned char *max, -+ const int length); - - /* - * Canonical forms. - */ --int X509v3_asid_is_canonical(ASIdentifiers *asid); --int X509v3_addr_is_canonical(IPAddrBlocks *addr); --int X509v3_asid_canonize(ASIdentifiers *asid); --int X509v3_addr_canonize(IPAddrBlocks *addr); -+int v3_asid_is_canonical(ASIdentifiers *asid); -+int v3_addr_is_canonical(IPAddrBlocks *addr); -+int v3_asid_canonize(ASIdentifiers *asid); -+int v3_addr_canonize(IPAddrBlocks *addr); - - /* - * Tests for inheritance and containment. - */ --int X509v3_asid_inherits(ASIdentifiers *asid); --int X509v3_addr_inherits(IPAddrBlocks *addr); --int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b); --int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b); -+int v3_asid_inherits(ASIdentifiers *asid); -+int v3_addr_inherits(IPAddrBlocks *addr); -+int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b); -+int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b); - - /* - * Check whether RFC 3779 extensions nest properly in chains. - */ --int X509v3_asid_validate_path(X509_STORE_CTX *); --int X509v3_addr_validate_path(X509_STORE_CTX *); --int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain, -- ASIdentifiers *ext, -- int allow_inheritance); --int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain, -- IPAddrBlocks *ext, int allow_inheritance); -+int v3_asid_validate_path(X509_STORE_CTX *); -+int v3_addr_validate_path(X509_STORE_CTX *); -+int v3_asid_validate_resource_set(STACK_OF(X509) *chain, -+ ASIdentifiers *ext, int allow_inheritance); -+int v3_addr_validate_resource_set(STACK_OF(X509) *chain, -+ IPAddrBlocks *ext, int allow_inheritance); - --#endif /* OPENSSL_NO_RFC3779 */ -+# endif /* OPENSSL_NO_RFC3779 */ - - /* BEGIN ERROR CODES */ - /* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -- --int ERR_load_X509V3_strings(void); -+void ERR_load_X509V3_strings(void); - - /* Error codes for the X509V3 functions. */ - - /* Function codes. */ - # define X509V3_F_A2I_GENERAL_NAME 164 --# define X509V3_F_ADDR_VALIDATE_PATH_INTERNAL 166 - # define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE 161 - # define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL 162 - # define X509V3_F_COPY_EMAIL 122 - # define X509V3_F_COPY_ISSUER 123 - # define X509V3_F_DO_DIRNAME 144 -+# define X509V3_F_DO_EXT_CONF 124 - # define X509V3_F_DO_EXT_I2D 135 - # define X509V3_F_DO_EXT_NCONF 151 -+# define X509V3_F_DO_I2V_NAME_CONSTRAINTS 148 - # define X509V3_F_GNAMES_FROM_SECTNAME 156 -+# define X509V3_F_HEX_TO_STRING 111 - # define X509V3_F_I2S_ASN1_ENUMERATED 121 - # define X509V3_F_I2S_ASN1_IA5STRING 149 - # define X509V3_F_I2S_ASN1_INTEGER 120 -@@ -895,8 +937,10 @@ int ERR_load_X509V3_strings(void); - # define X509V3_F_S2I_ASN1_IA5STRING 100 - # define X509V3_F_S2I_ASN1_INTEGER 108 - # define X509V3_F_S2I_ASN1_OCTET_STRING 112 -+# define X509V3_F_S2I_ASN1_SKEY_ID 114 - # define X509V3_F_S2I_SKEY_ID 115 - # define X509V3_F_SET_DIST_POINT_NAME 158 -+# define X509V3_F_STRING_TO_HEX 113 - # define X509V3_F_SXNET_ADD_ID_ASC 125 - # define X509V3_F_SXNET_ADD_ID_INTEGER 126 - # define X509V3_F_SXNET_ADD_ID_ULONG 127 -@@ -918,12 +962,14 @@ int ERR_load_X509V3_strings(void); - # define X509V3_F_V2I_POLICY_CONSTRAINTS 146 - # define X509V3_F_V2I_POLICY_MAPPINGS 145 - # define X509V3_F_V2I_SUBJECT_ALT 154 --# define X509V3_F_V2I_TLS_FEATURE 165 -+# define X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL 160 - # define X509V3_F_V3_GENERIC_EXTENSION 116 - # define X509V3_F_X509V3_ADD1_I2D 140 - # define X509V3_F_X509V3_ADD_VALUE 105 - # define X509V3_F_X509V3_EXT_ADD 104 - # define X509V3_F_X509V3_EXT_ADD_ALIAS 106 -+# define X509V3_F_X509V3_EXT_CONF 107 -+# define X509V3_F_X509V3_EXT_FREE 165 - # define X509V3_F_X509V3_EXT_I2D 136 - # define X509V3_F_X509V3_EXT_NCONF 152 - # define X509V3_F_X509V3_GET_SECTION 142 -@@ -938,6 +984,7 @@ int ERR_load_X509V3_strings(void); - # define X509V3_R_BAD_OBJECT 119 - # define X509V3_R_BN_DEC2BN_ERROR 100 - # define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101 -+# define X509V3_R_CANNOT_FIND_FREE_FUNCTION 168 - # define X509V3_R_DIRNAME_ERROR 149 - # define X509V3_R_DISTPOINT_ALREADY_SET 160 - # define X509V3_R_DUPLICATE_ZONE_ID 133 -@@ -951,6 +998,7 @@ int ERR_load_X509V3_strings(void); - # define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 103 - # define X509V3_R_EXTENSION_VALUE_ERROR 116 - # define X509V3_R_ILLEGAL_EMPTY_EXTENSION 151 -+# define X509V3_R_ILLEGAL_HEX_DIGIT 113 - # define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 152 - # define X509V3_R_INVALID_ASNUMBER 162 - # define X509V3_R_INVALID_ASRANGE 163 -@@ -983,11 +1031,13 @@ int ERR_load_X509V3_strings(void); - # define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 154 - # define X509V3_R_NO_PUBLIC_KEY 114 - # define X509V3_R_NO_SUBJECT_DETAILS 125 -+# define X509V3_R_ODD_NUMBER_OF_DIGITS 112 - # define X509V3_R_OPERATION_NOT_DEFINED 148 - # define X509V3_R_OTHERNAME_ERROR 147 - # define X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED 155 - # define X509V3_R_POLICY_PATH_LENGTH 156 - # define X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED 157 -+# define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED 158 - # define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159 - # define X509V3_R_SECTION_NOT_FOUND 150 - # define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122 -@@ -1000,7 +1050,7 @@ int ERR_load_X509V3_strings(void); - # define X509V3_R_UNSUPPORTED_TYPE 167 - # define X509V3_R_USER_TOO_LONG 132 - --# ifdef __cplusplus -+#ifdef __cplusplus - } --# endif -+#endif - #endif -diff --git a/Cryptlib/Include/sgtty.h b/Cryptlib/Include/sgtty.h -index e95c19c..ee07f6b 100644 ---- a/Cryptlib/Include/sgtty.h -+++ b/Cryptlib/Include/sgtty.h -@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - - **/ - --#include -+#include - -diff --git a/Cryptlib/Include/signal.h b/Cryptlib/Include/signal.h -index e95c19c..ee07f6b 100644 ---- a/Cryptlib/Include/signal.h -+++ b/Cryptlib/Include/signal.h -@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - - **/ - --#include -+#include - -diff --git a/Cryptlib/Include/stdarg.h b/Cryptlib/Include/stdarg.h -index e95c19c..ee07f6b 100644 ---- a/Cryptlib/Include/stdarg.h -+++ b/Cryptlib/Include/stdarg.h -@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - - **/ - --#include -+#include - -diff --git a/Cryptlib/Include/stddef.h b/Cryptlib/Include/stddef.h -index 6f59a25..8dfc36f 100644 ---- a/Cryptlib/Include/stddef.h -+++ b/Cryptlib/Include/stddef.h -@@ -12,4 +12,4 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - - **/ - --#include -+#include -diff --git a/Cryptlib/Include/stdio.h b/Cryptlib/Include/stdio.h -index e95c19c..ee07f6b 100644 ---- a/Cryptlib/Include/stdio.h -+++ b/Cryptlib/Include/stdio.h -@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - - **/ - --#include -+#include - -diff --git a/Cryptlib/Include/stdlib.h b/Cryptlib/Include/stdlib.h -index e95c19c..ee07f6b 100644 ---- a/Cryptlib/Include/stdlib.h -+++ b/Cryptlib/Include/stdlib.h -@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - - **/ - --#include -+#include - -diff --git a/Cryptlib/Include/string.h b/Cryptlib/Include/string.h -index e95c19c..ee07f6b 100644 ---- a/Cryptlib/Include/string.h -+++ b/Cryptlib/Include/string.h -@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - - **/ - --#include -+#include - -diff --git a/Cryptlib/Include/strings.h b/Cryptlib/Include/strings.h -index 6f59a25..8dfc36f 100644 ---- a/Cryptlib/Include/strings.h -+++ b/Cryptlib/Include/strings.h -@@ -12,4 +12,4 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - - **/ - --#include -+#include -diff --git a/Cryptlib/Include/sys/ioctl.h b/Cryptlib/Include/sys/ioctl.h -index e95c19c..ee07f6b 100644 ---- a/Cryptlib/Include/sys/ioctl.h -+++ b/Cryptlib/Include/sys/ioctl.h -@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - - **/ - --#include -+#include - -diff --git a/Cryptlib/Include/sys/param.h b/Cryptlib/Include/sys/param.h -index e95c19c..ee07f6b 100644 ---- a/Cryptlib/Include/sys/param.h -+++ b/Cryptlib/Include/sys/param.h -@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - - **/ - --#include -+#include - -diff --git a/Cryptlib/Include/sys/socket.h b/Cryptlib/Include/sys/socket.h -index e95c19c..ee07f6b 100644 ---- a/Cryptlib/Include/sys/socket.h -+++ b/Cryptlib/Include/sys/socket.h -@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - - **/ - --#include -+#include - -diff --git a/Cryptlib/Include/sys/stat.h b/Cryptlib/Include/sys/stat.h -index e95c19c..ee07f6b 100644 ---- a/Cryptlib/Include/sys/stat.h -+++ b/Cryptlib/Include/sys/stat.h -@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - - **/ - --#include -+#include - -diff --git a/Cryptlib/Include/sys/time.h b/Cryptlib/Include/sys/time.h -index e95c19c..ee07f6b 100644 ---- a/Cryptlib/Include/sys/time.h -+++ b/Cryptlib/Include/sys/time.h -@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - - **/ - --#include -+#include - -diff --git a/Cryptlib/Include/sys/times.h b/Cryptlib/Include/sys/times.h -index e95c19c..ee07f6b 100644 ---- a/Cryptlib/Include/sys/times.h -+++ b/Cryptlib/Include/sys/times.h -@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - - **/ - --#include -+#include - -diff --git a/Cryptlib/Include/sys/types.h b/Cryptlib/Include/sys/types.h -index e95c19c..ee07f6b 100644 ---- a/Cryptlib/Include/sys/types.h -+++ b/Cryptlib/Include/sys/types.h -@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - - **/ - --#include -+#include - -diff --git a/Cryptlib/Include/sys/un.h b/Cryptlib/Include/sys/un.h -index e95c19c..ee07f6b 100644 ---- a/Cryptlib/Include/sys/un.h -+++ b/Cryptlib/Include/sys/un.h -@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - - **/ - --#include -+#include - -diff --git a/Cryptlib/Include/syslog.h b/Cryptlib/Include/syslog.h -index 6f59a25..8dfc36f 100644 ---- a/Cryptlib/Include/syslog.h -+++ b/Cryptlib/Include/syslog.h -@@ -12,4 +12,4 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - - **/ - --#include -+#include -diff --git a/Cryptlib/Include/time.h b/Cryptlib/Include/time.h -index 6f59a25..8dfc36f 100644 ---- a/Cryptlib/Include/time.h -+++ b/Cryptlib/Include/time.h -@@ -12,4 +12,4 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - - **/ - --#include -+#include -diff --git a/Cryptlib/Include/unistd.h b/Cryptlib/Include/unistd.h -index 6f59a25..8dfc36f 100644 ---- a/Cryptlib/Include/unistd.h -+++ b/Cryptlib/Include/unistd.h -@@ -12,4 +12,4 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - - **/ - --#include -+#include -diff --git a/Cryptlib/InternalCryptLib.h b/Cryptlib/InternalCryptLib.h -index 8cccf72..92cc963 100644 ---- a/Cryptlib/InternalCryptLib.h -+++ b/Cryptlib/InternalCryptLib.h -@@ -1,7 +1,7 @@ --/** @file -+/** @file - Internal include file for BaseCryptLib. - --Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.
-+Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.
- This program and the accompanying materials - are licensed and made available under the terms and conditions of the BSD License - which accompanies this distribution. The full text of the license may be found at -@@ -15,16 +15,13 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - #ifndef __INTERNAL_CRYPT_LIB_H__ - #define __INTERNAL_CRYPT_LIB_H__ - --#undef _WIN32 --#undef _WIN64 -- - #include - #include - #include - #include - #include - --#include "CrtLibSupport.h" -+#include "OpenSslSupport.h" - - #include - -@@ -34,3 +31,4 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - #endif - - #endif -+ -diff --git a/Cryptlib/Library/BaseLib.h b/Cryptlib/Library/BaseLib.h -index c29919e..4c99fa9 100644 ---- a/Cryptlib/Library/BaseLib.h -+++ b/Cryptlib/Library/BaseLib.h -@@ -1,8 +1,2 @@ - #include - #include -- --UINT32 WriteUnaligned32 (UINT32 *Buffer, UINT32 Value); --UINTN AsciiStrSize (CHAR8 *string); --char *AsciiStrnCpy(char *Destination, char *Source, UINTN count); --char *AsciiStrCat(char *Destination, char *Source); --UINTN AsciiStrDecimalToUintn(const char *String); -diff --git a/Cryptlib/Library/BaseMemoryLib.h b/Cryptlib/Library/BaseMemoryLib.h -index cc118e3..e69de29 100644 ---- a/Cryptlib/Library/BaseMemoryLib.h -+++ b/Cryptlib/Library/BaseMemoryLib.h -@@ -1 +0,0 @@ --CHAR8 *ScanMem8(CHAR8 *str, UINTN count, CHAR8 ch); -diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile -index e99f009..74ed692 100644 ---- a/Cryptlib/Makefile -+++ b/Cryptlib/Makefile -@@ -40,7 +40,7 @@ OBJS = Hash/CryptMd4Null.o \ - Pk/CryptTs.o \ - Pk/CryptX509.o \ - Pk/CryptAuthenticode.o \ -- Pem/CryptPemNull.o \ -+ Pem/CryptPem.o \ - SysCall/CrtWrapper.o \ - SysCall/TimerWrapper.o \ - SysCall/BaseMemAllocation.o \ -diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile -index e54105b..d146dbc 100644 ---- a/Cryptlib/OpenSSL/Makefile -+++ b/Cryptlib/OpenSSL/Makefile -@@ -3,7 +3,7 @@ EFI_INCLUDES = -I../Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_IN - - CFLAGS = -ggdb -O0 -I. -I.. -I../Include/ -Icrypto -fno-stack-protector -fno-strict-aliasing -fpic -fshort-wchar -nostdinc \ - -ffreestanding -std=gnu89 -I$(shell $(CC) -print-file-name=include) \ -- -Wall $(EFI_INCLUDES) -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DNO_SYSLOG -DOPENSSL_SMALL_FOOTPRINT -DPEDANTIC -+ -Wall $(EFI_INCLUDES) -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_SMALL_FOOTPRINT -DPEDANTIC - - ifeq ($(ARCH),x86_64) - CFLAGS += -mno-mmx -mno-sse -mno-red-zone -maccumulate-outgoing-args \ -@@ -23,431 +23,445 @@ endif - LDFLAGS = -nostdlib -znocombreloc - - TARGET = libopenssl.a --OBJS = crypto/bio/b_print.o \ -- crypto/aes/aes_cbc.o \ -- crypto/aes/aes_cfb.o \ -- crypto/aes/aes_core.o \ -- crypto/aes/aes_ecb.o \ -- crypto/aes/aes_ige.o \ -- crypto/aes/aes_misc.o \ -- crypto/aes/aes_ofb.o \ -- crypto/aes/aes_wrap.o \ -- crypto/asn1/a_bitstr.o \ -- crypto/asn1/a_d2i_fp.o \ -- crypto/asn1/a_digest.o \ -- crypto/asn1/a_dup.o \ -- crypto/asn1/a_gentm.o \ -- crypto/asn1/a_i2d_fp.o \ -- crypto/asn1/a_int.o \ -- crypto/asn1/a_mbstr.o \ -- crypto/asn1/a_object.o \ -- crypto/asn1/a_octet.o \ -- crypto/asn1/a_print.o \ -- crypto/asn1/a_sign.o \ -- crypto/asn1/a_strex.o \ -- crypto/asn1/a_strnid.o \ -- crypto/asn1/a_time.o \ -- crypto/asn1/a_type.o \ -- crypto/asn1/a_utctm.o \ -- crypto/asn1/a_utf8.o \ -- crypto/asn1/a_verify.o \ -- crypto/asn1/ameth_lib.o \ -- crypto/asn1/asn1_err.o \ -- crypto/asn1/asn1_gen.o \ -- crypto/asn1/asn1_lib.o \ -- crypto/asn1/asn1_par.o \ -- crypto/asn1/asn_mime.o \ -- crypto/asn1/asn_moid.o \ -- crypto/asn1/asn_mstbl.o \ -- crypto/asn1/asn_pack.o \ -- crypto/asn1/bio_asn1.o \ -- crypto/asn1/bio_ndef.o \ -- crypto/asn1/d2i_pr.o \ -- crypto/asn1/d2i_pu.o \ -- crypto/asn1/evp_asn1.o \ -- crypto/asn1/f_int.o \ -- crypto/asn1/f_string.o \ -- crypto/asn1/i2d_pr.o \ -- crypto/asn1/i2d_pu.o \ -- crypto/asn1/n_pkey.o \ -- crypto/asn1/nsseq.o \ -- crypto/asn1/p5_pbe.o \ -- crypto/asn1/p5_pbev2.o \ -- crypto/asn1/p5_scrypt.o \ -- crypto/asn1/p8_pkey.o \ -- crypto/asn1/t_bitst.o \ -- crypto/asn1/t_pkey.o \ -- crypto/asn1/t_spki.o \ -- crypto/asn1/tasn_dec.o \ -- crypto/asn1/tasn_enc.o \ -- crypto/asn1/tasn_fre.o \ -- crypto/asn1/tasn_new.o \ -- crypto/asn1/tasn_prn.o \ -- crypto/asn1/tasn_scn.o \ -- crypto/asn1/tasn_typ.o \ -- crypto/asn1/tasn_utl.o \ -- crypto/asn1/x_algor.o \ -- crypto/asn1/x_bignum.o \ -- crypto/asn1/x_info.o \ -- crypto/asn1/x_long.o \ -- crypto/asn1/x_pkey.o \ -- crypto/asn1/x_sig.o \ -- crypto/asn1/x_spki.o \ -- crypto/asn1/x_val.o \ -- crypto/async/arch/async_null.o \ -- crypto/async/arch/async_posix.o \ -- crypto/async/arch/async_win.o \ -- crypto/async/async.o \ -- crypto/async/async_err.o \ -- crypto/async/async_wait.o \ -- crypto/bio/b_addr.o \ -- crypto/bio/b_dump.o \ -- crypto/bio/b_sock.o \ -- crypto/bio/b_sock2.o \ -- crypto/bio/bf_buff.o \ -- crypto/bio/bf_lbuf.o \ -- crypto/bio/bf_nbio.o \ -- crypto/bio/bf_null.o \ -- crypto/bio/bio_cb.o \ -- crypto/bio/bio_err.o \ -- crypto/bio/bio_lib.o \ -- crypto/bio/bio_meth.o \ -- crypto/bio/bss_acpt.o \ -- crypto/bio/bss_bio.o \ -- crypto/bio/bss_conn.o \ -- crypto/bio/bss_dgram.o \ -- crypto/bio/bss_fd.o \ -- crypto/bio/bss_file.o \ -- crypto/bio/bss_log.o \ -- crypto/bio/bss_mem.o \ -- crypto/bio/bss_null.o \ -- crypto/bio/bss_sock.o \ -- crypto/bn/bn_add.o \ -- crypto/bn/bn_asm.o \ -- crypto/bn/bn_blind.o \ -- crypto/bn/bn_const.o \ -- crypto/bn/bn_ctx.o \ -- crypto/bn/bn_depr.o \ -- crypto/bn/bn_dh.o \ -- crypto/bn/bn_div.o \ -- crypto/bn/bn_err.o \ -- crypto/bn/bn_exp.o \ -- crypto/bn/bn_exp2.o \ -- crypto/bn/bn_gcd.o \ -- crypto/bn/bn_gf2m.o \ -- crypto/bn/bn_intern.o \ -- crypto/bn/bn_kron.o \ -- crypto/bn/bn_lib.o \ -- crypto/bn/bn_mod.o \ -- crypto/bn/bn_mont.o \ -- crypto/bn/bn_mpi.o \ -- crypto/bn/bn_mul.o \ -- crypto/bn/bn_nist.o \ -- crypto/bn/bn_prime.o \ -- crypto/bn/bn_print.o \ -- crypto/bn/bn_rand.o \ -- crypto/bn/bn_recp.o \ -- crypto/bn/bn_shift.o \ -- crypto/bn/bn_sqr.o \ -- crypto/bn/bn_sqrt.o \ -- crypto/bn/bn_srp.o \ -- crypto/bn/bn_word.o \ -- crypto/bn/bn_x931p.o \ -- crypto/buffer/buf_err.o \ -- crypto/buffer/buffer.o \ -- crypto/cmac/cm_ameth.o \ -- crypto/cmac/cm_pmeth.o \ -- crypto/cmac/cmac.o \ -- crypto/comp/c_zlib.o \ -- crypto/comp/comp_err.o \ -- crypto/comp/comp_lib.o \ -- crypto/conf/conf_api.o \ -- crypto/conf/conf_def.o \ -- crypto/conf/conf_err.o \ -- crypto/conf/conf_lib.o \ -- crypto/conf/conf_mall.o \ -- crypto/conf/conf_mod.o \ -- crypto/conf/conf_sap.o \ -- crypto/cpt_err.o \ -- crypto/cryptlib.o \ -- crypto/cversion.o \ -- crypto/dh/dh_ameth.o \ -- crypto/dh/dh_asn1.o \ -- crypto/dh/dh_check.o \ -- crypto/dh/dh_depr.o \ -- crypto/dh/dh_err.o \ -- crypto/dh/dh_gen.o \ -- crypto/dh/dh_kdf.o \ -- crypto/dh/dh_key.o \ -- crypto/dh/dh_lib.o \ -- crypto/dh/dh_meth.o \ -- crypto/dh/dh_pmeth.o \ -- crypto/dh/dh_prn.o \ -- crypto/dh/dh_rfc5114.o \ -- crypto/dso/dso_dl.o \ -- crypto/dso/dso_dlfcn.o \ -- crypto/dso/dso_err.o \ -- crypto/dso/dso_lib.o \ -- crypto/dso/dso_openssl.o \ -- crypto/dso/dso_vms.o \ -- crypto/dso/dso_win32.o \ -- crypto/ebcdic.o \ -- crypto/err/err.o \ -- crypto/err/err_all.o \ -- crypto/err/err_prn.o \ -- crypto/evp/bio_b64.o \ -- crypto/evp/bio_enc.o \ -- crypto/evp/bio_md.o \ -- crypto/evp/bio_ok.o \ -- crypto/evp/c_allc.o \ -- crypto/evp/c_alld.o \ -- crypto/evp/cmeth_lib.o \ -- crypto/evp/digest.o \ -- crypto/evp/e_aes.o \ -- crypto/evp/e_aes_cbc_hmac_sha1.o \ -- crypto/evp/e_aes_cbc_hmac_sha256.o \ -- crypto/evp/e_bf.o \ -- crypto/evp/e_camellia.o \ -- crypto/evp/e_cast.o \ -- crypto/evp/e_chacha20_poly1305.o \ -- crypto/evp/e_des.o \ -- crypto/evp/e_des3.o \ -- crypto/evp/e_idea.o \ -- crypto/evp/e_null.o \ -- crypto/evp/e_old.o \ -- crypto/evp/e_rc2.o \ -- crypto/evp/e_rc4.o \ -- crypto/evp/e_rc4_hmac_md5.o \ -- crypto/evp/e_rc5.o \ -- crypto/evp/e_seed.o \ -- crypto/evp/e_xcbc_d.o \ -- crypto/evp/encode.o \ -- crypto/evp/evp_cnf.o \ -- crypto/evp/evp_enc.o \ -- crypto/evp/evp_err.o \ -- crypto/evp/evp_key.o \ -- crypto/evp/evp_lib.o \ -- crypto/evp/evp_pbe.o \ -- crypto/evp/evp_pkey.o \ -- crypto/evp/m_md2.o \ -- crypto/evp/m_md4.o \ -- crypto/evp/m_md5.o \ -- crypto/evp/m_md5_sha1.o \ -- crypto/evp/m_mdc2.o \ -- crypto/evp/m_null.o \ -- crypto/evp/m_ripemd.o \ -- crypto/evp/m_sha1.o \ -- crypto/evp/m_sigver.o \ -- crypto/evp/m_wp.o \ -- crypto/evp/names.o \ -- crypto/evp/p5_crpt.o \ -- crypto/evp/p5_crpt2.o \ -- crypto/evp/p_dec.o \ -- crypto/evp/p_enc.o \ -- crypto/evp/p_lib.o \ -- crypto/evp/p_open.o \ -- crypto/evp/p_seal.o \ -- crypto/evp/p_sign.o \ -- crypto/evp/p_verify.o \ -- crypto/evp/pmeth_fn.o \ -- crypto/evp/pmeth_gn.o \ -- crypto/evp/pmeth_lib.o \ -- crypto/evp/scrypt.o \ -- crypto/ex_data.o \ -- crypto/hmac/hm_ameth.o \ -- crypto/hmac/hm_pmeth.o \ -- crypto/hmac/hmac.o \ -- crypto/init.o \ -- crypto/kdf/hkdf.o \ -- crypto/kdf/kdf_err.o \ -- crypto/kdf/tls1_prf.o \ -- crypto/lhash/lh_stats.o \ -- crypto/lhash/lhash.o \ -- crypto/md5/md5_dgst.o \ -- crypto/md5/md5_one.o \ -- crypto/mem.o \ -- crypto/mem_clr.o \ -- crypto/mem_dbg.o \ -- crypto/mem_sec.o \ -- crypto/modes/cbc128.o \ -- crypto/modes/ccm128.o \ -- crypto/modes/cfb128.o \ -- crypto/modes/ctr128.o \ -- crypto/modes/cts128.o \ -- crypto/modes/gcm128.o \ -- crypto/modes/ocb128.o \ -- crypto/modes/ofb128.o \ -- crypto/modes/wrap128.o \ -- crypto/modes/xts128.o \ -- crypto/o_dir.o \ -- crypto/o_fips.o \ -- crypto/o_fopen.o \ -- crypto/o_init.o \ -- crypto/o_str.o \ -- crypto/o_time.o \ -- crypto/objects/o_names.o \ -- crypto/objects/obj_dat.o \ -- crypto/objects/obj_err.o \ -- crypto/objects/obj_lib.o \ -- crypto/objects/obj_xref.o \ -- crypto/ocsp/ocsp_asn.o \ -- crypto/ocsp/ocsp_cl.o \ -- crypto/ocsp/ocsp_err.o \ -- crypto/ocsp/ocsp_ext.o \ -- crypto/ocsp/ocsp_ht.o \ -- crypto/ocsp/ocsp_lib.o \ -- crypto/ocsp/ocsp_prn.o \ -- crypto/ocsp/ocsp_srv.o \ -- crypto/ocsp/ocsp_vfy.o \ -- crypto/ocsp/v3_ocsp.o \ -- crypto/pem/pem_all.o \ -- crypto/pem/pem_err.o \ -- crypto/pem/pem_info.o \ -- crypto/pem/pem_lib.o \ -- crypto/pem/pem_oth.o \ -- crypto/pem/pem_pk8.o \ -- crypto/pem/pem_pkey.o \ -- crypto/pem/pem_sign.o \ -- crypto/pem/pem_x509.o \ -- crypto/pem/pem_xaux.o \ -- crypto/pem/pvkfmt.o \ -- crypto/pkcs12/p12_add.o \ -- crypto/pkcs12/p12_asn.o \ -- crypto/pkcs12/p12_attr.o \ -- crypto/pkcs12/p12_crpt.o \ -- crypto/pkcs12/p12_crt.o \ -- crypto/pkcs12/p12_decr.o \ -- crypto/pkcs12/p12_init.o \ -- crypto/pkcs12/p12_key.o \ -- crypto/pkcs12/p12_kiss.o \ -- crypto/pkcs12/p12_mutl.o \ -- crypto/pkcs12/p12_npas.o \ -- crypto/pkcs12/p12_p8d.o \ -- crypto/pkcs12/p12_p8e.o \ -- crypto/pkcs12/p12_sbag.o \ -- crypto/pkcs12/p12_utl.o \ -- crypto/pkcs12/pk12err.o \ -- crypto/pkcs7/bio_pk7.o \ -- crypto/pkcs7/pk7_asn1.o \ -- crypto/pkcs7/pk7_attr.o \ -- crypto/pkcs7/pk7_doit.o \ -- crypto/pkcs7/pk7_lib.o \ -- crypto/pkcs7/pk7_mime.o \ -- crypto/pkcs7/pk7_smime.o \ -- crypto/pkcs7/pkcs7err.o \ -- crypto/rand/md_rand.o \ -- crypto/rand/rand_egd.o \ -- crypto/rand/rand_err.o \ -- crypto/rand/rand_lib.o \ -- crypto/rand/rand_unix.o \ -- crypto/rand/rand_vms.o \ -- crypto/rand/rand_win.o \ -- crypto/rand/randfile.o \ -- crypto/rc4/rc4_enc.o \ -- crypto/rc4/rc4_skey.o \ -- crypto/rsa/rsa_ameth.o \ -- crypto/rsa/rsa_asn1.o \ -- crypto/rsa/rsa_chk.o \ -- crypto/rsa/rsa_crpt.o \ -- crypto/rsa/rsa_depr.o \ -- crypto/rsa/rsa_err.o \ -- crypto/rsa/rsa_gen.o \ -- crypto/rsa/rsa_lib.o \ -- crypto/rsa/rsa_meth.o \ -- crypto/rsa/rsa_none.o \ -- crypto/rsa/rsa_null.o \ -- crypto/rsa/rsa_oaep.o \ -- crypto/rsa/rsa_ossl.o \ -- crypto/rsa/rsa_pk1.o \ -- crypto/rsa/rsa_pmeth.o \ -- crypto/rsa/rsa_prn.o \ -- crypto/rsa/rsa_pss.o \ -- crypto/rsa/rsa_saos.o \ -- crypto/rsa/rsa_sign.o \ -- crypto/rsa/rsa_ssl.o \ -- crypto/rsa/rsa_x931.o \ -- crypto/rsa/rsa_x931g.o \ -- crypto/sha/sha1_one.o \ -- crypto/sha/sha1dgst.o \ -- crypto/sha/sha256.o \ -- crypto/sha/sha512.o \ -- crypto/stack/stack.o \ -- crypto/threads_none.o \ -- crypto/threads_pthread.o \ -- crypto/threads_win.o \ -- crypto/txt_db/txt_db.o \ -- crypto/uid.o \ -- crypto/x509/by_dir.o \ -- crypto/x509/by_file.o \ -- crypto/x509/t_crl.o \ -- crypto/x509/t_req.o \ -- crypto/x509/t_x509.o \ -- crypto/x509/x509_att.o \ -- crypto/x509/x509_cmp.o \ -- crypto/x509/x509_d2.o \ -- crypto/x509/x509_def.o \ -- crypto/x509/x509_err.o \ -- crypto/x509/x509_ext.o \ -- crypto/x509/x509_lu.o \ -- crypto/x509/x509_obj.o \ -- crypto/x509/x509_r2x.o \ -- crypto/x509/x509_req.o \ -- crypto/x509/x509_set.o \ -- crypto/x509/x509_trs.o \ -- crypto/x509/x509_txt.o \ -- crypto/x509/x509_v3.o \ -- crypto/x509/x509_vfy.o \ -- crypto/x509/x509_vpm.o \ -- crypto/x509/x509cset.o \ -- crypto/x509/x509name.o \ -- crypto/x509/x509rset.o \ -- crypto/x509/x509spki.o \ -- crypto/x509/x509type.o \ -- crypto/x509/x_all.o \ -- crypto/x509/x_attrib.o \ -- crypto/x509/x_crl.o \ -- crypto/x509/x_exten.o \ -- crypto/x509/x_name.o \ -- crypto/x509/x_pubkey.o \ -- crypto/x509/x_req.o \ -- crypto/x509/x_x509.o \ -- crypto/x509/x_x509a.o \ -- crypto/x509v3/pcy_cache.o \ -- crypto/x509v3/pcy_data.o \ -- crypto/x509v3/pcy_lib.o \ -- crypto/x509v3/pcy_map.o \ -- crypto/x509v3/pcy_node.o \ -- crypto/x509v3/pcy_tree.o \ -- crypto/x509v3/v3_addr.o \ -- crypto/x509v3/v3_akey.o \ -- crypto/x509v3/v3_akeya.o \ -- crypto/x509v3/v3_alt.o \ -- crypto/x509v3/v3_asid.o \ -- crypto/x509v3/v3_bcons.o \ -- crypto/x509v3/v3_bitst.o \ -- crypto/x509v3/v3_conf.o \ -- crypto/x509v3/v3_cpols.o \ -- crypto/x509v3/v3_crld.o \ -- crypto/x509v3/v3_enum.o \ -- crypto/x509v3/v3_extku.o \ -- crypto/x509v3/v3_genn.o \ -- crypto/x509v3/v3_ia5.o \ -- crypto/x509v3/v3_info.o \ -- crypto/x509v3/v3_int.o \ -- crypto/x509v3/v3_lib.o \ -- crypto/x509v3/v3_ncons.o \ -- crypto/x509v3/v3_pci.o \ -- crypto/x509v3/v3_pcia.o \ -- crypto/x509v3/v3_pcons.o \ -- crypto/x509v3/v3_pku.o \ -- crypto/x509v3/v3_pmaps.o \ -- crypto/x509v3/v3_prn.o \ -- crypto/x509v3/v3_purp.o \ -- crypto/x509v3/v3_skey.o \ -- crypto/x509v3/v3_sxnet.o \ -- crypto/x509v3/v3_tlsf.o \ -- crypto/x509v3/v3_utl.o \ -- crypto/x509v3/v3err.o -+OBJS = crypto/cryptlib.o \ -+ crypto/mem.o \ -+ crypto/mem_clr.o \ -+ crypto/mem_dbg.o \ -+ crypto/cversion.o \ -+ crypto/ex_data.o \ -+ crypto/cpt_err.o \ -+ crypto/ebcdic.o \ -+ crypto/uid.o \ -+ crypto/o_time.o \ -+ crypto/o_str.o \ -+ crypto/o_dir.o \ -+ crypto/o_fips.o \ -+ crypto/o_init.o \ -+ crypto/fips_ers.o \ -+ crypto/md4/md4_dgst.o \ -+ crypto/md4/md4_one.o \ -+ crypto/md5/md5_dgst.o \ -+ crypto/md5/md5_one.o \ -+ crypto/sha/sha_dgst.o \ -+ crypto/sha/sha1dgst.o \ -+ crypto/sha/sha_one.o \ -+ crypto/sha/sha1_one.o \ -+ crypto/sha/sha256.o \ -+ crypto/sha/sha512.o \ -+ crypto/hmac/hmac.o \ -+ crypto/hmac/hm_ameth.o \ -+ crypto/hmac/hm_pmeth.o \ -+ crypto/des/set_key.o \ -+ crypto/des/ecb_enc.o \ -+ crypto/des/cbc_enc.o \ -+ crypto/des/ecb3_enc.o \ -+ crypto/des/cfb64enc.o \ -+ crypto/des/cfb64ede.o \ -+ crypto/des/cfb_enc.o \ -+ crypto/des/ofb64ede.o \ -+ crypto/des/enc_read.o \ -+ crypto/des/enc_writ.o \ -+ crypto/des/ofb64enc.o \ -+ crypto/des/ofb_enc.o \ -+ crypto/des/str2key.o \ -+ crypto/des/pcbc_enc.o \ -+ crypto/des/qud_cksm.o \ -+ crypto/des/rand_key.o \ -+ crypto/des/des_enc.o \ -+ crypto/des/fcrypt_b.o \ -+ crypto/des/fcrypt.o \ -+ crypto/des/xcbc_enc.o \ -+ crypto/des/rpc_enc.o \ -+ crypto/des/cbc_cksm.o \ -+ crypto/des/ede_cbcm_enc.o \ -+ crypto/des/des_old.o \ -+ crypto/des/des_old2.o \ -+ crypto/des/read2pwd.o \ -+ crypto/rc4/rc4_enc.o \ -+ crypto/rc4/rc4_skey.o \ -+ crypto/rc4/rc4_utl.o \ -+ crypto/aes/aes_misc.o \ -+ crypto/aes/aes_ecb.o \ -+ crypto/aes/aes_cfb.o \ -+ crypto/aes/aes_ofb.o \ -+ crypto/aes/aes_ctr.o \ -+ crypto/aes/aes_ige.o \ -+ crypto/aes/aes_wrap.o \ -+ crypto/aes/aes_core.o \ -+ crypto/aes/aes_cbc.o \ -+ crypto/modes/cbc128.o \ -+ crypto/modes/ctr128.o \ -+ crypto/modes/cts128.o \ -+ crypto/modes/cfb128.o \ -+ crypto/modes/ofb128.o \ -+ crypto/modes/gcm128.o \ -+ crypto/modes/ccm128.o \ -+ crypto/modes/xts128.o \ -+ crypto/modes/wrap128.o \ -+ crypto/bn/bn_add.o \ -+ crypto/bn/bn_div.o \ -+ crypto/bn/bn_exp.o \ -+ crypto/bn/bn_lib.o \ -+ crypto/bn/bn_ctx.o \ -+ crypto/bn/bn_mul.o \ -+ crypto/bn/bn_mod.o \ -+ crypto/bn/bn_print.o \ -+ crypto/bn/bn_rand.o \ -+ crypto/bn/bn_shift.o \ -+ crypto/bn/bn_word.o \ -+ crypto/bn/bn_blind.o \ -+ crypto/bn/bn_kron.o \ -+ crypto/bn/bn_sqrt.o \ -+ crypto/bn/bn_gcd.o \ -+ crypto/bn/bn_prime.o \ -+ crypto/bn/bn_err.o \ -+ crypto/bn/bn_sqr.o \ -+ crypto/bn/bn_asm.o \ -+ crypto/bn/bn_recp.o \ -+ crypto/bn/bn_mont.o \ -+ crypto/bn/bn_mpi.o \ -+ crypto/bn/bn_exp2.o \ -+ crypto/bn/bn_gf2m.o \ -+ crypto/bn/bn_nist.o \ -+ crypto/bn/bn_depr.o \ -+ crypto/bn/bn_x931p.o \ -+ crypto/bn/bn_const.o \ -+ crypto/rsa/rsa_eay.o \ -+ crypto/rsa/rsa_gen.o \ -+ crypto/rsa/rsa_lib.o \ -+ crypto/rsa/rsa_sign.o \ -+ crypto/rsa/rsa_saos.o \ -+ crypto/rsa/rsa_err.o \ -+ crypto/rsa/rsa_pk1.o \ -+ crypto/rsa/rsa_ssl.o \ -+ crypto/rsa/rsa_none.o \ -+ crypto/rsa/rsa_oaep.o \ -+ crypto/rsa/rsa_chk.o \ -+ crypto/rsa/rsa_null.o \ -+ crypto/rsa/rsa_pss.o \ -+ crypto/rsa/rsa_x931.o \ -+ crypto/rsa/rsa_asn1.o \ -+ crypto/rsa/rsa_depr.o \ -+ crypto/rsa/rsa_ameth.o \ -+ crypto/rsa/rsa_prn.o \ -+ crypto/rsa/rsa_pmeth.o \ -+ crypto/rsa/rsa_crpt.o \ -+ crypto/dso/dso_dl.o \ -+ crypto/dso/dso_dlfcn.o \ -+ crypto/dso/dso_err.o \ -+ crypto/dso/dso_lib.o \ -+ crypto/dso/dso_null.o \ -+ crypto/dso/dso_openssl.o \ -+ crypto/dso/dso_win32.o \ -+ crypto/dso/dso_vms.o \ -+ crypto/dso/dso_beos.o \ -+ crypto/dh/dh_asn1.o \ -+ crypto/dh/dh_gen.o \ -+ crypto/dh/dh_key.o \ -+ crypto/dh/dh_lib.o \ -+ crypto/dh/dh_check.o \ -+ crypto/dh/dh_err.o \ -+ crypto/dh/dh_depr.o \ -+ crypto/dh/dh_ameth.o \ -+ crypto/dh/dh_pmeth.o \ -+ crypto/dh/dh_prn.o \ -+ crypto/dh/dh_rfc5114.o \ -+ crypto/buffer/buffer.o \ -+ crypto/buffer/buf_str.o \ -+ crypto/buffer/buf_err.o \ -+ crypto/bio/bio_lib.o \ -+ crypto/bio/bio_cb.o \ -+ crypto/bio/bio_err.o \ -+ crypto/bio/bss_mem.o \ -+ crypto/bio/bss_null.o \ -+ crypto/bio/bss_fd.o \ -+ crypto/bio/bss_file.o \ -+ crypto/bio/bss_sock.o \ -+ crypto/bio/bss_conn.o \ -+ crypto/bio/bf_null.o \ -+ crypto/bio/bf_buff.o \ -+ crypto/bio/b_dump.o \ -+ crypto/bio/b_print.o \ -+ crypto/bio/b_sock.o \ -+ crypto/bio/bss_acpt.o \ -+ crypto/bio/bf_nbio.o \ -+ crypto/bio/bss_log.o \ -+ crypto/bio/bss_bio.o \ -+ crypto/bio/bss_dgram.o \ -+ crypto/stack/stack.o \ -+ crypto/lhash/lhash.o \ -+ crypto/lhash/lh_stats.o \ -+ crypto/rand/md_rand.o \ -+ crypto/rand/randfile.o \ -+ crypto/rand/rand_lib.o \ -+ crypto/rand/rand_err.o \ -+ crypto/rand/rand_unix.o \ -+ crypto/err/err.o \ -+ crypto/err/err_all.o \ -+ crypto/err/err_prn.o \ -+ crypto/objects/o_names.o \ -+ crypto/objects/obj_dat.o \ -+ crypto/objects/obj_lib.o \ -+ crypto/objects/obj_err.o \ -+ crypto/objects/obj_xref.o \ -+ crypto/evp/encode.o \ -+ crypto/evp/digest.o \ -+ crypto/evp/evp_enc.o \ -+ crypto/evp/evp_key.o \ -+ crypto/evp/evp_acnf.o \ -+ crypto/evp/evp_cnf.o \ -+ crypto/evp/e_des.o \ -+ crypto/evp/e_bf.o \ -+ crypto/evp/e_idea.o \ -+ crypto/evp/e_des3.o \ -+ crypto/evp/e_camellia.o \ -+ crypto/evp/e_rc4.o \ -+ crypto/evp/e_aes.o \ -+ crypto/evp/names.o \ -+ crypto/evp/e_seed.o \ -+ crypto/evp/e_xcbc_d.o \ -+ crypto/evp/e_rc2.o \ -+ crypto/evp/e_cast.o \ -+ crypto/evp/e_rc5.o \ -+ crypto/evp/m_null.o \ -+ crypto/evp/m_md2.o \ -+ crypto/evp/m_md4.o \ -+ crypto/evp/m_md5.o \ -+ crypto/evp/m_sha.o \ -+ crypto/evp/m_sha1.o \ -+ crypto/evp/m_wp.o \ -+ crypto/evp/m_dss.o \ -+ crypto/evp/m_dss1.o \ -+ crypto/evp/m_mdc2.o \ -+ crypto/evp/m_ripemd.o \ -+ crypto/evp/m_ecdsa.o \ -+ crypto/evp/p_open.o \ -+ crypto/evp/p_seal.o \ -+ crypto/evp/p_sign.o \ -+ crypto/evp/p_verify.o \ -+ crypto/evp/p_lib.o \ -+ crypto/evp/p_enc.o \ -+ crypto/evp/p_dec.o \ -+ crypto/evp/bio_md.o \ -+ crypto/evp/bio_b64.o \ -+ crypto/evp/bio_enc.o \ -+ crypto/evp/evp_err.o \ -+ crypto/evp/e_null.o \ -+ crypto/evp/c_all.o \ -+ crypto/evp/c_allc.o \ -+ crypto/evp/c_alld.o \ -+ crypto/evp/evp_lib.o \ -+ crypto/evp/bio_ok.o \ -+ crypto/evp/evp_pkey.o \ -+ crypto/evp/evp_pbe.o \ -+ crypto/evp/p5_crpt.o \ -+ crypto/evp/p5_crpt2.o \ -+ crypto/evp/e_old.o \ -+ crypto/evp/pmeth_lib.o \ -+ crypto/evp/pmeth_fn.o \ -+ crypto/evp/pmeth_gn.o \ -+ crypto/evp/m_sigver.o \ -+ crypto/evp/e_aes_cbc_hmac_sha1.o \ -+ crypto/evp/e_aes_cbc_hmac_sha256.o \ -+ crypto/evp/e_rc4_hmac_md5.o \ -+ crypto/asn1/a_object.o \ -+ crypto/asn1/a_bitstr.o \ -+ crypto/asn1/a_utctm.o \ -+ crypto/asn1/a_gentm.o \ -+ crypto/asn1/a_time.o \ -+ crypto/asn1/a_int.o \ -+ crypto/asn1/a_octet.o \ -+ crypto/asn1/a_print.o \ -+ crypto/asn1/a_type.o \ -+ crypto/asn1/a_set.o \ -+ crypto/asn1/a_dup.o \ -+ crypto/asn1/a_d2i_fp.o \ -+ crypto/asn1/a_i2d_fp.o \ -+ crypto/asn1/a_enum.o \ -+ crypto/asn1/a_utf8.o \ -+ crypto/asn1/a_sign.o \ -+ crypto/asn1/a_digest.o \ -+ crypto/asn1/a_verify.o \ -+ crypto/asn1/a_mbstr.o \ -+ crypto/asn1/a_strex.o \ -+ crypto/asn1/x_algor.o \ -+ crypto/asn1/x_val.o \ -+ crypto/asn1/x_pubkey.o \ -+ crypto/asn1/x_sig.o \ -+ crypto/asn1/x_req.o \ -+ crypto/asn1/x_attrib.o \ -+ crypto/asn1/x_bignum.o \ -+ crypto/asn1/x_long.o \ -+ crypto/asn1/x_name.o \ -+ crypto/asn1/x_x509.o \ -+ crypto/asn1/x_x509a.o \ -+ crypto/asn1/x_crl.o \ -+ crypto/asn1/x_info.o \ -+ crypto/asn1/x_spki.o \ -+ crypto/asn1/nsseq.o \ -+ crypto/asn1/x_nx509.o \ -+ crypto/asn1/d2i_pu.o \ -+ crypto/asn1/d2i_pr.o \ -+ crypto/asn1/i2d_pu.o \ -+ crypto/asn1/i2d_pr.o \ -+ crypto/asn1/t_req.o \ -+ crypto/asn1/t_x509.o \ -+ crypto/asn1/t_x509a.o \ -+ crypto/asn1/t_crl.o \ -+ crypto/asn1/t_pkey.o \ -+ crypto/asn1/t_spki.o \ -+ crypto/asn1/t_bitst.o \ -+ crypto/asn1/tasn_new.o \ -+ crypto/asn1/tasn_fre.o \ -+ crypto/asn1/tasn_enc.o \ -+ crypto/asn1/tasn_dec.o \ -+ crypto/asn1/tasn_utl.o \ -+ crypto/asn1/tasn_typ.o \ -+ crypto/asn1/tasn_prn.o \ -+ crypto/asn1/ameth_lib.o \ -+ crypto/asn1/f_int.o \ -+ crypto/asn1/f_string.o \ -+ crypto/asn1/n_pkey.o \ -+ crypto/asn1/f_enum.o \ -+ crypto/asn1/x_pkey.o \ -+ crypto/asn1/a_bool.o \ -+ crypto/asn1/x_exten.o \ -+ crypto/asn1/bio_asn1.o \ -+ crypto/asn1/bio_ndef.o \ -+ crypto/asn1/asn_mime.o \ -+ crypto/asn1/asn1_gen.o \ -+ crypto/asn1/asn1_par.o \ -+ crypto/asn1/asn1_lib.o \ -+ crypto/asn1/asn1_err.o \ -+ crypto/asn1/a_bytes.o \ -+ crypto/asn1/a_strnid.o \ -+ crypto/asn1/evp_asn1.o \ -+ crypto/asn1/asn_pack.o \ -+ crypto/asn1/p5_pbe.o \ -+ crypto/asn1/p5_pbev2.o \ -+ crypto/asn1/p8_pkey.o \ -+ crypto/asn1/asn_moid.o \ -+ crypto/pem/pem_sign.o \ -+ crypto/pem/pem_seal.o \ -+ crypto/pem/pem_info.o \ -+ crypto/pem/pem_lib.o \ -+ crypto/pem/pem_all.o \ -+ crypto/pem/pem_err.o \ -+ crypto/pem/pem_x509.o \ -+ crypto/pem/pem_xaux.o \ -+ crypto/pem/pem_oth.o \ -+ crypto/pem/pem_pk8.o \ -+ crypto/pem/pem_pkey.o \ -+ crypto/pem/pvkfmt.o \ -+ crypto/x509/x509_def.o \ -+ crypto/x509/x509_d2.o \ -+ crypto/x509/x509_r2x.o \ -+ crypto/x509/x509_cmp.o \ -+ crypto/x509/x509_obj.o \ -+ crypto/x509/x509_req.o \ -+ crypto/x509/x509spki.o \ -+ crypto/x509/x509_vfy.o \ -+ crypto/x509/x509_set.o \ -+ crypto/x509/x509cset.o \ -+ crypto/x509/x509rset.o \ -+ crypto/x509/x509_err.o \ -+ crypto/x509/x509name.o \ -+ crypto/x509/x509_v3.o \ -+ crypto/x509/x509_ext.o \ -+ crypto/x509/x509_att.o \ -+ crypto/x509/x509type.o \ -+ crypto/x509/x509_lu.o \ -+ crypto/x509/x_all.o \ -+ crypto/x509/x509_txt.o \ -+ crypto/x509/x509_trs.o \ -+ crypto/x509/x509_vpm.o \ -+ crypto/x509v3/v3_bcons.o \ -+ crypto/x509v3/v3_bitst.o \ -+ crypto/x509v3/v3_conf.o \ -+ crypto/x509v3/v3_extku.o \ -+ crypto/x509v3/v3_ia5.o \ -+ crypto/x509v3/v3_lib.o \ -+ crypto/x509v3/v3_prn.o \ -+ crypto/x509v3/v3_utl.o \ -+ crypto/x509v3/v3err.o \ -+ crypto/x509v3/v3_genn.o \ -+ crypto/x509v3/v3_alt.o \ -+ crypto/x509v3/v3_skey.o \ -+ crypto/x509v3/v3_akey.o \ -+ crypto/x509v3/v3_pku.o \ -+ crypto/x509v3/v3_int.o \ -+ crypto/x509v3/v3_enum.o \ -+ crypto/x509v3/v3_sxnet.o \ -+ crypto/x509v3/v3_cpols.o \ -+ crypto/x509v3/v3_crld.o \ -+ crypto/x509v3/v3_purp.o \ -+ crypto/x509v3/v3_info.o \ -+ crypto/x509v3/v3_ocsp.o \ -+ crypto/x509v3/v3_akeya.o \ -+ crypto/x509v3/v3_pmaps.o \ -+ crypto/x509v3/v3_pcons.o \ -+ crypto/x509v3/v3_ncons.o \ -+ crypto/x509v3/v3_pcia.o \ -+ crypto/x509v3/v3_pci.o \ -+ crypto/x509v3/pcy_cache.o \ -+ crypto/x509v3/pcy_node.o \ -+ crypto/x509v3/pcy_data.o \ -+ crypto/x509v3/pcy_map.o \ -+ crypto/x509v3/pcy_tree.o \ -+ crypto/x509v3/pcy_lib.o \ -+ crypto/x509v3/v3_asid.o \ -+ crypto/x509v3/v3_addr.o \ -+ crypto/conf/conf_err.o \ -+ crypto/conf/conf_lib.o \ -+ crypto/conf/conf_api.o \ -+ crypto/conf/conf_def.o \ -+ crypto/conf/conf_mod.o \ -+ crypto/conf/conf_mall.o \ -+ crypto/conf/conf_sap.o \ -+ crypto/txt_db/txt_db.o \ -+ crypto/pkcs7/pk7_asn1.o \ -+ crypto/pkcs7/pk7_lib.o \ -+ crypto/pkcs7/pkcs7err.o \ -+ crypto/pkcs7/pk7_doit.o \ -+ crypto/pkcs7/pk7_smime.o \ -+ crypto/pkcs7/pk7_attr.o \ -+ crypto/pkcs7/pk7_mime.o \ -+ crypto/pkcs7/bio_pk7.o \ -+ crypto/pkcs12/p12_add.o \ -+ crypto/pkcs12/p12_asn.o \ -+ crypto/pkcs12/p12_attr.o \ -+ crypto/pkcs12/p12_crpt.o \ -+ crypto/pkcs12/p12_crt.o \ -+ crypto/pkcs12/p12_decr.o \ -+ crypto/pkcs12/p12_init.o \ -+ crypto/pkcs12/p12_key.o \ -+ crypto/pkcs12/p12_kiss.o \ -+ crypto/pkcs12/p12_mutl.o \ -+ crypto/pkcs12/p12_utl.o \ -+ crypto/pkcs12/p12_npas.o \ -+ crypto/pkcs12/pk12err.o \ -+ crypto/pkcs12/p12_p8d.o \ -+ crypto/pkcs12/p12_p8e.o \ -+ crypto/comp/comp_lib.o \ -+ crypto/comp/comp_err.o \ -+ crypto/comp/c_rle.o \ -+ crypto/comp/c_zlib.o \ -+ crypto/ocsp/ocsp_asn.o \ -+ crypto/ocsp/ocsp_ext.o \ -+ crypto/ocsp/ocsp_ht.o \ -+ crypto/ocsp/ocsp_lib.o \ -+ crypto/ocsp/ocsp_cl.o \ -+ crypto/ocsp/ocsp_srv.o \ -+ crypto/ocsp/ocsp_prn.o \ -+ crypto/ocsp/ocsp_vfy.o \ -+ crypto/ocsp/ocsp_err.o \ -+ crypto/ui/ui_lib.o \ -+ crypto/ui/ui_util.o \ -+ crypto/ui/ui_compat.o \ -+ crypto/krb5/krb5_asn.o \ -+ crypto/cmac/cmac.o \ -+ crypto/cmac/cm_ameth.o \ -+ crypto/cmac/cm_pmeth.o \ - - all: $(TARGET) - -diff --git a/Cryptlib/OpenSSL/buildinf.h b/Cryptlib/OpenSSL/buildinf.h -index 3d967d2..673bf78 100644 ---- a/Cryptlib/OpenSSL/buildinf.h -+++ b/Cryptlib/OpenSSL/buildinf.h -@@ -1,2 +1,2 @@ - #define PLATFORM "UEFI" --#define DATE "Tues Mar 21 01:23:45 PDT 2017" -+#define DATE "Mon Mar 8 14:17:05 PDT 2010" -diff --git a/Cryptlib/OpenSSL/crypto/LPdir_nyi.c b/Cryptlib/OpenSSL/crypto/LPdir_nyi.c -index 049044c..b16e849 100644 ---- a/Cryptlib/OpenSSL/crypto/LPdir_nyi.c -+++ b/Cryptlib/OpenSSL/crypto/LPdir_nyi.c -@@ -1,12 +1,3 @@ --/* -- * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- - /* - * Copyright (c) 2004, Richard Levitte - * All rights reserved. -diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_cbc.c b/Cryptlib/OpenSSL/crypto/aes/aes_cbc.c -index 342841f..805d0e2 100644 ---- a/Cryptlib/OpenSSL/crypto/aes/aes_cbc.c -+++ b/Cryptlib/OpenSSL/crypto/aes/aes_cbc.c -@@ -1,10 +1,52 @@ --/* -- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/aes/aes_cbc.c */ -+/* ==================================================================== -+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include -diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_cfb.c b/Cryptlib/OpenSSL/crypto/aes/aes_cfb.c -index f010e3c..1225000 100644 ---- a/Cryptlib/OpenSSL/crypto/aes/aes_cfb.c -+++ b/Cryptlib/OpenSSL/crypto/aes/aes_cfb.c -@@ -1,10 +1,52 @@ --/* -- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/aes/aes_cfb.c */ -+/* ==================================================================== -+ * Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include -diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_core.c b/Cryptlib/OpenSSL/crypto/aes/aes_core.c -index bd5c779..7019b5d 100644 ---- a/Cryptlib/OpenSSL/crypto/aes/aes_core.c -+++ b/Cryptlib/OpenSSL/crypto/aes/aes_core.c -@@ -1,12 +1,4 @@ --/* -- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- -+/* crypto/aes/aes_core.c */ - /** - * rijndael-alg-fst.c - * -@@ -36,10 +28,14 @@ - /* Note: rewritten a little bit to provide error control and an OpenSSL- - compatible API */ - -+#ifndef AES_DEBUG -+# ifndef NDEBUG -+# define NDEBUG -+# endif -+#endif - #include - - #include --#include - #include - #include "aes_locl.h" - -@@ -629,8 +625,8 @@ static const u32 rcon[] = { - /** - * Expand the cipher key into the encryption key schedule. - */ --int AES_set_encrypt_key(const unsigned char *userKey, const int bits, -- AES_KEY *key) -+int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits, -+ AES_KEY *key) - { - - u32 *rk; -@@ -644,9 +640,9 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, - - rk = key->rd_key; - -- if (bits == 128) -+ if (bits==128) - key->rounds = 10; -- else if (bits == 192) -+ else if (bits==192) - key->rounds = 12; - else - key->rounds = 14; -@@ -731,8 +727,8 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, - /** - * Expand the cipher key into the decryption key schedule. - */ --int AES_set_decrypt_key(const unsigned char *userKey, const int bits, -- AES_KEY *key) -+int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits, -+ AES_KEY *key) - { - - u32 *rk; -@@ -740,7 +736,7 @@ int AES_set_decrypt_key(const unsigned char *userKey, const int bits, - u32 temp; - - /* first, start with an encryption schedule */ -- status = AES_set_encrypt_key(userKey, bits, key); -+ status = private_AES_set_encrypt_key(userKey, bits, key); - if (status < 0) - return status; - -@@ -1208,11 +1204,11 @@ static const u32 rcon[] = { - /** - * Expand the cipher key into the encryption key schedule. - */ --int AES_set_encrypt_key(const unsigned char *userKey, const int bits, -- AES_KEY *key) -+int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits, -+ AES_KEY *key) - { - u32 *rk; -- int i = 0; -+ int i = 0; - u32 temp; - - if (!userKey || !key) -@@ -1222,9 +1218,9 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, - - rk = key->rd_key; - -- if (bits == 128) -+ if (bits==128) - key->rounds = 10; -- else if (bits == 192) -+ else if (bits==192) - key->rounds = 12; - else - key->rounds = 14; -@@ -1309,8 +1305,8 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, - /** - * Expand the cipher key into the decryption key schedule. - */ --int AES_set_decrypt_key(const unsigned char *userKey, const int bits, -- AES_KEY *key) -+int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits, -+ AES_KEY *key) - { - - u32 *rk; -@@ -1318,7 +1314,7 @@ int AES_set_decrypt_key(const unsigned char *userKey, const int bits, - u32 temp; - - /* first, start with an encryption schedule */ -- status = AES_set_encrypt_key(userKey, bits, key); -+ status = private_AES_set_encrypt_key(userKey, bits, key); - if (status < 0) - return status; - -@@ -1355,7 +1351,7 @@ int AES_set_decrypt_key(const unsigned char *userKey, const int bits, - rk[j] = tpe ^ ROTATE(tpd,16) ^ - ROTATE(tp9,24) ^ ROTATE(tpb,8); - #else -- rk[j] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ -+ rk[j] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ - (tp9 >> 8) ^ (tp9 << 24) ^ - (tpb >> 24) ^ (tpb << 8); - #endif -diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_ctr.c b/Cryptlib/OpenSSL/crypto/aes/aes_ctr.c -new file mode 100644 -index 0000000..9e760c4 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/aes/aes_ctr.c -@@ -0,0 +1,63 @@ -+/* crypto/aes/aes_ctr.c */ -+/* ==================================================================== -+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ */ -+ -+#include -+#include -+ -+void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, -+ size_t length, const AES_KEY *key, -+ unsigned char ivec[AES_BLOCK_SIZE], -+ unsigned char ecount_buf[AES_BLOCK_SIZE], -+ unsigned int *num) -+{ -+ CRYPTO_ctr128_encrypt(in, out, length, key, ivec, ecount_buf, num, -+ (block128_f) AES_encrypt); -+} -diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_ecb.c b/Cryptlib/OpenSSL/crypto/aes/aes_ecb.c -index 29bfc1a..52151a5 100644 ---- a/Cryptlib/OpenSSL/crypto/aes/aes_ecb.c -+++ b/Cryptlib/OpenSSL/crypto/aes/aes_ecb.c -@@ -1,12 +1,59 @@ --/* -- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/aes/aes_ecb.c */ -+/* ==================================================================== -+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - -+#ifndef AES_DEBUG -+# ifndef NDEBUG -+# define NDEBUG -+# endif -+#endif - #include - - #include -diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_ige.c b/Cryptlib/OpenSSL/crypto/aes/aes_ige.c -index 9125264..8f2b770 100644 ---- a/Cryptlib/OpenSSL/crypto/aes/aes_ige.c -+++ b/Cryptlib/OpenSSL/crypto/aes/aes_ige.c -@@ -1,13 +1,55 @@ --/* -- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/aes/aes_ige.c */ -+/* ==================================================================== -+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - --#include "internal/cryptlib.h" -+#include "cryptlib.h" - - #include - #include "aes_locl.h" -diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_locl.h b/Cryptlib/OpenSSL/crypto/aes/aes_locl.h -index adee29d..7acd74e 100644 ---- a/Cryptlib/OpenSSL/crypto/aes/aes_locl.h -+++ b/Cryptlib/OpenSSL/crypto/aes/aes_locl.h -@@ -1,16 +1,63 @@ --/* -- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/aes/aes.h */ -+/* ==================================================================== -+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #ifndef HEADER_AES_LOCL_H - # define HEADER_AES_LOCL_H - - # include -+ -+# ifdef OPENSSL_NO_AES -+# error AES is disabled. -+# endif -+ - # include - # include - # include -diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_misc.c b/Cryptlib/OpenSSL/crypto/aes/aes_misc.c -index 7403c84..fafad4d 100644 ---- a/Cryptlib/OpenSSL/crypto/aes/aes_misc.c -+++ b/Cryptlib/OpenSSL/crypto/aes/aes_misc.c -@@ -1,16 +1,61 @@ --/* -- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/aes/aes_misc.c */ -+/* ==================================================================== -+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include -+#include - #include - #include "aes_locl.h" - -+const char AES_version[] = "AES" OPENSSL_VERSION_PTEXT; -+ - const char *AES_options(void) - { - #ifdef FULL_UNROLL -@@ -19,3 +64,23 @@ const char *AES_options(void) - return "aes(partial)"; - #endif - } -+ -+/* FIPS wrapper functions to block low level AES calls in FIPS mode */ -+ -+int AES_set_encrypt_key(const unsigned char *userKey, const int bits, -+ AES_KEY *key) -+{ -+#ifdef OPENSSL_FIPS -+ fips_cipher_abort(AES); -+#endif -+ return private_AES_set_encrypt_key(userKey, bits, key); -+} -+ -+int AES_set_decrypt_key(const unsigned char *userKey, const int bits, -+ AES_KEY *key) -+{ -+#ifdef OPENSSL_FIPS -+ fips_cipher_abort(AES); -+#endif -+ return private_AES_set_decrypt_key(userKey, bits, key); -+} -diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_ofb.c b/Cryptlib/OpenSSL/crypto/aes/aes_ofb.c -index 215b538..64a08ca 100644 ---- a/Cryptlib/OpenSSL/crypto/aes/aes_ofb.c -+++ b/Cryptlib/OpenSSL/crypto/aes/aes_ofb.c -@@ -1,10 +1,52 @@ --/* -- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/aes/aes_ofb.c */ -+/* ==================================================================== -+ * Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include -diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_wrap.c b/Cryptlib/OpenSSL/crypto/aes/aes_wrap.c -index cae0b21..b7b64d5 100644 ---- a/Cryptlib/OpenSSL/crypto/aes/aes_wrap.c -+++ b/Cryptlib/OpenSSL/crypto/aes/aes_wrap.c -@@ -1,13 +1,58 @@ -+/* crypto/aes/aes_wrap.c */ - /* -- * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -+ * project. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== - */ - --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c b/Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c -index 33be907..f906188 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c -@@ -1,20 +1,68 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/asn1/a_bitstr.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include --#include "asn1_locl.h" - - int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len) - { -- return ASN1_STRING_set(x, d, len); -+ return M_ASN1_BIT_STRING_set(x, d, len); - } - - int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp) -@@ -66,11 +114,10 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp) - - *(p++) = (unsigned char)bits; - d = a->data; -- if (len > 0) { -- memcpy(p, d, len); -- p += len; -+ memcpy(p, d, len); -+ p += len; -+ if (len > 0) - p[-1] &= (0xff << bits); -- } - *pp = p; - return (ret); - } -@@ -89,7 +136,7 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, - } - - if ((a == NULL) || ((*a) == NULL)) { -- if ((ret = ASN1_BIT_STRING_new()) == NULL) -+ if ((ret = M_ASN1_BIT_STRING_new()) == NULL) - return (NULL); - } else - ret = (*a); -@@ -108,7 +155,7 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, - ret->flags |= (ASN1_STRING_FLAG_BITS_LEFT | i); /* set */ - - if (len-- > 1) { /* using one because of the bits left byte */ -- s = OPENSSL_malloc((int)len); -+ s = (unsigned char *)OPENSSL_malloc((int)len); - if (s == NULL) { - i = ERR_R_MALLOC_FAILURE; - goto err; -@@ -120,7 +167,8 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, - s = NULL; - - ret->length = (int)len; -- OPENSSL_free(ret->data); -+ if (ret->data != NULL) -+ OPENSSL_free(ret->data); - ret->data = s; - ret->type = V_ASN1_BIT_STRING; - if (a != NULL) -@@ -129,8 +177,8 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, - return (ret); - err: - ASN1err(ASN1_F_C2I_ASN1_BIT_STRING, i); -- if ((a == NULL) || (*a != ret)) -- ASN1_BIT_STRING_free(ret); -+ if ((ret != NULL) && ((a == NULL) || (*a != ret))) -+ M_ASN1_BIT_STRING_free(ret); - return (NULL); - } - -@@ -156,7 +204,11 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value) - if ((a->length < (w + 1)) || (a->data == NULL)) { - if (!value) - return (1); /* Don't need to set */ -- c = OPENSSL_clear_realloc(a->data, a->length, w + 1); -+ if (a->data == NULL) -+ c = (unsigned char *)OPENSSL_malloc(w + 1); -+ else -+ c = (unsigned char *)OPENSSL_realloc_clean(a->data, -+ a->length, w + 1); - if (c == NULL) { - ASN1err(ASN1_F_ASN1_BIT_STRING_SET_BIT, ERR_R_MALLOC_FAILURE); - return 0; -@@ -172,7 +224,7 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value) - return (1); - } - --int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n) -+int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n) - { - int w, v; - -@@ -189,8 +241,8 @@ int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n) - * which is not specified in 'flags', 1 otherwise. - * 'len' is the length of 'flags'. - */ --int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a, -- const unsigned char *flags, int flags_len) -+int ASN1_BIT_STRING_check(ASN1_BIT_STRING *a, -+ unsigned char *flags, int flags_len) - { - int i, ok; - /* Check if there is one bit set at all. */ -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_bool.c b/Cryptlib/OpenSSL/crypto/asn1/a_bool.c -new file mode 100644 -index 0000000..1b85bc9 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_bool.c -@@ -0,0 +1,111 @@ -+/* crypto/asn1/a_bool.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#include -+#include "cryptlib.h" -+#include -+ -+int i2d_ASN1_BOOLEAN(int a, unsigned char **pp) -+{ -+ int r; -+ unsigned char *p; -+ -+ r = ASN1_object_size(0, 1, V_ASN1_BOOLEAN); -+ if (pp == NULL) -+ return (r); -+ p = *pp; -+ -+ ASN1_put_object(&p, 0, 1, V_ASN1_BOOLEAN, V_ASN1_UNIVERSAL); -+ *(p++) = (unsigned char)a; -+ *pp = p; -+ return (r); -+} -+ -+int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length) -+{ -+ int ret = -1; -+ const unsigned char *p; -+ long len; -+ int inf, tag, xclass; -+ int i = 0; -+ -+ p = *pp; -+ inf = ASN1_get_object(&p, &len, &tag, &xclass, length); -+ if (inf & 0x80) { -+ i = ASN1_R_BAD_OBJECT_HEADER; -+ goto err; -+ } -+ -+ if (tag != V_ASN1_BOOLEAN) { -+ i = ASN1_R_EXPECTING_A_BOOLEAN; -+ goto err; -+ } -+ -+ if (len != 1) { -+ i = ASN1_R_BOOLEAN_IS_WRONG_LENGTH; -+ goto err; -+ } -+ ret = (int)*(p++); -+ if (a != NULL) -+ (*a) = ret; -+ *pp = p; -+ return (ret); -+ err: -+ ASN1err(ASN1_F_D2I_ASN1_BOOLEAN, i); -+ return (ret); -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_bytes.c b/Cryptlib/OpenSSL/crypto/asn1/a_bytes.c -new file mode 100644 -index 0000000..65e5394 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_bytes.c -@@ -0,0 +1,334 @@ -+/* crypto/asn1/a_bytes.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#include -+#include "cryptlib.h" -+#include -+ -+static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c, -+ int depth); -+static ASN1_STRING *int_d2i_ASN1_bytes(ASN1_STRING **a, -+ const unsigned char **pp, long length, -+ int Ptag, int Pclass, int depth, -+ int *perr); -+/* -+ * type is a 'bitmap' of acceptable string types. -+ */ -+ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, const unsigned char **pp, -+ long length, int type) -+{ -+ ASN1_STRING *ret = NULL; -+ const unsigned char *p; -+ unsigned char *s; -+ long len; -+ int inf, tag, xclass; -+ int i = 0; -+ -+ p = *pp; -+ inf = ASN1_get_object(&p, &len, &tag, &xclass, length); -+ if (inf & 0x80) -+ goto err; -+ -+ if (tag >= 32) { -+ i = ASN1_R_TAG_VALUE_TOO_HIGH; -+ goto err; -+ } -+ if (!(ASN1_tag2bit(tag) & type)) { -+ i = ASN1_R_WRONG_TYPE; -+ goto err; -+ } -+ -+ /* If a bit-string, exit early */ -+ if (tag == V_ASN1_BIT_STRING) -+ return (d2i_ASN1_BIT_STRING(a, pp, length)); -+ -+ if ((a == NULL) || ((*a) == NULL)) { -+ if ((ret = ASN1_STRING_new()) == NULL) -+ return (NULL); -+ } else -+ ret = (*a); -+ -+ if (len != 0) { -+ s = OPENSSL_malloc((int)len + 1); -+ if (s == NULL) { -+ i = ERR_R_MALLOC_FAILURE; -+ goto err; -+ } -+ memcpy(s, p, (int)len); -+ s[len] = '\0'; -+ p += len; -+ } else -+ s = NULL; -+ -+ if (ret->data != NULL) -+ OPENSSL_free(ret->data); -+ ret->length = (int)len; -+ ret->data = s; -+ ret->type = tag; -+ if (a != NULL) -+ (*a) = ret; -+ *pp = p; -+ return (ret); -+ err: -+ ASN1err(ASN1_F_D2I_ASN1_TYPE_BYTES, i); -+ if ((ret != NULL) && ((a == NULL) || (*a != ret))) -+ ASN1_STRING_free(ret); -+ return (NULL); -+} -+ -+int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass) -+{ -+ int ret, r, constructed; -+ unsigned char *p; -+ -+ if (a == NULL) -+ return (0); -+ -+ if (tag == V_ASN1_BIT_STRING) -+ return (i2d_ASN1_BIT_STRING(a, pp)); -+ -+ ret = a->length; -+ r = ASN1_object_size(0, ret, tag); -+ if (pp == NULL) -+ return (r); -+ p = *pp; -+ -+ if ((tag == V_ASN1_SEQUENCE) || (tag == V_ASN1_SET)) -+ constructed = 1; -+ else -+ constructed = 0; -+ ASN1_put_object(&p, constructed, ret, tag, xclass); -+ memcpy(p, a->data, a->length); -+ p += a->length; -+ *pp = p; -+ return (r); -+} -+ -+/* -+ * Maximum recursion depth of d2i_ASN1_bytes(): much more than should be -+ * encountered in pratice. -+ */ -+ -+#define ASN1_BYTES_MAXDEPTH 20 -+ -+ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp, -+ long length, int Ptag, int Pclass) -+{ -+ int err = 0; -+ ASN1_STRING *s = int_d2i_ASN1_bytes(a, pp, length, Ptag, Pclass, 0, &err); -+ if (err != 0) -+ ASN1err(ASN1_F_D2I_ASN1_BYTES, err); -+ return s; -+} -+ -+static ASN1_STRING *int_d2i_ASN1_bytes(ASN1_STRING **a, -+ const unsigned char **pp, long length, -+ int Ptag, int Pclass, -+ int depth, int *perr) -+{ -+ ASN1_STRING *ret = NULL; -+ const unsigned char *p; -+ unsigned char *s; -+ long len; -+ int inf, tag, xclass; -+ -+ if (depth > ASN1_BYTES_MAXDEPTH) { -+ *perr = ASN1_R_NESTED_ASN1_STRING; -+ return NULL; -+ } -+ -+ if ((a == NULL) || ((*a) == NULL)) { -+ if ((ret = ASN1_STRING_new()) == NULL) -+ return (NULL); -+ } else -+ ret = (*a); -+ -+ p = *pp; -+ inf = ASN1_get_object(&p, &len, &tag, &xclass, length); -+ if (inf & 0x80) { -+ *perr = ASN1_R_BAD_OBJECT_HEADER; -+ goto err; -+ } -+ -+ if (tag != Ptag) { -+ *perr = ASN1_R_WRONG_TAG; -+ goto err; -+ } -+ -+ if (inf & V_ASN1_CONSTRUCTED) { -+ ASN1_const_CTX c; -+ -+ c.error = 0; -+ c.pp = pp; -+ c.p = p; -+ c.inf = inf; -+ c.slen = len; -+ c.tag = Ptag; -+ c.xclass = Pclass; -+ c.max = (length == 0) ? 0 : (p + length); -+ if (!asn1_collate_primitive(ret, &c, depth)) { -+ *perr = c.error; -+ goto err; -+ } else { -+ p = c.p; -+ } -+ } else { -+ if (len != 0) { -+ if ((ret->length < len) || (ret->data == NULL)) { -+ s = OPENSSL_malloc((int)len + 1); -+ if (s == NULL) { -+ *perr = ERR_R_MALLOC_FAILURE; -+ goto err; -+ } -+ if (ret->data != NULL) -+ OPENSSL_free(ret->data); -+ } else -+ s = ret->data; -+ memcpy(s, p, (int)len); -+ s[len] = '\0'; -+ p += len; -+ } else { -+ s = NULL; -+ if (ret->data != NULL) -+ OPENSSL_free(ret->data); -+ } -+ -+ ret->length = (int)len; -+ ret->data = s; -+ ret->type = Ptag; -+ } -+ -+ if (a != NULL) -+ (*a) = ret; -+ *pp = p; -+ return (ret); -+ err: -+ if ((ret != NULL) && ((a == NULL) || (*a != ret))) -+ ASN1_STRING_free(ret); -+ return (NULL); -+} -+ -+/* -+ * We are about to parse 0..n d2i_ASN1_bytes objects, we are to collapse them -+ * into the one structure that is then returned -+ */ -+/* -+ * There have been a few bug fixes for this function from Paul Keogh -+ * , many thanks to him -+ */ -+static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c, -+ int depth) -+{ -+ ASN1_STRING *os = NULL; -+ BUF_MEM b; -+ int num; -+ -+ b.length = 0; -+ b.max = 0; -+ b.data = NULL; -+ -+ if (a == NULL) { -+ c->error = ERR_R_PASSED_NULL_PARAMETER; -+ goto err; -+ } -+ -+ num = 0; -+ for (;;) { -+ if (c->inf & 1) { -+ c->eos = ASN1_const_check_infinite_end(&c->p, -+ (long)(c->max - c->p)); -+ if (c->eos) -+ break; -+ } else { -+ if (c->slen <= 0) -+ break; -+ } -+ -+ c->q = c->p; -+ if (int_d2i_ASN1_bytes(&os, &c->p, c->max - c->p, c->tag, c->xclass, -+ depth + 1, &c->error) == NULL) { -+ goto err; -+ } -+ -+ if (!BUF_MEM_grow_clean(&b, num + os->length)) { -+ c->error = ERR_R_BUF_LIB; -+ goto err; -+ } -+ memcpy(&(b.data[num]), os->data, os->length); -+ if (!(c->inf & 1)) -+ c->slen -= (c->p - c->q); -+ num += os->length; -+ } -+ -+ if (!asn1_const_Finish(c)) -+ goto err; -+ -+ a->length = num; -+ if (a->data != NULL) -+ OPENSSL_free(a->data); -+ a->data = (unsigned char *)b.data; -+ if (os != NULL) -+ ASN1_STRING_free(os); -+ return (1); -+ err: -+ if (os != NULL) -+ ASN1_STRING_free(os); -+ if (b.data != NULL) -+ OPENSSL_free(b.data); -+ return (0); -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_d2i_fp.c b/Cryptlib/OpenSSL/crypto/asn1/a_d2i_fp.c -index e5c1d0e..51b6f24 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/a_d2i_fp.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_d2i_fp.c -@@ -1,23 +1,71 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/asn1/a_d2i_fp.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include - #include --#include "internal/cryptlib.h" --#include "internal/numbers.h" -+#include "cryptlib.h" - #include --#include -+#include - - static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb); - - #ifndef NO_OLD_ASN1 --# ifndef OPENSSL_NO_STDIO -+# ifndef OPENSSL_NO_FP_API - - void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x) - { -@@ -49,7 +97,8 @@ void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x) - p = (unsigned char *)b->data; - ret = d2i(x, &p, len); - err: -- BUF_MEM_free(b); -+ if (b != NULL) -+ BUF_MEM_free(b); - return (ret); - } - -@@ -69,11 +118,12 @@ void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x) - p = (const unsigned char *)b->data; - ret = ASN1_item_d2i(x, &p, len, it); - err: -- BUF_MEM_free(b); -+ if (b != NULL) -+ BUF_MEM_free(b); - return (ret); - } - --#ifndef OPENSSL_NO_STDIO -+#ifndef OPENSSL_NO_FP_API - void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x) - { - BIO *b; -@@ -97,15 +147,12 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) - BUF_MEM *b; - unsigned char *p; - int i; -+ ASN1_const_CTX c; - size_t want = HEADER_SIZE; -- uint32_t eos = 0; -+ int eos = 0; - size_t off = 0; - size_t len = 0; - -- const unsigned char *q; -- long slen; -- int inf, tag, xclass; -- - b = BUF_MEM_new(); - if (b == NULL) { - ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE); -@@ -137,9 +184,10 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) - /* else data already loaded */ - - p = (unsigned char *)&(b->data[off]); -- q = p; -- inf = ASN1_get_object(&q, &slen, &tag, &xclass, len - off); -- if (inf & 0x80) { -+ c.p = p; -+ c.inf = ASN1_get_object(&(c.p), &(c.slen), &(c.tag), &(c.xclass), -+ len - off); -+ if (c.inf & 0x80) { - unsigned long e; - - e = ERR_GET_REASON(ERR_peek_error()); -@@ -148,27 +196,27 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) - else - ERR_clear_error(); /* clear error */ - } -- i = q - p; /* header length */ -+ i = c.p - p; /* header length */ - off += i; /* end of data */ - -- if (inf & 1) { -+ if (c.inf & 1) { - /* no data body so go round again */ -- if (eos == UINT32_MAX) { -+ eos++; -+ if (eos < 0) { - ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_HEADER_TOO_LONG); - goto err; - } -- eos++; - want = HEADER_SIZE; -- } else if (eos && (slen == 0) && (tag == V_ASN1_EOC)) { -+ } else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC)) { - /* eos value, so go back and read another header */ - eos--; -- if (eos == 0) -+ if (eos <= 0) - break; - else - want = HEADER_SIZE; - } else { -- /* suck in slen bytes of data */ -- want = slen; -+ /* suck in c.slen bytes of data */ -+ want = c.slen; - if (want > (len - off)) { - size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE; - -@@ -210,12 +258,12 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) - chunk_max *= 2; - } - } -- if (off + slen < off) { -+ if (off + c.slen < off) { - ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG); - goto err; - } -- off += slen; -- if (eos == 0) { -+ off += c.slen; -+ if (eos <= 0) { - break; - } else - want = HEADER_SIZE; -@@ -230,6 +278,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) - *pb = b; - return off; - err: -- BUF_MEM_free(b); -+ if (b != NULL) -+ BUF_MEM_free(b); - return -1; - } -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_digest.c b/Cryptlib/OpenSSL/crypto/asn1/a_digest.c -index 46bff0d..7cbc475 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/a_digest.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_digest.c -@@ -1,16 +1,65 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/asn1/a_digest.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include - #include - --#include "internal/cryptlib.h" -+#include "cryptlib.h" - - #ifndef NO_SYS_TYPES_H - # include -@@ -30,17 +79,15 @@ int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data, - unsigned char *str, *p; - - i = i2d(data, NULL); -- if ((str = OPENSSL_malloc(i)) == NULL) { -+ if ((str = (unsigned char *)OPENSSL_malloc(i)) == NULL) { - ASN1err(ASN1_F_ASN1_DIGEST, ERR_R_MALLOC_FAILURE); - return (0); - } - p = str; - i2d(data, &p); - -- if (!EVP_Digest(str, i, md, len, type, NULL)) { -- OPENSSL_free(str); -+ if (!EVP_Digest(str, i, md, len, type, NULL)) - return 0; -- } - OPENSSL_free(str); - return (1); - } -@@ -57,10 +104,8 @@ int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn, - if (!str) - return (0); - -- if (!EVP_Digest(str, i, md, len, type, NULL)) { -- OPENSSL_free(str); -+ if (!EVP_Digest(str, i, md, len, type, NULL)) - return 0; -- } - OPENSSL_free(str); - return (1); - } -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_dup.c b/Cryptlib/OpenSSL/crypto/asn1/a_dup.c -index d9a57b2..349ab56 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/a_dup.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_dup.c -@@ -1,14 +1,63 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/asn1/a_dup.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - - #ifndef NO_OLD_ASN1 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_enum.c b/Cryptlib/OpenSSL/crypto/asn1/a_enum.c -new file mode 100644 -index 0000000..c3498ac ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_enum.c -@@ -0,0 +1,181 @@ -+/* crypto/asn1/a_enum.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#include -+#include "cryptlib.h" -+#include -+#include -+ -+/* -+ * Code for ENUMERATED type: identical to INTEGER apart from a different tag. -+ * for comments on encoding see a_int.c -+ */ -+ -+int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v) -+{ -+ int j, k; -+ unsigned int i; -+ unsigned char buf[sizeof(long) + 1]; -+ long d; -+ -+ a->type = V_ASN1_ENUMERATED; -+ if (a->length < (int)(sizeof(long) + 1)) { -+ if (a->data != NULL) -+ OPENSSL_free(a->data); -+ if ((a->data = -+ (unsigned char *)OPENSSL_malloc(sizeof(long) + 1)) != NULL) -+ memset((char *)a->data, 0, sizeof(long) + 1); -+ } -+ if (a->data == NULL) { -+ ASN1err(ASN1_F_ASN1_ENUMERATED_SET, ERR_R_MALLOC_FAILURE); -+ return (0); -+ } -+ d = v; -+ if (d < 0) { -+ d = -d; -+ a->type = V_ASN1_NEG_ENUMERATED; -+ } -+ -+ for (i = 0; i < sizeof(long); i++) { -+ if (d == 0) -+ break; -+ buf[i] = (int)d & 0xff; -+ d >>= 8; -+ } -+ j = 0; -+ for (k = i - 1; k >= 0; k--) -+ a->data[j++] = buf[k]; -+ a->length = j; -+ return (1); -+} -+ -+long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a) -+{ -+ int neg = 0, i; -+ long r = 0; -+ -+ if (a == NULL) -+ return (0L); -+ i = a->type; -+ if (i == V_ASN1_NEG_ENUMERATED) -+ neg = 1; -+ else if (i != V_ASN1_ENUMERATED) -+ return -1; -+ -+ if (a->length > (int)sizeof(long)) { -+ /* hmm... a bit ugly */ -+ return (0xffffffffL); -+ } -+ if (a->data == NULL) -+ return 0; -+ -+ for (i = 0; i < a->length; i++) { -+ r <<= 8; -+ r |= (unsigned char)a->data[i]; -+ } -+ if (neg) -+ r = -r; -+ return (r); -+} -+ -+ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai) -+{ -+ ASN1_ENUMERATED *ret; -+ int len, j; -+ -+ if (ai == NULL) -+ ret = M_ASN1_ENUMERATED_new(); -+ else -+ ret = ai; -+ if (ret == NULL) { -+ ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED, ERR_R_NESTED_ASN1_ERROR); -+ goto err; -+ } -+ if (BN_is_negative(bn)) -+ ret->type = V_ASN1_NEG_ENUMERATED; -+ else -+ ret->type = V_ASN1_ENUMERATED; -+ j = BN_num_bits(bn); -+ len = ((j == 0) ? 0 : ((j / 8) + 1)); -+ if (ret->length < len + 4) { -+ unsigned char *new_data = OPENSSL_realloc(ret->data, len + 4); -+ if (!new_data) { -+ ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ ret->data = new_data; -+ } -+ -+ ret->length = BN_bn2bin(bn, ret->data); -+ return (ret); -+ err: -+ if (ret != ai) -+ M_ASN1_ENUMERATED_free(ret); -+ return (NULL); -+} -+ -+BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn) -+{ -+ BIGNUM *ret; -+ -+ if ((ret = BN_bin2bn(ai->data, ai->length, bn)) == NULL) -+ ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN, ASN1_R_BN_LIB); -+ else if (ai->type == V_ASN1_NEG_ENUMERATED) -+ BN_set_negative(ret, 1); -+ return (ret); -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_gentm.c b/Cryptlib/OpenSSL/crypto/asn1/a_gentm.c -index c02c8d9..fa76dca 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/a_gentm.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_gentm.c -@@ -1,22 +1,123 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/asn1/a_gentm.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - /* -- * GENERALIZEDTIME implementation. Based on UTCTIME -+ * GENERALIZEDTIME implementation, written by Steve Henson. Based on UTCTIME - */ - - #include - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" -+#include "o_time.h" - #include - #include "asn1_locl.h" - -+#if 0 -+ -+int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a, unsigned char **pp) -+{ -+# ifdef CHARSET_EBCDIC -+ /* KLUDGE! We convert to ascii before writing DER */ -+ int len; -+ char tmp[24]; -+ ASN1_STRING tmpstr = *(ASN1_STRING *)a; -+ -+ len = tmpstr.length; -+ ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len); -+ tmpstr.data = tmp; -+ -+ a = (ASN1_GENERALIZEDTIME *)&tmpstr; -+# endif -+ return (i2d_ASN1_bytes((ASN1_STRING *)a, pp, -+ V_ASN1_GENERALIZEDTIME, V_ASN1_UNIVERSAL)); -+} -+ -+ASN1_GENERALIZEDTIME *d2i_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME **a, -+ unsigned char **pp, -+ long length) -+{ -+ ASN1_GENERALIZEDTIME *ret = NULL; -+ -+ ret = -+ (ASN1_GENERALIZEDTIME *)d2i_ASN1_bytes((ASN1_STRING **)a, pp, length, -+ V_ASN1_GENERALIZEDTIME, -+ V_ASN1_UNIVERSAL); -+ if (ret == NULL) { -+ ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME, ERR_R_NESTED_ASN1_ERROR); -+ return (NULL); -+ } -+# ifdef CHARSET_EBCDIC -+ ascii2ebcdic(ret->data, ret->data, ret->length); -+# endif -+ if (!ASN1_GENERALIZEDTIME_check(ret)) { -+ ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME, ASN1_R_INVALID_TIME_FORMAT); -+ goto err; -+ } -+ -+ return (ret); -+ err: -+ if ((ret != NULL) && ((a == NULL) || (*a != ret))) -+ M_ASN1_GENERALIZEDTIME_free(ret); -+ return (NULL); -+} -+ -+#endif -+ - int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d) - { - static const int min[9] = { 0, 0, 1, 1, 0, 0, 0, 0, 0 }; -@@ -148,7 +249,8 @@ int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str) - t.data = (unsigned char *)str; - if (ASN1_GENERALIZEDTIME_check(&t)) { - if (s != NULL) { -- if (!ASN1_STRING_set((ASN1_STRING *)s, str, t.length)) -+ if (!ASN1_STRING_set((ASN1_STRING *)s, -+ (unsigned char *)str, t.length)) - return 0; - s->type = V_ASN1_GENERALIZEDTIME; - } -@@ -171,103 +273,40 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, - struct tm *ts; - struct tm data; - size_t len = 20; -- ASN1_GENERALIZEDTIME *tmps = NULL; - - if (s == NULL) -- tmps = ASN1_GENERALIZEDTIME_new(); -- else -- tmps = s; -- if (tmps == NULL) -- return NULL; -+ s = M_ASN1_GENERALIZEDTIME_new(); -+ if (s == NULL) -+ return (NULL); - - ts = OPENSSL_gmtime(&t, &data); - if (ts == NULL) -- goto err; -+ return (NULL); - - if (offset_day || offset_sec) { - if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec)) -- goto err; -+ return NULL; - } - -- p = (char *)tmps->data; -- if ((p == NULL) || ((size_t)tmps->length < len)) { -+ p = (char *)s->data; -+ if ((p == NULL) || ((size_t)s->length < len)) { - p = OPENSSL_malloc(len); - if (p == NULL) { - ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_ADJ, ERR_R_MALLOC_FAILURE); -- goto err; -+ return (NULL); - } -- OPENSSL_free(tmps->data); -- tmps->data = (unsigned char *)p; -+ if (s->data != NULL) -+ OPENSSL_free(s->data); -+ s->data = (unsigned char *)p; - } - - BIO_snprintf(p, len, "%04d%02d%02d%02d%02d%02dZ", ts->tm_year + 1900, - ts->tm_mon + 1, ts->tm_mday, ts->tm_hour, ts->tm_min, - ts->tm_sec); -- tmps->length = strlen(p); -- tmps->type = V_ASN1_GENERALIZEDTIME; -+ s->length = strlen(p); -+ s->type = V_ASN1_GENERALIZEDTIME; - #ifdef CHARSET_EBCDIC_not -- ebcdic2ascii(tmps->data, tmps->data, tmps->length); -+ ebcdic2ascii(s->data, s->data, s->length); - #endif -- return tmps; -- err: -- if (s == NULL) -- ASN1_GENERALIZEDTIME_free(tmps); -- return NULL; --} -- --const char *_asn1_mon[12] = { -- "Jan", "Feb", "Mar", "Apr", "May", "Jun", -- "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" --}; -- --int ASN1_GENERALIZEDTIME_print(BIO *bp, const ASN1_GENERALIZEDTIME *tm) --{ -- char *v; -- int gmt = 0; -- int i; -- int y = 0, M = 0, d = 0, h = 0, m = 0, s = 0; -- char *f = NULL; -- int f_len = 0; -- -- i = tm->length; -- v = (char *)tm->data; -- -- if (i < 12) -- goto err; -- if (v[i - 1] == 'Z') -- gmt = 1; -- for (i = 0; i < 12; i++) -- if ((v[i] > '9') || (v[i] < '0')) -- goto err; -- y = (v[0] - '0') * 1000 + (v[1] - '0') * 100 -- + (v[2] - '0') * 10 + (v[3] - '0'); -- M = (v[4] - '0') * 10 + (v[5] - '0'); -- if ((M > 12) || (M < 1)) -- goto err; -- d = (v[6] - '0') * 10 + (v[7] - '0'); -- h = (v[8] - '0') * 10 + (v[9] - '0'); -- m = (v[10] - '0') * 10 + (v[11] - '0'); -- if (tm->length >= 14 && -- (v[12] >= '0') && (v[12] <= '9') && -- (v[13] >= '0') && (v[13] <= '9')) { -- s = (v[12] - '0') * 10 + (v[13] - '0'); -- /* Check for fractions of seconds. */ -- if (tm->length >= 15 && v[14] == '.') { -- int l = tm->length; -- f = &v[14]; /* The decimal point. */ -- f_len = 1; -- while (14 + f_len < l && f[f_len] >= '0' && f[f_len] <= '9') -- ++f_len; -- } -- } -- -- if (BIO_printf(bp, "%s %2d %02d:%02d:%02d%.*s %d%s", -- _asn1_mon[M - 1], d, h, m, s, f_len, f, y, -- (gmt) ? " GMT" : "") <= 0) -- return (0); -- else -- return (1); -- err: -- BIO_write(bp, "Bad time value", 14); -- return (0); -+ return (s); - } -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_i2d_fp.c b/Cryptlib/OpenSSL/crypto/asn1/a_i2d_fp.c -index 1514ede..0f56cd4 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/a_i2d_fp.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_i2d_fp.c -@@ -1,20 +1,69 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/asn1/a_i2d_fp.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - - #ifndef NO_OLD_ASN1 - --# ifndef OPENSSL_NO_STDIO -+# ifndef OPENSSL_NO_FP_API - int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x) - { - BIO *b; -@@ -38,7 +87,7 @@ int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x) - int i, j = 0, n, ret = 1; - - n = i2d(x, NULL); -- b = OPENSSL_malloc(n); -+ b = (char *)OPENSSL_malloc(n); - if (b == NULL) { - ASN1err(ASN1_F_ASN1_I2D_BIO, ERR_R_MALLOC_FAILURE); - return (0); -@@ -64,7 +113,7 @@ int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x) - - #endif - --#ifndef OPENSSL_NO_STDIO -+#ifndef OPENSSL_NO_FP_API - int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x) - { - BIO *b; -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_int.c b/Cryptlib/OpenSSL/crypto/asn1/a_int.c -index e0bcd6e..7e26704 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/a_int.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_int.c -@@ -1,23 +1,69 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/asn1/a_int.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" --#include "internal/numbers.h" --#include -+#include "cryptlib.h" - #include - #include --#include "asn1_locl.h" - - ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x) - { -- return ASN1_STRING_dup(x); -+ return M_ASN1_INTEGER_dup(x); - } - - int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y) -@@ -41,11 +87,10 @@ int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y) - } - - /*- -- * This converts a big endian buffer and sign into its content encoding. -- * This is used for INTEGER and ENUMERATED types. -+ * This converts an ASN1 INTEGER into its content encoding. - * The internal representation is an ASN1_STRING whose data is a big endian - * representation of the value, ignoring the sign. The sign is determined by -- * the type: if type & V_ASN1_NEG is true it is negative, otherwise positive. -+ * the type: V_ASN1_INTEGER for positive and V_ASN1_NEG_INTEGER for negative. - * - * Positive integers are no problem: they are almost the same as the DER - * encoding, except if the first byte is >= 0x80 we need to add a zero pad. -@@ -66,19 +111,19 @@ int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y) - * followed by optional zeros isn't padded. - */ - --static size_t i2c_ibuf(const unsigned char *b, size_t blen, int neg, -- unsigned char **pp) -+int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) - { -- int pad = 0; -- size_t ret, i; -- unsigned char *p, pb = 0; -- const unsigned char *n; -+ int pad = 0, ret, i, neg; -+ unsigned char *p, *n, pb = 0; - -- if (b == NULL || blen == 0) -+ if (a == NULL) -+ return (0); -+ neg = a->type & V_ASN1_NEG; -+ if (a->length == 0) - ret = 1; - else { -- ret = blen; -- i = b[0]; -+ ret = a->length; -+ i = a->data[0]; - if (ret == 1 && i == 0) - neg = 0; - if (!neg && (i > 127)) { -@@ -93,8 +138,8 @@ static size_t i2c_ibuf(const unsigned char *b, size_t blen, int neg, - * Special case: if any other bytes non zero we pad: - * otherwise we don't. - */ -- for (i = 1; i < blen; i++) -- if (b[i]) { -+ for (i = 1; i < a->length; i++) -+ if (a->data[i]) { - pad = 1; - pb = 0xFF; - break; -@@ -104,299 +149,127 @@ static size_t i2c_ibuf(const unsigned char *b, size_t blen, int neg, - ret += pad; - } - if (pp == NULL) -- return ret; -+ return (ret); - p = *pp; - - if (pad) - *(p++) = pb; -- if (b == NULL || blen == 0) -- *p = 0; -+ if (a->length == 0) -+ *(p++) = 0; - else if (!neg) -- memcpy(p, b, blen); -+ memcpy(p, a->data, (unsigned int)a->length); - else { - /* Begin at the end of the encoding */ -- n = b + blen; -- p += blen; -- i = blen; -+ n = a->data + a->length - 1; -+ p += a->length - 1; -+ i = a->length; - /* Copy zeros to destination as long as source is zero */ -- while (!n[-1] && i > 1) { -- *(--p) = 0; -+ while (!*n && i > 1) { -+ *(p--) = 0; - n--; - i--; - } - /* Complement and increment next octet */ -- *(--p) = ((*(--n)) ^ 0xff) + 1; -+ *(p--) = ((*(n--)) ^ 0xff) + 1; - i--; - /* Complement any octets left */ - for (; i > 0; i--) -- *(--p) = *(--n) ^ 0xff; -+ *(p--) = *(n--) ^ 0xff; - } - - *pp += ret; -- return ret; --} -- --/* -- * convert content octets into a big endian buffer. Returns the length -- * of buffer or 0 on error: for malformed INTEGER. If output buffer is -- * NULL just return length. -- */ -- --static size_t c2i_ibuf(unsigned char *b, int *pneg, -- const unsigned char *p, size_t plen) --{ -- size_t i; -- int neg, pad; -- /* Zero content length is illegal */ -- if (plen == 0) { -- ASN1err(ASN1_F_C2I_IBUF, ASN1_R_ILLEGAL_ZERO_CONTENT); -- return 0; -- } -- neg = p[0] & 0x80; -- if (pneg) -- *pneg = neg; -- /* Handle common case where length is 1 octet separately */ -- if (plen == 1) { -- if (b) { -- if (neg) -- b[0] = (p[0] ^ 0xFF) + 1; -- else -- b[0] = p[0]; -- } -- return 1; -- } -- if (p[0] == 0 || p[0] == 0xFF) -- pad = 1; -- else -- pad = 0; -- /* reject illegal padding: first two octets MSB can't match */ -- if (pad && (neg == (p[1] & 0x80))) { -- ASN1err(ASN1_F_C2I_IBUF, ASN1_R_ILLEGAL_PADDING); -- return 0; -- } -- /* If positive just copy across */ -- if (neg == 0) { -- if (b) -- memcpy(b, p + pad, plen - pad); -- return plen - pad; -- } -- -- if (neg && pad) { -- /* check is any following octets are non zero */ -- for (i = 1; i < plen; i++) { -- if (p[i] != 0) -- break; -- } -- /* if all bytes are zero handle as special case */ -- if (i == plen) { -- if (b) { -- b[0] = 1; -- memset(b + 1, 0, plen - 1); -- } -- return plen; -- } -- } -- -- plen -= pad; -- /* Must be negative: calculate twos complement */ -- if (b) { -- const unsigned char *from = p + plen - 1 + pad; -- unsigned char *to = b + plen; -- i = plen; -- while (*from == 0 && i) { -- *--to = 0; -- i--; -- from--; -- } -- *--to = (*from-- ^ 0xff) + 1; -- OPENSSL_assert(i != 0); -- i--; -- for (; i > 0; i--) -- *--to = *from-- ^ 0xff; -- } -- return plen; --} -- --int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) --{ -- return i2c_ibuf(a->data, a->length, a->type & V_ASN1_NEG, pp); --} -- --/* Convert big endian buffer into uint64_t, return 0 on error */ --static int asn1_get_uint64(uint64_t *pr, const unsigned char *b, size_t blen) --{ -- size_t i; -- if (blen > sizeof(*pr)) { -- ASN1err(ASN1_F_ASN1_GET_UINT64, ASN1_R_TOO_LARGE); -- return 0; -- } -- *pr = 0; -- if (b == NULL) -- return 0; -- for (i = 0; i < blen; i++) { -- *pr <<= 8; -- *pr |= b[i]; -- } -- return 1; -+ return (ret); - } - --static size_t asn1_put_uint64(unsigned char *b, uint64_t r) --{ -- if (r >= 0x100) { -- unsigned char *p; -- uint64_t rtmp = r; -- size_t i = 0; -- -- /* Work out how many bytes we need */ -- while (rtmp) { -- rtmp >>= 8; -- i++; -- } -- -- /* Copy from end to beginning */ -- p = b + i - 1; -- -- do { -- *p-- = r & 0xFF; -- r >>= 8; -- } while (p >= b); -+/* Convert just ASN1 INTEGER content octets to ASN1_INTEGER structure */ - -- return i; -- } -- -- b[0] = (unsigned char)r; -- return 1; -- --} -- --/* -- * Absolute value of INT64_MIN: we can't just use -INT64_MIN as it produces -- * overflow warnings. -- */ -- --#define ABS_INT64_MIN \ -- ((uint64_t)INT64_MAX + (uint64_t)(-(INT64_MIN + INT64_MAX))) -- --/* signed version of asn1_get_uint64 */ --static int asn1_get_int64(int64_t *pr, const unsigned char *b, size_t blen, -- int neg) --{ -- uint64_t r; -- if (asn1_get_uint64(&r, b, blen) == 0) -- return 0; -- if (neg) { -- if (r > ABS_INT64_MIN) { -- ASN1err(ASN1_F_ASN1_GET_INT64, ASN1_R_TOO_SMALL); -- return 0; -- } -- *pr = 0 - (uint64_t)r; -- } else { -- if (r > INT64_MAX) { -- ASN1err(ASN1_F_ASN1_GET_INT64, ASN1_R_TOO_LARGE); -- return 0; -- } -- *pr = (int64_t)r; -- } -- return 1; --} -- --/* Convert ASN1 INTEGER content octets to ASN1_INTEGER structure */ - ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, - long len) - { - ASN1_INTEGER *ret = NULL; -- size_t r; -- int neg; -- -- r = c2i_ibuf(NULL, NULL, *pp, len); -- -- if (r == 0) -- return NULL; -+ const unsigned char *p, *pend; -+ unsigned char *to, *s; -+ int i; - - if ((a == NULL) || ((*a) == NULL)) { -- ret = ASN1_INTEGER_new(); -- if (ret == NULL) -- return NULL; -+ if ((ret = M_ASN1_INTEGER_new()) == NULL) -+ return (NULL); - ret->type = V_ASN1_INTEGER; - } else -- ret = *a; -- -- if (ASN1_STRING_set(ret, NULL, r) == 0) -- goto err; -- -- c2i_ibuf(ret->data, &neg, *pp, len); -- -- if (neg) -- ret->type |= V_ASN1_NEG; -+ ret = (*a); - -- *pp += len; -- if (a != NULL) -- (*a) = ret; -- return ret; -- err: -- ASN1err(ASN1_F_C2I_ASN1_INTEGER, ERR_R_MALLOC_FAILURE); -- if ((a == NULL) || (*a != ret)) -- ASN1_INTEGER_free(ret); -- return NULL; --} -+ p = *pp; -+ pend = p + len; - --static int asn1_string_get_int64(int64_t *pr, const ASN1_STRING *a, int itype) --{ -- if (a == NULL) { -- ASN1err(ASN1_F_ASN1_STRING_GET_INT64, ERR_R_PASSED_NULL_PARAMETER); -- return 0; -- } -- if ((a->type & ~V_ASN1_NEG) != itype) { -- ASN1err(ASN1_F_ASN1_STRING_GET_INT64, ASN1_R_WRONG_INTEGER_TYPE); -- return 0; -+ /* -+ * We must OPENSSL_malloc stuff, even for 0 bytes otherwise it signifies -+ * a missing NULL parameter. -+ */ -+ s = (unsigned char *)OPENSSL_malloc((int)len + 1); -+ if (s == NULL) { -+ i = ERR_R_MALLOC_FAILURE; -+ goto err; - } -- return asn1_get_int64(pr, a->data, a->length, a->type & V_ASN1_NEG); --} -- --static int asn1_string_set_int64(ASN1_STRING *a, int64_t r, int itype) --{ -- unsigned char tbuf[sizeof(r)]; -- size_t l; -- a->type = itype; -- if (r < 0) { -- l = asn1_put_uint64(tbuf, -r); -- a->type |= V_ASN1_NEG; -+ to = s; -+ if (!len) { -+ /* -+ * Strictly speaking this is an illegal INTEGER but we tolerate it. -+ */ -+ ret->type = V_ASN1_INTEGER; -+ } else if (*p & 0x80) { /* a negative number */ -+ ret->type = V_ASN1_NEG_INTEGER; -+ if ((*p == 0xff) && (len != 1)) { -+ p++; -+ len--; -+ } -+ i = len; -+ p += i - 1; -+ to += i - 1; -+ while ((!*p) && i) { -+ *(to--) = 0; -+ i--; -+ p--; -+ } -+ /* -+ * Special case: if all zeros then the number will be of the form FF -+ * followed by n zero bytes: this corresponds to 1 followed by n zero -+ * bytes. We've already written n zeros so we just append an extra -+ * one and set the first byte to a 1. This is treated separately -+ * because it is the only case where the number of bytes is larger -+ * than len. -+ */ -+ if (!i) { -+ *s = 1; -+ s[len] = 0; -+ len++; -+ } else { -+ *(to--) = (*(p--) ^ 0xff) + 1; -+ i--; -+ for (; i > 0; i--) -+ *(to--) = *(p--) ^ 0xff; -+ } - } else { -- l = asn1_put_uint64(tbuf, r); -- a->type &= ~V_ASN1_NEG; -- } -- if (l == 0) -- return 0; -- return ASN1_STRING_set(a, tbuf, l); --} -- --static int asn1_string_get_uint64(uint64_t *pr, const ASN1_STRING *a, -- int itype) --{ -- if (a == NULL) { -- ASN1err(ASN1_F_ASN1_STRING_GET_UINT64, ERR_R_PASSED_NULL_PARAMETER); -- return 0; -- } -- if ((a->type & ~V_ASN1_NEG) != itype) { -- ASN1err(ASN1_F_ASN1_STRING_GET_UINT64, ASN1_R_WRONG_INTEGER_TYPE); -- return 0; -- } -- if (a->type & V_ASN1_NEG) { -- ASN1err(ASN1_F_ASN1_STRING_GET_UINT64, ASN1_R_ILLEGAL_NEGATIVE_VALUE); -- return 0; -+ ret->type = V_ASN1_INTEGER; -+ if ((*p == 0) && (len != 1)) { -+ p++; -+ len--; -+ } -+ memcpy(s, p, (int)len); - } -- return asn1_get_uint64(pr, a->data, a->length); --} - --static int asn1_string_set_uint64(ASN1_STRING *a, uint64_t r, int itype) --{ -- unsigned char tbuf[sizeof(r)]; -- size_t l; -- a->type = itype; -- l = asn1_put_uint64(tbuf, r); -- if (l == 0) -- return 0; -- return ASN1_STRING_set(a, tbuf, l); -+ if (ret->data != NULL) -+ OPENSSL_free(ret->data); -+ ret->data = s; -+ ret->length = (int)len; -+ if (a != NULL) -+ (*a) = ret; -+ *pp = pend; -+ return (ret); -+ err: -+ ASN1err(ASN1_F_C2I_ASN1_INTEGER, i); -+ if ((ret != NULL) && ((a == NULL) || (*a != ret))) -+ M_ASN1_INTEGER_free(ret); -+ return (NULL); - } - - /* -@@ -416,7 +289,7 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, - int i; - - if ((a == NULL) || ((*a) == NULL)) { -- if ((ret = ASN1_INTEGER_new()) == NULL) -+ if ((ret = M_ASN1_INTEGER_new()) == NULL) - return (NULL); - ret->type = V_ASN1_INTEGER; - } else -@@ -438,7 +311,7 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, - * We must OPENSSL_malloc stuff, even for 0 bytes otherwise it signifies - * a missing NULL parameter. - */ -- s = OPENSSL_malloc((int)len + 1); -+ s = (unsigned char *)OPENSSL_malloc((int)len + 1); - if (s == NULL) { - i = ERR_R_MALLOC_FAILURE; - goto err; -@@ -453,7 +326,8 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, - p += len; - } - -- OPENSSL_free(ret->data); -+ if (ret->data != NULL) -+ OPENSSL_free(ret->data); - ret->data = s; - ret->length = (int)len; - if (a != NULL) -@@ -462,163 +336,129 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, - return (ret); - err: - ASN1err(ASN1_F_D2I_ASN1_UINTEGER, i); -- if ((a == NULL) || (*a != ret)) -- ASN1_INTEGER_free(ret); -+ if ((ret != NULL) && ((a == NULL) || (*a != ret))) -+ M_ASN1_INTEGER_free(ret); - return (NULL); - } - --static ASN1_STRING *bn_to_asn1_string(const BIGNUM *bn, ASN1_STRING *ai, -- int atype) -+int ASN1_INTEGER_set(ASN1_INTEGER *a, long v) - { -- ASN1_INTEGER *ret; -- int len; -- -- if (ai == NULL) { -- ret = ASN1_STRING_type_new(atype); -- } else { -- ret = ai; -- ret->type = atype; -+ int j, k; -+ unsigned int i; -+ unsigned char buf[sizeof(long) + 1]; -+ long d; -+ -+ a->type = V_ASN1_INTEGER; -+ if (a->length < (int)(sizeof(long) + 1)) { -+ if (a->data != NULL) -+ OPENSSL_free(a->data); -+ if ((a->data = -+ (unsigned char *)OPENSSL_malloc(sizeof(long) + 1)) != NULL) -+ memset((char *)a->data, 0, sizeof(long) + 1); - } -- -- if (ret == NULL) { -- ASN1err(ASN1_F_BN_TO_ASN1_STRING, ERR_R_NESTED_ASN1_ERROR); -- goto err; -+ if (a->data == NULL) { -+ ASN1err(ASN1_F_ASN1_INTEGER_SET, ERR_R_MALLOC_FAILURE); -+ return (0); - } -- -- if (BN_is_negative(bn) && !BN_is_zero(bn)) -- ret->type |= V_ASN1_NEG_INTEGER; -- -- len = BN_num_bytes(bn); -- -- if (len == 0) -- len = 1; -- -- if (ASN1_STRING_set(ret, NULL, len) == 0) { -- ASN1err(ASN1_F_BN_TO_ASN1_STRING, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- /* Correct zero case */ -- if (BN_is_zero(bn)) -- ret->data[0] = 0; -- else -- len = BN_bn2bin(bn, ret->data); -- ret->length = len; -- return ret; -- err: -- if (ret != ai) -- ASN1_INTEGER_free(ret); -- return (NULL); --} -- --static BIGNUM *asn1_string_to_bn(const ASN1_INTEGER *ai, BIGNUM *bn, -- int itype) --{ -- BIGNUM *ret; -- -- if ((ai->type & ~V_ASN1_NEG) != itype) { -- ASN1err(ASN1_F_ASN1_STRING_TO_BN, ASN1_R_WRONG_INTEGER_TYPE); -- return NULL; -+ d = v; -+ if (d < 0) { -+ d = -d; -+ a->type = V_ASN1_NEG_INTEGER; - } - -- ret = BN_bin2bn(ai->data, ai->length, bn); -- if (ret == 0) { -- ASN1err(ASN1_F_ASN1_STRING_TO_BN, ASN1_R_BN_LIB); -- return NULL; -+ for (i = 0; i < sizeof(long); i++) { -+ if (d == 0) -+ break; -+ buf[i] = (int)d & 0xff; -+ d >>= 8; - } -- if (ai->type & V_ASN1_NEG) -- BN_set_negative(ret, 1); -- return ret; --} -- --int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a) --{ -- return asn1_string_get_int64(pr, a, V_ASN1_INTEGER); --} -- --int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r) --{ -- return asn1_string_set_int64(a, r, V_ASN1_INTEGER); --} -- --int ASN1_INTEGER_get_uint64(uint64_t *pr, const ASN1_INTEGER *a) --{ -- return asn1_string_get_uint64(pr, a, V_ASN1_INTEGER); --} -- --int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r) --{ -- return asn1_string_set_uint64(a, r, V_ASN1_INTEGER); --} -- --int ASN1_INTEGER_set(ASN1_INTEGER *a, long v) --{ -- return ASN1_INTEGER_set_int64(a, v); -+ j = 0; -+ for (k = i - 1; k >= 0; k--) -+ a->data[j++] = buf[k]; -+ a->length = j; -+ return (1); - } - - long ASN1_INTEGER_get(const ASN1_INTEGER *a) - { -- int i; -- int64_t r; -+ int neg = 0, i; -+ long r = 0; -+ - if (a == NULL) -- return 0; -- i = ASN1_INTEGER_get_int64(&r, a); -- if (i == 0) -+ return (0L); -+ i = a->type; -+ if (i == V_ASN1_NEG_INTEGER) -+ neg = 1; -+ else if (i != V_ASN1_INTEGER) - return -1; -- if (r > LONG_MAX || r < LONG_MIN) -- return -1; -- return (long)r; --} - --ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai) --{ -- return bn_to_asn1_string(bn, ai, V_ASN1_INTEGER); --} -+ if (a->length > (int)sizeof(long)) { -+ /* hmm... a bit ugly, return all ones */ -+ return -1; -+ } -+ if (a->data == NULL) -+ return 0; - --BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn) --{ -- return asn1_string_to_bn(ai, bn, V_ASN1_INTEGER); -+ for (i = 0; i < a->length; i++) { -+ r <<= 8; -+ r |= (unsigned char)a->data[i]; -+ } -+ if (neg) -+ r = -r; -+ return (r); - } - --int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a) -+ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai) - { -- return asn1_string_get_int64(pr, a, V_ASN1_ENUMERATED); --} -+ ASN1_INTEGER *ret; -+ int len, j; - --int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r) --{ -- return asn1_string_set_int64(a, r, V_ASN1_ENUMERATED); -+ if (ai == NULL) -+ ret = M_ASN1_INTEGER_new(); -+ else -+ ret = ai; -+ if (ret == NULL) { -+ ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_NESTED_ASN1_ERROR); -+ goto err; -+ } -+ if (BN_is_negative(bn) && !BN_is_zero(bn)) -+ ret->type = V_ASN1_NEG_INTEGER; -+ else -+ ret->type = V_ASN1_INTEGER; -+ j = BN_num_bits(bn); -+ len = ((j == 0) ? 0 : ((j / 8) + 1)); -+ if (ret->length < len + 4) { -+ unsigned char *new_data = OPENSSL_realloc(ret->data, len + 4); -+ if (!new_data) { -+ ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ ret->data = new_data; -+ } -+ ret->length = BN_bn2bin(bn, ret->data); -+ /* Correct zero case */ -+ if (!ret->length) { -+ ret->data[0] = 0; -+ ret->length = 1; -+ } -+ return (ret); -+ err: -+ if (ret != ai) -+ M_ASN1_INTEGER_free(ret); -+ return (NULL); - } - --int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v) -+BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn) - { -- return ASN1_ENUMERATED_set_int64(a, v); --} -+ BIGNUM *ret; - --long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a) --{ -- int i; -- int64_t r; -- if (a == NULL) -- return 0; -- if ((a->type & ~V_ASN1_NEG) != V_ASN1_ENUMERATED) -- return -1; -- if (a->length > (int)sizeof(long)) -- return 0xffffffffL; -- i = ASN1_ENUMERATED_get_int64(&r, a); -- if (i == 0) -- return -1; -- if (r > LONG_MAX || r < LONG_MIN) -- return -1; -- return (long)r; -+ if ((ret = BN_bin2bn(ai->data, ai->length, bn)) == NULL) -+ ASN1err(ASN1_F_ASN1_INTEGER_TO_BN, ASN1_R_BN_LIB); -+ else if (ai->type == V_ASN1_NEG_INTEGER) -+ BN_set_negative(ret, 1); -+ return (ret); - } - --ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai) --{ -- return bn_to_asn1_string(bn, ai, V_ASN1_ENUMERATED); --} -+IMPLEMENT_STACK_OF(ASN1_INTEGER) - --BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn) --{ -- return asn1_string_to_bn(ai, bn, V_ASN1_ENUMERATED); --} -+IMPLEMENT_ASN1_SET_OF(ASN1_INTEGER) -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_mbstr.c b/Cryptlib/OpenSSL/crypto/asn1/a_mbstr.c -index 5578e92..6935efe 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/a_mbstr.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_mbstr.c -@@ -1,15 +1,65 @@ -+/* a_mbstr.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - - static int traverse_string(const unsigned char *p, int len, int inform, -@@ -22,14 +72,13 @@ static int cpy_asc(unsigned long value, void *arg); - static int cpy_bmp(unsigned long value, void *arg); - static int cpy_univ(unsigned long value, void *arg); - static int cpy_utf8(unsigned long value, void *arg); --static int is_numeric(unsigned long value); - static int is_printable(unsigned long value); - - /* - * These functions take a string in UTF8, ASCII or multibyte form and a mask - * of permissible ASN1 string types. It then works out the minimal type -- * (using the order Numeric < Printable < IA5 < T61 < BMP < Universal < UTF8) -- * and creates a string of the correct type with the supplied data. Yes this is -+ * (using the order Printable < IA5 < T61 < BMP < Universal < UTF8) and -+ * creates a string of the correct type with the supplied data. Yes this is - * horrible: it has to be :-( The 'ncopy' form checks minimum and maximum - * size limits too. - */ -@@ -120,9 +169,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, - - /* Now work out output format and string type */ - outform = MBSTRING_ASC; -- if (mask & B_ASN1_NUMERICSTRING) -- str_type = V_ASN1_NUMERICSTRING; -- else if (mask & B_ASN1_PRINTABLESTRING) -+ if (mask & B_ASN1_PRINTABLESTRING) - str_type = V_ASN1_PRINTABLESTRING; - else if (mask & B_ASN1_IA5STRING) - str_type = V_ASN1_IA5STRING; -@@ -143,14 +190,16 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, - if (*out) { - free_out = 0; - dest = *out; -- OPENSSL_free(dest->data); -- dest->data = NULL; -- dest->length = 0; -+ if (dest->data) { -+ dest->length = 0; -+ OPENSSL_free(dest->data); -+ dest->data = NULL; -+ } - dest->type = str_type; - } else { - free_out = 1; - dest = ASN1_STRING_type_new(str_type); -- if (dest == NULL) { -+ if (!dest) { - ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE); - return -1; - } -@@ -188,7 +237,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, - cpyfunc = cpy_utf8; - break; - } -- if ((p = OPENSSL_malloc(outlen + 1)) == NULL) { -+ if (!(p = OPENSSL_malloc(outlen + 1))) { - if (free_out) - ASN1_STRING_free(dest); - ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE); -@@ -273,8 +322,6 @@ static int type_str(unsigned long value, void *arg) - { - unsigned long types; - types = *((unsigned long *)arg); -- if ((types & B_ASN1_NUMERICSTRING) && !is_numeric(value)) -- types &= ~B_ASN1_NUMERICSTRING; - if ((types & B_ASN1_PRINTABLESTRING) && !is_printable(value)) - types &= ~B_ASN1_PRINTABLESTRING; - if ((types & B_ASN1_IA5STRING) && (value > 127)) -@@ -374,22 +421,3 @@ static int is_printable(unsigned long value) - #endif /* CHARSET_EBCDIC */ - return 0; - } -- --/* Return 1 if the character is a digit or space */ --static int is_numeric(unsigned long value) --{ -- int ch; -- if (value > 0x7f) -- return 0; -- ch = (int)value; --#ifndef CHARSET_EBCDIC -- if (!isdigit(ch) && ch != ' ') -- return 0; --#else -- if (ch > os_toascii['9']) -- return 0; -- if (ch < os_toascii['0'] && ch != os_toascii[' ']) -- return 0; --#endif -- return 1; --} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_object.c b/Cryptlib/OpenSSL/crypto/asn1/a_object.c -index 79f0ecd..229a40f 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/a_object.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_object.c -@@ -1,23 +1,70 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/asn1/a_object.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include - #include --#include "internal/asn1_int.h" --#include "asn1_locl.h" - --int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp) -+int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp) - { - unsigned char *p; - int objsize; -@@ -90,9 +137,9 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) - } - if (!use_bn && l >= ((ULONG_MAX - 80) / 10L)) { - use_bn = 1; -- if (bl == NULL) -+ if (!bl) - bl = BN_new(); -- if (bl == NULL || !BN_set_word(bl, l)) -+ if (!bl || !BN_set_word(bl, l)) - goto err; - } - if (use_bn) { -@@ -124,7 +171,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) - OPENSSL_free(tmp); - tmpsize = blsize + 32; - tmp = OPENSSL_malloc(tmpsize); -- if (tmp == NULL) -+ if (!tmp) - goto err; - } - while (blsize--) { -@@ -156,21 +203,23 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) - } - if (tmp != ftmp) - OPENSSL_free(tmp); -- BN_free(bl); -+ if (bl) -+ BN_free(bl); - return (len); - err: - if (tmp != ftmp) - OPENSSL_free(tmp); -- BN_free(bl); -+ if (bl) -+ BN_free(bl); - return (0); - } - --int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a) -+int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a) - { - return OBJ_obj2txt(buf, buf_len, a, 0); - } - --int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a) -+int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a) - { - char buf[80], *p = buf; - int i; -@@ -180,15 +229,12 @@ int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a) - i = i2t_ASN1_OBJECT(buf, sizeof buf, a); - if (i > (int)(sizeof(buf) - 1)) { - p = OPENSSL_malloc(i + 1); -- if (p == NULL) -+ if (!p) - return -1; - i2t_ASN1_OBJECT(p, i + 1, a); - } -- if (i <= 0) { -- i = BIO_write(bp, "", 9); -- i += BIO_dump(bp, (const char *)a->data, a->length); -- return i; -- } -+ if (i <= 0) -+ return BIO_write(bp, "", 9); - BIO_write(bp, p, i); - if (p != buf) - OPENSSL_free(p); -@@ -226,7 +272,7 @@ ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, - ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, - long len) - { -- ASN1_OBJECT *ret = NULL, tobj; -+ ASN1_OBJECT *ret = NULL; - const unsigned char *p; - unsigned char *data; - int i, length; -@@ -243,29 +289,6 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, - } - /* Now 0 < len <= INT_MAX, so the cast is safe. */ - length = (int)len; -- /* -- * Try to lookup OID in table: these are all valid encodings so if we get -- * a match we know the OID is valid. -- */ -- tobj.nid = NID_undef; -- tobj.data = p; -- tobj.length = length; -- tobj.flags = 0; -- i = OBJ_obj2nid(&tobj); -- if (i != NID_undef) { -- /* -- * Return shared registered OID object: this improves efficiency -- * because we don't have to return a dynamically allocated OID -- * and NID lookups can use the cached value. -- */ -- ret = OBJ_nid2obj(i); -- if (a) { -- ASN1_OBJECT_free(*a); -- *a = ret; -- } -- *pp += len; -- return ret; -- } - for (i = 0; i < length; i++, p++) { - if (*p == 0x80 && (!i || !(p[-1] & 0x80))) { - ASN1err(ASN1_F_C2I_ASN1_OBJECT, ASN1_R_INVALID_OBJECT_ENCODING); -@@ -291,8 +314,9 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, - /* once detached we can change it */ - if ((data == NULL) || (ret->length < length)) { - ret->length = 0; -- OPENSSL_free(data); -- data = OPENSSL_malloc(length); -+ if (data != NULL) -+ OPENSSL_free(data); -+ data = (unsigned char *)OPENSSL_malloc(length); - if (data == NULL) { - i = ERR_R_MALLOC_FAILURE; - goto err; -@@ -314,7 +338,7 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, - return (ret); - err: - ASN1err(ASN1_F_C2I_ASN1_OBJECT, i); -- if ((a == NULL) || (*a != ret)) -+ if ((ret != NULL) && ((a == NULL) || (*a != ret))) - ASN1_OBJECT_free(ret); - return (NULL); - } -@@ -323,11 +347,16 @@ ASN1_OBJECT *ASN1_OBJECT_new(void) - { - ASN1_OBJECT *ret; - -- ret = OPENSSL_zalloc(sizeof(*ret)); -+ ret = (ASN1_OBJECT *)OPENSSL_malloc(sizeof(ASN1_OBJECT)); - if (ret == NULL) { - ASN1err(ASN1_F_ASN1_OBJECT_NEW, ERR_R_MALLOC_FAILURE); - return (NULL); - } -+ ret->length = 0; -+ ret->data = NULL; -+ ret->nid = 0; -+ ret->sn = NULL; -+ ret->ln = NULL; - ret->flags = ASN1_OBJECT_FLAG_DYNAMIC; - return (ret); - } -@@ -340,13 +369,16 @@ void ASN1_OBJECT_free(ASN1_OBJECT *a) - #ifndef CONST_STRICT /* disable purely for compile-time strict - * const checking. Doing this on a "real" - * compile will cause memory leaks */ -- OPENSSL_free((void*)a->sn); -- OPENSSL_free((void*)a->ln); -+ if (a->sn != NULL) -+ OPENSSL_free((void *)a->sn); -+ if (a->ln != NULL) -+ OPENSSL_free((void *)a->ln); - #endif - a->sn = a->ln = NULL; - } - if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA) { -- OPENSSL_free((void*)a->data); -+ if (a->data != NULL) -+ OPENSSL_free((void *)a->data); - a->data = NULL; - a->length = 0; - } -@@ -368,3 +400,7 @@ ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len, - ASN1_OBJECT_FLAG_DYNAMIC_DATA; - return (OBJ_dup(&o)); - } -+ -+IMPLEMENT_STACK_OF(ASN1_OBJECT) -+ -+IMPLEMENT_ASN1_SET_OF(ASN1_OBJECT) -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_octet.c b/Cryptlib/OpenSSL/crypto/asn1/a_octet.c -index 2e1205c..1a6e9ca 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/a_octet.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_octet.c -@@ -1,29 +1,78 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/asn1/a_octet.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - - ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *x) - { -- return ASN1_STRING_dup(x); -+ return M_ASN1_OCTET_STRING_dup(x); - } - - int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a, - const ASN1_OCTET_STRING *b) - { -- return ASN1_STRING_cmp(a, b); -+ return M_ASN1_OCTET_STRING_cmp(a, b); - } - - int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, const unsigned char *d, - int len) - { -- return ASN1_STRING_set(x, d, len); -+ return M_ASN1_OCTET_STRING_set(x, d, len); - } -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_print.c b/Cryptlib/OpenSSL/crypto/asn1/a_print.c -index 1aafe7c..d83e4ad 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/a_print.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_print.c -@@ -1,15 +1,63 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/asn1/a_print.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - - int ASN1_PRINTABLE_type(const unsigned char *s, int len) -@@ -28,6 +76,7 @@ int ASN1_PRINTABLE_type(const unsigned char *s, int len) - #ifndef CHARSET_EBCDIC - if (!(((c >= 'a') && (c <= 'z')) || - ((c >= 'A') && (c <= 'Z')) || -+ (c == ' ') || - ((c >= '0') && (c <= '9')) || - (c == ' ') || (c == '\'') || - (c == '(') || (c == ')') || -@@ -78,32 +127,3 @@ int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s) - s->type = ASN1_PRINTABLE_type(s->data, s->length); - return (1); - } -- --int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v) --{ -- int i, n; -- char buf[80]; -- const char *p; -- -- if (v == NULL) -- return (0); -- n = 0; -- p = (const char *)v->data; -- for (i = 0; i < v->length; i++) { -- if ((p[i] > '~') || ((p[i] < ' ') && -- (p[i] != '\n') && (p[i] != '\r'))) -- buf[n] = '.'; -- else -- buf[n] = p[i]; -- n++; -- if (n >= 80) { -- if (BIO_write(bp, buf, n) <= 0) -- return (0); -- n = 0; -- } -- } -- if (n > 0) -- if (BIO_write(bp, buf, n) <= 0) -- return (0); -- return (1); --} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_set.c b/Cryptlib/OpenSSL/crypto/asn1/a_set.c -new file mode 100644 -index 0000000..5fb5865 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_set.c -@@ -0,0 +1,243 @@ -+/* crypto/asn1/a_set.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#include -+#include -+#include "cryptlib.h" -+#include -+ -+#ifndef NO_ASN1_OLD -+ -+typedef struct { -+ unsigned char *pbData; -+ int cbData; -+} MYBLOB; -+ -+/* -+ * SetBlobCmp This function compares two elements of SET_OF block -+ */ -+static int SetBlobCmp(const void *elem1, const void *elem2) -+{ -+ const MYBLOB *b1 = (const MYBLOB *)elem1; -+ const MYBLOB *b2 = (const MYBLOB *)elem2; -+ int r; -+ -+ r = memcmp(b1->pbData, b2->pbData, -+ b1->cbData < b2->cbData ? b1->cbData : b2->cbData); -+ if (r != 0) -+ return r; -+ return b1->cbData - b2->cbData; -+} -+ -+/* -+ * int is_set: if TRUE, then sort the contents (i.e. it isn't a SEQUENCE) -+ */ -+int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp, -+ i2d_of_void *i2d, int ex_tag, int ex_class, int is_set) -+{ -+ int ret = 0, r; -+ int i; -+ unsigned char *p; -+ unsigned char *pStart, *pTempMem; -+ MYBLOB *rgSetBlob; -+ int totSize; -+ -+ if (a == NULL) -+ return (0); -+ for (i = sk_OPENSSL_BLOCK_num(a) - 1; i >= 0; i--) { -+ int tmplen = i2d(sk_OPENSSL_BLOCK_value(a, i), NULL); -+ if (tmplen > INT_MAX - ret) -+ return -1; -+ ret += i2d(sk_OPENSSL_BLOCK_value(a, i), NULL); -+ } -+ r = ASN1_object_size(1, ret, ex_tag); -+ if (pp == NULL || r == -1) -+ return (r); -+ -+ p = *pp; -+ ASN1_put_object(&p, 1, ret, ex_tag, ex_class); -+ -+/* Modified by gp@nsj.co.jp */ -+ /* And then again by Ben */ -+ /* And again by Steve */ -+ -+ if (!is_set || (sk_OPENSSL_BLOCK_num(a) < 2)) { -+ for (i = 0; i < sk_OPENSSL_BLOCK_num(a); i++) -+ i2d(sk_OPENSSL_BLOCK_value(a, i), &p); -+ -+ *pp = p; -+ return (r); -+ } -+ -+ pStart = p; /* Catch the beg of Setblobs */ -+ /* In this array we will store the SET blobs */ -+ rgSetBlob = OPENSSL_malloc(sk_OPENSSL_BLOCK_num(a) * sizeof(MYBLOB)); -+ if (rgSetBlob == NULL) { -+ ASN1err(ASN1_F_I2D_ASN1_SET, ERR_R_MALLOC_FAILURE); -+ return (0); -+ } -+ -+ for (i = 0; i < sk_OPENSSL_BLOCK_num(a); i++) { -+ rgSetBlob[i].pbData = p; /* catch each set encode blob */ -+ i2d(sk_OPENSSL_BLOCK_value(a, i), &p); -+ rgSetBlob[i].cbData = p - rgSetBlob[i].pbData; /* Length of this -+ * SetBlob */ -+ } -+ *pp = p; -+ totSize = p - pStart; /* This is the total size of all set blobs */ -+ -+ /* -+ * Now we have to sort the blobs. I am using a simple algo. *Sort ptrs -+ * *Copy to temp-mem *Copy from temp-mem to user-mem -+ */ -+ qsort(rgSetBlob, sk_OPENSSL_BLOCK_num(a), sizeof(MYBLOB), SetBlobCmp); -+ if (!(pTempMem = OPENSSL_malloc(totSize))) { -+ ASN1err(ASN1_F_I2D_ASN1_SET, ERR_R_MALLOC_FAILURE); -+ return (0); -+ } -+ -+/* Copy to temp mem */ -+ p = pTempMem; -+ for (i = 0; i < sk_OPENSSL_BLOCK_num(a); ++i) { -+ memcpy(p, rgSetBlob[i].pbData, rgSetBlob[i].cbData); -+ p += rgSetBlob[i].cbData; -+ } -+ -+/* Copy back to user mem*/ -+ memcpy(pStart, pTempMem, totSize); -+ OPENSSL_free(pTempMem); -+ OPENSSL_free(rgSetBlob); -+ -+ return (r); -+} -+ -+STACK_OF(OPENSSL_BLOCK) *d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a, -+ const unsigned char **pp, -+ long length, d2i_of_void *d2i, -+ void (*free_func) (OPENSSL_BLOCK), -+ int ex_tag, int ex_class) -+{ -+ ASN1_const_CTX c; -+ STACK_OF(OPENSSL_BLOCK) *ret = NULL; -+ -+ if ((a == NULL) || ((*a) == NULL)) { -+ if ((ret = sk_OPENSSL_BLOCK_new_null()) == NULL) { -+ ASN1err(ASN1_F_D2I_ASN1_SET, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ } else -+ ret = (*a); -+ -+ c.p = *pp; -+ c.max = (length == 0) ? 0 : (c.p + length); -+ -+ c.inf = ASN1_get_object(&c.p, &c.slen, &c.tag, &c.xclass, c.max - c.p); -+ if (c.inf & 0x80) -+ goto err; -+ if (ex_class != c.xclass) { -+ ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_BAD_CLASS); -+ goto err; -+ } -+ if (ex_tag != c.tag) { -+ ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_BAD_TAG); -+ goto err; -+ } -+ if ((c.slen + c.p) > c.max) { -+ ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_LENGTH_ERROR); -+ goto err; -+ } -+ /* -+ * check for infinite constructed - it can be as long as the amount of -+ * data passed to us -+ */ -+ if (c.inf == (V_ASN1_CONSTRUCTED + 1)) -+ c.slen = length + *pp - c.p; -+ c.max = c.p + c.slen; -+ -+ while (c.p < c.max) { -+ char *s; -+ -+ if (M_ASN1_D2I_end_sequence()) -+ break; -+ /* -+ * XXX: This was called with 4 arguments, incorrectly, it seems if -+ * ((s=func(NULL,&c.p,c.slen,c.max-c.p)) == NULL) -+ */ -+ if ((s = d2i(NULL, &c.p, c.slen)) == NULL) { -+ ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_ERROR_PARSING_SET_ELEMENT); -+ asn1_add_error(*pp, (int)(c.p - *pp)); -+ goto err; -+ } -+ if (!sk_OPENSSL_BLOCK_push(ret, s)) -+ goto err; -+ } -+ if (a != NULL) -+ (*a) = ret; -+ *pp = c.p; -+ return (ret); -+ err: -+ if ((ret != NULL) && ((a == NULL) || (*a != ret))) { -+ if (free_func != NULL) -+ sk_OPENSSL_BLOCK_pop_free(ret, free_func); -+ else -+ sk_OPENSSL_BLOCK_free(ret); -+ } -+ return (NULL); -+} -+ -+#endif -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_sign.c b/Cryptlib/OpenSSL/crypto/asn1/a_sign.c -index 7e21a5e..51c6a0c 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/a_sign.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_sign.c -@@ -1,16 +1,118 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/asn1/a_sign.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+/* ==================================================================== -+ * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include - #include - --#include "internal/cryptlib.h" -+#include "cryptlib.h" - - #ifndef NO_SYS_TYPES_H - # include -@@ -21,8 +123,7 @@ - #include - #include - #include --#include "internal/asn1_int.h" --#include "internal/evp_int.h" -+#include "asn1_locl.h" - - #ifndef NO_ASN1_OLD - -@@ -30,15 +131,12 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, - ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey, - const EVP_MD *type) - { -- EVP_MD_CTX *ctx = EVP_MD_CTX_new(); -+ EVP_MD_CTX ctx; - unsigned char *p, *buf_in = NULL, *buf_out = NULL; - int i, inl = 0, outl = 0, outll = 0; - X509_ALGOR *a; - -- if (ctx == NULL) { -- ASN1err(ASN1_F_ASN1_SIGN, ERR_R_MALLOC_FAILURE); -- goto err; -- } -+ EVP_MD_CTX_init(&ctx); - for (i = 0; i < 2; i++) { - if (i == 0) - a = algor1; -@@ -73,9 +171,9 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, - } - } - inl = i2d(data, NULL); -- buf_in = OPENSSL_malloc((unsigned int)inl); -+ buf_in = (unsigned char *)OPENSSL_malloc((unsigned int)inl); - outll = outl = EVP_PKEY_size(pkey); -- buf_out = OPENSSL_malloc((unsigned int)outl); -+ buf_out = (unsigned char *)OPENSSL_malloc((unsigned int)outl); - if ((buf_in == NULL) || (buf_out == NULL)) { - outl = 0; - ASN1err(ASN1_F_ASN1_SIGN, ERR_R_MALLOC_FAILURE); -@@ -84,15 +182,16 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, - p = buf_in; - - i2d(data, &p); -- if (!EVP_SignInit_ex(ctx, type, NULL) -- || !EVP_SignUpdate(ctx, (unsigned char *)buf_in, inl) -- || !EVP_SignFinal(ctx, (unsigned char *)buf_out, -+ if (!EVP_SignInit_ex(&ctx, type, NULL) -+ || !EVP_SignUpdate(&ctx, (unsigned char *)buf_in, inl) -+ || !EVP_SignFinal(&ctx, (unsigned char *)buf_out, - (unsigned int *)&outl, pkey)) { - outl = 0; - ASN1err(ASN1_F_ASN1_SIGN, ERR_R_EVP_LIB); - goto err; - } -- OPENSSL_free(signature->data); -+ if (signature->data != NULL) -+ OPENSSL_free(signature->data); - signature->data = buf_out; - buf_out = NULL; - signature->length = outl; -@@ -103,9 +202,15 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, - signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); - signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; - err: -- EVP_MD_CTX_free(ctx); -- OPENSSL_clear_free((char *)buf_in, (unsigned int)inl); -- OPENSSL_clear_free((char *)buf_out, outll); -+ EVP_MD_CTX_cleanup(&ctx); -+ if (buf_in != NULL) { -+ OPENSSL_cleanse((char *)buf_in, (unsigned int)inl); -+ OPENSSL_free(buf_in); -+ } -+ if (buf_out != NULL) { -+ OPENSSL_cleanse((char *)buf_out, outll); -+ OPENSSL_free(buf_out); -+ } - return (outl); - } - -@@ -115,22 +220,13 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, - X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *asn, - EVP_PKEY *pkey, const EVP_MD *type) - { -- int rv; -- EVP_MD_CTX *ctx = EVP_MD_CTX_new(); -- -- if (ctx == NULL) { -- ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_MALLOC_FAILURE); -+ EVP_MD_CTX ctx; -+ EVP_MD_CTX_init(&ctx); -+ if (!EVP_DigestSignInit(&ctx, NULL, type, NULL, pkey)) { -+ EVP_MD_CTX_cleanup(&ctx); - return 0; - } -- if (!EVP_DigestSignInit(ctx, NULL, type, NULL, pkey)) { -- EVP_MD_CTX_free(ctx); -- return 0; -- } -- -- rv = ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, ctx); -- -- EVP_MD_CTX_free(ctx); -- return rv; -+ return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, &ctx); - } - - int ASN1_item_sign_ctx(const ASN1_ITEM *it, -@@ -145,16 +241,11 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, - int rv; - - type = EVP_MD_CTX_md(ctx); -- pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx)); -+ pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx); - -- if (type == NULL || pkey == NULL) { -+ if (!type || !pkey) { - ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED); -- goto err; -- } -- -- if (pkey->ameth == NULL) { -- ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); -- goto err; -+ return 0; - } - - if (pkey->ameth->item_sign) { -@@ -176,13 +267,17 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, - rv = 2; - - if (rv == 2) { -- if (!OBJ_find_sigid_by_algs(&signid, -- EVP_MD_nid(type), -- pkey->ameth->pkey_id)) { -- ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, -- ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); -- goto err; -- } -+ if (type->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) { -+ if (!pkey->ameth || -+ !OBJ_find_sigid_by_algs(&signid, -+ EVP_MD_nid(type), -+ pkey->ameth->pkey_id)) { -+ ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, -+ ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); -+ return 0; -+ } -+ } else -+ signid = type->pkey_type; - - if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL) - paramtype = V_ASN1_NULL; -@@ -211,7 +306,8 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, - ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB); - goto err; - } -- OPENSSL_free(signature->data); -+ if (signature->data != NULL) -+ OPENSSL_free(signature->data); - signature->data = buf_out; - buf_out = NULL; - signature->length = outl; -@@ -222,7 +318,14 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, - signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); - signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; - err: -- OPENSSL_clear_free((char *)buf_in, (unsigned int)inl); -- OPENSSL_clear_free((char *)buf_out, outll); -+ EVP_MD_CTX_cleanup(ctx); -+ if (buf_in != NULL) { -+ OPENSSL_cleanse((char *)buf_in, (unsigned int)inl); -+ OPENSSL_free(buf_in); -+ } -+ if (buf_out != NULL) { -+ OPENSSL_cleanse((char *)buf_out, outll); -+ OPENSSL_free(buf_out); -+ } - return (outl); - } -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_strex.c b/Cryptlib/OpenSSL/crypto/asn1/a_strex.c -index 9839f5c..91203b7 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/a_strex.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_strex.c -@@ -1,16 +1,65 @@ -+/* a_strex.c */ - /* -- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2000. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include - #include --#include "internal/cryptlib.h" --#include "internal/asn1_int.h" -+#include "cryptlib.h" - #include - #include - #include -@@ -26,7 +75,6 @@ - #define CHARTYPE_BS_ESC (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253) - - #define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \ -- ASN1_STRFLGS_ESC_2254 | \ - ASN1_STRFLGS_ESC_QUOTE | \ - ASN1_STRFLGS_ESC_CTRL | \ - ASN1_STRFLGS_ESC_MSB) -@@ -35,6 +83,18 @@ - * Three IO functions for sending data to memory, a BIO and and a FILE - * pointer. - */ -+#if 0 /* never used */ -+static int send_mem_chars(void *arg, const void *buf, int len) -+{ -+ unsigned char **out = arg; -+ if (!out) -+ return 1; -+ memcpy(*out, buf, len); -+ *out += len; -+ return 1; -+} -+#endif -+ - static int send_bio_chars(void *arg, const void *buf, int len) - { - if (!arg) -@@ -44,7 +104,7 @@ static int send_bio_chars(void *arg, const void *buf, int len) - return 1; - } - --#ifndef OPENSSL_NO_STDIO -+#ifndef OPENSSL_NO_FP_API - static int send_fp_chars(void *arg, const void *buf, int len) - { - if (!arg) -@@ -66,8 +126,7 @@ typedef int char_io (void *arg, const void *buf, int len); - static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, - char_io *io_ch, void *arg) - { -- unsigned short chflgs; -- unsigned char chtmp; -+ unsigned char chflgs, chtmp; - char tmphex[HEX_SIZE(long) + 3]; - - if (c > 0xffffffffL) -@@ -104,9 +163,7 @@ static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, - return -1; - return 2; - } -- if (chflgs & (ASN1_STRFLGS_ESC_CTRL -- | ASN1_STRFLGS_ESC_MSB -- | ASN1_STRFLGS_ESC_2254)) { -+ if (chflgs & (ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB)) { - BIO_snprintf(tmphex, 11, "\\%02X", chtmp); - if (!io_ch(arg, tmphex, 3)) - return -1; -@@ -136,12 +193,11 @@ static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, - */ - - static int do_buf(unsigned char *buf, int buflen, -- int type, unsigned short flags, char *quotes, char_io *io_ch, -+ int type, unsigned char flags, char *quotes, char_io *io_ch, - void *arg) - { - int i, outlen, len; -- unsigned short orflags; -- unsigned char *p, *q; -+ unsigned char orflags, *p, *q; - unsigned long c; - p = buf; - q = buf + buflen; -@@ -191,7 +247,7 @@ static int do_buf(unsigned char *buf, int buflen, - * character will never be escaped on first and last. - */ - len = -- do_esc_char(utfbuf[i], (unsigned short)(flags | orflags), -+ do_esc_char(utfbuf[i], (unsigned char)(flags | orflags), - quotes, io_ch, arg); - if (len < 0) - return -1; -@@ -199,7 +255,7 @@ static int do_buf(unsigned char *buf, int buflen, - } - } else { - len = -- do_esc_char(c, (unsigned short)(flags | orflags), quotes, -+ do_esc_char(c, (unsigned char)(flags | orflags), quotes, - io_ch, arg); - if (len < 0) - return -1; -@@ -238,7 +294,7 @@ static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, - */ - - static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, -- const ASN1_STRING *str) -+ ASN1_STRING *str) - { - /* - * Placing the ASN1_STRING in a temp ASN1_TYPE allows the DER encoding to -@@ -261,7 +317,7 @@ static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, - t.value.ptr = (char *)str; - der_len = i2d_ASN1_TYPE(&t, NULL); - der_buf = OPENSSL_malloc(der_len); -- if (der_buf == NULL) -+ if (!der_buf) - return -1; - p = der_buf; - i2d_ASN1_TYPE(&t, &p); -@@ -296,15 +352,15 @@ static const signed char tag2nbyte[] = { - */ - - static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags, -- const ASN1_STRING *str) -+ ASN1_STRING *str) - { - int outlen, len; - int type; - char quotes; -- unsigned short flags; -+ unsigned char flags; - quotes = 0; - /* Keep a copy of escape flags */ -- flags = (unsigned short)(lflags & ESC_FLAGS); -+ flags = (unsigned char)(lflags & ESC_FLAGS); - - type = str->type; - -@@ -388,14 +444,14 @@ static int do_indent(char_io *io_ch, void *arg, int indent) - #define FN_WIDTH_LN 25 - #define FN_WIDTH_SN 10 - --static int do_name_ex(char_io *io_ch, void *arg, const X509_NAME *n, -+static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n, - int indent, unsigned long flags) - { - int i, prev = -1, orflags, cnt; - int fn_opt, fn_nid; - ASN1_OBJECT *fn; -- const ASN1_STRING *val; -- const X509_NAME_ENTRY *ent; -+ ASN1_STRING *val; -+ X509_NAME_ENTRY *ent; - char objtmp[80]; - const char *objbuf; - int outlen, len; -@@ -459,7 +515,7 @@ static int do_name_ex(char_io *io_ch, void *arg, const X509_NAME *n, - else - ent = X509_NAME_get_entry(n, i); - if (prev != -1) { -- if (prev == X509_NAME_ENTRY_set(ent)) { -+ if (prev == ent->set) { - if (!io_ch(arg, sep_mv, sep_mv_len)) - return -1; - outlen += sep_mv_len; -@@ -472,7 +528,7 @@ static int do_name_ex(char_io *io_ch, void *arg, const X509_NAME *n, - outlen += indent; - } - } -- prev = X509_NAME_ENTRY_set(ent); -+ prev = ent->set; - fn = X509_NAME_ENTRY_get_object(ent); - val = X509_NAME_ENTRY_get_data(ent); - fn_nid = OBJ_obj2nid(fn); -@@ -526,7 +582,7 @@ static int do_name_ex(char_io *io_ch, void *arg, const X509_NAME *n, - - /* Wrappers round the main functions */ - --int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent, -+int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, - unsigned long flags) - { - if (flags == XN_FLAG_COMPAT) -@@ -534,8 +590,8 @@ int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent, - return do_name_ex(send_bio_chars, out, nm, indent, flags); - } - --#ifndef OPENSSL_NO_STDIO --int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent, -+#ifndef OPENSSL_NO_FP_API -+int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, - unsigned long flags) - { - if (flags == XN_FLAG_COMPAT) { -@@ -552,13 +608,13 @@ int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent, - } - #endif - --int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags) -+int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags) - { - return do_print_ex(send_bio_chars, out, flags, str); - } - --#ifndef OPENSSL_NO_STDIO --int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags) -+#ifndef OPENSSL_NO_FP_API -+int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags) - { - return do_print_ex(send_fp_chars, fp, flags, str); - } -@@ -569,7 +625,7 @@ int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flag - * in output string or a negative error code - */ - --int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in) -+int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in) - { - ASN1_STRING stmp, *str = &stmp; - int mbflag, type, ret; -@@ -593,53 +649,3 @@ int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in) - *out = stmp.data; - return stmp.length; - } -- --/* Return 1 if host is a valid hostname and 0 otherwise */ --int asn1_valid_host(const ASN1_STRING *host) --{ -- int hostlen = host->length; -- const unsigned char *hostptr = host->data; -- int type = host->type; -- int i; -- char width = -1; -- unsigned short chflags = 0, prevchflags; -- -- if (type > 0 && type < 31) -- width = tag2nbyte[type]; -- if (width == -1 || hostlen == 0) -- return 0; -- /* Treat UTF8String as width 1 as any MSB set is invalid */ -- if (width == 0) -- width = 1; -- for (i = 0 ; i < hostlen; i+= width) { -- prevchflags = chflags; -- /* Value must be <= 0x7F: check upper bytes are all zeroes */ -- if (width == 4) { -- if (*hostptr++ != 0 || *hostptr++ != 0 || *hostptr++ != 0) -- return 0; -- } else if (width == 2) { -- if (*hostptr++ != 0) -- return 0; -- } -- if (*hostptr > 0x7f) -- return 0; -- chflags = char_type[*hostptr++]; -- if (!(chflags & (CHARTYPE_HOST_ANY | CHARTYPE_HOST_WILD))) { -- /* Nothing else allowed at start or end of string */ -- if (i == 0 || i == hostlen - 1) -- return 0; -- /* Otherwise invalid if not dot or hyphen */ -- if (!(chflags & (CHARTYPE_HOST_DOT | CHARTYPE_HOST_HYPHEN))) -- return 0; -- /* -- * If previous is dot or hyphen then illegal unless both -- * are hyphens: as .- -. .. are all illegal -- */ -- if (prevchflags & (CHARTYPE_HOST_DOT | CHARTYPE_HOST_HYPHEN) -- && ((prevchflags & CHARTYPE_HOST_DOT) -- || (chflags & CHARTYPE_HOST_DOT))) -- return 0; -- } -- } -- return 1; --} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c b/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c -index 53832c8..2d2303d 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c -@@ -1,15 +1,65 @@ -+/* a_strnid.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - -@@ -50,19 +100,19 @@ int ASN1_STRING_set_default_mask_asc(const char *p) - { - unsigned long mask; - char *end; -- if (strncmp(p, "MASK:", 5) == 0) { -+ if (!strncmp(p, "MASK:", 5)) { - if (!p[5]) - return 0; - mask = strtoul(p + 5, &end, 0); - if (*end) - return 0; -- } else if (strcmp(p, "nombstr") == 0) -+ } else if (!strcmp(p, "nombstr")) - mask = ~((unsigned long)(B_ASN1_BMPSTRING | B_ASN1_UTF8STRING)); -- else if (strcmp(p, "pkix") == 0) -+ else if (!strcmp(p, "pkix")) - mask = ~((unsigned long)B_ASN1_T61STRING); -- else if (strcmp(p, "utf8only") == 0) -+ else if (!strcmp(p, "utf8only")) - mask = B_ASN1_UTF8STRING; -- else if (strcmp(p, "default") == 0) -+ else if (!strcmp(p, "default")) - mask = 0xFFFFFFFFL; - else - return 0; -@@ -118,10 +168,6 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, - #define ub_email_address 128 - #define ub_serial_number 64 - --/* From RFC4524 */ -- --#define ub_rfc822_mailbox 256 -- - /* This table must be kept in NID order */ - - static const ASN1_STRING_TABLE tbl_standard[] = { -@@ -146,12 +192,7 @@ static const ASN1_STRING_TABLE tbl_standard[] = { - {NID_name, 1, ub_name, DIRSTRING_TYPE, 0}, - {NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, - {NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK}, -- {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}, -- {NID_rfc822Mailbox, 1, ub_rfc822_mailbox, B_ASN1_IA5STRING, -- STABLE_NO_MASK}, -- {NID_INN, 1, 12, B_ASN1_NUMERICSTRING, STABLE_NO_MASK}, -- {NID_OGRN, 1, 13, B_ASN1_NUMERICSTRING, STABLE_NO_MASK}, -- {NID_SNILS, 1, 11, B_ASN1_NUMERICSTRING, STABLE_NO_MASK} -+ {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK} - }; - - static int sk_table_cmp(const ASN1_STRING_TABLE *const *a, -@@ -172,52 +213,20 @@ IMPLEMENT_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table); - ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid) - { - int idx; -+ ASN1_STRING_TABLE *ttmp; - ASN1_STRING_TABLE fnd; - fnd.nid = nid; -- if (stable) { -- idx = sk_ASN1_STRING_TABLE_find(stable, &fnd); -- if (idx >= 0) -- return sk_ASN1_STRING_TABLE_value(stable, idx); -- } -- return OBJ_bsearch_table(&fnd, tbl_standard, OSSL_NELEM(tbl_standard)); --} -- --/* -- * Return a string table pointer which can be modified: either directly from -- * table or a copy of an internal value added to the table. -- */ -- --static ASN1_STRING_TABLE *stable_get(int nid) --{ -- ASN1_STRING_TABLE *tmp, *rv; -- /* Always need a string table so allocate one if NULL */ -- if (stable == NULL) { -- stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp); -- if (stable == NULL) -- return NULL; -- } -- tmp = ASN1_STRING_TABLE_get(nid); -- if (tmp && tmp->flags & STABLE_FLAGS_MALLOC) -- return tmp; -- rv = OPENSSL_zalloc(sizeof(*rv)); -- if (rv == NULL) -+ ttmp = OBJ_bsearch_table(&fnd, tbl_standard, -+ sizeof(tbl_standard) / -+ sizeof(ASN1_STRING_TABLE)); -+ if (ttmp) -+ return ttmp; -+ if (!stable) - return NULL; -- if (!sk_ASN1_STRING_TABLE_push(stable, rv)) { -- OPENSSL_free(rv); -+ idx = sk_ASN1_STRING_TABLE_find(stable, &fnd); -+ if (idx < 0) - return NULL; -- } -- if (tmp) { -- rv->nid = tmp->nid; -- rv->minsize = tmp->minsize; -- rv->maxsize = tmp->maxsize; -- rv->mask = tmp->mask; -- rv->flags = tmp->flags | STABLE_FLAGS_MALLOC; -- } else { -- rv->minsize = -1; -- rv->maxsize = -1; -- rv->flags = STABLE_FLAGS_MALLOC; -- } -- return rv; -+ return sk_ASN1_STRING_TABLE_value(stable, idx); - } - - int ASN1_STRING_TABLE_add(int nid, -@@ -225,19 +234,33 @@ int ASN1_STRING_TABLE_add(int nid, - unsigned long flags) - { - ASN1_STRING_TABLE *tmp; -- tmp = stable_get(nid); -- if (!tmp) { -+ char new_nid = 0; -+ flags &= ~STABLE_FLAGS_MALLOC; -+ if (!stable) -+ stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp); -+ if (!stable) { - ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE); - return 0; - } -- if (minsize >= 0) -+ if (!(tmp = ASN1_STRING_TABLE_get(nid))) { -+ tmp = OPENSSL_malloc(sizeof(ASN1_STRING_TABLE)); -+ if (!tmp) { -+ ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ tmp->flags = flags | STABLE_FLAGS_MALLOC; -+ tmp->nid = nid; -+ tmp->minsize = tmp->maxsize = -1; -+ new_nid = 1; -+ } else -+ tmp->flags = (tmp->flags & STABLE_FLAGS_MALLOC) | flags; -+ if (minsize != -1) - tmp->minsize = minsize; -- if (maxsize >= 0) -+ if (maxsize != -1) - tmp->maxsize = maxsize; -- if (mask) -- tmp->mask = mask; -- if (flags) -- tmp->flags = STABLE_FLAGS_MALLOC | flags; -+ tmp->mask = mask; -+ if (new_nid) -+ sk_ASN1_STRING_TABLE_push(stable, tmp); - return 1; - } - -@@ -258,6 +281,8 @@ static void st_free(ASN1_STRING_TABLE *tbl) - } - - -+IMPLEMENT_STACK_OF(ASN1_STRING_TABLE) -+ - #ifdef STRING_TABLE_TEST - - main() -@@ -265,7 +290,8 @@ main() - ASN1_STRING_TABLE *tmp; - int i, last_nid = -1; - -- for (tmp = tbl_standard, i = 0; i < OSSL_NELEM(tbl_standard); i++, tmp++) { -+ for (tmp = tbl_standard, i = 0; -+ i < sizeof(tbl_standard) / sizeof(ASN1_STRING_TABLE); i++, tmp++) { - if (tmp->nid < last_nid) { - last_nid = 0; - break; -@@ -278,7 +304,8 @@ main() - exit(0); - } - -- for (tmp = tbl_standard, i = 0; i < OSSL_NELEM(tbl_standard); i++, tmp++) -+ for (tmp = tbl_standard, i = 0; -+ i < sizeof(tbl_standard) / sizeof(ASN1_STRING_TABLE); i++, tmp++) - printf("Index %d, NID %d, Name=%s\n", i, tmp->nid, - OBJ_nid2ln(tmp->nid)); - -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_time.c b/Cryptlib/OpenSSL/crypto/asn1/a_time.c -index 3f82c2b..fcb2d56 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/a_time.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_time.c -@@ -1,10 +1,56 @@ --/* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/asn1/a_time.c */ -+/* ==================================================================== -+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - /*- -@@ -12,11 +58,13 @@ - * Time ::= CHOICE { - * utcTime UTCTime, - * generalTime GeneralizedTime } -+ * written by Steve Henson. - */ - - #include - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" -+#include "o_time.h" - #include - #include "asn1_locl.h" - -@@ -24,6 +72,33 @@ IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME) - - IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME) - -+#if 0 -+int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp) -+{ -+# ifdef CHARSET_EBCDIC -+ /* KLUDGE! We convert to ascii before writing DER */ -+ char tmp[24]; -+ ASN1_STRING tmpstr; -+ -+ if (a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME) { -+ int len; -+ -+ tmpstr = *(ASN1_STRING *)a; -+ len = tmpstr.length; -+ ebcdic2ascii(tmp, tmpstr.data, -+ (len >= sizeof tmp) ? sizeof tmp : len); -+ tmpstr.data = tmp; -+ a = (ASN1_GENERALIZEDTIME *)&tmpstr; -+ } -+# endif -+ if (a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME) -+ return (i2d_ASN1_bytes((ASN1_STRING *)a, pp, -+ a->type, V_ASN1_UNIVERSAL)); -+ ASN1err(ASN1_F_I2D_ASN1_TIME, ASN1_R_EXPECTING_A_TIME); -+ return -1; -+} -+#endif -+ - ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t) - { - return ASN1_TIME_adj(s, t, 0, 0); -@@ -49,7 +124,7 @@ ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, - return ASN1_GENERALIZEDTIME_adj(s, t, offset_day, offset_sec); - } - --int ASN1_TIME_check(const ASN1_TIME *t) -+int ASN1_TIME_check(ASN1_TIME *t) - { - if (t->type == V_ASN1_GENERALIZEDTIME) - return ASN1_GENERALIZEDTIME_check(t); -@@ -69,8 +144,8 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, - if (!ASN1_TIME_check(t)) - return NULL; - -- if (out == NULL || *out == NULL) { -- if ((ret = ASN1_GENERALIZEDTIME_new()) == NULL) -+ if (!out || !*out) { -+ if (!(ret = ASN1_GENERALIZEDTIME_new())) - return NULL; - if (out) - *out = ret; -@@ -92,11 +167,11 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, - str = (char *)ret->data; - /* Work out the century and prepend */ - if (t->data[0] >= '5') -- OPENSSL_strlcpy(str, "19", newlen); -+ BUF_strlcpy(str, "19", newlen); - else -- OPENSSL_strlcpy(str, "20", newlen); -+ BUF_strlcpy(str, "20", newlen); - -- OPENSSL_strlcat(str, (char *)t->data, newlen); -+ BUF_strlcat(str, (char *)t->data, newlen); - - return ret; - } -@@ -151,13 +226,3 @@ int ASN1_TIME_diff(int *pday, int *psec, - return 0; - return OPENSSL_gmtime_diff(pday, psec, &tm_from, &tm_to); - } -- --int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm) --{ -- if (tm->type == V_ASN1_UTCTIME) -- return ASN1_UTCTIME_print(bp, tm); -- if (tm->type == V_ASN1_GENERALIZEDTIME) -- return ASN1_GENERALIZEDTIME_print(bp, tm); -- BIO_write(bp, "Bad time value", 14); -- return (0); --} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_type.c b/Cryptlib/OpenSSL/crypto/asn1/a_type.c -index df42360..bb166e8 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/a_type.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_type.c -@@ -1,19 +1,67 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/asn1/a_type.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include --#include "asn1_locl.h" - --int ASN1_TYPE_get(const ASN1_TYPE *a) -+int ASN1_TYPE_get(ASN1_TYPE *a) - { - if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL)) - return (a->type); -@@ -25,7 +73,7 @@ void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value) - { - if (a->value.ptr != NULL) { - ASN1_TYPE **tmp_a = &a; -- asn1_primitive_free((ASN1_VALUE **)tmp_a, NULL, 0); -+ ASN1_primitive_free((ASN1_VALUE **)tmp_a, NULL); - } - a->type = type; - if (type == V_ASN1_BOOLEAN) -@@ -55,6 +103,10 @@ int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value) - return 1; - } - -+IMPLEMENT_STACK_OF(ASN1_TYPE) -+ -+IMPLEMENT_ASN1_SET_OF(ASN1_TYPE) -+ - /* Returns 0 if they are equal, != 0 otherwise. */ - int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b) - { -@@ -101,34 +153,3 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b) - - return result; - } -- --ASN1_TYPE *ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s, ASN1_TYPE **t) --{ -- ASN1_OCTET_STRING *oct; -- ASN1_TYPE *rt; -- -- oct = ASN1_item_pack(s, it, NULL); -- if (oct == NULL) -- return NULL; -- -- if (t && *t) { -- rt = *t; -- } else { -- rt = ASN1_TYPE_new(); -- if (rt == NULL) { -- ASN1_OCTET_STRING_free(oct); -- return NULL; -- } -- if (t) -- *t = rt; -- } -- ASN1_TYPE_set(rt, V_ASN1_SEQUENCE, oct); -- return rt; --} -- --void *ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t) --{ -- if (t == NULL || t->type != V_ASN1_SEQUENCE || t->value.sequence == NULL) -- return NULL; -- return ASN1_item_unpack(t->value.sequence, it); --} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_utctm.c b/Cryptlib/OpenSSL/crypto/asn1/a_utctm.c -index 7916e30..724a10b 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/a_utctm.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_utctm.c -@@ -1,18 +1,115 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/asn1/a_utctm.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" -+#include "o_time.h" - #include - #include "asn1_locl.h" - -+#if 0 -+int i2d_ASN1_UTCTIME(ASN1_UTCTIME *a, unsigned char **pp) -+{ -+# ifndef CHARSET_EBCDIC -+ return (i2d_ASN1_bytes((ASN1_STRING *)a, pp, -+ V_ASN1_UTCTIME, V_ASN1_UNIVERSAL)); -+# else -+ /* KLUDGE! We convert to ascii before writing DER */ -+ int len; -+ char tmp[24]; -+ ASN1_STRING x = *(ASN1_STRING *)a; -+ -+ len = x.length; -+ ebcdic2ascii(tmp, x.data, (len >= sizeof tmp) ? sizeof tmp : len); -+ x.data = tmp; -+ return i2d_ASN1_bytes(&x, pp, V_ASN1_UTCTIME, V_ASN1_UNIVERSAL); -+# endif -+} -+ -+ASN1_UTCTIME *d2i_ASN1_UTCTIME(ASN1_UTCTIME **a, unsigned char **pp, -+ long length) -+{ -+ ASN1_UTCTIME *ret = NULL; -+ -+ ret = (ASN1_UTCTIME *)d2i_ASN1_bytes((ASN1_STRING **)a, pp, length, -+ V_ASN1_UTCTIME, V_ASN1_UNIVERSAL); -+ if (ret == NULL) { -+ ASN1err(ASN1_F_D2I_ASN1_UTCTIME, ERR_R_NESTED_ASN1_ERROR); -+ return (NULL); -+ } -+# ifdef CHARSET_EBCDIC -+ ascii2ebcdic(ret->data, ret->data, ret->length); -+# endif -+ if (!ASN1_UTCTIME_check(ret)) { -+ ASN1err(ASN1_F_D2I_ASN1_UTCTIME, ASN1_R_INVALID_TIME_FORMAT); -+ goto err; -+ } -+ -+ return (ret); -+ err: -+ if ((ret != NULL) && ((a == NULL) || (*a != ret))) -+ M_ASN1_UTCTIME_free(ret); -+ return (NULL); -+} -+ -+#endif -+ - int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d) - { - static const int min[8] = { 0, 1, 1, 0, 0, 0, 0, 0 }; -@@ -119,7 +216,8 @@ int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str) - t.data = (unsigned char *)str; - if (ASN1_UTCTIME_check(&t)) { - if (s != NULL) { -- if (!ASN1_STRING_set((ASN1_STRING *)s, str, t.length)) -+ if (!ASN1_STRING_set((ASN1_STRING *)s, -+ (unsigned char *)str, t.length)) - return 0; - s->type = V_ASN1_UTCTIME; - } -@@ -143,11 +241,11 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, - int free_s = 0; - - if (s == NULL) { -- s = ASN1_UTCTIME_new(); -- if (s == NULL) -- goto err; - free_s = 1; -+ s = M_ASN1_UTCTIME_new(); - } -+ if (s == NULL) -+ goto err; - - ts = OPENSSL_gmtime(&t, &data); - if (ts == NULL) -@@ -168,7 +266,8 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, - ASN1err(ASN1_F_ASN1_UTCTIME_ADJ, ERR_R_MALLOC_FAILURE); - goto err; - } -- OPENSSL_free(s->data); -+ if (s->data != NULL) -+ OPENSSL_free(s->data); - s->data = (unsigned char *)p; - } - -@@ -182,8 +281,8 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, - #endif - return (s); - err: -- if (free_s) -- ASN1_UTCTIME_free(s); -+ if (free_s && s) -+ M_ASN1_UTCTIME_free(s); - return NULL; - } - -@@ -212,43 +311,42 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t) - return 0; - } - --int ASN1_UTCTIME_print(BIO *bp, const ASN1_UTCTIME *tm) -+#if 0 -+time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s) - { -- const char *v; -- int gmt = 0; -- int i; -- int y = 0, M = 0, d = 0, h = 0, m = 0, s = 0; -+ struct tm tm; -+ int offset; - -- i = tm->length; -- v = (const char *)tm->data; -+ memset(&tm, '\0', sizeof tm); - -- if (i < 10) -- goto err; -- if (v[i - 1] == 'Z') -- gmt = 1; -- for (i = 0; i < 10; i++) -- if ((v[i] > '9') || (v[i] < '0')) -- goto err; -- y = (v[0] - '0') * 10 + (v[1] - '0'); -- if (y < 50) -- y += 100; -- M = (v[2] - '0') * 10 + (v[3] - '0'); -- if ((M > 12) || (M < 1)) -- goto err; -- d = (v[4] - '0') * 10 + (v[5] - '0'); -- h = (v[6] - '0') * 10 + (v[7] - '0'); -- m = (v[8] - '0') * 10 + (v[9] - '0'); -- if (tm->length >= 12 && -- (v[10] >= '0') && (v[10] <= '9') && (v[11] >= '0') && (v[11] <= '9')) -- s = (v[10] - '0') * 10 + (v[11] - '0'); -- -- if (BIO_printf(bp, "%s %2d %02d:%02d:%02d %d%s", -- _asn1_mon[M - 1], d, h, m, s, y + 1900, -- (gmt) ? " GMT" : "") <= 0) -- return (0); -- else -- return (1); -- err: -- BIO_write(bp, "Bad time value", 14); -- return (0); -+# define g2(p) (((p)[0]-'0')*10+(p)[1]-'0') -+ tm.tm_year = g2(s->data); -+ if (tm.tm_year < 50) -+ tm.tm_year += 100; -+ tm.tm_mon = g2(s->data + 2) - 1; -+ tm.tm_mday = g2(s->data + 4); -+ tm.tm_hour = g2(s->data + 6); -+ tm.tm_min = g2(s->data + 8); -+ tm.tm_sec = g2(s->data + 10); -+ if (s->data[12] == 'Z') -+ offset = 0; -+ else { -+ offset = g2(s->data + 13) * 60 + g2(s->data + 15); -+ if (s->data[12] == '-') -+ offset = -offset; -+ } -+# undef g2 -+ -+ /* -+ * FIXME: mktime assumes the current timezone -+ * instead of UTC, and unless we rewrite OpenSSL -+ * in Lisp we cannot locally change the timezone -+ * without possibly interfering with other parts -+ * of the program. timegm, which uses UTC, is -+ * non-standard. -+ * Also time_t is inappropriate for general -+ * UTC times because it may a 32 bit type. -+ */ -+ return mktime(&tm) - offset * 60; - } -+#endif -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_utf8.c b/Cryptlib/OpenSSL/crypto/asn1/a_utf8.c -index e2dc09f..23dc2e8 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/a_utf8.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_utf8.c -@@ -1,14 +1,63 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/asn1/a_utf8.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - - /* UTF8 utilities */ -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_verify.c b/Cryptlib/OpenSSL/crypto/asn1/a_verify.c -index 00ab136..3ffd934 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/a_verify.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_verify.c -@@ -1,16 +1,66 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/asn1/a_verify.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include - #include - --#include "internal/cryptlib.h" -+#include "cryptlib.h" -+#include "asn1_locl.h" - - #ifndef NO_SYS_TYPES_H - # include -@@ -21,23 +71,18 @@ - #include - #include - #include --#include "internal/asn1_int.h" --#include "internal/evp_int.h" - - #ifndef NO_ASN1_OLD - - int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, - char *data, EVP_PKEY *pkey) - { -- EVP_MD_CTX *ctx = EVP_MD_CTX_new(); -+ EVP_MD_CTX ctx; - const EVP_MD *type; - unsigned char *p, *buf_in = NULL; - int ret = -1, i, inl; - -- if (ctx == NULL) { -- ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE); -- goto err; -- } -+ EVP_MD_CTX_init(&ctx); - i = OBJ_obj2nid(a->algorithm); - type = EVP_get_digestbyname(OBJ_nid2sn(i)); - if (type == NULL) { -@@ -59,26 +104,30 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, - p = buf_in; - - i2d(data, &p); -- ret = EVP_VerifyInit_ex(ctx, type, NULL) -- && EVP_VerifyUpdate(ctx, (unsigned char *)buf_in, inl); -- -- OPENSSL_clear_free(buf_in, (unsigned int)inl); -- -- if (!ret) { -+ if (!EVP_VerifyInit_ex(&ctx, type, NULL) -+ || !EVP_VerifyUpdate(&ctx, (unsigned char *)buf_in, inl)) { - ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB); -+ ret = 0; - goto err; - } -- ret = -1; - -- if (EVP_VerifyFinal(ctx, (unsigned char *)signature->data, -+ OPENSSL_cleanse(buf_in, (unsigned int)inl); -+ OPENSSL_free(buf_in); -+ -+ if (EVP_VerifyFinal(&ctx, (unsigned char *)signature->data, - (unsigned int)signature->length, pkey) <= 0) { - ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB); - ret = 0; - goto err; - } -+ /* -+ * we don't need to zero the 'ctx' because we just checked public -+ * information -+ */ -+ /* memset(&ctx,0,sizeof(ctx)); */ - ret = 1; - err: -- EVP_MD_CTX_free(ctx); -+ EVP_MD_CTX_cleanup(&ctx); - return (ret); - } - -@@ -87,7 +136,7 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, - int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, - ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey) - { -- EVP_MD_CTX *ctx = NULL; -+ EVP_MD_CTX ctx; - unsigned char *buf_in = NULL; - int ret = -1, inl; - -@@ -103,11 +152,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, - return -1; - } - -- ctx = EVP_MD_CTX_new(); -- if (ctx == NULL) { -- ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_MALLOC_FAILURE); -- goto err; -- } -+ EVP_MD_CTX_init(&ctx); - - /* Convert signature OID into digest and public key OIDs */ - if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid)) { -@@ -120,7 +165,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, - ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); - goto err; - } -- ret = pkey->ameth->item_verify(ctx, it, asn, a, signature, pkey); -+ ret = pkey->ameth->item_verify(&ctx, it, asn, a, signature, pkey); - /* - * Return value of 2 means carry on, anything else means we exit - * straight away: either a fatal error of the underlying verification -@@ -144,7 +189,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, - goto err; - } - -- if (!EVP_DigestVerifyInit(ctx, NULL, type, NULL, pkey)) { -+ if (!EVP_DigestVerifyInit(&ctx, NULL, type, NULL, pkey)) { - ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB); - ret = 0; - goto err; -@@ -159,24 +204,28 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, - goto err; - } - -- ret = EVP_DigestVerifyUpdate(ctx, buf_in, inl); -- -- OPENSSL_clear_free(buf_in, (unsigned int)inl); -- -- if (!ret) { -+ if (!EVP_DigestVerifyUpdate(&ctx, buf_in, inl)) { - ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB); -+ ret = 0; - goto err; - } -- ret = -1; - -- if (EVP_DigestVerifyFinal(ctx, signature->data, -+ OPENSSL_cleanse(buf_in, (unsigned int)inl); -+ OPENSSL_free(buf_in); -+ -+ if (EVP_DigestVerifyFinal(&ctx, signature->data, - (size_t)signature->length) <= 0) { - ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB); - ret = 0; - goto err; - } -+ /* -+ * we don't need to zero the 'ctx' because we just checked public -+ * information -+ */ -+ /* memset(&ctx,0,sizeof(ctx)); */ - ret = 1; - err: -- EVP_MD_CTX_free(ctx); -+ EVP_MD_CTX_cleanup(&ctx); - return (ret); - } -diff --git a/Cryptlib/OpenSSL/crypto/asn1/ameth_lib.c b/Cryptlib/OpenSSL/crypto/asn1/ameth_lib.c -index cfde49a..43ddebb 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/ameth_lib.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/ameth_lib.c -@@ -1,19 +1,77 @@ - /* -- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2006. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include --#include --#include "internal/asn1_int.h" --#include "internal/evp_int.h" -+#ifndef OPENSSL_NO_ENGINE -+# include -+#endif -+#include "asn1_locl.h" -+ -+extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[]; -+extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[]; -+extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth; -+extern const EVP_PKEY_ASN1_METHOD dhx_asn1_meth; -+extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth; -+extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth; -+extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth; - - /* Keep this sorted in type order !! */ - static const EVP_PKEY_ASN1_METHOD *standard_methods[] = { -@@ -39,21 +97,20 @@ static const EVP_PKEY_ASN1_METHOD *standard_methods[] = { - &cmac_asn1_meth, - #endif - #ifndef OPENSSL_NO_DH -- &dhx_asn1_meth, --#endif --#ifndef OPENSSL_NO_EC -- &ecx25519_asn1_meth -+ &dhx_asn1_meth - #endif - }; - - typedef int sk_cmp_fn_type(const char *const *a, const char *const *b); -+DECLARE_STACK_OF(EVP_PKEY_ASN1_METHOD) - static STACK_OF(EVP_PKEY_ASN1_METHOD) *app_methods = NULL; - - #ifdef TEST - void main() - { - int i; -- for (i = 0; i < OSSL_NELEM(standard_methods); i++) -+ for (i = 0; -+ i < sizeof(standard_methods) / sizeof(EVP_PKEY_ASN1_METHOD *); i++) - fprintf(stderr, "Number %d id=%d (%s)\n", i, - standard_methods[i]->pkey_id, - OBJ_nid2sn(standard_methods[i]->pkey_id)); -@@ -74,7 +131,7 @@ IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_ASN1_METHOD *, - - int EVP_PKEY_asn1_get_count(void) - { -- int num = OSSL_NELEM(standard_methods); -+ int num = sizeof(standard_methods) / sizeof(EVP_PKEY_ASN1_METHOD *); - if (app_methods) - num += sk_EVP_PKEY_ASN1_METHOD_num(app_methods); - return num; -@@ -82,7 +139,7 @@ int EVP_PKEY_asn1_get_count(void) - - const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx) - { -- int num = OSSL_NELEM(standard_methods); -+ int num = sizeof(standard_methods) / sizeof(EVP_PKEY_ASN1_METHOD *); - if (idx < 0) - return NULL; - if (idx < num) -@@ -102,7 +159,8 @@ static const EVP_PKEY_ASN1_METHOD *pkey_asn1_find(int type) - if (idx >= 0) - return sk_EVP_PKEY_ASN1_METHOD_value(app_methods, idx); - } -- ret = OBJ_bsearch_ameth(&t, standard_methods, OSSL_NELEM(standard_methods)); -+ ret = OBJ_bsearch_ameth(&t, standard_methods, sizeof(standard_methods) -+ / sizeof(EVP_PKEY_ASN1_METHOD *)); - if (!ret || !*ret) - return NULL; - return *ret; -@@ -167,8 +225,8 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, - ameth = EVP_PKEY_asn1_get0(i); - if (ameth->pkey_flags & ASN1_PKEY_ALIAS) - continue; -- if (((int)strlen(ameth->pem_str) == len) -- && (strncasecmp(ameth->pem_str, str, len) == 0)) -+ if (((int)strlen(ameth->pem_str) == len) && -+ !strncasecmp(ameth->pem_str, str, len)) - return ameth; - } - return NULL; -@@ -178,7 +236,7 @@ int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth) - { - if (app_methods == NULL) { - app_methods = sk_EVP_PKEY_ASN1_METHOD_new(ameth_cmp); -- if (app_methods == NULL) -+ if (!app_methods) - return 0; - } - if (!sk_EVP_PKEY_ASN1_METHOD_push(app_methods, ameth)) -@@ -191,7 +249,7 @@ int EVP_PKEY_asn1_add_alias(int to, int from) - { - EVP_PKEY_ASN1_METHOD *ameth; - ameth = EVP_PKEY_asn1_new(from, ASN1_PKEY_ALIAS, NULL, NULL); -- if (ameth == NULL) -+ if (!ameth) - return 0; - ameth->pkey_base_id = to; - if (!EVP_PKEY_asn1_add0(ameth)) { -@@ -221,7 +279,7 @@ int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *ppkey_base_id, - return 1; - } - --const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey) -+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(EVP_PKEY *pkey) - { - return pkey->ameth; - } -@@ -229,30 +287,63 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey) - EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags, - const char *pem_str, const char *info) - { -- EVP_PKEY_ASN1_METHOD *ameth = OPENSSL_zalloc(sizeof(*ameth)); -- -- if (ameth == NULL) -+ EVP_PKEY_ASN1_METHOD *ameth; -+ ameth = OPENSSL_malloc(sizeof(EVP_PKEY_ASN1_METHOD)); -+ if (!ameth) - return NULL; - -+ memset(ameth, 0, sizeof(EVP_PKEY_ASN1_METHOD)); -+ - ameth->pkey_id = id; - ameth->pkey_base_id = id; - ameth->pkey_flags = flags | ASN1_PKEY_DYNAMIC; - - if (info) { -- ameth->info = OPENSSL_strdup(info); -+ ameth->info = BUF_strdup(info); - if (!ameth->info) - goto err; -- } -+ } else -+ ameth->info = NULL; - - if (pem_str) { -- ameth->pem_str = OPENSSL_strdup(pem_str); -+ ameth->pem_str = BUF_strdup(pem_str); - if (!ameth->pem_str) - goto err; -- } -+ } else -+ ameth->pem_str = NULL; -+ -+ ameth->pub_decode = 0; -+ ameth->pub_encode = 0; -+ ameth->pub_cmp = 0; -+ ameth->pub_print = 0; -+ -+ ameth->priv_decode = 0; -+ ameth->priv_encode = 0; -+ ameth->priv_print = 0; -+ -+ ameth->old_priv_encode = 0; -+ ameth->old_priv_decode = 0; -+ -+ ameth->item_verify = 0; -+ ameth->item_sign = 0; -+ -+ ameth->pkey_size = 0; -+ ameth->pkey_bits = 0; -+ -+ ameth->param_decode = 0; -+ ameth->param_encode = 0; -+ ameth->param_missing = 0; -+ ameth->param_copy = 0; -+ ameth->param_cmp = 0; -+ ameth->param_print = 0; -+ -+ ameth->pkey_free = 0; -+ ameth->pkey_ctrl = 0; - - return ameth; - - err: -+ - EVP_PKEY_asn1_free(ameth); - return NULL; - -@@ -295,8 +386,10 @@ void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, - void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth) - { - if (ameth && (ameth->pkey_flags & ASN1_PKEY_DYNAMIC)) { -- OPENSSL_free(ameth->pem_str); -- OPENSSL_free(ameth->info); -+ if (ameth->pem_str) -+ OPENSSL_free(ameth->pem_str); -+ if (ameth->info) -+ OPENSSL_free(ameth->info); - OPENSSL_free(ameth); - } - } -@@ -324,7 +417,7 @@ void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth, - - void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth, - int (*priv_decode) (EVP_PKEY *pk, -- const PKCS8_PRIV_KEY_INFO -+ PKCS8_PRIV_KEY_INFO - *p8inf), - int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, - const EVP_PKEY *pk), -@@ -374,13 +467,6 @@ void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, - ameth->pkey_ctrl = pkey_ctrl; - } - --void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, -- int (*pkey_security_bits) (const EVP_PKEY -- *pk)) --{ -- ameth->pkey_security_bits = pkey_security_bits; --} -- - void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth, - int (*item_verify) (EVP_MD_CTX *ctx, - const ASN1_ITEM *it, -diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn1_err.c b/Cryptlib/OpenSSL/crypto/asn1/asn1_err.c -index 97c3dec..fd4ac8d 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/asn1_err.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/asn1_err.c -@@ -1,11 +1,62 @@ --/* -- * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/asn1/asn1_err.c */ -+/* ==================================================================== -+ * Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+/* -+ * NOTE: this file was auto generated by the mkerr.pl script: any changes -+ * made to it will be overwritten when the script next updates this file, -+ * only reason strings will be preserved. - */ - - #include -@@ -20,33 +71,38 @@ - - static ERR_STRING_DATA ASN1_str_functs[] = { - {ERR_FUNC(ASN1_F_A2D_ASN1_OBJECT), "a2d_ASN1_OBJECT"}, -+ {ERR_FUNC(ASN1_F_A2I_ASN1_ENUMERATED), "a2i_ASN1_ENUMERATED"}, - {ERR_FUNC(ASN1_F_A2I_ASN1_INTEGER), "a2i_ASN1_INTEGER"}, - {ERR_FUNC(ASN1_F_A2I_ASN1_STRING), "a2i_ASN1_STRING"}, -- {ERR_FUNC(ASN1_F_APPEND_EXP), "append_exp"}, -+ {ERR_FUNC(ASN1_F_APPEND_EXP), "APPEND_EXP"}, - {ERR_FUNC(ASN1_F_ASN1_BIT_STRING_SET_BIT), "ASN1_BIT_STRING_set_bit"}, -- {ERR_FUNC(ASN1_F_ASN1_CB), "asn1_cb"}, -- {ERR_FUNC(ASN1_F_ASN1_CHECK_TLEN), "asn1_check_tlen"}, -- {ERR_FUNC(ASN1_F_ASN1_COLLECT), "asn1_collect"}, -- {ERR_FUNC(ASN1_F_ASN1_D2I_EX_PRIMITIVE), "asn1_d2i_ex_primitive"}, -+ {ERR_FUNC(ASN1_F_ASN1_CB), "ASN1_CB"}, -+ {ERR_FUNC(ASN1_F_ASN1_CHECK_TLEN), "ASN1_CHECK_TLEN"}, -+ {ERR_FUNC(ASN1_F_ASN1_COLLATE_PRIMITIVE), "ASN1_COLLATE_PRIMITIVE"}, -+ {ERR_FUNC(ASN1_F_ASN1_COLLECT), "ASN1_COLLECT"}, -+ {ERR_FUNC(ASN1_F_ASN1_D2I_EX_PRIMITIVE), "ASN1_D2I_EX_PRIMITIVE"}, - {ERR_FUNC(ASN1_F_ASN1_D2I_FP), "ASN1_d2i_fp"}, -- {ERR_FUNC(ASN1_F_ASN1_D2I_READ_BIO), "asn1_d2i_read_bio"}, -+ {ERR_FUNC(ASN1_F_ASN1_D2I_READ_BIO), "ASN1_D2I_READ_BIO"}, - {ERR_FUNC(ASN1_F_ASN1_DIGEST), "ASN1_digest"}, -- {ERR_FUNC(ASN1_F_ASN1_DO_ADB), "asn1_do_adb"}, -- {ERR_FUNC(ASN1_F_ASN1_DO_LOCK), "asn1_do_lock"}, -+ {ERR_FUNC(ASN1_F_ASN1_DO_ADB), "ASN1_DO_ADB"}, - {ERR_FUNC(ASN1_F_ASN1_DUP), "ASN1_dup"}, -- {ERR_FUNC(ASN1_F_ASN1_EX_C2I), "asn1_ex_c2i"}, -- {ERR_FUNC(ASN1_F_ASN1_FIND_END), "asn1_find_end"}, -+ {ERR_FUNC(ASN1_F_ASN1_ENUMERATED_SET), "ASN1_ENUMERATED_set"}, -+ {ERR_FUNC(ASN1_F_ASN1_ENUMERATED_TO_BN), "ASN1_ENUMERATED_to_BN"}, -+ {ERR_FUNC(ASN1_F_ASN1_EX_C2I), "ASN1_EX_C2I"}, -+ {ERR_FUNC(ASN1_F_ASN1_FIND_END), "ASN1_FIND_END"}, - {ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_ADJ), "ASN1_GENERALIZEDTIME_adj"}, -+ {ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_SET), "ASN1_GENERALIZEDTIME_set"}, - {ERR_FUNC(ASN1_F_ASN1_GENERATE_V3), "ASN1_generate_v3"}, -- {ERR_FUNC(ASN1_F_ASN1_GET_INT64), "asn1_get_int64"}, - {ERR_FUNC(ASN1_F_ASN1_GET_OBJECT), "ASN1_get_object"}, -- {ERR_FUNC(ASN1_F_ASN1_GET_UINT64), "asn1_get_uint64"}, -+ {ERR_FUNC(ASN1_F_ASN1_HEADER_NEW), "ASN1_HEADER_NEW"}, - {ERR_FUNC(ASN1_F_ASN1_I2D_BIO), "ASN1_i2d_bio"}, - {ERR_FUNC(ASN1_F_ASN1_I2D_FP), "ASN1_i2d_fp"}, -+ {ERR_FUNC(ASN1_F_ASN1_INTEGER_SET), "ASN1_INTEGER_set"}, -+ {ERR_FUNC(ASN1_F_ASN1_INTEGER_TO_BN), "ASN1_INTEGER_to_BN"}, - {ERR_FUNC(ASN1_F_ASN1_ITEM_D2I_FP), "ASN1_item_d2i_fp"}, - {ERR_FUNC(ASN1_F_ASN1_ITEM_DUP), "ASN1_item_dup"}, -- {ERR_FUNC(ASN1_F_ASN1_ITEM_EMBED_D2I), "asn1_item_embed_d2i"}, -- {ERR_FUNC(ASN1_F_ASN1_ITEM_EMBED_NEW), "asn1_item_embed_new"}, -+ {ERR_FUNC(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW), "ASN1_ITEM_EX_COMBINE_NEW"}, -+ {ERR_FUNC(ASN1_F_ASN1_ITEM_EX_D2I), "ASN1_ITEM_EX_D2I"}, - {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_BIO), "ASN1_item_i2d_bio"}, - {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_FP), "ASN1_item_i2d_fp"}, - {ERR_FUNC(ASN1_F_ASN1_ITEM_PACK), "ASN1_item_pack"}, -@@ -56,65 +112,85 @@ static ERR_STRING_DATA ASN1_str_functs[] = { - {ERR_FUNC(ASN1_F_ASN1_ITEM_VERIFY), "ASN1_item_verify"}, - {ERR_FUNC(ASN1_F_ASN1_MBSTRING_NCOPY), "ASN1_mbstring_ncopy"}, - {ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW), "ASN1_OBJECT_new"}, -- {ERR_FUNC(ASN1_F_ASN1_OUTPUT_DATA), "asn1_output_data"}, -+ {ERR_FUNC(ASN1_F_ASN1_OUTPUT_DATA), "ASN1_OUTPUT_DATA"}, -+ {ERR_FUNC(ASN1_F_ASN1_PACK_STRING), "ASN1_pack_string"}, - {ERR_FUNC(ASN1_F_ASN1_PCTX_NEW), "ASN1_PCTX_new"}, -- {ERR_FUNC(ASN1_F_ASN1_SCTX_NEW), "ASN1_SCTX_new"}, -+ {ERR_FUNC(ASN1_F_ASN1_PKCS5_PBE_SET), "ASN1_PKCS5_PBE_SET"}, -+ {ERR_FUNC(ASN1_F_ASN1_SEQ_PACK), "ASN1_seq_pack"}, -+ {ERR_FUNC(ASN1_F_ASN1_SEQ_UNPACK), "ASN1_seq_unpack"}, - {ERR_FUNC(ASN1_F_ASN1_SIGN), "ASN1_sign"}, -- {ERR_FUNC(ASN1_F_ASN1_STR2TYPE), "asn1_str2type"}, -- {ERR_FUNC(ASN1_F_ASN1_STRING_GET_INT64), "asn1_string_get_int64"}, -- {ERR_FUNC(ASN1_F_ASN1_STRING_GET_UINT64), "asn1_string_get_uint64"}, -+ {ERR_FUNC(ASN1_F_ASN1_STR2TYPE), "ASN1_STR2TYPE"}, - {ERR_FUNC(ASN1_F_ASN1_STRING_SET), "ASN1_STRING_set"}, - {ERR_FUNC(ASN1_F_ASN1_STRING_TABLE_ADD), "ASN1_STRING_TABLE_add"}, -- {ERR_FUNC(ASN1_F_ASN1_STRING_TO_BN), "asn1_string_to_bn"}, - {ERR_FUNC(ASN1_F_ASN1_STRING_TYPE_NEW), "ASN1_STRING_type_new"}, -- {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_EX_D2I), "asn1_template_ex_d2i"}, -- {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW), "asn1_template_new"}, -- {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I), "asn1_template_noexp_d2i"}, -+ {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_EX_D2I), "ASN1_TEMPLATE_EX_D2I"}, -+ {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW), "ASN1_TEMPLATE_NEW"}, -+ {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I), "ASN1_TEMPLATE_NOEXP_D2I"}, - {ERR_FUNC(ASN1_F_ASN1_TIME_ADJ), "ASN1_TIME_adj"}, -+ {ERR_FUNC(ASN1_F_ASN1_TIME_SET), "ASN1_TIME_set"}, - {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING), - "ASN1_TYPE_get_int_octetstring"}, - {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_OCTETSTRING), "ASN1_TYPE_get_octetstring"}, -+ {ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING), "ASN1_unpack_string"}, - {ERR_FUNC(ASN1_F_ASN1_UTCTIME_ADJ), "ASN1_UTCTIME_adj"}, -+ {ERR_FUNC(ASN1_F_ASN1_UTCTIME_SET), "ASN1_UTCTIME_set"}, - {ERR_FUNC(ASN1_F_ASN1_VERIFY), "ASN1_verify"}, -- {ERR_FUNC(ASN1_F_B64_READ_ASN1), "b64_read_asn1"}, -- {ERR_FUNC(ASN1_F_B64_WRITE_ASN1), "B64_write_ASN1"}, -+ {ERR_FUNC(ASN1_F_B64_READ_ASN1), "B64_READ_ASN1"}, -+ {ERR_FUNC(ASN1_F_B64_WRITE_ASN1), "B64_WRITE_ASN1"}, - {ERR_FUNC(ASN1_F_BIO_NEW_NDEF), "BIO_new_NDEF"}, -- {ERR_FUNC(ASN1_F_BITSTR_CB), "bitstr_cb"}, -- {ERR_FUNC(ASN1_F_BN_TO_ASN1_STRING), "bn_to_asn1_string"}, -+ {ERR_FUNC(ASN1_F_BITSTR_CB), "BITSTR_CB"}, -+ {ERR_FUNC(ASN1_F_BN_TO_ASN1_ENUMERATED), "BN_to_ASN1_ENUMERATED"}, -+ {ERR_FUNC(ASN1_F_BN_TO_ASN1_INTEGER), "BN_to_ASN1_INTEGER"}, - {ERR_FUNC(ASN1_F_C2I_ASN1_BIT_STRING), "c2i_ASN1_BIT_STRING"}, - {ERR_FUNC(ASN1_F_C2I_ASN1_INTEGER), "c2i_ASN1_INTEGER"}, - {ERR_FUNC(ASN1_F_C2I_ASN1_OBJECT), "c2i_ASN1_OBJECT"}, -- {ERR_FUNC(ASN1_F_C2I_IBUF), "c2i_ibuf"}, -- {ERR_FUNC(ASN1_F_COLLECT_DATA), "collect_data"}, -+ {ERR_FUNC(ASN1_F_COLLECT_DATA), "COLLECT_DATA"}, -+ {ERR_FUNC(ASN1_F_D2I_ASN1_BIT_STRING), "D2I_ASN1_BIT_STRING"}, -+ {ERR_FUNC(ASN1_F_D2I_ASN1_BOOLEAN), "d2i_ASN1_BOOLEAN"}, -+ {ERR_FUNC(ASN1_F_D2I_ASN1_BYTES), "d2i_ASN1_bytes"}, -+ {ERR_FUNC(ASN1_F_D2I_ASN1_GENERALIZEDTIME), "D2I_ASN1_GENERALIZEDTIME"}, -+ {ERR_FUNC(ASN1_F_D2I_ASN1_HEADER), "D2I_ASN1_HEADER"}, -+ {ERR_FUNC(ASN1_F_D2I_ASN1_INTEGER), "D2I_ASN1_INTEGER"}, - {ERR_FUNC(ASN1_F_D2I_ASN1_OBJECT), "d2i_ASN1_OBJECT"}, -+ {ERR_FUNC(ASN1_F_D2I_ASN1_SET), "d2i_ASN1_SET"}, -+ {ERR_FUNC(ASN1_F_D2I_ASN1_TYPE_BYTES), "d2i_ASN1_type_bytes"}, - {ERR_FUNC(ASN1_F_D2I_ASN1_UINTEGER), "d2i_ASN1_UINTEGER"}, -+ {ERR_FUNC(ASN1_F_D2I_ASN1_UTCTIME), "D2I_ASN1_UTCTIME"}, - {ERR_FUNC(ASN1_F_D2I_AUTOPRIVATEKEY), "d2i_AutoPrivateKey"}, -+ {ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA), "d2i_Netscape_RSA"}, -+ {ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA_2), "D2I_NETSCAPE_RSA_2"}, - {ERR_FUNC(ASN1_F_D2I_PRIVATEKEY), "d2i_PrivateKey"}, - {ERR_FUNC(ASN1_F_D2I_PUBLICKEY), "d2i_PublicKey"}, -- {ERR_FUNC(ASN1_F_DO_TCREATE), "do_tcreate"}, -+ {ERR_FUNC(ASN1_F_D2I_RSA_NET), "d2i_RSA_NET"}, -+ {ERR_FUNC(ASN1_F_D2I_RSA_NET_2), "D2I_RSA_NET_2"}, -+ {ERR_FUNC(ASN1_F_D2I_X509), "D2I_X509"}, -+ {ERR_FUNC(ASN1_F_D2I_X509_CINF), "D2I_X509_CINF"}, -+ {ERR_FUNC(ASN1_F_D2I_X509_PKEY), "d2i_X509_PKEY"}, - {ERR_FUNC(ASN1_F_I2D_ASN1_BIO_STREAM), "i2d_ASN1_bio_stream"}, -+ {ERR_FUNC(ASN1_F_I2D_ASN1_SET), "i2d_ASN1_SET"}, -+ {ERR_FUNC(ASN1_F_I2D_ASN1_TIME), "I2D_ASN1_TIME"}, - {ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"}, - {ERR_FUNC(ASN1_F_I2D_EC_PUBKEY), "i2d_EC_PUBKEY"}, - {ERR_FUNC(ASN1_F_I2D_PRIVATEKEY), "i2d_PrivateKey"}, - {ERR_FUNC(ASN1_F_I2D_PUBLICKEY), "i2d_PublicKey"}, -+ {ERR_FUNC(ASN1_F_I2D_RSA_NET), "i2d_RSA_NET"}, - {ERR_FUNC(ASN1_F_I2D_RSA_PUBKEY), "i2d_RSA_PUBKEY"}, -- {ERR_FUNC(ASN1_F_LONG_C2I), "long_c2i"}, -- {ERR_FUNC(ASN1_F_OID_MODULE_INIT), "oid_module_init"}, -- {ERR_FUNC(ASN1_F_PARSE_TAGGING), "parse_tagging"}, -+ {ERR_FUNC(ASN1_F_LONG_C2I), "LONG_C2I"}, -+ {ERR_FUNC(ASN1_F_OID_MODULE_INIT), "OID_MODULE_INIT"}, -+ {ERR_FUNC(ASN1_F_PARSE_TAGGING), "PARSE_TAGGING"}, - {ERR_FUNC(ASN1_F_PKCS5_PBE2_SET_IV), "PKCS5_pbe2_set_iv"}, -- {ERR_FUNC(ASN1_F_PKCS5_PBE2_SET_SCRYPT), "PKCS5_pbe2_set_scrypt"}, - {ERR_FUNC(ASN1_F_PKCS5_PBE_SET), "PKCS5_pbe_set"}, - {ERR_FUNC(ASN1_F_PKCS5_PBE_SET0_ALGOR), "PKCS5_pbe_set0_algor"}, - {ERR_FUNC(ASN1_F_PKCS5_PBKDF2_SET), "PKCS5_pbkdf2_set"}, -- {ERR_FUNC(ASN1_F_PKCS5_SCRYPT_SET), "pkcs5_scrypt_set"}, - {ERR_FUNC(ASN1_F_SMIME_READ_ASN1), "SMIME_read_ASN1"}, - {ERR_FUNC(ASN1_F_SMIME_TEXT), "SMIME_text"}, -- {ERR_FUNC(ASN1_F_STBL_MODULE_INIT), "stbl_module_init"}, -+ {ERR_FUNC(ASN1_F_X509_CINF_NEW), "X509_CINF_NEW"}, - {ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED), "X509_CRL_add0_revoked"}, - {ERR_FUNC(ASN1_F_X509_INFO_NEW), "X509_INFO_new"}, -- {ERR_FUNC(ASN1_F_X509_NAME_ENCODE), "x509_name_encode"}, -- {ERR_FUNC(ASN1_F_X509_NAME_EX_D2I), "x509_name_ex_d2i"}, -- {ERR_FUNC(ASN1_F_X509_NAME_EX_NEW), "x509_name_ex_new"}, -+ {ERR_FUNC(ASN1_F_X509_NAME_ENCODE), "X509_NAME_ENCODE"}, -+ {ERR_FUNC(ASN1_F_X509_NAME_EX_D2I), "X509_NAME_EX_D2I"}, -+ {ERR_FUNC(ASN1_F_X509_NAME_EX_NEW), "X509_NAME_EX_NEW"}, -+ {ERR_FUNC(ASN1_F_X509_NEW), "X509_NEW"}, - {ERR_FUNC(ASN1_F_X509_PKEY_NEW), "X509_PKEY_new"}, - {0, NULL} - }; -@@ -124,7 +200,10 @@ static ERR_STRING_DATA ASN1_str_reasons[] = { - {ERR_REASON(ASN1_R_ASN1_PARSE_ERROR), "asn1 parse error"}, - {ERR_REASON(ASN1_R_ASN1_SIG_PARSE_ERROR), "asn1 sig parse error"}, - {ERR_REASON(ASN1_R_AUX_ERROR), "aux error"}, -+ {ERR_REASON(ASN1_R_BAD_CLASS), "bad class"}, - {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER), "bad object header"}, -+ {ERR_REASON(ASN1_R_BAD_PASSWORD_READ), "bad password read"}, -+ {ERR_REASON(ASN1_R_BAD_TAG), "bad tag"}, - {ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH), - "bmpstring is wrong length"}, - {ERR_REASON(ASN1_R_BN_LIB), "bn lib"}, -@@ -135,16 +214,21 @@ static ERR_STRING_DATA ASN1_str_reasons[] = { - {ERR_REASON(ASN1_R_CONTEXT_NOT_INITIALISED), "context not initialised"}, - {ERR_REASON(ASN1_R_DATA_IS_WRONG), "data is wrong"}, - {ERR_REASON(ASN1_R_DECODE_ERROR), "decode error"}, -+ {ERR_REASON(ASN1_R_DECODING_ERROR), "decoding error"}, - {ERR_REASON(ASN1_R_DEPTH_EXCEEDED), "depth exceeded"}, - {ERR_REASON(ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED), - "digest and key type not supported"}, - {ERR_REASON(ASN1_R_ENCODE_ERROR), "encode error"}, - {ERR_REASON(ASN1_R_ERROR_GETTING_TIME), "error getting time"}, - {ERR_REASON(ASN1_R_ERROR_LOADING_SECTION), "error loading section"}, -+ {ERR_REASON(ASN1_R_ERROR_PARSING_SET_ELEMENT), -+ "error parsing set element"}, - {ERR_REASON(ASN1_R_ERROR_SETTING_CIPHER_PARAMS), - "error setting cipher params"}, - {ERR_REASON(ASN1_R_EXPECTING_AN_INTEGER), "expecting an integer"}, - {ERR_REASON(ASN1_R_EXPECTING_AN_OBJECT), "expecting an object"}, -+ {ERR_REASON(ASN1_R_EXPECTING_A_BOOLEAN), "expecting a boolean"}, -+ {ERR_REASON(ASN1_R_EXPECTING_A_TIME), "expecting a time"}, - {ERR_REASON(ASN1_R_EXPLICIT_LENGTH_MISMATCH), "explicit length mismatch"}, - {ERR_REASON(ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED), - "explicit tag not constructed"}, -@@ -158,7 +242,6 @@ static ERR_STRING_DATA ASN1_str_reasons[] = { - {ERR_REASON(ASN1_R_ILLEGAL_HEX), "illegal hex"}, - {ERR_REASON(ASN1_R_ILLEGAL_IMPLICIT_TAG), "illegal implicit tag"}, - {ERR_REASON(ASN1_R_ILLEGAL_INTEGER), "illegal integer"}, -- {ERR_REASON(ASN1_R_ILLEGAL_NEGATIVE_VALUE), "illegal negative value"}, - {ERR_REASON(ASN1_R_ILLEGAL_NESTED_TAGGING), "illegal nested tagging"}, - {ERR_REASON(ASN1_R_ILLEGAL_NULL), "illegal null"}, - {ERR_REASON(ASN1_R_ILLEGAL_NULL_VALUE), "illegal null value"}, -@@ -166,10 +249,8 @@ static ERR_STRING_DATA ASN1_str_reasons[] = { - {ERR_REASON(ASN1_R_ILLEGAL_OPTIONAL_ANY), "illegal optional any"}, - {ERR_REASON(ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE), - "illegal options on item template"}, -- {ERR_REASON(ASN1_R_ILLEGAL_PADDING), "illegal padding"}, - {ERR_REASON(ASN1_R_ILLEGAL_TAGGED_ANY), "illegal tagged any"}, - {ERR_REASON(ASN1_R_ILLEGAL_TIME_VALUE), "illegal time value"}, -- {ERR_REASON(ASN1_R_ILLEGAL_ZERO_CONTENT), "illegal zero content"}, - {ERR_REASON(ASN1_R_INTEGER_NOT_ASCII_FORMAT), "integer not ascii format"}, - {ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG), - "integer too large for long"}, -@@ -181,15 +262,13 @@ static ERR_STRING_DATA ASN1_str_reasons[] = { - {ERR_REASON(ASN1_R_INVALID_MODIFIER), "invalid modifier"}, - {ERR_REASON(ASN1_R_INVALID_NUMBER), "invalid number"}, - {ERR_REASON(ASN1_R_INVALID_OBJECT_ENCODING), "invalid object encoding"}, -- {ERR_REASON(ASN1_R_INVALID_SCRYPT_PARAMETERS), -- "invalid scrypt parameters"}, - {ERR_REASON(ASN1_R_INVALID_SEPARATOR), "invalid separator"}, -- {ERR_REASON(ASN1_R_INVALID_STRING_TABLE_VALUE), -- "invalid string table value"}, -+ {ERR_REASON(ASN1_R_INVALID_TIME_FORMAT), "invalid time format"}, - {ERR_REASON(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH), - "invalid universalstring length"}, - {ERR_REASON(ASN1_R_INVALID_UTF8STRING), "invalid utf8string"}, -- {ERR_REASON(ASN1_R_INVALID_VALUE), "invalid value"}, -+ {ERR_REASON(ASN1_R_IV_TOO_LARGE), "iv too large"}, -+ {ERR_REASON(ASN1_R_LENGTH_ERROR), "length error"}, - {ERR_REASON(ASN1_R_LIST_ERROR), "list error"}, - {ERR_REASON(ASN1_R_MIME_NO_CONTENT_TYPE), "mime no content type"}, - {ERR_REASON(ASN1_R_MIME_PARSE_ERROR), "mime parse error"}, -@@ -204,6 +283,7 @@ static ERR_STRING_DATA ASN1_str_reasons[] = { - {ERR_REASON(ASN1_R_NOT_ASCII_FORMAT), "not ascii format"}, - {ERR_REASON(ASN1_R_NOT_ENOUGH_DATA), "not enough data"}, - {ERR_REASON(ASN1_R_NO_CONTENT_TYPE), "no content type"}, -+ {ERR_REASON(ASN1_R_NO_DEFAULT_DIGEST), "no default digest"}, - {ERR_REASON(ASN1_R_NO_MATCHING_CHOICE_TYPE), "no matching choice type"}, - {ERR_REASON(ASN1_R_NO_MULTIPART_BODY_FAILURE), - "no multipart body failure"}, -@@ -212,6 +292,8 @@ static ERR_STRING_DATA ASN1_str_reasons[] = { - {ERR_REASON(ASN1_R_NULL_IS_WRONG_LENGTH), "null is wrong length"}, - {ERR_REASON(ASN1_R_OBJECT_NOT_ASCII_FORMAT), "object not ascii format"}, - {ERR_REASON(ASN1_R_ODD_NUMBER_OF_CHARS), "odd number of chars"}, -+ {ERR_REASON(ASN1_R_PRIVATE_KEY_HEADER_MISSING), -+ "private key header missing"}, - {ERR_REASON(ASN1_R_SECOND_NUMBER_TOO_LARGE), "second number too large"}, - {ERR_REASON(ASN1_R_SEQUENCE_LENGTH_MISMATCH), "sequence length mismatch"}, - {ERR_REASON(ASN1_R_SEQUENCE_NOT_CONSTRUCTED), "sequence not constructed"}, -@@ -222,14 +304,16 @@ static ERR_STRING_DATA ASN1_str_reasons[] = { - {ERR_REASON(ASN1_R_STREAMING_NOT_SUPPORTED), "streaming not supported"}, - {ERR_REASON(ASN1_R_STRING_TOO_LONG), "string too long"}, - {ERR_REASON(ASN1_R_STRING_TOO_SHORT), "string too short"}, -+ {ERR_REASON(ASN1_R_TAG_VALUE_TOO_HIGH), "tag value too high"}, - {ERR_REASON(ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD), - "the asn1 object identifier is not known for this md"}, - {ERR_REASON(ASN1_R_TIME_NOT_ASCII_FORMAT), "time not ascii format"}, -- {ERR_REASON(ASN1_R_TOO_LARGE), "too large"}, - {ERR_REASON(ASN1_R_TOO_LONG), "too long"}, -- {ERR_REASON(ASN1_R_TOO_SMALL), "too small"}, - {ERR_REASON(ASN1_R_TYPE_NOT_CONSTRUCTED), "type not constructed"}, - {ERR_REASON(ASN1_R_TYPE_NOT_PRIMITIVE), "type not primitive"}, -+ {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY), "unable to decode rsa key"}, -+ {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY), -+ "unable to decode rsa private key"}, - {ERR_REASON(ASN1_R_UNEXPECTED_EOC), "unexpected eoc"}, - {ERR_REASON(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH), - "universalstring is wrong length"}, -@@ -241,20 +325,24 @@ static ERR_STRING_DATA ASN1_str_reasons[] = { - {ERR_REASON(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM), - "unknown signature algorithm"}, - {ERR_REASON(ASN1_R_UNKNOWN_TAG), "unknown tag"}, -+ {ERR_REASON(ASN1_R_UNKOWN_FORMAT), "unknown format"}, - {ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE), - "unsupported any defined by type"}, -+ {ERR_REASON(ASN1_R_UNSUPPORTED_CIPHER), "unsupported cipher"}, -+ {ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM), -+ "unsupported encryption algorithm"}, - {ERR_REASON(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE), - "unsupported public key type"}, - {ERR_REASON(ASN1_R_UNSUPPORTED_TYPE), "unsupported type"}, -- {ERR_REASON(ASN1_R_WRONG_INTEGER_TYPE), "wrong integer type"}, - {ERR_REASON(ASN1_R_WRONG_PUBLIC_KEY_TYPE), "wrong public key type"}, - {ERR_REASON(ASN1_R_WRONG_TAG), "wrong tag"}, -+ {ERR_REASON(ASN1_R_WRONG_TYPE), "wrong type"}, - {0, NULL} - }; - - #endif - --int ERR_load_ASN1_strings(void) -+void ERR_load_ASN1_strings(void) - { - #ifndef OPENSSL_NO_ERR - -@@ -263,5 +351,4 @@ int ERR_load_ASN1_strings(void) - ERR_load_strings(0, ASN1_str_reasons); - } - #endif -- return 1; - } -diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c b/Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c -index 493a693..6574923 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c -@@ -1,13 +1,63 @@ -+/* asn1_gen.c */ - /* -- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2002. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2002 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - -@@ -62,7 +112,7 @@ typedef struct { - int exp_count; - } tag_exp_arg; - --static ASN1_TYPE *generate_v3(const char *str, X509V3_CTX *cnf, int depth, -+static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth, - int *perr); - static int bitstr_cb(const char *elem, int len, void *bitstr); - static int asn1_cb(const char *elem, int len, void *bitstr); -@@ -75,7 +125,7 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf, - static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype); - static int asn1_str2tag(const char *tagstr, int len); - --ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf) -+ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf) - { - X509V3_CTX cnf; - -@@ -86,7 +136,7 @@ ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf) - return ASN1_generate_v3(str, &cnf); - } - --ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf) -+ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf) - { - int err = 0; - ASN1_TYPE *ret = generate_v3(str, cnf, 0, &err); -@@ -95,7 +145,7 @@ ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf) - return ret; - } - --static ASN1_TYPE *generate_v3(const char *str, X509V3_CTX *cnf, int depth, -+static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth, - int *perr) - { - ASN1_TYPE *ret; -@@ -109,7 +159,7 @@ static ASN1_TYPE *generate_v3(const char *str, X509V3_CTX *cnf, int depth, - unsigned char *p; - const unsigned char *cp; - int cpy_len; -- long hdr_len = 0; -+ long hdr_len; - int hdr_constructed = 0, hdr_tag, hdr_class; - int r; - -@@ -193,7 +243,7 @@ static ASN1_TYPE *generate_v3(const char *str, X509V3_CTX *cnf, int depth, - /* Allocate buffer for new encoding */ - - new_der = OPENSSL_malloc(len); -- if (new_der == NULL) -+ if (!new_der) - goto err; - - /* Generate tagged encoding */ -@@ -230,8 +280,10 @@ static ASN1_TYPE *generate_v3(const char *str, X509V3_CTX *cnf, int depth, - ret = d2i_ASN1_TYPE(NULL, &cp, len); - - err: -- OPENSSL_free(orig_der); -- OPENSSL_free(new_der); -+ if (orig_der) -+ OPENSSL_free(orig_der); -+ if (new_der) -+ OPENSSL_free(new_der); - - return ret; - -@@ -325,16 +377,16 @@ static int asn1_cb(const char *elem, int len, void *bitstr) - ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_FORMAT); - return -1; - } -- if (strncmp(vstart, "ASCII", 5) == 0) -+ if (!strncmp(vstart, "ASCII", 5)) - arg->format = ASN1_GEN_FORMAT_ASCII; -- else if (strncmp(vstart, "UTF8", 4) == 0) -+ else if (!strncmp(vstart, "UTF8", 4)) - arg->format = ASN1_GEN_FORMAT_UTF8; -- else if (strncmp(vstart, "HEX", 3) == 0) -+ else if (!strncmp(vstart, "HEX", 3)) - arg->format = ASN1_GEN_FORMAT_HEX; -- else if (strncmp(vstart, "BITLIST", 7) == 0) -+ else if (!strncmp(vstart, "BITLIST", 7)) - arg->format = ASN1_GEN_FORMAT_BITLIST; - else { -- ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_FORMAT); -+ ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKOWN_FORMAT); - return -1; - } - break; -@@ -391,6 +443,7 @@ static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass) - ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_MODIFIER); - ERR_add_error_data(2, "Char=", erch); - return 0; -+ break; - - } - } else -@@ -442,12 +495,15 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf, - - if (derlen < 0) - goto bad; -- if ((ret = ASN1_TYPE_new()) == NULL) -+ -+ if (!(ret = ASN1_TYPE_new())) - goto bad; -- if ((ret->value.asn1_string = ASN1_STRING_type_new(utype)) == NULL) -+ -+ if (!(ret->value.asn1_string = ASN1_STRING_type_new(utype))) - goto bad; - - ret->type = utype; -+ - ret->value.asn1_string->data = der; - ret->value.asn1_string->length = derlen; - -@@ -455,10 +511,13 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf, - - bad: - -- OPENSSL_free(der); -+ if (der) -+ OPENSSL_free(der); - -- sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free); -- X509V3_section_free(cnf, sect); -+ if (sk) -+ sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free); -+ if (sect) -+ X509V3_section_free(cnf, sect); - - return ret; - } -@@ -567,8 +626,8 @@ static int asn1_str2tag(const char *tagstr, int len) - len = strlen(tagstr); - - tntmp = tnst; -- for (i = 0; i < OSSL_NELEM(tnst); i++, tntmp++) { -- if ((len == tntmp->len) && (strncmp(tntmp->strnam, tagstr, len) == 0)) -+ for (i = 0; i < sizeof(tnst) / sizeof(struct tag_name_st); i++, tntmp++) { -+ if ((len == tntmp->len) && !strncmp(tntmp->strnam, tagstr, len)) - return tntmp->tag; - } - -@@ -578,12 +637,15 @@ static int asn1_str2tag(const char *tagstr, int len) - static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) - { - ASN1_TYPE *atmp = NULL; -+ - CONF_VALUE vtmp; -+ - unsigned char *rdata; - long rdlen; -+ - int no_unused = 1; - -- if ((atmp = ASN1_TYPE_new()) == NULL) { -+ if (!(atmp = ASN1_TYPE_new())) { - ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); - return NULL; - } -@@ -620,8 +682,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) - ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_INTEGER_NOT_ASCII_FORMAT); - goto bad_form; - } -- if ((atmp->value.integer -- = s2i_ASN1_INTEGER(NULL, str)) == NULL) { -+ if (!(atmp->value.integer = s2i_ASN1_INTEGER(NULL, (char *)str))) { - ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_INTEGER); - goto bad_str; - } -@@ -632,7 +693,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) - ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_OBJECT_NOT_ASCII_FORMAT); - goto bad_form; - } -- if ((atmp->value.object = OBJ_txt2obj(str, 0)) == NULL) { -+ if (!(atmp->value.object = OBJ_txt2obj(str, 0))) { - ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_OBJECT); - goto bad_str; - } -@@ -644,7 +705,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) - ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_TIME_NOT_ASCII_FORMAT); - goto bad_form; - } -- if ((atmp->value.asn1_string = ASN1_STRING_new()) == NULL) { -+ if (!(atmp->value.asn1_string = ASN1_STRING_new())) { - ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); - goto bad_str; - } -@@ -669,6 +730,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) - case V_ASN1_UNIVERSALSTRING: - case V_ASN1_GENERALSTRING: - case V_ASN1_NUMERICSTRING: -+ - if (format == ASN1_GEN_FORMAT_ASCII) - format = MBSTRING_ASC; - else if (format == ASN1_GEN_FORMAT_UTF8) -@@ -687,20 +749,25 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) - break; - - case V_ASN1_BIT_STRING: -+ - case V_ASN1_OCTET_STRING: -- if ((atmp->value.asn1_string = ASN1_STRING_new()) == NULL) { -+ -+ if (!(atmp->value.asn1_string = ASN1_STRING_new())) { - ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); - goto bad_form; - } - - if (format == ASN1_GEN_FORMAT_HEX) { -- if ((rdata = OPENSSL_hexstr2buf(str, &rdlen)) == NULL) { -+ -+ if (!(rdata = string_to_hex((char *)str, &rdlen))) { - ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_HEX); - goto bad_str; - } -+ - atmp->value.asn1_string->data = rdata; - atmp->value.asn1_string->length = rdlen; - atmp->value.asn1_string->type = utype; -+ - } else if (format == ASN1_GEN_FORMAT_ASCII) - ASN1_STRING_set(atmp->value.asn1_string, str, -1); - else if ((format == ASN1_GEN_FORMAT_BITLIST) -@@ -728,6 +795,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) - default: - ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_UNSUPPORTED_TYPE); - goto bad_str; -+ break; - } - - atmp->type = utype; -@@ -761,29 +829,3 @@ static int bitstr_cb(const char *elem, int len, void *bitstr) - } - return 1; - } -- --static int mask_cb(const char *elem, int len, void *arg) --{ -- unsigned long *pmask = arg, tmpmask; -- int tag; -- if (elem == NULL) -- return 0; -- if ((len == 3) && (strncmp(elem, "DIR", 3) == 0)) { -- *pmask |= B_ASN1_DIRECTORYSTRING; -- return 1; -- } -- tag = asn1_str2tag(elem, len); -- if (!tag || (tag & ASN1_GEN_FLAG)) -- return 0; -- tmpmask = ASN1_tag2bit(tag); -- if (!tmpmask) -- return 0; -- *pmask |= tmpmask; -- return 1; --} -- --int ASN1_str2mask(const char *str, unsigned long *pmask) --{ -- *pmask = 0; -- return CONF_parse_list(str, '|', 1, mask_cb, pmask); --} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c b/Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c -index 8ca53b4..e63e82a 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c -@@ -1,21 +1,71 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/asn1/asn1_lib.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include --#include "asn1_locl.h" -+#include - - static int asn1_get_length(const unsigned char **pp, int *inf, long *rl, - long max); - static void asn1_put_length(unsigned char **pp, int length); -+const char ASN1_version[] = "ASN.1" OPENSSL_VERSION_PTEXT; - - static int _asn1_check_infinite_end(const unsigned char **p, long len) - { -@@ -87,6 +137,12 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, - if (inf && !(ret & V_ASN1_CONSTRUCTED)) - goto err; - -+#if 0 -+ fprintf(stderr, "p=%d + *plength=%ld > omax=%ld + *pp=%d (%d > %d)\n", -+ (int)p, *plength, omax, (int)*pp, (int)(p + *plength), -+ (int)(omax + *pp)); -+ -+#endif - if (*plength > (omax - (p - *pp))) { - ASN1err(ASN1_F_ASN1_GET_OBJECT, ASN1_R_TOO_LONG); - /* -@@ -119,14 +175,7 @@ static int asn1_get_length(const unsigned char **pp, int *inf, long *rl, - *inf = 0; - i = *p & 0x7f; - if (*(p++) & 0x80) { -- if (max < (long)i + 1) -- return 0; -- /* Skip leading zeroes */ -- while (i && *p == 0) { -- p++; -- i--; -- } -- if (i > sizeof(long)) -+ if (i > sizeof(ret) || max < (long)i) - return 0; - while (i-- > 0) { - ret <<= 8L; -@@ -233,6 +282,57 @@ int ASN1_object_size(int constructed, int length, int tag) - return ret + length; - } - -+static int _asn1_Finish(ASN1_const_CTX *c) -+{ -+ if ((c->inf == (1 | V_ASN1_CONSTRUCTED)) && (!c->eos)) { -+ if (!ASN1_const_check_infinite_end(&c->p, c->slen)) { -+ c->error = ERR_R_MISSING_ASN1_EOS; -+ return (0); -+ } -+ } -+ if (((c->slen != 0) && !(c->inf & 1)) || ((c->slen < 0) && (c->inf & 1))) { -+ c->error = ERR_R_ASN1_LENGTH_MISMATCH; -+ return (0); -+ } -+ return (1); -+} -+ -+int asn1_Finish(ASN1_CTX *c) -+{ -+ return _asn1_Finish((ASN1_const_CTX *)c); -+} -+ -+int asn1_const_Finish(ASN1_const_CTX *c) -+{ -+ return _asn1_Finish(c); -+} -+ -+int asn1_GetSequence(ASN1_const_CTX *c, long *length) -+{ -+ const unsigned char *q; -+ -+ q = c->p; -+ c->inf = ASN1_get_object(&(c->p), &(c->slen), &(c->tag), &(c->xclass), -+ *length); -+ if (c->inf & 0x80) { -+ c->error = ERR_R_BAD_GET_ASN1_OBJECT_CALL; -+ return (0); -+ } -+ if (c->tag != V_ASN1_SEQUENCE) { -+ c->error = ERR_R_EXPECTING_AN_ASN1_SEQUENCE; -+ return (0); -+ } -+ (*length) -= (c->p - q); -+ if (c->max && (*length < 0)) { -+ c->error = ERR_R_ASN1_LENGTH_MISMATCH; -+ return (0); -+ } -+ if (c->inf == (1 | V_ASN1_CONSTRUCTED)) -+ c->slen = *length; -+ c->eos = 0; -+ return (1); -+} -+ - int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str) - { - if (str == NULL) -@@ -240,9 +340,7 @@ int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str) - dst->type = str->type; - if (!ASN1_STRING_set(dst, str->data, str->length)) - return 0; -- /* Copy flags but preserve embed value */ -- dst->flags &= ASN1_STRING_FLAG_EMBED; -- dst->flags |= str->flags & ~ASN1_STRING_FLAG_EMBED; -+ dst->flags = str->flags; - return 1; - } - -@@ -252,7 +350,7 @@ ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *str) - if (!str) - return NULL; - ret = ASN1_STRING_new(); -- if (ret == NULL) -+ if (!ret) - return NULL; - if (!ASN1_STRING_copy(ret, str)) { - ASN1_STRING_free(ret); -@@ -274,7 +372,11 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len) - } - if ((str->length <= len) || (str->data == NULL)) { - c = str->data; -- str->data = OPENSSL_realloc(c, len + 1); -+ if (c == NULL) -+ str->data = OPENSSL_malloc(len + 1); -+ else -+ str->data = OPENSSL_realloc(c, len + 1); -+ - if (str->data == NULL) { - ASN1err(ASN1_F_ASN1_STRING_SET, ERR_R_MALLOC_FAILURE); - str->data = c; -@@ -292,7 +394,8 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len) - - void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len) - { -- OPENSSL_free(str->data); -+ if (str->data) -+ OPENSSL_free(str->data); - str->data = data; - str->length = len; - } -@@ -306,37 +409,30 @@ ASN1_STRING *ASN1_STRING_type_new(int type) - { - ASN1_STRING *ret; - -- ret = OPENSSL_zalloc(sizeof(*ret)); -+ ret = (ASN1_STRING *)OPENSSL_malloc(sizeof(ASN1_STRING)); - if (ret == NULL) { - ASN1err(ASN1_F_ASN1_STRING_TYPE_NEW, ERR_R_MALLOC_FAILURE); - return (NULL); - } -+ ret->length = 0; - ret->type = type; -+ ret->data = NULL; -+ ret->flags = 0; - return (ret); - } - --void asn1_string_embed_free(ASN1_STRING *a, int embed) --{ -- if (a == NULL) -- return; -- if (!(a->flags & ASN1_STRING_FLAG_NDEF)) -- OPENSSL_free(a->data); -- if (embed == 0) -- OPENSSL_free(a); --} -- - void ASN1_STRING_free(ASN1_STRING *a) - { - if (a == NULL) - return; -- asn1_string_embed_free(a, a->flags & ASN1_STRING_FLAG_EMBED); -+ if (a->data && !(a->flags & ASN1_STRING_FLAG_NDEF)) -+ OPENSSL_free(a->data); -+ OPENSSL_free(a); - } - - void ASN1_STRING_clear_free(ASN1_STRING *a) - { -- if (a == NULL) -- return; -- if (a->data && !(a->flags & ASN1_STRING_FLAG_NDEF)) -+ if (a && a->data && !(a->flags & ASN1_STRING_FLAG_NDEF)) - OPENSSL_cleanse(a->data, a->length); - ASN1_STRING_free(a); - } -@@ -356,29 +452,32 @@ int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b) - return (i); - } - --int ASN1_STRING_length(const ASN1_STRING *x) -+void asn1_add_error(const unsigned char *address, int offset) - { -- return x->length; -+ char buf1[DECIMAL_SIZE(address) + 1], buf2[DECIMAL_SIZE(offset) + 1]; -+ -+ BIO_snprintf(buf1, sizeof buf1, "%lu", (unsigned long)address); -+ BIO_snprintf(buf2, sizeof buf2, "%d", offset); -+ ERR_add_error_data(4, "address=", buf1, " offset=", buf2); - } - --void ASN1_STRING_length_set(ASN1_STRING *x, int len) -+int ASN1_STRING_length(const ASN1_STRING *x) - { -- x->length = len; -+ return M_ASN1_STRING_length(x); - } - --int ASN1_STRING_type(const ASN1_STRING *x) -+void ASN1_STRING_length_set(ASN1_STRING *x, int len) - { -- return x->type; -+ M_ASN1_STRING_length_set(x, len); -+ return; - } - --const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x) -+int ASN1_STRING_type(ASN1_STRING *x) - { -- return x->data; -+ return M_ASN1_STRING_type(x); - } - --# if OPENSSL_API_COMPAT < 0x10100000L - unsigned char *ASN1_STRING_data(ASN1_STRING *x) - { -- return x->data; -+ return M_ASN1_STRING_data(x); - } --#endif -diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn1_locl.h b/Cryptlib/OpenSSL/crypto/asn1/asn1_locl.h -index 5f597bd..4c004fa 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/asn1_locl.h -+++ b/Cryptlib/OpenSSL/crypto/asn1/asn1_locl.h -@@ -1,10 +1,60 @@ -+/* asn1t.h */ - /* -- * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2006. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - /* Internal ASN1 structures and functions: not for application use */ -@@ -12,67 +62,74 @@ - int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d); - int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d); - --/* ASN1 scan context structure */ -+/* ASN1 print context structure */ - --struct asn1_sctx_st { -- /* The ASN1_ITEM associated with this field */ -- const ASN1_ITEM *it; -- /* If ASN1_TEMPLATE associated with this field */ -- const ASN1_TEMPLATE *tt; -- /* Various flags associated with field and context */ -+struct asn1_pctx_st { - unsigned long flags; -- /* If SEQUENCE OF or SET OF, field index */ -- int skidx; -- /* ASN1 depth of field */ -- int depth; -- /* Structure and field name */ -- const char *sname, *fname; -- /* If a primitive type the type of underlying field */ -- int prim_type; -- /* The field value itself */ -- ASN1_VALUE **field; -- /* Callback to pass information to */ -- int (*scan_cb) (ASN1_SCTX *ctx); -- /* Context specific application data */ -- void *app_data; --} /* ASN1_SCTX */ ; -- --typedef struct mime_param_st MIME_PARAM; --DEFINE_STACK_OF(MIME_PARAM) --typedef struct mime_header_st MIME_HEADER; --DEFINE_STACK_OF(MIME_HEADER) -- --/* Month values for printing out times */ --extern const char *_asn1_mon[12]; -- --void asn1_string_embed_free(ASN1_STRING *a, int embed); -+ unsigned long nm_flags; -+ unsigned long cert_flags; -+ unsigned long oid_flags; -+ unsigned long str_flags; -+} /* ASN1_PCTX */ ; - --int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it); --int asn1_set_choice_selector(ASN1_VALUE **pval, int value, -- const ASN1_ITEM *it); -+/* ASN1 public key method structure */ - --ASN1_VALUE **asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); -+struct evp_pkey_asn1_method_st { -+ int pkey_id; -+ int pkey_base_id; -+ unsigned long pkey_flags; -+ char *pem_str; -+ char *info; -+ int (*pub_decode) (EVP_PKEY *pk, X509_PUBKEY *pub); -+ int (*pub_encode) (X509_PUBKEY *pub, const EVP_PKEY *pk); -+ int (*pub_cmp) (const EVP_PKEY *a, const EVP_PKEY *b); -+ int (*pub_print) (BIO *out, const EVP_PKEY *pkey, int indent, -+ ASN1_PCTX *pctx); -+ int (*priv_decode) (EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf); -+ int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk); -+ int (*priv_print) (BIO *out, const EVP_PKEY *pkey, int indent, -+ ASN1_PCTX *pctx); -+ int (*pkey_size) (const EVP_PKEY *pk); -+ int (*pkey_bits) (const EVP_PKEY *pk); -+ int (*param_decode) (EVP_PKEY *pkey, -+ const unsigned char **pder, int derlen); -+ int (*param_encode) (const EVP_PKEY *pkey, unsigned char **pder); -+ int (*param_missing) (const EVP_PKEY *pk); -+ int (*param_copy) (EVP_PKEY *to, const EVP_PKEY *from); -+ int (*param_cmp) (const EVP_PKEY *a, const EVP_PKEY *b); -+ int (*param_print) (BIO *out, const EVP_PKEY *pkey, int indent, -+ ASN1_PCTX *pctx); -+ int (*sig_print) (BIO *out, -+ const X509_ALGOR *sigalg, const ASN1_STRING *sig, -+ int indent, ASN1_PCTX *pctx); -+ void (*pkey_free) (EVP_PKEY *pkey); -+ int (*pkey_ctrl) (EVP_PKEY *pkey, int op, long arg1, void *arg2); -+ /* Legacy functions for old PEM */ -+ int (*old_priv_decode) (EVP_PKEY *pkey, -+ const unsigned char **pder, int derlen); -+ int (*old_priv_encode) (const EVP_PKEY *pkey, unsigned char **pder); -+ /* Custom ASN1 signature verification */ -+ int (*item_verify) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, -+ X509_ALGOR *a, ASN1_BIT_STRING *sig, EVP_PKEY *pkey); -+ int (*item_sign) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, -+ X509_ALGOR *alg1, X509_ALGOR *alg2, -+ ASN1_BIT_STRING *sig); -+} /* EVP_PKEY_ASN1_METHOD */ ; - --const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, -- int nullerr); -- --int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it); -- --void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it); --void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it); --int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, -- const ASN1_ITEM *it); --int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, -- const ASN1_ITEM *it); -+/* -+ * Method to handle CRL access. In general a CRL could be very large (several -+ * Mb) and can consume large amounts of resources if stored in memory by -+ * multiple processes. This method allows general CRL operations to be -+ * redirected to more efficient callbacks: for example a CRL entry database. -+ */ - --void asn1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed); --void asn1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); -+#define X509_CRL_METHOD_DYNAMIC 1 - --ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, -- long length); --int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp); --ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, -- const unsigned char **pp, long length); --int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp); --ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, -- long length); -+struct x509_crl_method_st { -+ int flags; -+ int (*crl_init) (X509_CRL *crl); -+ int (*crl_free) (X509_CRL *crl); -+ int (*crl_lookup) (X509_CRL *crl, X509_REVOKED **ret, -+ ASN1_INTEGER *ser, X509_NAME *issuer); -+ int (*crl_verify) (X509_CRL *crl, EVP_PKEY *pk); -+}; -diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn1_par.c b/Cryptlib/OpenSSL/crypto/asn1/asn1_par.c -index 4db3df9..e85e339 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/asn1_par.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/asn1_par.c -@@ -1,14 +1,63 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/asn1/asn1_par.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include -@@ -76,19 +125,28 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, - ASN1_OBJECT *o = NULL; - ASN1_OCTET_STRING *os = NULL; - /* ASN1_BMPSTRING *bmp=NULL; */ -- int dump_indent, dump_cont = 0; -+ int dump_indent; -+ -+#if 0 -+ dump_indent = indent; -+#else -+ dump_indent = 6; /* Because we know BIO_dump_indent() */ -+#endif - - if (depth > ASN1_PARSE_MAXDEPTH) { - BIO_puts(bp, "BAD RECURSION DEPTH\n"); - return 0; - } - -- dump_indent = 6; /* Because we know BIO_dump_indent() */ - p = *pp; - tot = p + length; -- while (length > 0) { -+ op = p - 1; -+ while ((p < tot) && (op < p)) { - op = p; - j = ASN1_get_object(&p, &len, &tag, &xclass, length); -+#ifdef LINT -+ j = j; -+#endif - if (j & 0x80) { - if (BIO_write(bp, "Error in encoding\n", 18) <= 0) - goto end; -@@ -115,7 +173,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, - if (!asn1_print_info(bp, tag, xclass, j, (indent) ? depth : 0)) - goto end; - if (j & V_ASN1_CONSTRUCTED) { -- const unsigned char *sp = p; -+ const unsigned char *sp; - - ep = p + len; - if (BIO_write(bp, "\n", 1) <= 0) -@@ -126,6 +184,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, - goto end; - } - if ((j == 0x21) && (len == 0)) { -+ sp = p; - for (;;) { - r = asn1_parse2(bp, &p, (long)(tot - p), - offset + (p - *pp), depth + 1, -@@ -144,8 +203,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, - - while (p < ep) { - sp = p; -- r = asn1_parse2(bp, &p, tmp, -- offset + (p - *pp), depth + 1, -+ r = asn1_parse2(bp, &p, tmp, offset + (p - *pp), depth + 1, - indent, dump); - if (r == 0) { - ret = 0; -@@ -179,18 +237,19 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, - goto end; - i2a_ASN1_OBJECT(bp, o); - } else { -- if (BIO_puts(bp, ":BAD OBJECT") <= 0) -+ if (BIO_write(bp, ":BAD OBJECT", 11) <= 0) - goto end; -- dump_cont = 1; - } - } else if (tag == V_ASN1_BOOLEAN) { -- if (len != 1) { -- if (BIO_puts(bp, ":BAD BOOLEAN") <= 0) -+ int ii; -+ -+ opp = op; -+ ii = d2i_ASN1_BOOLEAN(NULL, &opp, len + hl); -+ if (ii < 0) { -+ if (BIO_write(bp, "Bad boolean\n", 12) <= 0) - goto end; -- dump_cont = 1; - } -- if (len > 0) -- BIO_printf(bp, ":%u", p[0]); -+ BIO_printf(bp, ":%d", ii); - } else if (tag == V_ASN1_BMPSTRING) { - /* do the BMP thang */ - } else if (tag == V_ASN1_OCTET_STRING) { -@@ -247,8 +306,10 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, - nl = 1; - } - } -- ASN1_OCTET_STRING_free(os); -- os = NULL; -+ if (os != NULL) { -+ M_ASN1_OCTET_STRING_free(os); -+ os = NULL; -+ } - } else if (tag == V_ASN1_INTEGER) { - ASN1_INTEGER *bs; - int i; -@@ -270,11 +331,10 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, - goto end; - } - } else { -- if (BIO_puts(bp, ":BAD INTEGER") <= 0) -+ if (BIO_write(bp, "BAD INTEGER", 11) <= 0) - goto end; -- dump_cont = 1; - } -- ASN1_INTEGER_free(bs); -+ M_ASN1_INTEGER_free(bs); - } else if (tag == V_ASN1_ENUMERATED) { - ASN1_ENUMERATED *bs; - int i; -@@ -296,11 +356,10 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, - goto end; - } - } else { -- if (BIO_puts(bp, ":BAD ENUMERATED") <= 0) -+ if (BIO_write(bp, "BAD ENUMERATED", 14) <= 0) - goto end; -- dump_cont = 1; - } -- ASN1_ENUMERATED_free(bs); -+ M_ASN1_ENUMERATED_free(bs); - } else if (len > 0 && dump) { - if (!nl) { - if (BIO_write(bp, "\n", 1) <= 0) -@@ -312,18 +371,6 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, - goto end; - nl = 1; - } -- if (dump_cont) { -- int i; -- const unsigned char *tmp = op + hl; -- if (BIO_puts(bp, ":[") <= 0) -- goto end; -- for (i = 0; i < len; i++) { -- if (BIO_printf(bp, "%02X", tmp[i]) <= 0) -- goto end; -- } -- if (BIO_puts(bp, "]") <= 0) -- goto end; -- } - - if (!nl) { - if (BIO_write(bp, "\n", 1) <= 0) -@@ -339,8 +386,10 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, - } - ret = 1; - end: -- ASN1_OBJECT_free(o); -- ASN1_OCTET_STRING_free(os); -+ if (o != NULL) -+ ASN1_OBJECT_free(o); -+ if (os != NULL) -+ M_ASN1_OCTET_STRING_free(os); - *pp = p; - return (ret); - } -diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c b/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c -index d7ec801..5170906 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c -@@ -1,21 +1,65 @@ -+/* asn_mime.c */ - /* -- * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -+ * project. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include - #include --#include "internal/evp_int.h" --#include "internal/bio.h" - #include "asn1_locl.h" - - /* -@@ -28,35 +72,41 @@ - * from parameter values. Quotes are stripped off - */ - --struct mime_param_st { -+typedef struct { - char *param_name; /* Param name e.g. "micalg" */ - char *param_value; /* Param value e.g. "sha1" */ --}; -+} MIME_PARAM; - --struct mime_header_st { -+DECLARE_STACK_OF(MIME_PARAM) -+IMPLEMENT_STACK_OF(MIME_PARAM) -+ -+typedef struct { - char *name; /* Name of line e.g. "content-type" */ - char *value; /* Value of line e.g. "text/plain" */ - STACK_OF(MIME_PARAM) *params; /* Zero or more parameters */ --}; -+} MIME_HEADER; -+ -+DECLARE_STACK_OF(MIME_HEADER) -+IMPLEMENT_STACK_OF(MIME_HEADER) - - static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags, - const ASN1_ITEM *it); - static char *strip_ends(char *name); - static char *strip_start(char *name); - static char *strip_end(char *name); --static MIME_HEADER *mime_hdr_new(const char *name, const char *value); --static int mime_hdr_addparam(MIME_HEADER *mhdr, const char *name, const char *value); -+static MIME_HEADER *mime_hdr_new(char *name, char *value); -+static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value); - static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio); - static int mime_hdr_cmp(const MIME_HEADER *const *a, - const MIME_HEADER *const *b); - static int mime_param_cmp(const MIME_PARAM *const *a, - const MIME_PARAM *const *b); - static void mime_param_free(MIME_PARAM *param); --static int mime_bound_check(char *line, int linelen, const char *bound, int blen); --static int multi_split(BIO *bio, const char *bound, STACK_OF(BIO) **ret); --static int strip_eol(char *linebuf, int *plen, int flags); --static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, const char *name); --static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, const char *name); -+static int mime_bound_check(char *line, int linelen, char *bound, int blen); -+static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret); -+static int strip_eol(char *linebuf, int *plen); -+static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name); -+static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name); - static void mime_hdr_free(MIME_HEADER *hdr); - - #define MAX_SMLEN 1024 -@@ -101,7 +151,7 @@ static int B64_write_ASN1(BIO *out, ASN1_VALUE *val, BIO *in, int flags, - BIO *b64; - int r; - b64 = BIO_new(BIO_f_base64()); -- if (b64 == NULL) { -+ if (!b64) { - ASN1err(ASN1_F_B64_WRITE_ASN1, ERR_R_MALLOC_FAILURE); - return 0; - } -@@ -132,8 +182,7 @@ static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it) - { - BIO *b64; - ASN1_VALUE *val; -- -- if ((b64 = BIO_new(BIO_f_base64())) == NULL) { -+ if (!(b64 = BIO_new(BIO_f_base64()))) { - ASN1err(ASN1_F_B64_READ_ASN1, ERR_R_MALLOC_FAILURE); - return 0; - } -@@ -142,7 +191,7 @@ static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it) - if (!val) - ASN1err(ASN1_F_B64_READ_ASN1, ASN1_R_DECODE_ERROR); - (void)BIO_flush(bio); -- BIO_pop(bio); -+ bio = BIO_pop(bio); - BIO_free(b64); - return val; - } -@@ -197,6 +246,7 @@ static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs) - case NID_id_GostR3411_94: - BIO_puts(out, "gostr3411-94"); - goto err; -+ break; - - default: - if (have_unknown) -@@ -320,7 +370,7 @@ static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags, - int rv = 1; - - /* -- * If data is not detached or resigning then the output BIO is already -+ * If data is not deteched or resigning then the output BIO is already - * set up to finalise when it is written through. - */ - if (!(flags & SMIME_DETACHED) || (flags & PKCS7_REUSE_DIGEST)) { -@@ -380,13 +430,12 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it) - if (bcont) - *bcont = NULL; - -- if ((headers = mime_parse_hdr(bio)) == NULL) { -+ if (!(headers = mime_parse_hdr(bio))) { - ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_MIME_PARSE_ERROR); - return NULL; - } - -- if ((hdr = mime_hdr_find(headers, "content-type")) == NULL -- || hdr->value == NULL) { -+ if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) { - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_CONTENT_TYPE); - return NULL; -@@ -394,7 +443,7 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it) - - /* Handle multipart/signed */ - -- if (strcmp(hdr->value, "multipart/signed") == 0) { -+ if (!strcmp(hdr->value, "multipart/signed")) { - /* Split into two parts */ - prm = mime_param_find(hdr, "boundary"); - if (!prm || !prm->param_value) { -@@ -413,7 +462,7 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it) - /* Parse the signature piece */ - asnin = sk_BIO_value(parts, 1); - -- if ((headers = mime_parse_hdr(asnin)) == NULL) { -+ if (!(headers = mime_parse_hdr(asnin))) { - ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_MIME_SIG_PARSE_ERROR); - sk_BIO_pop_free(parts, BIO_vfree); - return NULL; -@@ -421,8 +470,7 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it) - - /* Get content type */ - -- if ((hdr = mime_hdr_find(headers, "content-type")) == NULL -- || hdr->value == NULL) { -+ if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) { - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_SIG_CONTENT_TYPE); - return NULL; -@@ -438,7 +486,7 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it) - } - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - /* Read in ASN1 */ -- if ((val = b64_read_asn1(asnin, it)) == NULL) { -+ if (!(val = b64_read_asn1(asnin, it))) { - ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_ASN1_SIG_PARSE_ERROR); - sk_BIO_pop_free(parts, BIO_vfree); - return NULL; -@@ -465,7 +513,7 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it) - - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - -- if ((val = b64_read_asn1(bio, it)) == NULL) { -+ if (!(val = b64_read_asn1(bio, it))) { - ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_ASN1_PARSE_ERROR); - return NULL; - } -@@ -485,32 +533,20 @@ int SMIME_crlf_copy(BIO *in, BIO *out, int flags) - * when streaming as we don't end up with one OCTET STRING per line. - */ - bf = BIO_new(BIO_f_buffer()); -- if (bf == NULL) -+ if (!bf) - return 0; - out = BIO_push(bf, out); - if (flags & SMIME_BINARY) { - while ((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0) - BIO_write(out, linebuf, len); - } else { -- int eolcnt = 0; - if (flags & SMIME_TEXT) - BIO_printf(out, "Content-Type: text/plain\r\n\r\n"); - while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) { -- eol = strip_eol(linebuf, &len, flags); -- if (len) { -- /* Not EOF: write out all CRLF */ -- if (flags & SMIME_ASCIICRLF) { -- int i; -- for (i = 0; i < eolcnt; i++) -- BIO_write(out, "\r\n", 2); -- eolcnt = 0; -- } -+ eol = strip_eol(linebuf, &len); -+ if (len) - BIO_write(out, linebuf, len); -- if (eol) -- BIO_write(out, "\r\n", 2); -- } else if (flags & SMIME_ASCIICRLF) -- eolcnt++; -- else if (eol) -+ if (eol) - BIO_write(out, "\r\n", 2); - } - } -@@ -528,12 +564,11 @@ int SMIME_text(BIO *in, BIO *out) - STACK_OF(MIME_HEADER) *headers; - MIME_HEADER *hdr; - -- if ((headers = mime_parse_hdr(in)) == NULL) { -+ if (!(headers = mime_parse_hdr(in))) { - ASN1err(ASN1_F_SMIME_TEXT, ASN1_R_MIME_PARSE_ERROR); - return 0; - } -- if ((hdr = mime_hdr_find(headers, "content-type")) == NULL -- || hdr->value == NULL) { -+ if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) { - ASN1err(ASN1_F_SMIME_TEXT, ASN1_R_MIME_NO_CONTENT_TYPE); - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - return 0; -@@ -557,7 +592,7 @@ int SMIME_text(BIO *in, BIO *out) - * canonical parts in a STACK of bios - */ - --static int multi_split(BIO *bio, const char *bound, STACK_OF(BIO) **ret) -+static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret) - { - char linebuf[MAX_SMLEN]; - int len, blen; -@@ -572,32 +607,24 @@ static int multi_split(BIO *bio, const char *bound, STACK_OF(BIO) **ret) - first = 1; - parts = sk_BIO_new_null(); - *ret = parts; -- if (*ret == NULL) -- return 0; - while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { - state = mime_bound_check(linebuf, len, bound, blen); - if (state == 1) { - first = 1; - part++; - } else if (state == 2) { -- if (!sk_BIO_push(parts, bpart)) { -- BIO_free(bpart); -- return 0; -- } -+ sk_BIO_push(parts, bpart); - return 1; - } else if (part) { - /* Strip CR+LF from linebuf */ -- next_eol = strip_eol(linebuf, &len, 0); -+ next_eol = strip_eol(linebuf, &len); - if (first) { - first = 0; - if (bpart) -- if (!sk_BIO_push(parts, bpart)) { -- BIO_free(bpart); -- return 0; -- } -+ sk_BIO_push(parts, bpart); - bpart = BIO_new(BIO_s_mem()); - if (bpart == NULL) -- return 0; -+ return 1; - BIO_set_mem_eof_return(bpart, 0); - } else if (eol) - BIO_write(bpart, "\r\n", 2); -@@ -606,7 +633,6 @@ static int multi_split(BIO *bio, const char *bound, STACK_OF(BIO) **ret) - BIO_write(bpart, linebuf, len); - } - } -- BIO_free(bpart); - return 0; - } - -@@ -625,12 +651,12 @@ static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio) - char *p, *q, c; - char *ntmp; - char linebuf[MAX_SMLEN]; -- MIME_HEADER *mhdr = NULL, *new_hdr = NULL; -+ MIME_HEADER *mhdr = NULL; - STACK_OF(MIME_HEADER) *headers; - int len, state, save_state = 0; - - headers = sk_MIME_HEADER_new(mime_hdr_cmp); -- if (headers == NULL) -+ if (!headers) - return NULL; - while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { - /* If whitespace at line start then continuation line */ -@@ -662,13 +688,8 @@ static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio) - if (c == ';') { - mime_debug("Found End Value\n"); - *p = 0; -- new_hdr = mime_hdr_new(ntmp, strip_ends(q)); -- if (new_hdr == NULL) -- goto err; -- if (!sk_MIME_HEADER_push(headers, new_hdr)) -- goto err; -- mhdr = new_hdr; -- new_hdr = NULL; -+ mhdr = mime_hdr_new(ntmp, strip_ends(q)); -+ sk_MIME_HEADER_push(headers, mhdr); - ntmp = NULL; - q = p + 1; - state = MIME_NAME; -@@ -719,13 +740,8 @@ static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio) - } - - if (state == MIME_TYPE) { -- new_hdr = mime_hdr_new(ntmp, strip_ends(q)); -- if (new_hdr == NULL) -- goto err; -- if (!sk_MIME_HEADER_push(headers, new_hdr)) -- goto err; -- mhdr = new_hdr; -- new_hdr = NULL; -+ mhdr = mime_hdr_new(ntmp, strip_ends(q)); -+ sk_MIME_HEADER_push(headers, mhdr); - } else if (state == MIME_VALUE) - mime_hdr_addparam(mhdr, ntmp, strip_ends(q)); - if (p == linebuf) -@@ -734,10 +750,6 @@ static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio) - - return headers; - --err: -- mime_hdr_free(new_hdr); -- sk_MIME_HEADER_pop_free(headers, mime_hdr_free); -- return NULL; - } - - static char *strip_ends(char *name) -@@ -787,14 +799,13 @@ static char *strip_end(char *name) - return NULL; - } - --static MIME_HEADER *mime_hdr_new(const char *name, const char *value) -+static MIME_HEADER *mime_hdr_new(char *name, char *value) - { -- MIME_HEADER *mhdr = NULL; -- char *tmpname = NULL, *tmpval = NULL, *p; -+ MIME_HEADER *mhdr; -+ char *tmpname, *tmpval, *p; - int c; -- - if (name) { -- if ((tmpname = OPENSSL_strdup(name)) == NULL) -+ if (!(tmpname = BUF_strdup(name))) - return NULL; - for (p = tmpname; *p; p++) { - c = (unsigned char)*p; -@@ -803,10 +814,11 @@ static MIME_HEADER *mime_hdr_new(const char *name, const char *value) - *p = c; - } - } -- } -+ } else -+ tmpname = NULL; - if (value) { -- if ((tmpval = OPENSSL_strdup(value)) == NULL) -- goto err; -+ if (!(tmpval = BUF_strdup(value))) -+ return NULL; - for (p = tmpval; *p; p++) { - c = (unsigned char)*p; - if (isupper(c)) { -@@ -814,32 +826,27 @@ static MIME_HEADER *mime_hdr_new(const char *name, const char *value) - *p = c; - } - } -- } -- mhdr = OPENSSL_malloc(sizeof(*mhdr)); -- if (mhdr == NULL) -- goto err; -+ } else -+ tmpval = NULL; -+ mhdr = (MIME_HEADER *)OPENSSL_malloc(sizeof(MIME_HEADER)); -+ if (!mhdr) -+ return NULL; - mhdr->name = tmpname; - mhdr->value = tmpval; -- if ((mhdr->params = sk_MIME_PARAM_new(mime_param_cmp)) == NULL) -- goto err; -+ if (!(mhdr->params = sk_MIME_PARAM_new(mime_param_cmp))) -+ return NULL; - return mhdr; -- -- err: -- OPENSSL_free(tmpname); -- OPENSSL_free(tmpval); -- OPENSSL_free(mhdr); -- return NULL; - } - --static int mime_hdr_addparam(MIME_HEADER *mhdr, const char *name, const char *value) -+static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value) - { -- char *tmpname = NULL, *tmpval = NULL, *p; -+ char *tmpname, *tmpval, *p; - int c; -- MIME_PARAM *mparam = NULL; -+ MIME_PARAM *mparam; - if (name) { -- tmpname = OPENSSL_strdup(name); -+ tmpname = BUF_strdup(name); - if (!tmpname) -- goto err; -+ return 0; - for (p = tmpname; *p; p++) { - c = (unsigned char)*p; - if (isupper(c)) { -@@ -847,26 +854,22 @@ static int mime_hdr_addparam(MIME_HEADER *mhdr, const char *name, const char *va - *p = c; - } - } -- } -+ } else -+ tmpname = NULL; - if (value) { -- tmpval = OPENSSL_strdup(value); -+ tmpval = BUF_strdup(value); - if (!tmpval) -- goto err; -- } -+ return 0; -+ } else -+ tmpval = NULL; - /* Parameter values are case sensitive so leave as is */ -- mparam = OPENSSL_malloc(sizeof(*mparam)); -- if (mparam == NULL) -- goto err; -+ mparam = (MIME_PARAM *)OPENSSL_malloc(sizeof(MIME_PARAM)); -+ if (!mparam) -+ return 0; - mparam->param_name = tmpname; - mparam->param_value = tmpval; -- if (!sk_MIME_PARAM_push(mhdr->params, mparam)) -- goto err; -+ sk_MIME_PARAM_push(mhdr->params, mparam); - return 1; -- err: -- OPENSSL_free(tmpname); -- OPENSSL_free(tmpval); -- OPENSSL_free(mparam); -- return 0; - } - - static int mime_hdr_cmp(const MIME_HEADER *const *a, -@@ -888,28 +891,22 @@ static int mime_param_cmp(const MIME_PARAM *const *a, - - /* Find a header with a given name (if possible) */ - --static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, const char *name) -+static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name) - { - MIME_HEADER htmp; - int idx; -- -- htmp.name = (char *)name; -- htmp.value = NULL; -- htmp.params = NULL; -- -+ htmp.name = name; - idx = sk_MIME_HEADER_find(hdrs, &htmp); - if (idx < 0) - return NULL; - return sk_MIME_HEADER_value(hdrs, idx); - } - --static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, const char *name) -+static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name) - { - MIME_PARAM param; - int idx; -- -- param.param_name = (char *)name; -- param.param_value = NULL; -+ param.param_name = name; - idx = sk_MIME_PARAM_find(hdr->params, ¶m); - if (idx < 0) - return NULL; -@@ -918,10 +915,10 @@ static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, const char *name) - - static void mime_hdr_free(MIME_HEADER *hdr) - { -- if (hdr == NULL) -- return; -- OPENSSL_free(hdr->name); -- OPENSSL_free(hdr->value); -+ if (hdr->name) -+ OPENSSL_free(hdr->name); -+ if (hdr->value) -+ OPENSSL_free(hdr->value); - if (hdr->params) - sk_MIME_PARAM_pop_free(hdr->params, mime_param_free); - OPENSSL_free(hdr); -@@ -929,8 +926,10 @@ static void mime_hdr_free(MIME_HEADER *hdr) - - static void mime_param_free(MIME_PARAM *param) - { -- OPENSSL_free(param->param_name); -- OPENSSL_free(param->param_value); -+ if (param->param_name) -+ OPENSSL_free(param->param_name); -+ if (param->param_value) -+ OPENSSL_free(param->param_value); - OPENSSL_free(param); - } - -@@ -940,7 +939,7 @@ static void mime_param_free(MIME_PARAM *param) - * 1 : part boundary - * 2 : final boundary - */ --static int mime_bound_check(char *line, int linelen, const char *bound, int blen) -+static int mime_bound_check(char *line, int linelen, char *bound, int blen) - { - if (linelen == -1) - linelen = strlen(line); -@@ -950,9 +949,8 @@ static int mime_bound_check(char *line, int linelen, const char *bound, int blen - if (blen + 2 > linelen) - return 0; - /* Check for part boundary */ -- if ((strncmp(line, "--", 2) == 0) -- && strncmp(line + 2, bound, blen) == 0) { -- if (strncmp(line + blen + 2, "--", 2) == 0) -+ if (!strncmp(line, "--", 2) && !strncmp(line + 2, bound, blen)) { -+ if (!strncmp(line + blen + 2, "--", 2)) - return 2; - else - return 1; -@@ -960,7 +958,7 @@ static int mime_bound_check(char *line, int linelen, const char *bound, int blen - return 0; - } - --static int strip_eol(char *linebuf, int *plen, int flags) -+static int strip_eol(char *linebuf, int *plen) - { - int len = *plen; - char *p, c; -@@ -970,8 +968,6 @@ static int strip_eol(char *linebuf, int *plen, int flags) - c = *p; - if (c == '\n') - is_eol = 1; -- else if (is_eol && flags & SMIME_ASCIICRLF && c < 33) -- continue; - else if (c != '\r') - break; - } -diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn_moid.c b/Cryptlib/OpenSSL/crypto/asn1/asn_moid.c -index 8176b76..fab2dd9 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/asn_moid.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/asn_moid.c -@@ -1,24 +1,73 @@ -+/* asn_moid.c */ - /* -- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project -+ * 2001. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2001-2004 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include - #include - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include -+#include - #include --#include "internal/asn1_int.h" --#include "internal/objects.h" - - /* Simple ASN1 OID module: add all objects in a given section */ - --static int do_create(const char *value, const char *name); -+static int do_create(char *value, char *name); - - static int oid_module_init(CONF_IMODULE *md, const CONF *cnf) - { -@@ -26,9 +75,8 @@ static int oid_module_init(CONF_IMODULE *md, const CONF *cnf) - const char *oid_section; - STACK_OF(CONF_VALUE) *sktmp; - CONF_VALUE *oval; -- - oid_section = CONF_imodule_get_value(md); -- if ((sktmp = NCONF_get_section(cnf, oid_section)) == NULL) { -+ if (!(sktmp = NCONF_get_section(cnf, oid_section))) { - ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ERROR_LOADING_SECTION); - return 0; - } -@@ -44,6 +92,7 @@ static int oid_module_init(CONF_IMODULE *md, const CONF *cnf) - - static void oid_module_finish(CONF_IMODULE *md) - { -+ OBJ_cleanup(); - } - - void ASN1_add_oid_module(void) -@@ -57,12 +106,11 @@ void ASN1_add_oid_module(void) - * shortname = some long name, 1.2.3.4 - */ - --static int do_create(const char *value, const char *name) -+static int do_create(char *value, char *name) - { - int nid; - ASN1_OBJECT *oid; -- const char *ln, *ostr, *p; -- char *lntmp; -+ char *ln, *ostr, *p, *lntmp; - p = strrchr(value, ','); - if (!p) { - ln = name; -diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn_mstbl.c b/Cryptlib/OpenSSL/crypto/asn1/asn_mstbl.c -deleted file mode 100644 -index 8260939..0000000 ---- a/Cryptlib/OpenSSL/crypto/asn1/asn_mstbl.c -+++ /dev/null -@@ -1,114 +0,0 @@ --/* -- * Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include --#include --#include --#include "internal/cryptlib.h" --#include --#include -- --/* Multi string module: add table entries from a given section */ -- --static int do_tcreate(const char *value, const char *name); -- --static int stbl_module_init(CONF_IMODULE *md, const CONF *cnf) --{ -- int i; -- const char *stbl_section; -- STACK_OF(CONF_VALUE) *sktmp; -- CONF_VALUE *mval; -- -- stbl_section = CONF_imodule_get_value(md); -- if ((sktmp = NCONF_get_section(cnf, stbl_section)) == NULL) { -- ASN1err(ASN1_F_STBL_MODULE_INIT, ASN1_R_ERROR_LOADING_SECTION); -- return 0; -- } -- for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) { -- mval = sk_CONF_VALUE_value(sktmp, i); -- if (!do_tcreate(mval->value, mval->name)) { -- ASN1err(ASN1_F_STBL_MODULE_INIT, ASN1_R_INVALID_VALUE); -- return 0; -- } -- } -- return 1; --} -- --static void stbl_module_finish(CONF_IMODULE *md) --{ -- ASN1_STRING_TABLE_cleanup(); --} -- --void ASN1_add_stable_module(void) --{ -- CONF_module_add("stbl_section", stbl_module_init, stbl_module_finish); --} -- --/* -- * Create an table entry based on a name value pair. format is oid_name = -- * n1:v1, n2:v2,... where name is "min", "max", "mask" or "flags". -- */ -- --static int do_tcreate(const char *value, const char *name) --{ -- char *eptr; -- int nid, i, rv = 0; -- long tbl_min = -1, tbl_max = -1; -- unsigned long tbl_mask = 0, tbl_flags = 0; -- STACK_OF(CONF_VALUE) *lst = NULL; -- CONF_VALUE *cnf = NULL; -- nid = OBJ_sn2nid(name); -- if (nid == NID_undef) -- nid = OBJ_ln2nid(name); -- if (nid == NID_undef) -- goto err; -- lst = X509V3_parse_list(value); -- if (!lst) -- goto err; -- for (i = 0; i < sk_CONF_VALUE_num(lst); i++) { -- cnf = sk_CONF_VALUE_value(lst, i); -- if (strcmp(cnf->name, "min") == 0) { -- tbl_min = strtoul(cnf->value, &eptr, 0); -- if (*eptr) -- goto err; -- } else if (strcmp(cnf->name, "max") == 0) { -- tbl_max = strtoul(cnf->value, &eptr, 0); -- if (*eptr) -- goto err; -- } else if (strcmp(cnf->name, "mask") == 0) { -- if (!ASN1_str2mask(cnf->value, &tbl_mask) || !tbl_mask) -- goto err; -- } else if (strcmp(cnf->name, "flags") == 0) { -- if (strcmp(cnf->value, "nomask") == 0) -- tbl_flags = STABLE_NO_MASK; -- else if (strcmp(cnf->value, "none") == 0) -- tbl_flags = STABLE_FLAGS_CLEAR; -- else -- goto err; -- } else -- goto err; -- } -- rv = 1; -- err: -- if (rv == 0) { -- ASN1err(ASN1_F_DO_TCREATE, ASN1_R_INVALID_STRING_TABLE_VALUE); -- if (cnf) -- ERR_add_error_data(4, "field=", cnf->name, -- ", value=", cnf->value); -- else -- ERR_add_error_data(4, "name=", name, ", value=", value); -- } else { -- rv = ASN1_STRING_TABLE_add(nid, tbl_min, tbl_max, -- tbl_mask, tbl_flags); -- if (!rv) -- ASN1err(ASN1_F_DO_TCREATE, ERR_R_MALLOC_FAILURE); -- } -- sk_CONF_VALUE_pop_free(lst, X509V3_conf_free); -- return rv; --} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn_pack.c b/Cryptlib/OpenSSL/crypto/asn1/asn_pack.c -index 63bc306..366caf0 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/asn_pack.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/asn_pack.c -@@ -1,62 +1,207 @@ -+/* asn_pack.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - -+#ifndef NO_ASN1_OLD -+ - /* ASN1 packing and unpacking functions */ - --ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct) -+/* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */ -+ -+STACK_OF(OPENSSL_BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len, -+ d2i_of_void *d2i, -+ void (*free_func) (OPENSSL_BLOCK)) -+{ -+ STACK_OF(OPENSSL_BLOCK) *sk; -+ const unsigned char *pbuf; -+ pbuf = buf; -+ if (!(sk = d2i_ASN1_SET(NULL, &pbuf, len, d2i, free_func, -+ V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL))) -+ ASN1err(ASN1_F_ASN1_SEQ_UNPACK, ASN1_R_DECODE_ERROR); -+ return sk; -+} -+ -+/* -+ * Turn a STACK structures into an ASN1 encoded SEQUENCE OF structure in a -+ * OPENSSL_malloc'ed buffer -+ */ -+ -+unsigned char *ASN1_seq_pack(STACK_OF(OPENSSL_BLOCK) *safes, i2d_of_void *i2d, -+ unsigned char **buf, int *len) -+{ -+ int safelen; -+ unsigned char *safe, *p; -+ if (!(safelen = i2d_ASN1_SET(safes, NULL, i2d, V_ASN1_SEQUENCE, -+ V_ASN1_UNIVERSAL, IS_SEQUENCE))) { -+ ASN1err(ASN1_F_ASN1_SEQ_PACK, ASN1_R_ENCODE_ERROR); -+ return NULL; -+ } -+ if (!(safe = OPENSSL_malloc(safelen))) { -+ ASN1err(ASN1_F_ASN1_SEQ_PACK, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ p = safe; -+ i2d_ASN1_SET(safes, &p, i2d, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, -+ IS_SEQUENCE); -+ if (len) -+ *len = safelen; -+ if (buf) -+ *buf = safe; -+ return safe; -+} -+ -+/* Extract an ASN1 object from an ASN1_STRING */ -+ -+void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i) -+{ -+ const unsigned char *p; -+ char *ret; -+ -+ p = oct->data; -+ if (!(ret = d2i(NULL, &p, oct->length))) -+ ASN1err(ASN1_F_ASN1_UNPACK_STRING, ASN1_R_DECODE_ERROR); -+ return ret; -+} -+ -+/* Pack an ASN1 object into an ASN1_STRING */ -+ -+ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d, ASN1_STRING **oct) - { -+ unsigned char *p; - ASN1_STRING *octmp; - -- if (oct == NULL || *oct == NULL) { -- if ((octmp = ASN1_STRING_new()) == NULL) { -- ASN1err(ASN1_F_ASN1_ITEM_PACK, ERR_R_MALLOC_FAILURE); -+ if (!oct || !*oct) { -+ if (!(octmp = ASN1_STRING_new())) { -+ ASN1err(ASN1_F_ASN1_PACK_STRING, ERR_R_MALLOC_FAILURE); - return NULL; - } -- } else { -+ if (oct) -+ *oct = octmp; -+ } else - octmp = *oct; -- } -- -- OPENSSL_free(octmp->data); -- octmp->data = NULL; - -- if ((octmp->length = ASN1_item_i2d(obj, &octmp->data, it)) == 0) { -- ASN1err(ASN1_F_ASN1_ITEM_PACK, ASN1_R_ENCODE_ERROR); -+ if (!(octmp->length = i2d(obj, NULL))) { -+ ASN1err(ASN1_F_ASN1_PACK_STRING, ASN1_R_ENCODE_ERROR); - goto err; - } -- if (octmp->data == NULL) { -- ASN1err(ASN1_F_ASN1_ITEM_PACK, ERR_R_MALLOC_FAILURE); -+ if (!(p = OPENSSL_malloc(octmp->length))) { -+ ASN1err(ASN1_F_ASN1_PACK_STRING, ERR_R_MALLOC_FAILURE); - goto err; - } -- -- if (oct != NULL && *oct == NULL) -- *oct = octmp; -- -+ octmp->data = p; -+ i2d(obj, &p); - return octmp; - err: -- if (oct == NULL || *oct == NULL) -+ if (!oct || !*oct) { - ASN1_STRING_free(octmp); -+ if (oct) -+ *oct = NULL; -+ } - return NULL; - } - -+#endif -+ -+/* ASN1_ITEM versions of the above */ -+ -+ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct) -+{ -+ ASN1_STRING *octmp; -+ -+ if (!oct || !*oct) { -+ if (!(octmp = ASN1_STRING_new())) { -+ ASN1err(ASN1_F_ASN1_ITEM_PACK, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ if (oct) -+ *oct = octmp; -+ } else -+ octmp = *oct; -+ -+ if (octmp->data) { -+ OPENSSL_free(octmp->data); -+ octmp->data = NULL; -+ } -+ -+ if (!(octmp->length = ASN1_item_i2d(obj, &octmp->data, it))) { -+ ASN1err(ASN1_F_ASN1_ITEM_PACK, ASN1_R_ENCODE_ERROR); -+ return NULL; -+ } -+ if (!octmp->data) { -+ ASN1err(ASN1_F_ASN1_ITEM_PACK, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ return octmp; -+} -+ - /* Extract an ASN1 object from an ASN1_STRING */ - --void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it) -+void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it) - { - const unsigned char *p; - void *ret; - - p = oct->data; -- if ((ret = ASN1_item_d2i(NULL, &p, oct->length, it)) == NULL) -+ if (!(ret = ASN1_item_d2i(NULL, &p, oct->length, it))) - ASN1err(ASN1_F_ASN1_ITEM_UNPACK, ASN1_R_DECODE_ERROR); - return ret; - } -diff --git a/Cryptlib/OpenSSL/crypto/asn1/bio_asn1.c b/Cryptlib/OpenSSL/crypto/asn1/bio_asn1.c -index 400effa..c3afff6 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/bio_asn1.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/bio_asn1.c -@@ -1,10 +1,60 @@ -+/* bio_asn1.c */ - /* -- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -+ * project. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - /* -@@ -14,7 +64,7 @@ - */ - - #include --#include -+#include - #include - - /* Must be large enough for biggest tag+length */ -@@ -75,7 +125,7 @@ static int asn1_bio_setup_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx, - asn1_bio_state_t ex_state, - asn1_bio_state_t other_state); - --static const BIO_METHOD methods_asn1 = { -+static BIO_METHOD methods_asn1 = { - BIO_TYPE_ASN1, - "asn1", - asn1_bio_write, -@@ -88,55 +138,59 @@ static const BIO_METHOD methods_asn1 = { - asn1_bio_callback_ctrl, - }; - --const BIO_METHOD *BIO_f_asn1(void) -+BIO_METHOD *BIO_f_asn1(void) - { - return (&methods_asn1); - } - - static int asn1_bio_new(BIO *b) - { -- BIO_ASN1_BUF_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); -- -- if (ctx == NULL) -+ BIO_ASN1_BUF_CTX *ctx; -+ ctx = OPENSSL_malloc(sizeof(BIO_ASN1_BUF_CTX)); -+ if (!ctx) - return 0; - if (!asn1_bio_init(ctx, DEFAULT_ASN1_BUF_SIZE)) { - OPENSSL_free(ctx); - return 0; - } -- BIO_set_data(b, ctx); -- BIO_set_init(b, 1); -- -+ b->init = 1; -+ b->ptr = (char *)ctx; -+ b->flags = 0; - return 1; - } - - static int asn1_bio_init(BIO_ASN1_BUF_CTX *ctx, int size) - { - ctx->buf = OPENSSL_malloc(size); -- if (ctx->buf == NULL) -+ if (!ctx->buf) - return 0; - ctx->bufsize = size; -+ ctx->bufpos = 0; -+ ctx->buflen = 0; -+ ctx->copylen = 0; - ctx->asn1_class = V_ASN1_UNIVERSAL; - ctx->asn1_tag = V_ASN1_OCTET_STRING; -+ ctx->ex_buf = NULL; -+ ctx->ex_len = 0; -+ ctx->ex_pos = 0; - ctx->state = ASN1_STATE_START; -+ ctx->prefix = ctx->prefix_free = ctx->suffix = ctx->suffix_free = NULL; -+ ctx->ex_arg = NULL; - return 1; - } - - static int asn1_bio_free(BIO *b) - { - BIO_ASN1_BUF_CTX *ctx; -- -- if (b == NULL) -- return 0; -- -- ctx = BIO_get_data(b); -+ ctx = (BIO_ASN1_BUF_CTX *)b->ptr; - if (ctx == NULL) - return 0; -- -- OPENSSL_free(ctx->buf); -+ if (ctx->buf) -+ OPENSSL_free(ctx->buf); - OPENSSL_free(ctx); -- BIO_set_data(b, NULL); -- BIO_set_init(b, 0); -- -+ b->init = 0; -+ b->ptr = NULL; -+ b->flags = 0; - return 1; - } - -@@ -145,11 +199,10 @@ static int asn1_bio_write(BIO *b, const char *in, int inl) - BIO_ASN1_BUF_CTX *ctx; - int wrmax, wrlen, ret; - unsigned char *p; -- BIO *next; -- -- ctx = BIO_get_data(b); -- next = BIO_next(b); -- if (in == NULL || inl < 0 || ctx == NULL || next == NULL) -+ if (!in || (inl < 0) || (b->next_bio == NULL)) -+ return 0; -+ ctx = (BIO_ASN1_BUF_CTX *)b->ptr; -+ if (ctx == NULL) - return 0; - - wrlen = 0; -@@ -187,7 +240,7 @@ static int asn1_bio_write(BIO *b, const char *in, int inl) - break; - - case ASN1_STATE_HEADER_COPY: -- ret = BIO_write(next, ctx->buf + ctx->bufpos, ctx->buflen); -+ ret = BIO_write(b->next_bio, ctx->buf + ctx->bufpos, ctx->buflen); - if (ret <= 0) - goto done; - -@@ -207,7 +260,7 @@ static int asn1_bio_write(BIO *b, const char *in, int inl) - wrmax = ctx->copylen; - else - wrmax = inl; -- ret = BIO_write(next, in, wrmax); -+ ret = BIO_write(b->next_bio, in, wrmax); - if (ret <= 0) - break; - wrlen += ret; -@@ -243,11 +296,10 @@ static int asn1_bio_flush_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx, - asn1_ps_func *cleanup, asn1_bio_state_t next) - { - int ret; -- - if (ctx->ex_len <= 0) - return 1; - for (;;) { -- ret = BIO_write(BIO_next(b), ctx->ex_buf + ctx->ex_pos, ctx->ex_len); -+ ret = BIO_write(b->next_bio, ctx->ex_buf + ctx->ex_pos, ctx->ex_len); - if (ret <= 0) - break; - ctx->ex_len -= ret; -@@ -282,10 +334,9 @@ static int asn1_bio_setup_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx, - - static int asn1_bio_read(BIO *b, char *in, int inl) - { -- BIO *next = BIO_next(b); -- if (next == NULL) -+ if (!b->next_bio) - return 0; -- return BIO_read(next, in, inl); -+ return BIO_read(b->next_bio, in, inl); - } - - static int asn1_bio_puts(BIO *b, const char *str) -@@ -295,18 +346,16 @@ static int asn1_bio_puts(BIO *b, const char *str) - - static int asn1_bio_gets(BIO *b, char *str, int size) - { -- BIO *next = BIO_next(b); -- if (next == NULL) -+ if (!b->next_bio) - return 0; -- return BIO_gets(next, str, size); -+ return BIO_gets(b->next_bio, str, size); - } - - static long asn1_bio_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) - { -- BIO *next = BIO_next(b); -- if (next == NULL) -- return 0; -- return BIO_callback_ctrl(next, cmd, fp); -+ if (b->next_bio == NULL) -+ return (0); -+ return BIO_callback_ctrl(b->next_bio, cmd, fp); - } - - static long asn1_bio_ctrl(BIO *b, int cmd, long arg1, void *arg2) -@@ -314,12 +363,9 @@ static long asn1_bio_ctrl(BIO *b, int cmd, long arg1, void *arg2) - BIO_ASN1_BUF_CTX *ctx; - BIO_ASN1_EX_FUNCS *ex_func; - long ret = 1; -- BIO *next; -- -- ctx = BIO_get_data(b); -+ ctx = (BIO_ASN1_BUF_CTX *)b->ptr; - if (ctx == NULL) - return 0; -- next = BIO_next(b); - switch (cmd) { - - case BIO_C_SET_PREFIX: -@@ -355,7 +401,7 @@ static long asn1_bio_ctrl(BIO *b, int cmd, long arg1, void *arg2) - break; - - case BIO_CTRL_FLUSH: -- if (next == NULL) -+ if (!b->next_bio) - return 0; - - /* Call post function if possible */ -@@ -373,16 +419,17 @@ static long asn1_bio_ctrl(BIO *b, int cmd, long arg1, void *arg2) - } - - if (ctx->state == ASN1_STATE_DONE) -- return BIO_ctrl(next, cmd, arg1, arg2); -+ return BIO_ctrl(b->next_bio, cmd, arg1, arg2); - else { - BIO_clear_retry_flags(b); - return 0; - } -+ break; - - default: -- if (next == NULL) -+ if (!b->next_bio) - return 0; -- return BIO_ctrl(next, cmd, arg1, arg2); -+ return BIO_ctrl(b->next_bio, cmd, arg1, arg2); - - } - -diff --git a/Cryptlib/OpenSSL/crypto/asn1/bio_ndef.c b/Cryptlib/OpenSSL/crypto/asn1/bio_ndef.c -index 0f206b2..8d70466 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/bio_ndef.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/bio_ndef.c -@@ -1,10 +1,56 @@ -+/* bio_ndef.c */ - /* -- * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -+ * project. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include -@@ -19,7 +65,7 @@ - /* - * The usage is quite simple, initialize an ASN1 structure, get a BIO from it - * then any data written through the BIO will end up translated to -- * appropriate format on the fly. The data is streamed out and does *not* -+ * approptiate format on the fly. The data is streamed out and does *not* - * need to be all held in memory at once. When the BIO is flushed the output - * is finalized and any signatures etc written out. The BIO is a 'proper' - * BIO and can handle non blocking I/O correctly. The usage is simple. The -@@ -60,21 +106,21 @@ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it) - ASN1err(ASN1_F_BIO_NEW_NDEF, ASN1_R_STREAMING_NOT_SUPPORTED); - return NULL; - } -- ndef_aux = OPENSSL_zalloc(sizeof(*ndef_aux)); -+ ndef_aux = OPENSSL_malloc(sizeof(NDEF_SUPPORT)); - asn_bio = BIO_new(BIO_f_asn1()); -- if (ndef_aux == NULL || asn_bio == NULL) -- goto err; - - /* ASN1 bio needs to be next to output BIO */ -+ - out = BIO_push(asn_bio, out); -- if (out == NULL) -+ -+ if (!ndef_aux || !asn_bio || !out) - goto err; - - BIO_asn1_set_prefix(asn_bio, ndef_prefix, ndef_prefix_free); - BIO_asn1_set_suffix(asn_bio, ndef_suffix, ndef_suffix_free); - - /* -- * Now let callback prepends any digest, cipher etc BIOs ASN1 structure -+ * Now let callback prepend any digest, cipher etc BIOs ASN1 structure - * needs. - */ - -@@ -90,14 +136,17 @@ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it) - ndef_aux->ndef_bio = sarg.ndef_bio; - ndef_aux->boundary = sarg.boundary; - ndef_aux->out = out; -+ ndef_aux->derbuf = NULL; - - BIO_ctrl(asn_bio, BIO_C_SET_EX_ARG, 0, ndef_aux); - - return sarg.ndef_bio; - - err: -- BIO_free(asn_bio); -- OPENSSL_free(ndef_aux); -+ if (asn_bio) -+ BIO_free(asn_bio); -+ if (ndef_aux) -+ OPENSSL_free(ndef_aux); - return NULL; - } - -@@ -114,7 +163,7 @@ static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg) - - derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it); - p = OPENSSL_malloc(derlen); -- if (p == NULL) -+ if (!p) - return 0; - - ndef_aux->derbuf = p; -@@ -139,7 +188,8 @@ static int ndef_prefix_free(BIO *b, unsigned char **pbuf, int *plen, - - ndef_aux = *(NDEF_SUPPORT **)parg; - -- OPENSSL_free(ndef_aux->derbuf); -+ if (ndef_aux->derbuf) -+ OPENSSL_free(ndef_aux->derbuf); - - ndef_aux->derbuf = NULL; - *pbuf = NULL; -@@ -183,7 +233,7 @@ static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg) - - derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it); - p = OPENSSL_malloc(derlen); -- if (p == NULL) -+ if (!p) - return 0; - - ndef_aux->derbuf = p; -diff --git a/Cryptlib/OpenSSL/crypto/asn1/charmap.h b/Cryptlib/OpenSSL/crypto/asn1/charmap.h -index 2a75925..3305ad1 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/charmap.h -+++ b/Cryptlib/OpenSSL/crypto/asn1/charmap.h -@@ -1,34 +1,15 @@ - /* -- * WARNING: do not edit! -- * Generated by crypto/asn1/charmap.pl -- * -- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * Auto generated with chartype.pl script. Mask of various character -+ * properties - */ - --#define CHARTYPE_HOST_ANY 4096 --#define CHARTYPE_HOST_DOT 8192 --#define CHARTYPE_HOST_HYPHEN 16384 --#define CHARTYPE_HOST_WILD 32768 -- --/* -- * Mask of various character properties -- */ -- --static const unsigned short char_type[] = { -- 1026, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, -- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, -- 2, 2, 2, 2, 2, 2, 2, 2, 120, 0, 1, 40, -- 0, 0, 0, 16, 1040, 1040, 33792, 25, 25, 16400, 8208, 16, -- 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 16, 9, -- 9, 16, 9, 16, 0, 4112, 4112, 4112, 4112, 4112, 4112, 4112, -- 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, -- 4112, 4112, 4112, 4112, 4112, 4112, 4112, 0, 1025, 0, 0, 0, -- 0, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, -- 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, -- 4112, 4112, 4112, 0, 0, 0, 0, 2 -+static const unsigned char char_type[] = { -+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, -+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, -+ 120, 0, 1, 40, 0, 0, 0, 16, 16, 16, 0, 25, 25, 16, 16, 16, -+ 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 9, 9, 16, 9, 16, -+ 0, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, -+ 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 0, 1, 0, 0, 0, -+ 0, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, -+ 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 0, 0, 0, 0, 2 - }; -diff --git a/Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c b/Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c -index e311b90..86dcf5f 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c -@@ -1,22 +1,72 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/asn1/d2i_pr.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include --#include -+#ifndef OPENSSL_NO_ENGINE -+# include -+#endif - #include - #include --#include "internal/asn1_int.h" --#include "internal/evp_int.h" -+#include "asn1_locl.h" - - EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, - long length) -@@ -32,8 +82,10 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, - } else { - ret = *a; - #ifndef OPENSSL_NO_ENGINE -- ENGINE_finish(ret->engine); -- ret->engine = NULL; -+ if (ret->engine) { -+ ENGINE_finish(ret->engine); -+ ret->engine = NULL; -+ } - #endif - } - -@@ -66,7 +118,7 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, - (*a) = ret; - return (ret); - err: -- if (a == NULL || *a != ret) -+ if ((ret != NULL) && ((a == NULL) || (*a != ret))) - EVP_PKEY_free(ret); - return (NULL); - } -diff --git a/Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c b/Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c -index dfdc1a6..33542dd 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c -@@ -1,23 +1,76 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/asn1/d2i_pu.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include - #include --#include --#include --#include -- --#include "internal/evp_int.h" -+#ifndef OPENSSL_NO_RSA -+# include -+#endif -+#ifndef OPENSSL_NO_DSA -+# include -+#endif -+#ifndef OPENSSL_NO_EC -+# include -+#endif - - EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, - long length) -@@ -40,7 +93,10 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, - switch (EVP_PKEY_id(ret)) { - #ifndef OPENSSL_NO_RSA - case EVP_PKEY_RSA: -- if ((ret->pkey.rsa = d2i_RSAPublicKey(NULL, pp, length)) == NULL) { -+ /* TMP UGLY CAST */ -+ if ((ret->pkey.rsa = d2i_RSAPublicKey(NULL, -+ (const unsigned char **)pp, -+ length)) == NULL) { - ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB); - goto err; - } -@@ -49,7 +105,8 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, - #ifndef OPENSSL_NO_DSA - case EVP_PKEY_DSA: - /* TMP UGLY CAST */ -- if (!d2i_DSAPublicKey(&ret->pkey.dsa, pp, length)) { -+ if (!d2i_DSAPublicKey(&(ret->pkey.dsa), -+ (const unsigned char **)pp, length)) { - ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB); - goto err; - } -@@ -57,7 +114,8 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, - #endif - #ifndef OPENSSL_NO_EC - case EVP_PKEY_EC: -- if (!o2i_ECPublicKey(&ret->pkey.ec, pp, length)) { -+ if (!o2i_ECPublicKey(&(ret->pkey.ec), -+ (const unsigned char **)pp, length)) { - ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB); - goto err; - } -@@ -72,7 +130,7 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, - (*a) = ret; - return (ret); - err: -- if (a == NULL || *a != ret) -+ if ((ret != NULL) && ((a == NULL) || (*a != ret))) - EVP_PKEY_free(ret); - return (NULL); - } -diff --git a/Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c b/Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c -index a458367..5876afa 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c -@@ -1,25 +1,74 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/asn1/evp_asn1.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include --#include -+#include - - int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len) - { - ASN1_STRING *os; - -- if ((os = ASN1_OCTET_STRING_new()) == NULL) -+ if ((os = M_ASN1_OCTET_STRING_new()) == NULL) - return (0); -- if (!ASN1_OCTET_STRING_set(os, data, len)) { -- ASN1_OCTET_STRING_free(os); -+ if (!M_ASN1_OCTET_STRING_set(os, data, len)) { -+ M_ASN1_OCTET_STRING_free(os); - return 0; - } - ASN1_TYPE_set(a, V_ASN1_OCTET_STRING, os); -@@ -27,17 +76,17 @@ int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len) - } - - /* int max_len: for returned value */ --int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_len) -+int ASN1_TYPE_get_octetstring(ASN1_TYPE *a, unsigned char *data, int max_len) - { - int ret, num; -- const unsigned char *p; -+ unsigned char *p; - - if ((a->type != V_ASN1_OCTET_STRING) || (a->value.octet_string == NULL)) { - ASN1err(ASN1_F_ASN1_TYPE_GET_OCTETSTRING, ASN1_R_DATA_IS_WRONG); - return (-1); - } -- p = ASN1_STRING_get0_data(a->value.octet_string); -- ret = ASN1_STRING_length(a->value.octet_string); -+ p = M_ASN1_STRING_data(a->value.octet_string); -+ ret = M_ASN1_STRING_length(a->value.octet_string); - if (ret < max_len) - num = ret; - else -@@ -46,70 +95,101 @@ int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_l - return (ret); - } - --typedef struct { -- long num; -- ASN1_OCTET_STRING *oct; --} asn1_int_oct; -- --ASN1_SEQUENCE(asn1_int_oct) = { -- ASN1_SIMPLE(asn1_int_oct, num, LONG), -- ASN1_SIMPLE(asn1_int_oct, oct, ASN1_OCTET_STRING) --} static_ASN1_SEQUENCE_END(asn1_int_oct) -- --DECLARE_ASN1_ITEM(asn1_int_oct) -- - int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data, - int len) - { -- asn1_int_oct atmp; -- ASN1_OCTET_STRING oct; -- -- atmp.num = num; -- atmp.oct = &oct; -- oct.data = data; -- oct.type = V_ASN1_OCTET_STRING; -- oct.length = len; -- oct.flags = 0; -- -- if (ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(asn1_int_oct), &atmp, &a)) -- return 1; -- return 0; -+ int n, size; -+ ASN1_OCTET_STRING os, *osp; -+ ASN1_INTEGER in; -+ unsigned char *p; -+ unsigned char buf[32]; /* when they have 256bit longs, I'll be in -+ * trouble */ -+ in.data = buf; -+ in.length = 32; -+ os.data = data; -+ os.type = V_ASN1_OCTET_STRING; -+ os.length = len; -+ ASN1_INTEGER_set(&in, num); -+ n = i2d_ASN1_INTEGER(&in, NULL); -+ n += M_i2d_ASN1_OCTET_STRING(&os, NULL); -+ -+ size = ASN1_object_size(1, n, V_ASN1_SEQUENCE); -+ -+ if ((osp = ASN1_STRING_new()) == NULL) -+ return (0); -+ /* Grow the 'string' */ -+ if (!ASN1_STRING_set(osp, NULL, size)) { -+ ASN1_STRING_free(osp); -+ return (0); -+ } -+ -+ M_ASN1_STRING_length_set(osp, size); -+ p = M_ASN1_STRING_data(osp); -+ -+ ASN1_put_object(&p, 1, n, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); -+ i2d_ASN1_INTEGER(&in, &p); -+ M_i2d_ASN1_OCTET_STRING(&os, &p); -+ -+ ASN1_TYPE_set(a, V_ASN1_SEQUENCE, osp); -+ return (1); - } - - /* -- * we return the actual length... -+ * we return the actual length..., num may be missing, in which case, set it -+ * to zero - */ - /* int max_len: for returned value */ --int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num, -+int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num, - unsigned char *data, int max_len) - { -- asn1_int_oct *atmp = NULL; - int ret = -1, n; -+ ASN1_INTEGER *ai = NULL; -+ ASN1_OCTET_STRING *os = NULL; -+ const unsigned char *p; -+ long length; -+ ASN1_const_CTX c; - - if ((a->type != V_ASN1_SEQUENCE) || (a->value.sequence == NULL)) { - goto err; - } -+ p = M_ASN1_STRING_data(a->value.sequence); -+ length = M_ASN1_STRING_length(a->value.sequence); - -- atmp = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(asn1_int_oct), a); -+ c.pp = &p; -+ c.p = p; -+ c.max = p + length; -+ c.error = ASN1_R_DATA_IS_WRONG; - -- if (atmp == NULL) -+ M_ASN1_D2I_start_sequence(); -+ c.q = c.p; -+ if ((ai = d2i_ASN1_INTEGER(NULL, &c.p, c.slen)) == NULL) -+ goto err; -+ c.slen -= (c.p - c.q); -+ c.q = c.p; -+ if ((os = d2i_ASN1_OCTET_STRING(NULL, &c.p, c.slen)) == NULL) -+ goto err; -+ c.slen -= (c.p - c.q); -+ if (!M_ASN1_D2I_end_sequence()) - goto err; - - if (num != NULL) -- *num = atmp->num; -+ *num = ASN1_INTEGER_get(ai); - -- ret = ASN1_STRING_length(atmp->oct); -+ ret = M_ASN1_STRING_length(os); - if (max_len > ret) - n = ret; - else - n = max_len; - - if (data != NULL) -- memcpy(data, ASN1_STRING_get0_data(atmp->oct), n); -- if (ret == -1) { -+ memcpy(data, M_ASN1_STRING_data(os), n); -+ if (0) { - err: - ASN1err(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING, ASN1_R_DATA_IS_WRONG); - } -- M_ASN1_free_of(atmp, asn1_int_oct); -- return ret; -+ if (os != NULL) -+ M_ASN1_OCTET_STRING_free(os); -+ if (ai != NULL) -+ M_ASN1_INTEGER_free(ai); -+ return (ret); - } -diff --git a/Cryptlib/OpenSSL/crypto/asn1/f_enum.c b/Cryptlib/OpenSSL/crypto/asn1/f_enum.c -new file mode 100644 -index 0000000..94cd54d ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/asn1/f_enum.c -@@ -0,0 +1,203 @@ -+/* crypto/asn1/f_enum.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#include -+#include "cryptlib.h" -+#include -+#include -+ -+/* Based on a_int.c: equivalent ENUMERATED functions */ -+ -+int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a) -+{ -+ int i, n = 0; -+ static const char *h = "0123456789ABCDEF"; -+ char buf[2]; -+ -+ if (a == NULL) -+ return (0); -+ -+ if (a->length == 0) { -+ if (BIO_write(bp, "00", 2) != 2) -+ goto err; -+ n = 2; -+ } else { -+ for (i = 0; i < a->length; i++) { -+ if ((i != 0) && (i % 35 == 0)) { -+ if (BIO_write(bp, "\\\n", 2) != 2) -+ goto err; -+ n += 2; -+ } -+ buf[0] = h[((unsigned char)a->data[i] >> 4) & 0x0f]; -+ buf[1] = h[((unsigned char)a->data[i]) & 0x0f]; -+ if (BIO_write(bp, buf, 2) != 2) -+ goto err; -+ n += 2; -+ } -+ } -+ return (n); -+ err: -+ return (-1); -+} -+ -+int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size) -+{ -+ int ret = 0; -+ int i, j, k, m, n, again, bufsize; -+ unsigned char *s = NULL, *sp; -+ unsigned char *bufp; -+ int num = 0, slen = 0, first = 1; -+ -+ bs->type = V_ASN1_ENUMERATED; -+ -+ bufsize = BIO_gets(bp, buf, size); -+ for (;;) { -+ if (bufsize < 1) -+ goto err_sl; -+ i = bufsize; -+ if (buf[i - 1] == '\n') -+ buf[--i] = '\0'; -+ if (i == 0) -+ goto err_sl; -+ if (buf[i - 1] == '\r') -+ buf[--i] = '\0'; -+ if (i == 0) -+ goto err_sl; -+ again = (buf[i - 1] == '\\'); -+ -+ for (j = 0; j < i; j++) { -+ if (!(((buf[j] >= '0') && (buf[j] <= '9')) || -+ ((buf[j] >= 'a') && (buf[j] <= 'f')) || -+ ((buf[j] >= 'A') && (buf[j] <= 'F')))) { -+ i = j; -+ break; -+ } -+ } -+ buf[i] = '\0'; -+ /* -+ * We have now cleared all the crap off the end of the line -+ */ -+ if (i < 2) -+ goto err_sl; -+ -+ bufp = (unsigned char *)buf; -+ if (first) { -+ first = 0; -+ if ((bufp[0] == '0') && (buf[1] == '0')) { -+ bufp += 2; -+ i -= 2; -+ } -+ } -+ k = 0; -+ i -= again; -+ if (i % 2 != 0) { -+ ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ASN1_R_ODD_NUMBER_OF_CHARS); -+ goto err; -+ } -+ i /= 2; -+ if (num + i > slen) { -+ if (s == NULL) -+ sp = (unsigned char *)OPENSSL_malloc((unsigned int)num + -+ i * 2); -+ else -+ sp = (unsigned char *)OPENSSL_realloc(s, -+ (unsigned int)num + -+ i * 2); -+ if (sp == NULL) { -+ ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ s = sp; -+ slen = num + i * 2; -+ } -+ for (j = 0; j < i; j++, k += 2) { -+ for (n = 0; n < 2; n++) { -+ m = bufp[k + n]; -+ if ((m >= '0') && (m <= '9')) -+ m -= '0'; -+ else if ((m >= 'a') && (m <= 'f')) -+ m = m - 'a' + 10; -+ else if ((m >= 'A') && (m <= 'F')) -+ m = m - 'A' + 10; -+ else { -+ ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, -+ ASN1_R_NON_HEX_CHARACTERS); -+ goto err; -+ } -+ s[num + j] <<= 4; -+ s[num + j] |= m; -+ } -+ } -+ num += i; -+ if (again) -+ bufsize = BIO_gets(bp, buf, size); -+ else -+ break; -+ } -+ bs->length = num; -+ bs->data = s; -+ ret = 1; -+ err: -+ if (0) { -+ err_sl: -+ ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ASN1_R_SHORT_LINE); -+ } -+ if (ret != 1) -+ OPENSSL_free(s); -+ return (ret); -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/f_int.c b/Cryptlib/OpenSSL/crypto/asn1/f_int.c -index 51fc884..2bdc78d 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/f_int.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/f_int.c -@@ -1,19 +1,67 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/asn1/f_int.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - --int i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a) -+int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a) - { - int i, n = 0; - static const char *h = "0123456789ABCDEF"; -@@ -53,6 +101,7 @@ int i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a) - - int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size) - { -+ int ret = 0; - int i, j, k, m, n, again, bufsize; - unsigned char *s = NULL, *sp; - unsigned char *bufp; -@@ -63,16 +112,16 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size) - bufsize = BIO_gets(bp, buf, size); - for (;;) { - if (bufsize < 1) -- goto err; -+ goto err_sl; - i = bufsize; - if (buf[i - 1] == '\n') - buf[--i] = '\0'; - if (i == 0) -- goto err; -+ goto err_sl; - if (buf[i - 1] == '\r') - buf[--i] = '\0'; - if (i == 0) -- goto err; -+ goto err_sl; - again = (buf[i - 1] == '\\'); - - for (j = 0; j < i; j++) { -@@ -98,7 +147,7 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size) - * We have now cleared all the crap off the end of the line - */ - if (i < 2) -- goto err; -+ goto err_sl; - - bufp = (unsigned char *)buf; - if (first) { -@@ -112,24 +161,32 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size) - i -= again; - if (i % 2 != 0) { - ASN1err(ASN1_F_A2I_ASN1_INTEGER, ASN1_R_ODD_NUMBER_OF_CHARS); -- OPENSSL_free(s); -- return 0; -+ goto err; - } - i /= 2; - if (num + i > slen) { -- sp = OPENSSL_clear_realloc(s, slen, num + i * 2); -+ if (s == NULL) -+ sp = (unsigned char *)OPENSSL_malloc((unsigned int)num + -+ i * 2); -+ else -+ sp = OPENSSL_realloc_clean(s, slen, num + i * 2); - if (sp == NULL) { - ASN1err(ASN1_F_A2I_ASN1_INTEGER, ERR_R_MALLOC_FAILURE); -- OPENSSL_free(s); -- return 0; -+ goto err; - } - s = sp; - slen = num + i * 2; - } - for (j = 0; j < i; j++, k += 2) { - for (n = 0; n < 2; n++) { -- m = OPENSSL_hexchar2int(bufp[k + n]); -- if (m < 0) { -+ m = bufp[k + n]; -+ if ((m >= '0') && (m <= '9')) -+ m -= '0'; -+ else if ((m >= 'a') && (m <= 'f')) -+ m = m - 'a' + 10; -+ else if ((m >= 'A') && (m <= 'F')) -+ m = m - 'A' + 10; -+ else { - ASN1err(ASN1_F_A2I_ASN1_INTEGER, - ASN1_R_NON_HEX_CHARACTERS); - goto err; -@@ -146,22 +203,13 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size) - } - bs->length = num; - bs->data = s; -- return 1; -+ ret = 1; - err: -- ASN1err(ASN1_F_A2I_ASN1_INTEGER, ASN1_R_SHORT_LINE); -- OPENSSL_free(s); -- return 0; --} -- --int i2a_ASN1_ENUMERATED(BIO *bp, const ASN1_ENUMERATED *a) --{ -- return i2a_ASN1_INTEGER(bp, a); --} -- --int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size) --{ -- int rv = a2i_ASN1_INTEGER(bp, bs, buf, size); -- if (rv == 1) -- bs->type = V_ASN1_INTEGER | (bs->type & V_ASN1_NEG); -- return rv; -+ if (0) { -+ err_sl: -+ ASN1err(ASN1_F_A2I_ASN1_INTEGER, ASN1_R_SHORT_LINE); -+ } -+ if (ret != 1) -+ OPENSSL_free(s); -+ return (ret); - } -diff --git a/Cryptlib/OpenSSL/crypto/asn1/f_string.c b/Cryptlib/OpenSSL/crypto/asn1/f_string.c -index b9258bb..0f7b9cf 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/f_string.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/f_string.c -@@ -1,19 +1,67 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/asn1/f_string.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - --int i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *a, int type) -+int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type) - { - int i, n = 0; - static const char *h = "0123456789ABCDEF"; -@@ -47,7 +95,8 @@ int i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *a, int type) - - int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size) - { -- int i, j, k, m, n, again, bufsize, spec_char; -+ int ret = 0; -+ int i, j, k, m, n, again, bufsize; - unsigned char *s = NULL, *sp; - unsigned char *bufp; - int num = 0, slen = 0, first = 1; -@@ -58,7 +107,7 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size) - if (first) - break; - else -- goto err; -+ goto err_sl; - } - first = 0; - -@@ -66,27 +115,27 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size) - if (buf[i - 1] == '\n') - buf[--i] = '\0'; - if (i == 0) -- goto err; -+ goto err_sl; - if (buf[i - 1] == '\r') - buf[--i] = '\0'; - if (i == 0) -- goto err; -+ goto err_sl; - again = (buf[i - 1] == '\\'); - - for (j = i - 1; j > 0; j--) { - #ifndef CHARSET_EBCDIC -- spec_char = (!(((buf[j] >= '0') && (buf[j] <= '9')) || -+ if (!(((buf[j] >= '0') && (buf[j] <= '9')) || - ((buf[j] >= 'a') && (buf[j] <= 'f')) || -- ((buf[j] >= 'A') && (buf[j] <= 'F')))); -+ ((buf[j] >= 'A') && (buf[j] <= 'F')))) - #else - /* - * This #ifdef is not strictly necessary, since the characters - * A...F a...f 0...9 are contiguous (yes, even in EBCDIC - but - * not the whole alphabet). Nevertheless, isxdigit() is faster. - */ -- spec_char = (!isxdigit(buf[j])); -+ if (!isxdigit(buf[j])) - #endif -- if (spec_char) { -+ { - i = j; - break; - } -@@ -96,7 +145,7 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size) - * We have now cleared all the crap off the end of the line - */ - if (i < 2) -- goto err; -+ goto err_sl; - - bufp = (unsigned char *)buf; - -@@ -104,28 +153,37 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size) - i -= again; - if (i % 2 != 0) { - ASN1err(ASN1_F_A2I_ASN1_STRING, ASN1_R_ODD_NUMBER_OF_CHARS); -- OPENSSL_free(s); -- return 0; -+ goto err; - } - i /= 2; - if (num + i > slen) { -- sp = OPENSSL_realloc(s, (unsigned int)num + i * 2); -+ if (s == NULL) -+ sp = (unsigned char *)OPENSSL_malloc((unsigned int)num + -+ i * 2); -+ else -+ sp = (unsigned char *)OPENSSL_realloc(s, -+ (unsigned int)num + -+ i * 2); - if (sp == NULL) { - ASN1err(ASN1_F_A2I_ASN1_STRING, ERR_R_MALLOC_FAILURE); -- OPENSSL_free(s); -- return 0; -+ goto err; - } - s = sp; - slen = num + i * 2; - } - for (j = 0; j < i; j++, k += 2) { - for (n = 0; n < 2; n++) { -- m = OPENSSL_hexchar2int(bufp[k + n]); -- if (m < 0) { -+ m = bufp[k + n]; -+ if ((m >= '0') && (m <= '9')) -+ m -= '0'; -+ else if ((m >= 'a') && (m <= 'f')) -+ m = m - 'a' + 10; -+ else if ((m >= 'A') && (m <= 'F')) -+ m = m - 'A' + 10; -+ else { - ASN1err(ASN1_F_A2I_ASN1_STRING, - ASN1_R_NON_HEX_CHARACTERS); -- OPENSSL_free(s); -- return 0; -+ goto err; - } - s[num + j] <<= 4; - s[num + j] |= m; -@@ -139,10 +197,13 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size) - } - bs->length = num; - bs->data = s; -- return 1; -- -+ ret = 1; - err: -- ASN1err(ASN1_F_A2I_ASN1_STRING, ASN1_R_SHORT_LINE); -- OPENSSL_free(s); -- return 0; -+ if (0) { -+ err_sl: -+ ASN1err(ASN1_F_A2I_ASN1_STRING, ASN1_R_SHORT_LINE); -+ } -+ if (ret != 1) -+ OPENSSL_free(s); -+ return (ret); - } -diff --git a/Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c b/Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c -index 445b0c8..12966ec 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c -@@ -1,18 +1,66 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/asn1/i2d_pr.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include --#include "internal/asn1_int.h" --#include "internal/evp_int.h" -+#include "asn1_locl.h" - - int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp) - { -diff --git a/Cryptlib/OpenSSL/crypto/asn1/i2d_pu.c b/Cryptlib/OpenSSL/crypto/asn1/i2d_pu.c -index 8986c43..b8ed355 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/i2d_pu.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/i2d_pu.c -@@ -1,38 +1,93 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/asn1/i2d_pu.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include --#include --#include --#include -+#ifndef OPENSSL_NO_RSA -+# include -+#endif -+#ifndef OPENSSL_NO_DSA -+# include -+#endif -+#ifndef OPENSSL_NO_EC -+# include -+#endif - - int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp) - { -- switch (EVP_PKEY_id(a)) { -+ switch (a->type) { - #ifndef OPENSSL_NO_RSA - case EVP_PKEY_RSA: -- return i2d_RSAPublicKey(EVP_PKEY_get0_RSA(a), pp); -+ return (i2d_RSAPublicKey(a->pkey.rsa, pp)); - #endif - #ifndef OPENSSL_NO_DSA - case EVP_PKEY_DSA: -- return i2d_DSAPublicKey(EVP_PKEY_get0_DSA(a), pp); -+ return (i2d_DSAPublicKey(a->pkey.dsa, pp)); - #endif - #ifndef OPENSSL_NO_EC - case EVP_PKEY_EC: -- return i2o_ECPublicKey(EVP_PKEY_get0_EC_KEY(a), pp); -+ return (i2o_ECPublicKey(a->pkey.ec, pp)); - #endif - default: - ASN1err(ASN1_F_I2D_PUBLICKEY, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); -- return -1; -+ return (-1); - } - } -diff --git a/Cryptlib/OpenSSL/crypto/asn1/n_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/n_pkey.c -index 267ce60..bede55c 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/n_pkey.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/n_pkey.c -@@ -1,22 +1,68 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/asn1/n_pkey.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - --#include "openssl/opensslconf.h" --#ifdef OPENSSL_NO_RSA --NON_EMPTY_TRANSLATION_UNIT --#else -- --# include "internal/cryptlib.h" --# include -+#include -+#include "cryptlib.h" -+#ifndef OPENSSL_NO_RSA - # include - # include - # include -+# include - # include - # include - -@@ -41,7 +87,7 @@ typedef struct netscape_encrypted_pkey_st { - ASN1_BROKEN_SEQUENCE(NETSCAPE_ENCRYPTED_PKEY) = { - ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, os, ASN1_OCTET_STRING), - ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, enckey, X509_SIG) --} static_ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY) -+} ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY) - - DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY) - DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY,NETSCAPE_ENCRYPTED_PKEY) -@@ -51,12 +97,258 @@ ASN1_SEQUENCE(NETSCAPE_PKEY) = { - ASN1_SIMPLE(NETSCAPE_PKEY, version, LONG), - ASN1_SIMPLE(NETSCAPE_PKEY, algor, X509_ALGOR), - ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING) --} static_ASN1_SEQUENCE_END(NETSCAPE_PKEY) -+} ASN1_SEQUENCE_END(NETSCAPE_PKEY) - - DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_PKEY) - DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY,NETSCAPE_PKEY) - IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY) - -+static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, -+ int (*cb) (char *buf, int len, const char *prompt, -+ int verify), int sgckey); -+ -+int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, -+ int (*cb) (char *buf, int len, const char *prompt, -+ int verify)) -+{ -+ return i2d_RSA_NET(a, pp, cb, 0); -+} -+ -+int i2d_RSA_NET(const RSA *a, unsigned char **pp, -+ int (*cb) (char *buf, int len, const char *prompt, -+ int verify), int sgckey) -+{ -+ int i, j, ret = 0; -+ int rsalen, pkeylen, olen; -+ NETSCAPE_PKEY *pkey = NULL; -+ NETSCAPE_ENCRYPTED_PKEY *enckey = NULL; -+ unsigned char buf[256], *zz; -+ unsigned char key[EVP_MAX_KEY_LENGTH]; -+ EVP_CIPHER_CTX ctx; -+ EVP_CIPHER_CTX_init(&ctx); -+ -+ if (a == NULL) -+ return (0); -+ -+ if ((pkey = NETSCAPE_PKEY_new()) == NULL) -+ goto err; -+ if ((enckey = NETSCAPE_ENCRYPTED_PKEY_new()) == NULL) -+ goto err; -+ pkey->version = 0; -+ -+ pkey->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption); -+ if ((pkey->algor->parameter = ASN1_TYPE_new()) == NULL) -+ goto err; -+ pkey->algor->parameter->type = V_ASN1_NULL; -+ -+ rsalen = i2d_RSAPrivateKey(a, NULL); -+ -+ /* -+ * Fake some octet strings just for the initial length calculation. -+ */ -+ -+ pkey->private_key->length = rsalen; -+ -+ pkeylen = i2d_NETSCAPE_PKEY(pkey, NULL); -+ -+ enckey->enckey->digest->length = pkeylen; -+ -+ enckey->os->length = 11; /* "private-key" */ -+ -+ enckey->enckey->algor->algorithm = OBJ_nid2obj(NID_rc4); -+ if ((enckey->enckey->algor->parameter = ASN1_TYPE_new()) == NULL) -+ goto err; -+ enckey->enckey->algor->parameter->type = V_ASN1_NULL; -+ -+ if (pp == NULL) { -+ olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL); -+ NETSCAPE_PKEY_free(pkey); -+ NETSCAPE_ENCRYPTED_PKEY_free(enckey); -+ return olen; -+ } -+ -+ /* Since its RC4 encrypted length is actual length */ -+ if ((zz = (unsigned char *)OPENSSL_malloc(rsalen)) == NULL) { -+ ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ pkey->private_key->data = zz; -+ /* Write out private key encoding */ -+ i2d_RSAPrivateKey(a, &zz); -+ -+ if ((zz = OPENSSL_malloc(pkeylen)) == NULL) { -+ ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ if (!ASN1_STRING_set(enckey->os, "private-key", -1)) { -+ ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ enckey->enckey->digest->data = zz; -+ i2d_NETSCAPE_PKEY(pkey, &zz); -+ -+ /* Wipe the private key encoding */ -+ OPENSSL_cleanse(pkey->private_key->data, rsalen); -+ -+ if (cb == NULL) -+#ifndef OPENSSL_NO_UI -+ cb = EVP_read_pw_string; -+#else -+ i = 1; -+ else -+#endif -+ i = cb((char *)buf, 256, "Enter Private Key password:", 1); -+ if (i != 0) { -+ ASN1err(ASN1_F_I2D_RSA_NET, ASN1_R_BAD_PASSWORD_READ); -+ goto err; -+ } -+ i = strlen((char *)buf); -+ /* If the key is used for SGC the algorithm is modified a little. */ -+ if (sgckey) { -+ if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL)) -+ goto err; -+ memcpy(buf + 16, "SGCKEYSALT", 10); -+ i = 26; -+ } -+ -+ if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i, 1, key, NULL)) -+ goto err; -+ OPENSSL_cleanse(buf, 256); -+ -+ /* Encrypt private key in place */ -+ zz = enckey->enckey->digest->data; -+ if (!EVP_EncryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL)) -+ goto err; -+ if (!EVP_EncryptUpdate(&ctx, zz, &i, zz, pkeylen)) -+ goto err; -+ if (!EVP_EncryptFinal_ex(&ctx, zz + i, &j)) -+ goto err; -+ -+ ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp); -+ err: -+ EVP_CIPHER_CTX_cleanup(&ctx); -+ NETSCAPE_ENCRYPTED_PKEY_free(enckey); -+ NETSCAPE_PKEY_free(pkey); -+ return (ret); -+} -+ -+RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, -+ int (*cb) (char *buf, int len, const char *prompt, -+ int verify)) -+{ -+ return d2i_RSA_NET(a, pp, length, cb, 0); -+} -+ -+RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, -+ int (*cb) (char *buf, int len, const char *prompt, -+ int verify), int sgckey) -+{ -+ RSA *ret = NULL; -+ const unsigned char *p; -+ NETSCAPE_ENCRYPTED_PKEY *enckey = NULL; -+ -+ p = *pp; -+ -+ enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length); -+ if (!enckey) { -+ ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_DECODING_ERROR); -+ return NULL; -+ } -+ -+ if ((enckey->os->length != 11) || (strncmp("private-key", -+ (char *)enckey->os->data, -+ 11) != 0)) { -+ ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_PRIVATE_KEY_HEADER_MISSING); -+ NETSCAPE_ENCRYPTED_PKEY_free(enckey); -+ return NULL; -+ } -+ if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4) { -+ ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM); -+ goto err; -+ } -+ if (cb == NULL) -+#ifndef OPENSSL_NO_UI -+ cb = EVP_read_pw_string; -+#else -+ goto err; -+#endif -+ if ((ret = d2i_RSA_NET_2(a, enckey->enckey->digest, cb, sgckey)) == NULL) -+ goto err; -+ -+ *pp = p; -+ -+ err: -+ NETSCAPE_ENCRYPTED_PKEY_free(enckey); -+ return ret; -+ -+} -+ -+static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, -+ int (*cb) (char *buf, int len, const char *prompt, -+ int verify), int sgckey) -+{ -+ NETSCAPE_PKEY *pkey = NULL; -+ RSA *ret = NULL; -+ int i, j; -+ unsigned char buf[256]; -+ const unsigned char *zz; -+ unsigned char key[EVP_MAX_KEY_LENGTH]; -+ EVP_CIPHER_CTX ctx; -+ EVP_CIPHER_CTX_init(&ctx); -+ -+ i = cb((char *)buf, 256, "Enter Private Key password:", 0); -+ if (i != 0) { -+ ASN1err(ASN1_F_D2I_RSA_NET_2, ASN1_R_BAD_PASSWORD_READ); -+ goto err; -+ } -+ -+ i = strlen((char *)buf); -+ if (sgckey) { -+ if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL)) -+ goto err; -+ memcpy(buf + 16, "SGCKEYSALT", 10); -+ i = 26; -+ } -+ -+ if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i, 1, key, NULL)) -+ goto err; -+ OPENSSL_cleanse(buf, 256); -+ -+ if (!EVP_DecryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL)) -+ goto err; -+ if (!EVP_DecryptUpdate(&ctx, os->data, &i, os->data, os->length)) -+ goto err; -+ if (!EVP_DecryptFinal_ex(&ctx, &(os->data[i]), &j)) -+ goto err; -+ os->length = i + j; -+ -+ zz = os->data; -+ -+ if ((pkey = d2i_NETSCAPE_PKEY(NULL, &zz, os->length)) == NULL) { -+ ASN1err(ASN1_F_D2I_RSA_NET_2, -+ ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY); -+ goto err; -+ } -+ -+ zz = pkey->private_key->data; -+ if ((ret = d2i_RSAPrivateKey(a, &zz, pkey->private_key->length)) == NULL) { -+ ASN1err(ASN1_F_D2I_RSA_NET_2, ASN1_R_UNABLE_TO_DECODE_RSA_KEY); -+ goto err; -+ } -+ err: -+ EVP_CIPHER_CTX_cleanup(&ctx); -+ NETSCAPE_PKEY_free(pkey); -+ return (ret); -+} -+ - # endif /* OPENSSL_NO_RC4 */ - -+#else /* !OPENSSL_NO_RSA */ -+ -+# if PEDANTIC -+static void *dummy = &dummy; -+# endif -+ - #endif -diff --git a/Cryptlib/OpenSSL/crypto/asn1/nsseq.c b/Cryptlib/OpenSSL/crypto/asn1/nsseq.c -index c7baf40..f2f7cba 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/nsseq.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/nsseq.c -@@ -1,10 +1,60 @@ -+/* nsseq.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include -diff --git a/Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c b/Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c -index ab7e168..e2a1def 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c -@@ -1,14 +1,64 @@ -+/* p5_pbe.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include -@@ -29,10 +79,10 @@ int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, - { - PBEPARAM *pbe = NULL; - ASN1_STRING *pbe_str = NULL; -- unsigned char *sstr = NULL; -+ unsigned char *sstr; - - pbe = PBEPARAM_new(); -- if (pbe == NULL) { -+ if (!pbe) { - ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE); - goto err; - } -@@ -44,20 +94,16 @@ int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, - } - if (!saltlen) - saltlen = PKCS5_SALT_LEN; -- -- sstr = OPENSSL_malloc(saltlen); -- if (sstr == NULL) { -+ if (!ASN1_STRING_set(pbe->salt, NULL, saltlen)) { - ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE); - goto err; - } -+ sstr = ASN1_STRING_data(pbe->salt); - if (salt) - memcpy(sstr, salt, saltlen); - else if (RAND_bytes(sstr, saltlen) <= 0) - goto err; - -- ASN1_STRING_set0(pbe->salt, sstr, saltlen); -- sstr = NULL; -- - if (!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), &pbe_str)) { - ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE); - goto err; -@@ -70,9 +116,10 @@ int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, - return 1; - - err: -- OPENSSL_free(sstr); -- PBEPARAM_free(pbe); -- ASN1_STRING_free(pbe_str); -+ if (pbe != NULL) -+ PBEPARAM_free(pbe); -+ if (pbe_str != NULL) -+ ASN1_STRING_free(pbe_str); - return 0; - } - -@@ -83,7 +130,7 @@ X509_ALGOR *PKCS5_pbe_set(int alg, int iter, - { - X509_ALGOR *ret; - ret = X509_ALGOR_new(); -- if (ret == NULL) { -+ if (!ret) { - ASN1err(ASN1_F_PKCS5_PBE_SET, ERR_R_MALLOC_FAILURE); - return NULL; - } -diff --git a/Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c b/Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c -index 14e8700..4c037d3 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c -@@ -1,14 +1,64 @@ -+/* p5_pbev2.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999-2004. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include -@@ -43,7 +93,7 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, - { - X509_ALGOR *scheme = NULL, *ret = NULL; - int alg_nid, keylen; -- EVP_CIPHER_CTX *ctx = NULL; -+ EVP_CIPHER_CTX ctx; - unsigned char iv[EVP_MAX_IV_LENGTH]; - PBE2PARAM *pbe2 = NULL; - -@@ -54,13 +104,14 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, - goto err; - } - -- if ((pbe2 = PBE2PARAM_new()) == NULL) -+ if (!(pbe2 = PBE2PARAM_new())) - goto merr; - - /* Setup the AlgorithmIdentifier for the encryption scheme */ - scheme = pbe2->encryption; -+ - scheme->algorithm = OBJ_nid2obj(alg_nid); -- if ((scheme->parameter = ASN1_TYPE_new()) == NULL) -+ if (!(scheme->parameter = ASN1_TYPE_new())) - goto merr; - - /* Create random IV */ -@@ -71,15 +122,14 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, - goto err; - } - -- ctx = EVP_CIPHER_CTX_new(); -- if (ctx == NULL) -- goto merr; -+ EVP_CIPHER_CTX_init(&ctx); - - /* Dummy cipherinit to just setup the IV, and PRF */ -- if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, iv, 0)) -+ if (!EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0)) - goto err; -- if (EVP_CIPHER_param_to_asn1(ctx, scheme->parameter) < 0) { -+ if (EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) { - ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ASN1_R_ERROR_SETTING_CIPHER_PARAMS); -+ EVP_CIPHER_CTX_cleanup(&ctx); - goto err; - } - /* -@@ -87,12 +137,11 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, - * here: just means use default PRF. - */ - if ((prf_nid == -1) && -- EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) { -+ EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) { - ERR_clear_error(); -- prf_nid = NID_hmacWithSHA256; -+ prf_nid = NID_hmacWithSHA1; - } -- EVP_CIPHER_CTX_free(ctx); -- ctx = NULL; -+ EVP_CIPHER_CTX_cleanup(&ctx); - - /* If its RC2 then we'd better setup the key length */ - -@@ -112,16 +161,19 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, - - /* Now set up top level AlgorithmIdentifier */ - -- if ((ret = X509_ALGOR_new()) == NULL) -+ if (!(ret = X509_ALGOR_new())) -+ goto merr; -+ if (!(ret->parameter = ASN1_TYPE_new())) - goto merr; - - ret->algorithm = OBJ_nid2obj(NID_pbes2); - - /* Encode PBE2PARAM into parameter */ - -- if (!ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(PBE2PARAM), pbe2, -- &ret->parameter)) -+ if (!ASN1_item_pack(pbe2, ASN1_ITEM_rptr(PBE2PARAM), -+ &ret->parameter->value.sequence)) - goto merr; -+ ret->parameter->type = V_ASN1_SEQUENCE; - - PBE2PARAM_free(pbe2); - pbe2 = NULL; -@@ -132,7 +184,6 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, - ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ERR_R_MALLOC_FAILURE); - - err: -- EVP_CIPHER_CTX_free(ctx); - PBE2PARAM_free(pbe2); - /* Note 'scheme' is freed as part of pbe2 */ - X509_ALGOR_free(ret); -@@ -153,17 +204,17 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, - PBKDF2PARAM *kdf = NULL; - ASN1_OCTET_STRING *osalt = NULL; - -- if ((kdf = PBKDF2PARAM_new()) == NULL) -+ if (!(kdf = PBKDF2PARAM_new())) - goto merr; -- if ((osalt = ASN1_OCTET_STRING_new()) == NULL) -+ if (!(osalt = M_ASN1_OCTET_STRING_new())) - goto merr; - - kdf->salt->value.octet_string = osalt; - kdf->salt->type = V_ASN1_OCTET_STRING; - -- if (saltlen == 0) -+ if (!saltlen) - saltlen = PKCS5_SALT_LEN; -- if ((osalt->data = OPENSSL_malloc(saltlen)) == NULL) -+ if (!(osalt->data = OPENSSL_malloc(saltlen))) - goto merr; - - osalt->length = saltlen; -@@ -182,7 +233,7 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, - /* If have a key len set it up */ - - if (keylen > 0) { -- if ((kdf->keylength = ASN1_INTEGER_new()) == NULL) -+ if (!(kdf->keylength = M_ASN1_INTEGER_new())) - goto merr; - if (!ASN1_INTEGER_set(kdf->keylength, keylen)) - goto merr; -@@ -191,7 +242,7 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, - /* prf can stay NULL if we are using hmacWithSHA1 */ - if (prf_nid > 0 && prf_nid != NID_hmacWithSHA1) { - kdf->prf = X509_ALGOR_new(); -- if (kdf->prf == NULL) -+ if (!kdf->prf) - goto merr; - X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid), V_ASN1_NULL, NULL); - } -@@ -199,16 +250,20 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, - /* Finally setup the keyfunc structure */ - - keyfunc = X509_ALGOR_new(); -- if (keyfunc == NULL) -+ if (!keyfunc) - goto merr; - - keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2); - - /* Encode PBKDF2PARAM into parameter of pbe2 */ - -- if (!ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(PBKDF2PARAM), kdf, -- &keyfunc->parameter)) -+ if (!(keyfunc->parameter = ASN1_TYPE_new())) -+ goto merr; -+ -+ if (!ASN1_item_pack(kdf, ASN1_ITEM_rptr(PBKDF2PARAM), -+ &keyfunc->parameter->value.sequence)) - goto merr; -+ keyfunc->parameter->type = V_ASN1_SEQUENCE; - - PBKDF2PARAM_free(kdf); - return keyfunc; -diff --git a/Cryptlib/OpenSSL/crypto/asn1/p5_scrypt.c b/Cryptlib/OpenSSL/crypto/asn1/p5_scrypt.c -deleted file mode 100644 -index 4cb7837..0000000 ---- a/Cryptlib/OpenSSL/crypto/asn1/p5_scrypt.c -+++ /dev/null -@@ -1,283 +0,0 @@ --/* -- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include --#include "internal/cryptlib.h" --#include --#include --#include --#include --#include -- --#ifndef OPENSSL_NO_SCRYPT --/* PKCS#5 scrypt password based encryption structures */ -- --typedef struct { -- ASN1_OCTET_STRING *salt; -- ASN1_INTEGER *costParameter; -- ASN1_INTEGER *blockSize; -- ASN1_INTEGER *parallelizationParameter; -- ASN1_INTEGER *keyLength; --} SCRYPT_PARAMS; -- --ASN1_SEQUENCE(SCRYPT_PARAMS) = { -- ASN1_SIMPLE(SCRYPT_PARAMS, salt, ASN1_OCTET_STRING), -- ASN1_SIMPLE(SCRYPT_PARAMS, costParameter, ASN1_INTEGER), -- ASN1_SIMPLE(SCRYPT_PARAMS, blockSize, ASN1_INTEGER), -- ASN1_SIMPLE(SCRYPT_PARAMS, parallelizationParameter, ASN1_INTEGER), -- ASN1_OPT(SCRYPT_PARAMS, keyLength, ASN1_INTEGER), --} static_ASN1_SEQUENCE_END(SCRYPT_PARAMS) -- --DECLARE_ASN1_ALLOC_FUNCTIONS(SCRYPT_PARAMS) --IMPLEMENT_ASN1_ALLOC_FUNCTIONS(SCRYPT_PARAMS) -- --static X509_ALGOR *pkcs5_scrypt_set(const unsigned char *salt, size_t saltlen, -- size_t keylen, uint64_t N, uint64_t r, -- uint64_t p); -- --/* -- * Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm using scrypt -- */ -- --X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher, -- const unsigned char *salt, int saltlen, -- unsigned char *aiv, uint64_t N, uint64_t r, -- uint64_t p) --{ -- X509_ALGOR *scheme = NULL, *ret = NULL; -- int alg_nid; -- size_t keylen = 0; -- EVP_CIPHER_CTX *ctx = NULL; -- unsigned char iv[EVP_MAX_IV_LENGTH]; -- PBE2PARAM *pbe2 = NULL; -- -- if (!cipher) { -- ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT, ERR_R_PASSED_NULL_PARAMETER); -- goto err; -- } -- -- if (EVP_PBE_scrypt(NULL, 0, NULL, 0, N, r, p, 0, NULL, 0) == 0) { -- ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT, -- ASN1_R_INVALID_SCRYPT_PARAMETERS); -- goto err; -- } -- -- alg_nid = EVP_CIPHER_type(cipher); -- if (alg_nid == NID_undef) { -- ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT, -- ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); -- goto err; -- } -- -- pbe2 = PBE2PARAM_new(); -- if (pbe2 == NULL) -- goto merr; -- -- /* Setup the AlgorithmIdentifier for the encryption scheme */ -- scheme = pbe2->encryption; -- -- scheme->algorithm = OBJ_nid2obj(alg_nid); -- scheme->parameter = ASN1_TYPE_new(); -- if (scheme->parameter == NULL) -- goto merr; -- -- /* Create random IV */ -- if (EVP_CIPHER_iv_length(cipher)) { -- if (aiv) -- memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher)); -- else if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0) -- goto err; -- } -- -- ctx = EVP_CIPHER_CTX_new(); -- if (ctx == NULL) -- goto merr; -- -- /* Dummy cipherinit to just setup the IV */ -- if (EVP_CipherInit_ex(ctx, cipher, NULL, NULL, iv, 0) == 0) -- goto err; -- if (EVP_CIPHER_param_to_asn1(ctx, scheme->parameter) < 0) { -- ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT, -- ASN1_R_ERROR_SETTING_CIPHER_PARAMS); -- goto err; -- } -- EVP_CIPHER_CTX_free(ctx); -- ctx = NULL; -- -- /* If its RC2 then we'd better setup the key length */ -- -- if (alg_nid == NID_rc2_cbc) -- keylen = EVP_CIPHER_key_length(cipher); -- -- /* Setup keyfunc */ -- -- X509_ALGOR_free(pbe2->keyfunc); -- -- pbe2->keyfunc = pkcs5_scrypt_set(salt, saltlen, keylen, N, r, p); -- -- if (pbe2->keyfunc == NULL) -- goto merr; -- -- /* Now set up top level AlgorithmIdentifier */ -- -- ret = X509_ALGOR_new(); -- if (ret == NULL) -- goto merr; -- -- ret->algorithm = OBJ_nid2obj(NID_pbes2); -- -- /* Encode PBE2PARAM into parameter */ -- -- if (ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(PBE2PARAM), pbe2, -- &ret->parameter) == NULL) -- goto merr; -- -- PBE2PARAM_free(pbe2); -- pbe2 = NULL; -- -- return ret; -- -- merr: -- ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT, ERR_R_MALLOC_FAILURE); -- -- err: -- PBE2PARAM_free(pbe2); -- X509_ALGOR_free(ret); -- EVP_CIPHER_CTX_free(ctx); -- -- return NULL; --} -- --static X509_ALGOR *pkcs5_scrypt_set(const unsigned char *salt, size_t saltlen, -- size_t keylen, uint64_t N, uint64_t r, -- uint64_t p) --{ -- X509_ALGOR *keyfunc = NULL; -- SCRYPT_PARAMS *sparam = SCRYPT_PARAMS_new(); -- -- if (sparam == NULL) -- goto merr; -- -- if (!saltlen) -- saltlen = PKCS5_SALT_LEN; -- -- /* This will either copy salt or grow the buffer */ -- if (ASN1_STRING_set(sparam->salt, salt, saltlen) == 0) -- goto merr; -- -- if (salt == NULL && RAND_bytes(sparam->salt->data, saltlen) <= 0) -- goto err; -- -- if (ASN1_INTEGER_set_uint64(sparam->costParameter, N) == 0) -- goto merr; -- -- if (ASN1_INTEGER_set_uint64(sparam->blockSize, r) == 0) -- goto merr; -- -- if (ASN1_INTEGER_set_uint64(sparam->parallelizationParameter, p) == 0) -- goto merr; -- -- /* If have a key len set it up */ -- -- if (keylen > 0) { -- sparam->keyLength = ASN1_INTEGER_new(); -- if (sparam->keyLength == NULL) -- goto merr; -- if (ASN1_INTEGER_set_int64(sparam->keyLength, keylen) == 0) -- goto merr; -- } -- -- /* Finally setup the keyfunc structure */ -- -- keyfunc = X509_ALGOR_new(); -- if (keyfunc == NULL) -- goto merr; -- -- keyfunc->algorithm = OBJ_nid2obj(NID_id_scrypt); -- -- /* Encode SCRYPT_PARAMS into parameter of pbe2 */ -- -- if (ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(SCRYPT_PARAMS), sparam, -- &keyfunc->parameter) == NULL) -- goto merr; -- -- SCRYPT_PARAMS_free(sparam); -- return keyfunc; -- -- merr: -- ASN1err(ASN1_F_PKCS5_SCRYPT_SET, ERR_R_MALLOC_FAILURE); -- err: -- SCRYPT_PARAMS_free(sparam); -- X509_ALGOR_free(keyfunc); -- return NULL; --} -- --int PKCS5_v2_scrypt_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, -- int passlen, ASN1_TYPE *param, -- const EVP_CIPHER *c, const EVP_MD *md, int en_de) --{ -- unsigned char *salt, key[EVP_MAX_KEY_LENGTH]; -- uint64_t p, r, N; -- size_t saltlen; -- size_t keylen = 0; -- int rv = 0; -- SCRYPT_PARAMS *sparam = NULL; -- -- if (EVP_CIPHER_CTX_cipher(ctx) == NULL) { -- EVPerr(EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN, EVP_R_NO_CIPHER_SET); -- goto err; -- } -- -- /* Decode parameter */ -- -- sparam = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(SCRYPT_PARAMS), param); -- -- if (sparam == NULL) { -- EVPerr(EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN, EVP_R_DECODE_ERROR); -- goto err; -- } -- -- keylen = EVP_CIPHER_CTX_key_length(ctx); -- -- /* Now check the parameters of sparam */ -- -- if (sparam->keyLength) { -- uint64_t spkeylen; -- if ((ASN1_INTEGER_get_uint64(&spkeylen, sparam->keyLength) == 0) -- || (spkeylen != keylen)) { -- EVPerr(EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN, -- EVP_R_UNSUPPORTED_KEYLENGTH); -- goto err; -- } -- } -- /* Check all parameters fit in uint64_t and are acceptable to scrypt */ -- if (ASN1_INTEGER_get_uint64(&N, sparam->costParameter) == 0 -- || ASN1_INTEGER_get_uint64(&r, sparam->blockSize) == 0 -- || ASN1_INTEGER_get_uint64(&p, sparam->parallelizationParameter) == 0 -- || EVP_PBE_scrypt(NULL, 0, NULL, 0, N, r, p, 0, NULL, 0) == 0) { -- EVPerr(EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN, -- EVP_R_ILLEGAL_SCRYPT_PARAMETERS); -- goto err; -- } -- -- /* it seems that its all OK */ -- -- salt = sparam->salt->data; -- saltlen = sparam->salt->length; -- if (EVP_PBE_scrypt(pass, passlen, salt, saltlen, N, r, p, 0, key, keylen) -- == 0) -- goto err; -- rv = EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de); -- err: -- if (keylen) -- OPENSSL_cleanse(key, keylen); -- SCRYPT_PARAMS_free(sparam); -- return rv; --} --#endif /* OPENSSL_NO_SCRYPT */ -diff --git a/Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c -index dbee827..0a425cd 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c -@@ -1,17 +1,66 @@ -+/* p8_pkey.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include --#include "internal/x509_int.h" - - /* Minor tweak to operation: zero private key data */ - static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, -@@ -20,8 +69,10 @@ static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - /* Since the structure must still be valid use ASN1_OP_FREE_PRE */ - if (operation == ASN1_OP_FREE_PRE) { - PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval; -- if (key->pkey) -- OPENSSL_cleanse(key->pkey->data, key->pkey->length); -+ if (key->pkey && key->pkey->type == V_ASN1_OCTET_STRING -+ && key->pkey->value.octet_string != NULL) -+ OPENSSL_cleanse(key->pkey->value.octet_string->data, -+ key->pkey->value.octet_string->length); - } - return 1; - } -@@ -29,7 +80,7 @@ static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - ASN1_SEQUENCE_cb(PKCS8_PRIV_KEY_INFO, pkey_cb) = { - ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, version, ASN1_INTEGER), - ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkeyalg, X509_ALGOR), -- ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkey, ASN1_OCTET_STRING), -+ ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkey, ASN1_ANY), - ASN1_IMP_SET_OF_OPT(PKCS8_PRIV_KEY_INFO, attributes, X509_ATTRIBUTE, 0) - } ASN1_SEQUENCE_END_cb(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO) - -@@ -39,42 +90,56 @@ int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, - int version, - int ptype, void *pval, unsigned char *penc, int penclen) - { -+ unsigned char **ppenc = NULL; - if (version >= 0) { - if (!ASN1_INTEGER_set(priv->version, version)) - return 0; - } -- if (!X509_ALGOR_set0(priv->pkeyalg, aobj, ptype, pval)) -+ if (penc) { -+ int pmtype; -+ ASN1_OCTET_STRING *oct; -+ oct = ASN1_OCTET_STRING_new(); -+ if (!oct) -+ return 0; -+ oct->data = penc; -+ ppenc = &oct->data; -+ oct->length = penclen; -+ if (priv->broken == PKCS8_NO_OCTET) -+ pmtype = V_ASN1_SEQUENCE; -+ else -+ pmtype = V_ASN1_OCTET_STRING; -+ ASN1_TYPE_set(priv->pkey, pmtype, oct); -+ } -+ if (!X509_ALGOR_set0(priv->pkeyalg, aobj, ptype, pval)) { -+ /* If call fails do not swallow 'enc' */ -+ if (ppenc) -+ *ppenc = NULL; - return 0; -- if (penc) -- ASN1_STRING_set0(priv->pkey, penc, penclen); -+ } - return 1; - } - --int PKCS8_pkey_get0(const ASN1_OBJECT **ppkalg, -+int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg, - const unsigned char **pk, int *ppklen, -- const X509_ALGOR **pa, const PKCS8_PRIV_KEY_INFO *p8) -+ X509_ALGOR **pa, PKCS8_PRIV_KEY_INFO *p8) - { - if (ppkalg) - *ppkalg = p8->pkeyalg->algorithm; -- if (pk) { -- *pk = ASN1_STRING_get0_data(p8->pkey); -- *ppklen = ASN1_STRING_length(p8->pkey); -- } -+ if (p8->pkey->type == V_ASN1_OCTET_STRING) { -+ p8->broken = PKCS8_OK; -+ if (pk) { -+ *pk = p8->pkey->value.octet_string->data; -+ *ppklen = p8->pkey->value.octet_string->length; -+ } -+ } else if (p8->pkey->type == V_ASN1_SEQUENCE) { -+ p8->broken = PKCS8_NO_OCTET; -+ if (pk) { -+ *pk = p8->pkey->value.sequence->data; -+ *ppklen = p8->pkey->value.sequence->length; -+ } -+ } else -+ return 0; - if (pa) - *pa = p8->pkeyalg; - return 1; - } -- --const STACK_OF(X509_ATTRIBUTE) * --PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO *p8) --{ -- return p8->attributes; --} -- --int PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type, -- const unsigned char *bytes, int len) --{ -- if (X509at_add1_attr_by_NID(&p8->attributes, nid, type, bytes, len) != NULL) -- return 1; -- return 0; --} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_bitst.c b/Cryptlib/OpenSSL/crypto/asn1/t_bitst.c -index c0aeca4..d5cf3c7 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/t_bitst.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/t_bitst.c -@@ -1,14 +1,64 @@ -+/* t_bitst.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - -@@ -30,7 +80,7 @@ int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs, - return 1; - } - --int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, int value, -+int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value, - BIT_STRING_BITNAME *tbl) - { - int bitnum; -@@ -44,12 +94,11 @@ int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, int value, - return 1; - } - --int ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl) -+int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl) - { - BIT_STRING_BITNAME *bnam; - for (bnam = tbl; bnam->lname; bnam++) { -- if ((strcmp(bnam->sname, name) == 0) -- || (strcmp(bnam->lname, name) == 0)) -+ if (!strcmp(bnam->sname, name) || !strcmp(bnam->lname, name)) - return bnam->bitnum; - } - return -1; -diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_crl.c b/Cryptlib/OpenSSL/crypto/asn1/t_crl.c -new file mode 100644 -index 0000000..0dfaf0b ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/asn1/t_crl.c -@@ -0,0 +1,133 @@ -+/* t_crl.c */ -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+#include -+#include "cryptlib.h" -+#include -+#include -+#include -+#include -+#include -+ -+#ifndef OPENSSL_NO_FP_API -+int X509_CRL_print_fp(FILE *fp, X509_CRL *x) -+{ -+ BIO *b; -+ int ret; -+ -+ if ((b = BIO_new(BIO_s_file())) == NULL) { -+ X509err(X509_F_X509_CRL_PRINT_FP, ERR_R_BUF_LIB); -+ return (0); -+ } -+ BIO_set_fp(b, fp, BIO_NOCLOSE); -+ ret = X509_CRL_print(b, x); -+ BIO_free(b); -+ return (ret); -+} -+#endif -+ -+int X509_CRL_print(BIO *out, X509_CRL *x) -+{ -+ STACK_OF(X509_REVOKED) *rev; -+ X509_REVOKED *r; -+ long l; -+ int i; -+ char *p; -+ -+ BIO_printf(out, "Certificate Revocation List (CRL):\n"); -+ l = X509_CRL_get_version(x); -+ BIO_printf(out, "%8sVersion %lu (0x%lx)\n", "", l + 1, l); -+ i = OBJ_obj2nid(x->sig_alg->algorithm); -+ X509_signature_print(out, x->sig_alg, NULL); -+ p = X509_NAME_oneline(X509_CRL_get_issuer(x), NULL, 0); -+ BIO_printf(out, "%8sIssuer: %s\n", "", p); -+ OPENSSL_free(p); -+ BIO_printf(out, "%8sLast Update: ", ""); -+ ASN1_TIME_print(out, X509_CRL_get_lastUpdate(x)); -+ BIO_printf(out, "\n%8sNext Update: ", ""); -+ if (X509_CRL_get_nextUpdate(x)) -+ ASN1_TIME_print(out, X509_CRL_get_nextUpdate(x)); -+ else -+ BIO_printf(out, "NONE"); -+ BIO_printf(out, "\n"); -+ -+ X509V3_extensions_print(out, "CRL extensions", x->crl->extensions, 0, 8); -+ -+ rev = X509_CRL_get_REVOKED(x); -+ -+ if (sk_X509_REVOKED_num(rev) > 0) -+ BIO_printf(out, "Revoked Certificates:\n"); -+ else -+ BIO_printf(out, "No Revoked Certificates.\n"); -+ -+ for (i = 0; i < sk_X509_REVOKED_num(rev); i++) { -+ r = sk_X509_REVOKED_value(rev, i); -+ BIO_printf(out, " Serial Number: "); -+ i2a_ASN1_INTEGER(out, r->serialNumber); -+ BIO_printf(out, "\n Revocation Date: "); -+ ASN1_TIME_print(out, r->revocationDate); -+ BIO_printf(out, "\n"); -+ X509V3_extensions_print(out, "CRL entry extensions", -+ r->extensions, 0, 8); -+ } -+ X509_signature_print(out, x->sig_alg, x->signature); -+ -+ return 1; -+ -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c -index 3b2c9df..735c342 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c -@@ -1,59 +1,77 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/asn1/t_pkey.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include --#include "internal/bn_int.h" -- --/* Number of octets per line */ --#define ASN1_BUF_PRINT_WIDTH 15 --/* Maximum indent */ --#define ASN1_PRINT_MAX_INDENT 128 -- --int ASN1_buf_print(BIO *bp, const unsigned char *buf, size_t buflen, int indent) --{ -- size_t i; -- -- for (i = 0; i < buflen; i++) { -- if ((i % ASN1_BUF_PRINT_WIDTH) == 0) { -- if (i > 0 && BIO_puts(bp, "\n") <= 0) -- return 0; -- if (!BIO_indent(bp, indent, ASN1_PRINT_MAX_INDENT)) -- return 0; -- } -- /* -- * Use colon separators for each octet for compatibility as -- * this function is used to print out key components. -- */ -- if (BIO_printf(bp, "%02x%s", buf[i], -- (i == buflen - 1) ? "" : ":") <= 0) -- return 0; -- } -- if (BIO_write(bp, "\n", 1) <= 0) -- return 0; -- return 1; --} -+#include - - int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num, -- unsigned char *ign, int indent) -+ unsigned char *buf, int off) - { -- int n, rv = 0; -+ int n, i; - const char *neg; -- unsigned char *buf = NULL, *tmp = NULL; -- int buflen; - - if (num == NULL) -- return 1; -- neg = BN_is_negative(num) ? "-" : ""; -- if (!BIO_indent(bp, indent, ASN1_PRINT_MAX_INDENT)) -+ return (1); -+ neg = (BN_is_negative(num)) ? "-" : ""; -+ if (!BIO_indent(bp, off, 128)) - return 0; - if (BN_is_zero(num)) { - if (BIO_printf(bp, "%s 0\n", number) <= 0) -@@ -63,31 +81,33 @@ int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num, - - if (BN_num_bytes(num) <= BN_BYTES) { - if (BIO_printf(bp, "%s %s%lu (%s0x%lx)\n", number, neg, -- (unsigned long)bn_get_words(num)[0], neg, -- (unsigned long)bn_get_words(num)[0]) <= 0) -- return 0; -- return 1; -- } -- -- buflen = BN_num_bytes(num) + 1; -- buf = tmp = OPENSSL_malloc(buflen); -- if (buf == NULL) -- goto err; -- buf[0] = 0; -- if (BIO_printf(bp, "%s%s\n", number, -- (neg[0] == '-') ? " (Negative)" : "") <= 0) -- goto err; -- n = BN_bn2bin(num, buf + 1); -+ (unsigned long)num->d[0], neg, -+ (unsigned long)num->d[0]) -+ <= 0) -+ return (0); -+ } else { -+ buf[0] = 0; -+ if (BIO_printf(bp, "%s%s", number, -+ (neg[0] == '-') ? " (Negative)" : "") <= 0) -+ return (0); -+ n = BN_bn2bin(num, &buf[1]); - -- if (buf[1] & 0x80) -- n++; -- else -- tmp++; -+ if (buf[1] & 0x80) -+ n++; -+ else -+ buf++; - -- if (ASN1_buf_print(bp, tmp, n, indent + 4) == 0) -- goto err; -- rv = 1; -- err: -- OPENSSL_clear_free(buf, buflen); -- return rv; -+ for (i = 0; i < n; i++) { -+ if ((i % 15) == 0) { -+ if (BIO_puts(bp, "\n") <= 0 || !BIO_indent(bp, off + 4, 128)) -+ return 0; -+ } -+ if (BIO_printf(bp, "%02x%s", buf[i], ((i + 1) == n) ? "" : ":") -+ <= 0) -+ return (0); -+ } -+ if (BIO_write(bp, "\n", 1) <= 0) -+ return (0); -+ } -+ return (1); - } -diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_req.c b/Cryptlib/OpenSSL/crypto/asn1/t_req.c -new file mode 100644 -index 0000000..70aba4c ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/asn1/t_req.c -@@ -0,0 +1,255 @@ -+/* crypto/asn1/t_req.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#include -+#include "cryptlib.h" -+#include -+#include -+#include -+#include -+#include -+#ifndef OPENSSL_NO_RSA -+# include -+#endif -+#ifndef OPENSSL_NO_DSA -+# include -+#endif -+ -+#ifndef OPENSSL_NO_FP_API -+int X509_REQ_print_fp(FILE *fp, X509_REQ *x) -+{ -+ BIO *b; -+ int ret; -+ -+ if ((b = BIO_new(BIO_s_file())) == NULL) { -+ X509err(X509_F_X509_REQ_PRINT_FP, ERR_R_BUF_LIB); -+ return (0); -+ } -+ BIO_set_fp(b, fp, BIO_NOCLOSE); -+ ret = X509_REQ_print(b, x); -+ BIO_free(b); -+ return (ret); -+} -+#endif -+ -+int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, -+ unsigned long cflag) -+{ -+ unsigned long l; -+ int i; -+ const char *neg; -+ X509_REQ_INFO *ri; -+ EVP_PKEY *pkey; -+ STACK_OF(X509_ATTRIBUTE) *sk; -+ STACK_OF(X509_EXTENSION) *exts; -+ char mlch = ' '; -+ int nmindent = 0; -+ -+ if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) { -+ mlch = '\n'; -+ nmindent = 12; -+ } -+ -+ if (nmflags == X509_FLAG_COMPAT) -+ nmindent = 16; -+ -+ ri = x->req_info; -+ if (!(cflag & X509_FLAG_NO_HEADER)) { -+ if (BIO_write(bp, "Certificate Request:\n", 21) <= 0) -+ goto err; -+ if (BIO_write(bp, " Data:\n", 10) <= 0) -+ goto err; -+ } -+ if (!(cflag & X509_FLAG_NO_VERSION)) { -+ neg = (ri->version->type == V_ASN1_NEG_INTEGER) ? "-" : ""; -+ l = 0; -+ for (i = 0; i < ri->version->length; i++) { -+ l <<= 8; -+ l += ri->version->data[i]; -+ } -+ if (BIO_printf(bp, "%8sVersion: %s%lu (%s0x%lx)\n", "", neg, l, neg, -+ l) <= 0) -+ goto err; -+ } -+ if (!(cflag & X509_FLAG_NO_SUBJECT)) { -+ if (BIO_printf(bp, " Subject:%c", mlch) <= 0) -+ goto err; -+ if (X509_NAME_print_ex(bp, ri->subject, nmindent, nmflags) < 0) -+ goto err; -+ if (BIO_write(bp, "\n", 1) <= 0) -+ goto err; -+ } -+ if (!(cflag & X509_FLAG_NO_PUBKEY)) { -+ if (BIO_write(bp, " Subject Public Key Info:\n", 33) <= 0) -+ goto err; -+ if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0) -+ goto err; -+ if (i2a_ASN1_OBJECT(bp, ri->pubkey->algor->algorithm) <= 0) -+ goto err; -+ if (BIO_puts(bp, "\n") <= 0) -+ goto err; -+ -+ pkey = X509_REQ_get_pubkey(x); -+ if (pkey == NULL) { -+ BIO_printf(bp, "%12sUnable to load Public Key\n", ""); -+ ERR_print_errors(bp); -+ } else { -+ EVP_PKEY_print_public(bp, pkey, 16, NULL); -+ EVP_PKEY_free(pkey); -+ } -+ } -+ -+ if (!(cflag & X509_FLAG_NO_ATTRIBUTES)) { -+ /* may not be */ -+ if (BIO_printf(bp, "%8sAttributes:\n", "") <= 0) -+ goto err; -+ -+ sk = x->req_info->attributes; -+ if (sk_X509_ATTRIBUTE_num(sk) == 0) { -+ if (BIO_printf(bp, "%12sa0:00\n", "") <= 0) -+ goto err; -+ } else { -+ for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) { -+ ASN1_TYPE *at; -+ X509_ATTRIBUTE *a; -+ ASN1_BIT_STRING *bs = NULL; -+ ASN1_TYPE *t; -+ int j, type = 0, count = 1, ii = 0; -+ -+ a = sk_X509_ATTRIBUTE_value(sk, i); -+ if (X509_REQ_extension_nid(OBJ_obj2nid(a->object))) -+ continue; -+ if (BIO_printf(bp, "%12s", "") <= 0) -+ goto err; -+ if ((j = i2a_ASN1_OBJECT(bp, a->object)) > 0) { -+ if (a->single) { -+ t = a->value.single; -+ type = t->type; -+ bs = t->value.bit_string; -+ } else { -+ ii = 0; -+ count = sk_ASN1_TYPE_num(a->value.set); -+ get_next: -+ at = sk_ASN1_TYPE_value(a->value.set, ii); -+ type = at->type; -+ bs = at->value.asn1_string; -+ } -+ } -+ for (j = 25 - j; j > 0; j--) -+ if (BIO_write(bp, " ", 1) != 1) -+ goto err; -+ if (BIO_puts(bp, ":") <= 0) -+ goto err; -+ if ((type == V_ASN1_PRINTABLESTRING) || -+ (type == V_ASN1_UTF8STRING) || -+ (type == V_ASN1_T61STRING) || -+ (type == V_ASN1_IA5STRING)) { -+ if (BIO_write(bp, (char *)bs->data, bs->length) -+ != bs->length) -+ goto err; -+ BIO_puts(bp, "\n"); -+ } else { -+ BIO_puts(bp, "unable to print attribute\n"); -+ } -+ if (++ii < count) -+ goto get_next; -+ } -+ } -+ } -+ if (!(cflag & X509_FLAG_NO_EXTENSIONS)) { -+ exts = X509_REQ_get_extensions(x); -+ if (exts) { -+ BIO_printf(bp, "%8sRequested Extensions:\n", ""); -+ for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) { -+ ASN1_OBJECT *obj; -+ X509_EXTENSION *ex; -+ int j; -+ ex = sk_X509_EXTENSION_value(exts, i); -+ if (BIO_printf(bp, "%12s", "") <= 0) -+ goto err; -+ obj = X509_EXTENSION_get_object(ex); -+ i2a_ASN1_OBJECT(bp, obj); -+ j = X509_EXTENSION_get_critical(ex); -+ if (BIO_printf(bp, ": %s\n", j ? "critical" : "") <= 0) -+ goto err; -+ if (!X509V3_EXT_print(bp, ex, cflag, 16)) { -+ BIO_printf(bp, "%16s", ""); -+ M_ASN1_OCTET_STRING_print(bp, ex->value); -+ } -+ if (BIO_write(bp, "\n", 1) <= 0) -+ goto err; -+ } -+ sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); -+ } -+ } -+ -+ if (!(cflag & X509_FLAG_NO_SIGDUMP)) { -+ if (!X509_signature_print(bp, x->sig_alg, x->signature)) -+ goto err; -+ } -+ -+ return (1); -+ err: -+ X509err(X509_F_X509_REQ_PRINT_EX, ERR_R_BUF_LIB); -+ return (0); -+} -+ -+int X509_REQ_print(BIO *bp, X509_REQ *x) -+{ -+ return X509_REQ_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT); -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_spki.c b/Cryptlib/OpenSSL/crypto/asn1/t_spki.c -index 51b56d0..3bf48db 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/t_spki.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/t_spki.c -@@ -1,18 +1,72 @@ -+/* t_spki.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include --#include --#include -+#ifndef OPENSSL_NO_RSA -+# include -+#endif -+#ifndef OPENSSL_NO_DSA -+# include -+#endif - #include - - /* Print out an SPKI */ -@@ -21,12 +75,10 @@ int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki) - { - EVP_PKEY *pkey; - ASN1_IA5STRING *chal; -- ASN1_OBJECT *spkioid; - int i, n; - char *s; - BIO_printf(out, "Netscape SPKI:\n"); -- X509_PUBKEY_get0_param(&spkioid, NULL, NULL, NULL, spki->spkac->pubkey); -- i = OBJ_obj2nid(spkioid); -+ i = OBJ_obj2nid(spki->spkac->pubkey->algor->algorithm); - BIO_printf(out, " Public Key Algorithm: %s\n", - (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i)); - pkey = X509_PUBKEY_get(spki->spkac->pubkey); -@@ -39,7 +91,7 @@ int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki) - chal = spki->spkac->challenge; - if (chal->length) - BIO_printf(out, " Challenge String: %s\n", chal->data); -- i = OBJ_obj2nid(spki->sig_algor.algorithm); -+ i = OBJ_obj2nid(spki->sig_algor->algorithm); - BIO_printf(out, " Signature Algorithm: %s", - (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i)); - -diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_x509.c b/Cryptlib/OpenSSL/crypto/asn1/t_x509.c -new file mode 100644 -index 0000000..8888396 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/asn1/t_x509.c -@@ -0,0 +1,556 @@ -+/* crypto/asn1/t_x509.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#include -+#include "cryptlib.h" -+#include -+#include -+#ifndef OPENSSL_NO_RSA -+# include -+#endif -+#ifndef OPENSSL_NO_DSA -+# include -+#endif -+#ifndef OPENSSL_NO_EC -+# include -+#endif -+#include -+#include -+#include -+#include "asn1_locl.h" -+ -+#ifndef OPENSSL_NO_FP_API -+int X509_print_fp(FILE *fp, X509 *x) -+{ -+ return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT); -+} -+ -+int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, -+ unsigned long cflag) -+{ -+ BIO *b; -+ int ret; -+ -+ if ((b = BIO_new(BIO_s_file())) == NULL) { -+ X509err(X509_F_X509_PRINT_EX_FP, ERR_R_BUF_LIB); -+ return (0); -+ } -+ BIO_set_fp(b, fp, BIO_NOCLOSE); -+ ret = X509_print_ex(b, x, nmflag, cflag); -+ BIO_free(b); -+ return (ret); -+} -+#endif -+ -+int X509_print(BIO *bp, X509 *x) -+{ -+ return X509_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT); -+} -+ -+int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, -+ unsigned long cflag) -+{ -+ long l; -+ int ret = 0, i; -+ char *m = NULL, mlch = ' '; -+ int nmindent = 0; -+ X509_CINF *ci; -+ ASN1_INTEGER *bs; -+ EVP_PKEY *pkey = NULL; -+ const char *neg; -+ -+ if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) { -+ mlch = '\n'; -+ nmindent = 12; -+ } -+ -+ if (nmflags == X509_FLAG_COMPAT) -+ nmindent = 16; -+ -+ ci = x->cert_info; -+ if (!(cflag & X509_FLAG_NO_HEADER)) { -+ if (BIO_write(bp, "Certificate:\n", 13) <= 0) -+ goto err; -+ if (BIO_write(bp, " Data:\n", 10) <= 0) -+ goto err; -+ } -+ if (!(cflag & X509_FLAG_NO_VERSION)) { -+ l = X509_get_version(x); -+ if (BIO_printf(bp, "%8sVersion: %lu (0x%lx)\n", "", l + 1, l) <= 0) -+ goto err; -+ } -+ if (!(cflag & X509_FLAG_NO_SERIAL)) { -+ -+ if (BIO_write(bp, " Serial Number:", 22) <= 0) -+ goto err; -+ -+ bs = X509_get_serialNumber(x); -+ if (bs->length < (int)sizeof(long) -+ || (bs->length == sizeof(long) && (bs->data[0] & 0x80) == 0)) { -+ l = ASN1_INTEGER_get(bs); -+ if (bs->type == V_ASN1_NEG_INTEGER) { -+ l = -l; -+ neg = "-"; -+ } else -+ neg = ""; -+ if (BIO_printf(bp, " %s%lu (%s0x%lx)\n", neg, l, neg, l) <= 0) -+ goto err; -+ } else { -+ neg = (bs->type == V_ASN1_NEG_INTEGER) ? " (Negative)" : ""; -+ if (BIO_printf(bp, "\n%12s%s", "", neg) <= 0) -+ goto err; -+ -+ for (i = 0; i < bs->length; i++) { -+ if (BIO_printf(bp, "%02x%c", bs->data[i], -+ ((i + 1 == bs->length) ? '\n' : ':')) <= 0) -+ goto err; -+ } -+ } -+ -+ } -+ -+ if (!(cflag & X509_FLAG_NO_SIGNAME)) { -+ if (X509_signature_print(bp, ci->signature, NULL) <= 0) -+ goto err; -+#if 0 -+ if (BIO_printf(bp, "%8sSignature Algorithm: ", "") <= 0) -+ goto err; -+ if (i2a_ASN1_OBJECT(bp, ci->signature->algorithm) <= 0) -+ goto err; -+ if (BIO_puts(bp, "\n") <= 0) -+ goto err; -+#endif -+ } -+ -+ if (!(cflag & X509_FLAG_NO_ISSUER)) { -+ if (BIO_printf(bp, " Issuer:%c", mlch) <= 0) -+ goto err; -+ if (X509_NAME_print_ex(bp, X509_get_issuer_name(x), nmindent, nmflags) -+ < 0) -+ goto err; -+ if (BIO_write(bp, "\n", 1) <= 0) -+ goto err; -+ } -+ if (!(cflag & X509_FLAG_NO_VALIDITY)) { -+ if (BIO_write(bp, " Validity\n", 17) <= 0) -+ goto err; -+ if (BIO_write(bp, " Not Before: ", 24) <= 0) -+ goto err; -+ if (!ASN1_TIME_print(bp, X509_get_notBefore(x))) -+ goto err; -+ if (BIO_write(bp, "\n Not After : ", 25) <= 0) -+ goto err; -+ if (!ASN1_TIME_print(bp, X509_get_notAfter(x))) -+ goto err; -+ if (BIO_write(bp, "\n", 1) <= 0) -+ goto err; -+ } -+ if (!(cflag & X509_FLAG_NO_SUBJECT)) { -+ if (BIO_printf(bp, " Subject:%c", mlch) <= 0) -+ goto err; -+ if (X509_NAME_print_ex -+ (bp, X509_get_subject_name(x), nmindent, nmflags) < 0) -+ goto err; -+ if (BIO_write(bp, "\n", 1) <= 0) -+ goto err; -+ } -+ if (!(cflag & X509_FLAG_NO_PUBKEY)) { -+ if (BIO_write(bp, " Subject Public Key Info:\n", 33) <= 0) -+ goto err; -+ if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0) -+ goto err; -+ if (i2a_ASN1_OBJECT(bp, ci->key->algor->algorithm) <= 0) -+ goto err; -+ if (BIO_puts(bp, "\n") <= 0) -+ goto err; -+ -+ pkey = X509_get_pubkey(x); -+ if (pkey == NULL) { -+ BIO_printf(bp, "%12sUnable to load Public Key\n", ""); -+ ERR_print_errors(bp); -+ } else { -+ EVP_PKEY_print_public(bp, pkey, 16, NULL); -+ EVP_PKEY_free(pkey); -+ } -+ } -+ -+ if (!(cflag & X509_FLAG_NO_IDS)) { -+ if (ci->issuerUID) { -+ if (BIO_printf(bp, "%8sIssuer Unique ID: ", "") <= 0) -+ goto err; -+ if (!X509_signature_dump(bp, ci->issuerUID, 12)) -+ goto err; -+ } -+ if (ci->subjectUID) { -+ if (BIO_printf(bp, "%8sSubject Unique ID: ", "") <= 0) -+ goto err; -+ if (!X509_signature_dump(bp, ci->subjectUID, 12)) -+ goto err; -+ } -+ } -+ -+ if (!(cflag & X509_FLAG_NO_EXTENSIONS)) -+ X509V3_extensions_print(bp, "X509v3 extensions", -+ ci->extensions, cflag, 8); -+ -+ if (!(cflag & X509_FLAG_NO_SIGDUMP)) { -+ if (X509_signature_print(bp, x->sig_alg, x->signature) <= 0) -+ goto err; -+ } -+ if (!(cflag & X509_FLAG_NO_AUX)) { -+ if (!X509_CERT_AUX_print(bp, x->aux, 0)) -+ goto err; -+ } -+ ret = 1; -+ err: -+ if (m != NULL) -+ OPENSSL_free(m); -+ return (ret); -+} -+ -+int X509_ocspid_print(BIO *bp, X509 *x) -+{ -+ unsigned char *der = NULL; -+ unsigned char *dertmp; -+ int derlen; -+ int i; -+ unsigned char SHA1md[SHA_DIGEST_LENGTH]; -+ -+ /* -+ * display the hash of the subject as it would appear in OCSP requests -+ */ -+ if (BIO_printf(bp, " Subject OCSP hash: ") <= 0) -+ goto err; -+ derlen = i2d_X509_NAME(x->cert_info->subject, NULL); -+ if ((der = dertmp = (unsigned char *)OPENSSL_malloc(derlen)) == NULL) -+ goto err; -+ i2d_X509_NAME(x->cert_info->subject, &dertmp); -+ -+ if (!EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL)) -+ goto err; -+ for (i = 0; i < SHA_DIGEST_LENGTH; i++) { -+ if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0) -+ goto err; -+ } -+ OPENSSL_free(der); -+ der = NULL; -+ -+ /* -+ * display the hash of the public key as it would appear in OCSP requests -+ */ -+ if (BIO_printf(bp, "\n Public key OCSP hash: ") <= 0) -+ goto err; -+ -+ if (!EVP_Digest(x->cert_info->key->public_key->data, -+ x->cert_info->key->public_key->length, -+ SHA1md, NULL, EVP_sha1(), NULL)) -+ goto err; -+ for (i = 0; i < SHA_DIGEST_LENGTH; i++) { -+ if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0) -+ goto err; -+ } -+ BIO_printf(bp, "\n"); -+ -+ return (1); -+ err: -+ if (der != NULL) -+ OPENSSL_free(der); -+ return (0); -+} -+ -+int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent) -+{ -+ const unsigned char *s; -+ int i, n; -+ -+ n = sig->length; -+ s = sig->data; -+ for (i = 0; i < n; i++) { -+ if ((i % 18) == 0) { -+ if (BIO_write(bp, "\n", 1) <= 0) -+ return 0; -+ if (BIO_indent(bp, indent, indent) <= 0) -+ return 0; -+ } -+ if (BIO_printf(bp, "%02x%s", s[i], ((i + 1) == n) ? "" : ":") <= 0) -+ return 0; -+ } -+ if (BIO_write(bp, "\n", 1) != 1) -+ return 0; -+ -+ return 1; -+} -+ -+int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig) -+{ -+ int sig_nid; -+ if (BIO_puts(bp, " Signature Algorithm: ") <= 0) -+ return 0; -+ if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0) -+ return 0; -+ -+ sig_nid = OBJ_obj2nid(sigalg->algorithm); -+ if (sig_nid != NID_undef) { -+ int pkey_nid, dig_nid; -+ const EVP_PKEY_ASN1_METHOD *ameth; -+ if (OBJ_find_sigid_algs(sig_nid, &dig_nid, &pkey_nid)) { -+ ameth = EVP_PKEY_asn1_find(NULL, pkey_nid); -+ if (ameth && ameth->sig_print) -+ return ameth->sig_print(bp, sigalg, sig, 9, 0); -+ } -+ } -+ if (sig) -+ return X509_signature_dump(bp, sig, 9); -+ else if (BIO_puts(bp, "\n") <= 0) -+ return 0; -+ return 1; -+} -+ -+int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v) -+{ -+ int i, n; -+ char buf[80]; -+ const char *p; -+ -+ if (v == NULL) -+ return (0); -+ n = 0; -+ p = (const char *)v->data; -+ for (i = 0; i < v->length; i++) { -+ if ((p[i] > '~') || ((p[i] < ' ') && -+ (p[i] != '\n') && (p[i] != '\r'))) -+ buf[n] = '.'; -+ else -+ buf[n] = p[i]; -+ n++; -+ if (n >= 80) { -+ if (BIO_write(bp, buf, n) <= 0) -+ return (0); -+ n = 0; -+ } -+ } -+ if (n > 0) -+ if (BIO_write(bp, buf, n) <= 0) -+ return (0); -+ return (1); -+} -+ -+int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm) -+{ -+ if (tm->type == V_ASN1_UTCTIME) -+ return ASN1_UTCTIME_print(bp, tm); -+ if (tm->type == V_ASN1_GENERALIZEDTIME) -+ return ASN1_GENERALIZEDTIME_print(bp, tm); -+ BIO_write(bp, "Bad time value", 14); -+ return (0); -+} -+ -+static const char *mon[12] = { -+ "Jan", "Feb", "Mar", "Apr", "May", "Jun", -+ "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" -+}; -+ -+int ASN1_GENERALIZEDTIME_print(BIO *bp, const ASN1_GENERALIZEDTIME *tm) -+{ -+ char *v; -+ int gmt = 0; -+ int i; -+ int y = 0, M = 0, d = 0, h = 0, m = 0, s = 0; -+ char *f = NULL; -+ int f_len = 0; -+ -+ i = tm->length; -+ v = (char *)tm->data; -+ -+ if (i < 12) -+ goto err; -+ if (v[i - 1] == 'Z') -+ gmt = 1; -+ for (i = 0; i < 12; i++) -+ if ((v[i] > '9') || (v[i] < '0')) -+ goto err; -+ y = (v[0] - '0') * 1000 + (v[1] - '0') * 100 -+ + (v[2] - '0') * 10 + (v[3] - '0'); -+ M = (v[4] - '0') * 10 + (v[5] - '0'); -+ if ((M > 12) || (M < 1)) -+ goto err; -+ d = (v[6] - '0') * 10 + (v[7] - '0'); -+ h = (v[8] - '0') * 10 + (v[9] - '0'); -+ m = (v[10] - '0') * 10 + (v[11] - '0'); -+ if (tm->length >= 14 && -+ (v[12] >= '0') && (v[12] <= '9') && -+ (v[13] >= '0') && (v[13] <= '9')) { -+ s = (v[12] - '0') * 10 + (v[13] - '0'); -+ /* Check for fractions of seconds. */ -+ if (tm->length >= 15 && v[14] == '.') { -+ int l = tm->length; -+ f = &v[14]; /* The decimal point. */ -+ f_len = 1; -+ while (14 + f_len < l && f[f_len] >= '0' && f[f_len] <= '9') -+ ++f_len; -+ } -+ } -+ -+ if (BIO_printf(bp, "%s %2d %02d:%02d:%02d%.*s %d%s", -+ mon[M - 1], d, h, m, s, f_len, f, y, -+ (gmt) ? " GMT" : "") <= 0) -+ return (0); -+ else -+ return (1); -+ err: -+ BIO_write(bp, "Bad time value", 14); -+ return (0); -+} -+ -+int ASN1_UTCTIME_print(BIO *bp, const ASN1_UTCTIME *tm) -+{ -+ const char *v; -+ int gmt = 0; -+ int i; -+ int y = 0, M = 0, d = 0, h = 0, m = 0, s = 0; -+ -+ i = tm->length; -+ v = (const char *)tm->data; -+ -+ if (i < 10) -+ goto err; -+ if (v[i - 1] == 'Z') -+ gmt = 1; -+ for (i = 0; i < 10; i++) -+ if ((v[i] > '9') || (v[i] < '0')) -+ goto err; -+ y = (v[0] - '0') * 10 + (v[1] - '0'); -+ if (y < 50) -+ y += 100; -+ M = (v[2] - '0') * 10 + (v[3] - '0'); -+ if ((M > 12) || (M < 1)) -+ goto err; -+ d = (v[4] - '0') * 10 + (v[5] - '0'); -+ h = (v[6] - '0') * 10 + (v[7] - '0'); -+ m = (v[8] - '0') * 10 + (v[9] - '0'); -+ if (tm->length >= 12 && -+ (v[10] >= '0') && (v[10] <= '9') && (v[11] >= '0') && (v[11] <= '9')) -+ s = (v[10] - '0') * 10 + (v[11] - '0'); -+ -+ if (BIO_printf(bp, "%s %2d %02d:%02d:%02d %d%s", -+ mon[M - 1], d, h, m, s, y + 1900, -+ (gmt) ? " GMT" : "") <= 0) -+ return (0); -+ else -+ return (1); -+ err: -+ BIO_write(bp, "Bad time value", 14); -+ return (0); -+} -+ -+int X509_NAME_print(BIO *bp, X509_NAME *name, int obase) -+{ -+ char *s, *c, *b; -+ int ret = 0, l, i; -+ -+ l = 80 - 2 - obase; -+ -+ b = X509_NAME_oneline(name, NULL, 0); -+ if (!b) -+ return 0; -+ if (!*b) { -+ OPENSSL_free(b); -+ return 1; -+ } -+ s = b + 1; /* skip the first slash */ -+ -+ c = s; -+ for (;;) { -+#ifndef CHARSET_EBCDIC -+ if (((*s == '/') && -+ ((s[1] >= 'A') && (s[1] <= 'Z') && ((s[2] == '=') || -+ ((s[2] >= 'A') -+ && (s[2] <= 'Z') -+ && (s[3] == '=')) -+ ))) || (*s == '\0')) -+#else -+ if (((*s == '/') && -+ (isupper(s[1]) && ((s[2] == '=') || -+ (isupper(s[2]) && (s[3] == '=')) -+ ))) || (*s == '\0')) -+#endif -+ { -+ i = s - c; -+ if (BIO_write(bp, c, i) != i) -+ goto err; -+ c = s + 1; /* skip following slash */ -+ if (*s != '\0') { -+ if (BIO_write(bp, ", ", 2) != 2) -+ goto err; -+ } -+ l--; -+ } -+ if (*s == '\0') -+ break; -+ s++; -+ l--; -+ } -+ -+ ret = 1; -+ if (0) { -+ err: -+ X509err(X509_F_X509_NAME_PRINT, ERR_R_BUF_LIB); -+ } -+ OPENSSL_free(b); -+ return (ret); -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_x509a.c b/Cryptlib/OpenSSL/crypto/asn1/t_x509a.c -new file mode 100644 -index 0000000..f4b8f94 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/asn1/t_x509a.c -@@ -0,0 +1,115 @@ -+/* t_x509a.c */ -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+#include -+#include "cryptlib.h" -+#include -+#include -+#include -+ -+/* -+ * X509_CERT_AUX and string set routines -+ */ -+ -+int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent) -+{ -+ char oidstr[80], first; -+ int i; -+ if (!aux) -+ return 1; -+ if (aux->trust) { -+ first = 1; -+ BIO_printf(out, "%*sTrusted Uses:\n%*s", indent, "", indent + 2, ""); -+ for (i = 0; i < sk_ASN1_OBJECT_num(aux->trust); i++) { -+ if (!first) -+ BIO_puts(out, ", "); -+ else -+ first = 0; -+ OBJ_obj2txt(oidstr, sizeof oidstr, -+ sk_ASN1_OBJECT_value(aux->trust, i), 0); -+ BIO_puts(out, oidstr); -+ } -+ BIO_puts(out, "\n"); -+ } else -+ BIO_printf(out, "%*sNo Trusted Uses.\n", indent, ""); -+ if (aux->reject) { -+ first = 1; -+ BIO_printf(out, "%*sRejected Uses:\n%*s", indent, "", indent + 2, ""); -+ for (i = 0; i < sk_ASN1_OBJECT_num(aux->reject); i++) { -+ if (!first) -+ BIO_puts(out, ", "); -+ else -+ first = 0; -+ OBJ_obj2txt(oidstr, sizeof oidstr, -+ sk_ASN1_OBJECT_value(aux->reject, i), 0); -+ BIO_puts(out, oidstr); -+ } -+ BIO_puts(out, "\n"); -+ } else -+ BIO_printf(out, "%*sNo Rejected Uses.\n", indent, ""); -+ if (aux->alias) -+ BIO_printf(out, "%*sAlias: %s\n", indent, "", aux->alias->data); -+ if (aux->keyid) { -+ BIO_printf(out, "%*sKey Id: ", indent, ""); -+ for (i = 0; i < aux->keyid->length; i++) -+ BIO_printf(out, "%s%02X", i ? ":" : "", aux->keyid->data[i]); -+ BIO_write(out, "\n", 1); -+ } -+ return 1; -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c -index c9b6375..d254027 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c -@@ -1,10 +1,60 @@ -+/* tasn_dec.c */ - /* -- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2000. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include -@@ -14,12 +64,6 @@ - #include - #include - #include --#include "internal/numbers.h" --#include "asn1_locl.h" -- --static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, -- long len, const ASN1_ITEM *it, -- int tag, int aclass, char opt, ASN1_TLC *ctx); - - static int asn1_check_eoc(const unsigned char **in, long len); - static int asn1_find_end(const unsigned char **in, long len, char inf); -@@ -47,8 +91,6 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, - const ASN1_ITEM *it, - int tag, int aclass, char opt, - ASN1_TLC *ctx); --static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, -- int utype, char *free_cont, const ASN1_ITEM *it); - - /* Table to convert tags to bit values, used for MSTRING type */ - static const unsigned long tag2bit[32] = { -@@ -106,15 +148,13 @@ ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval, - return NULL; - } - --int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, -- const ASN1_ITEM *it, -- int tag, int aclass, char opt, ASN1_TLC *ctx) -+int ASN1_template_d2i(ASN1_VALUE **pval, -+ const unsigned char **in, long len, -+ const ASN1_TEMPLATE *tt) - { -- int rv; -- rv = asn1_item_embed_d2i(pval, in, len, it, tag, aclass, opt, ctx); -- if (rv <= 0) -- ASN1_item_ex_free(pval, it); -- return rv; -+ ASN1_TLC c; -+ asn1_tlc_clear_nc(&c); -+ return asn1_template_ex_d2i(pval, in, len, tt, 0, &c); - } - - /* -@@ -122,22 +162,26 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, - * tag mismatch return -1 to handle OPTIONAL - */ - --static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, -- long len, const ASN1_ITEM *it, -- int tag, int aclass, char opt, ASN1_TLC *ctx) -+int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, -+ const ASN1_ITEM *it, -+ int tag, int aclass, char opt, ASN1_TLC *ctx) - { - const ASN1_TEMPLATE *tt, *errtt = NULL; -+ const ASN1_COMPAT_FUNCS *cf; - const ASN1_EXTERN_FUNCS *ef; - const ASN1_AUX *aux = it->funcs; - ASN1_aux_cb *asn1_cb; - const unsigned char *p = NULL, *q; -- unsigned char oclass; -+ unsigned char *wp = NULL; /* BIG FAT WARNING! BREAKS CONST WHERE USED */ -+ unsigned char imphack = 0, oclass; - char seq_eoc, seq_nolen, cst, isopt; - long tmplen; - int i; - int otag; - int ret = 0; -- ASN1_VALUE **pchptr; -+ ASN1_VALUE **pchptr, *ptmpval; -+ int combine = aclass & ASN1_TFLG_COMBINE; -+ aclass &= ~ASN1_TFLG_COMBINE; - if (!pval) - return 0; - if (aux && aux->asn1_cb) -@@ -155,7 +199,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, - * template in the template itself. - */ - if ((tag != -1) || opt) { -- ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, -+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, - ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE); - goto err; - } -@@ -164,6 +208,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, - } - return asn1_d2i_ex_primitive(pval, in, len, it, - tag, aclass, opt, ctx); -+ break; - - case ASN1_ITYPE_MSTRING: - p = *in; -@@ -171,7 +216,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, - ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL, - &p, len, -1, 0, 1, ctx); - if (!ret) { -- ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ERR_R_NESTED_ASN1_ERROR); -+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); - goto err; - } - -@@ -180,7 +225,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, - /* If OPTIONAL, assume this is OK */ - if (opt) - return -1; -- ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_MSTRING_NOT_UNIVERSAL); -+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MSTRING_NOT_UNIVERSAL); - goto err; - } - /* Check tag matches bit map */ -@@ -188,7 +233,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, - /* If OPTIONAL, assume this is OK */ - if (opt) - return -1; -- ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_MSTRING_WRONG_TAG); -+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MSTRING_WRONG_TAG); - goto err; - } - return asn1_d2i_ex_primitive(pval, in, len, it, otag, 0, 0, ctx); -@@ -198,6 +243,66 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, - ef = it->funcs; - return ef->asn1_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx); - -+ case ASN1_ITYPE_COMPAT: -+ /* we must resort to old style evil hackery */ -+ cf = it->funcs; -+ -+ /* If OPTIONAL see if it is there */ -+ if (opt) { -+ int exptag; -+ p = *in; -+ if (tag == -1) -+ exptag = it->utype; -+ else -+ exptag = tag; -+ /* -+ * Don't care about anything other than presence of expected tag -+ */ -+ -+ ret = asn1_check_tlen(NULL, NULL, NULL, NULL, NULL, -+ &p, len, exptag, aclass, 1, ctx); -+ if (!ret) { -+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); -+ goto err; -+ } -+ if (ret == -1) -+ return -1; -+ } -+ -+ /* -+ * This is the old style evil hack IMPLICIT handling: since the -+ * underlying code is expecting a tag and class other than the one -+ * present we change the buffer temporarily then change it back -+ * afterwards. This doesn't and never did work for tags > 30. Yes -+ * this is *horrible* but it is only needed for old style d2i which -+ * will hopefully not be around for much longer. FIXME: should copy -+ * the buffer then modify it so the input buffer can be const: we -+ * should *always* copy because the old style d2i might modify the -+ * buffer. -+ */ -+ -+ if (tag != -1) { -+ wp = *(unsigned char **)in; -+ imphack = *wp; -+ if (p == NULL) { -+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); -+ goto err; -+ } -+ *wp = (unsigned char)((*p & V_ASN1_CONSTRUCTED) -+ | it->utype); -+ } -+ -+ ptmpval = cf->asn1_d2i(pval, in, len); -+ -+ if (tag != -1) -+ *wp = imphack; -+ -+ if (ptmpval) -+ return 1; -+ -+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); -+ goto err; -+ - case ASN1_ITYPE_CHOICE: - if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) - goto auxerr; -@@ -207,11 +312,11 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, - if ((i >= 0) && (i < it->tcount)) { - tt = it->templates + i; - pchptr = asn1_get_field_ptr(pval, tt); -- asn1_template_free(pchptr, tt); -+ ASN1_template_free(pchptr, tt); - asn1_set_choice_selector(pval, -1, it); - } - } else if (!ASN1_item_ex_new(pval, it)) { -- ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ERR_R_NESTED_ASN1_ERROR); -+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); - goto err; - } - /* CHOICE type, try each possibility in turn */ -@@ -228,13 +333,9 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, - /* If positive return, read OK, break loop */ - if (ret > 0) - break; -- /* -- * Must be an ASN1 parsing error. -- * Free up any partial choice value -- */ -- asn1_template_free(pchptr, tt); -+ /* Otherwise must be an ASN1 parsing error */ - errtt = tt; -- ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ERR_R_NESTED_ASN1_ERROR); -+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); - goto err; - } - -@@ -246,12 +347,11 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, - ASN1_item_ex_free(pval, it); - return -1; - } -- ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_NO_MATCHING_CHOICE_TYPE); -+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_NO_MATCHING_CHOICE_TYPE); - goto err; - } - - asn1_set_choice_selector(pval, i, it); -- - if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL)) - goto auxerr; - *in = p; -@@ -271,7 +371,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, - ret = asn1_check_tlen(&len, NULL, NULL, &seq_eoc, &cst, - &p, len, tag, aclass, opt, ctx); - if (!ret) { -- ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ERR_R_NESTED_ASN1_ERROR); -+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); - goto err; - } else if (ret == -1) - return -1; -@@ -283,12 +383,12 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, - else - seq_nolen = seq_eoc; - if (!cst) { -- ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_SEQUENCE_NOT_CONSTRUCTED); -+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_SEQUENCE_NOT_CONSTRUCTED); - goto err; - } - - if (!*pval && !ASN1_item_ex_new(pval, it)) { -- ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ERR_R_NESTED_ASN1_ERROR); -+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); - goto err; - } - -@@ -304,7 +404,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, - if (seqtt == NULL) - continue; - pseqval = asn1_get_field_ptr(pval, seqtt); -- asn1_template_free(pseqval, seqtt); -+ ASN1_template_free(pseqval, seqtt); - } - } - -@@ -322,7 +422,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, - q = p; - if (asn1_check_eoc(&p, len)) { - if (!seq_eoc) { -- ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_UNEXPECTED_EOC); -+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_UNEXPECTED_EOC); - goto err; - } - len -= p - q; -@@ -352,7 +452,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, - /* - * OPTIONAL component absent. Free and zero the field. - */ -- asn1_template_free(pseqval, seqtt); -+ ASN1_template_free(pseqval, seqtt); - continue; - } - /* Update length */ -@@ -361,12 +461,12 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, - - /* Check for EOC if expecting one */ - if (seq_eoc && !asn1_check_eoc(&p, len)) { -- ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_MISSING_EOC); -+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MISSING_EOC); - goto err; - } - /* Check all data read */ - if (!seq_nolen && len) { -- ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_SEQUENCE_LENGTH_MISMATCH); -+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_SEQUENCE_LENGTH_MISMATCH); - goto err; - } - -@@ -383,10 +483,10 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, - if (seqtt->flags & ASN1_TFLG_OPTIONAL) { - ASN1_VALUE **pseqval; - pseqval = asn1_get_field_ptr(pval, seqtt); -- asn1_template_free(pseqval, seqtt); -+ ASN1_template_free(pseqval, seqtt); - } else { - errtt = seqtt; -- ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_FIELD_MISSING); -+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_FIELD_MISSING); - goto err; - } - } -@@ -402,8 +502,10 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, - return 0; - } - auxerr: -- ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_AUX_ERROR); -+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR); - err: -+ if (combine == 0) -+ ASN1_item_ex_free(pval, it); - if (errtt) - ERR_add_error_data(4, "Field=", errtt->field_name, - ", Type=", it->sname); -@@ -485,6 +587,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val, - return 1; - - err: -+ ASN1_template_free(val, tt); - return 0; - } - -@@ -495,7 +598,6 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, - { - int flags, aclass; - int ret; -- ASN1_VALUE *tval; - const unsigned char *p, *q; - if (!val) - return 0; -@@ -505,15 +607,6 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, - p = *in; - q = p; - -- /* -- * If field is embedded then val needs fixing so it is a pointer to -- * a pointer to a field. -- */ -- if (tt->flags & ASN1_TFLG_EMBED) { -- tval = (ASN1_VALUE *)val; -- val = &tval; -- } -- - if (flags & ASN1_TFLG_SK_MASK) { - /* SET OF, SEQUENCE OF */ - int sktag, skaclass; -@@ -538,7 +631,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, - } else if (ret == -1) - return -1; - if (!*val) -- *val = (ASN1_VALUE *)OPENSSL_sk_new_null(); -+ *val = (ASN1_VALUE *)sk_new_null(); - else { - /* - * We've got a valid STACK: free up any items present -@@ -572,18 +665,15 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, - break; - } - skfield = NULL; -- if (!asn1_item_embed_d2i(&skfield, &p, len, -- ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx)) { -+ if (!ASN1_item_ex_d2i(&skfield, &p, len, -+ ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx)) { - ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, - ERR_R_NESTED_ASN1_ERROR); -- /* |skfield| may be partially allocated despite failure. */ -- ASN1_item_free(skfield, ASN1_ITEM_ptr(tt->item)); - goto err; - } - len -= p - q; - if (!sk_ASN1_VALUE_push((STACK_OF(ASN1_VALUE) *)*val, skfield)) { - ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_MALLOC_FAILURE); -- ASN1_item_free(skfield, ASN1_ITEM_ptr(tt->item)); - goto err; - } - } -@@ -593,9 +683,9 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, - } - } else if (flags & ASN1_TFLG_IMPTAG) { - /* IMPLICIT tagging */ -- ret = asn1_item_embed_d2i(val, &p, len, -- ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, -- ctx); -+ ret = ASN1_item_ex_d2i(val, &p, len, -+ ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, -+ ctx); - if (!ret) { - ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); - goto err; -@@ -603,8 +693,8 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, - return -1; - } else { - /* Nothing special */ -- ret = asn1_item_embed_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), -- -1, 0, opt, ctx); -+ ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), -+ -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx); - if (!ret) { - ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); - goto err; -@@ -616,6 +706,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, - return 1; - - err: -+ ASN1_template_free(val, tt); - return 0; - } - -@@ -628,7 +719,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, - long plen; - char cst, inf, free_cont = 0; - const unsigned char *p; -- BUF_MEM buf = { 0, NULL, 0, 0 }; -+ BUF_MEM buf = { 0, NULL, 0 }; - const unsigned char *cont = NULL; - long len; - if (!pval) { -@@ -683,7 +774,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, - || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) { - /* - * Clear context cache for type OTHER because the auto clear when we -- * have a exact match won't work -+ * have a exact match wont work - */ - if (utype == V_ASN1_OTHER) { - asn1_tlc_clear(ctx); -@@ -746,15 +837,15 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, - *in = p; - ret = 1; - err: -- if (free_cont) -+ if (free_cont && buf.data) - OPENSSL_free(buf.data); - return ret; - } - - /* Translate ASN1 content octets into a structure */ - --static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, -- int utype, char *free_cont, const ASN1_ITEM *it) -+int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, -+ int utype, char *free_cont, const ASN1_ITEM *it) - { - ASN1_VALUE **opval = NULL; - ASN1_STRING *stmp; -@@ -850,7 +941,7 @@ static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, - /* All based on ASN1_STRING and handled the same */ - if (!*pval) { - stmp = ASN1_STRING_type_new(utype); -- if (stmp == NULL) { -+ if (!stmp) { - ASN1err(ASN1_F_ASN1_EX_C2I, ERR_R_MALLOC_FAILURE); - goto err; - } -@@ -861,7 +952,8 @@ static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, - } - /* If we've already allocated a buffer use it */ - if (*free_cont) { -- OPENSSL_free(stmp->data); -+ if (stmp->data) -+ OPENSSL_free(stmp->data); - stmp->data = (unsigned char *)cont; /* UGLY CAST! RL */ - stmp->length = len; - *free_cont = 0; -@@ -898,7 +990,7 @@ static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, - - static int asn1_find_end(const unsigned char **in, long len, char inf) - { -- uint32_t expected_eoc; -+ int expected_eoc; - long plen; - const unsigned char *p = *in, *q; - /* If not indefinite length constructed just add length */ -@@ -928,15 +1020,10 @@ static int asn1_find_end(const unsigned char **in, long len, char inf) - ASN1err(ASN1_F_ASN1_FIND_END, ERR_R_NESTED_ASN1_ERROR); - return 0; - } -- if (inf) { -- if (expected_eoc == UINT32_MAX) { -- ASN1err(ASN1_F_ASN1_FIND_END, ERR_R_NESTED_ASN1_ERROR); -- return 0; -- } -+ if (inf) - expected_eoc++; -- } else { -+ else - p += plen; -- } - len -= p - q; - } - if (expected_eoc) { -@@ -948,7 +1035,7 @@ static int asn1_find_end(const unsigned char **in, long len, char inf) - } - - /* -- * This function collects the asn1 data from a constructed string type into -+ * This function collects the asn1 data from a constructred string type into - * a buffer. The values of 'in' and 'len' should refer to the contents of the - * constructed type and 'inf' should be set if it is indefinite length. - */ -diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c -index caa4869..081a9d5 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c -@@ -1,20 +1,69 @@ -+/* tasn_enc.c */ - /* -- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2000. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include - #include --#include "internal/cryptlib.h" -+#include -+#include "cryptlib.h" - #include - #include - #include --#include "internal/asn1_int.h" --#include "asn1_locl.h" - - static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, - const ASN1_ITEM *it, int tag, int aclass); -@@ -25,8 +74,6 @@ static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out, - const ASN1_TEMPLATE *tt, int tag, int aclass); - static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out, - const ASN1_ITEM *it, int flags); --static int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, -- const ASN1_ITEM *it); - - /* - * Top level i2d equivalents: the 'ndef' variant instructs the encoder to use -@@ -61,7 +108,7 @@ static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out, - if (len <= 0) - return len; - buf = OPENSSL_malloc(len); -- if (buf == NULL) -+ if (!buf) - return -1; - p = buf; - ASN1_item_ex_i2d(&val, &p, it, -1, flags); -@@ -81,7 +128,9 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, - const ASN1_ITEM *it, int tag, int aclass) - { - const ASN1_TEMPLATE *tt = NULL; -+ unsigned char *p = NULL; - int i, seqcontlen, seqlen, ndef = 1; -+ const ASN1_COMPAT_FUNCS *cf; - const ASN1_EXTERN_FUNCS *ef; - const ASN1_AUX *aux = it->funcs; - ASN1_aux_cb *asn1_cb = 0; -@@ -99,6 +148,7 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, - return asn1_template_ex_i2d(pval, out, it->templates, - tag, aclass); - return asn1_i2d_ex_primitive(pval, out, it, tag, aclass); -+ break; - - case ASN1_ITYPE_MSTRING: - return asn1_i2d_ex_primitive(pval, out, it, -1, aclass); -@@ -124,6 +174,20 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, - ef = it->funcs; - return ef->asn1_ex_i2d(pval, out, it, tag, aclass); - -+ case ASN1_ITYPE_COMPAT: -+ /* old style hackery... */ -+ cf = it->funcs; -+ if (out) -+ p = *out; -+ i = cf->asn1_i2d(*pval, out); -+ /* -+ * Fixup for IMPLICIT tag: note this messes up for tags > 30, but so -+ * did the old code. Tags > 30 are very rare anyway. -+ */ -+ if (out && (tag != -1)) -+ *p = aclass | tag | (*p & V_ASN1_CONSTRUCTED); -+ return i; -+ - case ASN1_ITYPE_NDEF_SEQUENCE: - /* Use indefinite length constructed if requested */ - if (aclass & ASN1_TFLG_NDEF) -@@ -192,21 +256,17 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, - return 0; - } - -+int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, -+ const ASN1_TEMPLATE *tt) -+{ -+ return asn1_template_ex_i2d(pval, out, tt, -1, 0); -+} -+ - static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out, - const ASN1_TEMPLATE *tt, int tag, int iclass) - { - int i, ret, flags, ttag, tclass, ndef; -- ASN1_VALUE *tval; - flags = tt->flags; -- -- /* -- * If field is embedded then val needs fixing so it is a pointer to -- * a pointer to a field. -- */ -- if (flags & ASN1_TFLG_EMBED) { -- tval = (ASN1_VALUE *)pval; -- pval = &tval; -- } - /* - * Work out tag and class to use: tagging may come either from the - * template or the arguments, not both because this would create -@@ -380,10 +440,10 @@ static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out, - else { - derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk) - * sizeof(*derlst)); -- if (derlst == NULL) -+ if (!derlst) - return 0; - tmpdat = OPENSSL_malloc(skcontlen); -- if (tmpdat == NULL) { -+ if (!tmpdat) { - OPENSSL_free(derlst); - return 0; - } -@@ -486,8 +546,8 @@ static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, - - /* Produce content octets from a structure */ - --static int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, -- const ASN1_ITEM *it) -+int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, -+ const ASN1_ITEM *it) - { - ASN1_BOOLEAN *tbool = NULL; - ASN1_STRING *strtmp; -@@ -556,6 +616,7 @@ static int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, - case V_ASN1_BIT_STRING: - return i2c_ASN1_BIT_STRING((ASN1_BIT_STRING *)*pval, - cout ? &cout : NULL); -+ break; - - case V_ASN1_INTEGER: - case V_ASN1_ENUMERATED: -@@ -563,6 +624,7 @@ static int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, - * These are all have the same content format as ASN1_INTEGER - */ - return i2c_ASN1_INTEGER((ASN1_INTEGER *)*pval, cout ? &cout : NULL); -+ break; - - case V_ASN1_OCTET_STRING: - case V_ASN1_NUMERICSTRING: -diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c -index 3c98efb..aeea4ef 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c -@@ -1,42 +1,91 @@ -+/* tasn_fre.c */ - /* -- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2000. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include - #include - #include - #include --#include "asn1_locl.h" - --static void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, -- int embed); -+static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, -+ int combine); - - /* Free up an ASN1 structure */ - - void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it) - { -- asn1_item_embed_free(&val, it, 0); -+ asn1_item_combine_free(&val, it, 0); - } - - void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it) - { -- asn1_item_embed_free(pval, it, 0); -+ asn1_item_combine_free(pval, it, 0); - } - --static void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, -- int embed) -+static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, -+ int combine) - { - const ASN1_TEMPLATE *tt = NULL, *seqtt; - const ASN1_EXTERN_FUNCS *ef; -+ const ASN1_COMPAT_FUNCS *cf; - const ASN1_AUX *aux = it->funcs; - ASN1_aux_cb *asn1_cb; - int i; -- - if (!pval) - return; - if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval) -@@ -50,13 +99,13 @@ static void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, - - case ASN1_ITYPE_PRIMITIVE: - if (it->templates) -- asn1_template_free(pval, it->templates); -+ ASN1_template_free(pval, it->templates); - else -- asn1_primitive_free(pval, it, embed); -+ ASN1_primitive_free(pval, it); - break; - - case ASN1_ITYPE_MSTRING: -- asn1_primitive_free(pval, it, embed); -+ ASN1_primitive_free(pval, it); - break; - - case ASN1_ITYPE_CHOICE: -@@ -68,19 +117,24 @@ static void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, - i = asn1_get_choice_selector(pval, it); - if ((i >= 0) && (i < it->tcount)) { - ASN1_VALUE **pchval; -- - tt = it->templates + i; - pchval = asn1_get_field_ptr(pval, tt); -- asn1_template_free(pchval, tt); -+ ASN1_template_free(pchval, tt); - } - if (asn1_cb) - asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL); -- if (embed == 0) { -+ if (!combine) { - OPENSSL_free(*pval); - *pval = NULL; - } - break; - -+ case ASN1_ITYPE_COMPAT: -+ cf = it->funcs; -+ if (cf && cf->asn1_free) -+ cf->asn1_free(*pval); -+ break; -+ - case ASN1_ITYPE_EXTERN: - ef = it->funcs; - if (ef && ef->asn1_ex_free) -@@ -89,7 +143,7 @@ static void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, - - case ASN1_ITYPE_NDEF_SEQUENCE: - case ASN1_ITYPE_SEQUENCE: -- if (asn1_do_lock(pval, -1, it) != 0) /* if error or ref-counter > 0 */ -+ if (asn1_do_lock(pval, -1, it) > 0) - return; - if (asn1_cb) { - i = asn1_cb(ASN1_OP_FREE_PRE, pval, it, NULL); -@@ -99,23 +153,21 @@ static void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, - asn1_enc_free(pval, it); - /* - * If we free up as normal we will invalidate any ANY DEFINED BY -- * field and we won't be able to determine the type of the field it -+ * field and we wont be able to determine the type of the field it - * defines. So free up in reverse order. - */ -- tt = it->templates + it->tcount; -- for (i = 0; i < it->tcount; i++) { -+ tt = it->templates + it->tcount - 1; -+ for (i = 0; i < it->tcount; tt--, i++) { - ASN1_VALUE **pseqval; -- -- tt--; - seqtt = asn1_do_adb(pval, tt, 0); - if (!seqtt) - continue; - pseqval = asn1_get_field_ptr(pval, seqtt); -- asn1_template_free(pseqval, seqtt); -+ ASN1_template_free(pseqval, seqtt); - } - if (asn1_cb) - asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL); -- if (embed == 0) { -+ if (!combine) { - OPENSSL_free(*pval); - *pval = NULL; - } -@@ -123,48 +175,37 @@ static void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, - } - } - --void asn1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) -+void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) - { -- int embed = tt->flags & ASN1_TFLG_EMBED; -- ASN1_VALUE *tval; -- if (embed) { -- tval = (ASN1_VALUE *)pval; -- pval = &tval; -- } -+ int i; - if (tt->flags & ASN1_TFLG_SK_MASK) { - STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval; -- int i; -- - for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) { -- ASN1_VALUE *vtmp = sk_ASN1_VALUE_value(sk, i); -- -- asn1_item_embed_free(&vtmp, ASN1_ITEM_ptr(tt->item), embed); -+ ASN1_VALUE *vtmp; -+ vtmp = sk_ASN1_VALUE_value(sk, i); -+ asn1_item_combine_free(&vtmp, ASN1_ITEM_ptr(tt->item), 0); - } - sk_ASN1_VALUE_free(sk); - *pval = NULL; -- } else { -- asn1_item_embed_free(pval, ASN1_ITEM_ptr(tt->item), embed); -- } -+ } else -+ asn1_item_combine_free(pval, ASN1_ITEM_ptr(tt->item), -+ tt->flags & ASN1_TFLG_COMBINE); - } - --void asn1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) -+void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it) - { - int utype; -- -- /* Special case: if 'it' is a primitive with a free_func, use that. */ - if (it) { -- const ASN1_PRIMITIVE_FUNCS *pf = it->funcs; -- -+ const ASN1_PRIMITIVE_FUNCS *pf; -+ pf = it->funcs; - if (pf && pf->prim_free) { - pf->prim_free(pval, it); - return; - } - } -- -- /* Special case: if 'it' is NULL, free contents of ASN1_TYPE */ -+ /* Special case: if 'it' is NULL free contents of ASN1_TYPE */ - if (!it) { - ASN1_TYPE *typ = (ASN1_TYPE *)*pval; -- - utype = typ->type; - pval = &typ->value.asn1_value; - if (!*pval) -@@ -195,12 +236,13 @@ void asn1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) - break; - - case V_ASN1_ANY: -- asn1_primitive_free(pval, NULL, 0); -+ ASN1_primitive_free(pval, NULL); - OPENSSL_free(*pval); - break; - - default: -- asn1_string_embed_free((ASN1_STRING *)*pval, embed); -+ ASN1_STRING_free((ASN1_STRING *)*pval); -+ *pval = NULL; - break; - } - *pval = NULL; -diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_new.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_new.c -index e9b8377..b0c73be 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/tasn_new.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/tasn_new.c -@@ -1,10 +1,60 @@ -+/* tasn_new.c */ - /* -- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2000. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include -@@ -13,14 +63,10 @@ - #include - #include - #include --#include "asn1_locl.h" - --static int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, -- int embed); --static int asn1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it, -- int embed); -+static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, -+ int combine); - static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it); --static int asn1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); - static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); - static void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it); - -@@ -36,12 +82,14 @@ ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it) - - int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it) - { -- return asn1_item_embed_new(pval, it, 0); -+ return asn1_item_ex_combine_new(pval, it, 0); - } - --int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) -+static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, -+ int combine) - { - const ASN1_TEMPLATE *tt = NULL; -+ const ASN1_COMPAT_FUNCS *cf; - const ASN1_EXTERN_FUNCS *ef; - const ASN1_AUX *aux = it->funcs; - ASN1_aux_cb *asn1_cb; -@@ -52,8 +100,9 @@ int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) - else - asn1_cb = 0; - --#ifndef OPENSSL_NO_CRYPTO_MDEBUG -- OPENSSL_mem_debug_push(it->sname ? it->sname : "asn1_item_embed_new"); -+#ifdef CRYPTO_MDEBUG -+ if (it->sname) -+ CRYPTO_push_info(it->sname); - #endif - - switch (it->itype) { -@@ -66,16 +115,25 @@ int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) - } - break; - -+ case ASN1_ITYPE_COMPAT: -+ cf = it->funcs; -+ if (cf && cf->asn1_new) { -+ *pval = cf->asn1_new(); -+ if (!*pval) -+ goto memerr; -+ } -+ break; -+ - case ASN1_ITYPE_PRIMITIVE: - if (it->templates) { -- if (!asn1_template_new(pval, it->templates)) -+ if (!ASN1_template_new(pval, it->templates)) - goto memerr; -- } else if (!asn1_primitive_new(pval, it, embed)) -+ } else if (!ASN1_primitive_new(pval, it)) - goto memerr; - break; - - case ASN1_ITYPE_MSTRING: -- if (!asn1_primitive_new(pval, it, embed)) -+ if (!ASN1_primitive_new(pval, it)) - goto memerr; - break; - -@@ -85,22 +143,22 @@ int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) - if (!i) - goto auxerr; - if (i == 2) { --#ifndef OPENSSL_NO_CRYPTO_MDEBUG -- OPENSSL_mem_debug_pop(); -+#ifdef CRYPTO_MDEBUG -+ if (it->sname) -+ CRYPTO_pop_info(); - #endif - return 1; - } - } -- if (embed) { -- memset(*pval, 0, it->size); -- } else { -- *pval = OPENSSL_zalloc(it->size); -- if (*pval == NULL) -+ if (!combine) { -+ *pval = OPENSSL_malloc(it->size); -+ if (!*pval) - goto memerr; -+ memset(*pval, 0, it->size); - } - asn1_set_choice_selector(pval, -1, it); - if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL)) -- goto auxerr2; -+ goto auxerr; - break; - - case ASN1_ITYPE_NDEF_SEQUENCE: -@@ -110,52 +168,50 @@ int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) - if (!i) - goto auxerr; - if (i == 2) { --#ifndef OPENSSL_NO_CRYPTO_MDEBUG -- OPENSSL_mem_debug_pop(); -+#ifdef CRYPTO_MDEBUG -+ if (it->sname) -+ CRYPTO_pop_info(); - #endif - return 1; - } - } -- if (embed) { -- memset(*pval, 0, it->size); -- } else { -- *pval = OPENSSL_zalloc(it->size); -- if (*pval == NULL) -+ if (!combine) { -+ *pval = OPENSSL_malloc(it->size); -+ if (!*pval) - goto memerr; -+ memset(*pval, 0, it->size); -+ asn1_do_lock(pval, 0, it); -+ asn1_enc_init(pval, it); - } -- /* 0 : init. lock */ -- if (asn1_do_lock(pval, 0, it) < 0) -- goto memerr2; -- asn1_enc_init(pval, it); - for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) { - pseqval = asn1_get_field_ptr(pval, tt); -- if (!asn1_template_new(pseqval, tt)) -- goto memerr2; -+ if (!ASN1_template_new(pseqval, tt)) -+ goto memerr; - } - if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL)) -- goto auxerr2; -+ goto auxerr; - break; - } --#ifndef OPENSSL_NO_CRYPTO_MDEBUG -- OPENSSL_mem_debug_pop(); -+#ifdef CRYPTO_MDEBUG -+ if (it->sname) -+ CRYPTO_pop_info(); - #endif - return 1; - -- memerr2: -- ASN1_item_ex_free(pval, it); - memerr: -- ASN1err(ASN1_F_ASN1_ITEM_EMBED_NEW, ERR_R_MALLOC_FAILURE); --#ifndef OPENSSL_NO_CRYPTO_MDEBUG -- OPENSSL_mem_debug_pop(); -+ ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ERR_R_MALLOC_FAILURE); -+#ifdef CRYPTO_MDEBUG -+ if (it->sname) -+ CRYPTO_pop_info(); - #endif - return 0; - -- auxerr2: -- ASN1_item_ex_free(pval, it); - auxerr: -- ASN1err(ASN1_F_ASN1_ITEM_EMBED_NEW, ASN1_R_AUX_ERROR); --#ifndef OPENSSL_NO_CRYPTO_MDEBUG -- OPENSSL_mem_debug_pop(); -+ ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ASN1_R_AUX_ERROR); -+ ASN1_item_ex_free(pval, it); -+#ifdef CRYPTO_MDEBUG -+ if (it->sname) -+ CRYPTO_pop_info(); - #endif - return 0; - -@@ -186,6 +242,7 @@ static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it) - asn1_primitive_clear(pval, it); - break; - -+ case ASN1_ITYPE_COMPAT: - case ASN1_ITYPE_CHOICE: - case ASN1_ITYPE_SEQUENCE: - case ASN1_ITYPE_NDEF_SEQUENCE: -@@ -194,16 +251,10 @@ static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it) - } - } - --static int asn1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) -+int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) - { - const ASN1_ITEM *it = ASN1_ITEM_ptr(tt->item); -- int embed = tt->flags & ASN1_TFLG_EMBED; -- ASN1_VALUE *tval; - int ret; -- if (embed) { -- tval = (ASN1_VALUE *)pval; -- pval = &tval; -- } - if (tt->flags & ASN1_TFLG_OPTIONAL) { - asn1_template_clear(pval, tt); - return 1; -@@ -214,9 +265,9 @@ static int asn1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) - *pval = NULL; - return 1; - } --#ifndef OPENSSL_NO_CRYPTO_MDEBUG -- OPENSSL_mem_debug_push(tt->field_name -- ? tt->field_name : "asn1_template_new"); -+#ifdef CRYPTO_MDEBUG -+ if (tt->field_name) -+ CRYPTO_push_info(tt->field_name); - #endif - /* If SET OF or SEQUENCE OF, its a STACK */ - if (tt->flags & ASN1_TFLG_SK_MASK) { -@@ -232,10 +283,11 @@ static int asn1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) - goto done; - } - /* Otherwise pass it back to the item routine */ -- ret = asn1_item_embed_new(pval, it, embed); -+ ret = asn1_item_ex_combine_new(pval, it, tt->flags & ASN1_TFLG_COMBINE); - done: --#ifndef OPENSSL_NO_CRYPTO_MDEBUG -- OPENSSL_mem_debug_pop(); -+#ifdef CRYPTO_MDEBUG -+ if (it->sname) -+ CRYPTO_pop_info(); - #endif - return ret; - } -@@ -254,8 +306,7 @@ static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) - * all the old functions. - */ - --static int asn1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it, -- int embed) -+int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it) - { - ASN1_TYPE *typ; - ASN1_STRING *str; -@@ -288,8 +339,8 @@ static int asn1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it, - return 1; - - case V_ASN1_ANY: -- typ = OPENSSL_malloc(sizeof(*typ)); -- if (typ == NULL) -+ typ = OPENSSL_malloc(sizeof(ASN1_TYPE)); -+ if (!typ) - return 0; - typ->value.ptr = NULL; - typ->type = -1; -@@ -297,17 +348,10 @@ static int asn1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it, - break; - - default: -- if (embed) { -- str = *(ASN1_STRING **)pval; -- memset(str, 0, sizeof(*str)); -- str->type = utype; -- str->flags = ASN1_STRING_FLAG_EMBED; -- } else { -- str = ASN1_STRING_type_new(utype); -- *pval = (ASN1_VALUE *)str; -- } -+ str = ASN1_STRING_type_new(utype); - if (it->itype == ASN1_ITYPE_MSTRING && str) - str->flags |= ASN1_STRING_FLAG_MSTRING; -+ *pval = (ASN1_VALUE *)str; - break; - } - if (*pval) -diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_prn.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_prn.c -index f53e905..f628cad 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/tasn_prn.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/tasn_prn.c -@@ -1,21 +1,70 @@ -+/* tasn_prn.c */ - /* -- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2000. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2000,2005 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include - #include - #include - #include --#include "internal/asn1_int.h" - #include "asn1_locl.h" - - /* -@@ -24,7 +73,7 @@ - - /* ASN1_PCTX routines */ - --static ASN1_PCTX default_pctx = { -+ASN1_PCTX default_pctx = { - ASN1_PCTX_FLAGS_SHOW_ABSENT, /* flags */ - 0, /* nm_flags */ - 0, /* cert_flags */ -@@ -35,12 +84,16 @@ static ASN1_PCTX default_pctx = { - ASN1_PCTX *ASN1_PCTX_new(void) - { - ASN1_PCTX *ret; -- -- ret = OPENSSL_zalloc(sizeof(*ret)); -+ ret = OPENSSL_malloc(sizeof(ASN1_PCTX)); - if (ret == NULL) { - ASN1err(ASN1_F_ASN1_PCTX_NEW, ERR_R_MALLOC_FAILURE); - return NULL; - } -+ ret->flags = 0; -+ ret->nm_flags = 0; -+ ret->cert_flags = 0; -+ ret->oid_flags = 0; -+ ret->str_flags = 0; - return ret; - } - -@@ -49,7 +102,7 @@ void ASN1_PCTX_free(ASN1_PCTX *p) - OPENSSL_free(p); - } - --unsigned long ASN1_PCTX_get_flags(const ASN1_PCTX *p) -+unsigned long ASN1_PCTX_get_flags(ASN1_PCTX *p) - { - return p->flags; - } -@@ -59,7 +112,7 @@ void ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags) - p->flags = flags; - } - --unsigned long ASN1_PCTX_get_nm_flags(const ASN1_PCTX *p) -+unsigned long ASN1_PCTX_get_nm_flags(ASN1_PCTX *p) - { - return p->nm_flags; - } -@@ -69,7 +122,7 @@ void ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags) - p->nm_flags = flags; - } - --unsigned long ASN1_PCTX_get_cert_flags(const ASN1_PCTX *p) -+unsigned long ASN1_PCTX_get_cert_flags(ASN1_PCTX *p) - { - return p->cert_flags; - } -@@ -79,7 +132,7 @@ void ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags) - p->cert_flags = flags; - } - --unsigned long ASN1_PCTX_get_oid_flags(const ASN1_PCTX *p) -+unsigned long ASN1_PCTX_get_oid_flags(ASN1_PCTX *p) - { - return p->oid_flags; - } -@@ -89,7 +142,7 @@ void ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags) - p->oid_flags = flags; - } - --unsigned long ASN1_PCTX_get_str_flags(const ASN1_PCTX *p) -+unsigned long ASN1_PCTX_get_str_flags(ASN1_PCTX *p) - { - return p->str_flags; - } -@@ -106,7 +159,7 @@ static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, - const char *fname, const char *sname, - int nohdr, const ASN1_PCTX *pctx); - --static int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, -+int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, - const ASN1_TEMPLATE *tt, const ASN1_PCTX *pctx); - - static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld, -@@ -170,7 +223,7 @@ static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, - return 0; - break; - } -- /* fall through */ -+ /* fall thru */ - case ASN1_ITYPE_MSTRING: - if (!asn1_primitive_print(out, fld, it, indent, fname, sname, pctx)) - return 0; -@@ -194,6 +247,10 @@ static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, - break; - - case ASN1_ITYPE_CHOICE: -+#if 0 -+ if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx)) -+ return 0; -+#endif - /* CHOICE type, get selector */ - i = asn1_get_choice_selector(fld, it); - /* This should never happen... */ -@@ -261,12 +318,11 @@ static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, - return 1; - } - --static int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, -+int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, - const ASN1_TEMPLATE *tt, const ASN1_PCTX *pctx) - { - int i, flags; - const char *sname, *fname; -- ASN1_VALUE *tfld; - flags = tt->flags; - if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME) - sname = ASN1_ITEM_ptr(tt->item)->sname; -@@ -276,16 +332,6 @@ static int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, - fname = NULL; - else - fname = tt->field_name; -- -- /* -- * If field is embedded then fld needs fixing so it is a pointer to -- * a pointer to a field. -- */ -- if (flags & ASN1_TFLG_EMBED) { -- tfld = (ASN1_VALUE *)fld; -- fld = &tfld; -- } -- - if (flags & ASN1_TFLG_SK_MASK) { - char *tname; - ASN1_VALUE *skitem; -@@ -331,8 +377,13 @@ static int asn1_print_fsname(BIO *out, int indent, - const char *fname, const char *sname, - const ASN1_PCTX *pctx) - { -- static const char spaces[] = " "; -- static const int nspaces = sizeof(spaces) - 1; -+ static char spaces[] = " "; -+ const int nspaces = sizeof(spaces) - 1; -+ -+#if 0 -+ if (!sname && !fname) -+ return 1; -+#endif - - while (indent > nspaces) { - if (BIO_write(out, spaces, nspaces) != nspaces) -@@ -365,7 +416,8 @@ static int asn1_print_fsname(BIO *out, int indent, - return 1; - } - --static int asn1_print_boolean(BIO *out, int boolval) -+static int asn1_print_boolean_ctx(BIO *out, int boolval, -+ const ASN1_PCTX *pctx) - { - const char *str; - switch (boolval) { -@@ -389,7 +441,8 @@ static int asn1_print_boolean(BIO *out, int boolval) - - } - --static int asn1_print_integer(BIO *out, const ASN1_INTEGER *str) -+static int asn1_print_integer_ctx(BIO *out, ASN1_INTEGER *str, -+ const ASN1_PCTX *pctx) - { - char *s; - int ret = 1; -@@ -402,7 +455,8 @@ static int asn1_print_integer(BIO *out, const ASN1_INTEGER *str) - return ret; - } - --static int asn1_print_oid(BIO *out, const ASN1_OBJECT *oid) -+static int asn1_print_oid_ctx(BIO *out, const ASN1_OBJECT *oid, -+ const ASN1_PCTX *pctx) - { - char objbuf[80]; - const char *ln; -@@ -415,7 +469,8 @@ static int asn1_print_oid(BIO *out, const ASN1_OBJECT *oid) - return 1; - } - --static int asn1_print_obstring(BIO *out, const ASN1_STRING *str, int indent) -+static int asn1_print_obstring_ctx(BIO *out, ASN1_STRING *str, int indent, -+ const ASN1_PCTX *pctx) - { - if (str->type == V_ASN1_BIT_STRING) { - if (BIO_printf(out, " (%ld unused bits)\n", str->flags & 0x7) <= 0) -@@ -423,7 +478,7 @@ static int asn1_print_obstring(BIO *out, const ASN1_STRING *str, int indent) - } else if (BIO_puts(out, "\n") <= 0) - return 0; - if ((str->length > 0) -- && BIO_dump_indent(out, (const char *)str->data, str->length, -+ && BIO_dump_indent(out, (char *)str->data, str->length, - indent + 2) <= 0) - return 0; - return 1; -@@ -489,13 +544,13 @@ static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld, - int boolval = *(int *)fld; - if (boolval == -1) - boolval = it->size; -- ret = asn1_print_boolean(out, boolval); -+ ret = asn1_print_boolean_ctx(out, boolval, pctx); - } - break; - - case V_ASN1_INTEGER: - case V_ASN1_ENUMERATED: -- ret = asn1_print_integer(out, str); -+ ret = asn1_print_integer_ctx(out, str, pctx); - break; - - case V_ASN1_UTCTIME: -@@ -507,12 +562,12 @@ static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld, - break; - - case V_ASN1_OBJECT: -- ret = asn1_print_oid(out, (const ASN1_OBJECT *)*fld); -+ ret = asn1_print_oid_ctx(out, (const ASN1_OBJECT *)*fld, pctx); - break; - - case V_ASN1_OCTET_STRING: - case V_ASN1_BIT_STRING: -- ret = asn1_print_obstring(out, str, indent); -+ ret = asn1_print_obstring_ctx(out, str, indent, pctx); - needlf = 0; - break; - -diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_scn.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_scn.c -deleted file mode 100644 -index e1df2cf..0000000 ---- a/Cryptlib/OpenSSL/crypto/asn1/tasn_scn.c -+++ /dev/null -@@ -1,65 +0,0 @@ --/* -- * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include --#include "internal/cryptlib.h" --#include --#include --#include --#include --#include --#include --#include "asn1_locl.h" -- --/* -- * General ASN1 structure recursive scanner: iterate through all fields -- * passing details to a callback. -- */ -- --ASN1_SCTX *ASN1_SCTX_new(int (*scan_cb) (ASN1_SCTX *ctx)) --{ -- ASN1_SCTX *ret = OPENSSL_zalloc(sizeof(*ret)); -- -- if (ret == NULL) { -- ASN1err(ASN1_F_ASN1_SCTX_NEW, ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- ret->scan_cb = scan_cb; -- return ret; --} -- --void ASN1_SCTX_free(ASN1_SCTX *p) --{ -- OPENSSL_free(p); --} -- --const ASN1_ITEM *ASN1_SCTX_get_item(ASN1_SCTX *p) --{ -- return p->it; --} -- --const ASN1_TEMPLATE *ASN1_SCTX_get_template(ASN1_SCTX *p) --{ -- return p->tt; --} -- --unsigned long ASN1_SCTX_get_flags(ASN1_SCTX *p) --{ -- return p->flags; --} -- --void ASN1_SCTX_set_app_data(ASN1_SCTX *p, void *data) --{ -- p->app_data = data; --} -- --void *ASN1_SCTX_get_app_data(ASN1_SCTX *p) --{ -- return p->app_data; --} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c -index 98d9879..740e86d 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c -@@ -1,50 +1,115 @@ -+/* tasn_typ.c */ - /* -- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2000. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ -- - #include - #include - #include - - /* Declarations for string types */ - --#define IMPLEMENT_ASN1_STRING_FUNCTIONS(sname) \ -- IMPLEMENT_ASN1_TYPE(sname) \ -- IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(sname, sname, sname) \ --sname *sname##_new(void) \ --{ \ -- return ASN1_STRING_type_new(V_##sname); \ --} \ --void sname##_free(sname *x) \ --{ \ -- ASN1_STRING_free(x); \ --} -- --IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_OCTET_STRING) --IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_INTEGER) --IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_ENUMERATED) --IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_BIT_STRING) --IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_UTF8STRING) --IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_PRINTABLESTRING) --IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_T61STRING) --IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_IA5STRING) --IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_GENERALSTRING) --IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_UTCTIME) --IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_GENERALIZEDTIME) --IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_VISIBLESTRING) --IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_UNIVERSALSTRING) --IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_BMPSTRING) -+ -+IMPLEMENT_ASN1_TYPE(ASN1_INTEGER) -+IMPLEMENT_ASN1_FUNCTIONS(ASN1_INTEGER) -+ -+IMPLEMENT_ASN1_TYPE(ASN1_ENUMERATED) -+IMPLEMENT_ASN1_FUNCTIONS(ASN1_ENUMERATED) -+ -+IMPLEMENT_ASN1_TYPE(ASN1_BIT_STRING) -+IMPLEMENT_ASN1_FUNCTIONS(ASN1_BIT_STRING) -+ -+IMPLEMENT_ASN1_TYPE(ASN1_OCTET_STRING) -+IMPLEMENT_ASN1_FUNCTIONS(ASN1_OCTET_STRING) - - IMPLEMENT_ASN1_TYPE(ASN1_NULL) - IMPLEMENT_ASN1_FUNCTIONS(ASN1_NULL) - - IMPLEMENT_ASN1_TYPE(ASN1_OBJECT) - -+IMPLEMENT_ASN1_TYPE(ASN1_UTF8STRING) -+IMPLEMENT_ASN1_FUNCTIONS(ASN1_UTF8STRING) -+ -+IMPLEMENT_ASN1_TYPE(ASN1_PRINTABLESTRING) -+IMPLEMENT_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING) -+ -+IMPLEMENT_ASN1_TYPE(ASN1_T61STRING) -+IMPLEMENT_ASN1_FUNCTIONS(ASN1_T61STRING) -+ -+IMPLEMENT_ASN1_TYPE(ASN1_IA5STRING) -+IMPLEMENT_ASN1_FUNCTIONS(ASN1_IA5STRING) -+ -+IMPLEMENT_ASN1_TYPE(ASN1_GENERALSTRING) -+IMPLEMENT_ASN1_FUNCTIONS(ASN1_GENERALSTRING) -+ -+IMPLEMENT_ASN1_TYPE(ASN1_UTCTIME) -+IMPLEMENT_ASN1_FUNCTIONS(ASN1_UTCTIME) -+ -+IMPLEMENT_ASN1_TYPE(ASN1_GENERALIZEDTIME) -+IMPLEMENT_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME) -+ -+IMPLEMENT_ASN1_TYPE(ASN1_VISIBLESTRING) -+IMPLEMENT_ASN1_FUNCTIONS(ASN1_VISIBLESTRING) -+ -+IMPLEMENT_ASN1_TYPE(ASN1_UNIVERSALSTRING) -+IMPLEMENT_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING) -+ -+IMPLEMENT_ASN1_TYPE(ASN1_BMPSTRING) -+IMPLEMENT_ASN1_FUNCTIONS(ASN1_BMPSTRING) -+ - IMPLEMENT_ASN1_TYPE(ASN1_ANY) - - /* Just swallow an ASN1_SEQUENCE in an ASN1_STRING */ -diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_utl.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_utl.c -index f79d7d6..e14889f 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/tasn_utl.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/tasn_utl.c -@@ -1,20 +1,68 @@ -+/* tasn_utl.c */ - /* -- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2000. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include - #include --#include - #include - #include - #include - #include --#include "asn1_locl.h" - - /* Utility functions for manipulating fields and offsets */ - -@@ -46,19 +94,16 @@ int asn1_set_choice_selector(ASN1_VALUE **pval, int value, - } - - /* -- * Do atomic reference counting. The value 'op' decides what to do. -- * If it is +1 then the count is incremented. -- * If |op| is 0, lock is initialised and count is set to 1. -- * If |op| is -1, count is decremented and the return value is the current -- * reference count or 0 if no reference count is active. -- * It returns -1 on initialisation error. -- * Used by ASN1_SEQUENCE construct of X509, X509_REQ, X509_CRL objects -+ * Do reference counting. The value 'op' decides what to do. if it is +1 -+ * then the count is incremented. If op is 0 count is set to 1. If op is -1 -+ * count is decremented and the return value is the current refrence count or -+ * 0 if no reference count exists. - */ -+ - int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it) - { - const ASN1_AUX *aux; - int *lck, ret; -- CRYPTO_RWLOCK **lock; - if ((it->itype != ASN1_ITYPE_SEQUENCE) - && (it->itype != ASN1_ITYPE_NDEF_SEQUENCE)) - return 0; -@@ -66,26 +111,18 @@ int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it) - if (!aux || !(aux->flags & ASN1_AFLG_REFCOUNT)) - return 0; - lck = offset2ptr(*pval, aux->ref_offset); -- lock = offset2ptr(*pval, aux->ref_lock); - if (op == 0) { - *lck = 1; -- *lock = CRYPTO_THREAD_lock_new(); -- if (*lock == NULL) { -- ASN1err(ASN1_F_ASN1_DO_LOCK, ERR_R_MALLOC_FAILURE); -- return -1; -- } - return 1; - } -- if (CRYPTO_atomic_add(lck, op, &ret, *lock) < 0) -- return -1; /* failed */ -+ ret = CRYPTO_add(lck, op, aux->ref_lock); - #ifdef REF_PRINT -- fprintf(stderr, "%p:%4d:%s\n", it, *lck, it->sname); -+ fprintf(stderr, "%s: Reference Count: %d\n", it->sname, *lck); -+#endif -+#ifdef REF_CHECK -+ if (ret < 0) -+ fprintf(stderr, "%s, bad reference count\n", it->sname); - #endif -- REF_ASSERT_ISNT(ret < 0); -- if (ret == 0) { -- CRYPTO_THREAD_lock_free(*lock); -- *lock = NULL; -- } - return ret; - } - -@@ -116,7 +153,8 @@ void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it) - ASN1_ENCODING *enc; - enc = asn1_get_enc_ptr(pval, it); - if (enc) { -- OPENSSL_free(enc->enc); -+ if (enc->enc) -+ OPENSSL_free(enc->enc); - enc->enc = NULL; - enc->len = 0; - enc->modified = 1; -@@ -131,9 +169,10 @@ int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, - if (!enc) - return 1; - -- OPENSSL_free(enc->enc); -+ if (enc->enc) -+ OPENSSL_free(enc->enc); - enc->enc = OPENSSL_malloc(inlen); -- if (enc->enc == NULL) -+ if (!enc->enc) - return 0; - memcpy(enc->enc, in, inlen); - enc->len = inlen; -@@ -162,6 +201,8 @@ int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, - ASN1_VALUE **asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) - { - ASN1_VALUE **pvaltmp; -+ if (tt->flags & ASN1_TFLG_COMBINE) -+ return pval; - pvaltmp = offset2ptr(*pval, tt->offset); - /* - * NOTE for BOOLEAN types the field is just a plain int so we can't -@@ -208,12 +249,6 @@ const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, - else - selector = ASN1_INTEGER_get((ASN1_INTEGER *)*sfld); - -- /* Let application callback translate value */ -- if (adb->adb_cb != NULL && adb->adb_cb(&selector) == 0) { -- ASN1err(ASN1_F_ASN1_DO_ADB, ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE); -- return NULL; -- } -- - /* - * Try to find matching entry in table Maybe should check application - * types first to allow application override? Might also be useful to -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_algor.c b/Cryptlib/OpenSSL/crypto/asn1/x_algor.c -index 72378db..fd7d16d 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/x_algor.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/x_algor.c -@@ -1,17 +1,66 @@ -+/* x_algor.c */ - /* -- * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2000. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include - #include - #include - #include --#include "internal/evp_int.h" - - ASN1_SEQUENCE(X509_ALGOR) = { - ASN1_SIMPLE(X509_ALGOR, algorithm, ASN1_OBJECT), -@@ -26,6 +75,9 @@ IMPLEMENT_ASN1_FUNCTIONS(X509_ALGOR) - IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(X509_ALGORS, X509_ALGORS, X509_ALGORS) - IMPLEMENT_ASN1_DUP_FUNCTION(X509_ALGOR) - -+IMPLEMENT_STACK_OF(X509_ALGOR) -+IMPLEMENT_ASN1_SET_OF(X509_ALGOR) -+ - int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval) - { - if (!alg) -@@ -37,21 +89,24 @@ int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval) - return 0; - } - if (alg) { -- ASN1_OBJECT_free(alg->algorithm); -+ if (alg->algorithm) -+ ASN1_OBJECT_free(alg->algorithm); - alg->algorithm = aobj; - } - if (ptype == 0) - return 1; - if (ptype == V_ASN1_UNDEF) { -- ASN1_TYPE_free(alg->parameter); -- alg->parameter = NULL; -+ if (alg->parameter) { -+ ASN1_TYPE_free(alg->parameter); -+ alg->parameter = NULL; -+ } - } else - ASN1_TYPE_set(alg->parameter, ptype, pval); - return 1; - } - --void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, -- const void **ppval, const X509_ALGOR *algor) -+void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval, -+ X509_ALGOR *algor) - { - if (paobj) - *paobj = algor->algorithm; -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_attrib.c b/Cryptlib/OpenSSL/crypto/asn1/x_attrib.c -new file mode 100644 -index 0000000..93ef53b ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/asn1/x_attrib.c -@@ -0,0 +1,124 @@ -+/* crypto/asn1/x_attrib.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#include -+#include "cryptlib.h" -+#include -+#include -+#include -+ -+/*- -+ * X509_ATTRIBUTE: this has the following form: -+ * -+ * typedef struct x509_attributes_st -+ * { -+ * ASN1_OBJECT *object; -+ * int single; -+ * union { -+ * char *ptr; -+ * STACK_OF(ASN1_TYPE) *set; -+ * ASN1_TYPE *single; -+ * } value; -+ * } X509_ATTRIBUTE; -+ * -+ * this needs some extra thought because the CHOICE type is -+ * merged with the main structure and because the value can -+ * be anything at all we *must* try the SET OF first because -+ * the ASN1_ANY type will swallow anything including the whole -+ * SET OF structure. -+ */ -+ -+ASN1_CHOICE(X509_ATTRIBUTE_SET) = { -+ ASN1_SET_OF(X509_ATTRIBUTE, value.set, ASN1_ANY), -+ ASN1_SIMPLE(X509_ATTRIBUTE, value.single, ASN1_ANY) -+} ASN1_CHOICE_END_selector(X509_ATTRIBUTE, X509_ATTRIBUTE_SET, single) -+ -+ASN1_SEQUENCE(X509_ATTRIBUTE) = { -+ ASN1_SIMPLE(X509_ATTRIBUTE, object, ASN1_OBJECT), -+ /* CHOICE type merged with parent */ -+ ASN1_EX_COMBINE(0, 0, X509_ATTRIBUTE_SET) -+} ASN1_SEQUENCE_END(X509_ATTRIBUTE) -+ -+IMPLEMENT_ASN1_FUNCTIONS(X509_ATTRIBUTE) -+IMPLEMENT_ASN1_DUP_FUNCTION(X509_ATTRIBUTE) -+ -+X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value) -+{ -+ X509_ATTRIBUTE *ret = NULL; -+ ASN1_TYPE *val = NULL; -+ -+ if ((ret = X509_ATTRIBUTE_new()) == NULL) -+ return (NULL); -+ ret->object = OBJ_nid2obj(nid); -+ ret->single = 0; -+ if ((ret->value.set = sk_ASN1_TYPE_new_null()) == NULL) -+ goto err; -+ if ((val = ASN1_TYPE_new()) == NULL) -+ goto err; -+ if (!sk_ASN1_TYPE_push(ret->value.set, val)) -+ goto err; -+ -+ ASN1_TYPE_set(val, atrtype, value); -+ return (ret); -+ err: -+ if (ret != NULL) -+ X509_ATTRIBUTE_free(ret); -+ if (val != NULL) -+ ASN1_TYPE_free(val); -+ return (NULL); -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_bignum.c b/Cryptlib/OpenSSL/crypto/asn1/x_bignum.c -index da57e77..c644199 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/x_bignum.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/x_bignum.c -@@ -1,14 +1,64 @@ -+/* x_bignum.c */ - /* -- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2000. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - -@@ -22,15 +72,12 @@ - #define BN_SENSITIVE 1 - - static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it); --static int bn_secure_new(ASN1_VALUE **pval, const ASN1_ITEM *it); - static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it); - - static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, - const ASN1_ITEM *it); - static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, - int utype, char *free_cont, const ASN1_ITEM *it); --static int bn_secure_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, -- int utype, char *free_cont, const ASN1_ITEM *it); - static int bn_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, - int indent, const ASN1_PCTX *pctx); - -@@ -44,37 +91,18 @@ static ASN1_PRIMITIVE_FUNCS bignum_pf = { - bn_print - }; - --static ASN1_PRIMITIVE_FUNCS cbignum_pf = { -- NULL, 0, -- bn_secure_new, -- bn_free, -- 0, -- bn_secure_c2i, -- bn_i2c, -- bn_print --}; -- - ASN1_ITEM_start(BIGNUM) - ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, 0, "BIGNUM" - ASN1_ITEM_end(BIGNUM) - - ASN1_ITEM_start(CBIGNUM) -- ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &cbignum_pf, BN_SENSITIVE, "CBIGNUM" -+ ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, BN_SENSITIVE, "BIGNUM" - ASN1_ITEM_end(CBIGNUM) - - static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it) - { - *pval = (ASN1_VALUE *)BN_new(); -- if (*pval != NULL) -- return 1; -- else -- return 0; --} -- --static int bn_secure_new(ASN1_VALUE **pval, const ASN1_ITEM *it) --{ -- *pval = (ASN1_VALUE *)BN_secure_new(); -- if (*pval != NULL) -+ if (*pval) - return 1; - else - return 0; -@@ -127,14 +155,6 @@ static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, - return 1; - } - --static int bn_secure_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, -- int utype, char *free_cont, const ASN1_ITEM *it) --{ -- if (!*pval) -- bn_secure_new(pval, it); -- return bn_c2i(pval, cont, len, utype, free_cont, it); --} -- - static int bn_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, - int indent, const ASN1_PCTX *pctx) - { -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_crl.c b/Cryptlib/OpenSSL/crypto/asn1/x_crl.c -new file mode 100644 -index 0000000..c78ded8 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/asn1/x_crl.c -@@ -0,0 +1,518 @@ -+/* crypto/asn1/x_crl.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#include -+#include "cryptlib.h" -+#include -+#include "asn1_locl.h" -+#include -+#include -+ -+static int X509_REVOKED_cmp(const X509_REVOKED *const *a, -+ const X509_REVOKED *const *b); -+static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp); -+ -+ASN1_SEQUENCE(X509_REVOKED) = { -+ ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER), -+ ASN1_SIMPLE(X509_REVOKED,revocationDate, ASN1_TIME), -+ ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION) -+} ASN1_SEQUENCE_END(X509_REVOKED) -+ -+static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r); -+static int def_crl_lookup(X509_CRL *crl, -+ X509_REVOKED **ret, ASN1_INTEGER *serial, -+ X509_NAME *issuer); -+ -+static X509_CRL_METHOD int_crl_meth = { -+ 0, -+ 0, 0, -+ def_crl_lookup, -+ def_crl_verify -+}; -+ -+static const X509_CRL_METHOD *default_crl_method = &int_crl_meth; -+ -+/* -+ * The X509_CRL_INFO structure needs a bit of customisation. Since we cache -+ * the original encoding the signature wont be affected by reordering of the -+ * revoked field. -+ */ -+static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, -+ void *exarg) -+{ -+ X509_CRL_INFO *a = (X509_CRL_INFO *)*pval; -+ -+ if (!a || !a->revoked) -+ return 1; -+ switch (operation) { -+ /* -+ * Just set cmp function here. We don't sort because that would -+ * affect the output of X509_CRL_print(). -+ */ -+ case ASN1_OP_D2I_POST: -+ (void)sk_X509_REVOKED_set_cmp_func(a->revoked, X509_REVOKED_cmp); -+ break; -+ } -+ return 1; -+} -+ -+ -+ASN1_SEQUENCE_enc(X509_CRL_INFO, enc, crl_inf_cb) = { -+ ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER), -+ ASN1_SIMPLE(X509_CRL_INFO, sig_alg, X509_ALGOR), -+ ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME), -+ ASN1_SIMPLE(X509_CRL_INFO, lastUpdate, ASN1_TIME), -+ ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME), -+ ASN1_SEQUENCE_OF_OPT(X509_CRL_INFO, revoked, X509_REVOKED), -+ ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0) -+} ASN1_SEQUENCE_END_enc(X509_CRL_INFO, X509_CRL_INFO) -+ -+/* -+ * Set CRL entry issuer according to CRL certificate issuer extension. Check -+ * for unhandled critical CRL entry extensions. -+ */ -+ -+static int crl_set_issuers(X509_CRL *crl) -+{ -+ -+ int i, j; -+ GENERAL_NAMES *gens, *gtmp; -+ STACK_OF(X509_REVOKED) *revoked; -+ -+ revoked = X509_CRL_get_REVOKED(crl); -+ -+ gens = NULL; -+ for (i = 0; i < sk_X509_REVOKED_num(revoked); i++) { -+ X509_REVOKED *rev = sk_X509_REVOKED_value(revoked, i); -+ STACK_OF(X509_EXTENSION) *exts; -+ ASN1_ENUMERATED *reason; -+ X509_EXTENSION *ext; -+ gtmp = X509_REVOKED_get_ext_d2i(rev, -+ NID_certificate_issuer, &j, NULL); -+ if (!gtmp && (j != -1)) { -+ crl->flags |= EXFLAG_INVALID; -+ return 1; -+ } -+ -+ if (gtmp) { -+ gens = gtmp; -+ if (!crl->issuers) { -+ crl->issuers = sk_GENERAL_NAMES_new_null(); -+ if (!crl->issuers) -+ return 0; -+ } -+ if (!sk_GENERAL_NAMES_push(crl->issuers, gtmp)) -+ return 0; -+ } -+ rev->issuer = gens; -+ -+ reason = X509_REVOKED_get_ext_d2i(rev, NID_crl_reason, &j, NULL); -+ if (!reason && (j != -1)) { -+ crl->flags |= EXFLAG_INVALID; -+ return 1; -+ } -+ -+ if (reason) { -+ rev->reason = ASN1_ENUMERATED_get(reason); -+ ASN1_ENUMERATED_free(reason); -+ } else -+ rev->reason = CRL_REASON_NONE; -+ -+ /* Check for critical CRL entry extensions */ -+ -+ exts = rev->extensions; -+ -+ for (j = 0; j < sk_X509_EXTENSION_num(exts); j++) { -+ ext = sk_X509_EXTENSION_value(exts, j); -+ if (ext->critical > 0) { -+ if (OBJ_obj2nid(ext->object) == NID_certificate_issuer) -+ continue; -+ crl->flags |= EXFLAG_CRITICAL; -+ break; -+ } -+ } -+ -+ } -+ -+ return 1; -+ -+} -+ -+/* -+ * The X509_CRL structure needs a bit of customisation. Cache some extensions -+ * and hash of the whole CRL. -+ */ -+static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, -+ void *exarg) -+{ -+ X509_CRL *crl = (X509_CRL *)*pval; -+ STACK_OF(X509_EXTENSION) *exts; -+ X509_EXTENSION *ext; -+ int idx; -+ -+ switch (operation) { -+ case ASN1_OP_NEW_POST: -+ crl->idp = NULL; -+ crl->akid = NULL; -+ crl->flags = 0; -+ crl->idp_flags = 0; -+ crl->idp_reasons = CRLDP_ALL_REASONS; -+ crl->meth = default_crl_method; -+ crl->meth_data = NULL; -+ crl->issuers = NULL; -+ crl->crl_number = NULL; -+ crl->base_crl_number = NULL; -+ break; -+ -+ case ASN1_OP_D2I_POST: -+#ifndef OPENSSL_NO_SHA -+ X509_CRL_digest(crl, EVP_sha1(), crl->sha1_hash, NULL); -+#endif -+ crl->idp = X509_CRL_get_ext_d2i(crl, -+ NID_issuing_distribution_point, NULL, -+ NULL); -+ if (crl->idp) -+ setup_idp(crl, crl->idp); -+ -+ crl->akid = X509_CRL_get_ext_d2i(crl, -+ NID_authority_key_identifier, NULL, -+ NULL); -+ -+ crl->crl_number = X509_CRL_get_ext_d2i(crl, -+ NID_crl_number, NULL, NULL); -+ -+ crl->base_crl_number = X509_CRL_get_ext_d2i(crl, -+ NID_delta_crl, NULL, -+ NULL); -+ /* Delta CRLs must have CRL number */ -+ if (crl->base_crl_number && !crl->crl_number) -+ crl->flags |= EXFLAG_INVALID; -+ -+ /* -+ * See if we have any unhandled critical CRL extensions and indicate -+ * this in a flag. We only currently handle IDP so anything else -+ * critical sets the flag. This code accesses the X509_CRL structure -+ * directly: applications shouldn't do this. -+ */ -+ -+ exts = crl->crl->extensions; -+ -+ for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++) { -+ int nid; -+ -+ ext = sk_X509_EXTENSION_value(exts, idx); -+ nid = OBJ_obj2nid(ext->object); -+ if (nid == NID_freshest_crl) -+ crl->flags |= EXFLAG_FRESHEST; -+ if (ext->critical > 0) { -+ /* We handle IDP and deltas */ -+ if ((nid == NID_issuing_distribution_point) -+ || (nid == NID_authority_key_identifier) -+ || (nid == NID_delta_crl)) -+ continue; -+ crl->flags |= EXFLAG_CRITICAL; -+ break; -+ } -+ } -+ -+ if (!crl_set_issuers(crl)) -+ return 0; -+ -+ if (crl->meth->crl_init) { -+ if (crl->meth->crl_init(crl) == 0) -+ return 0; -+ } -+ break; -+ -+ case ASN1_OP_FREE_POST: -+ if (crl->meth->crl_free) { -+ if (!crl->meth->crl_free(crl)) -+ return 0; -+ } -+ if (crl->akid) -+ AUTHORITY_KEYID_free(crl->akid); -+ if (crl->idp) -+ ISSUING_DIST_POINT_free(crl->idp); -+ ASN1_INTEGER_free(crl->crl_number); -+ ASN1_INTEGER_free(crl->base_crl_number); -+ sk_GENERAL_NAMES_pop_free(crl->issuers, GENERAL_NAMES_free); -+ break; -+ } -+ return 1; -+} -+ -+/* Convert IDP into a more convenient form */ -+ -+static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp) -+{ -+ int idp_only = 0; -+ /* Set various flags according to IDP */ -+ crl->idp_flags |= IDP_PRESENT; -+ if (idp->onlyuser > 0) { -+ idp_only++; -+ crl->idp_flags |= IDP_ONLYUSER; -+ } -+ if (idp->onlyCA > 0) { -+ idp_only++; -+ crl->idp_flags |= IDP_ONLYCA; -+ } -+ if (idp->onlyattr > 0) { -+ idp_only++; -+ crl->idp_flags |= IDP_ONLYATTR; -+ } -+ -+ if (idp_only > 1) -+ crl->idp_flags |= IDP_INVALID; -+ -+ if (idp->indirectCRL > 0) -+ crl->idp_flags |= IDP_INDIRECT; -+ -+ if (idp->onlysomereasons) { -+ crl->idp_flags |= IDP_REASONS; -+ if (idp->onlysomereasons->length > 0) -+ crl->idp_reasons = idp->onlysomereasons->data[0]; -+ if (idp->onlysomereasons->length > 1) -+ crl->idp_reasons |= (idp->onlysomereasons->data[1] << 8); -+ crl->idp_reasons &= CRLDP_ALL_REASONS; -+ } -+ -+ DIST_POINT_set_dpname(idp->distpoint, X509_CRL_get_issuer(crl)); -+} -+ -+ASN1_SEQUENCE_ref(X509_CRL, crl_cb, CRYPTO_LOCK_X509_CRL) = { -+ ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO), -+ ASN1_SIMPLE(X509_CRL, sig_alg, X509_ALGOR), -+ ASN1_SIMPLE(X509_CRL, signature, ASN1_BIT_STRING) -+} ASN1_SEQUENCE_END_ref(X509_CRL, X509_CRL) -+ -+IMPLEMENT_ASN1_FUNCTIONS(X509_REVOKED) -+ -+IMPLEMENT_ASN1_DUP_FUNCTION(X509_REVOKED) -+ -+IMPLEMENT_ASN1_FUNCTIONS(X509_CRL_INFO) -+ -+IMPLEMENT_ASN1_FUNCTIONS(X509_CRL) -+ -+IMPLEMENT_ASN1_DUP_FUNCTION(X509_CRL) -+ -+static int X509_REVOKED_cmp(const X509_REVOKED *const *a, -+ const X509_REVOKED *const *b) -+{ -+ return (ASN1_STRING_cmp((ASN1_STRING *)(*a)->serialNumber, -+ (ASN1_STRING *)(*b)->serialNumber)); -+} -+ -+int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev) -+{ -+ X509_CRL_INFO *inf; -+ inf = crl->crl; -+ if (!inf->revoked) -+ inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp); -+ if (!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) { -+ ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ inf->enc.modified = 1; -+ return 1; -+} -+ -+int X509_CRL_verify(X509_CRL *crl, EVP_PKEY *r) -+{ -+ if (crl->meth->crl_verify) -+ return crl->meth->crl_verify(crl, r); -+ return 0; -+} -+ -+int X509_CRL_get0_by_serial(X509_CRL *crl, -+ X509_REVOKED **ret, ASN1_INTEGER *serial) -+{ -+ if (crl->meth->crl_lookup) -+ return crl->meth->crl_lookup(crl, ret, serial, NULL); -+ return 0; -+} -+ -+int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x) -+{ -+ if (crl->meth->crl_lookup) -+ return crl->meth->crl_lookup(crl, ret, -+ X509_get_serialNumber(x), -+ X509_get_issuer_name(x)); -+ return 0; -+} -+ -+static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r) -+{ -+ return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO), -+ crl->sig_alg, crl->signature, crl->crl, r)); -+} -+ -+static int crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm, -+ X509_REVOKED *rev) -+{ -+ int i; -+ -+ if (!rev->issuer) { -+ if (!nm) -+ return 1; -+ if (!X509_NAME_cmp(nm, X509_CRL_get_issuer(crl))) -+ return 1; -+ return 0; -+ } -+ -+ if (!nm) -+ nm = X509_CRL_get_issuer(crl); -+ -+ for (i = 0; i < sk_GENERAL_NAME_num(rev->issuer); i++) { -+ GENERAL_NAME *gen = sk_GENERAL_NAME_value(rev->issuer, i); -+ if (gen->type != GEN_DIRNAME) -+ continue; -+ if (!X509_NAME_cmp(nm, gen->d.directoryName)) -+ return 1; -+ } -+ return 0; -+ -+} -+ -+static int def_crl_lookup(X509_CRL *crl, -+ X509_REVOKED **ret, ASN1_INTEGER *serial, -+ X509_NAME *issuer) -+{ -+ X509_REVOKED rtmp, *rev; -+ int idx; -+ rtmp.serialNumber = serial; -+ /* -+ * Sort revoked into serial number order if not already sorted. Do this -+ * under a lock to avoid race condition. -+ */ -+ if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked)) { -+ CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL); -+ sk_X509_REVOKED_sort(crl->crl->revoked); -+ CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL); -+ } -+ idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp); -+ if (idx < 0) -+ return 0; -+ /* Need to look for matching name */ -+ for (; idx < sk_X509_REVOKED_num(crl->crl->revoked); idx++) { -+ rev = sk_X509_REVOKED_value(crl->crl->revoked, idx); -+ if (ASN1_INTEGER_cmp(rev->serialNumber, serial)) -+ return 0; -+ if (crl_revoked_issuer_match(crl, issuer, rev)) { -+ if (ret) -+ *ret = rev; -+ if (rev->reason == CRL_REASON_REMOVE_FROM_CRL) -+ return 2; -+ return 1; -+ } -+ } -+ return 0; -+} -+ -+void X509_CRL_set_default_method(const X509_CRL_METHOD *meth) -+{ -+ if (meth == NULL) -+ default_crl_method = &int_crl_meth; -+ else -+ default_crl_method = meth; -+} -+ -+X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl), -+ int (*crl_free) (X509_CRL *crl), -+ int (*crl_lookup) (X509_CRL *crl, -+ X509_REVOKED **ret, -+ ASN1_INTEGER *ser, -+ X509_NAME *issuer), -+ int (*crl_verify) (X509_CRL *crl, -+ EVP_PKEY *pk)) -+{ -+ X509_CRL_METHOD *m; -+ m = OPENSSL_malloc(sizeof(X509_CRL_METHOD)); -+ if (!m) -+ return NULL; -+ m->crl_init = crl_init; -+ m->crl_free = crl_free; -+ m->crl_lookup = crl_lookup; -+ m->crl_verify = crl_verify; -+ m->flags = X509_CRL_METHOD_DYNAMIC; -+ return m; -+} -+ -+void X509_CRL_METHOD_free(X509_CRL_METHOD *m) -+{ -+ if (!(m->flags & X509_CRL_METHOD_DYNAMIC)) -+ return; -+ OPENSSL_free(m); -+} -+ -+void X509_CRL_set_meth_data(X509_CRL *crl, void *dat) -+{ -+ crl->meth_data = dat; -+} -+ -+void *X509_CRL_get_meth_data(X509_CRL *crl) -+{ -+ return crl->meth_data; -+} -+ -+IMPLEMENT_STACK_OF(X509_REVOKED) -+ -+IMPLEMENT_ASN1_SET_OF(X509_REVOKED) -+ -+IMPLEMENT_STACK_OF(X509_CRL) -+ -+IMPLEMENT_ASN1_SET_OF(X509_CRL) -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_exten.c b/Cryptlib/OpenSSL/crypto/asn1/x_exten.c -new file mode 100644 -index 0000000..00a9580 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/asn1/x_exten.c -@@ -0,0 +1,77 @@ -+/* x_exten.c */ -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2000. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+#include -+#include -+#include -+#include -+ -+ASN1_SEQUENCE(X509_EXTENSION) = { -+ ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT), -+ ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN), -+ ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING) -+} ASN1_SEQUENCE_END(X509_EXTENSION) -+ -+ASN1_ITEM_TEMPLATE(X509_EXTENSIONS) = -+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Extension, X509_EXTENSION) -+ASN1_ITEM_TEMPLATE_END(X509_EXTENSIONS) -+ -+IMPLEMENT_ASN1_FUNCTIONS(X509_EXTENSION) -+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS) -+IMPLEMENT_ASN1_DUP_FUNCTION(X509_EXTENSION) -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_info.c b/Cryptlib/OpenSSL/crypto/asn1/x_info.c -index 8d99f07..067fd72 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/x_info.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/x_info.c -@@ -1,39 +1,117 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/asn1/x_info.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include - - X509_INFO *X509_INFO_new(void) - { -- X509_INFO *ret; -+ X509_INFO *ret = NULL; - -- ret = OPENSSL_zalloc(sizeof(*ret)); -+ ret = (X509_INFO *)OPENSSL_malloc(sizeof(X509_INFO)); - if (ret == NULL) { - ASN1err(ASN1_F_X509_INFO_NEW, ERR_R_MALLOC_FAILURE); -- return NULL; -+ return (NULL); - } - -- return ret; -+ ret->enc_cipher.cipher = NULL; -+ ret->enc_len = 0; -+ ret->enc_data = NULL; -+ -+ ret->references = 1; -+ ret->x509 = NULL; -+ ret->crl = NULL; -+ ret->x_pkey = NULL; -+ return (ret); - } - - void X509_INFO_free(X509_INFO *x) - { -+ int i; -+ - if (x == NULL) - return; - -- X509_free(x->x509); -- X509_CRL_free(x->crl); -- X509_PKEY_free(x->x_pkey); -- OPENSSL_free(x->enc_data); -+ i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_X509_INFO); -+#ifdef REF_PRINT -+ REF_PRINT("X509_INFO", x); -+#endif -+ if (i > 0) -+ return; -+#ifdef REF_CHECK -+ if (i < 0) { -+ fprintf(stderr, "X509_INFO_free, bad reference count\n"); -+ abort(); -+ } -+#endif -+ -+ if (x->x509 != NULL) -+ X509_free(x->x509); -+ if (x->crl != NULL) -+ X509_CRL_free(x->crl); -+ if (x->x_pkey != NULL) -+ X509_PKEY_free(x->x_pkey); -+ if (x->enc_data != NULL) -+ OPENSSL_free(x->enc_data); - OPENSSL_free(x); - } -+ -+IMPLEMENT_STACK_OF(X509_INFO) -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_long.c b/Cryptlib/OpenSSL/crypto/asn1/x_long.c -index c284471..3aed44a 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/x_long.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/x_long.c -@@ -1,14 +1,64 @@ -+/* x_long.c */ - /* -- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2000. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - -@@ -76,7 +126,7 @@ static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, - * set. - */ - if (ltmp < 0) -- utmp = 0 - (unsigned long)ltmp - 1; -+ utmp = -ltmp - 1; - else - utmp = ltmp; - clen = BN_num_bits_word(utmp); -@@ -128,8 +178,8 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, - } - ltmp = (long)utmp; - if (neg) { -+ ltmp++; - ltmp = -ltmp; -- ltmp--; - } - if (ltmp == it->size) { - ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_name.c b/Cryptlib/OpenSSL/crypto/asn1/x_name.c -new file mode 100644 -index 0000000..26378fd ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/asn1/x_name.c -@@ -0,0 +1,536 @@ -+/* crypto/asn1/x_name.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#include -+#include -+#include "cryptlib.h" -+#include -+#include -+#include "asn1_locl.h" -+ -+typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY; -+DECLARE_STACK_OF(STACK_OF_X509_NAME_ENTRY) -+ -+/* -+ * Maximum length of X509_NAME: much larger than anything we should -+ * ever see in practice. -+ */ -+ -+#define X509_NAME_MAX (1024 * 1024) -+ -+static int x509_name_ex_d2i(ASN1_VALUE **val, -+ const unsigned char **in, long len, -+ const ASN1_ITEM *it, -+ int tag, int aclass, char opt, ASN1_TLC *ctx); -+ -+static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, -+ const ASN1_ITEM *it, int tag, int aclass); -+static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it); -+static void x509_name_ex_free(ASN1_VALUE **val, const ASN1_ITEM *it); -+ -+static int x509_name_encode(X509_NAME *a); -+static int x509_name_canon(X509_NAME *a); -+static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in); -+static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) * intname, -+ unsigned char **in); -+ -+static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval, -+ int indent, -+ const char *fname, const ASN1_PCTX *pctx); -+ -+ASN1_SEQUENCE(X509_NAME_ENTRY) = { -+ ASN1_SIMPLE(X509_NAME_ENTRY, object, ASN1_OBJECT), -+ ASN1_SIMPLE(X509_NAME_ENTRY, value, ASN1_PRINTABLE) -+} ASN1_SEQUENCE_END(X509_NAME_ENTRY) -+ -+IMPLEMENT_ASN1_FUNCTIONS(X509_NAME_ENTRY) -+IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME_ENTRY) -+ -+/* -+ * For the "Name" type we need a SEQUENCE OF { SET OF X509_NAME_ENTRY } so -+ * declare two template wrappers for this -+ */ -+ -+ASN1_ITEM_TEMPLATE(X509_NAME_ENTRIES) = -+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, RDNS, X509_NAME_ENTRY) -+ASN1_ITEM_TEMPLATE_END(X509_NAME_ENTRIES) -+ -+ASN1_ITEM_TEMPLATE(X509_NAME_INTERNAL) = -+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Name, X509_NAME_ENTRIES) -+ASN1_ITEM_TEMPLATE_END(X509_NAME_INTERNAL) -+ -+/* -+ * Normally that's where it would end: we'd have two nested STACK structures -+ * representing the ASN1. Unfortunately X509_NAME uses a completely different -+ * form and caches encodings so we have to process the internal form and -+ * convert to the external form. -+ */ -+ -+const ASN1_EXTERN_FUNCS x509_name_ff = { -+ NULL, -+ x509_name_ex_new, -+ x509_name_ex_free, -+ 0, /* Default clear behaviour is OK */ -+ x509_name_ex_d2i, -+ x509_name_ex_i2d, -+ x509_name_ex_print -+}; -+ -+IMPLEMENT_EXTERN_ASN1(X509_NAME, V_ASN1_SEQUENCE, x509_name_ff) -+ -+IMPLEMENT_ASN1_FUNCTIONS(X509_NAME) -+ -+IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME) -+ -+static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it) -+{ -+ X509_NAME *ret = NULL; -+ ret = OPENSSL_malloc(sizeof(X509_NAME)); -+ if (!ret) -+ goto memerr; -+ if ((ret->entries = sk_X509_NAME_ENTRY_new_null()) == NULL) -+ goto memerr; -+ if ((ret->bytes = BUF_MEM_new()) == NULL) -+ goto memerr; -+ ret->canon_enc = NULL; -+ ret->canon_enclen = 0; -+ ret->modified = 1; -+ *val = (ASN1_VALUE *)ret; -+ return 1; -+ -+ memerr: -+ ASN1err(ASN1_F_X509_NAME_EX_NEW, ERR_R_MALLOC_FAILURE); -+ if (ret) { -+ if (ret->entries) -+ sk_X509_NAME_ENTRY_free(ret->entries); -+ OPENSSL_free(ret); -+ } -+ return 0; -+} -+ -+static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it) -+{ -+ X509_NAME *a; -+ if (!pval || !*pval) -+ return; -+ a = (X509_NAME *)*pval; -+ -+ BUF_MEM_free(a->bytes); -+ sk_X509_NAME_ENTRY_pop_free(a->entries, X509_NAME_ENTRY_free); -+ if (a->canon_enc) -+ OPENSSL_free(a->canon_enc); -+ OPENSSL_free(a); -+ *pval = NULL; -+} -+ -+static int x509_name_ex_d2i(ASN1_VALUE **val, -+ const unsigned char **in, long len, -+ const ASN1_ITEM *it, int tag, int aclass, -+ char opt, ASN1_TLC *ctx) -+{ -+ const unsigned char *p = *in, *q; -+ union { -+ STACK_OF(STACK_OF_X509_NAME_ENTRY) *s; -+ ASN1_VALUE *a; -+ } intname = { -+ NULL -+ }; -+ union { -+ X509_NAME *x; -+ ASN1_VALUE *a; -+ } nm = { -+ NULL -+ }; -+ int i, j, ret; -+ STACK_OF(X509_NAME_ENTRY) *entries; -+ X509_NAME_ENTRY *entry; -+ if (len > X509_NAME_MAX) -+ len = X509_NAME_MAX; -+ q = p; -+ -+ /* Get internal representation of Name */ -+ ret = ASN1_item_ex_d2i(&intname.a, -+ &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -+ tag, aclass, opt, ctx); -+ -+ if (ret <= 0) -+ return ret; -+ -+ if (*val) -+ x509_name_ex_free(val, NULL); -+ if (!x509_name_ex_new(&nm.a, NULL)) -+ goto err; -+ /* We've decoded it: now cache encoding */ -+ if (!BUF_MEM_grow(nm.x->bytes, p - q)) -+ goto err; -+ memcpy(nm.x->bytes->data, q, p - q); -+ -+ /* Convert internal representation to X509_NAME structure */ -+ for (i = 0; i < sk_STACK_OF_X509_NAME_ENTRY_num(intname.s); i++) { -+ entries = sk_STACK_OF_X509_NAME_ENTRY_value(intname.s, i); -+ for (j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) { -+ entry = sk_X509_NAME_ENTRY_value(entries, j); -+ entry->set = i; -+ if (!sk_X509_NAME_ENTRY_push(nm.x->entries, entry)) -+ goto err; -+ } -+ sk_X509_NAME_ENTRY_free(entries); -+ } -+ sk_STACK_OF_X509_NAME_ENTRY_free(intname.s); -+ ret = x509_name_canon(nm.x); -+ if (!ret) -+ goto err; -+ nm.x->modified = 0; -+ *val = nm.a; -+ *in = p; -+ return ret; -+ err: -+ if (nm.x != NULL) -+ X509_NAME_free(nm.x); -+ ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR); -+ return 0; -+} -+ -+static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, -+ const ASN1_ITEM *it, int tag, int aclass) -+{ -+ int ret; -+ X509_NAME *a = (X509_NAME *)*val; -+ if (a->modified) { -+ ret = x509_name_encode(a); -+ if (ret < 0) -+ return ret; -+ ret = x509_name_canon(a); -+ if (ret < 0) -+ return ret; -+ } -+ ret = a->bytes->length; -+ if (out != NULL) { -+ memcpy(*out, a->bytes->data, ret); -+ *out += ret; -+ } -+ return ret; -+} -+ -+static void local_sk_X509_NAME_ENTRY_free(STACK_OF(X509_NAME_ENTRY) *ne) -+{ -+ sk_X509_NAME_ENTRY_free(ne); -+} -+ -+static void local_sk_X509_NAME_ENTRY_pop_free(STACK_OF(X509_NAME_ENTRY) *ne) -+{ -+ sk_X509_NAME_ENTRY_pop_free(ne, X509_NAME_ENTRY_free); -+} -+ -+static int x509_name_encode(X509_NAME *a) -+{ -+ union { -+ STACK_OF(STACK_OF_X509_NAME_ENTRY) *s; -+ ASN1_VALUE *a; -+ } intname = { -+ NULL -+ }; -+ int len; -+ unsigned char *p; -+ STACK_OF(X509_NAME_ENTRY) *entries = NULL; -+ X509_NAME_ENTRY *entry; -+ int i, set = -1; -+ intname.s = sk_STACK_OF_X509_NAME_ENTRY_new_null(); -+ if (!intname.s) -+ goto memerr; -+ for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) { -+ entry = sk_X509_NAME_ENTRY_value(a->entries, i); -+ if (entry->set != set) { -+ entries = sk_X509_NAME_ENTRY_new_null(); -+ if (!entries) -+ goto memerr; -+ if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname.s, entries)) -+ goto memerr; -+ set = entry->set; -+ } -+ if (!sk_X509_NAME_ENTRY_push(entries, entry)) -+ goto memerr; -+ } -+ len = ASN1_item_ex_i2d(&intname.a, NULL, -+ ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1); -+ if (!BUF_MEM_grow(a->bytes, len)) -+ goto memerr; -+ p = (unsigned char *)a->bytes->data; -+ ASN1_item_ex_i2d(&intname.a, -+ &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1); -+ sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, -+ local_sk_X509_NAME_ENTRY_free); -+ a->modified = 0; -+ return len; -+ memerr: -+ sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, -+ local_sk_X509_NAME_ENTRY_free); -+ ASN1err(ASN1_F_X509_NAME_ENCODE, ERR_R_MALLOC_FAILURE); -+ return -1; -+} -+ -+static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval, -+ int indent, -+ const char *fname, const ASN1_PCTX *pctx) -+{ -+ if (X509_NAME_print_ex(out, (X509_NAME *)*pval, -+ indent, pctx->nm_flags) <= 0) -+ return 0; -+ return 2; -+} -+ -+/* -+ * This function generates the canonical encoding of the Name structure. In -+ * it all strings are converted to UTF8, leading, trailing and multiple -+ * spaces collapsed, converted to lower case and the leading SEQUENCE header -+ * removed. In future we could also normalize the UTF8 too. By doing this -+ * comparison of Name structures can be rapidly perfomed by just using -+ * memcmp() of the canonical encoding. By omitting the leading SEQUENCE name -+ * constraints of type dirName can also be checked with a simple memcmp(). -+ */ -+ -+static int x509_name_canon(X509_NAME *a) -+{ -+ unsigned char *p; -+ STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname = NULL; -+ STACK_OF(X509_NAME_ENTRY) *entries = NULL; -+ X509_NAME_ENTRY *entry, *tmpentry = NULL; -+ int i, set = -1, ret = 0; -+ -+ if (a->canon_enc) { -+ OPENSSL_free(a->canon_enc); -+ a->canon_enc = NULL; -+ } -+ /* Special case: empty X509_NAME => null encoding */ -+ if (sk_X509_NAME_ENTRY_num(a->entries) == 0) { -+ a->canon_enclen = 0; -+ return 1; -+ } -+ intname = sk_STACK_OF_X509_NAME_ENTRY_new_null(); -+ if (!intname) -+ goto err; -+ for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) { -+ entry = sk_X509_NAME_ENTRY_value(a->entries, i); -+ if (entry->set != set) { -+ entries = sk_X509_NAME_ENTRY_new_null(); -+ if (!entries) -+ goto err; -+ if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries)) -+ goto err; -+ set = entry->set; -+ } -+ tmpentry = X509_NAME_ENTRY_new(); -+ if (!tmpentry) -+ goto err; -+ tmpentry->object = OBJ_dup(entry->object); -+ if (!asn1_string_canon(tmpentry->value, entry->value)) -+ goto err; -+ if (!sk_X509_NAME_ENTRY_push(entries, tmpentry)) -+ goto err; -+ tmpentry = NULL; -+ } -+ -+ /* Finally generate encoding */ -+ -+ a->canon_enclen = i2d_name_canon(intname, NULL); -+ -+ p = OPENSSL_malloc(a->canon_enclen); -+ -+ if (!p) -+ goto err; -+ -+ a->canon_enc = p; -+ -+ i2d_name_canon(intname, &p); -+ -+ ret = 1; -+ -+ err: -+ -+ if (tmpentry) -+ X509_NAME_ENTRY_free(tmpentry); -+ if (intname) -+ sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname, -+ local_sk_X509_NAME_ENTRY_pop_free); -+ return ret; -+} -+ -+/* Bitmap of all the types of string that will be canonicalized. */ -+ -+#define ASN1_MASK_CANON \ -+ (B_ASN1_UTF8STRING | B_ASN1_BMPSTRING | B_ASN1_UNIVERSALSTRING \ -+ | B_ASN1_PRINTABLESTRING | B_ASN1_T61STRING | B_ASN1_IA5STRING \ -+ | B_ASN1_VISIBLESTRING) -+ -+static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in) -+{ -+ unsigned char *to, *from; -+ int len, i; -+ -+ /* If type not in bitmask just copy string across */ -+ if (!(ASN1_tag2bit(in->type) & ASN1_MASK_CANON)) { -+ if (!ASN1_STRING_copy(out, in)) -+ return 0; -+ return 1; -+ } -+ -+ out->type = V_ASN1_UTF8STRING; -+ out->length = ASN1_STRING_to_UTF8(&out->data, in); -+ if (out->length == -1) -+ return 0; -+ -+ to = out->data; -+ from = to; -+ -+ len = out->length; -+ -+ /* -+ * Convert string in place to canonical form. Ultimately we may need to -+ * handle a wider range of characters but for now ignore anything with -+ * MSB set and rely on the isspace() and tolower() functions. -+ */ -+ -+ /* Ignore leading spaces */ -+ while ((len > 0) && !(*from & 0x80) && isspace(*from)) { -+ from++; -+ len--; -+ } -+ -+ to = from + len - 1; -+ -+ /* Ignore trailing spaces */ -+ while ((len > 0) && !(*to & 0x80) && isspace(*to)) { -+ to--; -+ len--; -+ } -+ -+ to = out->data; -+ -+ i = 0; -+ while (i < len) { -+ /* If MSB set just copy across */ -+ if (*from & 0x80) { -+ *to++ = *from++; -+ i++; -+ } -+ /* Collapse multiple spaces */ -+ else if (isspace(*from)) { -+ /* Copy one space across */ -+ *to++ = ' '; -+ /* -+ * Ignore subsequent spaces. Note: don't need to check len here -+ * because we know the last character is a non-space so we can't -+ * overflow. -+ */ -+ do { -+ from++; -+ i++; -+ } -+ while (!(*from & 0x80) && isspace(*from)); -+ } else { -+ *to++ = tolower(*from); -+ from++; -+ i++; -+ } -+ } -+ -+ out->length = to - out->data; -+ -+ return 1; -+ -+} -+ -+static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) * _intname, -+ unsigned char **in) -+{ -+ int i, len, ltmp; -+ ASN1_VALUE *v; -+ STACK_OF(ASN1_VALUE) *intname = (STACK_OF(ASN1_VALUE) *)_intname; -+ -+ len = 0; -+ for (i = 0; i < sk_ASN1_VALUE_num(intname); i++) { -+ v = sk_ASN1_VALUE_value(intname, i); -+ ltmp = ASN1_item_ex_i2d(&v, in, -+ ASN1_ITEM_rptr(X509_NAME_ENTRIES), -1, -1); -+ if (ltmp < 0) -+ return ltmp; -+ len += ltmp; -+ } -+ return len; -+} -+ -+int X509_NAME_set(X509_NAME **xn, X509_NAME *name) -+{ -+ X509_NAME *in; -+ -+ if (!xn || !name) -+ return (0); -+ -+ if (*xn != name) { -+ in = X509_NAME_dup(name); -+ if (in != NULL) { -+ X509_NAME_free(*xn); -+ *xn = in; -+ } -+ } -+ return (*xn != NULL); -+} -+ -+IMPLEMENT_STACK_OF(X509_NAME_ENTRY) -+ -+IMPLEMENT_ASN1_SET_OF(X509_NAME_ENTRY) -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_nx509.c b/Cryptlib/OpenSSL/crypto/asn1/x_nx509.c -new file mode 100644 -index 0000000..5aa0ed5 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/asn1/x_nx509.c -@@ -0,0 +1,72 @@ -+/* x_nx509.c */ -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2005. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+#include -+#include -+#include -+#include -+ -+/* Old netscape certificate wrapper format */ -+ -+ASN1_SEQUENCE(NETSCAPE_X509) = { -+ ASN1_SIMPLE(NETSCAPE_X509, header, ASN1_OCTET_STRING), -+ ASN1_OPT(NETSCAPE_X509, cert, X509) -+} ASN1_SEQUENCE_END(NETSCAPE_X509) -+ -+IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_X509) -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/x_pkey.c -index 593049f..2da23e4 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/x_pkey.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/x_pkey.c -@@ -1,47 +1,153 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/asn1/x_pkey.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include -+#include - #include - --X509_PKEY *X509_PKEY_new(void) -+/* need to implement */ -+int i2d_X509_PKEY(X509_PKEY *a, unsigned char **pp) - { -- X509_PKEY *ret = NULL; -+ return (0); -+} - -- ret = OPENSSL_zalloc(sizeof(*ret)); -- if (ret == NULL) -- goto err; -+X509_PKEY *d2i_X509_PKEY(X509_PKEY **a, const unsigned char **pp, long length) -+{ -+ int i; -+ M_ASN1_D2I_vars(a, X509_PKEY *, X509_PKEY_new); - -- ret->enc_algor = X509_ALGOR_new(); -- ret->enc_pkey = ASN1_OCTET_STRING_new(); -- if (ret->enc_algor == NULL || ret->enc_pkey == NULL) -+ M_ASN1_D2I_Init(); -+ M_ASN1_D2I_start_sequence(); -+ M_ASN1_D2I_get_x(X509_ALGOR, ret->enc_algor, d2i_X509_ALGOR); -+ M_ASN1_D2I_get_x(ASN1_OCTET_STRING, ret->enc_pkey, d2i_ASN1_OCTET_STRING); -+ -+ ret->cipher.cipher = -+ EVP_get_cipherbyname(OBJ_nid2ln -+ (OBJ_obj2nid(ret->enc_algor->algorithm))); -+ if (ret->cipher.cipher == NULL) { -+ c.error = ASN1_R_UNSUPPORTED_CIPHER; -+ c.line = __LINE__; - goto err; -+ } -+ if (ret->enc_algor->parameter->type == V_ASN1_OCTET_STRING) { -+ i = ret->enc_algor->parameter->value.octet_string->length; -+ if (i > EVP_MAX_IV_LENGTH) { -+ c.error = ASN1_R_IV_TOO_LARGE; -+ c.line = __LINE__; -+ goto err; -+ } -+ memcpy(ret->cipher.iv, -+ ret->enc_algor->parameter->value.octet_string->data, i); -+ } else -+ memset(ret->cipher.iv, 0, EVP_MAX_IV_LENGTH); -+ M_ASN1_D2I_Finish(a, X509_PKEY_free, ASN1_F_D2I_X509_PKEY); -+} - -- return ret; --err: -- X509_PKEY_free(ret); -- ASN1err(ASN1_F_X509_PKEY_NEW, ERR_R_MALLOC_FAILURE); -- return NULL; -+X509_PKEY *X509_PKEY_new(void) -+{ -+ X509_PKEY *ret = NULL; -+ ASN1_CTX c; -+ -+ M_ASN1_New_Malloc(ret, X509_PKEY); -+ ret->version = 0; -+ M_ASN1_New(ret->enc_algor, X509_ALGOR_new); -+ M_ASN1_New(ret->enc_pkey, M_ASN1_OCTET_STRING_new); -+ ret->dec_pkey = NULL; -+ ret->key_length = 0; -+ ret->key_data = NULL; -+ ret->key_free = 0; -+ ret->cipher.cipher = NULL; -+ memset(ret->cipher.iv, 0, EVP_MAX_IV_LENGTH); -+ ret->references = 1; -+ return (ret); -+ M_ASN1_New_Error(ASN1_F_X509_PKEY_NEW); - } - - void X509_PKEY_free(X509_PKEY *x) - { -+ int i; -+ - if (x == NULL) - return; - -- X509_ALGOR_free(x->enc_algor); -- ASN1_OCTET_STRING_free(x->enc_pkey); -- EVP_PKEY_free(x->dec_pkey); -- if (x->key_free) -+ i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_X509_PKEY); -+#ifdef REF_PRINT -+ REF_PRINT("X509_PKEY", x); -+#endif -+ if (i > 0) -+ return; -+#ifdef REF_CHECK -+ if (i < 0) { -+ fprintf(stderr, "X509_PKEY_free, bad reference count\n"); -+ abort(); -+ } -+#endif -+ -+ if (x->enc_algor != NULL) -+ X509_ALGOR_free(x->enc_algor); -+ if (x->enc_pkey != NULL) -+ M_ASN1_OCTET_STRING_free(x->enc_pkey); -+ if (x->dec_pkey != NULL) -+ EVP_PKEY_free(x->dec_pkey); -+ if ((x->key_data != NULL) && (x->key_free)) - OPENSSL_free(x->key_data); - OPENSSL_free(x); - } -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c b/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c -new file mode 100644 -index 0000000..6c57a79 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c -@@ -0,0 +1,374 @@ -+/* crypto/asn1/x_pubkey.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#include -+#include "cryptlib.h" -+#include -+#include -+#include "asn1_locl.h" -+#ifndef OPENSSL_NO_RSA -+# include -+#endif -+#ifndef OPENSSL_NO_DSA -+# include -+#endif -+ -+/* Minor tweak to operation: free up EVP_PKEY */ -+static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, -+ void *exarg) -+{ -+ if (operation == ASN1_OP_FREE_POST) { -+ X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval; -+ EVP_PKEY_free(pubkey->pkey); -+ } -+ return 1; -+} -+ -+ASN1_SEQUENCE_cb(X509_PUBKEY, pubkey_cb) = { -+ ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR), -+ ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING) -+} ASN1_SEQUENCE_END_cb(X509_PUBKEY, X509_PUBKEY) -+ -+IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY) -+ -+int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) -+{ -+ X509_PUBKEY *pk = NULL; -+ -+ if (x == NULL) -+ return (0); -+ -+ if ((pk = X509_PUBKEY_new()) == NULL) -+ goto error; -+ -+ if (pkey->ameth) { -+ if (pkey->ameth->pub_encode) { -+ if (!pkey->ameth->pub_encode(pk, pkey)) { -+ X509err(X509_F_X509_PUBKEY_SET, -+ X509_R_PUBLIC_KEY_ENCODE_ERROR); -+ goto error; -+ } -+ } else { -+ X509err(X509_F_X509_PUBKEY_SET, X509_R_METHOD_NOT_SUPPORTED); -+ goto error; -+ } -+ } else { -+ X509err(X509_F_X509_PUBKEY_SET, X509_R_UNSUPPORTED_ALGORITHM); -+ goto error; -+ } -+ -+ if (*x != NULL) -+ X509_PUBKEY_free(*x); -+ -+ *x = pk; -+ -+ return 1; -+ error: -+ if (pk != NULL) -+ X509_PUBKEY_free(pk); -+ return 0; -+} -+ -+EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) -+{ -+ EVP_PKEY *ret = NULL; -+ -+ if (key == NULL) -+ goto error; -+ -+ if (key->pkey != NULL) { -+ CRYPTO_add(&key->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); -+ return key->pkey; -+ } -+ -+ if (key->public_key == NULL) -+ goto error; -+ -+ if ((ret = EVP_PKEY_new()) == NULL) { -+ X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE); -+ goto error; -+ } -+ -+ if (!EVP_PKEY_set_type(ret, OBJ_obj2nid(key->algor->algorithm))) { -+ X509err(X509_F_X509_PUBKEY_GET, X509_R_UNSUPPORTED_ALGORITHM); -+ goto error; -+ } -+ -+ if (ret->ameth->pub_decode) { -+ if (!ret->ameth->pub_decode(ret, key)) { -+ X509err(X509_F_X509_PUBKEY_GET, X509_R_PUBLIC_KEY_DECODE_ERROR); -+ goto error; -+ } -+ } else { -+ X509err(X509_F_X509_PUBKEY_GET, X509_R_METHOD_NOT_SUPPORTED); -+ goto error; -+ } -+ -+ /* Check to see if another thread set key->pkey first */ -+ CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY); -+ if (key->pkey) { -+ CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); -+ EVP_PKEY_free(ret); -+ ret = key->pkey; -+ } else { -+ key->pkey = ret; -+ CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); -+ } -+ CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY); -+ -+ return ret; -+ -+ error: -+ if (ret != NULL) -+ EVP_PKEY_free(ret); -+ return (NULL); -+} -+ -+/* -+ * Now two pseudo ASN1 routines that take an EVP_PKEY structure and encode or -+ * decode as X509_PUBKEY -+ */ -+ -+EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length) -+{ -+ X509_PUBKEY *xpk; -+ EVP_PKEY *pktmp; -+ const unsigned char *q; -+ q = *pp; -+ xpk = d2i_X509_PUBKEY(NULL, &q, length); -+ if (!xpk) -+ return NULL; -+ pktmp = X509_PUBKEY_get(xpk); -+ X509_PUBKEY_free(xpk); -+ if (!pktmp) -+ return NULL; -+ *pp = q; -+ if (a) { -+ EVP_PKEY_free(*a); -+ *a = pktmp; -+ } -+ return pktmp; -+} -+ -+int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp) -+{ -+ X509_PUBKEY *xpk = NULL; -+ int ret; -+ if (!a) -+ return 0; -+ if (!X509_PUBKEY_set(&xpk, a)) -+ return 0; -+ ret = i2d_X509_PUBKEY(xpk, pp); -+ X509_PUBKEY_free(xpk); -+ return ret; -+} -+ -+/* -+ * The following are equivalents but which return RSA and DSA keys -+ */ -+#ifndef OPENSSL_NO_RSA -+RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length) -+{ -+ EVP_PKEY *pkey; -+ RSA *key; -+ const unsigned char *q; -+ q = *pp; -+ pkey = d2i_PUBKEY(NULL, &q, length); -+ if (!pkey) -+ return NULL; -+ key = EVP_PKEY_get1_RSA(pkey); -+ EVP_PKEY_free(pkey); -+ if (!key) -+ return NULL; -+ *pp = q; -+ if (a) { -+ RSA_free(*a); -+ *a = key; -+ } -+ return key; -+} -+ -+int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp) -+{ -+ EVP_PKEY *pktmp; -+ int ret; -+ if (!a) -+ return 0; -+ pktmp = EVP_PKEY_new(); -+ if (!pktmp) { -+ ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ EVP_PKEY_set1_RSA(pktmp, a); -+ ret = i2d_PUBKEY(pktmp, pp); -+ EVP_PKEY_free(pktmp); -+ return ret; -+} -+#endif -+ -+#ifndef OPENSSL_NO_DSA -+DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length) -+{ -+ EVP_PKEY *pkey; -+ DSA *key; -+ const unsigned char *q; -+ q = *pp; -+ pkey = d2i_PUBKEY(NULL, &q, length); -+ if (!pkey) -+ return NULL; -+ key = EVP_PKEY_get1_DSA(pkey); -+ EVP_PKEY_free(pkey); -+ if (!key) -+ return NULL; -+ *pp = q; -+ if (a) { -+ DSA_free(*a); -+ *a = key; -+ } -+ return key; -+} -+ -+int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp) -+{ -+ EVP_PKEY *pktmp; -+ int ret; -+ if (!a) -+ return 0; -+ pktmp = EVP_PKEY_new(); -+ if (!pktmp) { -+ ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ EVP_PKEY_set1_DSA(pktmp, a); -+ ret = i2d_PUBKEY(pktmp, pp); -+ EVP_PKEY_free(pktmp); -+ return ret; -+} -+#endif -+ -+#ifndef OPENSSL_NO_EC -+EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length) -+{ -+ EVP_PKEY *pkey; -+ EC_KEY *key; -+ const unsigned char *q; -+ q = *pp; -+ pkey = d2i_PUBKEY(NULL, &q, length); -+ if (!pkey) -+ return (NULL); -+ key = EVP_PKEY_get1_EC_KEY(pkey); -+ EVP_PKEY_free(pkey); -+ if (!key) -+ return (NULL); -+ *pp = q; -+ if (a) { -+ EC_KEY_free(*a); -+ *a = key; -+ } -+ return (key); -+} -+ -+int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp) -+{ -+ EVP_PKEY *pktmp; -+ int ret; -+ if (!a) -+ return (0); -+ if ((pktmp = EVP_PKEY_new()) == NULL) { -+ ASN1err(ASN1_F_I2D_EC_PUBKEY, ERR_R_MALLOC_FAILURE); -+ return (0); -+ } -+ EVP_PKEY_set1_EC_KEY(pktmp, a); -+ ret = i2d_PUBKEY(pktmp, pp); -+ EVP_PKEY_free(pktmp); -+ return (ret); -+} -+#endif -+ -+int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, -+ int ptype, void *pval, -+ unsigned char *penc, int penclen) -+{ -+ if (!X509_ALGOR_set0(pub->algor, aobj, ptype, pval)) -+ return 0; -+ if (penc) { -+ if (pub->public_key->data) -+ OPENSSL_free(pub->public_key->data); -+ pub->public_key->data = penc; -+ pub->public_key->length = penclen; -+ /* Set number of unused bits to zero */ -+ pub->public_key->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); -+ pub->public_key->flags |= ASN1_STRING_FLAG_BITS_LEFT; -+ } -+ return 1; -+} -+ -+int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, -+ const unsigned char **pk, int *ppklen, -+ X509_ALGOR **pa, X509_PUBKEY *pub) -+{ -+ if (ppkalg) -+ *ppkalg = pub->algor->algorithm; -+ if (pk) { -+ *pk = pub->public_key->data; -+ *ppklen = pub->public_key->length; -+ } -+ if (pa) -+ *pa = pub->algor; -+ return 1; -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_req.c b/Cryptlib/OpenSSL/crypto/asn1/x_req.c -new file mode 100644 -index 0000000..ae293aa ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/asn1/x_req.c -@@ -0,0 +1,116 @@ -+/* crypto/asn1/x_req.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#include -+#include "cryptlib.h" -+#include -+#include -+ -+/*- -+ * X509_REQ_INFO is handled in an unusual way to get round -+ * invalid encodings. Some broken certificate requests don't -+ * encode the attributes field if it is empty. This is in -+ * violation of PKCS#10 but we need to tolerate it. We do -+ * this by making the attributes field OPTIONAL then using -+ * the callback to initialise it to an empty STACK. -+ * -+ * This means that the field will be correctly encoded unless -+ * we NULL out the field. -+ * -+ * As a result we no longer need the req_kludge field because -+ * the information is now contained in the attributes field: -+ * 1. If it is NULL then it's the invalid omission. -+ * 2. If it is empty it is the correct encoding. -+ * 3. If it is not empty then some attributes are present. -+ * -+ */ -+ -+static int rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, -+ void *exarg) -+{ -+ X509_REQ_INFO *rinf = (X509_REQ_INFO *)*pval; -+ -+ if (operation == ASN1_OP_NEW_POST) { -+ rinf->attributes = sk_X509_ATTRIBUTE_new_null(); -+ if (!rinf->attributes) -+ return 0; -+ } -+ return 1; -+} -+ -+ASN1_SEQUENCE_enc(X509_REQ_INFO, enc, rinf_cb) = { -+ ASN1_SIMPLE(X509_REQ_INFO, version, ASN1_INTEGER), -+ ASN1_SIMPLE(X509_REQ_INFO, subject, X509_NAME), -+ ASN1_SIMPLE(X509_REQ_INFO, pubkey, X509_PUBKEY), -+ /* This isn't really OPTIONAL but it gets round invalid -+ * encodings -+ */ -+ ASN1_IMP_SET_OF_OPT(X509_REQ_INFO, attributes, X509_ATTRIBUTE, 0) -+} ASN1_SEQUENCE_END_enc(X509_REQ_INFO, X509_REQ_INFO) -+ -+IMPLEMENT_ASN1_FUNCTIONS(X509_REQ_INFO) -+ -+ASN1_SEQUENCE_ref(X509_REQ, 0, CRYPTO_LOCK_X509_REQ) = { -+ ASN1_SIMPLE(X509_REQ, req_info, X509_REQ_INFO), -+ ASN1_SIMPLE(X509_REQ, sig_alg, X509_ALGOR), -+ ASN1_SIMPLE(X509_REQ, signature, ASN1_BIT_STRING) -+} ASN1_SEQUENCE_END_ref(X509_REQ, X509_REQ) -+ -+IMPLEMENT_ASN1_FUNCTIONS(X509_REQ) -+ -+IMPLEMENT_ASN1_DUP_FUNCTION(X509_REQ) -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_sig.c b/Cryptlib/OpenSSL/crypto/asn1/x_sig.c -index e465cf2..dd33720 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/x_sig.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/x_sig.c -@@ -1,17 +1,65 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/asn1/x_sig.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include --#include "internal/x509_int.h" - - ASN1_SEQUENCE(X509_SIG) = { - ASN1_SIMPLE(X509_SIG, algor, X509_ALGOR), -@@ -19,21 +67,3 @@ ASN1_SEQUENCE(X509_SIG) = { - } ASN1_SEQUENCE_END(X509_SIG) - - IMPLEMENT_ASN1_FUNCTIONS(X509_SIG) -- --void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg, -- const ASN1_OCTET_STRING **pdigest) --{ -- if (palg) -- *palg = sig->algor; -- if (pdigest) -- *pdigest = sig->digest; --} -- --void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg, -- ASN1_OCTET_STRING **pdigest) --{ -- if (palg) -- *palg = sig->algor; -- if (pdigest) -- *pdigest = sig->digest; --} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_spki.c b/Cryptlib/OpenSSL/crypto/asn1/x_spki.c -index c45400b..1df6b87 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/x_spki.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/x_spki.c -@@ -1,10 +1,59 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/asn1/x_spki.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - /* -@@ -13,7 +62,7 @@ - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - -@@ -26,7 +75,7 @@ IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKAC) - - ASN1_SEQUENCE(NETSCAPE_SPKI) = { - ASN1_SIMPLE(NETSCAPE_SPKI, spkac, NETSCAPE_SPKAC), -- ASN1_EMBED(NETSCAPE_SPKI, sig_algor, X509_ALGOR), -+ ASN1_SIMPLE(NETSCAPE_SPKI, sig_algor, X509_ALGOR), - ASN1_SIMPLE(NETSCAPE_SPKI, signature, ASN1_BIT_STRING) - } ASN1_SEQUENCE_END(NETSCAPE_SPKI) - -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_val.c b/Cryptlib/OpenSSL/crypto/asn1/x_val.c -index d1f1d3b..ee75a1e 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/x_val.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/x_val.c -@@ -1,14 +1,63 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/asn1/x_val.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_x509.c b/Cryptlib/OpenSSL/crypto/asn1/x_x509.c -new file mode 100644 -index 0000000..aada4a8 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/asn1/x_x509.c -@@ -0,0 +1,289 @@ -+/* crypto/asn1/x_x509.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#include -+#include "cryptlib.h" -+#include -+#include -+#include -+#include -+ -+ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = { -+ ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0), -+ ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER), -+ ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR), -+ ASN1_SIMPLE(X509_CINF, issuer, X509_NAME), -+ ASN1_SIMPLE(X509_CINF, validity, X509_VAL), -+ ASN1_SIMPLE(X509_CINF, subject, X509_NAME), -+ ASN1_SIMPLE(X509_CINF, key, X509_PUBKEY), -+ ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1), -+ ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2), -+ ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3) -+} ASN1_SEQUENCE_END_enc(X509_CINF, X509_CINF) -+ -+IMPLEMENT_ASN1_FUNCTIONS(X509_CINF) -+/* X509 top level structure needs a bit of customisation */ -+ -+extern void policy_cache_free(X509_POLICY_CACHE *cache); -+ -+static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, -+ void *exarg) -+{ -+ X509 *ret = (X509 *)*pval; -+ -+ switch (operation) { -+ -+ case ASN1_OP_NEW_POST: -+ ret->valid = 0; -+ ret->name = NULL; -+ ret->ex_flags = 0; -+ ret->ex_pathlen = -1; -+ ret->skid = NULL; -+ ret->akid = NULL; -+#ifndef OPENSSL_NO_RFC3779 -+ ret->rfc3779_addr = NULL; -+ ret->rfc3779_asid = NULL; -+#endif -+ ret->aux = NULL; -+ ret->crldp = NULL; -+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data); -+ break; -+ -+ case ASN1_OP_D2I_POST: -+ if (ret->name != NULL) -+ OPENSSL_free(ret->name); -+ ret->name = X509_NAME_oneline(ret->cert_info->subject, NULL, 0); -+ break; -+ -+ case ASN1_OP_FREE_POST: -+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data); -+ X509_CERT_AUX_free(ret->aux); -+ ASN1_OCTET_STRING_free(ret->skid); -+ AUTHORITY_KEYID_free(ret->akid); -+ CRL_DIST_POINTS_free(ret->crldp); -+ policy_cache_free(ret->policy_cache); -+ GENERAL_NAMES_free(ret->altname); -+ NAME_CONSTRAINTS_free(ret->nc); -+#ifndef OPENSSL_NO_RFC3779 -+ sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free); -+ ASIdentifiers_free(ret->rfc3779_asid); -+#endif -+ -+ if (ret->name != NULL) -+ OPENSSL_free(ret->name); -+ break; -+ -+ } -+ -+ return 1; -+ -+} -+ -+ASN1_SEQUENCE_ref(X509, x509_cb, CRYPTO_LOCK_X509) = { -+ ASN1_SIMPLE(X509, cert_info, X509_CINF), -+ ASN1_SIMPLE(X509, sig_alg, X509_ALGOR), -+ ASN1_SIMPLE(X509, signature, ASN1_BIT_STRING) -+} ASN1_SEQUENCE_END_ref(X509, X509) -+ -+IMPLEMENT_ASN1_FUNCTIONS(X509) -+ -+IMPLEMENT_ASN1_DUP_FUNCTION(X509) -+ -+int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, -+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) -+{ -+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, argl, argp, -+ new_func, dup_func, free_func); -+} -+ -+int X509_set_ex_data(X509 *r, int idx, void *arg) -+{ -+ return (CRYPTO_set_ex_data(&r->ex_data, idx, arg)); -+} -+ -+void *X509_get_ex_data(X509 *r, int idx) -+{ -+ return (CRYPTO_get_ex_data(&r->ex_data, idx)); -+} -+ -+/* -+ * X509_AUX ASN1 routines. X509_AUX is the name given to a certificate with -+ * extra info tagged on the end. Since these functions set how a certificate -+ * is trusted they should only be used when the certificate comes from a -+ * reliable source such as local storage. -+ */ -+ -+X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length) -+{ -+ const unsigned char *q; -+ X509 *ret; -+ int freeret = 0; -+ -+ /* Save start position */ -+ q = *pp; -+ -+ if (!a || *a == NULL) { -+ freeret = 1; -+ } -+ ret = d2i_X509(a, &q, length); -+ /* If certificate unreadable then forget it */ -+ if (!ret) -+ return NULL; -+ /* update length */ -+ length -= q - *pp; -+ if (length > 0 && !d2i_X509_CERT_AUX(&ret->aux, &q, length)) -+ goto err; -+ *pp = q; -+ return ret; -+ err: -+ if (freeret) { -+ X509_free(ret); -+ if (a) -+ *a = NULL; -+ } -+ return NULL; -+} -+ -+/* -+ * Serialize trusted certificate to *pp or just return the required buffer -+ * length if pp == NULL. We ultimately want to avoid modifying *pp in the -+ * error path, but that depends on similar hygiene in lower-level functions. -+ * Here we avoid compounding the problem. -+ */ -+static int i2d_x509_aux_internal(X509 *a, unsigned char **pp) -+{ -+ int length, tmplen; -+ unsigned char *start = pp != NULL ? *pp : NULL; -+ -+ OPENSSL_assert(pp == NULL || *pp != NULL); -+ -+ /* -+ * This might perturb *pp on error, but fixing that belongs in i2d_X509() -+ * not here. It should be that if a == NULL length is zero, but we check -+ * both just in case. -+ */ -+ length = i2d_X509(a, pp); -+ if (length <= 0 || a == NULL) -+ return length; -+ -+ tmplen = i2d_X509_CERT_AUX(a->aux, pp); -+ if (tmplen < 0) { -+ if (start != NULL) -+ *pp = start; -+ return tmplen; -+ } -+ length += tmplen; -+ -+ return length; -+} -+ -+/* -+ * Serialize trusted certificate to *pp, or just return the required buffer -+ * length if pp == NULL. -+ * -+ * When pp is not NULL, but *pp == NULL, we allocate the buffer, but since -+ * we're writing two ASN.1 objects back to back, we can't have i2d_X509() do -+ * the allocation, nor can we allow i2d_X509_CERT_AUX() to increment the -+ * allocated buffer. -+ */ -+int i2d_X509_AUX(X509 *a, unsigned char **pp) -+{ -+ int length; -+ unsigned char *tmp; -+ -+ /* Buffer provided by caller */ -+ if (pp == NULL || *pp != NULL) -+ return i2d_x509_aux_internal(a, pp); -+ -+ /* Obtain the combined length */ -+ if ((length = i2d_x509_aux_internal(a, NULL)) <= 0) -+ return length; -+ -+ /* Allocate requisite combined storage */ -+ *pp = tmp = OPENSSL_malloc(length); -+ if (tmp == NULL) -+ return -1; /* Push error onto error stack? */ -+ -+ /* Encode, but keep *pp at the originally malloced pointer */ -+ length = i2d_x509_aux_internal(a, &tmp); -+ if (length <= 0) { -+ OPENSSL_free(*pp); -+ *pp = NULL; -+ } -+ return length; -+} -+ -+int i2d_re_X509_tbs(X509 *x, unsigned char **pp) -+{ -+ x->cert_info->enc.modified = 1; -+ return i2d_X509_CINF(x->cert_info, pp); -+} -+ -+void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, -+ const X509 *x) -+{ -+ if (psig) -+ *psig = x->signature; -+ if (palg) -+ *palg = x->sig_alg; -+} -+ -+int X509_get_signature_nid(const X509 *x) -+{ -+ return OBJ_obj2nid(x->sig_alg->algorithm); -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_x509a.c b/Cryptlib/OpenSSL/crypto/asn1/x_x509a.c -new file mode 100644 -index 0000000..ad93592 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/asn1/x_x509a.c -@@ -0,0 +1,196 @@ -+/* a_x509a.c */ -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+#include -+#include "cryptlib.h" -+#include -+#include -+#include -+ -+/* -+ * X509_CERT_AUX routines. These are used to encode additional user -+ * modifiable data about a certificate. This data is appended to the X509 -+ * encoding when the *_X509_AUX routines are used. This means that the -+ * "traditional" X509 routines will simply ignore the extra data. -+ */ -+ -+static X509_CERT_AUX *aux_get(X509 *x); -+ -+ASN1_SEQUENCE(X509_CERT_AUX) = { -+ ASN1_SEQUENCE_OF_OPT(X509_CERT_AUX, trust, ASN1_OBJECT), -+ ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, reject, ASN1_OBJECT, 0), -+ ASN1_OPT(X509_CERT_AUX, alias, ASN1_UTF8STRING), -+ ASN1_OPT(X509_CERT_AUX, keyid, ASN1_OCTET_STRING), -+ ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, other, X509_ALGOR, 1) -+} ASN1_SEQUENCE_END(X509_CERT_AUX) -+ -+IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_AUX) -+ -+static X509_CERT_AUX *aux_get(X509 *x) -+{ -+ if (!x) -+ return NULL; -+ if (!x->aux && !(x->aux = X509_CERT_AUX_new())) -+ return NULL; -+ return x->aux; -+} -+ -+int X509_alias_set1(X509 *x, unsigned char *name, int len) -+{ -+ X509_CERT_AUX *aux; -+ if (!name) { -+ if (!x || !x->aux || !x->aux->alias) -+ return 1; -+ ASN1_UTF8STRING_free(x->aux->alias); -+ x->aux->alias = NULL; -+ return 1; -+ } -+ if (!(aux = aux_get(x))) -+ return 0; -+ if (!aux->alias && !(aux->alias = ASN1_UTF8STRING_new())) -+ return 0; -+ return ASN1_STRING_set(aux->alias, name, len); -+} -+ -+int X509_keyid_set1(X509 *x, unsigned char *id, int len) -+{ -+ X509_CERT_AUX *aux; -+ if (!id) { -+ if (!x || !x->aux || !x->aux->keyid) -+ return 1; -+ ASN1_OCTET_STRING_free(x->aux->keyid); -+ x->aux->keyid = NULL; -+ return 1; -+ } -+ if (!(aux = aux_get(x))) -+ return 0; -+ if (!aux->keyid && !(aux->keyid = ASN1_OCTET_STRING_new())) -+ return 0; -+ return ASN1_STRING_set(aux->keyid, id, len); -+} -+ -+unsigned char *X509_alias_get0(X509 *x, int *len) -+{ -+ if (!x->aux || !x->aux->alias) -+ return NULL; -+ if (len) -+ *len = x->aux->alias->length; -+ return x->aux->alias->data; -+} -+ -+unsigned char *X509_keyid_get0(X509 *x, int *len) -+{ -+ if (!x->aux || !x->aux->keyid) -+ return NULL; -+ if (len) -+ *len = x->aux->keyid->length; -+ return x->aux->keyid->data; -+} -+ -+int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj) -+{ -+ X509_CERT_AUX *aux; -+ ASN1_OBJECT *objtmp; -+ if (!(objtmp = OBJ_dup(obj))) -+ return 0; -+ if (!(aux = aux_get(x))) -+ return 0; -+ if (!aux->trust && !(aux->trust = sk_ASN1_OBJECT_new_null())) -+ return 0; -+ return sk_ASN1_OBJECT_push(aux->trust, objtmp); -+} -+ -+int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj) -+{ -+ X509_CERT_AUX *aux; -+ ASN1_OBJECT *objtmp; -+ if (!(objtmp = OBJ_dup(obj))) -+ return 0; -+ if (!(aux = aux_get(x))) -+ goto err; -+ if (!aux->reject && !(aux->reject = sk_ASN1_OBJECT_new_null())) -+ goto err; -+ return sk_ASN1_OBJECT_push(aux->reject, objtmp); -+ err: -+ ASN1_OBJECT_free(objtmp); -+ return 0; -+} -+ -+void X509_trust_clear(X509 *x) -+{ -+ if (x->aux && x->aux->trust) { -+ sk_ASN1_OBJECT_pop_free(x->aux->trust, ASN1_OBJECT_free); -+ x->aux->trust = NULL; -+ } -+} -+ -+void X509_reject_clear(X509 *x) -+{ -+ if (x->aux && x->aux->reject) { -+ sk_ASN1_OBJECT_pop_free(x->aux->reject, ASN1_OBJECT_free); -+ x->aux->reject = NULL; -+ } -+} -+ -+ASN1_SEQUENCE(X509_CERT_PAIR) = { -+ ASN1_EXP_OPT(X509_CERT_PAIR, forward, X509, 0), -+ ASN1_EXP_OPT(X509_CERT_PAIR, reverse, X509, 1) -+} ASN1_SEQUENCE_END(X509_CERT_PAIR) -+ -+IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_PAIR) -diff --git a/Cryptlib/OpenSSL/crypto/async/arch/async_null.c b/Cryptlib/OpenSSL/crypto/async/arch/async_null.c -deleted file mode 100644 -index 3eaf170..0000000 ---- a/Cryptlib/OpenSSL/crypto/async/arch/async_null.c -+++ /dev/null -@@ -1,23 +0,0 @@ --/* -- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --/* This must be the first #include file */ --#include "../async_locl.h" -- --#ifdef ASYNC_NULL --int ASYNC_is_capable(void) --{ -- return 0; --} -- --void async_local_cleanup(void) --{ --} --#endif -- -diff --git a/Cryptlib/OpenSSL/crypto/async/arch/async_null.h b/Cryptlib/OpenSSL/crypto/async/arch/async_null.h -deleted file mode 100644 -index aef40b5..0000000 ---- a/Cryptlib/OpenSSL/crypto/async/arch/async_null.h -+++ /dev/null -@@ -1,30 +0,0 @@ --/* -- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include -- --/* -- * If we haven't managed to detect any other async architecture then we default -- * to NULL. -- */ --#ifndef ASYNC_ARCH --# define ASYNC_NULL --# define ASYNC_ARCH -- --typedef struct async_fibre_st { -- int dummy; --} async_fibre; -- -- --# define async_fibre_swapcontext(o,n,r) 0 --# define async_fibre_makecontext(c) 0 --# define async_fibre_free(f) --# define async_fibre_init_dispatcher(f) -- --#endif -diff --git a/Cryptlib/OpenSSL/crypto/async/arch/async_posix.c b/Cryptlib/OpenSSL/crypto/async/arch/async_posix.c -deleted file mode 100644 -index 02c342d..0000000 ---- a/Cryptlib/OpenSSL/crypto/async/arch/async_posix.c -+++ /dev/null -@@ -1,58 +0,0 @@ --/* -- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --/* This must be the first #include file */ --#include "../async_locl.h" -- --#ifdef ASYNC_POSIX -- --# include --# include -- --#define STACKSIZE 32768 -- --int ASYNC_is_capable(void) --{ -- ucontext_t ctx; -- -- /* -- * Some platforms provide getcontext() but it does not work (notably -- * MacOSX PPC64). Check for a working getcontext(); -- */ -- return getcontext(&ctx) == 0; --} -- --void async_local_cleanup(void) --{ --} -- --int async_fibre_makecontext(async_fibre *fibre) --{ -- fibre->env_init = 0; -- if (getcontext(&fibre->fibre) == 0) { -- fibre->fibre.uc_stack.ss_sp = OPENSSL_malloc(STACKSIZE); -- if (fibre->fibre.uc_stack.ss_sp != NULL) { -- fibre->fibre.uc_stack.ss_size = STACKSIZE; -- fibre->fibre.uc_link = NULL; -- makecontext(&fibre->fibre, async_start_func, 0); -- return 1; -- } -- } else { -- fibre->fibre.uc_stack.ss_sp = NULL; -- } -- return 0; --} -- --void async_fibre_free(async_fibre *fibre) --{ -- OPENSSL_free(fibre->fibre.uc_stack.ss_sp); -- fibre->fibre.uc_stack.ss_sp = NULL; --} -- --#endif -diff --git a/Cryptlib/OpenSSL/crypto/async/arch/async_posix.h b/Cryptlib/OpenSSL/crypto/async/arch/async_posix.h -deleted file mode 100644 -index 3c61f7f..0000000 ---- a/Cryptlib/OpenSSL/crypto/async/arch/async_posix.h -+++ /dev/null -@@ -1,58 +0,0 @@ --/* -- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#ifndef OPENSSL_ASYNC_ARCH_ASYNC_POSIX_H --#define OPENSSL_ASYNC_ARCH_ASYNC_POSIX_H --#include -- --#if (defined(OPENSSL_SYS_UNIX) || defined(OPENSSL_SYS_CYGWIN)) \ -- && defined(OPENSSL_THREADS) && !defined(OPENSSL_NO_ASYNC) \ -- && !defined(__ANDROID__) && !defined(__OpenBSD__) -- --# include -- --# if _POSIX_VERSION >= 200112L -- --# include -- --# define ASYNC_POSIX --# define ASYNC_ARCH -- --# include --# include --# include "e_os.h" -- --typedef struct async_fibre_st { -- ucontext_t fibre; -- jmp_buf env; -- int env_init; --} async_fibre; -- --static ossl_inline int async_fibre_swapcontext(async_fibre *o, async_fibre *n, int r) --{ -- o->env_init = 1; -- -- if (!r || !_setjmp(o->env)) { -- if (n->env_init) -- _longjmp(n->env, 1); -- else -- setcontext(&n->fibre); -- } -- -- return 1; --} -- --# define async_fibre_init_dispatcher(d) -- --int async_fibre_makecontext(async_fibre *fibre); --void async_fibre_free(async_fibre *fibre); -- --# endif --#endif --#endif /* OPENSSL_ASYNC_ARCH_ASYNC_POSIX_H */ -diff --git a/Cryptlib/OpenSSL/crypto/async/arch/async_win.c b/Cryptlib/OpenSSL/crypto/async/arch/async_win.c -deleted file mode 100644 -index 077d56c..0000000 ---- a/Cryptlib/OpenSSL/crypto/async/arch/async_win.c -+++ /dev/null -@@ -1,55 +0,0 @@ --/* -- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --/* This must be the first #include file */ --#include "../async_locl.h" -- --#ifdef ASYNC_WIN -- --# include --# include "internal/cryptlib.h" -- --int ASYNC_is_capable(void) --{ -- return 1; --} -- --void async_local_cleanup(void) --{ -- async_ctx *ctx = async_get_ctx(); -- if (ctx != NULL) { -- async_fibre *fibre = &ctx->dispatcher; -- if (fibre != NULL && fibre->fibre != NULL && fibre->converted) { -- ConvertFiberToThread(); -- fibre->fibre = NULL; -- } -- } --} -- --int async_fibre_init_dispatcher(async_fibre *fibre) --{ -- fibre->fibre = ConvertThreadToFiber(NULL); -- if (fibre->fibre == NULL) { -- fibre->converted = 0; -- fibre->fibre = GetCurrentFiber(); -- if (fibre->fibre == NULL) -- return 0; -- } else { -- fibre->converted = 1; -- } -- -- return 1; --} -- --VOID CALLBACK async_start_func_win(PVOID unused) --{ -- async_start_func(); --} -- --#endif -diff --git a/Cryptlib/OpenSSL/crypto/async/arch/async_win.h b/Cryptlib/OpenSSL/crypto/async/arch/async_win.h -deleted file mode 100644 -index 61cfdd7..0000000 ---- a/Cryptlib/OpenSSL/crypto/async/arch/async_win.h -+++ /dev/null -@@ -1,36 +0,0 @@ --/* -- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --/* -- * This is the same detection used in cryptlib to set up the thread local -- * storage that we depend on, so just copy that -- */ --#if defined(_WIN32) && !defined(OPENSSL_NO_ASYNC) --#include --# define ASYNC_WIN --# define ASYNC_ARCH -- --# include --# include "internal/cryptlib.h" -- --typedef struct async_fibre_st { -- LPVOID fibre; -- int converted; --} async_fibre; -- --# define async_fibre_swapcontext(o,n,r) \ -- (SwitchToFiber((n)->fibre), 1) --# define async_fibre_makecontext(c) \ -- ((c)->fibre = CreateFiber(0, async_start_func_win, 0)) --# define async_fibre_free(f) (DeleteFiber((f)->fibre)) -- --int async_fibre_init_dispatcher(async_fibre *fibre); --VOID CALLBACK async_start_func_win(PVOID unused); -- --#endif -diff --git a/Cryptlib/OpenSSL/crypto/async/async.c b/Cryptlib/OpenSSL/crypto/async/async.c -deleted file mode 100644 -index 8c699af..0000000 ---- a/Cryptlib/OpenSSL/crypto/async/async.c -+++ /dev/null -@@ -1,433 +0,0 @@ --/* -- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --/* -- * Without this we start getting longjmp crashes because it thinks we're jumping -- * up the stack when in fact we are jumping to an entirely different stack. The -- * cost of this is not having certain buffer overrun/underrun checks etc for -- * this source file :-( -- */ --#undef _FORTIFY_SOURCE -- --/* This must be the first #include file */ --#include "async_locl.h" -- --#include --#include --#include -- --#define ASYNC_JOB_RUNNING 0 --#define ASYNC_JOB_PAUSING 1 --#define ASYNC_JOB_PAUSED 2 --#define ASYNC_JOB_STOPPING 3 -- --static CRYPTO_THREAD_LOCAL ctxkey; --static CRYPTO_THREAD_LOCAL poolkey; -- --static void async_free_pool_internal(async_pool *pool); -- --static async_ctx *async_ctx_new(void) --{ -- async_ctx *nctx = NULL; -- -- nctx = OPENSSL_malloc(sizeof (async_ctx)); -- if (nctx == NULL) { -- ASYNCerr(ASYNC_F_ASYNC_CTX_NEW, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- async_fibre_init_dispatcher(&nctx->dispatcher); -- nctx->currjob = NULL; -- nctx->blocked = 0; -- if (!CRYPTO_THREAD_set_local(&ctxkey, nctx)) -- goto err; -- -- return nctx; --err: -- OPENSSL_free(nctx); -- -- return NULL; --} -- --async_ctx *async_get_ctx(void) --{ -- if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL)) -- return NULL; -- -- return (async_ctx *)CRYPTO_THREAD_get_local(&ctxkey); --} -- --static int async_ctx_free(void) --{ -- async_ctx *ctx; -- -- ctx = async_get_ctx(); -- -- if (!CRYPTO_THREAD_set_local(&ctxkey, NULL)) -- return 0; -- -- OPENSSL_free(ctx); -- -- return 1; --} -- --static ASYNC_JOB *async_job_new(void) --{ -- ASYNC_JOB *job = NULL; -- -- job = OPENSSL_zalloc(sizeof (ASYNC_JOB)); -- if (job == NULL) { -- ASYNCerr(ASYNC_F_ASYNC_JOB_NEW, ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- -- job->status = ASYNC_JOB_RUNNING; -- -- return job; --} -- --static void async_job_free(ASYNC_JOB *job) --{ -- if (job != NULL) { -- OPENSSL_free(job->funcargs); -- async_fibre_free(&job->fibrectx); -- OPENSSL_free(job); -- } --} -- --static ASYNC_JOB *async_get_pool_job(void) { -- ASYNC_JOB *job; -- async_pool *pool; -- -- pool = (async_pool *)CRYPTO_THREAD_get_local(&poolkey); -- if (pool == NULL) { -- /* -- * Pool has not been initialised, so init with the defaults, i.e. -- * no max size and no pre-created jobs -- */ -- if (ASYNC_init_thread(0, 0) == 0) -- return NULL; -- pool = (async_pool *)CRYPTO_THREAD_get_local(&poolkey); -- } -- -- job = sk_ASYNC_JOB_pop(pool->jobs); -- if (job == NULL) { -- /* Pool is empty */ -- if ((pool->max_size != 0) && (pool->curr_size >= pool->max_size)) -- return NULL; -- -- job = async_job_new(); -- if (job != NULL) { -- if (! async_fibre_makecontext(&job->fibrectx)) { -- async_job_free(job); -- return NULL; -- } -- pool->curr_size++; -- } -- } -- return job; --} -- --static void async_release_job(ASYNC_JOB *job) { -- async_pool *pool; -- -- pool = (async_pool *)CRYPTO_THREAD_get_local(&poolkey); -- OPENSSL_free(job->funcargs); -- job->funcargs = NULL; -- sk_ASYNC_JOB_push(pool->jobs, job); --} -- --void async_start_func(void) --{ -- ASYNC_JOB *job; -- async_ctx *ctx = async_get_ctx(); -- -- while (1) { -- /* Run the job */ -- job = ctx->currjob; -- job->ret = job->func(job->funcargs); -- -- /* Stop the job */ -- job->status = ASYNC_JOB_STOPPING; -- if (!async_fibre_swapcontext(&job->fibrectx, -- &ctx->dispatcher, 1)) { -- /* -- * Should not happen. Getting here will close the thread...can't do -- * much about it -- */ -- ASYNCerr(ASYNC_F_ASYNC_START_FUNC, ASYNC_R_FAILED_TO_SWAP_CONTEXT); -- } -- } --} -- --int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *wctx, int *ret, -- int (*func)(void *), void *args, size_t size) --{ -- async_ctx *ctx = async_get_ctx(); -- if (ctx == NULL) -- ctx = async_ctx_new(); -- if (ctx == NULL) { -- return ASYNC_ERR; -- } -- -- if (*job) { -- ctx->currjob = *job; -- } -- -- for (;;) { -- if (ctx->currjob != NULL) { -- if (ctx->currjob->status == ASYNC_JOB_STOPPING) { -- *ret = ctx->currjob->ret; -- ctx->currjob->waitctx = NULL; -- async_release_job(ctx->currjob); -- ctx->currjob = NULL; -- *job = NULL; -- return ASYNC_FINISH; -- } -- -- if (ctx->currjob->status == ASYNC_JOB_PAUSING) { -- *job = ctx->currjob; -- ctx->currjob->status = ASYNC_JOB_PAUSED; -- ctx->currjob = NULL; -- return ASYNC_PAUSE; -- } -- -- if (ctx->currjob->status == ASYNC_JOB_PAUSED) { -- ctx->currjob = *job; -- /* Resume previous job */ -- if (!async_fibre_swapcontext(&ctx->dispatcher, -- &ctx->currjob->fibrectx, 1)) { -- ASYNCerr(ASYNC_F_ASYNC_START_JOB, -- ASYNC_R_FAILED_TO_SWAP_CONTEXT); -- goto err; -- } -- continue; -- } -- -- /* Should not happen */ -- ASYNCerr(ASYNC_F_ASYNC_START_JOB, ERR_R_INTERNAL_ERROR); -- async_release_job(ctx->currjob); -- ctx->currjob = NULL; -- *job = NULL; -- return ASYNC_ERR; -- } -- -- /* Start a new job */ -- if ((ctx->currjob = async_get_pool_job()) == NULL) { -- return ASYNC_NO_JOBS; -- } -- -- if (args != NULL) { -- ctx->currjob->funcargs = OPENSSL_malloc(size); -- if (ctx->currjob->funcargs == NULL) { -- ASYNCerr(ASYNC_F_ASYNC_START_JOB, ERR_R_MALLOC_FAILURE); -- async_release_job(ctx->currjob); -- ctx->currjob = NULL; -- return ASYNC_ERR; -- } -- memcpy(ctx->currjob->funcargs, args, size); -- } else { -- ctx->currjob->funcargs = NULL; -- } -- -- ctx->currjob->func = func; -- ctx->currjob->waitctx = wctx; -- if (!async_fibre_swapcontext(&ctx->dispatcher, -- &ctx->currjob->fibrectx, 1)) { -- ASYNCerr(ASYNC_F_ASYNC_START_JOB, ASYNC_R_FAILED_TO_SWAP_CONTEXT); -- goto err; -- } -- } -- --err: -- async_release_job(ctx->currjob); -- ctx->currjob = NULL; -- *job = NULL; -- return ASYNC_ERR; --} -- --int ASYNC_pause_job(void) --{ -- ASYNC_JOB *job; -- async_ctx *ctx = async_get_ctx(); -- -- if (ctx == NULL -- || ctx->currjob == NULL -- || ctx->blocked) { -- /* -- * Could be we've deliberately not been started within a job so this is -- * counted as success. -- */ -- return 1; -- } -- -- job = ctx->currjob; -- job->status = ASYNC_JOB_PAUSING; -- -- if (!async_fibre_swapcontext(&job->fibrectx, -- &ctx->dispatcher, 1)) { -- ASYNCerr(ASYNC_F_ASYNC_PAUSE_JOB, ASYNC_R_FAILED_TO_SWAP_CONTEXT); -- return 0; -- } -- /* Reset counts of added and deleted fds */ -- async_wait_ctx_reset_counts(job->waitctx); -- -- return 1; --} -- --static void async_empty_pool(async_pool *pool) --{ -- ASYNC_JOB *job; -- -- if (!pool || !pool->jobs) -- return; -- -- do { -- job = sk_ASYNC_JOB_pop(pool->jobs); -- async_job_free(job); -- } while (job); --} -- --int async_init(void) --{ -- if (!CRYPTO_THREAD_init_local(&ctxkey, NULL)) -- return 0; -- -- if (!CRYPTO_THREAD_init_local(&poolkey, NULL)) { -- CRYPTO_THREAD_cleanup_local(&ctxkey); -- return 0; -- } -- -- return 1; --} -- --void async_deinit(void) --{ -- CRYPTO_THREAD_cleanup_local(&ctxkey); -- CRYPTO_THREAD_cleanup_local(&poolkey); --} -- --int ASYNC_init_thread(size_t max_size, size_t init_size) --{ -- async_pool *pool; -- size_t curr_size = 0; -- -- if (init_size > max_size) { -- ASYNCerr(ASYNC_F_ASYNC_INIT_THREAD, ASYNC_R_INVALID_POOL_SIZE); -- return 0; -- } -- -- if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL)) { -- return 0; -- } -- if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_ASYNC)) { -- return 0; -- } -- -- pool = OPENSSL_zalloc(sizeof *pool); -- if (pool == NULL) { -- ASYNCerr(ASYNC_F_ASYNC_INIT_THREAD, ERR_R_MALLOC_FAILURE); -- return 0; -- } -- -- pool->jobs = sk_ASYNC_JOB_new_null(); -- if (pool->jobs == NULL) { -- ASYNCerr(ASYNC_F_ASYNC_INIT_THREAD, ERR_R_MALLOC_FAILURE); -- OPENSSL_free(pool); -- return 0; -- } -- -- pool->max_size = max_size; -- -- /* Pre-create jobs as required */ -- while (init_size--) { -- ASYNC_JOB *job; -- job = async_job_new(); -- if (job == NULL || !async_fibre_makecontext(&job->fibrectx)) { -- /* -- * Not actually fatal because we already created the pool, just -- * skip creation of any more jobs -- */ -- async_job_free(job); -- break; -- } -- job->funcargs = NULL; -- sk_ASYNC_JOB_push(pool->jobs, job); -- curr_size++; -- } -- pool->curr_size = curr_size; -- if (!CRYPTO_THREAD_set_local(&poolkey, pool)) { -- ASYNCerr(ASYNC_F_ASYNC_INIT_THREAD, ASYNC_R_FAILED_TO_SET_POOL); -- goto err; -- } -- -- return 1; --err: -- async_free_pool_internal(pool); -- return 0; --} -- --static void async_free_pool_internal(async_pool *pool) --{ -- if (pool == NULL) -- return; -- -- async_empty_pool(pool); -- sk_ASYNC_JOB_free(pool->jobs); -- OPENSSL_free(pool); -- CRYPTO_THREAD_set_local(&poolkey, NULL); -- async_local_cleanup(); -- async_ctx_free(); --} -- --void ASYNC_cleanup_thread(void) --{ -- async_free_pool_internal((async_pool *)CRYPTO_THREAD_get_local(&poolkey)); --} -- --ASYNC_JOB *ASYNC_get_current_job(void) --{ -- async_ctx *ctx; -- -- ctx = async_get_ctx(); -- if (ctx == NULL) -- return NULL; -- -- return ctx->currjob; --} -- --ASYNC_WAIT_CTX *ASYNC_get_wait_ctx(ASYNC_JOB *job) --{ -- return job->waitctx; --} -- --void ASYNC_block_pause(void) --{ -- async_ctx *ctx = async_get_ctx(); -- if (ctx == NULL || ctx->currjob == NULL) { -- /* -- * We're not in a job anyway so ignore this -- */ -- return; -- } -- ctx->blocked++; --} -- --void ASYNC_unblock_pause(void) --{ -- async_ctx *ctx = async_get_ctx(); -- if (ctx == NULL || ctx->currjob == NULL) { -- /* -- * We're not in a job anyway so ignore this -- */ -- return; -- } -- if (ctx->blocked > 0) -- ctx->blocked--; --} -diff --git a/Cryptlib/OpenSSL/crypto/async/async_err.c b/Cryptlib/OpenSSL/crypto/async/async_err.c -deleted file mode 100644 -index ae97e96..0000000 ---- a/Cryptlib/OpenSSL/crypto/async/async_err.c -+++ /dev/null -@@ -1,51 +0,0 @@ --/* -- * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include --#include --#include -- --/* BEGIN ERROR CODES */ --#ifndef OPENSSL_NO_ERR -- --# define ERR_FUNC(func) ERR_PACK(ERR_LIB_ASYNC,func,0) --# define ERR_REASON(reason) ERR_PACK(ERR_LIB_ASYNC,0,reason) -- --static ERR_STRING_DATA ASYNC_str_functs[] = { -- {ERR_FUNC(ASYNC_F_ASYNC_CTX_NEW), "async_ctx_new"}, -- {ERR_FUNC(ASYNC_F_ASYNC_INIT_THREAD), "ASYNC_init_thread"}, -- {ERR_FUNC(ASYNC_F_ASYNC_JOB_NEW), "async_job_new"}, -- {ERR_FUNC(ASYNC_F_ASYNC_PAUSE_JOB), "ASYNC_pause_job"}, -- {ERR_FUNC(ASYNC_F_ASYNC_START_FUNC), "async_start_func"}, -- {ERR_FUNC(ASYNC_F_ASYNC_START_JOB), "ASYNC_start_job"}, -- {0, NULL} --}; -- --static ERR_STRING_DATA ASYNC_str_reasons[] = { -- {ERR_REASON(ASYNC_R_FAILED_TO_SET_POOL), "failed to set pool"}, -- {ERR_REASON(ASYNC_R_FAILED_TO_SWAP_CONTEXT), "failed to swap context"}, -- {ERR_REASON(ASYNC_R_INIT_FAILED), "init failed"}, -- {ERR_REASON(ASYNC_R_INVALID_POOL_SIZE), "invalid pool size"}, -- {0, NULL} --}; -- --#endif -- --int ERR_load_ASYNC_strings(void) --{ --#ifndef OPENSSL_NO_ERR -- -- if (ERR_func_error_string(ASYNC_str_functs[0].error) == NULL) { -- ERR_load_strings(0, ASYNC_str_functs); -- ERR_load_strings(0, ASYNC_str_reasons); -- } --#endif -- return 1; --} -diff --git a/Cryptlib/OpenSSL/crypto/async/async_locl.h b/Cryptlib/OpenSSL/crypto/async/async_locl.h -deleted file mode 100644 -index f0ac05a..0000000 ---- a/Cryptlib/OpenSSL/crypto/async/async_locl.h -+++ /dev/null -@@ -1,77 +0,0 @@ --/* -- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --/* -- * Must do this before including any header files, because on MacOS/X -- * includes which includes -- */ --#if defined(__APPLE__) && defined(__MACH__) && !defined(_XOPEN_SOURCE) --# define _XOPEN_SOURCE /* Otherwise incomplete ucontext_t structure */ --# pragma GCC diagnostic ignored "-Wdeprecated-declarations" --#endif -- --#if defined(_WIN32) --# include --#endif -- --#include --#include -- --typedef struct async_ctx_st async_ctx; --typedef struct async_pool_st async_pool; -- --#include "arch/async_win.h" --#include "arch/async_posix.h" --#include "arch/async_null.h" -- --struct async_ctx_st { -- async_fibre dispatcher; -- ASYNC_JOB *currjob; -- unsigned int blocked; --}; -- --struct async_job_st { -- async_fibre fibrectx; -- int (*func) (void *); -- void *funcargs; -- int ret; -- int status; -- ASYNC_WAIT_CTX *waitctx; --}; -- --struct fd_lookup_st { -- const void *key; -- OSSL_ASYNC_FD fd; -- void *custom_data; -- void (*cleanup)(ASYNC_WAIT_CTX *, const void *, OSSL_ASYNC_FD, void *); -- int add; -- int del; -- struct fd_lookup_st *next; --}; -- --struct async_wait_ctx_st { -- struct fd_lookup_st *fds; -- size_t numadd; -- size_t numdel; --}; -- --DEFINE_STACK_OF(ASYNC_JOB) -- --struct async_pool_st { -- STACK_OF(ASYNC_JOB) *jobs; -- size_t curr_size; -- size_t max_size; --}; -- --void async_local_cleanup(void); --void async_start_func(void); --async_ctx *async_get_ctx(void); -- --void async_wait_ctx_reset_counts(ASYNC_WAIT_CTX *ctx); -- -diff --git a/Cryptlib/OpenSSL/crypto/async/async_wait.c b/Cryptlib/OpenSSL/crypto/async/async_wait.c -deleted file mode 100644 -index e115985..0000000 ---- a/Cryptlib/OpenSSL/crypto/async/async_wait.c -+++ /dev/null -@@ -1,211 +0,0 @@ --/* -- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --/* This must be the first #include file */ --#include "async_locl.h" -- --#include -- --ASYNC_WAIT_CTX *ASYNC_WAIT_CTX_new(void) --{ -- return OPENSSL_zalloc(sizeof(ASYNC_WAIT_CTX)); --} -- --void ASYNC_WAIT_CTX_free(ASYNC_WAIT_CTX *ctx) --{ -- struct fd_lookup_st *curr; -- struct fd_lookup_st *next; -- -- if (ctx == NULL) -- return; -- -- curr = ctx->fds; -- while (curr != NULL) { -- if (!curr->del) { -- /* Only try and cleanup if it hasn't been marked deleted */ -- if (curr->cleanup != NULL) -- curr->cleanup(ctx, curr->key, curr->fd, curr->custom_data); -- } -- /* Always free the fd_lookup_st */ -- next = curr->next; -- OPENSSL_free(curr); -- curr = next; -- } -- -- OPENSSL_free(ctx); --} --int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key, -- OSSL_ASYNC_FD fd, void *custom_data, -- void (*cleanup)(ASYNC_WAIT_CTX *, const void *, -- OSSL_ASYNC_FD, void *)) --{ -- struct fd_lookup_st *fdlookup; -- -- fdlookup = OPENSSL_zalloc(sizeof *fdlookup); -- if (fdlookup == NULL) -- return 0; -- -- fdlookup->key = key; -- fdlookup->fd = fd; -- fdlookup->custom_data = custom_data; -- fdlookup->cleanup = cleanup; -- fdlookup->add = 1; -- fdlookup->next = ctx->fds; -- ctx->fds = fdlookup; -- ctx->numadd++; -- return 1; --} -- --int ASYNC_WAIT_CTX_get_fd(ASYNC_WAIT_CTX *ctx, const void *key, -- OSSL_ASYNC_FD *fd, void **custom_data) --{ -- struct fd_lookup_st *curr; -- -- curr = ctx->fds; -- while (curr != NULL) { -- if (curr->del) { -- /* This one has been marked deleted so do nothing */ -- curr = curr->next; -- continue; -- } -- if (curr->key == key) { -- *fd = curr->fd; -- *custom_data = curr->custom_data; -- return 1; -- } -- curr = curr->next; -- } -- return 0; --} -- --int ASYNC_WAIT_CTX_get_all_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *fd, -- size_t *numfds) --{ -- struct fd_lookup_st *curr; -- -- curr = ctx->fds; -- *numfds = 0; -- while (curr != NULL) { -- if (curr->del) { -- /* This one has been marked deleted so do nothing */ -- curr = curr->next; -- continue; -- } -- if (fd != NULL) { -- *fd = curr->fd; -- fd++; -- } -- (*numfds)++; -- curr = curr->next; -- } -- return 1; --} -- --int ASYNC_WAIT_CTX_get_changed_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *addfd, -- size_t *numaddfds, OSSL_ASYNC_FD *delfd, -- size_t *numdelfds) --{ -- struct fd_lookup_st *curr; -- -- *numaddfds = ctx->numadd; -- *numdelfds = ctx->numdel; -- if (addfd == NULL && delfd == NULL) -- return 1; -- -- curr = ctx->fds; -- -- while (curr != NULL) { -- /* We ignore fds that have been marked as both added and deleted */ -- if (curr->del && !curr->add && (delfd != NULL)) { -- *delfd = curr->fd; -- delfd++; -- } -- if (curr->add && !curr->del && (addfd != NULL)) { -- *addfd = curr->fd; -- addfd++; -- } -- curr = curr->next; -- } -- -- return 1; --} -- --int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key) --{ -- struct fd_lookup_st *curr, *prev; -- -- curr = ctx->fds; -- prev = NULL; -- while (curr != NULL) { -- if (curr->del == 1) { -- /* This one has been marked deleted already so do nothing */ -- curr = curr->next; -- continue; -- } -- if (curr->key == key) { -- /* If fd has just been added, remove it from the list */ -- if (curr->add == 1) { -- if (ctx->fds == curr) { -- ctx->fds = curr->next; -- } else { -- prev->next = curr->next; -- } -- -- /* It is responsibility of the caller to cleanup before calling -- * ASYNC_WAIT_CTX_clear_fd -- */ -- OPENSSL_free(curr); -- ctx->numadd--; -- return 1; -- } -- -- /* -- * Mark it as deleted. We don't call cleanup if explicitly asked -- * to clear an fd. We assume the caller is going to do that (if -- * appropriate). -- */ -- curr->del = 1; -- ctx->numdel++; -- return 1; -- } -- prev = curr; -- curr = curr->next; -- } -- return 0; --} -- --void async_wait_ctx_reset_counts(ASYNC_WAIT_CTX *ctx) --{ -- struct fd_lookup_st *curr, *prev = NULL; -- -- ctx->numadd = 0; -- ctx->numdel = 0; -- -- curr = ctx->fds; -- -- while (curr != NULL) { -- if (curr->del) { -- if (prev == NULL) -- ctx->fds = curr->next; -- else -- prev->next = curr->next; -- OPENSSL_free(curr); -- if (prev == NULL) -- curr = ctx->fds; -- else -- curr = prev->next; -- continue; -- } -- if (curr->add) { -- curr->add = 0; -- } -- prev = curr; -- curr = curr->next; -- } --} -diff --git a/Cryptlib/OpenSSL/crypto/bio/b_addr.c b/Cryptlib/OpenSSL/crypto/bio/b_addr.c -deleted file mode 100644 -index 0f1900d..0000000 ---- a/Cryptlib/OpenSSL/crypto/bio/b_addr.c -+++ /dev/null -@@ -1,897 +0,0 @@ --/* -- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include -- --#include "bio_lcl.h" --#include -- --#ifndef OPENSSL_NO_SOCK --#include --#include --#include --#include -- --#ifdef _HPUX_SOURCE --static const char *ossl_hstrerror(int herr) --{ -- switch (herr) { -- case -1: -- return strerror(errno); -- case 0: -- return "No error"; -- case HOST_NOT_FOUND: -- return "Host not found"; -- case NO_DATA: /* NO_ADDRESS is a synonym */ -- return "No data"; -- case NO_RECOVERY: -- return "Non recoverable error"; -- case TRY_AGAIN: -- return "Try again"; -- default: -- break; -- } -- return "unknown error"; --} --# define hstrerror(e) ossl_hstrerror(e) --#endif -- --CRYPTO_RWLOCK *bio_lookup_lock; --static CRYPTO_ONCE bio_lookup_init = CRYPTO_ONCE_STATIC_INIT; -- --/* -- * Throughout this file and bio_lcl.h, the existence of the macro -- * AI_PASSIVE is used to detect the availability of struct addrinfo, -- * getnameinfo() and getaddrinfo(). If that macro doesn't exist, -- * we use our own implementation instead, using gethostbyname, -- * getservbyname and a few other. -- */ -- --/********************************************************************** -- * -- * Address structure -- * -- */ -- --BIO_ADDR *BIO_ADDR_new(void) --{ -- BIO_ADDR *ret = OPENSSL_zalloc(sizeof(*ret)); -- -- if (ret == NULL) { -- BIOerr(BIO_F_BIO_ADDR_NEW, ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- -- ret->sa.sa_family = AF_UNSPEC; -- return ret; --} -- --void BIO_ADDR_free(BIO_ADDR *ap) --{ -- OPENSSL_free(ap); --} -- --void BIO_ADDR_clear(BIO_ADDR *ap) --{ -- memset(ap, 0, sizeof(*ap)); -- ap->sa.sa_family = AF_UNSPEC; --} -- --/* -- * BIO_ADDR_make - non-public routine to fill a BIO_ADDR with the contents -- * of a struct sockaddr. -- */ --int BIO_ADDR_make(BIO_ADDR *ap, const struct sockaddr *sa) --{ -- if (sa->sa_family == AF_INET) { -- ap->s_in = *(const struct sockaddr_in *)sa; -- return 1; -- } --#ifdef AF_INET6 -- if (sa->sa_family == AF_INET6) { -- ap->s_in6 = *(const struct sockaddr_in6 *)sa; -- return 1; -- } --#endif --#ifdef AF_UNIX -- if (ap->sa.sa_family == AF_UNIX) { -- ap->s_un = *(const struct sockaddr_un *)sa; -- return 1; -- } --#endif -- -- return 0; --} -- --int BIO_ADDR_rawmake(BIO_ADDR *ap, int family, -- const void *where, size_t wherelen, -- unsigned short port) --{ --#ifdef AF_UNIX -- if (family == AF_UNIX) { -- if (wherelen + 1 > sizeof(ap->s_un.sun_path)) -- return 0; -- memset(&ap->s_un, 0, sizeof(ap->s_un)); -- ap->s_un.sun_family = family; -- strncpy(ap->s_un.sun_path, where, sizeof(ap->s_un.sun_path) - 1); -- return 1; -- } --#endif -- if (family == AF_INET) { -- if (wherelen != sizeof(struct in_addr)) -- return 0; -- memset(&ap->s_in, 0, sizeof(ap->s_in)); -- ap->s_in.sin_family = family; -- ap->s_in.sin_port = port; -- ap->s_in.sin_addr = *(struct in_addr *)where; -- return 1; -- } --#ifdef AF_INET6 -- if (family == AF_INET6) { -- if (wherelen != sizeof(struct in6_addr)) -- return 0; -- memset(&ap->s_in6, 0, sizeof(ap->s_in6)); -- ap->s_in6.sin6_family = family; -- ap->s_in6.sin6_port = port; -- ap->s_in6.sin6_addr = *(struct in6_addr *)where; -- return 1; -- } --#endif -- -- return 0; --} -- --int BIO_ADDR_family(const BIO_ADDR *ap) --{ -- return ap->sa.sa_family; --} -- --int BIO_ADDR_rawaddress(const BIO_ADDR *ap, void *p, size_t *l) --{ -- size_t len = 0; -- const void *addrptr = NULL; -- -- if (ap->sa.sa_family == AF_INET) { -- len = sizeof(ap->s_in.sin_addr); -- addrptr = &ap->s_in.sin_addr; -- } --#ifdef AF_INET6 -- else if (ap->sa.sa_family == AF_INET6) { -- len = sizeof(ap->s_in6.sin6_addr); -- addrptr = &ap->s_in6.sin6_addr; -- } --#endif --#ifdef AF_UNIX -- else if (ap->sa.sa_family == AF_UNIX) { -- len = strlen(ap->s_un.sun_path); -- addrptr = &ap->s_un.sun_path; -- } --#endif -- -- if (addrptr == NULL) -- return 0; -- -- if (p != NULL) { -- memcpy(p, addrptr, len); -- } -- if (l != NULL) -- *l = len; -- -- return 1; --} -- --unsigned short BIO_ADDR_rawport(const BIO_ADDR *ap) --{ -- if (ap->sa.sa_family == AF_INET) -- return ap->s_in.sin_port; --#ifdef AF_INET6 -- if (ap->sa.sa_family == AF_INET6) -- return ap->s_in6.sin6_port; --#endif -- return 0; --} -- --/*- -- * addr_strings - helper function to get host and service names -- * @ap: the BIO_ADDR that has the input info -- * @numeric: 0 if actual names should be returned, 1 if the numeric -- * representation should be returned. -- * @hostname: a pointer to a pointer to a memory area to store the -- * host name or numeric representation. Unused if NULL. -- * @service: a pointer to a pointer to a memory area to store the -- * service name or numeric representation. Unused if NULL. -- * -- * The return value is 0 on failure, with the error code in the error -- * stack, and 1 on success. -- */ --static int addr_strings(const BIO_ADDR *ap, int numeric, -- char **hostname, char **service) --{ -- if (BIO_sock_init() != 1) -- return 0; -- -- if (1) { --#ifdef AI_PASSIVE -- int ret = 0; -- char host[NI_MAXHOST] = "", serv[NI_MAXSERV] = ""; -- int flags = 0; -- -- if (numeric) -- flags |= NI_NUMERICHOST | NI_NUMERICSERV; -- -- if ((ret = getnameinfo(BIO_ADDR_sockaddr(ap), -- BIO_ADDR_sockaddr_size(ap), -- host, sizeof(host), serv, sizeof(serv), -- flags)) != 0) { --# ifdef EAI_SYSTEM -- if (ret == EAI_SYSTEM) { -- SYSerr(SYS_F_GETNAMEINFO, get_last_socket_error()); -- BIOerr(BIO_F_ADDR_STRINGS, ERR_R_SYS_LIB); -- } else --# endif -- { -- BIOerr(BIO_F_ADDR_STRINGS, ERR_R_SYS_LIB); -- ERR_add_error_data(1, gai_strerror(ret)); -- } -- return 0; -- } -- -- /* VMS getnameinfo() has a bug, it doesn't fill in serv, which -- * leaves it with whatever garbage that happens to be there. -- * However, we initialise serv with the empty string (serv[0] -- * is therefore NUL), so it gets real easy to detect when things -- * didn't go the way one might expect. -- */ -- if (serv[0] == '\0') { -- BIO_snprintf(serv, sizeof(serv), "%d", -- ntohs(BIO_ADDR_rawport(ap))); -- } -- -- if (hostname != NULL) -- *hostname = OPENSSL_strdup(host); -- if (service != NULL) -- *service = OPENSSL_strdup(serv); -- } else { --#endif -- if (hostname != NULL) -- *hostname = OPENSSL_strdup(inet_ntoa(ap->s_in.sin_addr)); -- if (service != NULL) { -- char serv[6]; /* port is 16 bits => max 5 decimal digits */ -- BIO_snprintf(serv, sizeof(serv), "%d", ntohs(ap->s_in.sin_port)); -- *service = OPENSSL_strdup(serv); -- } -- } -- -- if ((hostname != NULL && *hostname == NULL) -- || (service != NULL && *service == NULL)) { -- if (hostname != NULL) { -- OPENSSL_free(*hostname); -- *hostname = NULL; -- } -- if (service != NULL) { -- OPENSSL_free(*service); -- *service = NULL; -- } -- BIOerr(BIO_F_ADDR_STRINGS, ERR_R_MALLOC_FAILURE); -- return 0; -- } -- -- return 1; --} -- --char *BIO_ADDR_hostname_string(const BIO_ADDR *ap, int numeric) --{ -- char *hostname = NULL; -- -- if (addr_strings(ap, numeric, &hostname, NULL)) -- return hostname; -- -- return NULL; --} -- --char *BIO_ADDR_service_string(const BIO_ADDR *ap, int numeric) --{ -- char *service = NULL; -- -- if (addr_strings(ap, numeric, NULL, &service)) -- return service; -- -- return NULL; --} -- --char *BIO_ADDR_path_string(const BIO_ADDR *ap) --{ --#ifdef AF_UNIX -- if (ap->sa.sa_family == AF_UNIX) -- return OPENSSL_strdup(ap->s_un.sun_path); --#endif -- return NULL; --} -- --/* -- * BIO_ADDR_sockaddr - non-public routine to return the struct sockaddr -- * for a given BIO_ADDR. In reality, this is simply a type safe cast. -- * The returned struct sockaddr is const, so it can't be tampered with. -- */ --const struct sockaddr *BIO_ADDR_sockaddr(const BIO_ADDR *ap) --{ -- return &(ap->sa); --} -- --/* -- * BIO_ADDR_sockaddr_noconst - non-public function that does the same -- * as BIO_ADDR_sockaddr, but returns a non-const. USE WITH CARE, as -- * it allows you to tamper with the data (and thereby the contents -- * of the input BIO_ADDR). -- */ --struct sockaddr *BIO_ADDR_sockaddr_noconst(BIO_ADDR *ap) --{ -- return &(ap->sa); --} -- --/* -- * BIO_ADDR_sockaddr_size - non-public function that returns the size -- * of the struct sockaddr the BIO_ADDR is using. If the protocol family -- * isn't set or is something other than AF_INET, AF_INET6 or AF_UNIX, -- * the size of the BIO_ADDR type is returned. -- */ --socklen_t BIO_ADDR_sockaddr_size(const BIO_ADDR *ap) --{ -- if (ap->sa.sa_family == AF_INET) -- return sizeof(ap->s_in); --#ifdef AF_INET6 -- if (ap->sa.sa_family == AF_INET6) -- return sizeof(ap->s_in6); --#endif --#ifdef AF_UNIX -- if (ap->sa.sa_family == AF_UNIX) -- return sizeof(ap->s_un); --#endif -- return sizeof(*ap); --} -- --/********************************************************************** -- * -- * Address info database -- * -- */ -- --const BIO_ADDRINFO *BIO_ADDRINFO_next(const BIO_ADDRINFO *bai) --{ -- if (bai != NULL) -- return bai->bai_next; -- return NULL; --} -- --int BIO_ADDRINFO_family(const BIO_ADDRINFO *bai) --{ -- if (bai != NULL) -- return bai->bai_family; -- return 0; --} -- --int BIO_ADDRINFO_socktype(const BIO_ADDRINFO *bai) --{ -- if (bai != NULL) -- return bai->bai_socktype; -- return 0; --} -- --int BIO_ADDRINFO_protocol(const BIO_ADDRINFO *bai) --{ -- if (bai != NULL) { -- if (bai->bai_protocol != 0) -- return bai->bai_protocol; -- --#ifdef AF_UNIX -- if (bai->bai_family == AF_UNIX) -- return 0; --#endif -- -- switch (bai->bai_socktype) { -- case SOCK_STREAM: -- return IPPROTO_TCP; -- case SOCK_DGRAM: -- return IPPROTO_UDP; -- default: -- break; -- } -- } -- return 0; --} -- --/* -- * BIO_ADDRINFO_sockaddr_size - non-public function that returns the size -- * of the struct sockaddr inside the BIO_ADDRINFO. -- */ --socklen_t BIO_ADDRINFO_sockaddr_size(const BIO_ADDRINFO *bai) --{ -- if (bai != NULL) -- return bai->bai_addrlen; -- return 0; --} -- --/* -- * BIO_ADDRINFO_sockaddr - non-public function that returns bai_addr -- * as the struct sockaddr it is. -- */ --const struct sockaddr *BIO_ADDRINFO_sockaddr(const BIO_ADDRINFO *bai) --{ -- if (bai != NULL) -- return bai->bai_addr; -- return NULL; --} -- --const BIO_ADDR *BIO_ADDRINFO_address(const BIO_ADDRINFO *bai) --{ -- if (bai != NULL) -- return (BIO_ADDR *)bai->bai_addr; -- return NULL; --} -- --void BIO_ADDRINFO_free(BIO_ADDRINFO *bai) --{ -- if (bai == NULL) -- return; -- --#ifdef AI_PASSIVE --# ifdef AF_UNIX --# define _cond bai->bai_family != AF_UNIX --# else --# define _cond 1 --# endif -- if (_cond) { -- freeaddrinfo(bai); -- return; -- } --#endif -- -- /* Free manually when we know that addrinfo_wrap() was used. -- * See further comment above addrinfo_wrap() -- */ -- while (bai != NULL) { -- BIO_ADDRINFO *next = bai->bai_next; -- OPENSSL_free(bai->bai_addr); -- OPENSSL_free(bai); -- bai = next; -- } --} -- --/********************************************************************** -- * -- * Service functions -- * -- */ -- --/*- -- * The specs in hostserv can take these forms: -- * -- * host:service => *host = "host", *service = "service" -- * host:* => *host = "host", *service = NULL -- * host: => *host = "host", *service = NULL -- * :service => *host = NULL, *service = "service" -- * *:service => *host = NULL, *service = "service" -- * -- * in case no : is present in the string, the result depends on -- * hostserv_prio, as follows: -- * -- * when hostserv_prio == BIO_PARSE_PRIO_HOST -- * host => *host = "host", *service untouched -- * -- * when hostserv_prio == BIO_PARSE_PRIO_SERV -- * service => *host untouched, *service = "service" -- * -- */ --int BIO_parse_hostserv(const char *hostserv, char **host, char **service, -- enum BIO_hostserv_priorities hostserv_prio) --{ -- const char *h = NULL; size_t hl = 0; -- const char *p = NULL; size_t pl = 0; -- -- if (*hostserv == '[') { -- if ((p = strchr(hostserv, ']')) == NULL) -- goto spec_err; -- h = hostserv + 1; -- hl = p - h; -- p++; -- if (*p == '\0') -- p = NULL; -- else if (*p != ':') -- goto spec_err; -- else { -- p++; -- pl = strlen(p); -- } -- } else { -- const char *p2 = strrchr(hostserv, ':'); -- p = strchr(hostserv, ':'); -- -- /*- -- * Check for more than one colon. There are three possible -- * interpretations: -- * 1. IPv6 address with port number, last colon being separator. -- * 2. IPv6 address only. -- * 3. IPv6 address only if hostserv_prio == BIO_PARSE_PRIO_HOST, -- * IPv6 address and port number if hostserv_prio == BIO_PARSE_PRIO_SERV -- * Because of this ambiguity, we currently choose to make it an -- * error. -- */ -- if (p != p2) -- goto amb_err; -- -- if (p != NULL) { -- h = hostserv; -- hl = p - h; -- p++; -- pl = strlen(p); -- } else if (hostserv_prio == BIO_PARSE_PRIO_HOST) { -- h = hostserv; -- hl = strlen(h); -- } else { -- p = hostserv; -- pl = strlen(p); -- } -- } -- -- if (p != NULL && strchr(p, ':')) -- goto spec_err; -- -- if (h != NULL && host != NULL) { -- if (hl == 0 -- || (hl == 1 && h[0] == '*')) { -- *host = NULL; -- } else { -- *host = OPENSSL_strndup(h, hl); -- if (*host == NULL) -- goto memerr; -- } -- } -- if (p != NULL && service != NULL) { -- if (pl == 0 -- || (pl == 1 && p[0] == '*')) { -- *service = NULL; -- } else { -- *service = OPENSSL_strndup(p, pl); -- if (*service == NULL) -- goto memerr; -- } -- } -- -- return 1; -- amb_err: -- BIOerr(BIO_F_BIO_PARSE_HOSTSERV, BIO_R_AMBIGUOUS_HOST_OR_SERVICE); -- return 0; -- spec_err: -- BIOerr(BIO_F_BIO_PARSE_HOSTSERV, BIO_R_MALFORMED_HOST_OR_SERVICE); -- return 0; -- memerr: -- BIOerr(BIO_F_BIO_PARSE_HOSTSERV, ERR_R_MALLOC_FAILURE); -- return 0; --} -- --/* addrinfo_wrap is used to build our own addrinfo "chain". -- * (it has only one entry, so calling it a chain may be a stretch) -- * It should ONLY be called when getaddrinfo() and friends -- * aren't available, OR when dealing with a non IP protocol -- * family, such as AF_UNIX -- * -- * the return value is 1 on success, or 0 on failure, which -- * only happens if a memory allocation error occurred. -- */ --static int addrinfo_wrap(int family, int socktype, -- const void *where, size_t wherelen, -- unsigned short port, -- BIO_ADDRINFO **bai) --{ -- OPENSSL_assert(bai != NULL); -- -- *bai = OPENSSL_zalloc(sizeof(**bai)); -- if (*bai == NULL) -- return 0; -- -- (*bai)->bai_family = family; -- (*bai)->bai_socktype = socktype; -- if (socktype == SOCK_STREAM) -- (*bai)->bai_protocol = IPPROTO_TCP; -- if (socktype == SOCK_DGRAM) -- (*bai)->bai_protocol = IPPROTO_UDP; --#ifdef AF_UNIX -- if (family == AF_UNIX) -- (*bai)->bai_protocol = 0; --#endif -- { -- /* Magic: We know that BIO_ADDR_sockaddr_noconst is really -- just an advanced cast of BIO_ADDR* to struct sockaddr * -- by the power of union, so while it may seem that we're -- creating a memory leak here, we are not. It will be -- all right. */ -- BIO_ADDR *addr = BIO_ADDR_new(); -- if (addr != NULL) { -- BIO_ADDR_rawmake(addr, family, where, wherelen, port); -- (*bai)->bai_addr = BIO_ADDR_sockaddr_noconst(addr); -- } -- } -- (*bai)->bai_next = NULL; -- if ((*bai)->bai_addr == NULL) { -- BIO_ADDRINFO_free(*bai); -- *bai = NULL; -- return 0; -- } -- return 1; --} -- --DEFINE_RUN_ONCE_STATIC(do_bio_lookup_init) --{ -- OPENSSL_init_crypto(0, NULL); -- bio_lookup_lock = CRYPTO_THREAD_lock_new(); -- return bio_lookup_lock != NULL; --} -- --/*- -- * BIO_lookup - look up the node and service you want to connect to. -- * @node: the node you want to connect to. -- * @service: the service you want to connect to. -- * @lookup_type: declare intent with the result, client or server. -- * @family: the address family you want to use. Use AF_UNSPEC for any, or -- * AF_INET, AF_INET6 or AF_UNIX. -- * @socktype: The socket type you want to use. Can be SOCK_STREAM, SOCK_DGRAM -- * or 0 for all. -- * @res: Storage place for the resulting list of returned addresses -- * -- * This will do a lookup of the node and service that you want to connect to. -- * It returns a linked list of different addresses you can try to connect to. -- * -- * When no longer needed you should call BIO_ADDRINFO_free() to free the result. -- * -- * The return value is 1 on success or 0 in case of error. -- */ --int BIO_lookup(const char *host, const char *service, -- enum BIO_lookup_type lookup_type, -- int family, int socktype, BIO_ADDRINFO **res) --{ -- int ret = 0; /* Assume failure */ -- -- switch(family) { -- case AF_INET: --#ifdef AF_INET6 -- case AF_INET6: --#endif --#ifdef AF_UNIX -- case AF_UNIX: --#endif --#ifdef AF_UNSPEC -- case AF_UNSPEC: --#endif -- break; -- default: -- BIOerr(BIO_F_BIO_LOOKUP, BIO_R_UNSUPPORTED_PROTOCOL_FAMILY); -- return 0; -- } -- --#ifdef AF_UNIX -- if (family == AF_UNIX) { -- if (addrinfo_wrap(family, socktype, host, strlen(host), 0, res)) -- return 1; -- else -- BIOerr(BIO_F_BIO_LOOKUP, ERR_R_MALLOC_FAILURE); -- return 0; -- } --#endif -- -- if (BIO_sock_init() != 1) -- return 0; -- -- if (1) { -- int gai_ret = 0; --#ifdef AI_PASSIVE -- struct addrinfo hints; -- memset(&hints, 0, sizeof hints); -- -- hints.ai_family = family; -- hints.ai_socktype = socktype; -- -- if (lookup_type == BIO_LOOKUP_SERVER) -- hints.ai_flags |= AI_PASSIVE; -- -- /* Note that |res| SHOULD be a 'struct addrinfo **' thanks to -- * macro magic in bio_lcl.h -- */ -- switch ((gai_ret = getaddrinfo(host, service, &hints, res))) { --# ifdef EAI_SYSTEM -- case EAI_SYSTEM: -- SYSerr(SYS_F_GETADDRINFO, get_last_socket_error()); -- BIOerr(BIO_F_BIO_LOOKUP, ERR_R_SYS_LIB); -- break; --# endif -- case 0: -- ret = 1; /* Success */ -- break; -- default: -- BIOerr(BIO_F_BIO_LOOKUP, ERR_R_SYS_LIB); -- ERR_add_error_data(1, gai_strerror(gai_ret)); -- break; -- } -- } else { --#endif -- const struct hostent *he; --/* -- * Because struct hostent is defined for 32-bit pointers only with -- * VMS C, we need to make sure that '&he_fallback_address' and -- * '&he_fallback_addresses' are 32-bit pointers -- */ --#if defined(OPENSSL_SYS_VMS) && defined(__DECC) --# pragma pointer_size save --# pragma pointer_size 32 --#endif -- /* Windows doesn't seem to have in_addr_t */ --#ifdef OPENSSL_SYS_WINDOWS -- static uint32_t he_fallback_address; -- static const char *he_fallback_addresses[] = -- { (char *)&he_fallback_address, NULL }; --#else -- static in_addr_t he_fallback_address; -- static const char *he_fallback_addresses[] = -- { (char *)&he_fallback_address, NULL }; --#endif -- static const struct hostent he_fallback = -- { NULL, NULL, AF_INET, sizeof(he_fallback_address), -- (char **)&he_fallback_addresses }; --#if defined(OPENSSL_SYS_VMS) && defined(__DECC) --# pragma pointer_size restore --#endif -- -- struct servent *se; -- /* Apparently, on WIN64, s_proto and s_port have traded places... */ --#ifdef _WIN64 -- struct servent se_fallback = { NULL, NULL, NULL, 0 }; --#else -- struct servent se_fallback = { NULL, NULL, 0, NULL }; --#endif -- -- if (!RUN_ONCE(&bio_lookup_init, do_bio_lookup_init)) { -- BIOerr(BIO_F_BIO_LOOKUP, ERR_R_MALLOC_FAILURE); -- ret = 0; -- goto err; -- } -- -- CRYPTO_THREAD_write_lock(bio_lookup_lock); -- he_fallback_address = INADDR_ANY; -- if (host == NULL) { -- he = &he_fallback; -- switch(lookup_type) { -- case BIO_LOOKUP_CLIENT: -- he_fallback_address = INADDR_LOOPBACK; -- break; -- case BIO_LOOKUP_SERVER: -- he_fallback_address = INADDR_ANY; -- break; -- default: -- OPENSSL_assert(("We forgot to handle a lookup type!" == 0)); -- break; -- } -- } else { -- he = gethostbyname(host); -- -- if (he == NULL) { --#ifndef OPENSSL_SYS_WINDOWS -- BIOerr(BIO_F_BIO_LOOKUP, ERR_R_SYS_LIB); -- ERR_add_error_data(1, hstrerror(h_errno)); --#else -- SYSerr(SYS_F_GETHOSTBYNAME, WSAGetLastError()); --#endif -- ret = 0; -- goto err; -- } -- } -- -- if (service == NULL) { -- se_fallback.s_port = 0; -- se_fallback.s_proto = NULL; -- se = &se_fallback; -- } else { -- char *endp = NULL; -- long portnum = strtol(service, &endp, 10); -- --/* -- * Because struct servent is defined for 32-bit pointers only with -- * VMS C, we need to make sure that 'proto' is a 32-bit pointer. -- */ --#if defined(OPENSSL_SYS_VMS) && defined(__DECC) --# pragma pointer_size save --# pragma pointer_size 32 --#endif -- char *proto = NULL; --#if defined(OPENSSL_SYS_VMS) && defined(__DECC) --# pragma pointer_size restore --#endif -- -- switch (socktype) { -- case SOCK_STREAM: -- proto = "tcp"; -- break; -- case SOCK_DGRAM: -- proto = "udp"; -- break; -- } -- -- if (endp != service && *endp == '\0' -- && portnum > 0 && portnum < 65536) { -- se_fallback.s_port = htons(portnum); -- se_fallback.s_proto = proto; -- se = &se_fallback; -- } else if (endp == service) { -- se = getservbyname(service, proto); -- -- if (se == NULL) { --#ifndef OPENSSL_SYS_WINDOWS -- BIOerr(BIO_F_BIO_LOOKUP, ERR_R_SYS_LIB); -- ERR_add_error_data(1, hstrerror(h_errno)); --#else -- SYSerr(SYS_F_GETSERVBYNAME, WSAGetLastError()); --#endif -- goto err; -- } -- } else { -- BIOerr(BIO_F_BIO_LOOKUP, BIO_R_MALFORMED_HOST_OR_SERVICE); -- goto err; -- } -- } -- -- *res = NULL; -- -- { --/* -- * Because hostent::h_addr_list is an array of 32-bit pointers with VMS C, -- * we must make sure our iterator designates the same element type, hence -- * the pointer size dance. -- */ --#if defined(OPENSSL_SYS_VMS) && defined(__DECC) --# pragma pointer_size save --# pragma pointer_size 32 --#endif -- char **addrlistp; --#if defined(OPENSSL_SYS_VMS) && defined(__DECC) --# pragma pointer_size restore --#endif -- size_t addresses; -- BIO_ADDRINFO *tmp_bai = NULL; -- -- /* The easiest way to create a linked list from an -- array is to start from the back */ -- for(addrlistp = he->h_addr_list; *addrlistp != NULL; -- addrlistp++) -- ; -- -- for(addresses = addrlistp - he->h_addr_list; -- addrlistp--, addresses-- > 0; ) { -- if (!addrinfo_wrap(he->h_addrtype, socktype, -- *addrlistp, he->h_length, -- se->s_port, &tmp_bai)) -- goto addrinfo_malloc_err; -- tmp_bai->bai_next = *res; -- *res = tmp_bai; -- continue; -- addrinfo_malloc_err: -- BIO_ADDRINFO_free(*res); -- *res = NULL; -- BIOerr(BIO_F_BIO_LOOKUP, ERR_R_MALLOC_FAILURE); -- ret = 0; -- goto err; -- } -- -- ret = 1; -- } -- err: -- CRYPTO_THREAD_unlock(bio_lookup_lock); -- } -- -- return ret; --} -- --#endif /* OPENSSL_NO_SOCK */ -diff --git a/Cryptlib/OpenSSL/crypto/bio/b_dump.c b/Cryptlib/OpenSSL/crypto/bio/b_dump.c -index a27954f..ccf0e28 100644 ---- a/Cryptlib/OpenSSL/crypto/bio/b_dump.c -+++ b/Cryptlib/OpenSSL/crypto/bio/b_dump.c -@@ -1,10 +1,59 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/bio/b_dump.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - /* -@@ -12,6 +61,7 @@ - */ - - #include -+#include "cryptlib.h" - #include "bio_lcl.h" - - #define TRUNCATE -@@ -54,20 +104,20 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u), - if ((rows * dump_width) < len) - rows++; - for (i = 0; i < rows; i++) { -- OPENSSL_strlcpy(buf, str, sizeof buf); -+ BUF_strlcpy(buf, str, sizeof buf); - BIO_snprintf(tmp, sizeof tmp, "%04x - ", i * dump_width); -- OPENSSL_strlcat(buf, tmp, sizeof buf); -+ BUF_strlcat(buf, tmp, sizeof buf); - for (j = 0; j < dump_width; j++) { - if (((i * dump_width) + j) >= len) { -- OPENSSL_strlcat(buf, " ", sizeof buf); -+ BUF_strlcat(buf, " ", sizeof buf); - } else { - ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff; - BIO_snprintf(tmp, sizeof tmp, "%02x%c", ch, - j == 7 ? '-' : ' '); -- OPENSSL_strlcat(buf, tmp, sizeof buf); -+ BUF_strlcat(buf, tmp, sizeof buf); - } - } -- OPENSSL_strlcat(buf, " ", sizeof buf); -+ BUF_strlcat(buf, " ", sizeof buf); - for (j = 0; j < dump_width; j++) { - if (((i * dump_width) + j) >= len) - break; -@@ -81,9 +131,9 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u), - ? os_toebcdic[ch] - : '.'); - #endif -- OPENSSL_strlcat(buf, tmp, sizeof buf); -+ BUF_strlcat(buf, tmp, sizeof buf); - } -- OPENSSL_strlcat(buf, "\n", sizeof buf); -+ BUF_strlcat(buf, "\n", sizeof buf); - /* - * if this is the last call then update the ddt_dump thing so that we - * will move the selection point in the debug window -@@ -100,7 +150,7 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u), - return (ret); - } - --#ifndef OPENSSL_NO_STDIO -+#ifndef OPENSSL_NO_FP_API - static int write_fp(const void *data, size_t len, void *fp) - { - return UP_fwrite(data, len, 1, fp); -diff --git a/Cryptlib/OpenSSL/crypto/bio/b_print.c b/Cryptlib/OpenSSL/crypto/bio/b_print.c -index f33caa2..fea7386 100644 ---- a/Cryptlib/OpenSSL/crypto/bio/b_print.c -+++ b/Cryptlib/OpenSSL/crypto/bio/b_print.c -@@ -1,17 +1,78 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/bio/b_print.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+/* disable assert() unless BIO_DEBUG has been defined */ -+#ifndef BIO_DEBUG -+# ifndef NDEBUG -+# define NDEBUG -+# endif -+#endif -+ -+/* -+ * Stolen from tjh's ssl/ssl_trc.c stuff. - */ - - #include - #include - #include --#include "internal/numbers.h" --#include "internal/cryptlib.h" -+#include -+#include -+#include "cryptlib.h" - #ifndef NO_SYS_TYPES_H - # include - #endif -@@ -24,6 +85,8 @@ - # endif - #endif - -+/***************************************************************************/ -+ - /* - * Copyright Patrick Powell 1995 - * This code is based on code written by Patrick Powell -@@ -31,6 +94,21 @@ - * on all source code distributions. - */ - -+/*- -+ * This code contains numerious changes and enhancements which were -+ * made by lots of contributors over the last years to Patrick Powell's -+ * original code: -+ * -+ * o Patrick Powell (1995) -+ * o Brandon Long (1996, for Mutt) -+ * o Thomas Roessler (1998, for Mutt) -+ * o Michael Elkins (1998, for Mutt) -+ * o Andrew Tridgell (1998, for Samba) -+ * o Luke Mewburn (1999, for LukemFTP) -+ * o Ralf S. Engelschall (1999, for Pth) -+ * o ... (for OpenSSL) -+ */ -+ - #ifdef HAVE_LONG_DOUBLE - # define LDOUBLE long double - #else -@@ -53,7 +131,7 @@ static int fmtint(char **, char **, size_t *, size_t *, - LLONG, int, int, int, int); - #ifndef OPENSSL_SYS_UEFI - static int fmtfp(char **, char **, size_t *, size_t *, -- LDOUBLE, int, int, int, int); -+ LDOUBLE, int, int, int); - #endif - static int doapr_outch(char **, char **, size_t *, size_t *, int); - static int _dopr(char **sbuffer, char **buffer, -@@ -71,19 +149,12 @@ static int _dopr(char **sbuffer, char **buffer, - #define DP_S_DONE 7 - - /* format flags - Bits */ --/* left-aligned padding */ - #define DP_F_MINUS (1 << 0) --/* print an explicit '+' for a value with positive sign */ - #define DP_F_PLUS (1 << 1) --/* print an explicit ' ' for a value with positive sign */ - #define DP_F_SPACE (1 << 2) --/* print 0/0x prefix for octal/hex and decimal point for floating point */ - #define DP_F_NUM (1 << 3) --/* print leading zeroes */ - #define DP_F_ZERO (1 << 4) --/* print HEX in UPPPERcase */ - #define DP_F_UP (1 << 5) --/* treat value as unsigned */ - #define DP_F_UNSIGNED (1 << 6) - - /* conversion flags */ -@@ -92,11 +163,6 @@ static int _dopr(char **sbuffer, char **buffer, - #define DP_C_LDOUBLE 3 - #define DP_C_LLONG 4 - --/* Floating point formats */ --#define F_FORMAT 0 --#define E_FORMAT 1 --#define G_FORMAT 2 -- - /* some handy macros */ - #define char_to_int(p) (p - '0') - #define OSSL_MAX(p,q) ((p >= q) ? p : q) -@@ -280,7 +346,7 @@ _dopr(char **sbuffer, - else - fvalue = va_arg(args, double); - if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max, -- flags, F_FORMAT)) -+ flags)) - return 0; - break; - case 'E': -@@ -290,9 +356,6 @@ _dopr(char **sbuffer, - fvalue = va_arg(args, LDOUBLE); - else - fvalue = va_arg(args, double); -- if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max, -- flags, E_FORMAT)) -- return 0; - break; - case 'G': - flags |= DP_F_UP; -@@ -301,9 +364,6 @@ _dopr(char **sbuffer, - fvalue = va_arg(args, LDOUBLE); - else - fvalue = va_arg(args, double); -- if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max, -- flags, G_FORMAT)) -- return 0; - break; - #endif - case 'c': -@@ -324,7 +384,7 @@ _dopr(char **sbuffer, - return 0; - break; - case 'p': -- value = (size_t)va_arg(args, void *); -+ value = (long)va_arg(args, void *); - if (!fmtint(sbuffer, buffer, &currlen, maxlen, - value, 16, min, max, flags | DP_F_NUM)) - return 0; -@@ -399,37 +459,28 @@ fmtstr(char **sbuffer, - if (value == 0) - value = ""; - -- strln = OPENSSL_strnlen(value, max < 0 ? SIZE_MAX : (size_t)max); -+ strln = strlen(value); -+ if (strln > INT_MAX) -+ strln = INT_MAX; - - padlen = min - strln; - if (min < 0 || padlen < 0) - padlen = 0; -- if (max >= 0) { -- /* -- * Calculate the maximum output including padding. -- * Make sure max doesn't overflow into negativity -- */ -- if (max < INT_MAX - padlen) -- max += padlen; -- else -- max = INT_MAX; -- } - if (flags & DP_F_MINUS) - padlen = -padlen; - -- while ((padlen > 0) && (max < 0 || cnt < max)) { -+ while ((padlen > 0) && (cnt < max)) { - if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) - return 0; - --padlen; - ++cnt; - } -- while (strln > 0 && (max < 0 || cnt < max)) { -+ while (*value && (cnt < max)) { - if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *value++)) - return 0; -- --strln; - ++cnt; - } -- while ((padlen < 0) && (max < 0 || cnt < max)) { -+ while ((padlen < 0) && (cnt < max)) { - if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) - return 0; - ++padlen; -@@ -459,7 +510,7 @@ fmtint(char **sbuffer, - if (!(flags & DP_F_UNSIGNED)) { - if (value < 0) { - signvalue = '-'; -- uvalue = 0 - (unsigned LLONG)value; -+ uvalue = -value; - } else if (flags & DP_F_PLUS) - signvalue = '+'; - else if (flags & DP_F_SPACE) -@@ -571,28 +622,23 @@ static int - fmtfp(char **sbuffer, - char **buffer, - size_t *currlen, -- size_t *maxlen, LDOUBLE fvalue, int min, int max, int flags, int style) -+ size_t *maxlen, LDOUBLE fvalue, int min, int max, int flags) - { - int signvalue = 0; - LDOUBLE ufvalue; -- LDOUBLE tmpvalue; - char iconvert[20]; - char fconvert[20]; -- char econvert[20]; - int iplace = 0; - int fplace = 0; -- int eplace = 0; - int padlen = 0; - int zpadlen = 0; -- long exp = 0; -- unsigned long intpart; -- unsigned long fracpart; -- unsigned long max10; -- int realstyle; -+ long intpart; -+ long fracpart; -+ long max10; - - if (max < 0) - max = 6; -- -+ ufvalue = abs_val(fvalue); - if (fvalue < 0) - signvalue = '-'; - else if (flags & DP_F_PLUS) -@@ -600,73 +646,7 @@ fmtfp(char **sbuffer, - else if (flags & DP_F_SPACE) - signvalue = ' '; - -- /* -- * G_FORMAT sometimes prints like E_FORMAT and sometimes like F_FORMAT -- * depending on the number to be printed. Work out which one it is and use -- * that from here on. -- */ -- if (style == G_FORMAT) { -- if (fvalue == 0.0) { -- realstyle = F_FORMAT; -- } else if (fvalue < 0.0001) { -- realstyle = E_FORMAT; -- } else if ((max == 0 && fvalue >= 10) -- || (max > 0 && fvalue >= pow_10(max))) { -- realstyle = E_FORMAT; -- } else { -- realstyle = F_FORMAT; -- } -- } else { -- realstyle = style; -- } -- -- if (style != F_FORMAT) { -- tmpvalue = fvalue; -- /* Calculate the exponent */ -- if (fvalue != 0.0) { -- while (tmpvalue < 1) { -- tmpvalue *= 10; -- exp--; -- } -- while (tmpvalue > 10) { -- tmpvalue /= 10; -- exp++; -- } -- } -- if (style == G_FORMAT) { -- /* -- * In G_FORMAT the "precision" represents significant digits. We -- * always have at least 1 significant digit. -- */ -- if (max == 0) -- max = 1; -- /* Now convert significant digits to decimal places */ -- if (realstyle == F_FORMAT) { -- max -= (exp + 1); -- if (max < 0) { -- /* -- * Should not happen. If we're in F_FORMAT then exp < max? -- */ -- return 0; -- } -- } else { -- /* -- * In E_FORMAT there is always one significant digit in front -- * of the decimal point, so: -- * significant digits == 1 + decimal places -- */ -- max--; -- } -- } -- if (realstyle == E_FORMAT) -- fvalue = tmpvalue; -- } -- ufvalue = abs_val(fvalue); -- if (ufvalue > ULONG_MAX) { -- /* Number too big */ -- return 0; -- } -- intpart = (unsigned long)ufvalue; -+ intpart = (long)ufvalue; - - /* - * sorry, we only support 9 digits past the decimal because of our -@@ -697,51 +677,16 @@ fmtfp(char **sbuffer, - iconvert[iplace] = 0; - - /* convert fractional part */ -- while (fplace < max) { -- if (style == G_FORMAT && fplace == 0 && (fracpart % 10) == 0) { -- /* We strip trailing zeros in G_FORMAT */ -- max--; -- fracpart = fracpart / 10; -- if (fplace < max) -- continue; -- break; -- } -+ do { - fconvert[fplace++] = "0123456789"[fracpart % 10]; - fracpart = (fracpart / 10); -- } -- -+ } while (fplace < max); - if (fplace == sizeof fconvert) - fplace--; - fconvert[fplace] = 0; - -- /* convert exponent part */ -- if (realstyle == E_FORMAT) { -- int tmpexp; -- if (exp < 0) -- tmpexp = -exp; -- else -- tmpexp = exp; -- -- do { -- econvert[eplace++] = "0123456789"[tmpexp % 10]; -- tmpexp = (tmpexp / 10); -- } while (tmpexp > 0 && eplace < (int)sizeof(econvert)); -- /* Exponent is huge!! Too big to print */ -- if (tmpexp > 0) -- return 0; -- /* Add a leading 0 for single digit exponents */ -- if (eplace == 1) -- econvert[eplace++] = '0'; -- } -- -- /* -- * -1 for decimal point (if we have one, i.e. max > 0), -- * another -1 if we are printing a sign -- */ -- padlen = min - iplace - max - (max > 0 ? 1 : 0) - ((signvalue) ? 1 : 0); -- /* Take some off for exponent prefix "+e" and exponent */ -- if (realstyle == E_FORMAT) -- padlen -= 2 + eplace; -+ /* -1 for decimal point, another -1 if we are printing a sign */ -+ padlen = min - iplace - max - 1 - ((signvalue) ? 1 : 0); - zpadlen = max - fplace; - if (zpadlen < 0) - zpadlen = 0; -@@ -795,28 +740,6 @@ fmtfp(char **sbuffer, - return 0; - --zpadlen; - } -- if (realstyle == E_FORMAT) { -- char ech; -- -- if ((flags & DP_F_UP) == 0) -- ech = 'e'; -- else -- ech = 'E'; -- if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ech)) -- return 0; -- if (exp < 0) { -- if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '-')) -- return 0; -- } else { -- if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '+')) -- return 0; -- } -- while (eplace > 0) { -- if (!doapr_outch(sbuffer, buffer, currlen, maxlen, -- econvert[--eplace])) -- return 0; -- } -- } - - while (padlen < 0) { - if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) -@@ -834,10 +757,10 @@ doapr_outch(char **sbuffer, - char **buffer, size_t *currlen, size_t *maxlen, int c) - { - /* If we haven't at least one buffer, someone has doe a big booboo */ -- OPENSSL_assert(*sbuffer != NULL || buffer != NULL); -+ assert(*sbuffer != NULL || buffer != NULL); - - /* |currlen| must always be <= |*maxlen| */ -- OPENSSL_assert(*currlen <= *maxlen); -+ assert(*currlen <= *maxlen); - - if (buffer && *currlen == *maxlen) { - if (*maxlen > INT_MAX - BUFFER_INC) -@@ -849,7 +772,7 @@ doapr_outch(char **sbuffer, - if (*buffer == NULL) - return 0; - if (*currlen > 0) { -- OPENSSL_assert(*sbuffer != NULL); -+ assert(*sbuffer != NULL); - memcpy(*buffer, *sbuffer, *currlen); - } - *sbuffer = NULL; -@@ -900,6 +823,7 @@ int BIO_vprintf(BIO *bio, const char *format, va_list args) - int ignored; - - dynbuf = NULL; -+ CRYPTO_push_info("doapr()"); - if (!_dopr(&hugebufp, &dynbuf, &hugebufsize, &retlen, &ignored, format, - args)) { - OPENSSL_free(dynbuf); -@@ -911,6 +835,7 @@ int BIO_vprintf(BIO *bio, const char *format, va_list args) - } else { - ret = BIO_write(bio, hugebuf, (int)retlen); - } -+ CRYPTO_pop_info(); - return (ret); - } - -diff --git a/Cryptlib/OpenSSL/crypto/bio/b_sock.c b/Cryptlib/OpenSSL/crypto/bio/b_sock.c -index ac2c2d1..5bad0a2 100644 ---- a/Cryptlib/OpenSSL/crypto/bio/b_sock.c -+++ b/Cryptlib/OpenSSL/crypto/bio/b_sock.c -@@ -1,21 +1,76 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/bio/b_sock.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include - #include - #include --#include "bio_lcl.h" --#if defined(NETWARE_CLIB) --# include -+#define USE_SOCKETS -+#include "cryptlib.h" -+#include -+#if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_BSDSOCK) -+# include -+# if defined(NETWARE_CLIB) -+# include - NETDB_DEFINE_CONTEXT -+# endif - #endif - #ifndef OPENSSL_NO_SOCK -+# include - # define SOCKET_PROTOCOL IPPROTO_TCP - # ifdef SO_MAXCONN - # define MAX_LISTEN SO_MAXCONN -@@ -24,93 +79,294 @@ NETDB_DEFINE_CONTEXT - # else - # define MAX_LISTEN 32 - # endif --# if defined(OPENSSL_SYS_WINDOWS) -+# if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)) - static int wsa_init_done = 0; - # endif - --# if OPENSSL_API_COMPAT < 0x10100000L -+/* -+ * WSAAPI specifier is required to make indirect calls to run-time -+ * linked WinSock 2 functions used in this module, to be specific -+ * [get|free]addrinfo and getnameinfo. This is because WinSock uses -+ * uses non-C calling convention, __stdcall vs. __cdecl, on x86 -+ * Windows. On non-WinSock platforms WSAAPI needs to be void. -+ */ -+# ifndef WSAAPI -+# define WSAAPI -+# endif -+ -+# if 0 -+static unsigned long BIO_ghbn_hits = 0L; -+static unsigned long BIO_ghbn_miss = 0L; -+ -+# define GHBN_NUM 4 -+static struct ghbn_cache_st { -+ char name[129]; -+ struct hostent *ent; -+ unsigned long order; -+} ghbn_cache[GHBN_NUM]; -+# endif -+ -+static int get_ip(const char *str, unsigned char *ip); -+# if 0 -+static void ghbn_free(struct hostent *a); -+static struct hostent *ghbn_dup(struct hostent *a); -+# endif - int BIO_get_host_ip(const char *str, unsigned char *ip) - { -- BIO_ADDRINFO *res = NULL; -- int ret = 0; -+ int i; -+ int err = 1; -+ int locked = 0; -+ struct hostent *he; - -+ i = get_ip(str, ip); -+ if (i < 0) { -+ BIOerr(BIO_F_BIO_GET_HOST_IP, BIO_R_INVALID_IP_ADDRESS); -+ goto err; -+ } -+ -+ /* -+ * At this point, we have something that is most probably correct in some -+ * way, so let's init the socket. -+ */ - if (BIO_sock_init() != 1) - return 0; /* don't generate another error code here */ - -- if (BIO_lookup(str, NULL, BIO_LOOKUP_CLIENT, AF_INET, SOCK_STREAM, &res)) { -- size_t l; -- -- if (BIO_ADDRINFO_family(res) != AF_INET) { -- BIOerr(BIO_F_BIO_GET_HOST_IP, -- BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET); -- } else { -- BIO_ADDR_rawaddress(BIO_ADDRINFO_address(res), NULL, &l); -- /* Because only AF_INET addresses will reach this far, -- we can assert that l should be 4 */ -- OPENSSL_assert(l == 4); -+ /* -+ * If the string actually contained an IP address, we need not do -+ * anything more -+ */ -+ if (i > 0) -+ return (1); -+ -+ /* do a gethostbyname */ -+ CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME); -+ locked = 1; -+ he = BIO_gethostbyname(str); -+ if (he == NULL) { -+ BIOerr(BIO_F_BIO_GET_HOST_IP, BIO_R_BAD_HOSTNAME_LOOKUP); -+ goto err; -+ } - -- BIO_ADDR_rawaddress(BIO_ADDRINFO_address(res), ip, &l); -- ret = 1; -- } -- BIO_ADDRINFO_free(res); -- } else { -- ERR_add_error_data(2, "host=", str); -+ /* cast to short because of win16 winsock definition */ -+ if ((short)he->h_addrtype != AF_INET) { -+ BIOerr(BIO_F_BIO_GET_HOST_IP, -+ BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET); -+ goto err; - } -+ for (i = 0; i < 4; i++) -+ ip[i] = he->h_addr_list[0][i]; -+ err = 0; - -- return ret; -+ err: -+ if (locked) -+ CRYPTO_w_unlock(CRYPTO_LOCK_GETHOSTBYNAME); -+ if (err) { -+ ERR_add_error_data(2, "host=", str); -+ return 0; -+ } else -+ return 1; - } - - int BIO_get_port(const char *str, unsigned short *port_ptr) - { -- BIO_ADDRINFO *res = NULL; -- int ret = 0; -+ int i; -+ struct servent *s; - - if (str == NULL) { - BIOerr(BIO_F_BIO_GET_PORT, BIO_R_NO_PORT_DEFINED); - return (0); - } -- -- if (BIO_sock_init() != 1) -- return 0; /* don't generate another error code here */ -- -- if (BIO_lookup(NULL, str, BIO_LOOKUP_CLIENT, AF_INET, SOCK_STREAM, &res)) { -- if (BIO_ADDRINFO_family(res) != AF_INET) { -- BIOerr(BIO_F_BIO_GET_PORT, -- BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET); -- } else { -- *port_ptr = ntohs(BIO_ADDR_rawport(BIO_ADDRINFO_address(res))); -- ret = 1; -+ i = atoi(str); -+ if (i != 0) -+ *port_ptr = (unsigned short)i; -+ else { -+ CRYPTO_w_lock(CRYPTO_LOCK_GETSERVBYNAME); -+ /* -+ * Note: under VMS with SOCKETSHR, it seems like the first parameter -+ * is 'char *', instead of 'const char *' -+ */ -+# ifndef CONST_STRICT -+ s = getservbyname((char *)str, "tcp"); -+# else -+ s = getservbyname(str, "tcp"); -+# endif -+ if (s != NULL) -+ *port_ptr = ntohs((unsigned short)s->s_port); -+ CRYPTO_w_unlock(CRYPTO_LOCK_GETSERVBYNAME); -+ if (s == NULL) { -+ if (strcmp(str, "http") == 0) -+ *port_ptr = 80; -+ else if (strcmp(str, "telnet") == 0) -+ *port_ptr = 23; -+ else if (strcmp(str, "socks") == 0) -+ *port_ptr = 1080; -+ else if (strcmp(str, "https") == 0) -+ *port_ptr = 443; -+ else if (strcmp(str, "ssl") == 0) -+ *port_ptr = 443; -+ else if (strcmp(str, "ftp") == 0) -+ *port_ptr = 21; -+ else if (strcmp(str, "gopher") == 0) -+ *port_ptr = 70; -+# if 0 -+ else if (strcmp(str, "wais") == 0) -+ *port_ptr = 21; -+# endif -+ else { -+ SYSerr(SYS_F_GETSERVBYNAME, get_last_socket_error()); -+ ERR_add_error_data(3, "service='", str, "'"); -+ return (0); -+ } - } -- BIO_ADDRINFO_free(res); -- } else { -- ERR_add_error_data(2, "host=", str); - } -- -- return ret; -+ return (1); - } --# endif - - int BIO_sock_error(int sock) - { -- int j = 0, i; -- socklen_t size = sizeof(j); -+ int j, i; -+ union { -+ size_t s; -+ int i; -+ } size; -+ -+# if defined(OPENSSL_SYS_BEOS_R5) -+ return 0; -+# endif - -+ /* heuristic way to adapt for platforms that expect 64-bit optlen */ -+ size.s = 0, size.i = sizeof(j); - /* - * Note: under Windows the third parameter is of type (char *) whereas - * under other systems it is (void *) if you don't have a cast it will - * choke the compiler: if you do have a cast then you can either go for - * (char *) or (void *). - */ -- i = getsockopt(sock, SOL_SOCKET, SO_ERROR, (void *)&j, &size); -+ i = getsockopt(sock, SOL_SOCKET, SO_ERROR, (void *)&j, (void *)&size); - if (i < 0) -- return (get_last_socket_error()); -+ return (1); - else - return (j); - } - --# if OPENSSL_API_COMPAT < 0x10100000L -+# if 0 -+long BIO_ghbn_ctrl(int cmd, int iarg, char *parg) -+{ -+ int i; -+ char **p; -+ -+ switch (cmd) { -+ case BIO_GHBN_CTRL_HITS: -+ return (BIO_ghbn_hits); -+ /* break; */ -+ case BIO_GHBN_CTRL_MISSES: -+ return (BIO_ghbn_miss); -+ /* break; */ -+ case BIO_GHBN_CTRL_CACHE_SIZE: -+ return (GHBN_NUM); -+ /* break; */ -+ case BIO_GHBN_CTRL_GET_ENTRY: -+ if ((iarg >= 0) && (iarg < GHBN_NUM) && (ghbn_cache[iarg].order > 0)) { -+ p = (char **)parg; -+ if (p == NULL) -+ return (0); -+ *p = ghbn_cache[iarg].name; -+ ghbn_cache[iarg].name[128] = '\0'; -+ return (1); -+ } -+ return (0); -+ /* break; */ -+ case BIO_GHBN_CTRL_FLUSH: -+ for (i = 0; i < GHBN_NUM; i++) -+ ghbn_cache[i].order = 0; -+ break; -+ default: -+ return (0); -+ } -+ return (1); -+} -+# endif -+ -+# if 0 -+static struct hostent *ghbn_dup(struct hostent *a) -+{ -+ struct hostent *ret; -+ int i, j; -+ -+ MemCheck_off(); -+ ret = (struct hostent *)OPENSSL_malloc(sizeof(struct hostent)); -+ if (ret == NULL) -+ return (NULL); -+ memset(ret, 0, sizeof(struct hostent)); -+ -+ for (i = 0; a->h_aliases[i] != NULL; i++) ; -+ i++; -+ ret->h_aliases = (char **)OPENSSL_malloc(i * sizeof(char *)); -+ if (ret->h_aliases == NULL) -+ goto err; -+ memset(ret->h_aliases, 0, i * sizeof(char *)); -+ -+ for (i = 0; a->h_addr_list[i] != NULL; i++) ; -+ i++; -+ ret->h_addr_list = (char **)OPENSSL_malloc(i * sizeof(char *)); -+ if (ret->h_addr_list == NULL) -+ goto err; -+ memset(ret->h_addr_list, 0, i * sizeof(char *)); -+ -+ j = strlen(a->h_name) + 1; -+ if ((ret->h_name = OPENSSL_malloc(j)) == NULL) -+ goto err; -+ memcpy((char *)ret->h_name, a->h_name, j); -+ for (i = 0; a->h_aliases[i] != NULL; i++) { -+ j = strlen(a->h_aliases[i]) + 1; -+ if ((ret->h_aliases[i] = OPENSSL_malloc(j)) == NULL) -+ goto err; -+ memcpy(ret->h_aliases[i], a->h_aliases[i], j); -+ } -+ ret->h_length = a->h_length; -+ ret->h_addrtype = a->h_addrtype; -+ for (i = 0; a->h_addr_list[i] != NULL; i++) { -+ if ((ret->h_addr_list[i] = OPENSSL_malloc(a->h_length)) == NULL) -+ goto err; -+ memcpy(ret->h_addr_list[i], a->h_addr_list[i], a->h_length); -+ } -+ if (0) { -+ err: -+ if (ret != NULL) -+ ghbn_free(ret); -+ ret = NULL; -+ } -+ MemCheck_on(); -+ return (ret); -+} -+ -+static void ghbn_free(struct hostent *a) -+{ -+ int i; -+ -+ if (a == NULL) -+ return; -+ -+ if (a->h_aliases != NULL) { -+ for (i = 0; a->h_aliases[i] != NULL; i++) -+ OPENSSL_free(a->h_aliases[i]); -+ OPENSSL_free(a->h_aliases); -+ } -+ if (a->h_addr_list != NULL) { -+ for (i = 0; a->h_addr_list[i] != NULL; i++) -+ OPENSSL_free(a->h_addr_list[i]); -+ OPENSSL_free(a->h_addr_list); -+ } -+ if (a->h_name != NULL) -+ OPENSSL_free(a->h_name); -+ OPENSSL_free(a); -+} -+ -+# endif -+ - struct hostent *BIO_gethostbyname(const char *name) - { -+# if 1 - /* - * Caching gethostbyname() results forever is wrong, so we have to let - * the true gethostbyname() worry about this -@@ -120,8 +376,83 @@ struct hostent *BIO_gethostbyname(const char *name) - # else - return gethostbyname(name); - # endif --} -+# else -+ struct hostent *ret; -+ int i, lowi = 0, j; -+ unsigned long low = (unsigned long)-1; -+ -+# if 0 -+ /* -+ * It doesn't make sense to use locking here: The function interface is -+ * not thread-safe, because threads can never be sure when some other -+ * thread destroys the data they were given a pointer to. -+ */ -+ CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME); -+# endif -+ j = strlen(name); -+ if (j < 128) { -+ for (i = 0; i < GHBN_NUM; i++) { -+ if (low > ghbn_cache[i].order) { -+ low = ghbn_cache[i].order; -+ lowi = i; -+ } -+ if (ghbn_cache[i].order > 0) { -+ if (strncmp(name, ghbn_cache[i].name, 128) == 0) -+ break; -+ } -+ } -+ } else -+ i = GHBN_NUM; -+ -+ if (i == GHBN_NUM) { /* no hit */ -+ BIO_ghbn_miss++; -+ /* -+ * Note: under VMS with SOCKETSHR, it seems like the first parameter -+ * is 'char *', instead of 'const char *' -+ */ -+# ifndef CONST_STRICT -+ ret = gethostbyname((char *)name); -+# else -+ ret = gethostbyname(name); -+# endif -+ -+ if (ret == NULL) -+ goto end; -+ if (j > 128) { /* too big to cache */ -+# if 0 -+ /* -+ * If we were trying to make this function thread-safe (which is -+ * bound to fail), we'd have to give up in this case (or allocate -+ * more memory). -+ */ -+ ret = NULL; -+# endif -+ goto end; -+ } -+ -+ /* else add to cache */ -+ if (ghbn_cache[lowi].ent != NULL) -+ ghbn_free(ghbn_cache[lowi].ent); /* XXX not thread-safe */ -+ ghbn_cache[lowi].name[0] = '\0'; -+ -+ if ((ret = ghbn_cache[lowi].ent = ghbn_dup(ret)) == NULL) { -+ BIOerr(BIO_F_BIO_GETHOSTBYNAME, ERR_R_MALLOC_FAILURE); -+ goto end; -+ } -+ strncpy(ghbn_cache[lowi].name, name, 128); -+ ghbn_cache[lowi].order = BIO_ghbn_miss + BIO_ghbn_hits; -+ } else { -+ BIO_ghbn_hits++; -+ ret = ghbn_cache[i].ent; -+ ghbn_cache[i].order = BIO_ghbn_miss + BIO_ghbn_hits; -+ } -+ end: -+# if 0 -+ CRYPTO_w_unlock(CRYPTO_LOCK_GETHOSTBYNAME); -+# endif -+ return (ret); - # endif -+} - - int BIO_sock_init(void) - { -@@ -135,7 +466,7 @@ int BIO_sock_init(void) - memset(&wsa_state, 0, sizeof(wsa_state)); - /* - * Not making wsa_state available to the rest of the code is formally -- * wrong. But the structures we use are [believed to be] invariable -+ * wrong. But the structures we use are [beleived to be] invariable - * among Winsock DLLs, while API availability is [expected to be] - * probed at run-time with DSO_global_lookup. - */ -@@ -154,12 +485,38 @@ int BIO_sock_init(void) - return (-1); - # endif - -+# if defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK) -+ WORD wVerReq; -+ WSADATA wsaData; -+ int err; -+ -+ if (!wsa_init_done) { -+ wsa_init_done = 1; -+ wVerReq = MAKEWORD(2, 0); -+ err = WSAStartup(wVerReq, &wsaData); -+ if (err != 0) { -+ SYSerr(SYS_F_WSASTARTUP, err); -+ BIOerr(BIO_F_BIO_SOCK_INIT, BIO_R_WSASTARTUP); -+ return (-1); -+ } -+ } -+# endif -+ - return (1); - } - --void bio_sock_cleanup_int(void) -+void BIO_sock_cleanup(void) - { - # ifdef OPENSSL_SYS_WINDOWS -+ if (wsa_init_done) { -+ wsa_init_done = 0; -+# if 0 /* this call is claimed to be non-present in -+ * Winsock2 */ -+ WSACancelBlockingCall(); -+# endif -+ WSACleanup(); -+ } -+# elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK) - if (wsa_init_done) { - wsa_init_done = 0; - WSACleanup(); -@@ -208,83 +565,369 @@ int BIO_socket_ioctl(int fd, long type, void *arg) - } - # endif /* __VMS_VER */ - --# if OPENSSL_API_COMPAT < 0x10100000L --int BIO_get_accept_socket(char *host, int bind_mode) -+/* -+ * The reason I have implemented this instead of using sscanf is because -+ * Visual C 1.52c gives an unresolved external when linking a DLL :-( -+ */ -+static int get_ip(const char *str, unsigned char ip[4]) - { -- int s = INVALID_SOCKET; -- char *h = NULL, *p = NULL; -- BIO_ADDRINFO *res = NULL; -+ unsigned int tmp[4]; -+ int num = 0, c, ok = 0; -+ -+ tmp[0] = tmp[1] = tmp[2] = tmp[3] = 0; -+ -+ for (;;) { -+ c = *(str++); -+ if ((c >= '0') && (c <= '9')) { -+ ok = 1; -+ tmp[num] = tmp[num] * 10 + c - '0'; -+ if (tmp[num] > 255) -+ return (0); -+ } else if (c == '.') { -+ if (!ok) -+ return (-1); -+ if (num == 3) -+ return (0); -+ num++; -+ ok = 0; -+ } else if (c == '\0' && (num == 3) && ok) -+ break; -+ else -+ return (0); -+ } -+ ip[0] = tmp[0]; -+ ip[1] = tmp[1]; -+ ip[2] = tmp[2]; -+ ip[3] = tmp[3]; -+ return (1); -+} - -- if (!BIO_parse_hostserv(host, &h, &p, BIO_PARSE_PRIO_SERV)) -- return INVALID_SOCKET; -+int BIO_get_accept_socket(char *host, int bind_mode) -+{ -+ int ret = 0; -+ union { -+ struct sockaddr sa; -+ struct sockaddr_in sa_in; -+# if OPENSSL_USE_IPV6 -+ struct sockaddr_in6 sa_in6; -+# endif -+ } server, client; -+ int s = INVALID_SOCKET, cs, addrlen; -+ unsigned char ip[4]; -+ unsigned short port; -+ char *str = NULL, *e; -+ char *h, *p; -+ unsigned long l; -+ int err_num; - - if (BIO_sock_init() != 1) -- return INVALID_SOCKET; -+ return (INVALID_SOCKET); -+ -+ if ((str = BUF_strdup(host)) == NULL) -+ return (INVALID_SOCKET); -+ -+ h = p = NULL; -+ h = str; -+ for (e = str; *e; e++) { -+ if (*e == ':') { -+ p = e; -+ } else if (*e == '/') { -+ *e = '\0'; -+ break; -+ } -+ } -+ if (p) -+ *p++ = '\0'; /* points at last ':', '::port' is special -+ * [see below] */ -+ else -+ p = h, h = NULL; -+ -+# ifdef EAI_FAMILY -+ do { -+ static union { -+ void *p; -+ int (WSAAPI *f) (const char *, const char *, -+ const struct addrinfo *, struct addrinfo **); -+ } p_getaddrinfo = { -+ NULL -+ }; -+ static union { -+ void *p; -+ void (WSAAPI *f) (struct addrinfo *); -+ } p_freeaddrinfo = { -+ NULL -+ }; -+ struct addrinfo *res, hint; -+ -+ if (p_getaddrinfo.p == NULL) { -+ if ((p_getaddrinfo.p = DSO_global_lookup("getaddrinfo")) == NULL -+ || (p_freeaddrinfo.p = -+ DSO_global_lookup("freeaddrinfo")) == NULL) -+ p_getaddrinfo.p = (void *)-1; -+ } -+ if (p_getaddrinfo.p == (void *)-1) -+ break; - -- if (BIO_lookup(h, p, BIO_LOOKUP_SERVER, AF_UNSPEC, SOCK_STREAM, &res) != 0) -- goto err; -+ /* -+ * '::port' enforces IPv6 wildcard listener. Some OSes, e.g. Solaris, -+ * default to IPv6 without any hint. Also note that commonly IPv6 -+ * wildchard socket can service IPv4 connections just as well... -+ */ -+ memset(&hint, 0, sizeof(hint)); -+ hint.ai_flags = AI_PASSIVE; -+ if (h) { -+ if (strchr(h, ':')) { -+ if (h[1] == '\0') -+ h = NULL; -+# if OPENSSL_USE_IPV6 -+ hint.ai_family = AF_INET6; -+# else -+ h = NULL; -+# endif -+ } else if (h[0] == '*' && h[1] == '\0') { -+ hint.ai_family = AF_INET; -+ h = NULL; -+ } -+ } - -- if ((s = BIO_socket(BIO_ADDRINFO_family(res), BIO_ADDRINFO_socktype(res), -- BIO_ADDRINFO_protocol(res), 0)) == INVALID_SOCKET) { -- s = INVALID_SOCKET; -+ if ((*p_getaddrinfo.f) (h, p, &hint, &res)) -+ break; -+ -+ addrlen = res->ai_addrlen <= sizeof(server) ? -+ res->ai_addrlen : sizeof(server); -+ memcpy(&server, res->ai_addr, addrlen); -+ -+ (*p_freeaddrinfo.f) (res); -+ goto again; -+ } while (0); -+# endif -+ -+ if (!BIO_get_port(p, &port)) - goto err; -+ -+ memset((char *)&server, 0, sizeof(server)); -+ server.sa_in.sin_family = AF_INET; -+ server.sa_in.sin_port = htons(port); -+ addrlen = sizeof(server.sa_in); -+ -+ if (h == NULL || strcmp(h, "*") == 0) -+ server.sa_in.sin_addr.s_addr = INADDR_ANY; -+ else { -+ if (!BIO_get_host_ip(h, &(ip[0]))) -+ goto err; -+ l = (unsigned long) -+ ((unsigned long)ip[0] << 24L) | -+ ((unsigned long)ip[1] << 16L) | -+ ((unsigned long)ip[2] << 8L) | ((unsigned long)ip[3]); -+ server.sa_in.sin_addr.s_addr = htonl(l); - } - -- if (!BIO_listen(s, BIO_ADDRINFO_address(res), -- bind_mode ? BIO_SOCK_REUSEADDR : 0)) { -- BIO_closesocket(s); -- s = INVALID_SOCKET; -+ again: -+ s = socket(server.sa.sa_family, SOCK_STREAM, SOCKET_PROTOCOL); -+ if (s == INVALID_SOCKET) { -+ SYSerr(SYS_F_SOCKET, get_last_socket_error()); -+ ERR_add_error_data(3, "port='", host, "'"); -+ BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET, BIO_R_UNABLE_TO_CREATE_SOCKET); -+ goto err; - } -+# ifdef SO_REUSEADDR -+ if (bind_mode == BIO_BIND_REUSEADDR) { -+ int i = 1; - -+ ret = setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (char *)&i, sizeof(i)); -+ bind_mode = BIO_BIND_NORMAL; -+ } -+# endif -+ if (bind(s, &server.sa, addrlen) == -1) { -+# ifdef SO_REUSEADDR -+ err_num = get_last_socket_error(); -+ if ((bind_mode == BIO_BIND_REUSEADDR_IF_UNUSED) && -+# ifdef OPENSSL_SYS_WINDOWS -+ /* -+ * Some versions of Windows define EADDRINUSE to a dummy value. -+ */ -+ (err_num == WSAEADDRINUSE)) -+# else -+ (err_num == EADDRINUSE)) -+# endif -+ { -+ client = server; -+ if (h == NULL || strcmp(h, "*") == 0) { -+# if OPENSSL_USE_IPV6 -+ if (client.sa.sa_family == AF_INET6) { -+ memset(&client.sa_in6.sin6_addr, 0, -+ sizeof(client.sa_in6.sin6_addr)); -+ client.sa_in6.sin6_addr.s6_addr[15] = 1; -+ } else -+# endif -+ if (client.sa.sa_family == AF_INET) { -+ client.sa_in.sin_addr.s_addr = htonl(0x7F000001); -+ } else -+ goto err; -+ } -+ cs = socket(client.sa.sa_family, SOCK_STREAM, SOCKET_PROTOCOL); -+ if (cs != INVALID_SOCKET) { -+ int ii; -+ ii = connect(cs, &client.sa, addrlen); -+ closesocket(cs); -+ if (ii == INVALID_SOCKET) { -+ bind_mode = BIO_BIND_REUSEADDR; -+ closesocket(s); -+ goto again; -+ } -+ /* else error */ -+ } -+ /* else error */ -+ } -+# endif -+ SYSerr(SYS_F_BIND, err_num); -+ ERR_add_error_data(3, "port='", host, "'"); -+ BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET, BIO_R_UNABLE_TO_BIND_SOCKET); -+ goto err; -+ } -+ if (listen(s, MAX_LISTEN) == -1) { -+ SYSerr(SYS_F_BIND, get_last_socket_error()); -+ ERR_add_error_data(3, "port='", host, "'"); -+ BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET, BIO_R_UNABLE_TO_LISTEN_SOCKET); -+ goto err; -+ } -+ ret = 1; - err: -- BIO_ADDRINFO_free(res); -- OPENSSL_free(h); -- OPENSSL_free(p); -- -- return s; -+ if (str != NULL) -+ OPENSSL_free(str); -+ if ((ret == 0) && (s != INVALID_SOCKET)) { -+ closesocket(s); -+ s = INVALID_SOCKET; -+ } -+ return (s); - } - --int BIO_accept(int sock, char **ip_port) -+int BIO_accept(int sock, char **addr) - { -- BIO_ADDR res; -- int ret = -1; -+ int ret = INVALID_SOCKET; -+ unsigned long l; -+ unsigned short port; -+ char *p; - -- ret = BIO_accept_ex(sock, &res, 0); -- if (ret == (int)INVALID_SOCKET) { -- if (BIO_sock_should_retry(ret)) { -- ret = -2; -- goto end; -- } -+ struct { -+ /* -+ * As for following union. Trouble is that there are platforms -+ * that have socklen_t and there are platforms that don't, on -+ * some platforms socklen_t is int and on some size_t. So what -+ * one can do? One can cook #ifdef spaghetti, which is nothing -+ * but masochistic. Or one can do union between int and size_t. -+ * One naturally does it primarily for 64-bit platforms where -+ * sizeof(int) != sizeof(size_t). But would it work? Note that -+ * if size_t member is initialized to 0, then later int member -+ * assignment naturally does the job on little-endian platforms -+ * regardless accept's expectations! What about big-endians? -+ * If accept expects int*, then it works, and if size_t*, then -+ * length value would appear as unreasonably large. But this -+ * won't prevent it from filling in the address structure. The -+ * trouble of course would be if accept returns more data than -+ * actual buffer can accomodate and overwrite stack... That's -+ * where early OPENSSL_assert comes into picture. Besides, the -+ * only 64-bit big-endian platform found so far that expects -+ * size_t* is HP-UX, where stack grows towards higher address. -+ * -+ */ -+ union { -+ size_t s; -+ int i; -+ } len; -+ union { -+ struct sockaddr sa; -+ struct sockaddr_in sa_in; -+# if OPENSSL_USE_IPV6 -+ struct sockaddr_in6 sa_in6; -+# endif -+ } from; -+ } sa; -+ -+ sa.len.s = 0; -+ sa.len.i = sizeof(sa.from); -+ memset(&sa.from, 0, sizeof(sa.from)); -+ ret = accept(sock, &sa.from.sa, (void *)&sa.len); -+ if (sizeof(sa.len.i) != sizeof(sa.len.s) && sa.len.i == 0) { -+ OPENSSL_assert(sa.len.s <= sizeof(sa.from)); -+ sa.len.i = (int)sa.len.s; -+ /* use sa.len.i from this point */ -+ } -+ if (ret == INVALID_SOCKET) { -+ if (BIO_sock_should_retry(ret)) -+ return -2; - SYSerr(SYS_F_ACCEPT, get_last_socket_error()); - BIOerr(BIO_F_BIO_ACCEPT, BIO_R_ACCEPT_ERROR); - goto end; - } - -- if (ip_port != NULL) { -- char *host = BIO_ADDR_hostname_string(&res, 1); -- char *port = BIO_ADDR_service_string(&res, 1); -- if (host != NULL && port != NULL) -- *ip_port = OPENSSL_zalloc(strlen(host) + strlen(port) + 2); -- else -- *ip_port = NULL; -+ if (addr == NULL) -+ goto end; - -- if (*ip_port == NULL) { -- BIOerr(BIO_F_BIO_ACCEPT, ERR_R_MALLOC_FAILURE); -- BIO_closesocket(ret); -- ret = (int)INVALID_SOCKET; -+# ifdef EAI_FAMILY -+ do { -+ char h[NI_MAXHOST], s[NI_MAXSERV]; -+ size_t nl; -+ static union { -+ void *p; -+ int (WSAAPI *f) (const struct sockaddr *, size_t /* socklen_t */ , -+ char *, size_t, char *, size_t, int); -+ } p_getnameinfo = { -+ NULL -+ }; -+ /* -+ * 2nd argument to getnameinfo is specified to be socklen_t. -+ * Unfortunately there is a number of environments where socklen_t is -+ * not defined. As it's passed by value, it's safe to pass it as -+ * size_t... -+ */ -+ -+ if (p_getnameinfo.p == NULL) { -+ if ((p_getnameinfo.p = DSO_global_lookup("getnameinfo")) == NULL) -+ p_getnameinfo.p = (void *)-1; -+ } -+ if (p_getnameinfo.p == (void *)-1) -+ break; -+ -+ if ((*p_getnameinfo.f) (&sa.from.sa, sa.len.i, h, sizeof(h), s, -+ sizeof(s), NI_NUMERICHOST | NI_NUMERICSERV)) -+ break; -+ nl = strlen(h) + strlen(s) + 2; -+ p = *addr; -+ if (p) { -+ *p = '\0'; -+ p = OPENSSL_realloc(p, nl); - } else { -- strcpy(*ip_port, host); -- strcat(*ip_port, ":"); -- strcat(*ip_port, port); -+ p = OPENSSL_malloc(nl); -+ } -+ if (p == NULL) { -+ BIOerr(BIO_F_BIO_ACCEPT, ERR_R_MALLOC_FAILURE); -+ goto end; -+ } -+ *addr = p; -+ BIO_snprintf(*addr, nl, "%s:%s", h, s); -+ goto end; -+ } while (0); -+# endif -+ if (sa.from.sa.sa_family != AF_INET) -+ goto end; -+ l = ntohl(sa.from.sa_in.sin_addr.s_addr); -+ port = ntohs(sa.from.sa_in.sin_port); -+ if (*addr == NULL) { -+ if ((p = OPENSSL_malloc(24)) == NULL) { -+ BIOerr(BIO_F_BIO_ACCEPT, ERR_R_MALLOC_FAILURE); -+ goto end; - } -- OPENSSL_free(host); -- OPENSSL_free(port); -+ *addr = p; - } -- -+ BIO_snprintf(*addr, 24, "%d.%d.%d.%d:%d", -+ (unsigned char)(l >> 24L) & 0xff, -+ (unsigned char)(l >> 16L) & 0xff, -+ (unsigned char)(l >> 8L) & 0xff, -+ (unsigned char)(l) & 0xff, port); - end: -- return ret; -+ return (ret); - } --# endif - - int BIO_set_tcp_ndelay(int s, int on) - { -@@ -312,70 +955,8 @@ int BIO_socket_nbio(int s, int mode) - - l = mode; - # ifdef FIONBIO -- l = mode; -- - ret = BIO_socket_ioctl(s, FIONBIO, &l); --# elif defined(F_GETFL) && defined(F_SETFL) && (defined(O_NONBLOCK) || defined(FNDELAY)) -- /* make sure this call always pushes an error level; BIO_socket_ioctl() does so, so we do too. */ -- -- l = fcntl(s, F_GETFL, 0); -- if (l == -1) { -- SYSerr(SYS_F_FCNTL, get_last_rtl_error()); -- ret = -1; -- } else { --# if defined(O_NONBLOCK) -- l &= ~O_NONBLOCK; --# else -- l &= ~FNDELAY; /* BSD4.x */ --# endif -- if (mode) { --# if defined(O_NONBLOCK) -- l |= O_NONBLOCK; --# else -- l |= FNDELAY; /* BSD4.x */ --# endif -- } -- ret = fcntl(s, F_SETFL, l); -- -- if (ret < 0) { -- SYSerr(SYS_F_FCNTL, get_last_rtl_error()); -- } -- } --# else -- /* make sure this call always pushes an error level; BIO_socket_ioctl() does so, so we do too. */ -- BIOerr(BIO_F_BIO_SOCKET_NBIO, ERR_R_PASSED_INVALID_ARGUMENT); - # endif -- - return (ret == 0); - } -- --int BIO_sock_info(int sock, -- enum BIO_sock_info_type type, union BIO_sock_info_u *info) --{ -- switch (type) { -- case BIO_SOCK_INFO_ADDRESS: -- { -- socklen_t addr_len; -- int ret = 0; -- addr_len = sizeof(*info->addr); -- ret = getsockname(sock, BIO_ADDR_sockaddr_noconst(info->addr), -- &addr_len); -- if (ret == -1) { -- SYSerr(SYS_F_GETSOCKNAME, get_last_socket_error()); -- BIOerr(BIO_F_BIO_SOCK_INFO, BIO_R_GETSOCKNAME_ERROR); -- return 0; -- } -- if ((size_t)addr_len > sizeof(*info->addr)) { -- BIOerr(BIO_F_BIO_SOCK_INFO, BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS); -- return 0; -- } -- } -- break; -- default: -- BIOerr(BIO_F_BIO_SOCK_INFO, BIO_R_UNKNOWN_INFO_TYPE); -- return 0; -- } -- return 1; --} -- - #endif -diff --git a/Cryptlib/OpenSSL/crypto/bio/b_sock2.c b/Cryptlib/OpenSSL/crypto/bio/b_sock2.c -deleted file mode 100644 -index 7f4d89e..0000000 ---- a/Cryptlib/OpenSSL/crypto/bio/b_sock2.c -+++ /dev/null -@@ -1,270 +0,0 @@ --/* -- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include --#include --#include -- --#include "bio_lcl.h" -- --#include -- --#ifndef OPENSSL_NO_SOCK --# ifdef SO_MAXCONN --# define MAX_LISTEN SO_MAXCONN --# elif defined(SOMAXCONN) --# define MAX_LISTEN SOMAXCONN --# else --# define MAX_LISTEN 32 --# endif -- --/*- -- * BIO_socket - create a socket -- * @domain: the socket domain (AF_INET, AF_INET6, AF_UNIX, ...) -- * @socktype: the socket type (SOCK_STEAM, SOCK_DGRAM) -- * @protocol: the protocol to use (IPPROTO_TCP, IPPROTO_UDP) -- * @options: BIO socket options (currently unused) -- * -- * Creates a socket. This should be called before calling any -- * of BIO_connect and BIO_listen. -- * -- * Returns the file descriptor on success or INVALID_SOCKET on failure. On -- * failure errno is set, and a status is added to the OpenSSL error stack. -- */ --int BIO_socket(int domain, int socktype, int protocol, int options) --{ -- int sock = -1; -- -- if (BIO_sock_init() != 1) -- return INVALID_SOCKET; -- -- sock = socket(domain, socktype, protocol); -- if (sock == -1) { -- SYSerr(SYS_F_SOCKET, get_last_socket_error()); -- BIOerr(BIO_F_BIO_SOCKET, BIO_R_UNABLE_TO_CREATE_SOCKET); -- return INVALID_SOCKET; -- } -- -- return sock; --} -- --/*- -- * BIO_connect - connect to an address -- * @sock: the socket to connect with -- * @addr: the address to connect to -- * @options: BIO socket options -- * -- * Connects to the address using the given socket and options. -- * -- * Options can be a combination of the following: -- * - BIO_SOCK_KEEPALIVE: enable regularly sending keep-alive messages. -- * - BIO_SOCK_NONBLOCK: Make the socket non-blocking. -- * - BIO_SOCK_NODELAY: don't delay small messages. -- * -- * options holds BIO socket options that can be used -- * You should call this for every address returned by BIO_lookup -- * until the connection is successful. -- * -- * Returns 1 on success or 0 on failure. On failure errno is set -- * and an error status is added to the OpenSSL error stack. -- */ --int BIO_connect(int sock, const BIO_ADDR *addr, int options) --{ -- int on = 1; -- -- if (sock == -1) { -- BIOerr(BIO_F_BIO_CONNECT, BIO_R_INVALID_SOCKET); -- return 0; -- } -- -- if (!BIO_socket_nbio(sock, (options & BIO_SOCK_NONBLOCK) != 0)) -- return 0; -- -- if (options & BIO_SOCK_KEEPALIVE) { -- if (setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) != 0) { -- SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error()); -- BIOerr(BIO_F_BIO_CONNECT, BIO_R_UNABLE_TO_KEEPALIVE); -- return 0; -- } -- } -- -- if (options & BIO_SOCK_NODELAY) { -- if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, &on, sizeof(on)) != 0) { -- SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error()); -- BIOerr(BIO_F_BIO_CONNECT, BIO_R_UNABLE_TO_NODELAY); -- return 0; -- } -- } -- -- if (connect(sock, BIO_ADDR_sockaddr(addr), -- BIO_ADDR_sockaddr_size(addr)) == -1) { -- if (!BIO_sock_should_retry(-1)) { -- SYSerr(SYS_F_CONNECT, get_last_socket_error()); -- BIOerr(BIO_F_BIO_CONNECT, BIO_R_CONNECT_ERROR); -- } -- return 0; -- } -- return 1; --} -- --/*- -- * BIO_listen - Creates a listen socket -- * @sock: the socket to listen with -- * @addr: local address to bind to -- * @options: BIO socket options -- * -- * Binds to the address using the given socket and options, then -- * starts listening for incoming connections. -- * -- * Options can be a combination of the following: -- * - BIO_SOCK_KEEPALIVE: enable regularly sending keep-alive messages. -- * - BIO_SOCK_NONBLOCK: Make the socket non-blocking. -- * - BIO_SOCK_NODELAY: don't delay small messages. -- * - BIO_SOCK_REUSEADDR: Try to reuse the address and port combination -- * for a recently closed port. -- * - BIO_SOCK_V6_ONLY: When creating an IPv6 socket, make it listen only -- * for IPv6 addresses and not IPv4 addresses mapped to IPv6. -- * -- * It's recommended that you set up both an IPv6 and IPv4 listen socket, and -- * then check both for new clients that connect to it. You want to set up -- * the socket as non-blocking in that case since else it could hang. -- * -- * Not all operating systems support IPv4 addresses on an IPv6 socket, and for -- * others it's an option. If you pass the BIO_LISTEN_V6_ONLY it will try to -- * create the IPv6 sockets to only listen for IPv6 connection. -- * -- * It could be that the first BIO_listen() call will listen to all the IPv6 -- * and IPv4 addresses and that then trying to bind to the IPv4 address will -- * fail. We can't tell the difference between already listening ourself to -- * it and someone else listening to it when failing and errno is EADDRINUSE, so -- * it's recommended to not give an error in that case if the first call was -- * successful. -- * -- * When restarting the program it could be that the port is still in use. If -- * you set to BIO_SOCK_REUSEADDR option it will try to reuse the port anyway. -- * It's recommended that you use this. -- */ --int BIO_listen(int sock, const BIO_ADDR *addr, int options) --{ -- int on = 1; -- int socktype; -- socklen_t socktype_len = sizeof(socktype); -- -- if (sock == -1) { -- BIOerr(BIO_F_BIO_LISTEN, BIO_R_INVALID_SOCKET); -- return 0; -- } -- -- if (getsockopt(sock, SOL_SOCKET, SO_TYPE, &socktype, &socktype_len) != 0 -- || socktype_len != sizeof(socktype)) { -- SYSerr(SYS_F_GETSOCKOPT, get_last_socket_error()); -- BIOerr(BIO_F_BIO_LISTEN, BIO_R_GETTING_SOCKTYPE); -- return 0; -- } -- -- if (!BIO_socket_nbio(sock, (options & BIO_SOCK_NONBLOCK) != 0)) -- return 0; -- --# ifndef OPENSSL_SYS_WINDOWS -- /* SO_REUSEADDR has different behavior on Windows than on -- * other operating systems, don't set it there. */ -- if (options & BIO_SOCK_REUSEADDR) { -- if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) != 0) { -- SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error()); -- BIOerr(BIO_F_BIO_LISTEN, BIO_R_UNABLE_TO_REUSEADDR); -- return 0; -- } -- } --# endif -- -- if (options & BIO_SOCK_KEEPALIVE) { -- if (setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) != 0) { -- SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error()); -- BIOerr(BIO_F_BIO_LISTEN, BIO_R_UNABLE_TO_KEEPALIVE); -- return 0; -- } -- } -- -- if (options & BIO_SOCK_NODELAY) { -- if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, &on, sizeof(on)) != 0) { -- SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error()); -- BIOerr(BIO_F_BIO_LISTEN, BIO_R_UNABLE_TO_NODELAY); -- return 0; -- } -- } -- --# ifdef IPV6_V6ONLY -- if ((options & BIO_SOCK_V6_ONLY) && BIO_ADDR_family(addr) == AF_INET6) { -- if (setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) != 0) { -- SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error()); -- BIOerr(BIO_F_BIO_LISTEN, BIO_R_LISTEN_V6_ONLY); -- return 0; -- } -- } --# endif -- -- if (bind(sock, BIO_ADDR_sockaddr(addr), BIO_ADDR_sockaddr_size(addr)) != 0) { -- SYSerr(SYS_F_BIND, get_last_socket_error()); -- BIOerr(BIO_F_BIO_LISTEN, BIO_R_UNABLE_TO_BIND_SOCKET); -- return 0; -- } -- -- if (socktype != SOCK_DGRAM && listen(sock, MAX_LISTEN) == -1) { -- SYSerr(SYS_F_LISTEN, get_last_socket_error()); -- BIOerr(BIO_F_BIO_LISTEN, BIO_R_UNABLE_TO_LISTEN_SOCKET); -- return 0; -- } -- -- return 1; --} -- --/*- -- * BIO_accept_ex - Accept new incoming connections -- * @sock: the listening socket -- * @addr: the BIO_ADDR to store the peer address in -- * @options: BIO socket options, applied on the accepted socket. -- * -- */ --int BIO_accept_ex(int accept_sock, BIO_ADDR *addr_, int options) --{ -- socklen_t len; -- int accepted_sock; -- BIO_ADDR locaddr; -- BIO_ADDR *addr = addr_ == NULL ? &locaddr : addr_; -- -- len = sizeof(*addr); -- accepted_sock = accept(accept_sock, -- BIO_ADDR_sockaddr_noconst(addr), &len); -- if (accepted_sock == -1) { -- if (!BIO_sock_should_retry(accepted_sock)) { -- SYSerr(SYS_F_ACCEPT, get_last_socket_error()); -- BIOerr(BIO_F_BIO_ACCEPT_EX, BIO_R_ACCEPT_ERROR); -- } -- return INVALID_SOCKET; -- } -- -- if (!BIO_socket_nbio(accepted_sock, (options & BIO_SOCK_NONBLOCK) != 0)) { -- closesocket(accepted_sock); -- return INVALID_SOCKET; -- } -- -- return accepted_sock; --} -- --/*- -- * BIO_closesocket - Close a socket -- * @sock: the socket to close -- */ --int BIO_closesocket(int sock) --{ -- if (closesocket(sock) < 0) -- return 0; -- return 1; --} --#endif -diff --git a/Cryptlib/OpenSSL/crypto/bio/bf_buff.c b/Cryptlib/OpenSSL/crypto/bio/bf_buff.c -index b2a387b..478fa16 100644 ---- a/Cryptlib/OpenSSL/crypto/bio/bf_buff.c -+++ b/Cryptlib/OpenSSL/crypto/bio/bf_buff.c -@@ -1,16 +1,65 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/bio/bf_buff.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include - #include --#include "bio_lcl.h" --#include "internal/cryptlib.h" -+#include "cryptlib.h" -+#include - - static int buffer_write(BIO *h, const char *buf, int num); - static int buffer_read(BIO *h, char *buf, int size); -@@ -22,7 +71,7 @@ static int buffer_free(BIO *data); - static long buffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); - #define DEFAULT_BUFFER_SIZE 4096 - --static const BIO_METHOD methods_buffer = { -+static BIO_METHOD methods_buffer = { - BIO_TYPE_BUFFER, - "buffer", - buffer_write, -@@ -35,30 +84,35 @@ static const BIO_METHOD methods_buffer = { - buffer_callback_ctrl, - }; - --const BIO_METHOD *BIO_f_buffer(void) -+BIO_METHOD *BIO_f_buffer(void) - { - return (&methods_buffer); - } - - static int buffer_new(BIO *bi) - { -- BIO_F_BUFFER_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); -+ BIO_F_BUFFER_CTX *ctx; - -+ ctx = (BIO_F_BUFFER_CTX *)OPENSSL_malloc(sizeof(BIO_F_BUFFER_CTX)); - if (ctx == NULL) - return (0); -- ctx->ibuf_size = DEFAULT_BUFFER_SIZE; -- ctx->ibuf = OPENSSL_malloc(DEFAULT_BUFFER_SIZE); -+ ctx->ibuf = (char *)OPENSSL_malloc(DEFAULT_BUFFER_SIZE); - if (ctx->ibuf == NULL) { - OPENSSL_free(ctx); - return (0); - } -- ctx->obuf_size = DEFAULT_BUFFER_SIZE; -- ctx->obuf = OPENSSL_malloc(DEFAULT_BUFFER_SIZE); -+ ctx->obuf = (char *)OPENSSL_malloc(DEFAULT_BUFFER_SIZE); - if (ctx->obuf == NULL) { - OPENSSL_free(ctx->ibuf); - OPENSSL_free(ctx); - return (0); - } -+ ctx->ibuf_size = DEFAULT_BUFFER_SIZE; -+ ctx->obuf_size = DEFAULT_BUFFER_SIZE; -+ ctx->ibuf_len = 0; -+ ctx->ibuf_off = 0; -+ ctx->obuf_len = 0; -+ ctx->obuf_off = 0; - - bi->init = 1; - bi->ptr = (char *)ctx; -@@ -73,8 +127,10 @@ static int buffer_free(BIO *a) - if (a == NULL) - return (0); - b = (BIO_F_BUFFER_CTX *)a->ptr; -- OPENSSL_free(b->ibuf); -- OPENSSL_free(b->obuf); -+ if (b->ibuf != NULL) -+ OPENSSL_free(b->ibuf); -+ if (b->obuf != NULL) -+ OPENSSL_free(b->obuf); - OPENSSL_free(a->ptr); - a->ptr = NULL; - a->init = 0; -@@ -283,7 +339,8 @@ static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr) - p1 = OPENSSL_malloc((int)num); - if (p1 == NULL) - goto malloc_error; -- OPENSSL_free(ctx->ibuf); -+ if (ctx->ibuf != NULL) -+ OPENSSL_free(ctx->ibuf); - ctx->ibuf = p1; - } - ctx->ibuf_off = 0; -@@ -309,12 +366,12 @@ static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr) - p1 = ctx->ibuf; - p2 = ctx->obuf; - if ((ibs > DEFAULT_BUFFER_SIZE) && (ibs != ctx->ibuf_size)) { -- p1 = OPENSSL_malloc((int)num); -+ p1 = (char *)OPENSSL_malloc((int)num); - if (p1 == NULL) - goto malloc_error; - } - if ((obs > DEFAULT_BUFFER_SIZE) && (obs != ctx->obuf_size)) { -- p2 = OPENSSL_malloc((int)num); -+ p2 = (char *)OPENSSL_malloc((int)num); - if (p2 == NULL) { - if (p1 != ctx->ibuf) - OPENSSL_free(p1); -@@ -357,6 +414,10 @@ static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr) - if (ctx->obuf_len > 0) { - r = BIO_write(b->next_bio, - &(ctx->obuf[ctx->obuf_off]), ctx->obuf_len); -+#if 0 -+ fprintf(stderr, "FLUSH [%3d] %3d -> %3d\n", ctx->obuf_off, -+ ctx->obuf_len, r); -+#endif - BIO_copy_next_retry(b); - if (r <= 0) - return ((long)r); -@@ -365,6 +426,7 @@ static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr) - } else { - ctx->obuf_len = 0; - ctx->obuf_off = 0; -+ ret = 1; - break; - } - } -diff --git a/Cryptlib/OpenSSL/crypto/bio/bf_lbuf.c b/Cryptlib/OpenSSL/crypto/bio/bf_lbuf.c -deleted file mode 100644 -index b3c2b5e..0000000 ---- a/Cryptlib/OpenSSL/crypto/bio/bf_lbuf.c -+++ /dev/null -@@ -1,319 +0,0 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include --#include --#include "bio_lcl.h" --#include "internal/cryptlib.h" --#include -- --static int linebuffer_write(BIO *h, const char *buf, int num); --static int linebuffer_read(BIO *h, char *buf, int size); --static int linebuffer_puts(BIO *h, const char *str); --static int linebuffer_gets(BIO *h, char *str, int size); --static long linebuffer_ctrl(BIO *h, int cmd, long arg1, void *arg2); --static int linebuffer_new(BIO *h); --static int linebuffer_free(BIO *data); --static long linebuffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); -- --/* A 10k maximum should be enough for most purposes */ --#define DEFAULT_LINEBUFFER_SIZE 1024*10 -- --/* #define DEBUG */ -- --static const BIO_METHOD methods_linebuffer = { -- BIO_TYPE_LINEBUFFER, -- "linebuffer", -- linebuffer_write, -- linebuffer_read, -- linebuffer_puts, -- linebuffer_gets, -- linebuffer_ctrl, -- linebuffer_new, -- linebuffer_free, -- linebuffer_callback_ctrl, --}; -- --const BIO_METHOD *BIO_f_linebuffer(void) --{ -- return (&methods_linebuffer); --} -- --typedef struct bio_linebuffer_ctx_struct { -- char *obuf; /* the output char array */ -- int obuf_size; /* how big is the output buffer */ -- int obuf_len; /* how many bytes are in it */ --} BIO_LINEBUFFER_CTX; -- --static int linebuffer_new(BIO *bi) --{ -- BIO_LINEBUFFER_CTX *ctx; -- -- ctx = OPENSSL_malloc(sizeof(*ctx)); -- if (ctx == NULL) -- return (0); -- ctx->obuf = OPENSSL_malloc(DEFAULT_LINEBUFFER_SIZE); -- if (ctx->obuf == NULL) { -- OPENSSL_free(ctx); -- return (0); -- } -- ctx->obuf_size = DEFAULT_LINEBUFFER_SIZE; -- ctx->obuf_len = 0; -- -- bi->init = 1; -- bi->ptr = (char *)ctx; -- bi->flags = 0; -- return (1); --} -- --static int linebuffer_free(BIO *a) --{ -- BIO_LINEBUFFER_CTX *b; -- -- if (a == NULL) -- return (0); -- b = (BIO_LINEBUFFER_CTX *)a->ptr; -- OPENSSL_free(b->obuf); -- OPENSSL_free(a->ptr); -- a->ptr = NULL; -- a->init = 0; -- a->flags = 0; -- return (1); --} -- --static int linebuffer_read(BIO *b, char *out, int outl) --{ -- int ret = 0; -- -- if (out == NULL) -- return (0); -- if (b->next_bio == NULL) -- return (0); -- ret = BIO_read(b->next_bio, out, outl); -- BIO_clear_retry_flags(b); -- BIO_copy_next_retry(b); -- return (ret); --} -- --static int linebuffer_write(BIO *b, const char *in, int inl) --{ -- int i, num = 0, foundnl; -- BIO_LINEBUFFER_CTX *ctx; -- -- if ((in == NULL) || (inl <= 0)) -- return (0); -- ctx = (BIO_LINEBUFFER_CTX *)b->ptr; -- if ((ctx == NULL) || (b->next_bio == NULL)) -- return (0); -- -- BIO_clear_retry_flags(b); -- -- do { -- const char *p; -- -- for (p = in; p < in + inl && *p != '\n'; p++) ; -- if (*p == '\n') { -- p++; -- foundnl = 1; -- } else -- foundnl = 0; -- -- /* -- * If a NL was found and we already have text in the save buffer, -- * concatenate them and write -- */ -- while ((foundnl || p - in > ctx->obuf_size - ctx->obuf_len) -- && ctx->obuf_len > 0) { -- int orig_olen = ctx->obuf_len; -- -- i = ctx->obuf_size - ctx->obuf_len; -- if (p - in > 0) { -- if (i >= p - in) { -- memcpy(&(ctx->obuf[ctx->obuf_len]), in, p - in); -- ctx->obuf_len += p - in; -- inl -= p - in; -- num += p - in; -- in = p; -- } else { -- memcpy(&(ctx->obuf[ctx->obuf_len]), in, i); -- ctx->obuf_len += i; -- inl -= i; -- in += i; -- num += i; -- } -- } -- i = BIO_write(b->next_bio, ctx->obuf, ctx->obuf_len); -- if (i <= 0) { -- ctx->obuf_len = orig_olen; -- BIO_copy_next_retry(b); -- -- if (i < 0) -- return ((num > 0) ? num : i); -- if (i == 0) -- return (num); -- } -- if (i < ctx->obuf_len) -- memmove(ctx->obuf, ctx->obuf + i, ctx->obuf_len - i); -- ctx->obuf_len -= i; -- } -- -- /* -- * Now that the save buffer is emptied, let's write the input buffer -- * if a NL was found and there is anything to write. -- */ -- if ((foundnl || p - in > ctx->obuf_size) && p - in > 0) { -- i = BIO_write(b->next_bio, in, p - in); -- if (i <= 0) { -- BIO_copy_next_retry(b); -- if (i < 0) -- return ((num > 0) ? num : i); -- if (i == 0) -- return (num); -- } -- num += i; -- in += i; -- inl -= i; -- } -- } -- while (foundnl && inl > 0); -- /* -- * We've written as much as we can. The rest of the input buffer, if -- * any, is text that doesn't and with a NL and therefore needs to be -- * saved for the next trip. -- */ -- if (inl > 0) { -- memcpy(&(ctx->obuf[ctx->obuf_len]), in, inl); -- ctx->obuf_len += inl; -- num += inl; -- } -- return num; --} -- --static long linebuffer_ctrl(BIO *b, int cmd, long num, void *ptr) --{ -- BIO *dbio; -- BIO_LINEBUFFER_CTX *ctx; -- long ret = 1; -- char *p; -- int r; -- int obs; -- -- ctx = (BIO_LINEBUFFER_CTX *)b->ptr; -- -- switch (cmd) { -- case BIO_CTRL_RESET: -- ctx->obuf_len = 0; -- if (b->next_bio == NULL) -- return (0); -- ret = BIO_ctrl(b->next_bio, cmd, num, ptr); -- break; -- case BIO_CTRL_INFO: -- ret = (long)ctx->obuf_len; -- break; -- case BIO_CTRL_WPENDING: -- ret = (long)ctx->obuf_len; -- if (ret == 0) { -- if (b->next_bio == NULL) -- return (0); -- ret = BIO_ctrl(b->next_bio, cmd, num, ptr); -- } -- break; -- case BIO_C_SET_BUFF_SIZE: -- obs = (int)num; -- p = ctx->obuf; -- if ((obs > DEFAULT_LINEBUFFER_SIZE) && (obs != ctx->obuf_size)) { -- p = OPENSSL_malloc((int)num); -- if (p == NULL) -- goto malloc_error; -- } -- if (ctx->obuf != p) { -- if (ctx->obuf_len > obs) { -- ctx->obuf_len = obs; -- } -- memcpy(p, ctx->obuf, ctx->obuf_len); -- OPENSSL_free(ctx->obuf); -- ctx->obuf = p; -- ctx->obuf_size = obs; -- } -- break; -- case BIO_C_DO_STATE_MACHINE: -- if (b->next_bio == NULL) -- return (0); -- BIO_clear_retry_flags(b); -- ret = BIO_ctrl(b->next_bio, cmd, num, ptr); -- BIO_copy_next_retry(b); -- break; -- -- case BIO_CTRL_FLUSH: -- if (b->next_bio == NULL) -- return (0); -- if (ctx->obuf_len <= 0) { -- ret = BIO_ctrl(b->next_bio, cmd, num, ptr); -- break; -- } -- -- for (;;) { -- BIO_clear_retry_flags(b); -- if (ctx->obuf_len > 0) { -- r = BIO_write(b->next_bio, ctx->obuf, ctx->obuf_len); -- BIO_copy_next_retry(b); -- if (r <= 0) -- return ((long)r); -- if (r < ctx->obuf_len) -- memmove(ctx->obuf, ctx->obuf + r, ctx->obuf_len - r); -- ctx->obuf_len -= r; -- } else { -- ctx->obuf_len = 0; -- break; -- } -- } -- ret = BIO_ctrl(b->next_bio, cmd, num, ptr); -- break; -- case BIO_CTRL_DUP: -- dbio = (BIO *)ptr; -- if (!BIO_set_write_buffer_size(dbio, ctx->obuf_size)) -- ret = 0; -- break; -- default: -- if (b->next_bio == NULL) -- return (0); -- ret = BIO_ctrl(b->next_bio, cmd, num, ptr); -- break; -- } -- return (ret); -- malloc_error: -- BIOerr(BIO_F_LINEBUFFER_CTRL, ERR_R_MALLOC_FAILURE); -- return (0); --} -- --static long linebuffer_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) --{ -- long ret = 1; -- -- if (b->next_bio == NULL) -- return (0); -- switch (cmd) { -- default: -- ret = BIO_callback_ctrl(b->next_bio, cmd, fp); -- break; -- } -- return (ret); --} -- --static int linebuffer_gets(BIO *b, char *buf, int size) --{ -- if (b->next_bio == NULL) -- return (0); -- return (BIO_gets(b->next_bio, buf, size)); --} -- --static int linebuffer_puts(BIO *b, const char *str) --{ -- return (linebuffer_write(b, str, strlen(str))); --} -diff --git a/Cryptlib/OpenSSL/crypto/bio/bf_nbio.c b/Cryptlib/OpenSSL/crypto/bio/bf_nbio.c -index 364d9fb..4842bb4 100644 ---- a/Cryptlib/OpenSSL/crypto/bio/bf_nbio.c -+++ b/Cryptlib/OpenSSL/crypto/bio/bf_nbio.c -@@ -1,17 +1,66 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/bio/bf_nbio.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include - #include --#include "bio_lcl.h" --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include -+#include - - /* - * BIO_put and BIO_get both add to the digest, BIO_gets returns the digest -@@ -31,7 +80,7 @@ typedef struct nbio_test_st { - int lwn; - } NBIO_TEST; - --static const BIO_METHOD methods_nbiof = { -+static BIO_METHOD methods_nbiof = { - BIO_TYPE_NBIO_TEST, - "non-blocking IO test filter", - nbiof_write, -@@ -44,7 +93,7 @@ static const BIO_METHOD methods_nbiof = { - nbiof_callback_ctrl, - }; - --const BIO_METHOD *BIO_f_nbio_test(void) -+BIO_METHOD *BIO_f_nbio_test(void) - { - return (&methods_nbiof); - } -@@ -53,12 +102,13 @@ static int nbiof_new(BIO *bi) - { - NBIO_TEST *nt; - -- if ((nt = OPENSSL_zalloc(sizeof(*nt))) == NULL) -+ if (!(nt = (NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST)))) - return (0); - nt->lrn = -1; - nt->lwn = -1; - bi->ptr = (char *)nt; - bi->init = 1; -+ bi->flags = 0; - return (1); - } - -@@ -66,7 +116,8 @@ static int nbiof_free(BIO *a) - { - if (a == NULL) - return (0); -- OPENSSL_free(a->ptr); -+ if (a->ptr != NULL) -+ OPENSSL_free(a->ptr); - a->ptr = NULL; - a->init = 0; - a->flags = 0; -@@ -76,8 +127,10 @@ static int nbiof_free(BIO *a) - static int nbiof_read(BIO *b, char *out, int outl) - { - int ret = 0; -+#if 1 - int num; - unsigned char n; -+#endif - - if (out == NULL) - return (0); -@@ -85,6 +138,7 @@ static int nbiof_read(BIO *b, char *out, int outl) - return (0); - - BIO_clear_retry_flags(b); -+#if 1 - if (RAND_bytes(&n, 1) <= 0) - return -1; - num = (n & 0x07); -@@ -95,7 +149,9 @@ static int nbiof_read(BIO *b, char *out, int outl) - if (num == 0) { - ret = -1; - BIO_set_retry_read(b); -- } else { -+ } else -+#endif -+ { - ret = BIO_read(b->next_bio, out, outl); - if (ret < 0) - BIO_copy_next_retry(b); -@@ -118,6 +174,7 @@ static int nbiof_write(BIO *b, const char *in, int inl) - - BIO_clear_retry_flags(b); - -+#if 1 - if (nt->lwn > 0) { - num = nt->lwn; - nt->lwn = 0; -@@ -133,7 +190,9 @@ static int nbiof_write(BIO *b, const char *in, int inl) - if (num == 0) { - ret = -1; - BIO_set_retry_write(b); -- } else { -+ } else -+#endif -+ { - ret = BIO_write(b->next_bio, in, inl); - if (ret < 0) { - BIO_copy_next_retry(b); -diff --git a/Cryptlib/OpenSSL/crypto/bio/bf_null.c b/Cryptlib/OpenSSL/crypto/bio/bf_null.c -index 0736b3f..e0c79e8 100644 ---- a/Cryptlib/OpenSSL/crypto/bio/bf_null.c -+++ b/Cryptlib/OpenSSL/crypto/bio/bf_null.c -@@ -1,16 +1,65 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/bio/bf_null.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include - #include --#include "bio_lcl.h" --#include "internal/cryptlib.h" -+#include "cryptlib.h" -+#include - - /* - * BIO_put and BIO_get both add to the digest, BIO_gets returns the digest -@@ -24,7 +73,7 @@ static long nullf_ctrl(BIO *h, int cmd, long arg1, void *arg2); - static int nullf_new(BIO *h); - static int nullf_free(BIO *data); - static long nullf_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); --static const BIO_METHOD methods_nullf = { -+static BIO_METHOD methods_nullf = { - BIO_TYPE_NULL_FILTER, - "NULL filter", - nullf_write, -@@ -37,7 +86,7 @@ static const BIO_METHOD methods_nullf = { - nullf_callback_ctrl, - }; - --const BIO_METHOD *BIO_f_null(void) -+BIO_METHOD *BIO_f_null(void) - { - return (&methods_nullf); - } -diff --git a/Cryptlib/OpenSSL/crypto/bio/bio_cb.c b/Cryptlib/OpenSSL/crypto/bio/bio_cb.c -index 69ea3d0..d3e8606 100644 ---- a/Cryptlib/OpenSSL/crypto/bio/bio_cb.c -+++ b/Cryptlib/OpenSSL/crypto/bio/bio_cb.c -@@ -1,24 +1,73 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/bio/bio_cb.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include - #include - #include --#include "bio_lcl.h" --#include "internal/cryptlib.h" -+#include "cryptlib.h" -+#include - #include - --long BIO_debug_callback(BIO *bio, int cmd, const char *argp, -- int argi, long argl, long ret) -+long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, const char *argp, -+ int argi, long argl, long ret) - { - BIO *b; -- char buf[256]; -+ MS_STATIC char buf[256]; - char *p; - long r = 1; - int len; -@@ -27,11 +76,8 @@ long BIO_debug_callback(BIO *bio, int cmd, const char *argp, - if (BIO_CB_RETURN & cmd) - r = ret; - -- len = BIO_snprintf(buf, sizeof buf, "BIO[%p]: ", (void *)bio); -+ len = BIO_snprintf(buf,sizeof buf,"BIO[%p]: ",(void *)bio); - -- /* Ignore errors and continue printing the other information. */ -- if (len < 0) -- len = 0; - p = buf + len; - p_maxlen = sizeof(buf) - len; - -@@ -91,7 +137,7 @@ long BIO_debug_callback(BIO *bio, int cmd, const char *argp, - b = (BIO *)bio->cb_arg; - if (b != NULL) - BIO_write(b, buf, strlen(buf)); --#if !defined(OPENSSL_NO_STDIO) -+#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) - else - fputs(buf, stderr); - #endif -diff --git a/Cryptlib/OpenSSL/crypto/bio/bio_err.c b/Cryptlib/OpenSSL/crypto/bio/bio_err.c -index 98c90d6..d9007aa 100644 ---- a/Cryptlib/OpenSSL/crypto/bio/bio_err.c -+++ b/Cryptlib/OpenSSL/crypto/bio/bio_err.c -@@ -1,11 +1,62 @@ --/* -- * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/bio/bio_err.c */ -+/* ==================================================================== -+ * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+/* -+ * NOTE: this file was auto generated by the mkerr.pl script: any changes -+ * made to it will be overwritten when the script next updates this file, -+ * only reason strings will be preserved. - */ - - #include -@@ -19,21 +70,17 @@ - # define ERR_REASON(reason) ERR_PACK(ERR_LIB_BIO,0,reason) - - static ERR_STRING_DATA BIO_str_functs[] = { -- {ERR_FUNC(BIO_F_ACPT_STATE), "acpt_state"}, -- {ERR_FUNC(BIO_F_ADDR_STRINGS), "addr_strings"}, -+ {ERR_FUNC(BIO_F_ACPT_STATE), "ACPT_STATE"}, - {ERR_FUNC(BIO_F_BIO_ACCEPT), "BIO_accept"}, -- {ERR_FUNC(BIO_F_BIO_ACCEPT_EX), "BIO_accept_ex"}, -- {ERR_FUNC(BIO_F_BIO_ADDR_NEW), "BIO_ADDR_new"}, -+ {ERR_FUNC(BIO_F_BIO_BER_GET_HEADER), "BIO_BER_GET_HEADER"}, - {ERR_FUNC(BIO_F_BIO_CALLBACK_CTRL), "BIO_callback_ctrl"}, -- {ERR_FUNC(BIO_F_BIO_CONNECT), "BIO_connect"}, - {ERR_FUNC(BIO_F_BIO_CTRL), "BIO_ctrl"}, -+ {ERR_FUNC(BIO_F_BIO_GETHOSTBYNAME), "BIO_gethostbyname"}, - {ERR_FUNC(BIO_F_BIO_GETS), "BIO_gets"}, -+ {ERR_FUNC(BIO_F_BIO_GET_ACCEPT_SOCKET), "BIO_get_accept_socket"}, - {ERR_FUNC(BIO_F_BIO_GET_HOST_IP), "BIO_get_host_ip"}, -- {ERR_FUNC(BIO_F_BIO_GET_NEW_INDEX), "BIO_get_new_index"}, - {ERR_FUNC(BIO_F_BIO_GET_PORT), "BIO_get_port"}, -- {ERR_FUNC(BIO_F_BIO_LISTEN), "BIO_listen"}, -- {ERR_FUNC(BIO_F_BIO_LOOKUP), "BIO_lookup"}, -- {ERR_FUNC(BIO_F_BIO_MAKE_PAIR), "bio_make_pair"}, -+ {ERR_FUNC(BIO_F_BIO_MAKE_PAIR), "BIO_MAKE_PAIR"}, - {ERR_FUNC(BIO_F_BIO_NEW), "BIO_new"}, - {ERR_FUNC(BIO_F_BIO_NEW_FILE), "BIO_new_file"}, - {ERR_FUNC(BIO_F_BIO_NEW_MEM_BUF), "BIO_new_mem_buf"}, -@@ -41,70 +88,56 @@ static ERR_STRING_DATA BIO_str_functs[] = { - {ERR_FUNC(BIO_F_BIO_NREAD0), "BIO_nread0"}, - {ERR_FUNC(BIO_F_BIO_NWRITE), "BIO_nwrite"}, - {ERR_FUNC(BIO_F_BIO_NWRITE0), "BIO_nwrite0"}, -- {ERR_FUNC(BIO_F_BIO_PARSE_HOSTSERV), "BIO_parse_hostserv"}, - {ERR_FUNC(BIO_F_BIO_PUTS), "BIO_puts"}, - {ERR_FUNC(BIO_F_BIO_READ), "BIO_read"}, -- {ERR_FUNC(BIO_F_BIO_SOCKET), "BIO_socket"}, -- {ERR_FUNC(BIO_F_BIO_SOCKET_NBIO), "BIO_socket_nbio"}, -- {ERR_FUNC(BIO_F_BIO_SOCK_INFO), "BIO_sock_info"}, - {ERR_FUNC(BIO_F_BIO_SOCK_INIT), "BIO_sock_init"}, - {ERR_FUNC(BIO_F_BIO_WRITE), "BIO_write"}, -- {ERR_FUNC(BIO_F_BUFFER_CTRL), "buffer_ctrl"}, -- {ERR_FUNC(BIO_F_CONN_CTRL), "conn_ctrl"}, -- {ERR_FUNC(BIO_F_CONN_STATE), "conn_state"}, -- {ERR_FUNC(BIO_F_DGRAM_SCTP_READ), "dgram_sctp_read"}, -- {ERR_FUNC(BIO_F_DGRAM_SCTP_WRITE), "dgram_sctp_write"}, -- {ERR_FUNC(BIO_F_FILE_CTRL), "file_ctrl"}, -- {ERR_FUNC(BIO_F_FILE_READ), "file_read"}, -- {ERR_FUNC(BIO_F_LINEBUFFER_CTRL), "linebuffer_ctrl"}, -- {ERR_FUNC(BIO_F_MEM_WRITE), "mem_write"}, -+ {ERR_FUNC(BIO_F_BUFFER_CTRL), "BUFFER_CTRL"}, -+ {ERR_FUNC(BIO_F_CONN_CTRL), "CONN_CTRL"}, -+ {ERR_FUNC(BIO_F_CONN_STATE), "CONN_STATE"}, -+ {ERR_FUNC(BIO_F_DGRAM_SCTP_READ), "DGRAM_SCTP_READ"}, -+ {ERR_FUNC(BIO_F_DGRAM_SCTP_WRITE), "DGRAM_SCTP_WRITE"}, -+ {ERR_FUNC(BIO_F_FILE_CTRL), "FILE_CTRL"}, -+ {ERR_FUNC(BIO_F_FILE_READ), "FILE_READ"}, -+ {ERR_FUNC(BIO_F_LINEBUFFER_CTRL), "LINEBUFFER_CTRL"}, -+ {ERR_FUNC(BIO_F_MEM_READ), "MEM_READ"}, -+ {ERR_FUNC(BIO_F_MEM_WRITE), "MEM_WRITE"}, - {ERR_FUNC(BIO_F_SSL_NEW), "SSL_new"}, -+ {ERR_FUNC(BIO_F_WSASTARTUP), "WSASTARTUP"}, - {0, NULL} - }; - - static ERR_STRING_DATA BIO_str_reasons[] = { - {ERR_REASON(BIO_R_ACCEPT_ERROR), "accept error"}, -- {ERR_REASON(BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET), -- "addrinfo addr is not af inet"}, -- {ERR_REASON(BIO_R_AMBIGUOUS_HOST_OR_SERVICE), -- "ambiguous host or service"}, - {ERR_REASON(BIO_R_BAD_FOPEN_MODE), "bad fopen mode"}, -+ {ERR_REASON(BIO_R_BAD_HOSTNAME_LOOKUP), "bad hostname lookup"}, - {ERR_REASON(BIO_R_BROKEN_PIPE), "broken pipe"}, - {ERR_REASON(BIO_R_CONNECT_ERROR), "connect error"}, -+ {ERR_REASON(BIO_R_EOF_ON_MEMORY_BIO), "EOF on memory BIO"}, -+ {ERR_REASON(BIO_R_ERROR_SETTING_NBIO), "error setting nbio"}, -+ {ERR_REASON(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET), -+ "error setting nbio on accepted socket"}, -+ {ERR_REASON(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET), -+ "error setting nbio on accept socket"}, - {ERR_REASON(BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET), - "gethostbyname addr is not af inet"}, -- {ERR_REASON(BIO_R_GETSOCKNAME_ERROR), "getsockname error"}, -- {ERR_REASON(BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS), -- "getsockname truncated address"}, -- {ERR_REASON(BIO_R_GETTING_SOCKTYPE), "getting socktype"}, - {ERR_REASON(BIO_R_INVALID_ARGUMENT), "invalid argument"}, -- {ERR_REASON(BIO_R_INVALID_SOCKET), "invalid socket"}, -+ {ERR_REASON(BIO_R_INVALID_IP_ADDRESS), "invalid ip address"}, - {ERR_REASON(BIO_R_IN_USE), "in use"}, -- {ERR_REASON(BIO_R_LISTEN_V6_ONLY), "listen v6 only"}, -- {ERR_REASON(BIO_R_LOOKUP_RETURNED_NOTHING), "lookup returned nothing"}, -- {ERR_REASON(BIO_R_MALFORMED_HOST_OR_SERVICE), -- "malformed host or service"}, -+ {ERR_REASON(BIO_R_KEEPALIVE), "keepalive"}, - {ERR_REASON(BIO_R_NBIO_CONNECT_ERROR), "nbio connect error"}, -- {ERR_REASON(BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED), -- "no accept addr or service specified"}, -- {ERR_REASON(BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED), -- "no hostname or service specified"}, -+ {ERR_REASON(BIO_R_NO_ACCEPT_PORT_SPECIFIED), "no accept port specified"}, -+ {ERR_REASON(BIO_R_NO_HOSTNAME_SPECIFIED), "no hostname specified"}, - {ERR_REASON(BIO_R_NO_PORT_DEFINED), "no port defined"}, -+ {ERR_REASON(BIO_R_NO_PORT_SPECIFIED), "no port specified"}, - {ERR_REASON(BIO_R_NO_SUCH_FILE), "no such file"}, - {ERR_REASON(BIO_R_NULL_PARAMETER), "null parameter"}, -+ {ERR_REASON(BIO_R_TAG_MISMATCH), "tag mismatch"}, - {ERR_REASON(BIO_R_UNABLE_TO_BIND_SOCKET), "unable to bind socket"}, - {ERR_REASON(BIO_R_UNABLE_TO_CREATE_SOCKET), "unable to create socket"}, -- {ERR_REASON(BIO_R_UNABLE_TO_KEEPALIVE), "unable to keepalive"}, - {ERR_REASON(BIO_R_UNABLE_TO_LISTEN_SOCKET), "unable to listen socket"}, -- {ERR_REASON(BIO_R_UNABLE_TO_NODELAY), "unable to nodelay"}, -- {ERR_REASON(BIO_R_UNABLE_TO_REUSEADDR), "unable to reuseaddr"}, -- {ERR_REASON(BIO_R_UNAVAILABLE_IP_FAMILY), "unavailable ip family"}, - {ERR_REASON(BIO_R_UNINITIALIZED), "uninitialized"}, -- {ERR_REASON(BIO_R_UNKNOWN_INFO_TYPE), "unknown info type"}, -- {ERR_REASON(BIO_R_UNSUPPORTED_IP_FAMILY), "unsupported ip family"}, - {ERR_REASON(BIO_R_UNSUPPORTED_METHOD), "unsupported method"}, -- {ERR_REASON(BIO_R_UNSUPPORTED_PROTOCOL_FAMILY), -- "unsupported protocol family"}, - {ERR_REASON(BIO_R_WRITE_TO_READ_ONLY_BIO), "write to read only BIO"}, - {ERR_REASON(BIO_R_WSASTARTUP), "WSAStartup"}, - {0, NULL} -@@ -112,7 +145,7 @@ static ERR_STRING_DATA BIO_str_reasons[] = { - - #endif - --int ERR_load_BIO_strings(void) -+void ERR_load_BIO_strings(void) - { - #ifndef OPENSSL_NO_ERR - -@@ -121,5 +154,4 @@ int ERR_load_BIO_strings(void) - ERR_load_strings(0, BIO_str_reasons); - } - #endif -- return 1; - } -diff --git a/Cryptlib/OpenSSL/crypto/bio/bio_lcl.h b/Cryptlib/OpenSSL/crypto/bio/bio_lcl.h -index 39178cf..741884d 100644 ---- a/Cryptlib/OpenSSL/crypto/bio/bio_lcl.h -+++ b/Cryptlib/OpenSSL/crypto/bio/bio_lcl.h -@@ -1,154 +1,4 @@ --/* -- * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#define USE_SOCKETS --#include "e_os.h" -- --/* BEGIN BIO_ADDRINFO/BIO_ADDR stuff. */ -- --#ifndef OPENSSL_NO_SOCK --/* -- * Throughout this file and b_addr.c, the existence of the macro -- * AI_PASSIVE is used to detect the availability of struct addrinfo, -- * getnameinfo() and getaddrinfo(). If that macro doesn't exist, -- * we use our own implementation instead. -- */ -- --/* -- * It's imperative that these macros get defined before openssl/bio.h gets -- * included. Otherwise, the AI_PASSIVE hack will not work properly. -- * For clarity, we check for internal/cryptlib.h since it's a common header -- * that also includes bio.h. -- */ --# ifdef HEADER_CRYPTLIB_H --# error internal/cryptlib.h included before bio_lcl.h --# endif --# ifdef HEADER_BIO_H --# error openssl/bio.h included before bio_lcl.h --# endif -- --/* -- * Undefine AF_UNIX on systems that define it but don't support it. -- */ --# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_VMS) --# undef AF_UNIX --# endif -- --# ifdef AI_PASSIVE -- --/* -- * There's a bug in VMS C header file netdb.h, where struct addrinfo -- * always is the P32 variant, but the functions that handle that structure, -- * such as getaddrinfo() and freeaddrinfo() adapt to the initial pointer -- * size. The easiest workaround is to force struct addrinfo to be the -- * 64-bit variant when compiling in P64 mode. -- */ --# if defined(OPENSSL_SYS_VMS) && __INITIAL_POINTER_SIZE == 64 --# define addrinfo __addrinfo64 --# endif -- --# define bio_addrinfo_st addrinfo --# define bai_family ai_family --# define bai_socktype ai_socktype --# define bai_protocol ai_protocol --# define bai_addrlen ai_addrlen --# define bai_addr ai_addr --# define bai_next ai_next --# else --struct bio_addrinfo_st { -- int bai_family; -- int bai_socktype; -- int bai_protocol; -- size_t bai_addrlen; -- struct sockaddr *bai_addr; -- struct bio_addrinfo_st *bai_next; --}; --# endif -- --union bio_addr_st { -- struct sockaddr sa; --# ifdef AF_INET6 -- struct sockaddr_in6 s_in6; --# endif -- struct sockaddr_in s_in; --# ifdef AF_UNIX -- struct sockaddr_un s_un; --# endif --}; --#endif -- --/* END BIO_ADDRINFO/BIO_ADDR stuff. */ -- --#include "internal/cryptlib.h" --#include -- --typedef struct bio_f_buffer_ctx_struct { -- /*- -- * Buffers are setup like this: -- * -- * <---------------------- size -----------------------> -- * +---------------------------------------------------+ -- * | consumed | remaining | free space | -- * +---------------------------------------------------+ -- * <-- off --><------- len -------> -- */ -- /*- BIO *bio; *//* -- * this is now in the BIO struct -- */ -- int ibuf_size; /* how big is the input buffer */ -- int obuf_size; /* how big is the output buffer */ -- char *ibuf; /* the char array */ -- int ibuf_len; /* how many bytes are in it */ -- int ibuf_off; /* write/read offset */ -- char *obuf; /* the char array */ -- int obuf_len; /* how many bytes are in it */ -- int obuf_off; /* write/read offset */ --} BIO_F_BUFFER_CTX; -- --struct bio_st { -- const BIO_METHOD *method; -- /* bio, mode, argp, argi, argl, ret */ -- long (*callback) (struct bio_st *, int, const char *, int, long, long); -- char *cb_arg; /* first argument for the callback */ -- int init; -- int shutdown; -- int flags; /* extra storage */ -- int retry_reason; -- int num; -- void *ptr; -- struct bio_st *next_bio; /* used by filter BIOs */ -- struct bio_st *prev_bio; /* used by filter BIOs */ -- int references; -- uint64_t num_read; -- uint64_t num_write; -- CRYPTO_EX_DATA ex_data; -- CRYPTO_RWLOCK *lock; --}; -- --#ifndef OPENSSL_NO_SOCK --# ifdef OPENSSL_SYS_VMS --typedef unsigned int socklen_t; --# endif -- --extern CRYPTO_RWLOCK *bio_lookup_lock; -- --int BIO_ADDR_make(BIO_ADDR *ap, const struct sockaddr *sa); --const struct sockaddr *BIO_ADDR_sockaddr(const BIO_ADDR *ap); --struct sockaddr *BIO_ADDR_sockaddr_noconst(BIO_ADDR *ap); --socklen_t BIO_ADDR_sockaddr_size(const BIO_ADDR *ap); --socklen_t BIO_ADDRINFO_sockaddr_size(const BIO_ADDRINFO *bai); --const struct sockaddr *BIO_ADDRINFO_sockaddr(const BIO_ADDRINFO *bai); --#endif -- --extern CRYPTO_RWLOCK *bio_type_lock; -- --void bio_sock_cleanup_int(void); -+#include - - #if BIO_FLAGS_UPLINK==0 - /* Shortcut UPLINK calls on most platforms... */ -@@ -183,6 +33,4 @@ void bio_sock_cleanup_int(void); - # define UP_lseek lseek - # define UP_close close - # endif -- - #endif -- -diff --git a/Cryptlib/OpenSSL/crypto/bio/bio_lib.c b/Cryptlib/OpenSSL/crypto/bio/bio_lib.c -index 62392c3..07934f8 100644 ---- a/Cryptlib/OpenSSL/crypto/bio/bio_lib.c -+++ b/Cryptlib/OpenSSL/crypto/bio/bio_lib.c -@@ -1,53 +1,107 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/bio/bio_lib.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include - #include - #include --#include "bio_lcl.h" --#include "internal/cryptlib.h" -+#include "cryptlib.h" -+#include -+#include - --BIO *BIO_new(const BIO_METHOD *method) -+BIO *BIO_new(BIO_METHOD *method) - { -- BIO *bio = OPENSSL_zalloc(sizeof(*bio)); -+ BIO *ret = NULL; - -- if (bio == NULL) { -+ ret = (BIO *)OPENSSL_malloc(sizeof(BIO)); -+ if (ret == NULL) { - BIOerr(BIO_F_BIO_NEW, ERR_R_MALLOC_FAILURE); - return (NULL); - } -+ if (!BIO_set(ret, method)) { -+ OPENSSL_free(ret); -+ ret = NULL; -+ } -+ return (ret); -+} - -+int BIO_set(BIO *bio, BIO_METHOD *method) -+{ - bio->method = method; -+ bio->callback = NULL; -+ bio->cb_arg = NULL; -+ bio->init = 0; - bio->shutdown = 1; -+ bio->flags = 0; -+ bio->retry_reason = 0; -+ bio->num = 0; -+ bio->ptr = NULL; -+ bio->prev_bio = NULL; -+ bio->next_bio = NULL; - bio->references = 1; -- -- if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data)) -- goto err; -- -- bio->lock = CRYPTO_THREAD_lock_new(); -- if (bio->lock == NULL) { -- BIOerr(BIO_F_BIO_NEW, ERR_R_MALLOC_FAILURE); -- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data); -- goto err; -- } -- -- if (method->create != NULL && !method->create(bio)) { -- BIOerr(BIO_F_BIO_NEW, ERR_R_INIT_FAIL); -- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data); -- CRYPTO_THREAD_lock_free(bio->lock); -- goto err; -- } -- -- return bio; -- --err: -- OPENSSL_free(bio); -- return NULL; -+ bio->num_read = 0L; -+ bio->num_write = 0L; -+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data); -+ if (method->create != NULL) -+ if (!method->create(bio)) { -+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data); -+ return (0); -+ } -+ return (1); - } - - int BIO_free(BIO *a) -@@ -55,59 +109,30 @@ int BIO_free(BIO *a) - int i; - - if (a == NULL) -- return 0; -- -- if (CRYPTO_atomic_add(&a->references, -1, &i, a->lock) <= 0) -- return 0; -+ return (0); - -- REF_PRINT_COUNT("BIO", a); -+ i = CRYPTO_add(&a->references, -1, CRYPTO_LOCK_BIO); -+#ifdef REF_PRINT -+ REF_PRINT("BIO", a); -+#endif - if (i > 0) -- return 1; -- REF_ASSERT_ISNT(i < 0); -+ return (1); -+#ifdef REF_CHECK -+ if (i < 0) { -+ fprintf(stderr, "BIO_free, bad reference count\n"); -+ abort(); -+ } -+#endif - if ((a->callback != NULL) && - ((i = (int)a->callback(a, BIO_CB_FREE, NULL, 0, 0L, 1L)) <= 0)) -- return i; -- -- if ((a->method != NULL) && (a->method->destroy != NULL)) -- a->method->destroy(a); -+ return (i); - - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data); - -- CRYPTO_THREAD_lock_free(a->lock); -- -+ if ((a->method != NULL) && (a->method->destroy != NULL)) -+ a->method->destroy(a); - OPENSSL_free(a); -- -- return 1; --} -- --void BIO_set_data(BIO *a, void *ptr) --{ -- a->ptr = ptr; --} -- --void *BIO_get_data(BIO *a) --{ -- return a->ptr; --} -- --void BIO_set_init(BIO *a, int init) --{ -- a->init = init; --} -- --int BIO_get_init(BIO *a) --{ -- return a->init; --} -- --void BIO_set_shutdown(BIO *a, int shut) --{ -- a->shutdown = shut; --} -- --int BIO_get_shutdown(BIO *a) --{ -- return a->shutdown; -+ return (1); - } - - void BIO_vfree(BIO *a) -@@ -115,18 +140,6 @@ void BIO_vfree(BIO *a) - BIO_free(a); - } - --int BIO_up_ref(BIO *a) --{ -- int i; -- -- if (CRYPTO_atomic_add(&a->references, 1, &i, a->lock) <= 0) -- return 0; -- -- REF_PRINT_COUNT("BIO", a); -- REF_ASSERT_ISNT(i < 2); -- return ((i > 1) ? 1 : 0); --} -- - void BIO_clear_flags(BIO *b, int flags) - { - b->flags &= ~flags; -@@ -197,7 +210,7 @@ int BIO_read(BIO *b, void *out, int outl) - i = b->method->bread(b, out, outl); - - if (i > 0) -- b->num_read += (uint64_t)i; -+ b->num_read += (unsigned long)i; - - if (cb != NULL) - i = (int)cb(b, BIO_CB_READ | BIO_CB_RETURN, out, outl, 0L, (long)i); -@@ -230,7 +243,7 @@ int BIO_write(BIO *b, const void *in, int inl) - i = b->method->bwrite(b, in, inl); - - if (i > 0) -- b->num_write += (uint64_t)i; -+ b->num_write += (unsigned long)i; - - if (cb != NULL) - i = (int)cb(b, BIO_CB_WRITE | BIO_CB_RETURN, in, inl, 0L, (long)i); -@@ -260,7 +273,7 @@ int BIO_puts(BIO *b, const char *in) - i = b->method->bputs(b, in); - - if (i > 0) -- b->num_write += (uint64_t)i; -+ b->num_write += (unsigned long)i; - - if (cb != NULL) - i = (int)cb(b, BIO_CB_PUTS | BIO_CB_RETURN, in, 0, 0L, (long)i); -@@ -314,9 +327,9 @@ long BIO_int_ctrl(BIO *b, int cmd, long larg, int iarg) - return (BIO_ctrl(b, cmd, larg, (char *)&i)); - } - --void *BIO_ptr_ctrl(BIO *b, int cmd, long larg) -+char *BIO_ptr_ctrl(BIO *b, int cmd, long larg) - { -- void *p = NULL; -+ char *p = NULL; - - if (BIO_ctrl(b, cmd, larg, (char *)&p) <= 0) - return (NULL); -@@ -455,16 +468,11 @@ int BIO_get_retry_reason(BIO *bio) - return (bio->retry_reason); - } - --void BIO_set_retry_reason(BIO *bio, int reason) --{ -- bio->retry_reason = reason; --} -- - BIO *BIO_find_type(BIO *bio, int type) - { - int mt, mask; - -- if (bio == NULL) -+ if (!bio) - return NULL; - mask = type & 0xff; - do { -@@ -484,16 +492,11 @@ BIO *BIO_find_type(BIO *bio, int type) - - BIO *BIO_next(BIO *b) - { -- if (b == NULL) -+ if (!b) - return NULL; - return b->next_bio; - } - --void BIO_set_next(BIO *b, BIO *next) --{ -- b->next_bio = next; --} -- - void BIO_free_all(BIO *bio) - { - BIO *b; -@@ -559,6 +562,13 @@ void BIO_copy_next_retry(BIO *b) - b->retry_reason = b->next_bio->retry_reason; - } - -+int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, -+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) -+{ -+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, argl, argp, -+ new_func, dup_func, free_func); -+} -+ - int BIO_set_ex_data(BIO *bio, int idx, void *data) - { - return (CRYPTO_set_ex_data(&(bio->ex_data), idx, data)); -@@ -569,32 +579,18 @@ void *BIO_get_ex_data(BIO *bio, int idx) - return (CRYPTO_get_ex_data(&(bio->ex_data), idx)); - } - --uint64_t BIO_number_read(BIO *bio) -+unsigned long BIO_number_read(BIO *bio) - { - if (bio) - return bio->num_read; - return 0; - } - --uint64_t BIO_number_written(BIO *bio) -+unsigned long BIO_number_written(BIO *bio) - { - if (bio) - return bio->num_write; - return 0; - } - --void bio_free_ex_data(BIO *bio) --{ -- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data); --} -- --void bio_cleanup(void) --{ --#ifndef OPENSSL_NO_SOCK -- bio_sock_cleanup_int(); -- CRYPTO_THREAD_lock_free(bio_lookup_lock); -- bio_lookup_lock = NULL; --#endif -- CRYPTO_THREAD_lock_free(bio_type_lock); -- bio_type_lock = NULL; --} -+IMPLEMENT_STACK_OF(BIO) -diff --git a/Cryptlib/OpenSSL/crypto/bio/bio_meth.c b/Cryptlib/OpenSSL/crypto/bio/bio_meth.c -deleted file mode 100644 -index c5f9f7e..0000000 ---- a/Cryptlib/OpenSSL/crypto/bio/bio_meth.c -+++ /dev/null -@@ -1,145 +0,0 @@ --/* -- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include "bio_lcl.h" --#include -- --CRYPTO_RWLOCK *bio_type_lock = NULL; --static CRYPTO_ONCE bio_type_init = CRYPTO_ONCE_STATIC_INIT; -- --DEFINE_RUN_ONCE_STATIC(do_bio_type_init) --{ -- bio_type_lock = CRYPTO_THREAD_lock_new(); -- return bio_type_lock != NULL; --} -- --int BIO_get_new_index() --{ -- static int bio_count = BIO_TYPE_START; -- int newval; -- -- if (!RUN_ONCE(&bio_type_init, do_bio_type_init)) { -- BIOerr(BIO_F_BIO_GET_NEW_INDEX, ERR_R_MALLOC_FAILURE); -- return -1; -- } -- if (!CRYPTO_atomic_add(&bio_count, 1, &newval, bio_type_lock)) -- return -1; -- return newval; --} -- --BIO_METHOD *BIO_meth_new(int type, const char *name) --{ -- BIO_METHOD *biom = OPENSSL_zalloc(sizeof(BIO_METHOD)); -- -- if (biom != NULL) { -- biom->type = type; -- biom->name = name; -- } -- return biom; --} -- --void BIO_meth_free(BIO_METHOD *biom) --{ -- OPENSSL_free(biom); --} -- --int (*BIO_meth_get_write(BIO_METHOD *biom)) (BIO *, const char *, int) --{ -- return biom->bwrite; --} -- --int BIO_meth_set_write(BIO_METHOD *biom, -- int (*bwrite) (BIO *, const char *, int)) --{ -- biom->bwrite = bwrite; -- return 1; --} -- --int (*BIO_meth_get_read(BIO_METHOD *biom)) (BIO *, char *, int) --{ -- return biom->bread; --} -- --int BIO_meth_set_read(BIO_METHOD *biom, -- int (*bread) (BIO *, char *, int)) --{ -- biom->bread = bread; -- return 1; --} -- --int (*BIO_meth_get_puts(BIO_METHOD *biom)) (BIO *, const char *) --{ -- return biom->bputs; --} -- --int BIO_meth_set_puts(BIO_METHOD *biom, -- int (*bputs) (BIO *, const char *)) --{ -- biom->bputs = bputs; -- return 1; --} -- --int (*BIO_meth_get_gets(BIO_METHOD *biom)) (BIO *, char *, int) --{ -- return biom->bgets; --} -- --int BIO_meth_set_gets(BIO_METHOD *biom, -- int (*bgets) (BIO *, char *, int)) --{ -- biom->bgets = bgets; -- return 1; --} -- --long (*BIO_meth_get_ctrl(BIO_METHOD *biom)) (BIO *, int, long, void *) --{ -- return biom->ctrl; --} -- --int BIO_meth_set_ctrl(BIO_METHOD *biom, -- long (*ctrl) (BIO *, int, long, void *)) --{ -- biom->ctrl = ctrl; -- return 1; --} -- --int (*BIO_meth_get_create(BIO_METHOD *biom)) (BIO *) --{ -- return biom->create; --} -- --int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *)) --{ -- biom->create = create; -- return 1; --} -- --int (*BIO_meth_get_destroy(BIO_METHOD *biom)) (BIO *) --{ -- return biom->destroy; --} -- --int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *)) --{ -- biom->destroy = destroy; -- return 1; --} -- --long (*BIO_meth_get_callback_ctrl(BIO_METHOD *biom)) (BIO *, int, bio_info_cb *) --{ -- return biom->callback_ctrl; --} -- --int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, -- long (*callback_ctrl) (BIO *, int, -- bio_info_cb *)) --{ -- biom->callback_ctrl = callback_ctrl; -- return 1; --} -diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_acpt.c b/Cryptlib/OpenSSL/crypto/bio/bss_acpt.c -index 6fb971a..4a5e39b 100644 ---- a/Cryptlib/OpenSSL/crypto/bio/bss_acpt.c -+++ b/Cryptlib/OpenSSL/crypto/bio/bss_acpt.c -@@ -1,35 +1,93 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/bio/bss_acpt.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include - #include --#include "bio_lcl.h" -+#define USE_SOCKETS -+#include "cryptlib.h" -+#include - - #ifndef OPENSSL_NO_SOCK - -+# ifdef OPENSSL_SYS_WIN16 -+# define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ -+# else -+# define SOCKET_PROTOCOL IPPROTO_TCP -+# endif -+ -+# if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000) -+/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ -+# undef FIONBIO -+# endif -+ - typedef struct bio_accept_st { - int state; -- int accept_family; -- int bind_mode; /* Socket mode for BIO_listen */ -- int accepted_mode; /* Socket mode for BIO_accept (set on accepted sock) */ - char *param_addr; -- char *param_serv; -- - int accept_sock; -- -- BIO_ADDRINFO *addr_first; -- const BIO_ADDRINFO *addr_iter; -- BIO_ADDR cache_accepting_addr; /* Useful if we asked for port 0 */ -- char *cache_accepting_name, *cache_accepting_serv; -- BIO_ADDR cache_peer_addr; -- char *cache_peer_name, *cache_peer_serv; -- -+ int accept_nbio; -+ char *addr; -+ int nbio; -+ /* -+ * If 0, it means normal, if 1, do a connect on bind failure, and if -+ * there is no-one listening, bind with SO_REUSEADDR. If 2, always use -+ * SO_REUSEADDR. -+ */ -+ int bind_mode; - BIO *bio_chain; - } BIO_ACCEPT; - -@@ -45,13 +103,10 @@ static BIO_ACCEPT *BIO_ACCEPT_new(void); - static void BIO_ACCEPT_free(BIO_ACCEPT *a); - - # define ACPT_S_BEFORE 1 --# define ACPT_S_GET_ADDR 2 --# define ACPT_S_CREATE_SOCKET 3 --# define ACPT_S_LISTEN 4 --# define ACPT_S_ACCEPT 5 --# define ACPT_S_OK 6 -+# define ACPT_S_GET_ACCEPT_SOCKET 2 -+# define ACPT_S_OK 3 - --static const BIO_METHOD methods_acceptp = { -+static BIO_METHOD methods_acceptp = { - BIO_TYPE_ACCEPT, - "socket accept", - acpt_write, -@@ -64,7 +119,7 @@ static const BIO_METHOD methods_acceptp = { - NULL, - }; - --const BIO_METHOD *BIO_s_accept(void) -+BIO_METHOD *BIO_s_accept(void) - { - return (&methods_acceptp); - } -@@ -74,7 +129,7 @@ static int acpt_new(BIO *bi) - BIO_ACCEPT *ba; - - bi->init = 0; -- bi->num = (int)INVALID_SOCKET; -+ bi->num = INVALID_SOCKET; - bi->flags = 0; - if ((ba = BIO_ACCEPT_new()) == NULL) - return (0); -@@ -88,10 +143,12 @@ static BIO_ACCEPT *BIO_ACCEPT_new(void) - { - BIO_ACCEPT *ret; - -- if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) -+ if ((ret = (BIO_ACCEPT *)OPENSSL_malloc(sizeof(BIO_ACCEPT))) == NULL) - return (NULL); -- ret->accept_family = BIO_FAMILY_IPANY; -- ret->accept_sock = (int)INVALID_SOCKET; -+ -+ memset(ret, 0, sizeof(BIO_ACCEPT)); -+ ret->accept_sock = INVALID_SOCKET; -+ ret->bind_mode = BIO_BIND_NORMAL; - return (ret); - } - -@@ -100,14 +157,12 @@ static void BIO_ACCEPT_free(BIO_ACCEPT *a) - if (a == NULL) - return; - -- OPENSSL_free(a->param_addr); -- OPENSSL_free(a->param_serv); -- BIO_ADDRINFO_free(a->addr_first); -- OPENSSL_free(a->cache_accepting_name); -- OPENSSL_free(a->cache_accepting_serv); -- OPENSSL_free(a->cache_peer_name); -- OPENSSL_free(a->cache_peer_serv); -- BIO_free(a->bio_chain); -+ if (a->param_addr != NULL) -+ OPENSSL_free(a->param_addr); -+ if (a->addr != NULL) -+ OPENSSL_free(a->addr); -+ if (a->bio_chain != NULL) -+ BIO_free(a->bio_chain); - OPENSSL_free(a); - } - -@@ -116,11 +171,11 @@ static void acpt_close_socket(BIO *bio) - BIO_ACCEPT *c; - - c = (BIO_ACCEPT *)bio->ptr; -- if (c->accept_sock != (int)INVALID_SOCKET) { -+ if (c->accept_sock != INVALID_SOCKET) { - shutdown(c->accept_sock, 2); - closesocket(c->accept_sock); -- c->accept_sock = (int)INVALID_SOCKET; -- bio->num = (int)INVALID_SOCKET; -+ c->accept_sock = INVALID_SOCKET; -+ bio->num = INVALID_SOCKET; - } - } - -@@ -145,203 +200,102 @@ static int acpt_free(BIO *a) - static int acpt_state(BIO *b, BIO_ACCEPT *c) - { - BIO *bio = NULL, *dbio; -- int s = -1, ret = -1; -- -- for (;;) { -- switch (c->state) { -- case ACPT_S_BEFORE: -- if (c->param_addr == NULL && c->param_serv == NULL) { -- BIOerr(BIO_F_ACPT_STATE, BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED); -- ERR_add_error_data(4, -- "hostname=", c->param_addr, -- " service=", c->param_serv); -- goto exit_loop; -- } -- -- /* Because we're starting a new bind, any cached name and serv -- * are now obsolete and need to be cleaned out. -- * QUESTION: should this be done in acpt_close_socket() instead? -- */ -- OPENSSL_free(c->cache_accepting_name); -- c->cache_accepting_name = NULL; -- OPENSSL_free(c->cache_accepting_serv); -- c->cache_accepting_serv = NULL; -- OPENSSL_free(c->cache_peer_name); -- c->cache_peer_name = NULL; -- OPENSSL_free(c->cache_peer_serv); -- c->cache_peer_serv = NULL; -- -- c->state = ACPT_S_GET_ADDR; -- break; -- -- case ACPT_S_GET_ADDR: -- { -- int family = AF_UNSPEC; -- switch (c->accept_family) { -- case BIO_FAMILY_IPV6: -- if (1) { /* This is a trick we use to avoid bit rot. -- * at least the "else" part will always be -- * compiled. -- */ --#ifdef AF_INET6 -- family = AF_INET6; -- } else { --#endif -- BIOerr(BIO_F_ACPT_STATE, BIO_R_UNAVAILABLE_IP_FAMILY); -- goto exit_loop; -- } -- break; -- case BIO_FAMILY_IPV4: -- family = AF_INET; -- break; -- case BIO_FAMILY_IPANY: -- family = AF_UNSPEC; -- break; -- default: -- BIOerr(BIO_F_ACPT_STATE, BIO_R_UNSUPPORTED_IP_FAMILY); -- goto exit_loop; -- } -- if (BIO_lookup(c->param_addr, c->param_serv, BIO_LOOKUP_SERVER, -- family, SOCK_STREAM, &c->addr_first) == 0) -- goto exit_loop; -- } -- if (c->addr_first == NULL) { -- BIOerr(BIO_F_ACPT_STATE, BIO_R_LOOKUP_RETURNED_NOTHING); -- goto exit_loop; -- } -- /* We're currently not iterating, but set this as preparation -- * for possible future development in that regard -- */ -- c->addr_iter = c->addr_first; -- c->state = ACPT_S_CREATE_SOCKET; -- break; -- -- case ACPT_S_CREATE_SOCKET: -- ret = BIO_socket(BIO_ADDRINFO_family(c->addr_iter), -- BIO_ADDRINFO_socktype(c->addr_iter), -- BIO_ADDRINFO_protocol(c->addr_iter), 0); -- if (ret == (int)INVALID_SOCKET) { -- SYSerr(SYS_F_SOCKET, get_last_socket_error()); -- ERR_add_error_data(4, -- "hostname=", c->param_addr, -- " service=", c->param_serv); -- BIOerr(BIO_F_ACPT_STATE, BIO_R_UNABLE_TO_CREATE_SOCKET); -- goto exit_loop; -- } -- c->accept_sock = ret; -- b->num = ret; -- c->state = ACPT_S_LISTEN; -- break; -- -- case ACPT_S_LISTEN: -- { -- if (!BIO_listen(c->accept_sock, -- BIO_ADDRINFO_address(c->addr_iter), -- c->bind_mode)) { -- BIO_closesocket(c->accept_sock); -- goto exit_loop; -- } -- } -- -- { -- union BIO_sock_info_u info; -- -- info.addr = &c->cache_accepting_addr; -- if (!BIO_sock_info(c->accept_sock, BIO_SOCK_INFO_ADDRESS, -- &info)) { -- BIO_closesocket(c->accept_sock); -- goto exit_loop; -- } -+ int s = -1; -+ int i; -+ -+ again: -+ switch (c->state) { -+ case ACPT_S_BEFORE: -+ if (c->param_addr == NULL) { -+ BIOerr(BIO_F_ACPT_STATE, BIO_R_NO_ACCEPT_PORT_SPECIFIED); -+ return (-1); -+ } -+ s = BIO_get_accept_socket(c->param_addr, c->bind_mode); -+ if (s == INVALID_SOCKET) -+ return (-1); -+ -+ if (c->accept_nbio) { -+ if (!BIO_socket_nbio(s, 1)) { -+ closesocket(s); -+ BIOerr(BIO_F_ACPT_STATE, -+ BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET); -+ return (-1); - } -+ } -+ c->accept_sock = s; -+ b->num = s; -+ c->state = ACPT_S_GET_ACCEPT_SOCKET; -+ return (1); -+ /* break; */ -+ case ACPT_S_GET_ACCEPT_SOCKET: -+ if (b->next_bio != NULL) { -+ c->state = ACPT_S_OK; -+ goto again; -+ } -+ BIO_clear_retry_flags(b); -+ b->retry_reason = 0; -+ i = BIO_accept(c->accept_sock, &(c->addr)); -+ -+ /* -2 return means we should retry */ -+ if (i == -2) { -+ BIO_set_retry_special(b); -+ b->retry_reason = BIO_RR_ACCEPT; -+ return -1; -+ } - -- c->cache_accepting_name = -- BIO_ADDR_hostname_string(&c->cache_accepting_addr, 1); -- c->cache_accepting_serv = -- BIO_ADDR_service_string(&c->cache_accepting_addr, 1); -- c->state = ACPT_S_ACCEPT; -- s = -1; -- ret = 1; -- goto end; -- -- case ACPT_S_ACCEPT: -- if (b->next_bio != NULL) { -- c->state = ACPT_S_OK; -- break; -- } -- BIO_clear_retry_flags(b); -- b->retry_reason = 0; -- -- s = BIO_accept_ex(c->accept_sock, &c->cache_peer_addr, -- c->accepted_mode); -- -- /* If the returned socket is invalid, this might still be -- * retryable -- */ -- if (s < 0) { -- if (BIO_sock_should_retry(s)) { -- BIO_set_retry_special(b); -- b->retry_reason = BIO_RR_ACCEPT; -- goto end; -- } -- } -+ if (i < 0) -+ return (i); - -- /* If it wasn't retryable, we fail */ -- if (s < 0) { -- ret = s; -- goto exit_loop; -- } -+ bio = BIO_new_socket(i, BIO_CLOSE); -+ if (bio == NULL) -+ goto err; - -- bio = BIO_new_socket(s, BIO_CLOSE); -- if (bio == NULL) -- goto exit_loop; -- -- BIO_set_callback(bio, BIO_get_callback(b)); -- BIO_set_callback_arg(bio, BIO_get_callback_arg(b)); -- -- /* -- * If the accept BIO has an bio_chain, we dup it and put the new -- * socket at the end. -- */ -- if (c->bio_chain != NULL) { -- if ((dbio = BIO_dup_chain(c->bio_chain)) == NULL) -- goto exit_loop; -- if (!BIO_push(dbio, bio)) -- goto exit_loop; -- bio = dbio; -- } -- if (BIO_push(b, bio) == NULL) -- goto exit_loop; -+ BIO_set_callback(bio, BIO_get_callback(b)); -+ BIO_set_callback_arg(bio, BIO_get_callback_arg(b)); - -- c->cache_peer_name = -- BIO_ADDR_hostname_string(&c->cache_peer_addr, 1); -- c->cache_peer_serv = -- BIO_ADDR_service_string(&c->cache_peer_addr, 1); -- c->state = ACPT_S_OK; -- bio = NULL; -- ret = 1; -- goto end; -- -- case ACPT_S_OK: -- if (b->next_bio == NULL) { -- c->state = ACPT_S_ACCEPT; -- break; -+ if (c->nbio) { -+ if (!BIO_socket_nbio(i, 1)) { -+ BIOerr(BIO_F_ACPT_STATE, -+ BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET); -+ goto err; - } -- ret = 1; -- goto end; -+ } - -- default: -- ret = 0; -- goto end; -+ /* -+ * If the accept BIO has an bio_chain, we dup it and put the new -+ * socket at the end. -+ */ -+ if (c->bio_chain != NULL) { -+ if ((dbio = BIO_dup_chain(c->bio_chain)) == NULL) -+ goto err; -+ if (!BIO_push(dbio, bio)) -+ goto err; -+ bio = dbio; -+ } -+ if (BIO_push(b, bio) == NULL) -+ goto err; -+ -+ c->state = ACPT_S_OK; -+ return (1); -+ err: -+ if (bio != NULL) -+ BIO_free(bio); -+ else if (s >= 0) -+ closesocket(s); -+ return (0); -+ /* break; */ -+ case ACPT_S_OK: -+ if (b->next_bio == NULL) { -+ c->state = ACPT_S_GET_ACCEPT_SOCKET; -+ goto again; - } -+ return (1); -+ /* break; */ -+ default: -+ return (0); -+ /* break; */ - } - -- exit_loop: -- if (bio != NULL) -- BIO_free(bio); -- else if (s >= 0) -- BIO_closesocket(s); -- end: -- return ret; - } - - static int acpt_read(BIO *b, char *out, int outl) -@@ -396,8 +350,6 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr) - ret = 0; - data->state = ACPT_S_BEFORE; - acpt_close_socket(b); -- BIO_ADDRINFO_free(data->addr_first); -- data->addr_first = NULL; - b->flags = 0; - break; - case BIO_C_DO_STATE_MACHINE: -@@ -407,49 +359,27 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr) - case BIO_C_SET_ACCEPT: - if (ptr != NULL) { - if (num == 0) { -- char *hold_serv = data->param_serv; -- /* We affect the hostname regardless. However, the input -- * string might contain a host:service spec, so we must -- * parse it, which might or might not affect the service -- */ -- OPENSSL_free(data->param_addr); -- data->param_addr = NULL; -- ret = BIO_parse_hostserv(ptr, -- &data->param_addr, -- &data->param_serv, -- BIO_PARSE_PRIO_SERV); -- if (hold_serv != data->param_serv) -- OPENSSL_free(hold_serv); - b->init = 1; -+ if (data->param_addr != NULL) -+ OPENSSL_free(data->param_addr); -+ data->param_addr = BUF_strdup(ptr); - } else if (num == 1) { -- OPENSSL_free(data->param_serv); -- data->param_serv = BUF_strdup(ptr); -- b->init = 1; -+ data->accept_nbio = (ptr != NULL); - } else if (num == 2) { -- data->bind_mode |= BIO_SOCK_NONBLOCK; -- } else if (num == 3) { -- BIO_free(data->bio_chain); -+ if (data->bio_chain != NULL) -+ BIO_free(data->bio_chain); - data->bio_chain = (BIO *)ptr; -- } else if (num == 4) { -- data->accept_family = *(int *)ptr; -- } -- } else { -- if (num == 2) { -- data->bind_mode &= ~BIO_SOCK_NONBLOCK; - } - } - break; - case BIO_C_SET_NBIO: -- if (num != 0) -- data->accepted_mode |= BIO_SOCK_NONBLOCK; -- else -- data->accepted_mode &= ~BIO_SOCK_NONBLOCK; -+ data->nbio = (int)num; - break; - case BIO_C_SET_FD: - b->init = 1; - b->num = *((int *)ptr); - data->accept_sock = b->num; -- data->state = ACPT_S_ACCEPT; -+ data->state = ACPT_S_GET_ACCEPT_SOCKET; - b->shutdown = (int)num; - b->init = 1; - break; -@@ -464,35 +394,9 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr) - break; - case BIO_C_GET_ACCEPT: - if (b->init) { -- if (num == 0 && ptr != NULL) { -- pp = (char **)ptr; -- *pp = data->cache_accepting_name; -- } else if (num == 1 && ptr != NULL) { -+ if (ptr != NULL) { - pp = (char **)ptr; -- *pp = data->cache_accepting_serv; -- } else if (num == 2 && ptr != NULL) { -- pp = (char **)ptr; -- *pp = data->cache_peer_name; -- } else if (num == 3 && ptr != NULL) { -- pp = (char **)ptr; -- *pp = data->cache_peer_serv; -- } else if (num == 4) { -- switch (BIO_ADDRINFO_family(data->addr_iter)) { --#ifdef AF_INET6 -- case AF_INET6: -- ret = BIO_FAMILY_IPV6; -- break; --#endif -- case AF_INET: -- ret = BIO_FAMILY_IPV4; -- break; -- case 0: -- ret = data->accept_family; -- break; -- default: -- ret = -1; -- break; -- } -+ *pp = data->param_addr; - } else - ret = -1; - } else -@@ -548,10 +452,12 @@ BIO *BIO_new_accept(const char *str) - ret = BIO_new(BIO_s_accept()); - if (ret == NULL) - return (NULL); -- if (BIO_set_accept_name(ret, str)) -+ if (BIO_set_accept_port(ret, str)) - return (ret); -- BIO_free(ret); -- return (NULL); -+ else { -+ BIO_free(ret); -+ return (NULL); -+ } - } - - #endif -diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_bio.c b/Cryptlib/OpenSSL/crypto/bio/bss_bio.c -index de34f6b..3dd8187 100644 ---- a/Cryptlib/OpenSSL/crypto/bio/bss_bio.c -+++ b/Cryptlib/OpenSSL/crypto/bio/bss_bio.c -@@ -1,10 +1,56 @@ --/* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/bio/bss_bio.c */ -+/* ==================================================================== -+ * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - /* -@@ -15,17 +61,39 @@ - * See ssl/ssltest.c for some hints on how this can be used. - */ - -+/* BIO_DEBUG implies BIO_PAIR_DEBUG */ -+#ifdef BIO_DEBUG -+# ifndef BIO_PAIR_DEBUG -+# define BIO_PAIR_DEBUG -+# endif -+#endif -+ -+/* disable assert() unless BIO_PAIR_DEBUG has been defined */ -+#ifndef BIO_PAIR_DEBUG -+# ifndef NDEBUG -+# define NDEBUG -+# endif -+#endif -+ - #include - #include - #include - #include - --#include "bio_lcl.h" -+#include - #include - #include - - #include "e_os.h" - -+/* VxWorks defines SSIZE_MAX with an empty value causing compile errors */ -+#if defined(OPENSSL_SYS_VXWORKS) -+# undef SSIZE_MAX -+#endif -+#ifndef SSIZE_MAX -+# define SSIZE_MAX INT_MAX -+#endif -+ - static int bio_new(BIO *bio); - static int bio_free(BIO *bio); - static int bio_read(BIO *bio, char *buf, int size); -@@ -36,7 +104,7 @@ static int bio_puts(BIO *bio, const char *str); - static int bio_make_pair(BIO *bio1, BIO *bio2); - static void bio_destroy_pair(BIO *bio); - --static const BIO_METHOD methods_biop = { -+static BIO_METHOD methods_biop = { - BIO_TYPE_BIO, - "BIO pair", - bio_write, -@@ -49,7 +117,7 @@ static const BIO_METHOD methods_biop = { - NULL /* no bio_callback_ctrl */ - }; - --const BIO_METHOD *BIO_s_bio(void) -+BIO_METHOD *BIO_s_bio(void) - { - return &methods_biop; - } -@@ -74,13 +142,20 @@ struct bio_bio_st { - - static int bio_new(BIO *bio) - { -- struct bio_bio_st *b = OPENSSL_zalloc(sizeof(*b)); -+ struct bio_bio_st *b; - -+ b = OPENSSL_malloc(sizeof *b); - if (b == NULL) - return 0; - -+ b->peer = NULL; -+ b->closed = 0; -+ b->len = 0; -+ b->offset = 0; - /* enough for one TLS record (just a default) */ - b->size = 17 * 1024; -+ b->buf = NULL; -+ b->request = 0; - - bio->ptr = b; - return 1; -@@ -99,7 +174,10 @@ static int bio_free(BIO *bio) - if (b->peer) - bio_destroy_pair(bio); - -- OPENSSL_free(b->buf); -+ if (b->buf != NULL) { -+ OPENSSL_free(b->buf); -+ } -+ - OPENSSL_free(b); - - return 1; -@@ -238,8 +316,8 @@ static ossl_ssize_t bio_nread(BIO *bio, char **buf, size_t num_) - struct bio_bio_st *b, *peer_b; - ossl_ssize_t num, available; - -- if (num_ > OSSL_SSIZE_MAX) -- num = OSSL_SSIZE_MAX; -+ if (num_ > SSIZE_MAX) -+ num = SSIZE_MAX; - else - num = (ossl_ssize_t) num_; - -@@ -394,8 +472,8 @@ static ossl_ssize_t bio_nwrite(BIO *bio, char **buf, size_t num_) - struct bio_bio_st *b; - ossl_ssize_t num, space; - -- if (num_ > OSSL_SSIZE_MAX) -- num = OSSL_SSIZE_MAX; -+ if (num_ > SSIZE_MAX) -+ num = SSIZE_MAX; - else - num = (ossl_ssize_t) num_; - -@@ -433,8 +511,10 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr) - size_t new_size = num; - - if (b->size != new_size) { -- OPENSSL_free(b->buf); -- b->buf = NULL; -+ if (b->buf) { -+ OPENSSL_free(b->buf); -+ b->buf = NULL; -+ } - b->size = new_size; - } - ret = 1; -@@ -711,10 +791,14 @@ int BIO_new_bio_pair(BIO **bio1_p, size_t writebuf1, - - err: - if (ret == 0) { -- BIO_free(bio1); -- bio1 = NULL; -- BIO_free(bio2); -- bio2 = NULL; -+ if (bio1) { -+ BIO_free(bio1); -+ bio1 = NULL; -+ } -+ if (bio2) { -+ BIO_free(bio2); -+ bio2 = NULL; -+ } - } - - *bio1_p = bio1; -diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_conn.c b/Cryptlib/OpenSSL/crypto/bio/bss_conn.c -index dfd0988..7d15ad2 100644 ---- a/Cryptlib/OpenSSL/crypto/bio/bss_conn.c -+++ b/Cryptlib/OpenSSL/crypto/bio/bss_conn.c -@@ -1,28 +1,88 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/bio/bss_conn.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include - #include -- --#include "bio_lcl.h" -+#define USE_SOCKETS -+#include "cryptlib.h" -+#include - - #ifndef OPENSSL_NO_SOCK - -+# ifdef OPENSSL_SYS_WIN16 -+# define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ -+# else -+# define SOCKET_PROTOCOL IPPROTO_TCP -+# endif -+ -+# if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000) -+/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ -+# undef FIONBIO -+# endif -+ - typedef struct bio_connect_st { - int state; -- int connect_family; - char *param_hostname; -- char *param_service; -- int connect_mode; -- -- BIO_ADDRINFO *addr_first; -- const BIO_ADDRINFO *addr_iter; -+ char *param_port; -+ int nbio; -+ unsigned char ip[4]; -+ unsigned short port; -+ struct sockaddr_in them; - /* - * int socket; this will be kept in bio->num so that it is compatible - * with the bss_sock bio -@@ -48,14 +108,7 @@ static void conn_close_socket(BIO *data); - BIO_CONNECT *BIO_CONNECT_new(void); - void BIO_CONNECT_free(BIO_CONNECT *a); - --#define BIO_CONN_S_BEFORE 1 --#define BIO_CONN_S_GET_ADDR 2 --#define BIO_CONN_S_CREATE_SOCKET 3 --#define BIO_CONN_S_CONNECT 4 --#define BIO_CONN_S_OK 5 --#define BIO_CONN_S_BLOCKED_CONNECT 6 -- --static const BIO_METHOD methods_connectp = { -+static BIO_METHOD methods_connectp = { - BIO_TYPE_CONNECT, - "socket connect", - conn_write, -@@ -71,6 +124,8 @@ static const BIO_METHOD methods_connectp = { - static int conn_state(BIO *b, BIO_CONNECT *c) - { - int ret = -1, i; -+ unsigned long l; -+ char *p, *q; - int (*cb) (const BIO *, int, int) = NULL; - - if (c->info_callback != NULL) -@@ -79,103 +134,123 @@ static int conn_state(BIO *b, BIO_CONNECT *c) - for (;;) { - switch (c->state) { - case BIO_CONN_S_BEFORE: -- if (c->param_hostname == NULL && c->param_service == NULL) { -- BIOerr(BIO_F_CONN_STATE, BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED); -- ERR_add_error_data(4, -- "hostname=", c->param_hostname, -- " service=", c->param_service); -+ p = c->param_hostname; -+ if (p == NULL) { -+ BIOerr(BIO_F_CONN_STATE, BIO_R_NO_HOSTNAME_SPECIFIED); - goto exit_loop; - } -- c->state = BIO_CONN_S_GET_ADDR; -- break; -- -- case BIO_CONN_S_GET_ADDR: -- { -- int family = AF_UNSPEC; -- switch (c->connect_family) { -- case BIO_FAMILY_IPV6: -- if (1) { /* This is a trick we use to avoid bit rot. -- * at least the "else" part will always be -- * compiled. -- */ --#ifdef AF_INET6 -- family = AF_INET6; -- } else { --#endif -- BIOerr(BIO_F_CONN_STATE, BIO_R_UNAVAILABLE_IP_FAMILY); -- goto exit_loop; -- } -- break; -- case BIO_FAMILY_IPV4: -- family = AF_INET; -+ for (; *p != '\0'; p++) { -+ if ((*p == ':') || (*p == '/')) - break; -- case BIO_FAMILY_IPANY: -- family = AF_UNSPEC; -- break; -- default: -- BIOerr(BIO_F_CONN_STATE, BIO_R_UNSUPPORTED_IP_FAMILY); -- goto exit_loop; -+ } -+ -+ i = *p; -+ if ((i == ':') || (i == '/')) { -+ -+ *(p++) = '\0'; -+ if (i == ':') { -+ for (q = p; *q; q++) -+ if (*q == '/') { -+ *q = '\0'; -+ break; -+ } -+ if (c->param_port != NULL) -+ OPENSSL_free(c->param_port); -+ c->param_port = BUF_strdup(p); - } -- if (BIO_lookup(c->param_hostname, c->param_service, -- BIO_LOOKUP_CLIENT, -- family, SOCK_STREAM, &c->addr_first) == 0) -- goto exit_loop; - } -- if (c->addr_first == NULL) { -- BIOerr(BIO_F_CONN_STATE, BIO_R_LOOKUP_RETURNED_NOTHING); -+ -+ if (c->param_port == NULL) { -+ BIOerr(BIO_F_CONN_STATE, BIO_R_NO_PORT_SPECIFIED); -+ ERR_add_error_data(2, "host=", c->param_hostname); - goto exit_loop; - } -- c->addr_iter = c->addr_first; -+ c->state = BIO_CONN_S_GET_IP; -+ break; -+ -+ case BIO_CONN_S_GET_IP: -+ if (BIO_get_host_ip(c->param_hostname, &(c->ip[0])) <= 0) -+ goto exit_loop; -+ c->state = BIO_CONN_S_GET_PORT; -+ break; -+ -+ case BIO_CONN_S_GET_PORT: -+ if (c->param_port == NULL) { -+ /* abort(); */ -+ goto exit_loop; -+ } else if (BIO_get_port(c->param_port, &c->port) <= 0) -+ goto exit_loop; - c->state = BIO_CONN_S_CREATE_SOCKET; - break; - - case BIO_CONN_S_CREATE_SOCKET: -- ret = BIO_socket(BIO_ADDRINFO_family(c->addr_iter), -- BIO_ADDRINFO_socktype(c->addr_iter), -- BIO_ADDRINFO_protocol(c->addr_iter), 0); -- if (ret == (int)INVALID_SOCKET) { -+ /* now setup address */ -+ memset((char *)&c->them, 0, sizeof(c->them)); -+ c->them.sin_family = AF_INET; -+ c->them.sin_port = htons((unsigned short)c->port); -+ l = (unsigned long) -+ ((unsigned long)c->ip[0] << 24L) | -+ ((unsigned long)c->ip[1] << 16L) | -+ ((unsigned long)c->ip[2] << 8L) | ((unsigned long)c->ip[3]); -+ c->them.sin_addr.s_addr = htonl(l); -+ c->state = BIO_CONN_S_CREATE_SOCKET; -+ -+ ret = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL); -+ if (ret == INVALID_SOCKET) { - SYSerr(SYS_F_SOCKET, get_last_socket_error()); -- ERR_add_error_data(4, -- "hostname=", c->param_hostname, -- " service=", c->param_service); -+ ERR_add_error_data(4, "host=", c->param_hostname, -+ ":", c->param_port); - BIOerr(BIO_F_CONN_STATE, BIO_R_UNABLE_TO_CREATE_SOCKET); - goto exit_loop; - } - b->num = ret; -+ c->state = BIO_CONN_S_NBIO; -+ break; -+ -+ case BIO_CONN_S_NBIO: -+ if (c->nbio) { -+ if (!BIO_socket_nbio(b->num, 1)) { -+ BIOerr(BIO_F_CONN_STATE, BIO_R_ERROR_SETTING_NBIO); -+ ERR_add_error_data(4, "host=", -+ c->param_hostname, ":", c->param_port); -+ goto exit_loop; -+ } -+ } - c->state = BIO_CONN_S_CONNECT; -+ -+# if defined(SO_KEEPALIVE) && !defined(OPENSSL_SYS_MPE) -+ i = 1; -+ i = setsockopt(b->num, SOL_SOCKET, SO_KEEPALIVE, (char *)&i, -+ sizeof(i)); -+ if (i < 0) { -+ SYSerr(SYS_F_SOCKET, get_last_socket_error()); -+ ERR_add_error_data(4, "host=", c->param_hostname, -+ ":", c->param_port); -+ BIOerr(BIO_F_CONN_STATE, BIO_R_KEEPALIVE); -+ goto exit_loop; -+ } -+# endif - break; - - case BIO_CONN_S_CONNECT: - BIO_clear_retry_flags(b); -- ret = BIO_connect(b->num, BIO_ADDRINFO_address(c->addr_iter), -- BIO_SOCK_KEEPALIVE | c->connect_mode); -+ ret = connect(b->num, -+ (struct sockaddr *)&c->them, sizeof(c->them)); - b->retry_reason = 0; -- if (ret == 0) { -+ if (ret < 0) { - if (BIO_sock_should_retry(ret)) { - BIO_set_retry_special(b); - c->state = BIO_CONN_S_BLOCKED_CONNECT; - b->retry_reason = BIO_RR_CONNECT; -- ERR_clear_error(); -- } else if ((c->addr_iter = BIO_ADDRINFO_next(c->addr_iter)) -- != NULL) { -- /* -- * if there are more addresses to try, do that first -- */ -- BIO_closesocket(b->num); -- c->state = BIO_CONN_S_CREATE_SOCKET; -- ERR_clear_error(); -- break; - } else { - SYSerr(SYS_F_CONNECT, get_last_socket_error()); -- ERR_add_error_data(4, -- "hostname=", c->param_hostname, -- " service=", c->param_service); -+ ERR_add_error_data(4, "host=", -+ c->param_hostname, ":", c->param_port); - BIOerr(BIO_F_CONN_STATE, BIO_R_CONNECT_ERROR); - } - goto exit_loop; -- } else { -+ } else - c->state = BIO_CONN_S_OK; -- } - break; - - case BIO_CONN_S_BLOCKED_CONNECT: -@@ -183,9 +258,8 @@ static int conn_state(BIO *b, BIO_CONNECT *c) - if (i) { - BIO_clear_retry_flags(b); - SYSerr(SYS_F_CONNECT, i); -- ERR_add_error_data(4, -- "hostname=", c->param_hostname, -- " service=", c->param_service); -+ ERR_add_error_data(4, "host=", -+ c->param_hostname, ":", c->param_port); - BIOerr(BIO_F_CONN_STATE, BIO_R_NBIO_CONNECT_ERROR); - ret = 0; - goto exit_loop; -@@ -202,7 +276,7 @@ static int conn_state(BIO *b, BIO_CONNECT *c) - } - - if (cb != NULL) { -- if ((ret = cb((BIO *)b, c->state, ret)) == 0) -+ if (!(ret = cb((BIO *)b, c->state, ret))) - goto end; - } - } -@@ -219,10 +293,19 @@ BIO_CONNECT *BIO_CONNECT_new(void) - { - BIO_CONNECT *ret; - -- if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) -+ if ((ret = (BIO_CONNECT *)OPENSSL_malloc(sizeof(BIO_CONNECT))) == NULL) - return (NULL); - ret->state = BIO_CONN_S_BEFORE; -- ret->connect_family = BIO_FAMILY_IPANY; -+ ret->param_hostname = NULL; -+ ret->param_port = NULL; -+ ret->info_callback = NULL; -+ ret->nbio = 0; -+ ret->ip[0] = 0; -+ ret->ip[1] = 0; -+ ret->ip[2] = 0; -+ ret->ip[3] = 0; -+ ret->port = 0; -+ memset((char *)&ret->them, 0, sizeof(ret->them)); - return (ret); - } - -@@ -231,13 +314,14 @@ void BIO_CONNECT_free(BIO_CONNECT *a) - if (a == NULL) - return; - -- OPENSSL_free(a->param_hostname); -- OPENSSL_free(a->param_service); -- BIO_ADDRINFO_free(a->addr_first); -+ if (a->param_hostname != NULL) -+ OPENSSL_free(a->param_hostname); -+ if (a->param_port != NULL) -+ OPENSSL_free(a->param_port); - OPENSSL_free(a); - } - --const BIO_METHOD *BIO_s_connect(void) -+BIO_METHOD *BIO_s_connect(void) - { - return (&methods_connectp); - } -@@ -245,7 +329,7 @@ const BIO_METHOD *BIO_s_connect(void) - static int conn_new(BIO *bi) - { - bi->init = 0; -- bi->num = (int)INVALID_SOCKET; -+ bi->num = INVALID_SOCKET; - bi->flags = 0; - if ((bi->ptr = (char *)BIO_CONNECT_new()) == NULL) - return (0); -@@ -258,12 +342,12 @@ static void conn_close_socket(BIO *bio) - BIO_CONNECT *c; - - c = (BIO_CONNECT *)bio->ptr; -- if (bio->num != (int)INVALID_SOCKET) { -+ if (bio->num != INVALID_SOCKET) { - /* Only do a shutdown if things were established */ - if (c->state == BIO_CONN_S_OK) - shutdown(bio->num, 2); -- BIO_closesocket(bio->num); -- bio->num = (int)INVALID_SOCKET; -+ closesocket(bio->num); -+ bio->num = INVALID_SOCKET; - } - } - -@@ -346,8 +430,6 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) - ret = 0; - data->state = BIO_CONN_S_BEFORE; - conn_close_socket(b); -- BIO_ADDRINFO_free(data->addr_first); -- data->addr_first = NULL; - b->flags = 0; - break; - case BIO_C_DO_STATE_MACHINE: -@@ -360,33 +442,27 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) - case BIO_C_GET_CONNECT: - if (ptr != NULL) { - pptr = (const char **)ptr; -- if (num == 0) { -- *pptr = data->param_hostname; -- } else if (num == 1) { -- *pptr = data->param_service; -- } else if (num == 2) { -- *pptr = (const char *)BIO_ADDRINFO_address(data->addr_iter); -- } else if (num == 3) { -- switch (BIO_ADDRINFO_family(data->addr_iter)) { --# ifdef AF_INET6 -- case AF_INET6: -- ret = BIO_FAMILY_IPV6; -- break; --# endif -- case AF_INET: -- ret = BIO_FAMILY_IPV4; -- break; -- case 0: -- ret = data->connect_family; -- break; -- default: -- ret = -1; -- break; -+ } -+ -+ if (b->init) { -+ if (pptr != NULL) { -+ ret = 1; -+ if (num == 0) { -+ *pptr = data->param_hostname; -+ } else if (num == 1) { -+ *pptr = data->param_port; -+ } else if (num == 2) { -+ *pptr = (char *)&(data->ip[0]); -+ } else { -+ ret = 0; - } -- } else { -- ret = 0; -+ } -+ if (num == 3) { -+ ret = data->port; - } - } else { -+ if (pptr != NULL) -+ *pptr = "not initialized"; - ret = 0; - } - break; -@@ -394,46 +470,36 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) - if (ptr != NULL) { - b->init = 1; - if (num == 0) { -- char *hold_service = data->param_service; -- /* We affect the hostname regardless. However, the input -- * string might contain a host:service spec, so we must -- * parse it, which might or might not affect the service -- */ -- OPENSSL_free(data->param_hostname); -- data->param_hostname = NULL; -- ret = BIO_parse_hostserv(ptr, -- &data->param_hostname, -- &data->param_service, -- BIO_PARSE_PRIO_HOST); -- if (hold_service != data->param_service) -- OPENSSL_free(hold_service); -+ if (data->param_hostname != NULL) -+ OPENSSL_free(data->param_hostname); -+ data->param_hostname = BUF_strdup(ptr); - } else if (num == 1) { -- OPENSSL_free(data->param_service); -- data->param_service = BUF_strdup(ptr); -+ if (data->param_port != NULL) -+ OPENSSL_free(data->param_port); -+ data->param_port = BUF_strdup(ptr); - } else if (num == 2) { -- const BIO_ADDR *addr = (const BIO_ADDR *)ptr; -- if (ret) { -- data->param_hostname = BIO_ADDR_hostname_string(addr, 1); -- data->param_service = BIO_ADDR_service_string(addr, 1); -- BIO_ADDRINFO_free(data->addr_first); -- data->addr_first = NULL; -- data->addr_iter = NULL; -- } -+ char buf[16]; -+ unsigned char *p = ptr; -+ -+ BIO_snprintf(buf, sizeof buf, "%d.%d.%d.%d", -+ p[0], p[1], p[2], p[3]); -+ if (data->param_hostname != NULL) -+ OPENSSL_free(data->param_hostname); -+ data->param_hostname = BUF_strdup(buf); -+ memcpy(&(data->ip[0]), ptr, 4); - } else if (num == 3) { -- data->connect_family = *(int *)ptr; -- } else { -- ret = 0; -+ char buf[DECIMAL_SIZE(int) + 1]; -+ -+ BIO_snprintf(buf, sizeof buf, "%d", *(int *)ptr); -+ if (data->param_port != NULL) -+ OPENSSL_free(data->param_port); -+ data->param_port = BUF_strdup(buf); -+ data->port = *(int *)ptr; - } - } - break; - case BIO_C_SET_NBIO: -- if (num != 0) -- data->connect_mode |= BIO_SOCK_NONBLOCK; -- else -- data->connect_mode &= ~BIO_SOCK_NONBLOCK; -- break; -- case BIO_C_SET_CONNECT_MODE: -- data->connect_mode = (int)num; -+ data->nbio = (int)num; - break; - case BIO_C_GET_FD: - if (b->init) { -@@ -459,12 +525,11 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) - case BIO_CTRL_DUP: - { - dbio = (BIO *)ptr; -+ if (data->param_port) -+ BIO_set_conn_port(dbio, data->param_port); - if (data->param_hostname) - BIO_set_conn_hostname(dbio, data->param_hostname); -- if (data->param_service) -- BIO_set_conn_port(dbio, data->param_service); -- BIO_set_conn_ip_family(dbio, data->connect_family); -- BIO_set_conn_mode(dbio, data->connect_mode); -+ BIO_set_nbio(dbio, data->nbio); - /* - * FIXME: the cast of the function seems unlikely to be a good - * idea -@@ -538,8 +603,10 @@ BIO *BIO_new_connect(const char *str) - return (NULL); - if (BIO_set_conn_hostname(ret, str)) - return (ret); -- BIO_free(ret); -- return (NULL); -+ else { -+ BIO_free(ret); -+ return (NULL); -+ } - } - - #endif -diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_dgram.c b/Cryptlib/OpenSSL/crypto/bio/bss_dgram.c -index 6dfcc9b..bdd7bf8 100644 ---- a/Cryptlib/OpenSSL/crypto/bio/bss_dgram.c -+++ b/Cryptlib/OpenSSL/crypto/bio/bss_dgram.c -@@ -1,21 +1,70 @@ -+/* crypto/bio/bio_dgram.c */ - /* -- * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * DTLS implementation written by Nagendra Modadugu -+ * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include - #include -+#define USE_SOCKETS -+#include "cryptlib.h" - --#include "bio_lcl.h" -+#include - #ifndef OPENSSL_NO_DGRAM - --# if !(defined(_WIN32) || defined(OPENSSL_SYS_VMS)) --# include --# endif - # if defined(OPENSSL_SYS_VMS) - # include - # endif -@@ -45,6 +94,12 @@ - ((a)->s6_addr32[2] == htonl(0x0000ffff))) - # endif - -+# ifdef WATT32 -+# define sock_write SockWrite /* Watt-32 uses same names */ -+# define sock_read SockRead -+# define sock_puts SockPuts -+# endif -+ - static int dgram_write(BIO *h, const char *buf, int num); - static int dgram_read(BIO *h, char *buf, int size); - static int dgram_puts(BIO *h, const char *str); -@@ -70,7 +125,7 @@ static int BIO_dgram_should_retry(int s); - - static void get_current_time(struct timeval *t); - --static const BIO_METHOD methods_dgramp = { -+static BIO_METHOD methods_dgramp = { - BIO_TYPE_DGRAM, - "datagram socket", - dgram_write, -@@ -84,7 +139,7 @@ static const BIO_METHOD methods_dgramp = { - }; - - # ifndef OPENSSL_NO_SCTP --static const BIO_METHOD methods_dgramp_sctp = { -+static BIO_METHOD methods_dgramp_sctp = { - BIO_TYPE_DGRAM_SCTP, - "datagram sctp socket", - dgram_sctp_write, -@@ -99,13 +154,18 @@ static const BIO_METHOD methods_dgramp_sctp = { - # endif - - typedef struct bio_dgram_data_st { -- BIO_ADDR peer; -+ union { -+ struct sockaddr sa; -+ struct sockaddr_in sa_in; -+# if OPENSSL_USE_IPV6 -+ struct sockaddr_in6 sa_in6; -+# endif -+ } peer; - unsigned int connected; - unsigned int _errno; - unsigned int mtu; - struct timeval next_timeout; - struct timeval socket_timeout; -- unsigned int peekmode; - } bio_dgram_data; - - # ifndef OPENSSL_NO_SCTP -@@ -116,7 +176,13 @@ typedef struct bio_dgram_sctp_save_message_st { - } bio_dgram_sctp_save_message; - - typedef struct bio_dgram_sctp_data_st { -- BIO_ADDR peer; -+ union { -+ struct sockaddr sa; -+ struct sockaddr_in sa_in; -+# if OPENSSL_USE_IPV6 -+ struct sockaddr_in6 sa_in6; -+# endif -+ } peer; - unsigned int connected; - unsigned int _errno; - unsigned int mtu; -@@ -134,7 +200,7 @@ typedef struct bio_dgram_sctp_data_st { - } bio_dgram_sctp_data; - # endif - --const BIO_METHOD *BIO_s_datagram(void) -+BIO_METHOD *BIO_s_datagram(void) - { - return (&methods_dgramp); - } -@@ -152,11 +218,17 @@ BIO *BIO_new_dgram(int fd, int close_flag) - - static int dgram_new(BIO *bi) - { -- bio_dgram_data *data = OPENSSL_zalloc(sizeof(*data)); -+ bio_dgram_data *data = NULL; - -+ bi->init = 0; -+ bi->num = 0; -+ data = OPENSSL_malloc(sizeof(bio_dgram_data)); - if (data == NULL) - return 0; -+ memset(data, 0x00, sizeof(bio_dgram_data)); - bi->ptr = data; -+ -+ bi->flags = 0; - return (1); - } - -@@ -170,7 +242,8 @@ static int dgram_free(BIO *a) - return 0; - - data = (bio_dgram_data *)a->ptr; -- OPENSSL_free(data); -+ if (data != NULL) -+ OPENSSL_free(data); - - return (1); - } -@@ -181,7 +254,7 @@ static int dgram_clear(BIO *a) - return (0); - if (a->shutdown) { - if (a->init) { -- BIO_closesocket(a->num); -+ SHUTDOWN2(a->num); - } - a->init = 0; - a->flags = 0; -@@ -244,7 +317,7 @@ static void dgram_adjust_rcv_timeout(BIO *b) - } - - /* -- * Adjust socket timeout if next handshake message timer will expire -+ * Adjust socket timeout if next handhake message timer will expire - * earlier. - */ - if ((data->socket_timeout.tv_sec == 0 -@@ -298,22 +371,39 @@ static int dgram_read(BIO *b, char *out, int outl) - { - int ret = 0; - bio_dgram_data *data = (bio_dgram_data *)b->ptr; -- int flags = 0; - -- BIO_ADDR peer; -- socklen_t len = sizeof(peer); -+ struct { -+ /* -+ * See commentary in b_sock.c. -+ */ -+ union { -+ size_t s; -+ int i; -+ } len; -+ union { -+ struct sockaddr sa; -+ struct sockaddr_in sa_in; -+# if OPENSSL_USE_IPV6 -+ struct sockaddr_in6 sa_in6; -+# endif -+ } peer; -+ } sa; -+ -+ sa.len.s = 0; -+ sa.len.i = sizeof(sa.peer); - - if (out != NULL) { - clear_socket_error(); -- memset(&peer, 0, sizeof(peer)); -+ memset(&sa.peer, 0x00, sizeof(sa.peer)); - dgram_adjust_rcv_timeout(b); -- if (data->peekmode) -- flags = MSG_PEEK; -- ret = recvfrom(b->num, out, outl, flags, -- BIO_ADDR_sockaddr_noconst(&peer), &len); -+ ret = recvfrom(b->num, out, outl, 0, &sa.peer.sa, (void *)&sa.len); -+ if (sizeof(sa.len.i) != sizeof(sa.len.s) && sa.len.i == 0) { -+ OPENSSL_assert(sa.len.s <= sizeof(sa.peer)); -+ sa.len.i = (int)sa.len.s; -+ } - - if (!data->connected && ret >= 0) -- BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &peer); -+ BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &sa.peer); - - BIO_clear_retry_flags(b); - if (ret < 0) { -@@ -337,14 +427,18 @@ static int dgram_write(BIO *b, const char *in, int inl) - if (data->connected) - ret = writesocket(b->num, in, inl); - else { -- int peerlen = BIO_ADDR_sockaddr_size(&data->peer); -+ int peerlen = sizeof(data->peer); - -+ if (data->peer.sa.sa_family == AF_INET) -+ peerlen = sizeof(data->peer.sa_in); -+# if OPENSSL_USE_IPV6 -+ else if (data->peer.sa.sa_family == AF_INET6) -+ peerlen = sizeof(data->peer.sa_in6); -+# endif - # if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK) -- ret = sendto(b->num, (char *)in, inl, 0, -- BIO_ADDR_sockaddr(&data->peer), peerlen); -+ ret = sendto(b->num, (char *)in, inl, 0, &data->peer.sa, peerlen); - # else -- ret = sendto(b->num, in, inl, 0, -- BIO_ADDR_sockaddr(&data->peer), peerlen); -+ ret = sendto(b->num, in, inl, 0, &data->peer.sa, peerlen); - # endif - } - -@@ -353,6 +447,13 @@ static int dgram_write(BIO *b, const char *in, int inl) - if (BIO_dgram_should_retry(ret)) { - BIO_set_retry_write(b); - data->_errno = get_last_socket_error(); -+ -+# if 0 /* higher layers are responsible for querying -+ * MTU, if necessary */ -+ if (data->_errno == EMSGSIZE) -+ /* retrieve the new MTU */ -+ BIO_ctrl(b, BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); -+# endif - } - } - return (ret); -@@ -362,31 +463,27 @@ static long dgram_get_mtu_overhead(bio_dgram_data *data) - { - long ret; - -- switch (BIO_ADDR_family(&data->peer)) { -+ switch (data->peer.sa.sa_family) { - case AF_INET: - /* - * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP - */ - ret = 28; - break; --# ifdef AF_INET6 -+# if OPENSSL_USE_IPV6 - case AF_INET6: -- { - # ifdef IN6_IS_ADDR_V4MAPPED -- struct in6_addr tmp_addr; -- if (BIO_ADDR_rawaddress(&data->peer, &tmp_addr, NULL) -- && IN6_IS_ADDR_V4MAPPED(&tmp_addr)) -- /* -- * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP -- */ -- ret = 28; -- else -+ if (IN6_IS_ADDR_V4MAPPED(&data->peer.sa_in6.sin6_addr)) -+ /* -+ * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP -+ */ -+ ret = 28; -+ else - # endif - /* - * Assume this is UDP - 40 bytes for IP, 8 bytes for UDP - */ - ret = 48; -- } - break; - # endif - default: -@@ -401,14 +498,20 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) - { - long ret = 1; - int *ip; -+ struct sockaddr *to = NULL; - bio_dgram_data *data = NULL; - int sockopt_val = 0; -- int d_errno; - # if defined(OPENSSL_SYS_LINUX) && (defined(IP_MTU_DISCOVER) || defined(IP_MTU)) - socklen_t sockopt_len; /* assume that system supporting IP_MTU is - * modern enough to define socklen_t */ - socklen_t addr_len; -- BIO_ADDR addr; -+ union { -+ struct sockaddr sa; -+ struct sockaddr_in s4; -+# if OPENSSL_USE_IPV6 -+ struct sockaddr_in6 s6; -+# endif -+ } addr; - # endif - - data = (bio_dgram_data *)b->ptr; -@@ -451,13 +554,35 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) - ret = 1; - break; - case BIO_CTRL_DGRAM_CONNECT: -- BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr)); -+ to = (struct sockaddr *)ptr; -+# if 0 -+ if (connect(b->num, to, sizeof(struct sockaddr)) < 0) { -+ perror("connect"); -+ ret = 0; -+ } else { -+# endif -+ switch (to->sa_family) { -+ case AF_INET: -+ memcpy(&data->peer, to, sizeof(data->peer.sa_in)); -+ break; -+# if OPENSSL_USE_IPV6 -+ case AF_INET6: -+ memcpy(&data->peer, to, sizeof(data->peer.sa_in6)); -+ break; -+# endif -+ default: -+ memcpy(&data->peer, to, sizeof(data->peer.sa)); -+ break; -+ } -+# if 0 -+ } -+# endif - break; - /* (Linux)kernel sets DF bit on outgoing IP packets */ - case BIO_CTRL_DGRAM_MTU_DISCOVER: - # if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO) - addr_len = (socklen_t) sizeof(addr); -- memset(&addr, 0, sizeof(addr)); -+ memset((void *)&addr, 0, sizeof(addr)); - if (getsockname(b->num, &addr.sa, &addr_len) < 0) { - ret = 0; - break; -@@ -481,14 +606,14 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) - ret = -1; - break; - } --# else - ret = -1; --# endif -+# else - break; -+# endif - case BIO_CTRL_DGRAM_QUERY_MTU: - # if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU) - addr_len = (socklen_t) sizeof(addr); -- memset(&addr, 0, sizeof(addr)); -+ memset((void *)&addr, 0, sizeof(addr)); - if (getsockname(b->num, &addr.sa, &addr_len) < 0) { - ret = 0; - break; -@@ -536,22 +661,18 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) - break; - case BIO_CTRL_DGRAM_GET_FALLBACK_MTU: - ret = -dgram_get_mtu_overhead(data); -- switch (BIO_ADDR_family(&data->peer)) { -+ switch (data->peer.sa.sa_family) { - case AF_INET: - ret += 576; - break; - # if OPENSSL_USE_IPV6 - case AF_INET6: -- { - # ifdef IN6_IS_ADDR_V4MAPPED -- struct in6_addr tmp_addr; -- if (BIO_ADDR_rawaddress(&data->peer, &tmp_addr, NULL) -- && IN6_IS_ADDR_V4MAPPED(&tmp_addr)) -- ret += 576; -- else -+ if (IN6_IS_ADDR_V4MAPPED(&data->peer.sa_in6.sin6_addr)) -+ ret += 576; -+ else - # endif -- ret += 1280; -- } -+ ret += 1280; - break; - # endif - default: -@@ -561,29 +682,67 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) - break; - case BIO_CTRL_DGRAM_GET_MTU: - return data->mtu; -+ break; - case BIO_CTRL_DGRAM_SET_MTU: - data->mtu = num; - ret = num; - break; - case BIO_CTRL_DGRAM_SET_CONNECTED: -- if (ptr != NULL) { -+ to = (struct sockaddr *)ptr; -+ -+ if (to != NULL) { - data->connected = 1; -- BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr)); -+ switch (to->sa_family) { -+ case AF_INET: -+ memcpy(&data->peer, to, sizeof(data->peer.sa_in)); -+ break; -+# if OPENSSL_USE_IPV6 -+ case AF_INET6: -+ memcpy(&data->peer, to, sizeof(data->peer.sa_in6)); -+ break; -+# endif -+ default: -+ memcpy(&data->peer, to, sizeof(data->peer.sa)); -+ break; -+ } - } else { - data->connected = 0; -- memset(&data->peer, 0, sizeof(data->peer)); -+ memset(&(data->peer), 0x00, sizeof(data->peer)); - } - break; - case BIO_CTRL_DGRAM_GET_PEER: -- ret = BIO_ADDR_sockaddr_size(&data->peer); -- /* FIXME: if num < ret, we will only return part of an address. -- That should bee an error, no? */ -+ switch (data->peer.sa.sa_family) { -+ case AF_INET: -+ ret = sizeof(data->peer.sa_in); -+ break; -+# if OPENSSL_USE_IPV6 -+ case AF_INET6: -+ ret = sizeof(data->peer.sa_in6); -+ break; -+# endif -+ default: -+ ret = sizeof(data->peer.sa); -+ break; -+ } - if (num == 0 || num > ret) - num = ret; - memcpy(ptr, &data->peer, (ret = num)); - break; - case BIO_CTRL_DGRAM_SET_PEER: -- BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr)); -+ to = (struct sockaddr *)ptr; -+ switch (to->sa_family) { -+ case AF_INET: -+ memcpy(&data->peer, to, sizeof(data->peer.sa_in)); -+ break; -+# if OPENSSL_USE_IPV6 -+ case AF_INET6: -+ memcpy(&data->peer, to, sizeof(data->peer.sa_in6)); -+ break; -+# endif -+ default: -+ memcpy(&data->peer, to, sizeof(data->peer.sa)); -+ break; -+ } - break; - case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT: - memcpy(&(data->next_timeout), ptr, sizeof(struct timeval)); -@@ -706,11 +865,11 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) - /* fall-through */ - case BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP: - # ifdef OPENSSL_SYS_WINDOWS -- d_errno = (data->_errno == WSAETIMEDOUT); -+ if (data->_errno == WSAETIMEDOUT) - # else -- d_errno = (data->_errno == EAGAIN); -+ if (data->_errno == EAGAIN) - # endif -- if (d_errno) { -+ { - ret = 1; - data->_errno = 0; - } else -@@ -783,9 +942,6 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) - case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD: - ret = dgram_get_mtu_overhead(data); - break; -- case BIO_CTRL_DGRAM_SET_PEEK_MODE: -- data->peekmode = (unsigned int)num; -- break; - default: - ret = 0; - break; -@@ -803,7 +959,7 @@ static int dgram_puts(BIO *bp, const char *str) - } - - # ifndef OPENSSL_NO_SCTP --const BIO_METHOD *BIO_s_datagram_sctp(void) -+BIO_METHOD *BIO_s_datagram_sctp(void) - { - return (&methods_dgramp_sctp); - } -@@ -854,13 +1010,16 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag) - * connected socket won't use it. - */ - sockopt_len = (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t)); -- authchunks = OPENSSL_zalloc(sockopt_len); -- if (authchunks == NULL) { -+ authchunks = OPENSSL_malloc(sockopt_len); -+ if (!authchunks) { - BIO_vfree(bio); - return (NULL); - } -- ret = getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks, -+ memset(authchunks, 0, sizeof(sockopt_len)); -+ ret = -+ getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks, - &sockopt_len); -+ - if (ret < 0) { - OPENSSL_free(authchunks); - BIO_vfree(bio); -@@ -883,7 +1042,7 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag) - - # ifdef SCTP_AUTHENTICATION_EVENT - # ifdef SCTP_EVENT -- memset(&event, 0, sizeof(event)); -+ memset(&event, 0, sizeof(struct sctp_event)); - event.se_assoc_id = 0; - event.se_type = SCTP_AUTHENTICATION_EVENT; - event.se_on = 1; -@@ -940,9 +1099,10 @@ static int dgram_sctp_new(BIO *bi) - - bi->init = 0; - bi->num = 0; -- data = OPENSSL_zalloc(sizeof(*data)); -+ data = OPENSSL_malloc(sizeof(bio_dgram_sctp_data)); - if (data == NULL) - return 0; -+ memset(data, 0x00, sizeof(bio_dgram_sctp_data)); - # ifdef SCTP_PR_SCTP_NONE - data->prinfo.pr_policy = SCTP_PR_SCTP_NONE; - # endif -@@ -963,7 +1123,8 @@ static int dgram_sctp_free(BIO *a) - - data = (bio_dgram_sctp_data *) a->ptr; - if (data != NULL) { -- OPENSSL_free(data->saved_message.data); -+ if (data->saved_message.data != NULL) -+ OPENSSL_free(data->saved_message.data); - OPENSSL_free(data); - } - -@@ -1003,7 +1164,8 @@ static int dgram_sctp_read(BIO *b, char *out, int outl) - clear_socket_error(); - - do { -- memset(&data->rcvinfo, 0, sizeof(data->rcvinfo)); -+ memset(&data->rcvinfo, 0x00, -+ sizeof(struct bio_dgram_sctp_rcvinfo)); - iov.iov_base = out; - iov.iov_len = outl; - msg.msg_name = NULL; -@@ -1072,13 +1234,9 @@ static int dgram_sctp_read(BIO *b, char *out, int outl) - * it can be sent now. - */ - if (data->saved_message.length > 0) { -- i = dgram_sctp_write(data->saved_message.bio, -+ dgram_sctp_write(data->saved_message.bio, - data->saved_message.data, - data->saved_message.length); -- if (i < 0) { -- ret = i; -- break; -- } - OPENSSL_free(data->saved_message.data); - data->saved_message.data = NULL; - data->saved_message.length = 0; -@@ -1086,7 +1244,7 @@ static int dgram_sctp_read(BIO *b, char *out, int outl) - - /* disable sender dry event */ - # ifdef SCTP_EVENT -- memset(&event, 0, sizeof(event)); -+ memset(&event, 0, sizeof(struct sctp_event)); - event.se_assoc_id = 0; - event.se_type = SCTP_SENDER_DRY_EVENT; - event.se_on = 0; -@@ -1192,11 +1350,11 @@ static int dgram_sctp_read(BIO *b, char *out, int outl) - optlen = - (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t)); - authchunks = OPENSSL_malloc(optlen); -- if (authchunks == NULL) { -+ if (!authchunks) { - BIOerr(BIO_F_DGRAM_SCTP_READ, ERR_R_MALLOC_FAILURE); - return -1; - } -- memset(authchunks, 0, optlen); -+ memset(authchunks, 0, sizeof(optlen)); - ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS, - authchunks, &optlen); - -@@ -1223,14 +1381,6 @@ static int dgram_sctp_read(BIO *b, char *out, int outl) - return (ret); - } - --/* -- * dgram_sctp_write - send message on SCTP socket -- * @b: BIO to write to -- * @in: data to send -- * @inl: amount of bytes in @in to send -- * -- * Returns -1 on error or the sent amount of bytes on success -- */ - static int dgram_sctp_write(BIO *b, const char *in, int inl) - { - int ret; -@@ -1258,7 +1408,7 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl) - * parameters and flags. - */ - if (in[0] != 23) { -- memset(&handshake_sinfo, 0, sizeof(handshake_sinfo)); -+ memset(&handshake_sinfo, 0x00, sizeof(struct bio_dgram_sctp_sndinfo)); - # ifdef SCTP_SACK_IMMEDIATELY - handshake_sinfo.snd_flags = SCTP_SACK_IMMEDIATELY; - # endif -@@ -1269,24 +1419,19 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl) - * If we have to send a shutdown alert message and the socket is not dry - * yet, we have to save it and send it as soon as the socket gets dry. - */ -- if (data->save_shutdown) { -- ret = BIO_dgram_sctp_wait_for_dry(b); -- if (ret < 0) { -+ if (data->save_shutdown && !BIO_dgram_sctp_wait_for_dry(b)) { -+ char *tmp; -+ data->saved_message.bio = b; -+ if (!(tmp = OPENSSL_malloc(inl))) { -+ BIOerr(BIO_F_DGRAM_SCTP_WRITE, ERR_R_MALLOC_FAILURE); - return -1; - } -- if (ret == 0) { -- char *tmp; -- data->saved_message.bio = b; -- if ((tmp = OPENSSL_malloc(inl)) == NULL) { -- BIOerr(BIO_F_DGRAM_SCTP_WRITE, ERR_R_MALLOC_FAILURE); -- return -1; -- } -+ if (data->saved_message.data) - OPENSSL_free(data->saved_message.data); -- data->saved_message.data = tmp; -- memcpy(data->saved_message.data, in, inl); -- data->saved_message.length = inl; -- return inl; -- } -+ data->saved_message.data = tmp; -+ memcpy(data->saved_message.data, in, inl); -+ data->saved_message.length = inl; -+ return inl; - } - - iov[0].iov_base = (char *)in; -@@ -1304,7 +1449,7 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl) - cmsg->cmsg_type = SCTP_SNDINFO; - cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndinfo)); - sndinfo = (struct sctp_sndinfo *)CMSG_DATA(cmsg); -- memset(sndinfo, 0, sizeof(*sndinfo)); -+ memset(sndinfo, 0, sizeof(struct sctp_sndinfo)); - sndinfo->snd_sid = sinfo->snd_sid; - sndinfo->snd_flags = sinfo->snd_flags; - sndinfo->snd_ppid = sinfo->snd_ppid; -@@ -1317,7 +1462,7 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl) - cmsg->cmsg_type = SCTP_PRINFO; - cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_prinfo)); - prinfo = (struct sctp_prinfo *)CMSG_DATA(cmsg); -- memset(prinfo, 0, sizeof(*prinfo)); -+ memset(prinfo, 0, sizeof(struct sctp_prinfo)); - prinfo->pr_policy = pinfo->pr_policy; - prinfo->pr_value = pinfo->pr_value; - msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_prinfo)); -@@ -1327,7 +1472,7 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl) - cmsg->cmsg_type = SCTP_SNDRCV; - cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndrcvinfo)); - sndrcvinfo = (struct sctp_sndrcvinfo *)CMSG_DATA(cmsg); -- memset(sndrcvinfo, 0, sizeof(*sndrcvinfo)); -+ memset(sndrcvinfo, 0, sizeof(struct sctp_sndrcvinfo)); - sndrcvinfo->sinfo_stream = sinfo->snd_sid; - sndrcvinfo->sinfo_flags = sinfo->snd_flags; - # ifdef __FreeBSD__ -@@ -1424,7 +1569,7 @@ static long dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr) - ret = -1; - break; - } -- memset(authkey, 0, sockopt_len); -+ memset(authkey, 0x00, sockopt_len); - authkey->sca_keynumber = authkeyid.scact_keynumber + 1; - # ifndef __FreeBSD__ - /* -@@ -1604,24 +1749,10 @@ int BIO_dgram_sctp_notification_cb(BIO *b, - return 0; - } - --/* -- * BIO_dgram_sctp_wait_for_dry - Wait for SCTP SENDER_DRY event -- * @b: The BIO to check for the dry event -- * -- * Wait until the peer confirms all packets have been received, and so that -- * our kernel doesn't have anything to send anymore. This is only received by -- * the peer's kernel, not the application. -- * -- * Returns: -- * -1 on error -- * 0 when not dry yet -- * 1 when dry -- */ - int BIO_dgram_sctp_wait_for_dry(BIO *b) - { - int is_dry = 0; -- int sockflags = 0; -- int n, ret; -+ int n, sockflags, ret; - union sctp_notification snp; - struct msghdr msg; - struct iovec iov; -@@ -1635,7 +1766,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b) - - /* set sender dry event */ - # ifdef SCTP_EVENT -- memset(&event, 0, sizeof(event)); -+ memset(&event, 0, sizeof(struct sctp_event)); - event.se_assoc_id = 0; - event.se_type = SCTP_SENDER_DRY_EVENT; - event.se_on = 1; -@@ -1658,7 +1789,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b) - return -1; - - /* peek for notification */ -- memset(&snp, 0, sizeof(snp)); -+ memset(&snp, 0x00, sizeof(union sctp_notification)); - iov.iov_base = (char *)&snp; - iov.iov_len = sizeof(union sctp_notification); - msg.msg_name = NULL; -@@ -1680,7 +1811,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b) - - /* if we find a notification, process it and try again if necessary */ - while (msg.msg_flags & MSG_NOTIFICATION) { -- memset(&snp, 0, sizeof(snp)); -+ memset(&snp, 0x00, sizeof(union sctp_notification)); - iov.iov_base = (char *)&snp; - iov.iov_len = sizeof(union sctp_notification); - msg.msg_name = NULL; -@@ -1705,7 +1836,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b) - - /* disable sender dry event */ - # ifdef SCTP_EVENT -- memset(&event, 0, sizeof(event)); -+ memset(&event, 0, sizeof(struct sctp_event)); - event.se_assoc_id = 0; - event.se_type = SCTP_SENDER_DRY_EVENT; - event.se_on = 0; -@@ -1739,7 +1870,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b) - (void *)&snp); - - /* found notification, peek again */ -- memset(&snp, 0, sizeof(snp)); -+ memset(&snp, 0x00, sizeof(union sctp_notification)); - iov.iov_base = (char *)&snp; - iov.iov_len = sizeof(union sctp_notification); - msg.msg_name = NULL; -@@ -1785,7 +1916,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b) - - /* Check if there are any messages waiting to be read */ - do { -- memset(&snp, 0, sizeof(snp)); -+ memset(&snp, 0x00, sizeof(union sctp_notification)); - iov.iov_base = (char *)&snp; - iov.iov_len = sizeof(union sctp_notification); - msg.msg_name = NULL; -@@ -1808,7 +1939,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b) - dgram_sctp_handle_auth_free_key_event(b, &snp); - # endif - -- memset(&snp, 0, sizeof(snp)); -+ memset(&snp, 0x00, sizeof(union sctp_notification)); - iov.iov_base = (char *)&snp; - iov.iov_len = sizeof(union sctp_notification); - msg.msg_name = NULL; -@@ -1871,6 +2002,12 @@ int BIO_dgram_non_fatal_error(int err) - # if defined(WSAEWOULDBLOCK) - case WSAEWOULDBLOCK: - # endif -+ -+# if 0 /* This appears to always be an error */ -+# if defined(WSAENOTCONN) -+ case WSAENOTCONN: -+# endif -+# endif - # endif - - # ifdef EWOULDBLOCK -diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_fd.c b/Cryptlib/OpenSSL/crypto/bio/bss_fd.c -index 1e56cb6..5f4e344 100644 ---- a/Cryptlib/OpenSSL/crypto/bio/bss_fd.c -+++ b/Cryptlib/OpenSSL/crypto/bio/bss_fd.c -@@ -1,16 +1,65 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/bio/bss_fd.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include - #include -- --#include "bio_lcl.h" -+#define USE_SOCKETS -+#include "cryptlib.h" - - #if defined(OPENSSL_NO_POSIX_IO) - /* -@@ -31,7 +80,7 @@ int BIO_fd_should_retry(int i) - return 0; - } - --const BIO_METHOD *BIO_s_fd(void) -+BIO_METHOD *BIO_s_fd(void) - { - return NULL; - } -@@ -48,6 +97,8 @@ const BIO_METHOD *BIO_s_fd(void) - * file descriptors can only be provided by application. Therefore - * "UPLINK" calls are due... - */ -+# include "bio_lcl.h" -+ - static int fd_write(BIO *h, const char *buf, int num); - static int fd_read(BIO *h, char *buf, int size); - static int fd_puts(BIO *h, const char *str); -@@ -57,7 +108,7 @@ static int fd_new(BIO *h); - static int fd_free(BIO *data); - int BIO_fd_should_retry(int s); - --static const BIO_METHOD methods_fdp = { -+static BIO_METHOD methods_fdp = { - BIO_TYPE_FD, "file descriptor", - fd_write, - fd_read, -@@ -69,7 +120,7 @@ static const BIO_METHOD methods_fdp = { - NULL, - }; - --const BIO_METHOD *BIO_s_fd(void) -+BIO_METHOD *BIO_s_fd(void) - { - return (&methods_fdp); - } -@@ -219,6 +270,12 @@ int BIO_fd_should_retry(int i) - if ((i == 0) || (i == -1)) { - err = get_last_sys_error(); - -+# if defined(OPENSSL_SYS_WINDOWS) && 0/* more microsoft stupidity? perhaps -+ * not? Ben 4/1/99 */ -+ if ((i == -1) && (err == 0)) -+ return (1); -+# endif -+ - return (BIO_fd_non_fatal_error(err)); - } - return (0); -diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_file.c b/Cryptlib/OpenSSL/crypto/bio/bss_file.c -index 6af2d9c..a6e3b3a 100644 ---- a/Cryptlib/OpenSSL/crypto/bio/bss_file.c -+++ b/Cryptlib/OpenSSL/crypto/bio/bss_file.c -@@ -1,10 +1,59 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/bio/bss_file.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - /*- -@@ -36,19 +85,24 @@ - - # include - # include -+# include "cryptlib.h" - # include "bio_lcl.h" - # include - -+# if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB) -+# include -+# endif -+ - # if !defined(OPENSSL_NO_STDIO) - --static int file_write(BIO *h, const char *buf, int num); --static int file_read(BIO *h, char *buf, int size); --static int file_puts(BIO *h, const char *str); --static int file_gets(BIO *h, char *str, int size); --static long file_ctrl(BIO *h, int cmd, long arg1, void *arg2); --static int file_new(BIO *h); --static int file_free(BIO *data); --static const BIO_METHOD methods_filep = { -+static int MS_CALLBACK file_write(BIO *h, const char *buf, int num); -+static int MS_CALLBACK file_read(BIO *h, char *buf, int size); -+static int MS_CALLBACK file_puts(BIO *h, const char *str); -+static int MS_CALLBACK file_gets(BIO *h, char *str, int size); -+static long MS_CALLBACK file_ctrl(BIO *h, int cmd, long arg1, void *arg2); -+static int MS_CALLBACK file_new(BIO *h); -+static int MS_CALLBACK file_free(BIO *data); -+static BIO_METHOD methods_filep = { - BIO_TYPE_FILE, - "FILE pointer", - file_write, -@@ -61,14 +115,61 @@ static const BIO_METHOD methods_filep = { - NULL, - }; - -+static FILE *file_fopen(const char *filename, const char *mode) -+{ -+ FILE *file = NULL; -+ -+# if defined(_WIN32) && defined(CP_UTF8) -+ int sz, len_0 = (int)strlen(filename) + 1; -+ DWORD flags; -+ -+ /* -+ * Basically there are three cases to cover: a) filename is -+ * pure ASCII string; b) actual UTF-8 encoded string and -+ * c) locale-ized string, i.e. one containing 8-bit -+ * characters that are meaningful in current system locale. -+ * If filename is pure ASCII or real UTF-8 encoded string, -+ * MultiByteToWideChar succeeds and _wfopen works. If -+ * filename is locale-ized string, chances are that -+ * MultiByteToWideChar fails reporting -+ * ERROR_NO_UNICODE_TRANSLATION, in which case we fall -+ * back to fopen... -+ */ -+ if ((sz = MultiByteToWideChar(CP_UTF8, (flags = MB_ERR_INVALID_CHARS), -+ filename, len_0, NULL, 0)) > 0 || -+ (GetLastError() == ERROR_INVALID_FLAGS && -+ (sz = MultiByteToWideChar(CP_UTF8, (flags = 0), -+ filename, len_0, NULL, 0)) > 0) -+ ) { -+ WCHAR wmode[8]; -+ WCHAR *wfilename = _alloca(sz * sizeof(WCHAR)); -+ -+ if (MultiByteToWideChar(CP_UTF8, flags, -+ filename, len_0, wfilename, sz) && -+ MultiByteToWideChar(CP_UTF8, 0, mode, strlen(mode) + 1, -+ wmode, sizeof(wmode) / sizeof(wmode[0])) && -+ (file = _wfopen(wfilename, wmode)) == NULL && -+ (errno == ENOENT || errno == EBADF) -+ ) { -+ /* -+ * UTF-8 decode succeeded, but no file, filename -+ * could still have been locale-ized... -+ */ -+ file = fopen(filename, mode); -+ } -+ } else if (GetLastError() == ERROR_NO_UNICODE_TRANSLATION) { -+ file = fopen(filename, mode); -+ } -+# else -+ file = fopen(filename, mode); -+# endif -+ return (file); -+} -+ - BIO *BIO_new_file(const char *filename, const char *mode) - { - BIO *ret; -- FILE *file = openssl_fopen(filename, mode); -- int fp_flags = BIO_CLOSE; -- -- if (strchr(mode, 'b') == NULL) -- fp_flags |= BIO_FP_TEXT; -+ FILE *file = file_fopen(filename, mode); - - if (file == NULL) { - SYSerr(SYS_F_FOPEN, get_last_sys_error()); -@@ -90,7 +191,7 @@ BIO *BIO_new_file(const char *filename, const char *mode) - - BIO_clear_flags(ret, BIO_FLAGS_UPLINK); /* we did fopen -> we disengage - * UPLINK */ -- BIO_set_fp(ret, file, fp_flags); -+ BIO_set_fp(ret, file, BIO_CLOSE); - return (ret); - } - -@@ -101,18 +202,18 @@ BIO *BIO_new_fp(FILE *stream, int close_flag) - if ((ret = BIO_new(BIO_s_file())) == NULL) - return (NULL); - -- /* redundant flag, left for documentation purposes */ -- BIO_set_flags(ret, BIO_FLAGS_UPLINK); -+ BIO_set_flags(ret, BIO_FLAGS_UPLINK); /* redundant, left for -+ * documentation puposes */ - BIO_set_fp(ret, stream, close_flag); - return (ret); - } - --const BIO_METHOD *BIO_s_file(void) -+BIO_METHOD *BIO_s_file(void) - { - return (&methods_filep); - } - --static int file_new(BIO *bi) -+static int MS_CALLBACK file_new(BIO *bi) - { - bi->init = 0; - bi->num = 0; -@@ -121,7 +222,7 @@ static int file_new(BIO *bi) - return (1); - } - --static int file_free(BIO *a) -+static int MS_CALLBACK file_free(BIO *a) - { - if (a == NULL) - return (0); -@@ -139,7 +240,7 @@ static int file_free(BIO *a) - return (1); - } - --static int file_read(BIO *b, char *out, int outl) -+static int MS_CALLBACK file_read(BIO *b, char *out, int outl) - { - int ret = 0; - -@@ -150,7 +251,7 @@ static int file_read(BIO *b, char *out, int outl) - ret = fread(out, 1, (int)outl, (FILE *)b->ptr); - if (ret == 0 - && (b->flags & BIO_FLAGS_UPLINK) ? UP_ferror((FILE *)b->ptr) : -- ferror((FILE *)b->ptr)) { -+ ferror((FILE *)b->ptr)) { - SYSerr(SYS_F_FREAD, get_last_sys_error()); - BIOerr(BIO_F_FILE_READ, ERR_R_SYS_LIB); - ret = -1; -@@ -159,7 +260,7 @@ static int file_read(BIO *b, char *out, int outl) - return (ret); - } - --static int file_write(BIO *b, const char *in, int inl) -+static int MS_CALLBACK file_write(BIO *b, const char *in, int inl) - { - int ret = 0; - -@@ -180,7 +281,7 @@ static int file_write(BIO *b, const char *in, int inl) - return (ret); - } - --static long file_ctrl(BIO *b, int cmd, long num, void *ptr) -+static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) - { - long ret = 1; - FILE *fp = (FILE *)b->ptr; -@@ -217,11 +318,8 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr) - # if defined(__MINGW32__) && defined(__MSVCRT__) && !defined(_IOB_ENTRIES) - # define _IOB_ENTRIES 20 - # endif -+# if defined(_IOB_ENTRIES) - /* Safety net to catch purely internal BIO_set_fp calls */ --# if defined(_MSC_VER) && _MSC_VER>=1900 -- if (ptr == stdin || ptr == stdout || ptr == stderr) -- BIO_clear_flags(b, BIO_FLAGS_UPLINK); --# elif defined(_IOB_ENTRIES) - if ((size_t)ptr >= (size_t)stdin && - (size_t)ptr < (size_t)(stdin + _IOB_ENTRIES)) - BIO_clear_flags(b, BIO_FLAGS_UPLINK); -@@ -239,6 +337,13 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr) - _setmode(fd, _O_TEXT); - else - _setmode(fd, _O_BINARY); -+# elif defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB) -+ int fd = fileno((FILE *)ptr); -+ /* Under CLib there are differences in file modes */ -+ if (num & BIO_FP_TEXT) -+ setmode(fd, O_TEXT); -+ else -+ setmode(fd, O_BINARY); - # elif defined(OPENSSL_SYS_MSDOS) - int fd = fileno((FILE *)ptr); - /* Set correct text/binary mode */ -@@ -252,7 +357,7 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr) - } else - _setmode(fd, _O_BINARY); - } --# elif defined(OPENSSL_SYS_WIN32_CYGWIN) -+# elif defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_WIN32_CYGWIN) - int fd = fileno((FILE *)ptr); - if (num & BIO_FP_TEXT) - setmode(fd, O_TEXT); -@@ -266,27 +371,33 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr) - b->shutdown = (int)num & BIO_CLOSE; - if (num & BIO_FP_APPEND) { - if (num & BIO_FP_READ) -- OPENSSL_strlcpy(p, "a+", sizeof p); -+ BUF_strlcpy(p, "a+", sizeof p); - else -- OPENSSL_strlcpy(p, "a", sizeof p); -+ BUF_strlcpy(p, "a", sizeof p); - } else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE)) -- OPENSSL_strlcpy(p, "r+", sizeof p); -+ BUF_strlcpy(p, "r+", sizeof p); - else if (num & BIO_FP_WRITE) -- OPENSSL_strlcpy(p, "w", sizeof p); -+ BUF_strlcpy(p, "w", sizeof p); - else if (num & BIO_FP_READ) -- OPENSSL_strlcpy(p, "r", sizeof p); -+ BUF_strlcpy(p, "r", sizeof p); - else { - BIOerr(BIO_F_FILE_CTRL, BIO_R_BAD_FOPEN_MODE); - ret = 0; - break; - } --# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32_CYGWIN) -+# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_WIN32_CYGWIN) - if (!(num & BIO_FP_TEXT)) - strcat(p, "b"); - else - strcat(p, "t"); - # endif -- fp = openssl_fopen(ptr, p); -+# if defined(OPENSSL_SYS_NETWARE) -+ if (!(num & BIO_FP_TEXT)) -+ strcat(p, "b"); -+ else -+ strcat(p, "t"); -+# endif -+ fp = file_fopen(ptr, p); - if (fp == NULL) { - SYSerr(SYS_F_FOPEN, get_last_sys_error()); - ERR_add_error_data(5, "fopen('", ptr, "','", p, "')"); -@@ -333,7 +444,7 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr) - return (ret); - } - --static int file_gets(BIO *bp, char *buf, int size) -+static int MS_CALLBACK file_gets(BIO *bp, char *buf, int size) - { - int ret = 0; - -@@ -351,7 +462,7 @@ static int file_gets(BIO *bp, char *buf, int size) - return (ret); - } - --static int file_puts(BIO *bp, const char *str) -+static int MS_CALLBACK file_puts(BIO *bp, const char *str) - { - int n, ret; - -@@ -360,60 +471,6 @@ static int file_puts(BIO *bp, const char *str) - return (ret); - } - --#else -- --static int file_write(BIO *b, const char *in, int inl) --{ -- return -1; --} --static int file_read(BIO *b, char *out, int outl) --{ -- return -1; --} --static int file_puts(BIO *bp, const char *str) --{ -- return -1; --} --static int file_gets(BIO *bp, char *buf, int size) --{ -- return 0; --} --static long file_ctrl(BIO *b, int cmd, long num, void *ptr) --{ -- return 0; --} --static int file_new(BIO *bi) --{ -- return 0; --} --static int file_free(BIO *a) --{ -- return 0; --} -- --static const BIO_METHOD methods_filep = { -- BIO_TYPE_FILE, -- "FILE pointer", -- file_write, -- file_read, -- file_puts, -- file_gets, -- file_ctrl, -- file_new, -- file_free, -- NULL, --}; -- --const BIO_METHOD *BIO_s_file(void) --{ -- return (&methods_filep); --} -- --BIO *BIO_new_file(const char *filename, const char *mode) --{ -- return NULL; --} -- - # endif /* OPENSSL_NO_STDIO */ - - #endif /* HEADER_BSS_FILE_C */ -diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_log.c b/Cryptlib/OpenSSL/crypto/bio/bss_log.c -index 6cbde4d..1283a52 100644 ---- a/Cryptlib/OpenSSL/crypto/bio/bss_log.c -+++ b/Cryptlib/OpenSSL/crypto/bio/bss_log.c -@@ -1,10 +1,56 @@ --/* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/bio/bss_log.c */ -+/* ==================================================================== -+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - /* -@@ -19,8 +65,7 @@ - #include - #include - --#include "bio_lcl.h" --#include "internal/cryptlib.h" -+#include "cryptlib.h" - - #if defined(OPENSSL_SYS_WINCE) - #elif defined(OPENSSL_SYS_WIN32) -@@ -39,6 +84,8 @@ void *_malloc32(__size_t); - # endif /* __INITIAL_POINTER_SIZE == 64 */ - # endif /* __INITIAL_POINTER_SIZE && defined - * _ANSI_C_SOURCE */ -+#elif defined(__ultrix) -+# include - #elif defined(OPENSSL_SYS_NETWARE) - # define NO_SYSLOG - #elif (!defined(MSDOS) || defined(WATT32)) && !defined(OPENSSL_SYS_VXWORKS) && !defined(NO_SYSLOG) -@@ -75,16 +122,16 @@ void *_malloc32(__size_t); - # define LOG_DAEMON OPC$M_NM_NTWORK - # endif - --static int slg_write(BIO *h, const char *buf, int num); --static int slg_puts(BIO *h, const char *str); --static long slg_ctrl(BIO *h, int cmd, long arg1, void *arg2); --static int slg_new(BIO *h); --static int slg_free(BIO *data); -+static int MS_CALLBACK slg_write(BIO *h, const char *buf, int num); -+static int MS_CALLBACK slg_puts(BIO *h, const char *str); -+static long MS_CALLBACK slg_ctrl(BIO *h, int cmd, long arg1, void *arg2); -+static int MS_CALLBACK slg_new(BIO *h); -+static int MS_CALLBACK slg_free(BIO *data); - static void xopenlog(BIO *bp, char *name, int level); - static void xsyslog(BIO *bp, int priority, const char *string); - static void xcloselog(BIO *bp); - --static const BIO_METHOD methods_slg = { -+static BIO_METHOD methods_slg = { - BIO_TYPE_MEM, "syslog", - slg_write, - NULL, -@@ -96,12 +143,12 @@ static const BIO_METHOD methods_slg = { - NULL, - }; - --const BIO_METHOD *BIO_s_log(void) -+BIO_METHOD *BIO_s_log(void) - { - return (&methods_slg); - } - --static int slg_new(BIO *bi) -+static int MS_CALLBACK slg_new(BIO *bi) - { - bi->init = 1; - bi->num = 0; -@@ -110,7 +157,7 @@ static int slg_new(BIO *bi) - return (1); - } - --static int slg_free(BIO *a) -+static int MS_CALLBACK slg_free(BIO *a) - { - if (a == NULL) - return (0); -@@ -118,7 +165,7 @@ static int slg_free(BIO *a) - return (1); - } - --static int slg_write(BIO *b, const char *in, int inl) -+static int MS_CALLBACK slg_write(BIO *b, const char *in, int inl) - { - int ret = inl; - char *buf; -@@ -192,7 +239,7 @@ static int slg_write(BIO *b, const char *in, int inl) - /* The default */ - }; - -- if ((buf = OPENSSL_malloc(inl + 1)) == NULL) { -+ if ((buf = (char *)OPENSSL_malloc(inl + 1)) == NULL) { - return (0); - } - strncpy(buf, in, inl); -@@ -210,7 +257,7 @@ static int slg_write(BIO *b, const char *in, int inl) - return (ret); - } - --static long slg_ctrl(BIO *b, int cmd, long num, void *ptr) -+static long MS_CALLBACK slg_ctrl(BIO *b, int cmd, long num, void *ptr) - { - switch (cmd) { - case BIO_CTRL_SET: -@@ -223,7 +270,7 @@ static long slg_ctrl(BIO *b, int cmd, long num, void *ptr) - return (0); - } - --static int slg_puts(BIO *bp, const char *str) -+static int MS_CALLBACK slg_puts(BIO *bp, const char *str) - { - int n, ret; - -@@ -275,7 +322,7 @@ static void xsyslog(BIO *bp, int priority, const char *string) - break; - } - -- sprintf(pidbuf, "[%lu] ", GetCurrentProcessId()); -+ sprintf(pidbuf, "[%u] ", GetCurrentProcessId()); - lpszStrings[0] = pidbuf; - lpszStrings[1] = string; - -diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_mem.c b/Cryptlib/OpenSSL/crypto/bio/bss_mem.c -index 6dc075d..b0394a9 100644 ---- a/Cryptlib/OpenSSL/crypto/bio/bss_mem.c -+++ b/Cryptlib/OpenSSL/crypto/bio/bss_mem.c -@@ -1,16 +1,65 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/bio/bss_mem.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include - #include --#include "bio_lcl.h" --#include "internal/cryptlib.h" -+#include "cryptlib.h" -+#include - - static int mem_write(BIO *h, const char *buf, int num); - static int mem_read(BIO *h, char *buf, int size); -@@ -18,12 +67,8 @@ static int mem_puts(BIO *h, const char *str); - static int mem_gets(BIO *h, char *str, int size); - static long mem_ctrl(BIO *h, int cmd, long arg1, void *arg2); - static int mem_new(BIO *h); --static int secmem_new(BIO *h); - static int mem_free(BIO *data); --static int mem_buf_free(BIO *data, int free_all); --static int mem_buf_sync(BIO *h); -- --static const BIO_METHOD mem_method = { -+static BIO_METHOD mem_method = { - BIO_TYPE_MEM, - "memory buffer", - mem_write, -@@ -36,159 +81,87 @@ static const BIO_METHOD mem_method = { - NULL, - }; - --static const BIO_METHOD secmem_method = { -- BIO_TYPE_MEM, -- "secure memory buffer", -- mem_write, -- mem_read, -- mem_puts, -- mem_gets, -- mem_ctrl, -- secmem_new, -- mem_free, -- NULL, --}; -- --/* BIO memory stores buffer and read pointer */ --typedef struct bio_buf_mem_st { -- struct buf_mem_st *buf; /* allocated buffer */ -- struct buf_mem_st *readp; /* read pointer */ --} BIO_BUF_MEM; -- - /* - * bio->num is used to hold the value to return on 'empty', if it is 0, - * should_retry is not set - */ - --const BIO_METHOD *BIO_s_mem(void) -+BIO_METHOD *BIO_s_mem(void) - { - return (&mem_method); - } - --const BIO_METHOD *BIO_s_secmem(void) --{ -- return(&secmem_method); --} - - BIO *BIO_new_mem_buf(const void *buf, int len) - { - BIO *ret; - BUF_MEM *b; -- BIO_BUF_MEM *bb; - size_t sz; - -- if (buf == NULL) { -+ if (!buf) { - BIOerr(BIO_F_BIO_NEW_MEM_BUF, BIO_R_NULL_PARAMETER); - return NULL; - } - sz = (len < 0) ? strlen(buf) : (size_t)len; -- if ((ret = BIO_new(BIO_s_mem())) == NULL) -+ if (!(ret = BIO_new(BIO_s_mem()))) - return NULL; -- bb = (BIO_BUF_MEM *)ret->ptr; -- b = bb->buf; -+ b = (BUF_MEM *)ret->ptr; - /* Cast away const and trust in the MEM_RDONLY flag. */ - b->data = (void *)buf; - b->length = sz; - b->max = sz; -- *bb->readp = *bb->buf; - ret->flags |= BIO_FLAGS_MEM_RDONLY; -- /* Since this is static data retrying won't help */ -+ /* Since this is static data retrying wont help */ - ret->num = 0; - return ret; - } - --static int mem_init(BIO *bi, unsigned long flags) -+static int mem_new(BIO *bi) - { -- BIO_BUF_MEM *bb = OPENSSL_zalloc(sizeof(*bb)); -+ BUF_MEM *b; - -- if (bb == NULL) -- return 0; -- if ((bb->buf = BUF_MEM_new_ex(flags)) == NULL) { -- OPENSSL_free(bb); -- return 0; -- } -- if ((bb->readp = OPENSSL_zalloc(sizeof(*bb->readp))) == NULL) { -- BUF_MEM_free(bb->buf); -- OPENSSL_free(bb); -- return 0; -- } -- *bb->readp = *bb->buf; -+ if ((b = BUF_MEM_new()) == NULL) -+ return (0); - bi->shutdown = 1; - bi->init = 1; - bi->num = -1; -- bi->ptr = (char *)bb; -- return 1; --} -- --static int mem_new(BIO *bi) --{ -- return (mem_init(bi, 0L)); --} -- --static int secmem_new(BIO *bi) --{ -- return (mem_init(bi, BUF_MEM_FLAG_SECURE)); -+ bi->ptr = (char *)b; -+ return (1); - } - - static int mem_free(BIO *a) --{ -- return (mem_buf_free(a, 1)); --} -- --static int mem_buf_free(BIO *a, int free_all) - { - if (a == NULL) - return (0); - if (a->shutdown) { - if ((a->init) && (a->ptr != NULL)) { - BUF_MEM *b; -- BIO_BUF_MEM *bb = (BIO_BUF_MEM *)a->ptr; -- -- if (bb != NULL) { -- b = bb->buf; -- if (a->flags & BIO_FLAGS_MEM_RDONLY) -- b->data = NULL; -- BUF_MEM_free(b); -- if (free_all) { -- OPENSSL_free(bb->readp); -- OPENSSL_free(bb); -- } -- } -+ b = (BUF_MEM *)a->ptr; -+ if (a->flags & BIO_FLAGS_MEM_RDONLY) -+ b->data = NULL; -+ BUF_MEM_free(b); - a->ptr = NULL; - } - } - return (1); - } - --/* -- * Reallocate memory buffer if read pointer differs -- */ --static int mem_buf_sync(BIO *b) --{ -- if (b != NULL && b->init != 0 && b->ptr != NULL) { -- BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr; -- -- if (bbm->readp->data != bbm->buf->data) { -- memmove(bbm->buf->data, bbm->readp->data, bbm->readp->length); -- bbm->buf->length = bbm->readp->length; -- bbm->readp->data = bbm->buf->data; -- } -- } -- return (0); --} -- - static int mem_read(BIO *b, char *out, int outl) - { - int ret = -1; -- BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr; -- BUF_MEM *bm = bbm->readp; -+ BUF_MEM *bm; - -+ bm = (BUF_MEM *)b->ptr; - BIO_clear_retry_flags(b); - ret = (outl >= 0 && (size_t)outl > bm->length) ? (int)bm->length : outl; - if ((out != NULL) && (ret > 0)) { - memcpy(out, bm->data, ret); - bm->length -= ret; -- bm->data += ret; -+ if (b->flags & BIO_FLAGS_MEM_RDONLY) -+ bm->data += ret; -+ else { -+ memmove(&(bm->data[0]), &(bm->data[ret]), bm->length); -+ } - } else if (bm->length == 0) { - ret = b->num; - if (ret != 0) -@@ -201,23 +174,24 @@ static int mem_write(BIO *b, const char *in, int inl) - { - int ret = -1; - int blen; -- BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr; -+ BUF_MEM *bm; - -+ bm = (BUF_MEM *)b->ptr; - if (in == NULL) { - BIOerr(BIO_F_MEM_WRITE, BIO_R_NULL_PARAMETER); - goto end; - } -+ - if (b->flags & BIO_FLAGS_MEM_RDONLY) { - BIOerr(BIO_F_MEM_WRITE, BIO_R_WRITE_TO_READ_ONLY_BIO); - goto end; - } -+ - BIO_clear_retry_flags(b); -- blen = bbm->readp->length; -- mem_buf_sync(b); -- if (BUF_MEM_grow_clean(bbm->buf, blen + inl) == 0) -+ blen = bm->length; -+ if (BUF_MEM_grow_clean(bm, blen + inl) != (blen + inl)) - goto end; -- memcpy(bbm->buf->data + blen, in, inl); -- *bbm->readp = *bbm->buf; -+ memcpy(&(bm->data[blen]), in, inl); - ret = inl; - end: - return (ret); -@@ -227,32 +201,29 @@ static long mem_ctrl(BIO *b, int cmd, long num, void *ptr) - { - long ret = 1; - char **pptr; -- BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr; -- BUF_MEM *bm; -+ -+ BUF_MEM *bm = (BUF_MEM *)b->ptr; - - switch (cmd) { - case BIO_CTRL_RESET: -- bm = bbm->buf; - if (bm->data != NULL) { - /* For read only case reset to the start again */ -- if ((b->flags & BIO_FLAGS_MEM_RDONLY) || (b->flags & BIO_FLAGS_NONCLEAR_RST)) { -+ if (b->flags & BIO_FLAGS_MEM_RDONLY) { -+ bm->data -= bm->max - bm->length; - bm->length = bm->max; - } else { - memset(bm->data, 0, bm->max); - bm->length = 0; - } -- *bbm->readp = *bbm->buf; - } - break; - case BIO_CTRL_EOF: -- bm = bbm->readp; - ret = (long)(bm->length == 0); - break; - case BIO_C_SET_BUF_MEM_EOF_RETURN: - b->num = (int)num; - break; - case BIO_CTRL_INFO: -- bm = bbm->readp; - ret = (long)bm->length; - if (ptr != NULL) { - pptr = (char **)ptr; -@@ -260,16 +231,12 @@ static long mem_ctrl(BIO *b, int cmd, long num, void *ptr) - } - break; - case BIO_C_SET_BUF_MEM: -- mem_buf_free(b, 0); -+ mem_free(b); - b->shutdown = (int)num; -- bbm->buf = ptr; -- *bbm->readp = *bbm->buf; -- b->ptr = bbm; -+ b->ptr = ptr; - break; - case BIO_C_GET_BUF_MEM_PTR: - if (ptr != NULL) { -- mem_buf_sync(b); -- bm = bbm->readp; - pptr = (char **)ptr; - *pptr = (char *)bm; - } -@@ -280,11 +247,11 @@ static long mem_ctrl(BIO *b, int cmd, long num, void *ptr) - case BIO_CTRL_SET_CLOSE: - b->shutdown = (int)num; - break; -+ - case BIO_CTRL_WPENDING: - ret = 0L; - break; - case BIO_CTRL_PENDING: -- bm = bbm->readp; - ret = (long)bm->length; - break; - case BIO_CTRL_DUP: -@@ -305,8 +272,7 @@ static int mem_gets(BIO *bp, char *buf, int size) - int i, j; - int ret = -1; - char *p; -- BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)bp->ptr; -- BUF_MEM *bm = bbm->readp; -+ BUF_MEM *bm = (BUF_MEM *)bp->ptr; - - BIO_clear_retry_flags(bp); - j = bm->length; -diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_null.c b/Cryptlib/OpenSSL/crypto/bio/bss_null.c -index e5c4adc..6a03fa2 100644 ---- a/Cryptlib/OpenSSL/crypto/bio/bss_null.c -+++ b/Cryptlib/OpenSSL/crypto/bio/bss_null.c -@@ -1,16 +1,65 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/bio/bss_null.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include - #include --#include "bio_lcl.h" --#include "internal/cryptlib.h" -+#include "cryptlib.h" -+#include - - static int null_write(BIO *h, const char *buf, int num); - static int null_read(BIO *h, char *buf, int size); -@@ -19,7 +68,7 @@ static int null_gets(BIO *h, char *str, int size); - static long null_ctrl(BIO *h, int cmd, long arg1, void *arg2); - static int null_new(BIO *h); - static int null_free(BIO *data); --static const BIO_METHOD null_method = { -+static BIO_METHOD null_method = { - BIO_TYPE_NULL, - "NULL", - null_write, -@@ -32,7 +81,7 @@ static const BIO_METHOD null_method = { - NULL, - }; - --const BIO_METHOD *BIO_s_null(void) -+BIO_METHOD *BIO_s_null(void) - { - return (&null_method); - } -diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_sock.c b/Cryptlib/OpenSSL/crypto/bio/bss_sock.c -index 570e898..6194d2c 100644 ---- a/Cryptlib/OpenSSL/crypto/bio/bss_sock.c -+++ b/Cryptlib/OpenSSL/crypto/bio/bss_sock.c -@@ -1,28 +1,72 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/bio/bss_sock.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include - #include - #define USE_SOCKETS --#include "bio_lcl.h" --#include "internal/cryptlib.h" -+#include "cryptlib.h" - - #ifndef OPENSSL_NO_SOCK - - # include - - # ifdef WATT32 --/* Watt-32 uses same names */ --# undef sock_write --# undef sock_read --# undef sock_puts --# define sock_write SockWrite -+# define sock_write SockWrite /* Watt-32 uses same names */ - # define sock_read SockRead - # define sock_puts SockPuts - # endif -@@ -35,7 +79,7 @@ static int sock_new(BIO *h); - static int sock_free(BIO *data); - int BIO_sock_should_retry(int s); - --static const BIO_METHOD methods_sockp = { -+static BIO_METHOD methods_sockp = { - BIO_TYPE_SOCKET, - "socket", - sock_write, -@@ -48,7 +92,7 @@ static const BIO_METHOD methods_sockp = { - NULL, - }; - --const BIO_METHOD *BIO_s_socket(void) -+BIO_METHOD *BIO_s_socket(void) - { - return (&methods_sockp); - } -@@ -79,7 +123,7 @@ static int sock_free(BIO *a) - return (0); - if (a->shutdown) { - if (a->init) { -- BIO_closesocket(a->num); -+ SHUTDOWN2(a->num); - } - a->init = 0; - a->flags = 0; -@@ -171,6 +215,12 @@ int BIO_sock_should_retry(int i) - if ((i == 0) || (i == -1)) { - err = get_last_socket_error(); - -+# if defined(OPENSSL_SYS_WINDOWS) && 0/* more microsoft stupidity? perhaps -+ * not? Ben 4/1/99 */ -+ if ((i == -1) && (err == 0)) -+ return (1); -+# endif -+ - return (BIO_sock_non_fatal_error(err)); - } - return (0); -@@ -179,10 +229,16 @@ int BIO_sock_should_retry(int i) - int BIO_sock_non_fatal_error(int err) - { - switch (err) { --# if defined(OPENSSL_SYS_WINDOWS) -+# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_NETWARE) - # if defined(WSAEWOULDBLOCK) - case WSAEWOULDBLOCK: - # endif -+ -+# if 0 /* This appears to always be an error */ -+# if defined(WSAENOTCONN) -+ case WSAENOTCONN: -+# endif -+# endif - # endif - - # ifdef EWOULDBLOCK -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn.h b/Cryptlib/OpenSSL/crypto/bn/bn.h -new file mode 100644 -index 0000000..633d1b1 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/bn/bn.h -@@ -0,0 +1,951 @@ -+/* crypto/bn/bn.h */ -+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+/* ==================================================================== -+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+/* ==================================================================== -+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. -+ * -+ * Portions of the attached software ("Contribution") are developed by -+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. -+ * -+ * The Contribution is licensed pursuant to the Eric Young open source -+ * license provided above. -+ * -+ * The binary polynomial arithmetic software is originally written by -+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. -+ * -+ */ -+ -+#ifndef HEADER_BN_H -+# define HEADER_BN_H -+ -+# include -+# include -+# ifndef OPENSSL_NO_FP_API -+# include /* FILE */ -+# endif -+# include -+# include -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+/* -+ * These preprocessor symbols control various aspects of the bignum headers -+ * and library code. They're not defined by any "normal" configuration, as -+ * they are intended for development and testing purposes. NB: defining all -+ * three can be useful for debugging application code as well as openssl -+ * itself. BN_DEBUG - turn on various debugging alterations to the bignum -+ * code BN_DEBUG_RAND - uses random poisoning of unused words to trip up -+ * mismanagement of bignum internals. You must also define BN_DEBUG. -+ */ -+/* #define BN_DEBUG */ -+/* #define BN_DEBUG_RAND */ -+ -+# ifndef OPENSSL_SMALL_FOOTPRINT -+# define BN_MUL_COMBA -+# define BN_SQR_COMBA -+# define BN_RECURSION -+# endif -+ -+/* -+ * This next option uses the C libraries (2 word)/(1 word) function. If it is -+ * not defined, I use my C version (which is slower). The reason for this -+ * flag is that when the particular C compiler library routine is used, and -+ * the library is linked with a different compiler, the library is missing. -+ * This mostly happens when the library is built with gcc and then linked -+ * using normal cc. This would be a common occurrence because gcc normally -+ * produces code that is 2 times faster than system compilers for the big -+ * number stuff. For machines with only one compiler (or shared libraries), -+ * this should be on. Again this in only really a problem on machines using -+ * "long long's", are 32bit, and are not using my assembler code. -+ */ -+# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || \ -+ defined(OPENSSL_SYS_WIN32) || defined(linux) -+# ifndef BN_DIV2W -+# define BN_DIV2W -+# endif -+# endif -+ -+/* -+ * assuming long is 64bit - this is the DEC Alpha unsigned long long is only -+ * 64 bits :-(, don't define BN_LLONG for the DEC Alpha -+ */ -+# ifdef SIXTY_FOUR_BIT_LONG -+# define BN_ULLONG unsigned long long -+# define BN_ULONG unsigned long -+# define BN_LONG long -+# define BN_BITS 128 -+# define BN_BYTES 8 -+# define BN_BITS2 64 -+# define BN_BITS4 32 -+# define BN_MASK (0xffffffffffffffffffffffffffffffffLL) -+# define BN_MASK2 (0xffffffffffffffffL) -+# define BN_MASK2l (0xffffffffL) -+# define BN_MASK2h (0xffffffff00000000L) -+# define BN_MASK2h1 (0xffffffff80000000L) -+# define BN_TBIT (0x8000000000000000L) -+# define BN_DEC_CONV (10000000000000000000UL) -+# define BN_DEC_FMT1 "%lu" -+# define BN_DEC_FMT2 "%019lu" -+# define BN_DEC_NUM 19 -+# define BN_HEX_FMT1 "%lX" -+# define BN_HEX_FMT2 "%016lX" -+# endif -+ -+/* -+ * This is where the long long data type is 64 bits, but long is 32. For -+ * machines where there are 64bit registers, this is the mode to use. IRIX, -+ * on R4000 and above should use this mode, along with the relevant assembler -+ * code :-). Do NOT define BN_LLONG. -+ */ -+# ifdef SIXTY_FOUR_BIT -+# undef BN_LLONG -+# undef BN_ULLONG -+# define BN_ULONG unsigned long long -+# define BN_LONG long long -+# define BN_BITS 128 -+# define BN_BYTES 8 -+# define BN_BITS2 64 -+# define BN_BITS4 32 -+# define BN_MASK2 (0xffffffffffffffffLL) -+# define BN_MASK2l (0xffffffffL) -+# define BN_MASK2h (0xffffffff00000000LL) -+# define BN_MASK2h1 (0xffffffff80000000LL) -+# define BN_TBIT (0x8000000000000000LL) -+# define BN_DEC_CONV (10000000000000000000ULL) -+# define BN_DEC_FMT1 "%llu" -+# define BN_DEC_FMT2 "%019llu" -+# define BN_DEC_NUM 19 -+# define BN_HEX_FMT1 "%llX" -+# define BN_HEX_FMT2 "%016llX" -+# endif -+ -+# ifdef THIRTY_TWO_BIT -+# ifdef BN_LLONG -+# if defined(_WIN32) && !defined(__GNUC__) -+# define BN_ULLONG unsigned __int64 -+# define BN_MASK (0xffffffffffffffffI64) -+# else -+# define BN_ULLONG unsigned long long -+# define BN_MASK (0xffffffffffffffffLL) -+# endif -+# endif -+# define BN_ULONG unsigned int -+# define BN_LONG int -+# define BN_BITS 64 -+# define BN_BYTES 4 -+# define BN_BITS2 32 -+# define BN_BITS4 16 -+# define BN_MASK2 (0xffffffffL) -+# define BN_MASK2l (0xffff) -+# define BN_MASK2h1 (0xffff8000L) -+# define BN_MASK2h (0xffff0000L) -+# define BN_TBIT (0x80000000L) -+# define BN_DEC_CONV (1000000000L) -+# define BN_DEC_FMT1 "%u" -+# define BN_DEC_FMT2 "%09u" -+# define BN_DEC_NUM 9 -+# define BN_HEX_FMT1 "%X" -+# define BN_HEX_FMT2 "%08X" -+# endif -+ -+# define BN_DEFAULT_BITS 1280 -+ -+# define BN_FLG_MALLOCED 0x01 -+# define BN_FLG_STATIC_DATA 0x02 -+ -+/* -+ * avoid leaking exponent information through timing, -+ * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime, -+ * BN_div() will call BN_div_no_branch, -+ * BN_mod_inverse() will call BN_mod_inverse_no_branch. -+ */ -+# define BN_FLG_CONSTTIME 0x04 -+ -+# ifdef OPENSSL_NO_DEPRECATED -+/* deprecated name for the flag */ -+# define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME -+/* -+ * avoid leaking exponent information through timings -+ * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) -+ */ -+# endif -+ -+# ifndef OPENSSL_NO_DEPRECATED -+# define BN_FLG_FREE 0x8000 -+ /* used for debuging */ -+# endif -+# define BN_set_flags(b,n) ((b)->flags|=(n)) -+# define BN_get_flags(b,n) ((b)->flags&(n)) -+ -+/* -+ * get a clone of a BIGNUM with changed flags, for *temporary* use only (the -+ * two BIGNUMs cannot not be used in parallel!) -+ */ -+# define BN_with_flags(dest,b,n) ((dest)->d=(b)->d, \ -+ (dest)->top=(b)->top, \ -+ (dest)->dmax=(b)->dmax, \ -+ (dest)->neg=(b)->neg, \ -+ (dest)->flags=(((dest)->flags & BN_FLG_MALLOCED) \ -+ | ((b)->flags & ~BN_FLG_MALLOCED) \ -+ | BN_FLG_STATIC_DATA \ -+ | (n))) -+ -+/* Already declared in ossl_typ.h */ -+# if 0 -+typedef struct bignum_st BIGNUM; -+/* Used for temp variables (declaration hidden in bn_lcl.h) */ -+typedef struct bignum_ctx BN_CTX; -+typedef struct bn_blinding_st BN_BLINDING; -+typedef struct bn_mont_ctx_st BN_MONT_CTX; -+typedef struct bn_recp_ctx_st BN_RECP_CTX; -+typedef struct bn_gencb_st BN_GENCB; -+# endif -+ -+struct bignum_st { -+ BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit -+ * chunks. */ -+ int top; /* Index of last used d +1. */ -+ /* The next are internal book keeping for bn_expand. */ -+ int dmax; /* Size of the d array. */ -+ int neg; /* one if the number is negative */ -+ int flags; -+}; -+ -+/* Used for montgomery multiplication */ -+struct bn_mont_ctx_st { -+ int ri; /* number of bits in R */ -+ BIGNUM RR; /* used to convert to montgomery form */ -+ BIGNUM N; /* The modulus */ -+ BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 (Ni is only -+ * stored for bignum algorithm) */ -+ BN_ULONG n0[2]; /* least significant word(s) of Ni; (type -+ * changed with 0.9.9, was "BN_ULONG n0;" -+ * before) */ -+ int flags; -+}; -+ -+/* -+ * Used for reciprocal division/mod functions It cannot be shared between -+ * threads -+ */ -+struct bn_recp_ctx_st { -+ BIGNUM N; /* the divisor */ -+ BIGNUM Nr; /* the reciprocal */ -+ int num_bits; -+ int shift; -+ int flags; -+}; -+ -+/* Used for slow "generation" functions. */ -+struct bn_gencb_st { -+ unsigned int ver; /* To handle binary (in)compatibility */ -+ void *arg; /* callback-specific data */ -+ union { -+ /* if(ver==1) - handles old style callbacks */ -+ void (*cb_1) (int, int, void *); -+ /* if(ver==2) - new callback style */ -+ int (*cb_2) (int, int, BN_GENCB *); -+ } cb; -+}; -+/* Wrapper function to make using BN_GENCB easier, */ -+int BN_GENCB_call(BN_GENCB *cb, int a, int b); -+/* Macro to populate a BN_GENCB structure with an "old"-style callback */ -+# define BN_GENCB_set_old(gencb, callback, cb_arg) { \ -+ BN_GENCB *tmp_gencb = (gencb); \ -+ tmp_gencb->ver = 1; \ -+ tmp_gencb->arg = (cb_arg); \ -+ tmp_gencb->cb.cb_1 = (callback); } -+/* Macro to populate a BN_GENCB structure with a "new"-style callback */ -+# define BN_GENCB_set(gencb, callback, cb_arg) { \ -+ BN_GENCB *tmp_gencb = (gencb); \ -+ tmp_gencb->ver = 2; \ -+ tmp_gencb->arg = (cb_arg); \ -+ tmp_gencb->cb.cb_2 = (callback); } -+ -+# define BN_prime_checks 0 /* default: select number of iterations based -+ * on the size of the number */ -+ -+/* -+ * number of Miller-Rabin iterations for an error rate of less than 2^-80 for -+ * random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook of -+ * Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996]; -+ * original paper: Damgaard, Landrock, Pomerance: Average case error -+ * estimates for the strong probable prime test. -- Math. Comp. 61 (1993) -+ * 177-194) -+ */ -+# define BN_prime_checks_for_size(b) ((b) >= 1300 ? 2 : \ -+ (b) >= 850 ? 3 : \ -+ (b) >= 650 ? 4 : \ -+ (b) >= 550 ? 5 : \ -+ (b) >= 450 ? 6 : \ -+ (b) >= 400 ? 7 : \ -+ (b) >= 350 ? 8 : \ -+ (b) >= 300 ? 9 : \ -+ (b) >= 250 ? 12 : \ -+ (b) >= 200 ? 15 : \ -+ (b) >= 150 ? 18 : \ -+ /* b >= 100 */ 27) -+ -+# define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) -+ -+/* Note that BN_abs_is_word didn't work reliably for w == 0 until 0.9.8 */ -+# define BN_abs_is_word(a,w) ((((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) || \ -+ (((w) == 0) && ((a)->top == 0))) -+# define BN_is_zero(a) ((a)->top == 0) -+# define BN_is_one(a) (BN_abs_is_word((a),1) && !(a)->neg) -+# define BN_is_word(a,w) (BN_abs_is_word((a),(w)) && (!(w) || !(a)->neg)) -+# define BN_is_odd(a) (((a)->top > 0) && ((a)->d[0] & 1)) -+ -+# define BN_one(a) (BN_set_word((a),1)) -+# define BN_zero_ex(a) \ -+ do { \ -+ BIGNUM *_tmp_bn = (a); \ -+ _tmp_bn->top = 0; \ -+ _tmp_bn->neg = 0; \ -+ } while(0) -+# ifdef OPENSSL_NO_DEPRECATED -+# define BN_zero(a) BN_zero_ex(a) -+# else -+# define BN_zero(a) (BN_set_word((a),0)) -+# endif -+ -+const BIGNUM *BN_value_one(void); -+char *BN_options(void); -+BN_CTX *BN_CTX_new(void); -+# ifndef OPENSSL_NO_DEPRECATED -+void BN_CTX_init(BN_CTX *c); -+# endif -+void BN_CTX_free(BN_CTX *c); -+void BN_CTX_start(BN_CTX *ctx); -+BIGNUM *BN_CTX_get(BN_CTX *ctx); -+void BN_CTX_end(BN_CTX *ctx); -+int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); -+int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); -+int BN_rand_range(BIGNUM *rnd, const BIGNUM *range); -+int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range); -+int BN_num_bits(const BIGNUM *a); -+int BN_num_bits_word(BN_ULONG); -+BIGNUM *BN_new(void); -+void BN_init(BIGNUM *); -+void BN_clear_free(BIGNUM *a); -+BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b); -+void BN_swap(BIGNUM *a, BIGNUM *b); -+BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret); -+int BN_bn2bin(const BIGNUM *a, unsigned char *to); -+BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret); -+int BN_bn2mpi(const BIGNUM *a, unsigned char *to); -+int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); -+int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); -+int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); -+int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); -+int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); -+int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); -+/** BN_set_negative sets sign of a BIGNUM -+ * \param b pointer to the BIGNUM object -+ * \param n 0 if the BIGNUM b should be positive and a value != 0 otherwise -+ */ -+void BN_set_negative(BIGNUM *b, int n); -+/** BN_is_negative returns 1 if the BIGNUM is negative -+ * \param a pointer to the BIGNUM object -+ * \return 1 if a < 0 and 0 otherwise -+ */ -+# define BN_is_negative(a) ((a)->neg != 0) -+ -+int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, -+ BN_CTX *ctx); -+# define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx)) -+int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx); -+int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, -+ BN_CTX *ctx); -+int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, -+ const BIGNUM *m); -+int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, -+ BN_CTX *ctx); -+int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, -+ const BIGNUM *m); -+int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, -+ BN_CTX *ctx); -+int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); -+int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); -+int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m); -+int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, -+ BN_CTX *ctx); -+int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m); -+ -+BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w); -+BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w); -+int BN_mul_word(BIGNUM *a, BN_ULONG w); -+int BN_add_word(BIGNUM *a, BN_ULONG w); -+int BN_sub_word(BIGNUM *a, BN_ULONG w); -+int BN_set_word(BIGNUM *a, BN_ULONG w); -+BN_ULONG BN_get_word(const BIGNUM *a); -+ -+int BN_cmp(const BIGNUM *a, const BIGNUM *b); -+void BN_free(BIGNUM *a); -+int BN_is_bit_set(const BIGNUM *a, int n); -+int BN_lshift(BIGNUM *r, const BIGNUM *a, int n); -+int BN_lshift1(BIGNUM *r, const BIGNUM *a); -+int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); -+ -+int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, -+ const BIGNUM *m, BN_CTX *ctx); -+int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, -+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); -+int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, -+ const BIGNUM *m, BN_CTX *ctx, -+ BN_MONT_CTX *in_mont); -+int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p, -+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); -+int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1, -+ const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m, -+ BN_CTX *ctx, BN_MONT_CTX *m_ctx); -+int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, -+ const BIGNUM *m, BN_CTX *ctx); -+ -+int BN_mask_bits(BIGNUM *a, int n); -+# ifndef OPENSSL_NO_FP_API -+int BN_print_fp(FILE *fp, const BIGNUM *a); -+# endif -+# ifdef HEADER_BIO_H -+int BN_print(BIO *fp, const BIGNUM *a); -+# else -+int BN_print(void *fp, const BIGNUM *a); -+# endif -+int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx); -+int BN_rshift(BIGNUM *r, const BIGNUM *a, int n); -+int BN_rshift1(BIGNUM *r, const BIGNUM *a); -+void BN_clear(BIGNUM *a); -+BIGNUM *BN_dup(const BIGNUM *a); -+int BN_ucmp(const BIGNUM *a, const BIGNUM *b); -+int BN_set_bit(BIGNUM *a, int n); -+int BN_clear_bit(BIGNUM *a, int n); -+char *BN_bn2hex(const BIGNUM *a); -+char *BN_bn2dec(const BIGNUM *a); -+int BN_hex2bn(BIGNUM **a, const char *str); -+int BN_dec2bn(BIGNUM **a, const char *str); -+int BN_asc2bn(BIGNUM **a, const char *str); -+int BN_gcd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); -+int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); /* returns -+ * -2 for -+ * error */ -+BIGNUM *BN_mod_inverse(BIGNUM *ret, -+ const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); -+BIGNUM *BN_mod_sqrt(BIGNUM *ret, -+ const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); -+ -+void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); -+ -+/* Deprecated versions */ -+# ifndef OPENSSL_NO_DEPRECATED -+BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, -+ const BIGNUM *add, const BIGNUM *rem, -+ void (*callback) (int, int, void *), void *cb_arg); -+int BN_is_prime(const BIGNUM *p, int nchecks, -+ void (*callback) (int, int, void *), -+ BN_CTX *ctx, void *cb_arg); -+int BN_is_prime_fasttest(const BIGNUM *p, int nchecks, -+ void (*callback) (int, int, void *), BN_CTX *ctx, -+ void *cb_arg, int do_trial_division); -+# endif /* !defined(OPENSSL_NO_DEPRECATED) */ -+ -+/* Newer versions */ -+int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, -+ const BIGNUM *rem, BN_GENCB *cb); -+int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb); -+int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, -+ int do_trial_division, BN_GENCB *cb); -+ -+int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx); -+ -+int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, -+ const BIGNUM *Xp, const BIGNUM *Xp1, -+ const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx, -+ BN_GENCB *cb); -+int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, BIGNUM *Xp1, -+ BIGNUM *Xp2, const BIGNUM *Xp, const BIGNUM *e, -+ BN_CTX *ctx, BN_GENCB *cb); -+ -+BN_MONT_CTX *BN_MONT_CTX_new(void); -+void BN_MONT_CTX_init(BN_MONT_CTX *ctx); -+int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, -+ BN_MONT_CTX *mont, BN_CTX *ctx); -+# define BN_to_montgomery(r,a,mont,ctx) BN_mod_mul_montgomery(\ -+ (r),(a),&((mont)->RR),(mont),(ctx)) -+int BN_from_montgomery(BIGNUM *r, const BIGNUM *a, -+ BN_MONT_CTX *mont, BN_CTX *ctx); -+void BN_MONT_CTX_free(BN_MONT_CTX *mont); -+int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx); -+BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from); -+BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, -+ const BIGNUM *mod, BN_CTX *ctx); -+ -+/* BN_BLINDING flags */ -+# define BN_BLINDING_NO_UPDATE 0x00000001 -+# define BN_BLINDING_NO_RECREATE 0x00000002 -+ -+BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod); -+void BN_BLINDING_free(BN_BLINDING *b); -+int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx); -+int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); -+int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); -+int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *); -+int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, -+ BN_CTX *); -+# ifndef OPENSSL_NO_DEPRECATED -+unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *); -+void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long); -+# endif -+CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *); -+unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); -+void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); -+BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, -+ const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, -+ int (*bn_mod_exp) (BIGNUM *r, -+ const BIGNUM *a, -+ const BIGNUM *p, -+ const BIGNUM *m, -+ BN_CTX *ctx, -+ BN_MONT_CTX *m_ctx), -+ BN_MONT_CTX *m_ctx); -+ -+# ifndef OPENSSL_NO_DEPRECATED -+void BN_set_params(int mul, int high, int low, int mont); -+int BN_get_params(int which); /* 0, mul, 1 high, 2 low, 3 mont */ -+# endif -+ -+void BN_RECP_CTX_init(BN_RECP_CTX *recp); -+BN_RECP_CTX *BN_RECP_CTX_new(void); -+void BN_RECP_CTX_free(BN_RECP_CTX *recp); -+int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *rdiv, BN_CTX *ctx); -+int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, -+ BN_RECP_CTX *recp, BN_CTX *ctx); -+int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, -+ const BIGNUM *m, BN_CTX *ctx); -+int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, -+ BN_RECP_CTX *recp, BN_CTX *ctx); -+ -+# ifndef OPENSSL_NO_EC2M -+ -+/* -+ * Functions for arithmetic over binary polynomials represented by BIGNUMs. -+ * The BIGNUM::neg property of BIGNUMs representing binary polynomials is -+ * ignored. Note that input arguments are not const so that their bit arrays -+ * can be expanded to the appropriate size if needed. -+ */ -+ -+/* -+ * r = a + b -+ */ -+int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); -+# define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b) -+/* -+ * r=a mod p -+ */ -+int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p); -+/* r = (a * b) mod p */ -+int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, -+ const BIGNUM *p, BN_CTX *ctx); -+/* r = (a * a) mod p */ -+int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); -+/* r = (1 / b) mod p */ -+int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx); -+/* r = (a / b) mod p */ -+int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, -+ const BIGNUM *p, BN_CTX *ctx); -+/* r = (a ^ b) mod p */ -+int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, -+ const BIGNUM *p, BN_CTX *ctx); -+/* r = sqrt(a) mod p */ -+int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, -+ BN_CTX *ctx); -+/* r^2 + r = a mod p */ -+int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, -+ BN_CTX *ctx); -+# define BN_GF2m_cmp(a, b) BN_ucmp((a), (b)) -+/*- -+ * Some functions allow for representation of the irreducible polynomials -+ * as an unsigned int[], say p. The irreducible f(t) is then of the form: -+ * t^p[0] + t^p[1] + ... + t^p[k] -+ * where m = p[0] > p[1] > ... > p[k] = 0. -+ */ -+/* r = a mod p */ -+int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]); -+/* r = (a * b) mod p */ -+int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, -+ const int p[], BN_CTX *ctx); -+/* r = (a * a) mod p */ -+int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[], -+ BN_CTX *ctx); -+/* r = (1 / b) mod p */ -+int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const int p[], -+ BN_CTX *ctx); -+/* r = (a / b) mod p */ -+int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, -+ const int p[], BN_CTX *ctx); -+/* r = (a ^ b) mod p */ -+int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, -+ const int p[], BN_CTX *ctx); -+/* r = sqrt(a) mod p */ -+int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, -+ const int p[], BN_CTX *ctx); -+/* r^2 + r = a mod p */ -+int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a, -+ const int p[], BN_CTX *ctx); -+int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max); -+int BN_GF2m_arr2poly(const int p[], BIGNUM *a); -+ -+# endif -+ -+/* -+ * faster mod functions for the 'NIST primes' 0 <= a < p^2 -+ */ -+int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); -+int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); -+int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); -+int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); -+int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); -+ -+const BIGNUM *BN_get0_nist_prime_192(void); -+const BIGNUM *BN_get0_nist_prime_224(void); -+const BIGNUM *BN_get0_nist_prime_256(void); -+const BIGNUM *BN_get0_nist_prime_384(void); -+const BIGNUM *BN_get0_nist_prime_521(void); -+ -+/* library internal functions */ -+ -+# define bn_expand(a,bits) \ -+ ( \ -+ bits > (INT_MAX - BN_BITS2 + 1) ? \ -+ NULL \ -+ : \ -+ (((bits+BN_BITS2-1)/BN_BITS2) <= (a)->dmax) ? \ -+ (a) \ -+ : \ -+ bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2) \ -+ ) -+ -+# define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words))) -+BIGNUM *bn_expand2(BIGNUM *a, int words); -+# ifndef OPENSSL_NO_DEPRECATED -+BIGNUM *bn_dup_expand(const BIGNUM *a, int words); /* unused */ -+# endif -+ -+/*- -+ * Bignum consistency macros -+ * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from -+ * bignum data after direct manipulations on the data. There is also an -+ * "internal" macro, bn_check_top(), for verifying that there are no leading -+ * zeroes. Unfortunately, some auditing is required due to the fact that -+ * bn_fix_top() has become an overabused duct-tape because bignum data is -+ * occasionally passed around in an inconsistent state. So the following -+ * changes have been made to sort this out; -+ * - bn_fix_top()s implementation has been moved to bn_correct_top() -+ * - if BN_DEBUG isn't defined, bn_fix_top() maps to bn_correct_top(), and -+ * bn_check_top() is as before. -+ * - if BN_DEBUG *is* defined; -+ * - bn_check_top() tries to pollute unused words even if the bignum 'top' is -+ * consistent. (ed: only if BN_DEBUG_RAND is defined) -+ * - bn_fix_top() maps to bn_check_top() rather than "fixing" anything. -+ * The idea is to have debug builds flag up inconsistent bignums when they -+ * occur. If that occurs in a bn_fix_top(), we examine the code in question; if -+ * the use of bn_fix_top() was appropriate (ie. it follows directly after code -+ * that manipulates the bignum) it is converted to bn_correct_top(), and if it -+ * was not appropriate, we convert it permanently to bn_check_top() and track -+ * down the cause of the bug. Eventually, no internal code should be using the -+ * bn_fix_top() macro. External applications and libraries should try this with -+ * their own code too, both in terms of building against the openssl headers -+ * with BN_DEBUG defined *and* linking with a version of OpenSSL built with it -+ * defined. This not only improves external code, it provides more test -+ * coverage for openssl's own code. -+ */ -+ -+# ifdef BN_DEBUG -+ -+/* We only need assert() when debugging */ -+# include -+ -+# ifdef BN_DEBUG_RAND -+/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */ -+# ifndef RAND_pseudo_bytes -+int RAND_pseudo_bytes(unsigned char *buf, int num); -+# define BN_DEBUG_TRIX -+# endif -+# define bn_pollute(a) \ -+ do { \ -+ const BIGNUM *_bnum1 = (a); \ -+ if(_bnum1->top < _bnum1->dmax) { \ -+ unsigned char _tmp_char; \ -+ /* We cast away const without the compiler knowing, any \ -+ * *genuinely* constant variables that aren't mutable \ -+ * wouldn't be constructed with top!=dmax. */ \ -+ BN_ULONG *_not_const; \ -+ memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \ -+ /* Debug only - safe to ignore error return */ \ -+ RAND_pseudo_bytes(&_tmp_char, 1); \ -+ memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \ -+ (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \ -+ } \ -+ } while(0) -+# ifdef BN_DEBUG_TRIX -+# undef RAND_pseudo_bytes -+# endif -+# else -+# define bn_pollute(a) -+# endif -+# define bn_check_top(a) \ -+ do { \ -+ const BIGNUM *_bnum2 = (a); \ -+ if (_bnum2 != NULL) { \ -+ assert((_bnum2->top == 0) || \ -+ (_bnum2->d[_bnum2->top - 1] != 0)); \ -+ bn_pollute(_bnum2); \ -+ } \ -+ } while(0) -+ -+# define bn_fix_top(a) bn_check_top(a) -+ -+# define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2) -+# define bn_wcheck_size(bn, words) \ -+ do { \ -+ const BIGNUM *_bnum2 = (bn); \ -+ assert((words) <= (_bnum2)->dmax && (words) >= (_bnum2)->top); \ -+ /* avoid unused variable warning with NDEBUG */ \ -+ (void)(_bnum2); \ -+ } while(0) -+ -+# else /* !BN_DEBUG */ -+ -+# define bn_pollute(a) -+# define bn_check_top(a) -+# define bn_fix_top(a) bn_correct_top(a) -+# define bn_check_size(bn, bits) -+# define bn_wcheck_size(bn, words) -+ -+# endif -+ -+# define bn_correct_top(a) \ -+ { \ -+ BN_ULONG *ftl; \ -+ int tmp_top = (a)->top; \ -+ if (tmp_top > 0) \ -+ { \ -+ for (ftl= &((a)->d[tmp_top-1]); tmp_top > 0; tmp_top--) \ -+ if (*(ftl--)) break; \ -+ (a)->top = tmp_top; \ -+ } \ -+ if ((a)->top == 0) \ -+ (a)->neg = 0; \ -+ bn_pollute(a); \ -+ } -+ -+BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, -+ BN_ULONG w); -+BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); -+void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num); -+BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d); -+BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, -+ int num); -+BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, -+ int num); -+ -+/* Primes from RFC 2409 */ -+BIGNUM *get_rfc2409_prime_768(BIGNUM *bn); -+BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn); -+ -+/* Primes from RFC 3526 */ -+BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn); -+BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn); -+BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn); -+BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn); -+BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn); -+BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn); -+ -+int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom); -+ -+/* BEGIN ERROR CODES */ -+/* -+ * The following lines are auto generated by the script mkerr.pl. Any changes -+ * made after this point may be overwritten when the script is next run. -+ */ -+void ERR_load_BN_strings(void); -+ -+/* Error codes for the BN functions. */ -+ -+/* Function codes. */ -+# define BN_F_BNRAND 127 -+# define BN_F_BN_BLINDING_CONVERT_EX 100 -+# define BN_F_BN_BLINDING_CREATE_PARAM 128 -+# define BN_F_BN_BLINDING_INVERT_EX 101 -+# define BN_F_BN_BLINDING_NEW 102 -+# define BN_F_BN_BLINDING_UPDATE 103 -+# define BN_F_BN_BN2DEC 104 -+# define BN_F_BN_BN2HEX 105 -+# define BN_F_BN_CTX_GET 116 -+# define BN_F_BN_CTX_NEW 106 -+# define BN_F_BN_CTX_START 129 -+# define BN_F_BN_DIV 107 -+# define BN_F_BN_DIV_NO_BRANCH 138 -+# define BN_F_BN_DIV_RECP 130 -+# define BN_F_BN_EXP 123 -+# define BN_F_BN_EXPAND2 108 -+# define BN_F_BN_EXPAND_INTERNAL 120 -+# define BN_F_BN_GF2M_MOD 131 -+# define BN_F_BN_GF2M_MOD_EXP 132 -+# define BN_F_BN_GF2M_MOD_MUL 133 -+# define BN_F_BN_GF2M_MOD_SOLVE_QUAD 134 -+# define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135 -+# define BN_F_BN_GF2M_MOD_SQR 136 -+# define BN_F_BN_GF2M_MOD_SQRT 137 -+# define BN_F_BN_LSHIFT 145 -+# define BN_F_BN_MOD_EXP2_MONT 118 -+# define BN_F_BN_MOD_EXP_MONT 109 -+# define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124 -+# define BN_F_BN_MOD_EXP_MONT_WORD 117 -+# define BN_F_BN_MOD_EXP_RECP 125 -+# define BN_F_BN_MOD_EXP_SIMPLE 126 -+# define BN_F_BN_MOD_INVERSE 110 -+# define BN_F_BN_MOD_INVERSE_NO_BRANCH 139 -+# define BN_F_BN_MOD_LSHIFT_QUICK 119 -+# define BN_F_BN_MOD_MUL_RECIPROCAL 111 -+# define BN_F_BN_MOD_SQRT 121 -+# define BN_F_BN_MPI2BN 112 -+# define BN_F_BN_NEW 113 -+# define BN_F_BN_RAND 114 -+# define BN_F_BN_RAND_RANGE 122 -+# define BN_F_BN_RSHIFT 146 -+# define BN_F_BN_USUB 115 -+ -+/* Reason codes. */ -+# define BN_R_ARG2_LT_ARG3 100 -+# define BN_R_BAD_RECIPROCAL 101 -+# define BN_R_BIGNUM_TOO_LONG 114 -+# define BN_R_BITS_TOO_SMALL 118 -+# define BN_R_CALLED_WITH_EVEN_MODULUS 102 -+# define BN_R_DIV_BY_ZERO 103 -+# define BN_R_ENCODING_ERROR 104 -+# define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105 -+# define BN_R_INPUT_NOT_REDUCED 110 -+# define BN_R_INVALID_LENGTH 106 -+# define BN_R_INVALID_RANGE 115 -+# define BN_R_INVALID_SHIFT 119 -+# define BN_R_NOT_A_SQUARE 111 -+# define BN_R_NOT_INITIALIZED 107 -+# define BN_R_NO_INVERSE 108 -+# define BN_R_NO_SOLUTION 116 -+# define BN_R_P_IS_NOT_PRIME 112 -+# define BN_R_TOO_MANY_ITERATIONS 113 -+# define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109 -+ -+#ifdef __cplusplus -+} -+#endif -+#endif -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_add.c b/Cryptlib/OpenSSL/crypto/bn/bn_add.c -index 6479650..2f3d110 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_add.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_add.c -@@ -1,18 +1,69 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/bn/bn_add.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - --#include "internal/cryptlib.h" -+#include -+#include "cryptlib.h" - #include "bn_lcl.h" - - /* r can == a or b */ - int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) - { -+ const BIGNUM *tmp; - int a_neg = a->neg, ret; - - bn_check_top(a); -@@ -27,8 +78,6 @@ int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) - if (a_neg ^ b->neg) { - /* only one is negative */ - if (a_neg) { -- const BIGNUM *tmp; -- - tmp = a; - a = b; - b = tmp; -@@ -38,14 +87,14 @@ int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) - - if (BN_ucmp(a, b) < 0) { - if (!BN_usub(r, b, a)) -- return 0; -+ return (0); - r->neg = 1; - } else { - if (!BN_usub(r, a, b)) -- return 0; -+ return (0); - r->neg = 0; - } -- return 1; -+ return (1); - } - - ret = BN_uadd(r, a, b); -@@ -58,15 +107,13 @@ int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) - int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) - { - int max, min, dif; -- const BN_ULONG *ap, *bp; -- BN_ULONG *rp, carry, t1, t2; -+ BN_ULONG *ap, *bp, *rp, carry, t1, t2; -+ const BIGNUM *tmp; - - bn_check_top(a); - bn_check_top(b); - - if (a->top < b->top) { -- const BIGNUM *tmp; -- - tmp = a; - a = b; - b = tmp; -@@ -87,17 +134,29 @@ int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) - carry = bn_add_words(rp, ap, bp, min); - rp += min; - ap += min; -- -- while (dif) { -- dif--; -- t1 = *(ap++); -- t2 = (t1 + carry) & BN_MASK2; -- *(rp++) = t2; -- carry &= (t2 == 0); -+ bp += min; -+ -+ if (carry) { -+ while (dif) { -+ dif--; -+ t1 = *(ap++); -+ t2 = (t1 + 1) & BN_MASK2; -+ *(rp++) = t2; -+ if (t2) { -+ carry = 0; -+ break; -+ } -+ } -+ if (carry) { -+ /* carry != 0 => dif == 0 */ -+ *rp = 1; -+ r->top++; -+ } - } -- *rp = carry; -- r->top += carry; -- -+ if (dif && rp != ap) -+ while (dif--) -+ /* copy remaining words if ap != rp */ -+ *(rp++) = *(ap++); - r->neg = 0; - bn_check_top(r); - return 1; -@@ -107,8 +166,11 @@ int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) - int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) - { - int max, min, dif; -- BN_ULONG t1, t2, borrow, *rp; -- const BN_ULONG *ap, *bp; -+ register BN_ULONG t1, t2, *ap, *bp, *rp; -+ int i, carry; -+#if defined(IRIX_CC_BUG) && !defined(LINT) -+ int dummy; -+#endif - - bn_check_top(a); - bn_check_top(b); -@@ -119,38 +181,86 @@ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) - - if (dif < 0) { /* hmm... should not be happening */ - BNerr(BN_F_BN_USUB, BN_R_ARG2_LT_ARG3); -- return 0; -+ return (0); - } - - if (bn_wexpand(r, max) == NULL) -- return 0; -+ return (0); - - ap = a->d; - bp = b->d; - rp = r->d; - -- borrow = bn_sub_words(rp, ap, bp, min); -+#if 1 -+ carry = 0; -+ for (i = min; i != 0; i--) { -+ t1 = *(ap++); -+ t2 = *(bp++); -+ if (carry) { -+ carry = (t1 <= t2); -+ t1 = (t1 - t2 - 1) & BN_MASK2; -+ } else { -+ carry = (t1 < t2); -+ t1 = (t1 - t2) & BN_MASK2; -+ } -+# if defined(IRIX_CC_BUG) && !defined(LINT) -+ dummy = t1; -+# endif -+ *(rp++) = t1 & BN_MASK2; -+ } -+#else -+ carry = bn_sub_words(rp, ap, bp, min); - ap += min; -+ bp += min; - rp += min; -- -- while (dif) { -- dif--; -- t1 = *(ap++); -- t2 = (t1 - borrow) & BN_MASK2; -- *(rp++) = t2; -- borrow &= (t1 == 0); -+#endif -+ if (carry) { /* subtracted */ -+ if (!dif) -+ /* error: a < b */ -+ return 0; -+ while (dif) { -+ dif--; -+ t1 = *(ap++); -+ t2 = (t1 - 1) & BN_MASK2; -+ *(rp++) = t2; -+ if (t1) -+ break; -+ } -+ } -+#if 0 -+ memcpy(rp, ap, sizeof(*rp) * (max - i)); -+#else -+ if (rp != ap) { -+ for (;;) { -+ if (!dif--) -+ break; -+ rp[0] = ap[0]; -+ if (!dif--) -+ break; -+ rp[1] = ap[1]; -+ if (!dif--) -+ break; -+ rp[2] = ap[2]; -+ if (!dif--) -+ break; -+ rp[3] = ap[3]; -+ rp += 4; -+ ap += 4; -+ } - } -+#endif - - r->top = max; - r->neg = 0; - bn_correct_top(r); -- return 1; -+ return (1); - } - - int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) - { - int max; - int add = 0, neg = 0; -+ const BIGNUM *tmp; - - bn_check_top(a); - bn_check_top(b); -@@ -163,8 +273,6 @@ int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) - */ - if (a->neg) { - if (b->neg) { -- const BIGNUM *tmp; -- - tmp = a; - a = b; - b = tmp; -@@ -181,25 +289,25 @@ int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) - - if (add) { - if (!BN_uadd(r, a, b)) -- return 0; -+ return (0); - r->neg = neg; -- return 1; -+ return (1); - } - - /* We are actually doing a - b :-) */ - - max = (a->top > b->top) ? a->top : b->top; - if (bn_wexpand(r, max) == NULL) -- return 0; -+ return (0); - if (BN_ucmp(a, b) < 0) { - if (!BN_usub(r, b, a)) -- return 0; -+ return (0); - r->neg = 1; - } else { - if (!BN_usub(r, a, b)) -- return 0; -+ return (0); - r->neg = 0; - } - bn_check_top(r); -- return 1; -+ return (1); - } -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_asm.c b/Cryptlib/OpenSSL/crypto/bn/bn_asm.c -index 39c6c21..03a33cf 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_asm.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_asm.c -@@ -1,15 +1,69 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/bn/bn_asm.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - -+#ifndef BN_DEBUG -+# undef NDEBUG /* avoid conflicting definitions */ -+# define NDEBUG -+#endif -+ -+#include - #include --#include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include "bn_lcl.h" - - #if defined(BN_LLONG) || defined(BN_UMULT_HIGH) -@@ -951,13 +1005,13 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - - /* hmm... is it faster just to do a multiply? */ - # undef bn_sqr_comba4 --# undef bn_sqr_comba8 - void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a) - { - BN_ULONG t[8]; - bn_sqr_normal(r, a, 4, t); - } - -+# undef bn_sqr_comba8 - void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a) - { - BN_ULONG t[16]; -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_blind.c b/Cryptlib/OpenSSL/crypto/bn/bn_blind.c -index 24d1383..d448daa 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_blind.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_blind.c -@@ -1,14 +1,116 @@ --/* -- * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/bn/bn_blind.c */ -+/* ==================================================================== -+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - --#include --#include "internal/cryptlib.h" -+#include -+#include "cryptlib.h" - #include "bn_lcl.h" - - #define BN_BLINDING_COUNTER 32 -@@ -18,13 +120,16 @@ struct bn_blinding_st { - BIGNUM *Ai; - BIGNUM *e; - BIGNUM *mod; /* just a reference */ -- CRYPTO_THREAD_ID tid; -+#ifndef OPENSSL_NO_DEPRECATED -+ unsigned long thread_id; /* added in OpenSSL 0.9.6j and 0.9.7b; used -+ * only by crypto/rsa/rsa_eay.c, rsa_lib.c */ -+#endif -+ CRYPTO_THREADID tid; - int counter; - unsigned long flags; - BN_MONT_CTX *m_ctx; - int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); -- CRYPTO_RWLOCK *lock; - }; - - BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) -@@ -33,25 +138,15 @@ BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) - - bn_check_top(mod); - -- if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) { -+ if ((ret = (BN_BLINDING *)OPENSSL_malloc(sizeof(BN_BLINDING))) == NULL) { - BNerr(BN_F_BN_BLINDING_NEW, ERR_R_MALLOC_FAILURE); -- return NULL; -+ return (NULL); - } -- -- ret->lock = CRYPTO_THREAD_lock_new(); -- if (ret->lock == NULL) { -- BNerr(BN_F_BN_BLINDING_NEW, ERR_R_MALLOC_FAILURE); -- OPENSSL_free(ret); -- return NULL; -- } -- -- BN_BLINDING_set_current_thread(ret); -- -+ memset(ret, 0, sizeof(BN_BLINDING)); - if (A != NULL) { - if ((ret->A = BN_dup(A)) == NULL) - goto err; - } -- - if (Ai != NULL) { - if ((ret->Ai = BN_dup(Ai)) == NULL) - goto err; -@@ -60,7 +155,6 @@ BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) - /* save a copy of mod in the BN_BLINDING structure */ - if ((ret->mod = BN_dup(mod)) == NULL) - goto err; -- - if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0) - BN_set_flags(ret->mod, BN_FLG_CONSTTIME); - -@@ -70,12 +164,12 @@ BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) - * use. - */ - ret->counter = -1; -- -- return ret; -- -+ CRYPTO_THREADID_current(&ret->tid); -+ return (ret); - err: -- BN_BLINDING_free(ret); -- return NULL; -+ if (ret != NULL) -+ BN_BLINDING_free(ret); -+ return (NULL); - } - - void BN_BLINDING_free(BN_BLINDING *r) -@@ -83,11 +177,14 @@ void BN_BLINDING_free(BN_BLINDING *r) - if (r == NULL) - return; - -- BN_free(r->A); -- BN_free(r->Ai); -- BN_free(r->e); -- BN_free(r->mod); -- CRYPTO_THREAD_lock_free(r->lock); -+ if (r->A != NULL) -+ BN_free(r->A); -+ if (r->Ai != NULL) -+ BN_free(r->Ai); -+ if (r->e != NULL) -+ BN_free(r->e); -+ if (r->mod != NULL) -+ BN_free(r->mod); - OPENSSL_free(r); - } - -@@ -181,24 +278,21 @@ int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, - return (ret); - } - --int BN_BLINDING_is_current_thread(BN_BLINDING *b) --{ -- return CRYPTO_THREAD_compare_id(CRYPTO_THREAD_get_current_id(), b->tid); --} -- --void BN_BLINDING_set_current_thread(BN_BLINDING *b) -+#ifndef OPENSSL_NO_DEPRECATED -+unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *b) - { -- b->tid = CRYPTO_THREAD_get_current_id(); -+ return b->thread_id; - } - --int BN_BLINDING_lock(BN_BLINDING *b) -+void BN_BLINDING_set_thread_id(BN_BLINDING *b, unsigned long n) - { -- return CRYPTO_THREAD_write_lock(b->lock); -+ b->thread_id = n; - } -+#endif - --int BN_BLINDING_unlock(BN_BLINDING *b) -+CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *b) - { -- return CRYPTO_THREAD_unlock(b->lock); -+ return &b->tid; - } - - unsigned long BN_BLINDING_get_flags(const BN_BLINDING *b) -@@ -238,7 +332,8 @@ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, - goto err; - - if (e != NULL) { -- BN_free(ret->e); -+ if (ret->e != NULL) -+ BN_free(ret->e); - ret->e = BN_dup(e); - } - if (ret->e == NULL) -@@ -250,19 +345,20 @@ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, - ret->m_ctx = m_ctx; - - do { -- int rv; - if (!BN_rand_range(ret->A, ret->mod)) - goto err; -- if (!int_bn_mod_inverse(ret->Ai, ret->A, ret->mod, ctx, &rv)) { -+ if (BN_mod_inverse(ret->Ai, ret->A, ret->mod, ctx) == NULL) { - /* - * this should almost never happen for good RSA keys - */ -- if (rv) { -+ unsigned long error = ERR_peek_last_error(); -+ if (ERR_GET_REASON(error) == BN_R_NO_INVERSE) { - if (retry_counter-- == 0) { - BNerr(BN_F_BN_BLINDING_CREATE_PARAM, - BN_R_TOO_MANY_ITERATIONS); - goto err; - } -+ ERR_clear_error(); - } else - goto err; - } else -@@ -280,7 +376,7 @@ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, - - return ret; - err: -- if (b == NULL) { -+ if (b == NULL && ret != NULL) { - BN_BLINDING_free(ret); - ret = NULL; - } -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_const.c b/Cryptlib/OpenSSL/crypto/bn/bn_const.c -index 39dd612..12c3208 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_const.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_const.c -@@ -1,13 +1,7 @@ --/* -- * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -+/* crypto/bn/knownprimes.c */ -+/* Insert boilerplate */ - --#include -+#include "bn.h" - - /*- - * "First Oakley Default Group" from RFC2409, section 6.1. -@@ -18,7 +12,7 @@ - * RFC2412 specifies a generator of of 22. - */ - --BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn) -+BIGNUM *get_rfc2409_prime_768(BIGNUM *bn) - { - static const unsigned char RFC2409_PRIME_768[] = { - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -@@ -46,7 +40,7 @@ BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn) - * RFC2412 specifies a generator of 22. - */ - --BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn) -+BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn) - { - static const unsigned char RFC2409_PRIME_1024[] = { - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -@@ -78,7 +72,7 @@ BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn) - * RFC2312 specifies a generator of 22. - */ - --BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn) -+BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn) - { - static const unsigned char RFC3526_PRIME_1536[] = { - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -@@ -117,7 +111,7 @@ BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn) - * RFC3526 specifies a generator of 2. - */ - --BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn) -+BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn) - { - static const unsigned char RFC3526_PRIME_2048[] = { - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -@@ -164,7 +158,7 @@ BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn) - * RFC3526 specifies a generator of 2. - */ - --BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn) -+BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn) - { - static const unsigned char RFC3526_PRIME_3072[] = { - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -@@ -227,7 +221,7 @@ BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn) - * RFC3526 specifies a generator of 2. - */ - --BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn) -+BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn) - { - static const unsigned char RFC3526_PRIME_4096[] = { - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -@@ -306,7 +300,7 @@ BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn) - * RFC3526 specifies a generator of 2. - */ - --BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn) -+BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn) - { - static const unsigned char RFC3526_PRIME_6144[] = { - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -@@ -417,7 +411,7 @@ BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn) - * RFC3526 specifies a generator of 2. - */ - --BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn) -+BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn) - { - static const unsigned char RFC3526_PRIME_8192[] = { - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_ctx.c b/Cryptlib/OpenSSL/crypto/bn/bn_ctx.c -index 68c0468..526c6a0 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_ctx.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_ctx.c -@@ -1,13 +1,69 @@ --/* -- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/bn/bn_ctx.c */ -+/* Written by Ulf Moeller for the OpenSSL project. */ -+/* ==================================================================== -+ * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - --#include "internal/cryptlib.h" -+#if !defined(BN_CTX_DEBUG) && !defined(BN_DEBUG) -+# ifndef NDEBUG -+# define NDEBUG -+# endif -+#endif -+ -+#include -+#include -+ -+#include "cryptlib.h" - #include "bn_lcl.h" - - /*- -@@ -48,7 +104,10 @@ typedef struct bignum_pool { - } BN_POOL; - static void BN_POOL_init(BN_POOL *); - static void BN_POOL_finish(BN_POOL *); --static BIGNUM *BN_POOL_get(BN_POOL *, int); -+#ifndef OPENSSL_NO_DEPRECATED -+static void BN_POOL_reset(BN_POOL *); -+#endif -+static BIGNUM *BN_POOL_get(BN_POOL *); - static void BN_POOL_release(BN_POOL *, unsigned int); - - /************/ -@@ -64,6 +123,9 @@ typedef struct bignum_ctx_stack { - } BN_STACK; - static void BN_STACK_init(BN_STACK *); - static void BN_STACK_finish(BN_STACK *); -+#ifndef OPENSSL_NO_DEPRECATED -+static void BN_STACK_reset(BN_STACK *); -+#endif - static int BN_STACK_push(BN_STACK *, unsigned int); - static unsigned int BN_STACK_pop(BN_STACK *); - -@@ -83,8 +145,6 @@ struct bignum_ctx { - int err_stack; - /* Block "gets" until an "end" (compatibility behaviour) */ - int too_many; -- /* Flags. */ -- int flags; - }; - - /* Enable this to find BN_CTX bugs */ -@@ -130,27 +190,40 @@ static void ctxdbg(BN_CTX *ctx) - # define CTXDBG_RET(ctx,ret) - #endif - -+/* -+ * This function is an evil legacy and should not be used. This -+ * implementation is WYSIWYG, though I've done my best. -+ */ -+#ifndef OPENSSL_NO_DEPRECATED -+void BN_CTX_init(BN_CTX *ctx) -+{ -+ /* -+ * Assume the caller obtained the context via BN_CTX_new() and so is -+ * trying to reset it for use. Nothing else makes sense, least of all -+ * binary compatibility from a time when they could declare a static -+ * variable. -+ */ -+ BN_POOL_reset(&ctx->pool); -+ BN_STACK_reset(&ctx->stack); -+ ctx->used = 0; -+ ctx->err_stack = 0; -+ ctx->too_many = 0; -+} -+#endif - - BN_CTX *BN_CTX_new(void) - { -- BN_CTX *ret; -- -- if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) { -+ BN_CTX *ret = OPENSSL_malloc(sizeof(BN_CTX)); -+ if (!ret) { - BNerr(BN_F_BN_CTX_NEW, ERR_R_MALLOC_FAILURE); - return NULL; - } - /* Initialise the structure */ - BN_POOL_init(&ret->pool); - BN_STACK_init(&ret->stack); -- return ret; --} -- --BN_CTX *BN_CTX_secure_new(void) --{ -- BN_CTX *ret = BN_CTX_new(); -- -- if (ret != NULL) -- ret->flags = BN_FLG_SECURE; -+ ret->used = 0; -+ ret->err_stack = 0; -+ ret->too_many = 0; - return ret; - } - -@@ -212,11 +285,10 @@ void BN_CTX_end(BN_CTX *ctx) - BIGNUM *BN_CTX_get(BN_CTX *ctx) - { - BIGNUM *ret; -- - CTXDBG_ENTRY("BN_CTX_get", ctx); - if (ctx->err_stack || ctx->too_many) - return NULL; -- if ((ret = BN_POOL_get(&ctx->pool, ctx->flags)) == NULL) { -+ if ((ret = BN_POOL_get(&ctx->pool)) == NULL) { - /* - * Setting too_many prevents repeated "get" attempts from cluttering - * the error stack. -@@ -244,23 +316,32 @@ static void BN_STACK_init(BN_STACK *st) - - static void BN_STACK_finish(BN_STACK *st) - { -- OPENSSL_free(st->indexes); -- st->indexes = NULL; -+ if (st->size) -+ OPENSSL_free(st->indexes); - } - -+#ifndef OPENSSL_NO_DEPRECATED -+static void BN_STACK_reset(BN_STACK *st) -+{ -+ st->depth = 0; -+} -+#endif - - static int BN_STACK_push(BN_STACK *st, unsigned int idx) - { -- if (st->depth == st->size) { -+ if (st->depth == st->size) - /* Need to expand */ -- unsigned int newsize = -- st->size ? (st->size * 3 / 2) : BN_CTX_START_FRAMES; -- unsigned int *newitems = OPENSSL_malloc(sizeof(*newitems) * newsize); -- if (newitems == NULL) -+ { -+ unsigned int newsize = (st->size ? -+ (st->size * 3 / 2) : BN_CTX_START_FRAMES); -+ unsigned int *newitems = OPENSSL_malloc(newsize * -+ sizeof(unsigned int)); -+ if (!newitems) - return 0; - if (st->depth) -- memcpy(newitems, st->indexes, sizeof(*newitems) * st->depth); -- OPENSSL_free(st->indexes); -+ memcpy(newitems, st->indexes, st->depth * sizeof(unsigned int)); -+ if (st->size) -+ OPENSSL_free(st->indexes); - st->indexes = newitems; - st->size = newsize; - } -@@ -285,39 +366,55 @@ static void BN_POOL_init(BN_POOL *p) - - static void BN_POOL_finish(BN_POOL *p) - { -- unsigned int loop; -- BIGNUM *bn; -- - while (p->head) { -- for (loop = 0, bn = p->head->vals; loop++ < BN_CTX_POOL_SIZE; bn++) -+ unsigned int loop = 0; -+ BIGNUM *bn = p->head->vals; -+ while (loop++ < BN_CTX_POOL_SIZE) { - if (bn->d) - BN_clear_free(bn); -+ bn++; -+ } - p->current = p->head->next; - OPENSSL_free(p->head); - p->head = p->current; - } - } - -- --static BIGNUM *BN_POOL_get(BN_POOL *p, int flag) -+#ifndef OPENSSL_NO_DEPRECATED -+static void BN_POOL_reset(BN_POOL *p) - { -- BIGNUM *bn; -- unsigned int loop; -+ BN_POOL_ITEM *item = p->head; -+ while (item) { -+ unsigned int loop = 0; -+ BIGNUM *bn = item->vals; -+ while (loop++ < BN_CTX_POOL_SIZE) { -+ if (bn->d) -+ BN_clear(bn); -+ bn++; -+ } -+ item = item->next; -+ } -+ p->current = p->head; -+ p->used = 0; -+} -+#endif - -- /* Full; allocate a new pool item and link it in. */ -+static BIGNUM *BN_POOL_get(BN_POOL *p) -+{ - if (p->used == p->size) { -- BN_POOL_ITEM *item = OPENSSL_malloc(sizeof(*item)); -- if (item == NULL) -+ BIGNUM *bn; -+ unsigned int loop = 0; -+ BN_POOL_ITEM *item = OPENSSL_malloc(sizeof(BN_POOL_ITEM)); -+ if (!item) - return NULL; -- for (loop = 0, bn = item->vals; loop++ < BN_CTX_POOL_SIZE; bn++) { -- bn_init(bn); -- if ((flag & BN_FLG_SECURE) != 0) -- BN_set_flags(bn, BN_FLG_SECURE); -- } -+ /* Initialise the structure */ -+ bn = item->vals; -+ while (loop++ < BN_CTX_POOL_SIZE) -+ BN_init(bn++); - item->prev = p->tail; - item->next = NULL; -- -- if (p->head == NULL) -+ /* Link it in */ -+ if (!p->head) - p->head = p->current = p->tail = item; - else { - p->tail->next = item; -@@ -329,7 +426,6 @@ static BIGNUM *BN_POOL_get(BN_POOL *p, int flag) - /* Return the first bignum from the new pool */ - return item->vals; - } -- - if (!p->used) - p->current = p->head; - else if ((p->used % BN_CTX_POOL_SIZE) == 0) -@@ -340,11 +436,10 @@ static BIGNUM *BN_POOL_get(BN_POOL *p, int flag) - static void BN_POOL_release(BN_POOL *p, unsigned int num) - { - unsigned int offset = (p->used - 1) % BN_CTX_POOL_SIZE; -- - p->used -= num; - while (num--) { - bn_check_top(p->current->vals + offset); -- if (offset == 0) { -+ if (!offset) { - offset = BN_CTX_POOL_SIZE - 1; - p->current = p->current->prev; - } else -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_depr.c b/Cryptlib/OpenSSL/crypto/bn/bn_depr.c -index 7d89214..34895f5 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_depr.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_depr.c -@@ -1,10 +1,56 @@ --/* -- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/bn/bn_depr.c */ -+/* ==================================================================== -+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - /* -@@ -12,22 +58,22 @@ - * slurp this code if applications are using them directly. - */ - --#include --#if OPENSSL_API_COMPAT >= 0x00908000L --NON_EMPTY_TRANSLATION_UNIT --#else -+#include -+#include -+#include "cryptlib.h" -+#include "bn_lcl.h" -+#include - --# include --# include --# include "internal/cryptlib.h" --# include "bn_lcl.h" -+static void *dummy = &dummy; - -+#ifndef OPENSSL_NO_DEPRECATED - BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, - const BIGNUM *add, const BIGNUM *rem, - void (*callback) (int, int, void *), void *cb_arg) - { - BN_GENCB cb; - BIGNUM *rnd = NULL; -+ int found = 0; - - BN_GENCB_set_old(&cb, callback, cb_arg); - -@@ -40,10 +86,11 @@ BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, - goto err; - - /* we have a prime :-) */ -- return ret; -+ found = 1; - err: -- BN_free(rnd); -- return NULL; -+ if (!found && (ret == NULL) && (rnd != NULL)) -+ BN_free(rnd); -+ return (found ? rnd : NULL); - } - - int BN_is_prime(const BIGNUM *a, int checks, -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_dh.c b/Cryptlib/OpenSSL/crypto/bn/bn_dh.c -deleted file mode 100644 -index 17d0559..0000000 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_dh.c -+++ /dev/null -@@ -1,220 +0,0 @@ --/* -- * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include "bn_lcl.h" --#include "e_os.h" -- --#ifndef OPENSSL_NO_DH --#include --#include "internal/bn_dh.h" --/* DH parameters from RFC5114 */ -- --# if BN_BITS2 == 64 --static const BN_ULONG dh1024_160_p[] = { -- 0xDF1FB2BC2E4A4371ULL, 0xE68CFDA76D4DA708ULL, 0x45BF37DF365C1A65ULL, -- 0xA151AF5F0DC8B4BDULL, 0xFAA31A4FF55BCCC0ULL, 0x4EFFD6FAE5644738ULL, -- 0x98488E9C219A7372ULL, 0xACCBDD7D90C4BD70ULL, 0x24975C3CD49B83BFULL, -- 0x13ECB4AEA9061123ULL, 0x9838EF1E2EE652C0ULL, 0x6073E28675A23D18ULL, -- 0x9A6A9DCA52D23B61ULL, 0x52C99FBCFB06A3C6ULL, 0xDE92DE5EAE5D54ECULL, -- 0xB10B8F96A080E01DULL --}; -- --static const BN_ULONG dh1024_160_g[] = { -- 0x855E6EEB22B3B2E5ULL, 0x858F4DCEF97C2A24ULL, 0x2D779D5918D08BC8ULL, -- 0xD662A4D18E73AFA3ULL, 0x1DBF0A0169B6A28AULL, 0xA6A24C087A091F53ULL, -- 0x909D0D2263F80A76ULL, 0xD7FBD7D3B9A92EE1ULL, 0x5E91547F9E2749F4ULL, -- 0x160217B4B01B886AULL, 0x777E690F5504F213ULL, 0x266FEA1E5C41564BULL, -- 0xD6406CFF14266D31ULL, 0xF8104DD258AC507FULL, 0x6765A442EFB99905ULL, -- 0xA4D1CBD5C3FD3412ULL --}; -- --static const BN_ULONG dh1024_160_q[] = { -- 0x64B7CB9D49462353ULL, 0x81A8DF278ABA4E7DULL, 0x00000000F518AA87ULL --}; -- --static const BN_ULONG dh2048_224_p[] = { -- 0x0AC4DFFE0C10E64FULL, 0xCF9DE5384E71B81CULL, 0x7EF363E2FFA31F71ULL, -- 0xE3FB73C16B8E75B9ULL, 0xC9B53DCF4BA80A29ULL, 0x23F10B0E16E79763ULL, -- 0xC52172E413042E9BULL, 0xBE60E69CC928B2B9ULL, 0x80CD86A1B9E587E8ULL, -- 0x315D75E198C641A4ULL, 0xCDF93ACC44328387ULL, 0x15987D9ADC0A486DULL, -- 0x7310F7121FD5A074ULL, 0x278273C7DE31EFDCULL, 0x1602E714415D9330ULL, -- 0x81286130BC8985DBULL, 0xB3BF8A3170918836ULL, 0x6A00E0A0B9C49708ULL, -- 0xC6BA0B2C8BBC27BEULL, 0xC9F98D11ED34DBF6ULL, 0x7AD5B7D0B6C12207ULL, -- 0xD91E8FEF55B7394BULL, 0x9037C9EDEFDA4DF8ULL, 0x6D3F8152AD6AC212ULL, -- 0x1DE6B85A1274A0A6ULL, 0xEB3D688A309C180EULL, 0xAF9A3C407BA1DF15ULL, -- 0xE6FA141DF95A56DBULL, 0xB54B1597B61D0A75ULL, 0xA20D64E5683B9FD1ULL, -- 0xD660FAA79559C51FULL, 0xAD107E1E9123A9D0ULL --}; -- --static const BN_ULONG dh2048_224_g[] = { -- 0x84B890D3191F2BFAULL, 0x81BC087F2A7065B3ULL, 0x19C418E1F6EC0179ULL, -- 0x7B5A0F1C71CFFF4CULL, 0xEDFE72FE9B6AA4BDULL, 0x81E1BCFE94B30269ULL, -- 0x566AFBB48D6C0191ULL, 0xB539CCE3409D13CDULL, 0x6AA21E7F5F2FF381ULL, -- 0xD9E263E4770589EFULL, 0x10E183EDD19963DDULL, 0xB70A8137150B8EEBULL, -- 0x051AE3D428C8F8ACULL, 0xBB77A86F0C1AB15BULL, 0x6E3025E316A330EFULL, -- 0x19529A45D6F83456ULL, 0xF180EB34118E98D1ULL, 0xB5F6C6B250717CBEULL, -- 0x09939D54DA7460CDULL, 0xE247150422EA1ED4ULL, 0xB8A762D0521BC98AULL, -- 0xF4D027275AC1348BULL, 0xC17669101999024AULL, 0xBE5E9001A8D66AD7ULL, -- 0xC57DB17C620A8652ULL, 0xAB739D7700C29F52ULL, 0xDD921F01A70C4AFAULL, -- 0xA6824A4E10B9A6F0ULL, 0x74866A08CFE4FFE3ULL, 0x6CDEBE7B89998CAFULL, -- 0x9DF30B5C8FFDAC50ULL, 0xAC4032EF4F2D9AE3ULL --}; -- --static const BN_ULONG dh2048_224_q[] = { -- 0xBF389A99B36371EBULL, 0x1F80535A4738CEBCULL, 0xC58D93FE99717710ULL, -- 0x00000000801C0D34ULL --}; -- --static const BN_ULONG dh2048_256_p[] = { -- 0xDB094AE91E1A1597ULL, 0x693877FAD7EF09CAULL, 0x6116D2276E11715FULL, -- 0xA4B54330C198AF12ULL, 0x75F26375D7014103ULL, 0xC3A3960A54E710C3ULL, -- 0xDED4010ABD0BE621ULL, 0xC0B857F689962856ULL, 0xB3CA3F7971506026ULL, -- 0x1CCACB83E6B486F6ULL, 0x67E144E514056425ULL, 0xF6A167B5A41825D9ULL, -- 0x3AD8347796524D8EULL, 0xF13C6D9A51BFA4ABULL, 0x2D52526735488A0EULL, -- 0xB63ACAE1CAA6B790ULL, 0x4FDB70C581B23F76ULL, 0xBC39A0BF12307F5CULL, -- 0xB941F54EB1E59BB8ULL, 0x6C5BFC11D45F9088ULL, 0x22E0B1EF4275BF7BULL, -- 0x91F9E6725B4758C0ULL, 0x5A8A9D306BCF67EDULL, 0x209E0C6497517ABDULL, -- 0x3BF4296D830E9A7CULL, 0x16C3D91134096FAAULL, 0xFAF7DF4561B2AA30ULL, -- 0xE00DF8F1D61957D4ULL, 0x5D2CEED4435E3B00ULL, 0x8CEEF608660DD0F2ULL, -- 0xFFBBD19C65195999ULL, 0x87A8E61DB4B6663CULL --}; -- --static const BN_ULONG dh2048_256_g[] = { -- 0x664B4C0F6CC41659ULL, 0x5E2327CFEF98C582ULL, 0xD647D148D4795451ULL, -- 0x2F63078490F00EF8ULL, 0x184B523D1DB246C3ULL, 0xC7891428CDC67EB6ULL, -- 0x7FD028370DF92B52ULL, 0xB3353BBB64E0EC37ULL, 0xECD06E1557CD0915ULL, -- 0xB7D2BBD2DF016199ULL, 0xC8484B1E052588B9ULL, 0xDB2A3B7313D3FE14ULL, -- 0xD052B985D182EA0AULL, 0xA4BD1BFFE83B9C80ULL, 0xDFC967C1FB3F2E55ULL, -- 0xB5045AF2767164E1ULL, 0x1D14348F6F2F9193ULL, 0x64E67982428EBC83ULL, -- 0x8AC376D282D6ED38ULL, 0x777DE62AAAB8A862ULL, 0xDDF463E5E9EC144BULL, -- 0x0196F931C77A57F2ULL, 0xA55AE31341000A65ULL, 0x901228F8C28CBB18ULL, -- 0xBC3773BF7E8C6F62ULL, 0xBE3A6C1B0C6B47B1ULL, 0xFF4FED4AAC0BB555ULL, -- 0x10DBC15077BE463FULL, 0x07F4793A1A0BA125ULL, 0x4CA7B18F21EF2054ULL, -- 0x2E77506660EDBD48ULL, 0x3FB32C9B73134D0BULL --}; -- --static const BN_ULONG dh2048_256_q[] = { -- 0xA308B0FE64F5FBD3ULL, 0x99B1A47D1EB3750BULL, 0xB447997640129DA2ULL, -- 0x8CF83642A709A097ULL --}; -- --# elif BN_BITS2 == 32 -- --static const BN_ULONG dh1024_160_p[] = { -- 0x2E4A4371, 0xDF1FB2BC, 0x6D4DA708, 0xE68CFDA7, 0x365C1A65, 0x45BF37DF, -- 0x0DC8B4BD, 0xA151AF5F, 0xF55BCCC0, 0xFAA31A4F, 0xE5644738, 0x4EFFD6FA, -- 0x219A7372, 0x98488E9C, 0x90C4BD70, 0xACCBDD7D, 0xD49B83BF, 0x24975C3C, -- 0xA9061123, 0x13ECB4AE, 0x2EE652C0, 0x9838EF1E, 0x75A23D18, 0x6073E286, -- 0x52D23B61, 0x9A6A9DCA, 0xFB06A3C6, 0x52C99FBC, 0xAE5D54EC, 0xDE92DE5E, -- 0xA080E01D, 0xB10B8F96 --}; -- --static const BN_ULONG dh1024_160_g[] = { -- 0x22B3B2E5, 0x855E6EEB, 0xF97C2A24, 0x858F4DCE, 0x18D08BC8, 0x2D779D59, -- 0x8E73AFA3, 0xD662A4D1, 0x69B6A28A, 0x1DBF0A01, 0x7A091F53, 0xA6A24C08, -- 0x63F80A76, 0x909D0D22, 0xB9A92EE1, 0xD7FBD7D3, 0x9E2749F4, 0x5E91547F, -- 0xB01B886A, 0x160217B4, 0x5504F213, 0x777E690F, 0x5C41564B, 0x266FEA1E, -- 0x14266D31, 0xD6406CFF, 0x58AC507F, 0xF8104DD2, 0xEFB99905, 0x6765A442, -- 0xC3FD3412, 0xA4D1CBD5 --}; -- --static const BN_ULONG dh1024_160_q[] = { -- 0x49462353, 0x64B7CB9D, 0x8ABA4E7D, 0x81A8DF27, 0xF518AA87 --}; -- --static const BN_ULONG dh2048_224_p[] = { -- 0x0C10E64F, 0x0AC4DFFE, 0x4E71B81C, 0xCF9DE538, 0xFFA31F71, 0x7EF363E2, -- 0x6B8E75B9, 0xE3FB73C1, 0x4BA80A29, 0xC9B53DCF, 0x16E79763, 0x23F10B0E, -- 0x13042E9B, 0xC52172E4, 0xC928B2B9, 0xBE60E69C, 0xB9E587E8, 0x80CD86A1, -- 0x98C641A4, 0x315D75E1, 0x44328387, 0xCDF93ACC, 0xDC0A486D, 0x15987D9A, -- 0x1FD5A074, 0x7310F712, 0xDE31EFDC, 0x278273C7, 0x415D9330, 0x1602E714, -- 0xBC8985DB, 0x81286130, 0x70918836, 0xB3BF8A31, 0xB9C49708, 0x6A00E0A0, -- 0x8BBC27BE, 0xC6BA0B2C, 0xED34DBF6, 0xC9F98D11, 0xB6C12207, 0x7AD5B7D0, -- 0x55B7394B, 0xD91E8FEF, 0xEFDA4DF8, 0x9037C9ED, 0xAD6AC212, 0x6D3F8152, -- 0x1274A0A6, 0x1DE6B85A, 0x309C180E, 0xEB3D688A, 0x7BA1DF15, 0xAF9A3C40, -- 0xF95A56DB, 0xE6FA141D, 0xB61D0A75, 0xB54B1597, 0x683B9FD1, 0xA20D64E5, -- 0x9559C51F, 0xD660FAA7, 0x9123A9D0, 0xAD107E1E --}; -- --static const BN_ULONG dh2048_224_g[] = { -- 0x191F2BFA, 0x84B890D3, 0x2A7065B3, 0x81BC087F, 0xF6EC0179, 0x19C418E1, -- 0x71CFFF4C, 0x7B5A0F1C, 0x9B6AA4BD, 0xEDFE72FE, 0x94B30269, 0x81E1BCFE, -- 0x8D6C0191, 0x566AFBB4, 0x409D13CD, 0xB539CCE3, 0x5F2FF381, 0x6AA21E7F, -- 0x770589EF, 0xD9E263E4, 0xD19963DD, 0x10E183ED, 0x150B8EEB, 0xB70A8137, -- 0x28C8F8AC, 0x051AE3D4, 0x0C1AB15B, 0xBB77A86F, 0x16A330EF, 0x6E3025E3, -- 0xD6F83456, 0x19529A45, 0x118E98D1, 0xF180EB34, 0x50717CBE, 0xB5F6C6B2, -- 0xDA7460CD, 0x09939D54, 0x22EA1ED4, 0xE2471504, 0x521BC98A, 0xB8A762D0, -- 0x5AC1348B, 0xF4D02727, 0x1999024A, 0xC1766910, 0xA8D66AD7, 0xBE5E9001, -- 0x620A8652, 0xC57DB17C, 0x00C29F52, 0xAB739D77, 0xA70C4AFA, 0xDD921F01, -- 0x10B9A6F0, 0xA6824A4E, 0xCFE4FFE3, 0x74866A08, 0x89998CAF, 0x6CDEBE7B, -- 0x8FFDAC50, 0x9DF30B5C, 0x4F2D9AE3, 0xAC4032EF --}; -- --static const BN_ULONG dh2048_224_q[] = { -- 0xB36371EB, 0xBF389A99, 0x4738CEBC, 0x1F80535A, 0x99717710, 0xC58D93FE, -- 0x801C0D34 --}; -- --static const BN_ULONG dh2048_256_p[] = { -- 0x1E1A1597, 0xDB094AE9, 0xD7EF09CA, 0x693877FA, 0x6E11715F, 0x6116D227, -- 0xC198AF12, 0xA4B54330, 0xD7014103, 0x75F26375, 0x54E710C3, 0xC3A3960A, -- 0xBD0BE621, 0xDED4010A, 0x89962856, 0xC0B857F6, 0x71506026, 0xB3CA3F79, -- 0xE6B486F6, 0x1CCACB83, 0x14056425, 0x67E144E5, 0xA41825D9, 0xF6A167B5, -- 0x96524D8E, 0x3AD83477, 0x51BFA4AB, 0xF13C6D9A, 0x35488A0E, 0x2D525267, -- 0xCAA6B790, 0xB63ACAE1, 0x81B23F76, 0x4FDB70C5, 0x12307F5C, 0xBC39A0BF, -- 0xB1E59BB8, 0xB941F54E, 0xD45F9088, 0x6C5BFC11, 0x4275BF7B, 0x22E0B1EF, -- 0x5B4758C0, 0x91F9E672, 0x6BCF67ED, 0x5A8A9D30, 0x97517ABD, 0x209E0C64, -- 0x830E9A7C, 0x3BF4296D, 0x34096FAA, 0x16C3D911, 0x61B2AA30, 0xFAF7DF45, -- 0xD61957D4, 0xE00DF8F1, 0x435E3B00, 0x5D2CEED4, 0x660DD0F2, 0x8CEEF608, -- 0x65195999, 0xFFBBD19C, 0xB4B6663C, 0x87A8E61D --}; -- --static const BN_ULONG dh2048_256_g[] = { -- 0x6CC41659, 0x664B4C0F, 0xEF98C582, 0x5E2327CF, 0xD4795451, 0xD647D148, -- 0x90F00EF8, 0x2F630784, 0x1DB246C3, 0x184B523D, 0xCDC67EB6, 0xC7891428, -- 0x0DF92B52, 0x7FD02837, 0x64E0EC37, 0xB3353BBB, 0x57CD0915, 0xECD06E15, -- 0xDF016199, 0xB7D2BBD2, 0x052588B9, 0xC8484B1E, 0x13D3FE14, 0xDB2A3B73, -- 0xD182EA0A, 0xD052B985, 0xE83B9C80, 0xA4BD1BFF, 0xFB3F2E55, 0xDFC967C1, -- 0x767164E1, 0xB5045AF2, 0x6F2F9193, 0x1D14348F, 0x428EBC83, 0x64E67982, -- 0x82D6ED38, 0x8AC376D2, 0xAAB8A862, 0x777DE62A, 0xE9EC144B, 0xDDF463E5, -- 0xC77A57F2, 0x0196F931, 0x41000A65, 0xA55AE313, 0xC28CBB18, 0x901228F8, -- 0x7E8C6F62, 0xBC3773BF, 0x0C6B47B1, 0xBE3A6C1B, 0xAC0BB555, 0xFF4FED4A, -- 0x77BE463F, 0x10DBC150, 0x1A0BA125, 0x07F4793A, 0x21EF2054, 0x4CA7B18F, -- 0x60EDBD48, 0x2E775066, 0x73134D0B, 0x3FB32C9B --}; -- --static const BN_ULONG dh2048_256_q[] = { -- 0x64F5FBD3, 0xA308B0FE, 0x1EB3750B, 0x99B1A47D, 0x40129DA2, 0xB4479976, -- 0xA709A097, 0x8CF83642 --}; -- --# else --# error "unsupported BN_BITS2" --# endif -- --/* Macro to make a BIGNUM from static data */ -- --# define make_dh_bn(x) extern const BIGNUM _bignum_##x; \ -- const BIGNUM _bignum_##x = { (BN_ULONG *) x, \ -- OSSL_NELEM(x),\ -- OSSL_NELEM(x),\ -- 0, BN_FLG_STATIC_DATA }; -- -- --make_dh_bn(dh1024_160_p) --make_dh_bn(dh1024_160_g) --make_dh_bn(dh1024_160_q) --make_dh_bn(dh2048_224_p) --make_dh_bn(dh2048_224_g) --make_dh_bn(dh2048_224_q) --make_dh_bn(dh2048_256_p) --make_dh_bn(dh2048_256_g) --make_dh_bn(dh2048_256_q) -- --#endif -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_div.c b/Cryptlib/OpenSSL/crypto/bn/bn_div.c -index 5e620b2..bc37671 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_div.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_div.c -@@ -1,14 +1,64 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/bn/bn_div.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - -+#include - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include "bn_lcl.h" - - /* The old slow way */ -@@ -130,7 +180,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, - # endif /* OPENSSL_NO_ASM */ - - /*- -- * BN_div computes dv := num / divisor, rounding towards -+ * BN_div computes dv := num / divisor, rounding towards - * zero, and sets up rm such that dv*divisor + rm = num holds. - * Thus: - * dv->neg == num->neg ^ divisor->neg (unless the result is zero) -@@ -254,9 +304,9 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, - wnump = &(snum->d[num_n - 1]); - - /* Setup to 'res' */ -+ res->neg = (num->neg ^ divisor->neg); - if (!bn_wexpand(res, (loop + 1))) - goto err; -- res->neg = (num->neg ^ divisor->neg); - res->top = loop - no_branch; - resp = &(res->d[loop - 1]); - -@@ -278,9 +328,6 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, - res->top--; - } - -- /* Increase the resp pointer so that we never create an invalid pointer. */ -- resp++; -- - /* - * if res->top == 0 then clear the neg value otherwise decrease the resp - * pointer -@@ -290,7 +337,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, - else - resp--; - -- for (i = 0; i < loop - 1; i++, wnump--) { -+ for (i = 0; i < loop - 1; i++, wnump--, resp--) { - BN_ULONG q, l0; - /* - * the first part of the loop uses the top two words of snum and sdiv -@@ -315,6 +362,10 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, - q = (BN_ULONG)(((((BN_ULLONG) n0) << BN_BITS2) | n1) / d0); - # else - q = bn_div_words(n0, n1, d0); -+# ifdef BN_DEBUG_LEVITTE -+ fprintf(stderr, "DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\ -+X) -> 0x%08X\n", n0, n1, d0, q); -+# endif - # endif - - # ifndef REMAINDER_IS_ALREADY_CALCULATED -@@ -339,6 +390,10 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, - BN_ULONG t2l, t2h; - - q = bn_div_words(n0, n1, d0); -+# ifdef BN_DEBUG_LEVITTE -+ fprintf(stderr, "DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\ -+X) -> 0x%08X\n", n0, n1, d0, q); -+# endif - # ifndef REMAINDER_IS_ALREADY_CALCULATED - rem = (n1 - q * d0) & BN_MASK2; - # endif -@@ -396,7 +451,6 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, - (*wnump)++; - } - /* store part of the result */ -- resp--; - *resp = q; - } - bn_correct_top(snum); -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_err.c b/Cryptlib/OpenSSL/crypto/bn/bn_err.c -index 5fe9db9..e7a7038 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_err.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_err.c -@@ -1,11 +1,62 @@ --/* -- * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/bn/bn_err.c */ -+/* ==================================================================== -+ * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+/* -+ * NOTE: this file was auto generated by the mkerr.pl script: any changes -+ * made to it will be overwritten when the script next updates this file, -+ * only reason strings will be preserved. - */ - - #include -@@ -19,7 +70,7 @@ - # define ERR_REASON(reason) ERR_PACK(ERR_LIB_BN,0,reason) - - static ERR_STRING_DATA BN_str_functs[] = { -- {ERR_FUNC(BN_F_BNRAND), "bnrand"}, -+ {ERR_FUNC(BN_F_BNRAND), "BNRAND"}, - {ERR_FUNC(BN_F_BN_BLINDING_CONVERT_EX), "BN_BLINDING_convert_ex"}, - {ERR_FUNC(BN_F_BN_BLINDING_CREATE_PARAM), "BN_BLINDING_create_param"}, - {ERR_FUNC(BN_F_BN_BLINDING_INVERT_EX), "BN_BLINDING_invert_ex"}, -@@ -27,17 +78,15 @@ static ERR_STRING_DATA BN_str_functs[] = { - {ERR_FUNC(BN_F_BN_BLINDING_UPDATE), "BN_BLINDING_update"}, - {ERR_FUNC(BN_F_BN_BN2DEC), "BN_bn2dec"}, - {ERR_FUNC(BN_F_BN_BN2HEX), "BN_bn2hex"}, -- {ERR_FUNC(BN_F_BN_COMPUTE_WNAF), "bn_compute_wNAF"}, - {ERR_FUNC(BN_F_BN_CTX_GET), "BN_CTX_get"}, - {ERR_FUNC(BN_F_BN_CTX_NEW), "BN_CTX_new"}, - {ERR_FUNC(BN_F_BN_CTX_START), "BN_CTX_start"}, - {ERR_FUNC(BN_F_BN_DIV), "BN_div"}, -+ {ERR_FUNC(BN_F_BN_DIV_NO_BRANCH), "BN_div_no_branch"}, - {ERR_FUNC(BN_F_BN_DIV_RECP), "BN_div_recp"}, - {ERR_FUNC(BN_F_BN_EXP), "BN_exp"}, -- {ERR_FUNC(BN_F_BN_EXPAND_INTERNAL), "bn_expand_internal"}, -- {ERR_FUNC(BN_F_BN_GENCB_NEW), "BN_GENCB_new"}, -- {ERR_FUNC(BN_F_BN_GENERATE_DSA_NONCE), "BN_generate_dsa_nonce"}, -- {ERR_FUNC(BN_F_BN_GENERATE_PRIME_EX), "BN_generate_prime_ex"}, -+ {ERR_FUNC(BN_F_BN_EXPAND2), "bn_expand2"}, -+ {ERR_FUNC(BN_F_BN_EXPAND_INTERNAL), "BN_EXPAND_INTERNAL"}, - {ERR_FUNC(BN_F_BN_GF2M_MOD), "BN_GF2m_mod"}, - {ERR_FUNC(BN_F_BN_GF2M_MOD_EXP), "BN_GF2m_mod_exp"}, - {ERR_FUNC(BN_F_BN_GF2M_MOD_MUL), "BN_GF2m_mod_mul"}, -@@ -55,13 +104,13 @@ static ERR_STRING_DATA BN_str_functs[] = { - {ERR_FUNC(BN_F_BN_MOD_INVERSE), "BN_mod_inverse"}, - {ERR_FUNC(BN_F_BN_MOD_INVERSE_NO_BRANCH), "BN_mod_inverse_no_branch"}, - {ERR_FUNC(BN_F_BN_MOD_LSHIFT_QUICK), "BN_mod_lshift_quick"}, -+ {ERR_FUNC(BN_F_BN_MOD_MUL_RECIPROCAL), "BN_mod_mul_reciprocal"}, - {ERR_FUNC(BN_F_BN_MOD_SQRT), "BN_mod_sqrt"}, - {ERR_FUNC(BN_F_BN_MPI2BN), "BN_mpi2bn"}, - {ERR_FUNC(BN_F_BN_NEW), "BN_new"}, - {ERR_FUNC(BN_F_BN_RAND), "BN_rand"}, - {ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"}, - {ERR_FUNC(BN_F_BN_RSHIFT), "BN_rshift"}, -- {ERR_FUNC(BN_F_BN_SET_WORDS), "bn_set_words"}, - {ERR_FUNC(BN_F_BN_USUB), "BN_usub"}, - {0, NULL} - }; -@@ -84,7 +133,6 @@ static ERR_STRING_DATA BN_str_reasons[] = { - {ERR_REASON(BN_R_NOT_INITIALIZED), "not initialized"}, - {ERR_REASON(BN_R_NO_INVERSE), "no inverse"}, - {ERR_REASON(BN_R_NO_SOLUTION), "no solution"}, -- {ERR_REASON(BN_R_PRIVATE_KEY_TOO_LARGE), "private key too large"}, - {ERR_REASON(BN_R_P_IS_NOT_PRIME), "p is not prime"}, - {ERR_REASON(BN_R_TOO_MANY_ITERATIONS), "too many iterations"}, - {ERR_REASON(BN_R_TOO_MANY_TEMPORARY_VARIABLES), -@@ -94,7 +142,7 @@ static ERR_STRING_DATA BN_str_reasons[] = { - - #endif - --int ERR_load_BN_strings(void) -+void ERR_load_BN_strings(void) - { - #ifndef OPENSSL_NO_ERR - -@@ -103,5 +151,4 @@ int ERR_load_BN_strings(void) - ERR_load_strings(0, BN_str_reasons); - } - #endif -- return 1; - } -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_exp.c b/Cryptlib/OpenSSL/crypto/bn/bn_exp.c -index feeb764..195a786 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_exp.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_exp.c -@@ -1,14 +1,116 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/bn/bn_exp.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+/* ==================================================================== -+ * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - --#include "internal/cryptlib.h" --#include "internal/constant_time_locl.h" -+#include "cryptlib.h" -+#include "constant_time_locl.h" - #include "bn_lcl.h" - - #include -@@ -46,7 +148,7 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) - if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { - /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ - BNerr(BN_F_BN_EXP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -- return 0; -+ return -1; - } - - BN_CTX_start(ctx); -@@ -98,7 +200,7 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, - bn_check_top(m); - - /*- -- * For even modulus m = 2^k*m_odd, it might make sense to compute -+ * For even modulus m = 2^k*m_odd, it might make sense to compute - * a^p mod m_odd and a^p mod 2^k separately (with Montgomery - * exponentiation for the odd part), using appropriate exponent - * reductions, and combine the results using the CRT. -@@ -178,7 +280,7 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { - /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ - BNerr(BN_F_BN_MOD_EXP_RECP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -- return 0; -+ return -1; - } - - bits = BN_num_bits(p); -@@ -469,7 +571,7 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, - goto err; - ret = 1; - err: -- if (in_mont == NULL) -+ if ((in_mont == NULL) && (mont != NULL)) - BN_MONT_CTX_free(mont); - BN_CTX_end(ctx); - bn_check_top(rr); -@@ -528,14 +630,6 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, - { - int i, j; - int width = 1 << window; -- /* -- * We declare table 'volatile' in order to discourage compiler -- * from reordering loads from the table. Concern is that if -- * reordered in specific manner loads might give away the -- * information we are trying to conceal. Some would argue that -- * compiler can reorder them anyway, but it can as well be -- * argued that doing so would be violation of standard... -- */ - volatile BN_ULONG *table = (volatile BN_ULONG *)buf; - - if (bn_wexpand(b, top) == NULL) -@@ -716,7 +810,8 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, - else - #endif - if ((powerbufFree = -- OPENSSL_malloc(powerbufLen + MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH)) -+ (unsigned char *)OPENSSL_malloc(powerbufLen + -+ MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH)) - == NULL) - goto err; - -@@ -1085,11 +1180,12 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, - goto err; - ret = 1; - err: -- if (in_mont == NULL) -+ if ((in_mont == NULL) && (mont != NULL)) - BN_MONT_CTX_free(mont); - if (powerbuf != NULL) { - OPENSSL_cleanse(powerbuf, powerbufLen); -- OPENSSL_free(powerbufFree); -+ if (powerbufFree) -+ OPENSSL_free(powerbufFree); - } - BN_CTX_end(ctx); - return (ret); -@@ -1124,7 +1220,7 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, - if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { - /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ - BNerr(BN_F_BN_MOD_EXP_MONT_WORD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -- return 0; -+ return -1; - } - - bn_check_top(p); -@@ -1235,7 +1331,7 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, - } - ret = 1; - err: -- if (in_mont == NULL) -+ if ((in_mont == NULL) && (mont != NULL)) - BN_MONT_CTX_free(mont); - BN_CTX_end(ctx); - bn_check_top(rr); -@@ -1255,7 +1351,7 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { - /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ - BNerr(BN_F_BN_MOD_EXP_SIMPLE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -- return 0; -+ return -1; - } - - bits = BN_num_bits(p); -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_exp2.c b/Cryptlib/OpenSSL/crypto/bn/bn_exp2.c -index 5141c21..43fd204 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_exp2.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_exp2.c -@@ -1,14 +1,116 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/bn/bn_exp2.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+/* ==================================================================== -+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include "bn_lcl.h" - - #define TABLE_SIZE 32 -@@ -193,7 +295,7 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, - goto err; - ret = 1; - err: -- if (in_mont == NULL) -+ if ((in_mont == NULL) && (mont != NULL)) - BN_MONT_CTX_free(mont); - BN_CTX_end(ctx); - bn_check_top(rr); -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_gcd.c b/Cryptlib/OpenSSL/crypto/bn/bn_gcd.c -index e1aac13..ce59fe7 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_gcd.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_gcd.c -@@ -1,13 +1,115 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/bn/bn_gcd.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+/* ==================================================================== -+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include "bn_lcl.h" - - static BIGNUM *euclid(BIGNUM *a, BIGNUM *b); -@@ -123,26 +225,11 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, - - BIGNUM *BN_mod_inverse(BIGNUM *in, - const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) --{ -- BIGNUM *rv; -- int noinv; -- rv = int_bn_mod_inverse(in, a, n, ctx, &noinv); -- if (noinv) -- BNerr(BN_F_BN_MOD_INVERSE, BN_R_NO_INVERSE); -- return rv; --} -- --BIGNUM *int_bn_mod_inverse(BIGNUM *in, -- const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx, -- int *pnoinv) - { - BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL; - BIGNUM *ret = NULL; - int sign; - -- if (pnoinv) -- *pnoinv = 0; -- - if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0) - || (BN_get_flags(n, BN_FLG_CONSTTIME) != 0)) { - return BN_mod_inverse_no_branch(in, a, n, ctx); -@@ -189,11 +276,11 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in, - * sign*Y*a == A (mod |n|). - */ - -- if (BN_is_odd(n) && (BN_num_bits(n) <= 2048)) { -+ if (BN_is_odd(n) && (BN_num_bits(n) <= (BN_BITS <= 32 ? 450 : 2048))) { - /* - * Binary inversion algorithm; requires odd modulus. This is faster - * than the general algorithm if the modulus is sufficiently small -- * (about 400 .. 500 bits on 32-bit systems, but much more on 64-bit -+ * (about 400 .. 500 bits on 32-bit sytems, but much more on 64-bit - * systems) - */ - int shift; -@@ -370,7 +457,7 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in, - * i.e. - * sign*(Y + D*X)*a == B (mod |n|). - * -- * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at -+ * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at - * -sign*X*a == B (mod |n|), - * sign*Y*a == A (mod |n|). - * Note that X and Y stay non-negative all the time. -@@ -435,8 +522,7 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in, - goto err; - } - } else { -- if (pnoinv) -- *pnoinv = 1; -+ BNerr(BN_F_BN_MOD_INVERSE, BN_R_NO_INVERSE); - goto err; - } - ret = R; -@@ -457,6 +543,8 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, - BN_CTX *ctx) - { - BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL; -+ BIGNUM local_A, local_B; -+ BIGNUM *pA, *pB; - BIGNUM *ret = NULL; - int sign; - -@@ -494,14 +582,11 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, - * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, - * BN_div_no_branch will be called eventually. - */ -- { -- BIGNUM local_B; -- bn_init(&local_B); -- BN_with_flags(&local_B, B, BN_FLG_CONSTTIME); -- if (!BN_nnmod(B, &local_B, A, ctx)) -- goto err; -- /* Ensure local_B goes out of scope before any further use of B */ -- } -+ pB = &local_B; -+ local_B.flags = 0; -+ BN_with_flags(pB, B, BN_FLG_CONSTTIME); -+ if (!BN_nnmod(B, pB, A, ctx)) -+ goto err; - } - sign = -1; - /*- -@@ -525,16 +610,13 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, - * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, - * BN_div_no_branch will be called eventually. - */ -- { -- BIGNUM local_A; -- bn_init(&local_A); -- BN_with_flags(&local_A, A, BN_FLG_CONSTTIME); -+ pA = &local_A; -+ local_A.flags = 0; -+ BN_with_flags(pA, A, BN_FLG_CONSTTIME); - -- /* (D, M) := (A/B, A%B) ... */ -- if (!BN_div(D, M, &local_A, B, ctx)) -- goto err; -- /* Ensure local_A goes out of scope before any further use of A */ -- } -+ /* (D, M) := (A/B, A%B) ... */ -+ if (!BN_div(D, M, pA, B, ctx)) -+ goto err; - - /*- - * Now -@@ -565,7 +647,7 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, - * i.e. - * sign*(Y + D*X)*a == B (mod |n|). - * -- * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at -+ * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at - * -sign*X*a == B (mod |n|), - * sign*Y*a == A (mod |n|). - * Note that X and Y stay non-negative all the time. -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c b/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c -index b1987f5..2c61da1 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c -@@ -1,12 +1,4 @@ --/* -- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- -+/* crypto/bn/bn_gf2m.c */ - /* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * -@@ -16,12 +8,91 @@ - * - * The ECC Code is licensed pursuant to the OpenSSL open source - * license provided below. -+ * -+ * In addition, Sun covenants to all licensees who provide a reciprocal -+ * covenant with respect to their own patents if any, not to sue under -+ * current and future patent claims necessarily infringed by the making, -+ * using, practicing, selling, offering for sale and/or otherwise -+ * disposing of the ECC Code as delivered hereunder (or portions thereof), -+ * provided that such covenant shall not apply: -+ * 1) for code that a licensee deletes from the ECC Code; -+ * 2) separates from the ECC Code; or -+ * 3) for infringements caused by: -+ * i) the modification of the ECC Code or -+ * ii) the combination of the ECC Code with other software or -+ * devices where such combination causes the infringement. -+ * -+ * The software is originally written by Sheueling Chang Shantz and -+ * Douglas Stebila of Sun Microsystems Laboratories. -+ * -+ */ -+ -+/* -+ * NOTE: This file is licensed pursuant to the OpenSSL license below and may -+ * be modified; but after modifications, the above covenant may no longer -+ * apply! In such cases, the corresponding paragraph ["In addition, Sun -+ * covenants ... causes the infringement."] and this note can be edited out; -+ * but please keep the Sun copyright notice and attribution. -+ */ -+ -+/* ==================================================================== -+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * - */ - - #include - #include - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include "bn_lcl.h" - - #ifndef OPENSSL_NO_EC2M -@@ -401,8 +472,8 @@ int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p) - int arr[6]; - bn_check_top(a); - bn_check_top(p); -- ret = BN_GF2m_poly2arr(p, arr, OSSL_NELEM(arr)); -- if (!ret || ret > (int)OSSL_NELEM(arr)) { -+ ret = BN_GF2m_poly2arr(p, arr, sizeof(arr) / sizeof(arr[0])); -+ if (!ret || ret > (int)(sizeof(arr) / sizeof(arr[0]))) { - BNerr(BN_F_BN_GF2M_MOD, BN_R_INVALID_LENGTH); - return 0; - } -@@ -479,7 +550,7 @@ int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - bn_check_top(a); - bn_check_top(b); - bn_check_top(p); -- if ((arr = OPENSSL_malloc(sizeof(*arr) * max)) == NULL) -+ if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL) - goto err; - ret = BN_GF2m_poly2arr(p, arr, max); - if (!ret || ret > max) { -@@ -489,7 +560,8 @@ int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - ret = BN_GF2m_mod_mul_arr(r, a, b, arr, ctx); - bn_check_top(r); - err: -- OPENSSL_free(arr); -+ if (arr) -+ OPENSSL_free(arr); - return ret; - } - -@@ -537,7 +609,7 @@ int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) - - bn_check_top(a); - bn_check_top(p); -- if ((arr = OPENSSL_malloc(sizeof(*arr) * max)) == NULL) -+ if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL) - goto err; - ret = BN_GF2m_poly2arr(p, arr, max); - if (!ret || ret > max) { -@@ -547,7 +619,8 @@ int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) - ret = BN_GF2m_mod_sqr_arr(r, a, arr, ctx); - bn_check_top(r); - err: -- OPENSSL_free(arr); -+ if (arr) -+ OPENSSL_free(arr); - return ret; - } - -@@ -961,7 +1034,7 @@ int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - bn_check_top(a); - bn_check_top(b); - bn_check_top(p); -- if ((arr = OPENSSL_malloc(sizeof(*arr) * max)) == NULL) -+ if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL) - goto err; - ret = BN_GF2m_poly2arr(p, arr, max); - if (!ret || ret > max) { -@@ -971,7 +1044,8 @@ int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - ret = BN_GF2m_mod_exp_arr(r, a, b, arr, ctx); - bn_check_top(r); - err: -- OPENSSL_free(arr); -+ if (arr) -+ OPENSSL_free(arr); - return ret; - } - -@@ -1020,7 +1094,7 @@ int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) - int *arr = NULL; - bn_check_top(a); - bn_check_top(p); -- if ((arr = OPENSSL_malloc(sizeof(*arr) * max)) == NULL) -+ if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL) - goto err; - ret = BN_GF2m_poly2arr(p, arr, max); - if (!ret || ret > max) { -@@ -1030,7 +1104,8 @@ int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) - ret = BN_GF2m_mod_sqrt_arr(r, a, arr, ctx); - bn_check_top(r); - err: -- OPENSSL_free(arr); -+ if (arr) -+ OPENSSL_free(arr); - return ret; - } - -@@ -1089,7 +1164,7 @@ int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const int p[], - if (tmp == NULL) - goto err; - do { -- if (!BN_rand(rho, p[0], BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) -+ if (!BN_rand(rho, p[0], 0, 0)) - goto err; - if (!BN_GF2m_mod_arr(rho, rho, p)) - goto err; -@@ -1150,7 +1225,7 @@ int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - int *arr = NULL; - bn_check_top(a); - bn_check_top(p); -- if ((arr = OPENSSL_malloc(sizeof(*arr) * max)) == NULL) -+ if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL) - goto err; - ret = BN_GF2m_poly2arr(p, arr, max); - if (!ret || ret > max) { -@@ -1160,7 +1235,8 @@ int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - ret = BN_GF2m_mod_solve_quad_arr(r, a, arr, ctx); - bn_check_top(r); - err: -- OPENSSL_free(arr); -+ if (arr) -+ OPENSSL_free(arr); - return ret; - } - -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_intern.c b/Cryptlib/OpenSSL/crypto/bn/bn_intern.c -deleted file mode 100644 -index 2c97064..0000000 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_intern.c -+++ /dev/null -@@ -1,210 +0,0 @@ --/* -- * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include "internal/cryptlib.h" --#include "bn_lcl.h" -- --/* -- * Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'. -- * This is an array r[] of values that are either zero or odd with an -- * absolute value less than 2^w satisfying -- * scalar = \sum_j r[j]*2^j -- * where at most one of any w+1 consecutive digits is non-zero -- * with the exception that the most significant digit may be only -- * w-1 zeros away from that next non-zero digit. -- */ --signed char *bn_compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len) --{ -- int window_val; -- signed char *r = NULL; -- int sign = 1; -- int bit, next_bit, mask; -- size_t len = 0, j; -- -- if (BN_is_zero(scalar)) { -- r = OPENSSL_malloc(1); -- if (r == NULL) { -- BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- r[0] = 0; -- *ret_len = 1; -- return r; -- } -- -- if (w <= 0 || w > 7) { /* 'signed char' can represent integers with -- * absolute values less than 2^7 */ -- BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); -- goto err; -- } -- bit = 1 << w; /* at most 128 */ -- next_bit = bit << 1; /* at most 256 */ -- mask = next_bit - 1; /* at most 255 */ -- -- if (BN_is_negative(scalar)) { -- sign = -1; -- } -- -- if (scalar->d == NULL || scalar->top == 0) { -- BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); -- goto err; -- } -- -- len = BN_num_bits(scalar); -- r = OPENSSL_malloc(len + 1); /* -- * Modified wNAF may be one digit longer than binary representation -- * (*ret_len will be set to the actual length, i.e. at most -- * BN_num_bits(scalar) + 1) -- */ -- if (r == NULL) { -- BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- window_val = scalar->d[0] & mask; -- j = 0; -- while ((window_val != 0) || (j + w + 1 < len)) { /* if j+w+1 >= len, -- * window_val will not -- * increase */ -- int digit = 0; -- -- /* 0 <= window_val <= 2^(w+1) */ -- -- if (window_val & 1) { -- /* 0 < window_val < 2^(w+1) */ -- -- if (window_val & bit) { -- digit = window_val - next_bit; /* -2^w < digit < 0 */ -- --#if 1 /* modified wNAF */ -- if (j + w + 1 >= len) { -- /* -- * Special case for generating modified wNAFs: -- * no new bits will be added into window_val, -- * so using a positive digit here will decrease -- * the total length of the representation -- */ -- -- digit = window_val & (mask >> 1); /* 0 < digit < 2^w */ -- } --#endif -- } else { -- digit = window_val; /* 0 < digit < 2^w */ -- } -- -- if (digit <= -bit || digit >= bit || !(digit & 1)) { -- BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); -- goto err; -- } -- -- window_val -= digit; -- -- /* -- * now window_val is 0 or 2^(w+1) in standard wNAF generation; -- * for modified window NAFs, it may also be 2^w -- */ -- if (window_val != 0 && window_val != next_bit -- && window_val != bit) { -- BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); -- goto err; -- } -- } -- -- r[j++] = sign * digit; -- -- window_val >>= 1; -- window_val += bit * BN_is_bit_set(scalar, j + w); -- -- if (window_val > next_bit) { -- BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); -- goto err; -- } -- } -- -- if (j > len + 1) { -- BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); -- goto err; -- } -- *ret_len = j; -- return r; -- -- err: -- OPENSSL_free(r); -- return NULL; --} -- --int bn_get_top(const BIGNUM *a) --{ -- return a->top; --} -- --void bn_set_top(BIGNUM *a, int top) --{ -- a->top = top; --} -- --int bn_get_dmax(const BIGNUM *a) --{ -- return a->dmax; --} -- --void bn_set_all_zero(BIGNUM *a) --{ -- int i; -- -- for (i = a->top; i < a->dmax; i++) -- a->d[i] = 0; --} -- --int bn_copy_words(BN_ULONG *out, const BIGNUM *in, int size) --{ -- if (in->top > size) -- return 0; -- -- memset(out, 0, sizeof(*out) * size); -- if (in->d != NULL) -- memcpy(out, in->d, sizeof(*out) * in->top); -- return 1; --} -- --BN_ULONG *bn_get_words(const BIGNUM *a) --{ -- return a->d; --} -- --void bn_set_static_words(BIGNUM *a, BN_ULONG *words, int size) --{ -- a->d = words; -- a->dmax = a->top = size; -- a->neg = 0; -- a->flags |= BN_FLG_STATIC_DATA; -- bn_correct_top(a); --} -- --int bn_set_words(BIGNUM *a, BN_ULONG *words, int num_words) --{ -- if (bn_wexpand(a, num_words) == NULL) { -- BNerr(BN_F_BN_SET_WORDS, ERR_R_MALLOC_FAILURE); -- return 0; -- } -- -- memcpy(a->d, words, sizeof(BN_ULONG) * num_words); -- a->top = num_words; -- bn_correct_top(a); -- return 1; --} -- --size_t bn_sizeof_BIGNUM(void) --{ -- return sizeof(BIGNUM); --} -- --BIGNUM *bn_array_el(BIGNUM *base, int el) --{ -- return &base[el]; --} -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_kron.c b/Cryptlib/OpenSSL/crypto/bn/bn_kron.c -index b9bc6cc..88d731a 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_kron.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_kron.c -@@ -1,13 +1,59 @@ --/* -- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/bn/bn_kron.c */ -+/* ==================================================================== -+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include "bn_lcl.h" - - /* least significant word */ -@@ -46,7 +92,7 @@ int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) - goto end; - - /* -- * Kronecker symbol, implemented according to Henri Cohen, -+ * Kronecker symbol, imlemented according to Henri Cohen, - * "A Course in Computational Algebraic Number Theory" - * (algorithm 1.4.10). - */ -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_lcl.h b/Cryptlib/OpenSSL/crypto/bn/bn_lcl.h -index 5fb3814..00f4f09 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_lcl.h -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_lcl.h -@@ -1,267 +1,123 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/bn/bn_lcl.h */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+/* ==================================================================== -+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #ifndef HEADER_BN_LCL_H - # define HEADER_BN_LCL_H - --/* -- * The EDK2 build doesn't use bn_conf.h; it sets THIRTY_TWO_BIT or -- * SIXTY_FOUR_BIT in its own environment since it doesn't re-run our -- * Configure script and needs to support both 32-bit and 64-bit. -- */ --# include -- --# if !defined(OPENSSL_SYS_UEFI) --# include "internal/bn_conf.h" --# endif -- --# include "internal/bn_int.h" -+# include - - #ifdef __cplusplus - extern "C" { - #endif - --/* -- * These preprocessor symbols control various aspects of the bignum headers -- * and library code. They're not defined by any "normal" configuration, as -- * they are intended for development and testing purposes. NB: defining all -- * three can be useful for debugging application code as well as openssl -- * itself. BN_DEBUG - turn on various debugging alterations to the bignum -- * code BN_DEBUG_RAND - uses random poisoning of unused words to trip up -- * mismanagement of bignum internals. You must also define BN_DEBUG. -- */ --/* #define BN_DEBUG */ --/* #define BN_DEBUG_RAND */ -- --# ifndef OPENSSL_SMALL_FOOTPRINT --# define BN_MUL_COMBA --# define BN_SQR_COMBA --# define BN_RECURSION --# endif -- --/* -- * This next option uses the C libraries (2 word)/(1 word) function. If it is -- * not defined, I use my C version (which is slower). The reason for this -- * flag is that when the particular C compiler library routine is used, and -- * the library is linked with a different compiler, the library is missing. -- * This mostly happens when the library is built with gcc and then linked -- * using normal cc. This would be a common occurrence because gcc normally -- * produces code that is 2 times faster than system compilers for the big -- * number stuff. For machines with only one compiler (or shared libraries), -- * this should be on. Again this in only really a problem on machines using -- * "long long's", are 32bit, and are not using my assembler code. -- */ --# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || \ -- defined(OPENSSL_SYS_WIN32) || defined(linux) --# define BN_DIV2W --# endif -- --/* -- * 64-bit processor with LP64 ABI -- */ --# ifdef SIXTY_FOUR_BIT_LONG --# define BN_ULLONG unsigned long long --# define BN_BITS4 32 --# define BN_MASK2 (0xffffffffffffffffL) --# define BN_MASK2l (0xffffffffL) --# define BN_MASK2h (0xffffffff00000000L) --# define BN_MASK2h1 (0xffffffff80000000L) --# define BN_DEC_CONV (10000000000000000000UL) --# define BN_DEC_NUM 19 --# define BN_DEC_FMT1 "%lu" --# define BN_DEC_FMT2 "%019lu" --# endif -- --/* -- * 64-bit processor other than LP64 ABI -- */ --# ifdef SIXTY_FOUR_BIT --# undef BN_LLONG --# undef BN_ULLONG --# define BN_BITS4 32 --# define BN_MASK2 (0xffffffffffffffffLL) --# define BN_MASK2l (0xffffffffL) --# define BN_MASK2h (0xffffffff00000000LL) --# define BN_MASK2h1 (0xffffffff80000000LL) --# define BN_DEC_CONV (10000000000000000000ULL) --# define BN_DEC_NUM 19 --# define BN_DEC_FMT1 "%llu" --# define BN_DEC_FMT2 "%019llu" --# endif -- --# ifdef THIRTY_TWO_BIT --# ifdef BN_LLONG --# if defined(_WIN32) && !defined(__GNUC__) --# define BN_ULLONG unsigned __int64 --# else --# define BN_ULLONG unsigned long long --# endif --# endif --# define BN_BITS4 16 --# define BN_MASK2 (0xffffffffL) --# define BN_MASK2l (0xffff) --# define BN_MASK2h1 (0xffff8000L) --# define BN_MASK2h (0xffff0000L) --# define BN_DEC_CONV (1000000000L) --# define BN_DEC_NUM 9 --# define BN_DEC_FMT1 "%u" --# define BN_DEC_FMT2 "%09u" --# endif -- -- --/*- -- * Bignum consistency macros -- * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from -- * bignum data after direct manipulations on the data. There is also an -- * "internal" macro, bn_check_top(), for verifying that there are no leading -- * zeroes. Unfortunately, some auditing is required due to the fact that -- * bn_fix_top() has become an overabused duct-tape because bignum data is -- * occasionally passed around in an inconsistent state. So the following -- * changes have been made to sort this out; -- * - bn_fix_top()s implementation has been moved to bn_correct_top() -- * - if BN_DEBUG isn't defined, bn_fix_top() maps to bn_correct_top(), and -- * bn_check_top() is as before. -- * - if BN_DEBUG *is* defined; -- * - bn_check_top() tries to pollute unused words even if the bignum 'top' is -- * consistent. (ed: only if BN_DEBUG_RAND is defined) -- * - bn_fix_top() maps to bn_check_top() rather than "fixing" anything. -- * The idea is to have debug builds flag up inconsistent bignums when they -- * occur. If that occurs in a bn_fix_top(), we examine the code in question; if -- * the use of bn_fix_top() was appropriate (ie. it follows directly after code -- * that manipulates the bignum) it is converted to bn_correct_top(), and if it -- * was not appropriate, we convert it permanently to bn_check_top() and track -- * down the cause of the bug. Eventually, no internal code should be using the -- * bn_fix_top() macro. External applications and libraries should try this with -- * their own code too, both in terms of building against the openssl headers -- * with BN_DEBUG defined *and* linking with a version of OpenSSL built with it -- * defined. This not only improves external code, it provides more test -- * coverage for openssl's own code. -- */ -- --# ifdef BN_DEBUG -- --# ifdef BN_DEBUG_RAND --/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */ --# ifndef RAND_bytes --int RAND_bytes(unsigned char *buf, int num); --# define BN_DEBUG_TRIX --# endif --# define bn_pollute(a) \ -- do { \ -- const BIGNUM *_bnum1 = (a); \ -- if (_bnum1->top < _bnum1->dmax) { \ -- unsigned char _tmp_char; \ -- /* We cast away const without the compiler knowing, any \ -- * *genuinely* constant variables that aren't mutable \ -- * wouldn't be constructed with top!=dmax. */ \ -- BN_ULONG *_not_const; \ -- memcpy(&_not_const, &_bnum1->d, sizeof(_not_const)); \ -- RAND_bytes(&_tmp_char, 1); /* Debug only - safe to ignore error return */\ -- memset(_not_const + _bnum1->top, _tmp_char, \ -- sizeof(*_not_const) * (_bnum1->dmax - _bnum1->top)); \ -- } \ -- } while(0) --# ifdef BN_DEBUG_TRIX --# undef RAND_bytes --# endif --# else --# define bn_pollute(a) --# endif --# define bn_check_top(a) \ -- do { \ -- const BIGNUM *_bnum2 = (a); \ -- if (_bnum2 != NULL) { \ -- OPENSSL_assert(((_bnum2->top == 0) && !_bnum2->neg) || \ -- (_bnum2->top && (_bnum2->d[_bnum2->top - 1] != 0))); \ -- bn_pollute(_bnum2); \ -- } \ -- } while(0) -- --# define bn_fix_top(a) bn_check_top(a) -- --# define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2) --# define bn_wcheck_size(bn, words) \ -- do { \ -- const BIGNUM *_bnum2 = (bn); \ -- OPENSSL_assert((words) <= (_bnum2)->dmax && \ -- (words) >= (_bnum2)->top); \ -- /* avoid unused variable warning with NDEBUG */ \ -- (void)(_bnum2); \ -- } while(0) -- --# else /* !BN_DEBUG */ -- --# define bn_pollute(a) --# define bn_check_top(a) --# define bn_fix_top(a) bn_correct_top(a) --# define bn_check_size(bn, bits) --# define bn_wcheck_size(bn, words) -- --# endif -- --BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, -- BN_ULONG w); --BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); --void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num); --BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d); --BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, -- int num); --BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, -- int num); -- --struct bignum_st { -- BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit -- * chunks. */ -- int top; /* Index of last used d +1. */ -- /* The next are internal book keeping for bn_expand. */ -- int dmax; /* Size of the d array. */ -- int neg; /* one if the number is negative */ -- int flags; --}; -- --/* Used for montgomery multiplication */ --struct bn_mont_ctx_st { -- int ri; /* number of bits in R */ -- BIGNUM RR; /* used to convert to montgomery form */ -- BIGNUM N; /* The modulus */ -- BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 (Ni is only -- * stored for bignum algorithm) */ -- BN_ULONG n0[2]; /* least significant word(s) of Ni; (type -- * changed with 0.9.9, was "BN_ULONG n0;" -- * before) */ -- int flags; --}; -- --/* -- * Used for reciprocal division/mod functions It cannot be shared between -- * threads -- */ --struct bn_recp_ctx_st { -- BIGNUM N; /* the divisor */ -- BIGNUM Nr; /* the reciprocal */ -- int num_bits; -- int shift; -- int flags; --}; -- --/* Used for slow "generation" functions. */ --struct bn_gencb_st { -- unsigned int ver; /* To handle binary (in)compatibility */ -- void *arg; /* callback-specific data */ -- union { -- /* if (ver==1) - handles old style callbacks */ -- void (*cb_1) (int, int, void *); -- /* if (ver==2) - new callback style */ -- int (*cb_2) (int, int, BN_GENCB *); -- } cb; --}; -- - /*- - * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions - * -@@ -287,11 +143,23 @@ struct bn_gencb_st { - * (with draws in between). Very small exponents are often selected - * with low Hamming weight, so we use w = 1 for b <= 23. - */ --# define BN_window_bits_for_exponent_size(b) \ -+# if 1 -+# define BN_window_bits_for_exponent_size(b) \ - ((b) > 671 ? 6 : \ - (b) > 239 ? 5 : \ - (b) > 79 ? 4 : \ - (b) > 23 ? 3 : 1) -+# else -+/* -+ * Old SSLeay/OpenSSL table. Maximum window size was 5, so this table differs -+ * for b==1024; but it coincides for other interesting values (b==160, -+ * b==512). -+ */ -+# define BN_window_bits_for_exponent_size(b) \ -+ ((b) > 255 ? 5 : \ -+ (b) > 127 ? 4 : \ -+ (b) > 17 ? 3 : 1) -+# endif - - /* - * BN_mod_exp_mont_conttime is based on the assumption that the L1 data cache -@@ -426,8 +294,8 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b, - # endif - # elif defined(__mips) && (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)) - # if defined(__GNUC__) && __GNUC__>=2 --# if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16 -- /* "h" constraint is not an option on R6 and was removed in 4.4 */ -+# if __GNUC__>4 || (__GNUC__>=4 && __GNUC_MINOR__>=4) -+ /* "h" constraint is no more since 4.4 */ - # define BN_UMULT_HIGH(a,b) (((__uint128_t)(a)*(b))>>64) - # define BN_UMULT_LOHI(low,high,a,b) ({ \ - __uint128_t ret=(__uint128_t)(a)*(b); \ -@@ -633,10 +501,10 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b, - } - # endif /* !BN_LLONG */ - --void BN_RECP_CTX_init(BN_RECP_CTX *recp); --void BN_MONT_CTX_init(BN_MONT_CTX *ctx); -+# if defined(OPENSSL_DOING_MAKEDEPEND) && defined(OPENSSL_FIPS) -+# undef bn_div_words -+# endif - --void bn_init(BIGNUM *a); - void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb); - void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b); - void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b); -@@ -662,26 +530,6 @@ BN_ULONG bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, - int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - const BN_ULONG *np, const BN_ULONG *n0, int num); - --BIGNUM *int_bn_mod_inverse(BIGNUM *in, -- const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx, -- int *noinv); -- --int bn_probable_prime_dh(BIGNUM *rnd, int bits, -- const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx); --int bn_probable_prime_dh_retry(BIGNUM *rnd, int bits, BN_CTX *ctx); --int bn_probable_prime_dh_coprime(BIGNUM *rnd, int bits, BN_CTX *ctx); -- --static ossl_inline BIGNUM *bn_expand(BIGNUM *a, int bits) --{ -- if (bits > (INT_MAX - BN_BITS2 + 1)) -- return NULL; -- -- if (((bits+BN_BITS2-1)/BN_BITS2) <= (a)->dmax) -- return a; -- -- return bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2); --} -- - #ifdef __cplusplus - } - #endif -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_lib.c b/Cryptlib/OpenSSL/crypto/bn/bn_lib.c -index 17d34c3..10b78f5 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_lib.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_lib.c -@@ -1,20 +1,76 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/bn/bn_lib.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - -+#ifndef BN_DEBUG -+# undef NDEBUG /* avoid conflicting definitions */ -+# define NDEBUG -+#endif -+ - #include - #include --#include "internal/cryptlib.h" -+#include -+#include "cryptlib.h" - #include "bn_lcl.h" --#include -+ -+const char BN_version[] = "Big Number" OPENSSL_VERSION_PTEXT; - - /* This stuff appears to be completely unused, so is deprecated */ --#if OPENSSL_API_COMPAT < 0x00908000L -+#ifndef OPENSSL_NO_DEPRECATED - /*- - * For a 32 bit machine - * 2 - 4 == 128 -@@ -168,15 +224,6 @@ int BN_num_bits(const BIGNUM *a) - return ((i * BN_BITS2) + BN_num_bits_word(a->d[i])); - } - --static void bn_free_d(BIGNUM *a) --{ -- if (BN_get_flags(a, BN_FLG_SECURE)) -- OPENSSL_secure_free(a->d); -- else -- OPENSSL_free(a->d); --} -- -- - void BN_clear_free(BIGNUM *a) - { - int i; -@@ -186,11 +233,11 @@ void BN_clear_free(BIGNUM *a) - bn_check_top(a); - if (a->d != NULL) { - OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0])); -- if (!BN_get_flags(a, BN_FLG_STATIC_DATA)) -- bn_free_d(a); -+ if (!(BN_get_flags(a, BN_FLG_STATIC_DATA))) -+ OPENSSL_free(a->d); - } - i = BN_get_flags(a, BN_FLG_MALLOCED); -- OPENSSL_cleanse(a, sizeof(*a)); -+ OPENSSL_cleanse(a, sizeof(BIGNUM)); - if (i) - OPENSSL_free(a); - } -@@ -200,23 +247,21 @@ void BN_free(BIGNUM *a) - if (a == NULL) - return; - bn_check_top(a); -- if (!BN_get_flags(a, BN_FLG_STATIC_DATA)) -- bn_free_d(a); -+ if ((a->d != NULL) && !(BN_get_flags(a, BN_FLG_STATIC_DATA))) -+ OPENSSL_free(a->d); - if (a->flags & BN_FLG_MALLOCED) - OPENSSL_free(a); - else { --#if OPENSSL_API_COMPAT < 0x00908000L -+#ifndef OPENSSL_NO_DEPRECATED - a->flags |= BN_FLG_FREE; - #endif - a->d = NULL; - } - } - --void bn_init(BIGNUM *a) -+void BN_init(BIGNUM *a) - { -- static BIGNUM nilbn; -- -- *a = nilbn; -+ memset(a, 0, sizeof(BIGNUM)); - bn_check_top(a); - } - -@@ -224,24 +269,20 @@ BIGNUM *BN_new(void) - { - BIGNUM *ret; - -- if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) { -+ if ((ret = (BIGNUM *)OPENSSL_malloc(sizeof(BIGNUM))) == NULL) { - BNerr(BN_F_BN_NEW, ERR_R_MALLOC_FAILURE); - return (NULL); - } - ret->flags = BN_FLG_MALLOCED; -+ ret->top = 0; -+ ret->neg = 0; -+ ret->dmax = 0; -+ ret->d = NULL; - bn_check_top(ret); - return (ret); - } - -- BIGNUM *BN_secure_new(void) -- { -- BIGNUM *ret = BN_new(); -- if (ret != NULL) -- ret->flags |= BN_FLG_SECURE; -- return (ret); -- } -- --/* This is used by bn_expand2() */ -+/* This is used both by bn_expand2() and bn_dup_expand() */ - /* The caller MUST check that words > b->dmax before calling this */ - static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) - { -@@ -259,14 +300,20 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) - BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_EXPAND_ON_STATIC_BIGNUM_DATA); - return (NULL); - } -- if (BN_get_flags(b, BN_FLG_SECURE)) -- a = A = OPENSSL_secure_zalloc(words * sizeof(*a)); -- else -- a = A = OPENSSL_zalloc(words * sizeof(*a)); -+ a = A = (BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG) * words); - if (A == NULL) { - BNerr(BN_F_BN_EXPAND_INTERNAL, ERR_R_MALLOC_FAILURE); - return (NULL); - } -+#ifdef PURIFY -+ /* -+ * Valgrind complains in BN_consttime_swap because we process the whole -+ * array even if it's not initialised yet. This doesn't matter in that -+ * function - what's important is constant time operation (we're not -+ * actually going to use the data) -+ */ -+ memset(a, 0, sizeof(BN_ULONG) * words); -+#endif - - #if 1 - B = b->d; -@@ -277,7 +324,7 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) - * The fact that the loop is unrolled - * 4-wise is a tribute to Intel. It's - * the one that doesn't have enough -- * registers to accommodate more data. -+ * registers to accomodate more data. - * I'd unroll it 8-wise otherwise:-) - * - * -@@ -292,6 +339,11 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) - A[2] = a2; - A[3] = a3; - } -+ /* -+ * workaround for ultrix cc: without 'case 0', the optimizer does -+ * the switch table by doing a=top&3; a--; goto jump_table[a]; -+ * which fails for top== 0 -+ */ - switch (b->top & 3) { - case 3: - A[2] = B[2]; -@@ -300,18 +352,69 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) - case 1: - A[0] = B[0]; - case 0: -- /* Without the "case 0" some old optimizers got this wrong. */ - ; - } - } - #else -- memset(A, 0, sizeof(*A) * words); -+ memset(A, 0, sizeof(BN_ULONG) * words); - memcpy(A, b->d, sizeof(b->d[0]) * b->top); - #endif - - return (a); - } - -+/* -+ * This is an internal function that can be used instead of bn_expand2() when -+ * there is a need to copy BIGNUMs instead of only expanding the data part, -+ * while still expanding them. Especially useful when needing to expand -+ * BIGNUMs that are declared 'const' and should therefore not be changed. The -+ * reason to use this instead of a BN_dup() followed by a bn_expand2() is -+ * memory allocation overhead. A BN_dup() followed by a bn_expand2() will -+ * allocate new memory for the BIGNUM data twice, and free it once, while -+ * bn_dup_expand() makes sure allocation is made only once. -+ */ -+ -+#ifndef OPENSSL_NO_DEPRECATED -+BIGNUM *bn_dup_expand(const BIGNUM *b, int words) -+{ -+ BIGNUM *r = NULL; -+ -+ bn_check_top(b); -+ -+ /* -+ * This function does not work if words <= b->dmax && top < words because -+ * BN_dup() does not preserve 'dmax'! (But bn_dup_expand() is not used -+ * anywhere yet.) -+ */ -+ -+ if (words > b->dmax) { -+ BN_ULONG *a = bn_expand_internal(b, words); -+ -+ if (a) { -+ r = BN_new(); -+ if (r) { -+ r->top = b->top; -+ r->dmax = words; -+ r->neg = b->neg; -+ r->d = a; -+ } else { -+ /* r == NULL, BN_new failure */ -+ OPENSSL_free(a); -+ } -+ } -+ /* -+ * If a == NULL, there was an error in allocation in -+ * bn_expand_internal(), and NULL should be returned -+ */ -+ } else { -+ r = BN_dup(b); -+ } -+ -+ bn_check_top(r); -+ return r; -+} -+#endif -+ - /* - * This is an internal function that should not be used in applications. It - * ensures that 'b' has enough room for a 'words' word number and initialises -@@ -328,14 +431,35 @@ BIGNUM *bn_expand2(BIGNUM *b, int words) - BN_ULONG *a = bn_expand_internal(b, words); - if (!a) - return NULL; -- if (b->d) { -- OPENSSL_cleanse(b->d, b->dmax * sizeof(b->d[0])); -- bn_free_d(b); -- } -+ if (b->d) -+ OPENSSL_free(b->d); - b->d = a; - b->dmax = words; - } - -+/* None of this should be necessary because of what b->top means! */ -+#if 0 -+ /* -+ * NB: bn_wexpand() calls this only if the BIGNUM really has to grow -+ */ -+ if (b->top < b->dmax) { -+ int i; -+ BN_ULONG *A = &(b->d[b->top]); -+ for (i = (b->dmax - b->top) >> 3; i > 0; i--, A += 8) { -+ A[0] = 0; -+ A[1] = 0; -+ A[2] = 0; -+ A[3] = 0; -+ A[4] = 0; -+ A[5] = 0; -+ A[6] = 0; -+ A[7] = 0; -+ } -+ for (i = (b->dmax - b->top) & 7; i > 0; i--, A++) -+ A[0] = 0; -+ assert(A == &(b->d[b->dmax])); -+ } -+#endif - bn_check_top(b); - return b; - } -@@ -348,7 +472,7 @@ BIGNUM *BN_dup(const BIGNUM *a) - return NULL; - bn_check_top(a); - -- t = BN_get_flags(a, BN_FLG_SECURE) ? BN_secure_new() : BN_new(); -+ t = BN_new(); - if (t == NULL) - return NULL; - if (!BN_copy(t, a)) { -@@ -445,7 +569,7 @@ void BN_clear(BIGNUM *a) - { - bn_check_top(a); - if (a->d != NULL) -- OPENSSL_cleanse(a->d, sizeof(*a->d) * a->dmax); -+ OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0])); - a->top = 0; - a->neg = 0; - } -@@ -484,9 +608,7 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) - if (ret == NULL) - return (NULL); - bn_check_top(ret); -- /* Skip leading zero's. */ -- for ( ; len > 0 && *s == 0; s++, len--) -- continue; -+ l = 0; - n = len; - if (n == 0) { - ret->top = 0; -@@ -495,12 +617,12 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) - i = ((n - 1) / BN_BYTES) + 1; - m = ((n - 1) % (BN_BYTES)); - if (bn_wexpand(ret, (int)i) == NULL) { -- BN_free(bn); -+ if (bn) -+ BN_free(bn); - return NULL; - } - ret->top = i; - ret->neg = 0; -- l = 0; - while (n--) { - l = (l << 8L) | *(s++); - if (m-- == 0) { -@@ -518,106 +640,18 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) - } - - /* ignore negative */ --static int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen) --{ -- int i; -- BN_ULONG l; -- -- bn_check_top(a); -- i = BN_num_bytes(a); -- if (tolen == -1) -- tolen = i; -- else if (tolen < i) -- return -1; -- /* Add leading zeroes if necessary */ -- if (tolen > i) { -- memset(to, 0, tolen - i); -- to += tolen - i; -- } -- while (i--) { -- l = a->d[i / BN_BYTES]; -- *(to++) = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff; -- } -- return tolen; --} -- --int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen) --{ -- if (tolen < 0) -- return -1; -- return bn2binpad(a, to, tolen); --} -- - int BN_bn2bin(const BIGNUM *a, unsigned char *to) - { -- return bn2binpad(a, to, -1); --} -- --BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret) --{ -- unsigned int i, m; -- unsigned int n; -+ int n, i; - BN_ULONG l; -- BIGNUM *bn = NULL; -- -- if (ret == NULL) -- ret = bn = BN_new(); -- if (ret == NULL) -- return (NULL); -- bn_check_top(ret); -- s += len; -- /* Skip trailing zeroes. */ -- for ( ; len > 0 && s[-1] == 0; s--, len--) -- continue; -- n = len; -- if (n == 0) { -- ret->top = 0; -- return ret; -- } -- i = ((n - 1) / BN_BYTES) + 1; -- m = ((n - 1) % (BN_BYTES)); -- if (bn_wexpand(ret, (int)i) == NULL) { -- BN_free(bn); -- return NULL; -- } -- ret->top = i; -- ret->neg = 0; -- l = 0; -- while (n--) { -- s--; -- l = (l << 8L) | *s; -- if (m-- == 0) { -- ret->d[--i] = l; -- l = 0; -- m = BN_BYTES - 1; -- } -- } -- /* -- * need to call this due to clear byte at top if avoiding having the top -- * bit set (-ve number) -- */ -- bn_correct_top(ret); -- return ret; --} - --int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen) --{ -- int i; -- BN_ULONG l; - bn_check_top(a); -- i = BN_num_bytes(a); -- if (tolen < i) -- return -1; -- /* Add trailing zeroes if necessary */ -- if (tolen > i) -- memset(to + i, 0, tolen - i); -- to += i; -+ n = i = BN_num_bytes(a); - while (i--) { - l = a->d[i / BN_BYTES]; -- to--; -- *to = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff; -+ *(to++) = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff; - } -- return tolen; -+ return (n); - } - - int BN_ucmp(const BIGNUM *a, const BIGNUM *b) -@@ -793,9 +827,9 @@ int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n) - - /* - * Here follows a specialised variants of bn_cmp_words(). It has the -- * capability of performing the operation on arrays of different sizes. The -+ * property of performing the operation on arrays of different sizes. The - * sizes of those arrays is expressed through cl, which is the common length -- * ( basically, min(len(a),len(b)) ), and dl, which is the delta between the -+ * ( basicall, min(len(a),len(b)) ), and dl, which is the delta between the - * two lengths, calculated as len(a)-len(b). All lengths are the number of - * BN_ULONGs... - */ -@@ -880,158 +914,3 @@ void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) - } - #undef BN_CONSTTIME_SWAP - } -- --/* Bits of security, see SP800-57 */ -- --int BN_security_bits(int L, int N) --{ -- int secbits, bits; -- if (L >= 15360) -- secbits = 256; -- else if (L >= 7690) -- secbits = 192; -- else if (L >= 3072) -- secbits = 128; -- else if (L >= 2048) -- secbits = 112; -- else if (L >= 1024) -- secbits = 80; -- else -- return 0; -- if (N == -1) -- return secbits; -- bits = N / 2; -- if (bits < 80) -- return 0; -- return bits >= secbits ? secbits : bits; --} -- --void BN_zero_ex(BIGNUM *a) --{ -- a->top = 0; -- a->neg = 0; --} -- --int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w) --{ -- return ((a->top == 1) && (a->d[0] == w)) || ((w == 0) && (a->top == 0)); --} -- --int BN_is_zero(const BIGNUM *a) --{ -- return a->top == 0; --} -- --int BN_is_one(const BIGNUM *a) --{ -- return BN_abs_is_word(a, 1) && !a->neg; --} -- --int BN_is_word(const BIGNUM *a, const BN_ULONG w) --{ -- return BN_abs_is_word(a, w) && (!w || !a->neg); --} -- --int BN_is_odd(const BIGNUM *a) --{ -- return (a->top > 0) && (a->d[0] & 1); --} -- --int BN_is_negative(const BIGNUM *a) --{ -- return (a->neg != 0); --} -- --int BN_to_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, -- BN_CTX *ctx) --{ -- return BN_mod_mul_montgomery(r, a, &(mont->RR), mont, ctx); --} -- --void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int flags) --{ -- dest->d = b->d; -- dest->top = b->top; -- dest->dmax = b->dmax; -- dest->neg = b->neg; -- dest->flags = ((dest->flags & BN_FLG_MALLOCED) -- | (b->flags & ~BN_FLG_MALLOCED) -- | BN_FLG_STATIC_DATA | flags); --} -- --BN_GENCB *BN_GENCB_new(void) --{ -- BN_GENCB *ret; -- -- if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) { -- BNerr(BN_F_BN_GENCB_NEW, ERR_R_MALLOC_FAILURE); -- return (NULL); -- } -- -- return ret; --} -- --void BN_GENCB_free(BN_GENCB *cb) --{ -- if (cb == NULL) -- return; -- OPENSSL_free(cb); --} -- --void BN_set_flags(BIGNUM *b, int n) --{ -- b->flags |= n; --} -- --int BN_get_flags(const BIGNUM *b, int n) --{ -- return b->flags & n; --} -- --/* Populate a BN_GENCB structure with an "old"-style callback */ --void BN_GENCB_set_old(BN_GENCB *gencb, void (*callback) (int, int, void *), -- void *cb_arg) --{ -- BN_GENCB *tmp_gencb = gencb; -- tmp_gencb->ver = 1; -- tmp_gencb->arg = cb_arg; -- tmp_gencb->cb.cb_1 = callback; --} -- --/* Populate a BN_GENCB structure with a "new"-style callback */ --void BN_GENCB_set(BN_GENCB *gencb, int (*callback) (int, int, BN_GENCB *), -- void *cb_arg) --{ -- BN_GENCB *tmp_gencb = gencb; -- tmp_gencb->ver = 2; -- tmp_gencb->arg = cb_arg; -- tmp_gencb->cb.cb_2 = callback; --} -- --void *BN_GENCB_get_arg(BN_GENCB *cb) --{ -- return cb->arg; --} -- --BIGNUM *bn_wexpand(BIGNUM *a, int words) --{ -- return (words <= a->dmax) ? a : bn_expand2(a, words); --} -- --void bn_correct_top(BIGNUM *a) --{ -- BN_ULONG *ftl; -- int tmp_top = a->top; -- -- if (tmp_top > 0) { -- for (ftl = &(a->d[tmp_top]); tmp_top > 0; tmp_top--) { -- ftl--; -- if (*ftl != 0) -- break; -- } -- a->top = tmp_top; -- } -- if (a->top == 0) -- a->neg = 0; -- bn_pollute(a); --} -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mod.c b/Cryptlib/OpenSSL/crypto/bn/bn_mod.c -index 13b583f..ffbce89 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_mod.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_mod.c -@@ -1,15 +1,129 @@ -+/* crypto/bn/bn_mod.c */ - /* -- * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Includes code written by Lenka Fibikova -+ * for the OpenSSL project. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include "bn_lcl.h" - -+#if 0 /* now just a #define */ -+int BN_mod(BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx) -+{ -+ return (BN_div(NULL, rem, m, d, ctx)); -+ /* note that rem->neg == m->neg (unless the remainder is zero) */ -+} -+#endif -+ - int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx) - { - /* -@@ -148,7 +262,8 @@ int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, - ret = BN_mod_lshift_quick(r, r, n, (abs_m ? abs_m : m)); - bn_check_top(r); - -- BN_free(abs_m); -+ if (abs_m) -+ BN_free(abs_m); - return ret; - } - -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mont.c b/Cryptlib/OpenSSL/crypto/bn/bn_mont.c -index 6d37279..be95bd5 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_mont.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_mont.c -@@ -1,10 +1,112 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/bn/bn_mont.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+/* ==================================================================== -+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - /* -@@ -14,7 +116,8 @@ - * sections 3.8 and 4.2 in http://security.ece.orst.edu/koc/papers/r01rsasw.pdf - */ - --#include "internal/cryptlib.h" -+#include -+#include "cryptlib.h" - #include "bn_lcl.h" - - #define MONT_WORD /* use the faster word-based algorithm */ -@@ -94,15 +197,36 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) - rp = r->d; - - /* clear the top words of T */ -- i = max - r->top; -- if (i) -- memset(&rp[r->top], 0, sizeof(*rp) * i); -+# if 1 -+ for (i = r->top; i < max; i++) /* memset? XXX */ -+ rp[i] = 0; -+# else -+ memset(&(rp[r->top]), 0, (max - r->top) * sizeof(BN_ULONG)); -+# endif - - r->top = max; - n0 = mont->n0[0]; - -+# ifdef BN_COUNT -+ fprintf(stderr, "word BN_from_montgomery_word %d * %d\n", nl, nl); -+# endif - for (carry = 0, i = 0; i < nl; i++, rp++) { -+# ifdef __TANDEM -+ { -+ long long t1; -+ long long t2; -+ long long t3; -+ t1 = rp[0] * (n0 & 0177777); -+ t2 = 037777600000l; -+ t2 = n0 & t2; -+ t3 = rp[0] & 0177777; -+ t2 = (t3 * t2) & BN_MASK2; -+ t1 = t1 + t2; -+ v = bn_mul_add_words(rp, np, nl, (BN_ULONG)t1); -+ } -+# else - v = bn_mul_add_words(rp, np, nl, (rp[0] * n0) & BN_MASK2); -+# endif - v = (v + carry + rp[nl]) & BN_MASK2; - carry |= (v != rp[nl]); - carry &= (v <= rp[nl]); -@@ -214,7 +338,7 @@ BN_MONT_CTX *BN_MONT_CTX_new(void) - { - BN_MONT_CTX *ret; - -- if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) -+ if ((ret = (BN_MONT_CTX *)OPENSSL_malloc(sizeof(BN_MONT_CTX))) == NULL) - return (NULL); - - BN_MONT_CTX_init(ret); -@@ -225,9 +349,9 @@ BN_MONT_CTX *BN_MONT_CTX_new(void) - void BN_MONT_CTX_init(BN_MONT_CTX *ctx) - { - ctx->ri = 0; -- bn_init(&(ctx->RR)); -- bn_init(&(ctx->N)); -- bn_init(&(ctx->Ni)); -+ BN_init(&(ctx->RR)); -+ BN_init(&(ctx->N)); -+ BN_init(&(ctx->Ni)); - ctx->n0[0] = ctx->n0[1] = 0; - ctx->flags = 0; - } -@@ -265,7 +389,7 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) - BIGNUM tmod; - BN_ULONG buf[2]; - -- bn_init(&tmod); -+ BN_init(&tmod); - tmod.d = buf; - tmod.dmax = 2; - tmod.neg = 0; -@@ -395,14 +519,14 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from) - return (to); - } - --BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_RWLOCK *lock, -+BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, - const BIGNUM *mod, BN_CTX *ctx) - { - BN_MONT_CTX *ret; - -- CRYPTO_THREAD_read_lock(lock); -+ CRYPTO_r_lock(lock); - ret = *pmont; -- CRYPTO_THREAD_unlock(lock); -+ CRYPTO_r_unlock(lock); - if (ret) - return ret; - -@@ -415,7 +539,7 @@ BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_RWLOCK *lock, - * (the losers throw away the work they've done). - */ - ret = BN_MONT_CTX_new(); -- if (ret == NULL) -+ if (!ret) - return NULL; - if (!BN_MONT_CTX_set(ret, mod, ctx)) { - BN_MONT_CTX_free(ret); -@@ -423,12 +547,12 @@ BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_RWLOCK *lock, - } - - /* The locked compare-and-set, after the local work is done. */ -- CRYPTO_THREAD_write_lock(lock); -+ CRYPTO_w_lock(lock); - if (*pmont) { - BN_MONT_CTX_free(ret); - ret = *pmont; - } else - *pmont = ret; -- CRYPTO_THREAD_unlock(lock); -+ CRYPTO_w_unlock(lock); - return ret; - } -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mpi.c b/Cryptlib/OpenSSL/crypto/bn/bn_mpi.c -index 043e21d..3bd40bb 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_mpi.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_mpi.c -@@ -1,14 +1,63 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/bn/bn_mpi.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include "bn_lcl.h" - - int BN_bn2mpi(const BIGNUM *a, unsigned char *d) -@@ -39,48 +88,41 @@ int BN_bn2mpi(const BIGNUM *a, unsigned char *d) - return (num + 4 + ext); - } - --BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *ain) -+BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a) - { - long len; - int neg = 0; -- BIGNUM *a = NULL; - - if (n < 4) { - BNerr(BN_F_BN_MPI2BN, BN_R_INVALID_LENGTH); -- return NULL; -+ return (NULL); - } - len = ((long)d[0] << 24) | ((long)d[1] << 16) | ((int)d[2] << 8) | (int) - d[3]; - if ((len + 4) != n) { - BNerr(BN_F_BN_MPI2BN, BN_R_ENCODING_ERROR); -- return NULL; -+ return (NULL); - } - -- if (ain == NULL) -+ if (a == NULL) - a = BN_new(); -- else -- a = ain; -- - if (a == NULL) -- return NULL; -+ return (NULL); - - if (len == 0) { - a->neg = 0; - a->top = 0; -- return a; -+ return (a); - } - d += 4; - if ((*d) & 0x80) - neg = 1; -- if (BN_bin2bn(d, (int)len, a) == NULL) { -- if (ain == NULL) -- BN_free(a); -- return NULL; -- } -+ if (BN_bin2bn(d, (int)len, a) == NULL) -+ return (NULL); - a->neg = neg; - if (neg) { - BN_clear_bit(a, BN_num_bits(a) - 1); - } - bn_check_top(a); -- return a; -+ return (a); - } -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mul.c b/Cryptlib/OpenSSL/crypto/bn/bn_mul.c -index 4a0a950..3c618dc 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_mul.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_mul.c -@@ -1,14 +1,69 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/bn/bn_mul.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - -+#ifndef BN_DEBUG -+# undef NDEBUG /* avoid conflicting definitions */ -+# define NDEBUG -+#endif -+ -+#include - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include "bn_lcl.h" - - #if defined(OPENSSL_NO_ASM) || !defined(OPENSSL_BN_ASM_PART_WORDS) -@@ -16,7 +71,7 @@ - * Here follows specialised variants of bn_add_words() and bn_sub_words(). - * They have the property performing operations on arrays of different sizes. - * The sizes of those arrays is expressed through cl, which is the common -- * length ( basically, min(len(a),len(b)) ), and dl, which is the delta -+ * length ( basicall, min(len(a),len(b)) ), and dl, which is the delta - * between the two lengths, calculated as len(a)-len(b). All lengths are the - * number of BN_ULONGs... For the operations that require a result array as - * parameter, it must have the length cl+abs(dl). These functions should -@@ -41,6 +96,10 @@ BN_ULONG bn_sub_part_words(BN_ULONG *r, - b += cl; - - if (dl < 0) { -+# ifdef BN_COUNT -+ fprintf(stderr, " bn_sub_part_words %d + %d (dl < 0, c = %d)\n", cl, -+ dl, c); -+# endif - for (;;) { - t = b[0]; - r[0] = (0 - t - c) & BN_MASK2; -@@ -75,6 +134,10 @@ BN_ULONG bn_sub_part_words(BN_ULONG *r, - } - } else { - int save_dl = dl; -+# ifdef BN_COUNT -+ fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, c = %d)\n", cl, -+ dl, c); -+# endif - while (c) { - t = a[0]; - r[0] = (t - c) & BN_MASK2; -@@ -109,6 +172,10 @@ BN_ULONG bn_sub_part_words(BN_ULONG *r, - r += 4; - } - if (dl > 0) { -+# ifdef BN_COUNT -+ fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, c == 0)\n", -+ cl, dl); -+# endif - if (save_dl > dl) { - switch (save_dl - dl) { - case 1: -@@ -129,6 +196,10 @@ BN_ULONG bn_sub_part_words(BN_ULONG *r, - } - } - if (dl > 0) { -+# ifdef BN_COUNT -+ fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, copy)\n", -+ cl, dl); -+# endif - for (;;) { - r[0] = a[0]; - if (--dl <= 0) -@@ -170,6 +241,10 @@ BN_ULONG bn_add_part_words(BN_ULONG *r, - - if (dl < 0) { - int save_dl = dl; -+#ifdef BN_COUNT -+ fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, c = %d)\n", cl, -+ dl, c); -+#endif - while (c) { - l = (c + b[0]) & BN_MASK2; - c = (l < c); -@@ -200,6 +275,10 @@ BN_ULONG bn_add_part_words(BN_ULONG *r, - r += 4; - } - if (dl < 0) { -+#ifdef BN_COUNT -+ fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, c == 0)\n", -+ cl, dl); -+#endif - if (save_dl < dl) { - switch (dl - save_dl) { - case 1: -@@ -220,6 +299,10 @@ BN_ULONG bn_add_part_words(BN_ULONG *r, - } - } - if (dl < 0) { -+#ifdef BN_COUNT -+ fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, copy)\n", -+ cl, dl); -+#endif - for (;;) { - r[0] = b[0]; - if (++dl >= 0) -@@ -240,6 +323,9 @@ BN_ULONG bn_add_part_words(BN_ULONG *r, - } - } else { - int save_dl = dl; -+#ifdef BN_COUNT -+ fprintf(stderr, " bn_add_part_words %d + %d (dl > 0)\n", cl, dl); -+#endif - while (c) { - t = (a[0] + c) & BN_MASK2; - c = (t < c); -@@ -269,6 +355,10 @@ BN_ULONG bn_add_part_words(BN_ULONG *r, - a += 4; - r += 4; - } -+#ifdef BN_COUNT -+ fprintf(stderr, " bn_add_part_words %d + %d (dl > 0, c == 0)\n", cl, -+ dl); -+#endif - if (dl > 0) { - if (save_dl > dl) { - switch (save_dl - dl) { -@@ -290,6 +380,10 @@ BN_ULONG bn_add_part_words(BN_ULONG *r, - } - } - if (dl > 0) { -+#ifdef BN_COUNT -+ fprintf(stderr, " bn_add_part_words %d + %d (dl > 0, copy)\n", -+ cl, dl); -+#endif - for (;;) { - r[0] = a[0]; - if (--dl <= 0) -@@ -338,6 +432,9 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, - unsigned int neg, zero; - BN_ULONG ln, lo, *p; - -+# ifdef BN_COUNT -+ fprintf(stderr, " bn_mul_recursive %d%+d * %d%+d\n", n2, dna, n2, dnb); -+# endif - # ifdef BN_MUL_COMBA - # if 0 - if (n2 == 4) { -@@ -404,7 +501,7 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, - if (!zero) - bn_mul_comba4(&(t[n2]), t, &(t[n])); - else -- memset(&t[n2], 0, sizeof(*t) * 8); -+ memset(&(t[n2]), 0, 8 * sizeof(BN_ULONG)); - - bn_mul_comba4(r, a, b); - bn_mul_comba4(&(r[n2]), &(a[n]), &(b[n])); -@@ -414,7 +511,7 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, - if (!zero) - bn_mul_comba8(&(t[n2]), t, &(t[n])); - else -- memset(&t[n2], 0, sizeof(*t) * 16); -+ memset(&(t[n2]), 0, 16 * sizeof(BN_ULONG)); - - bn_mul_comba8(r, a, b); - bn_mul_comba8(&(r[n2]), &(a[n]), &(b[n])); -@@ -425,7 +522,7 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, - if (!zero) - bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p); - else -- memset(&t[n2], 0, sizeof(*t) * n2); -+ memset(&(t[n2]), 0, n2 * sizeof(BN_ULONG)); - bn_mul_recursive(r, a, b, n, 0, 0, p); - bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]), n, dna, dnb, p); - } -@@ -484,6 +581,10 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, - int c1, c2, neg; - BN_ULONG ln, lo, *p; - -+# ifdef BN_COUNT -+ fprintf(stderr, " bn_mul_part_recursive (%d%+d) * (%d%+d)\n", -+ n, tna, n, tnb); -+# endif - if (n < 8) { - bn_mul_normal(r, a, n + tna, b, n + tnb); - return; -@@ -530,14 +631,14 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, - bn_mul_comba4(&(t[n2]), t, &(t[n])); - bn_mul_comba4(r, a, b); - bn_mul_normal(&(r[n2]), &(a[n]), tn, &(b[n]), tn); -- memset(&r[n2 + tn * 2], 0, sizeof(*r) * (n2 - tn * 2)); -+ memset(&(r[n2 + tn * 2]), 0, sizeof(BN_ULONG) * (n2 - tn * 2)); - } else - # endif - if (n == 8) { - bn_mul_comba8(&(t[n2]), t, &(t[n])); - bn_mul_comba8(r, a, b); - bn_mul_normal(&(r[n2]), &(a[n]), tna, &(b[n]), tnb); -- memset(&r[n2 + tna + tnb], 0, sizeof(*r) * (n2 - tna - tnb)); -+ memset(&(r[n2 + tna + tnb]), 0, sizeof(BN_ULONG) * (n2 - tna - tnb)); - } else { - p = &(t[n2 * 2]); - bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p); -@@ -553,7 +654,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, - if (j == 0) { - bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]), - i, tna - i, tnb - i, p); -- memset(&r[n2 + i * 2], 0, sizeof(*r) * (n2 - i * 2)); -+ memset(&(r[n2 + i * 2]), 0, sizeof(BN_ULONG) * (n2 - i * 2)); - } else if (j > 0) { /* eg, n == 16, i == 8 and tn == 11 */ - bn_mul_part_recursive(&(r[n2]), &(a[n]), &(b[n]), - i, tna - i, tnb - i, p); -@@ -561,7 +662,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, - sizeof(BN_ULONG) * (n2 - tna - tnb)); - } else { /* (j < 0) eg, n == 16, i == 8 and tn == 5 */ - -- memset(&r[n2], 0, sizeof(*r) * n2); -+ memset(&(r[n2]), 0, sizeof(BN_ULONG) * n2); - if (tna < BN_MUL_RECURSIVE_SIZE_NORMAL - && tnb < BN_MUL_RECURSIVE_SIZE_NORMAL) { - bn_mul_normal(&(r[n2]), &(a[n]), tna, &(b[n]), tnb); -@@ -640,6 +741,10 @@ void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, - { - int n = n2 / 2; - -+# ifdef BN_COUNT -+ fprintf(stderr, " bn_mul_low_recursive %d * %d\n", n2, n2); -+# endif -+ - bn_mul_recursive(r, a, b, n, 0, 0, &(t[0])); - if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL) { - bn_mul_low_recursive(&(t[0]), &(a[0]), &(b[n]), n, &(t[n2])); -@@ -668,6 +773,9 @@ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2, - int neg, oneg, zero; - BN_ULONG ll, lc, *lp, *mp; - -+# ifdef BN_COUNT -+ fprintf(stderr, " bn_mul_high %d * %d\n", n2, n2); -+# endif - n = n2 / 2; - - /* Calculate (al-ah)*(bh-bl) */ -@@ -729,8 +837,9 @@ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2, - */ - if (l != NULL) { - lp = &(t[n2 + n]); -- bn_add_words(lp, &(r[0]), &(l[0]), n); -+ c1 = (int)(bn_add_words(lp, &(r[0]), &(l[0]), n)); - } else { -+ c1 = 0; - lp = &(r[0]); - } - -@@ -838,6 +947,10 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) - int j = 0, k; - #endif - -+#ifdef BN_COUNT -+ fprintf(stderr, "BN_mul %d * %d\n", a->top, b->top); -+#endif -+ - bn_check_top(a); - bn_check_top(b); - bn_check_top(r); -@@ -857,6 +970,7 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) - goto err; - } else - rr = r; -+ rr->neg = a->neg ^ b->neg; - - #if defined(BN_MUL_COMBA) || defined(BN_RECURSION) - i = al - bl; -@@ -968,7 +1082,6 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) - #if defined(BN_MUL_COMBA) || defined(BN_RECURSION) - end: - #endif -- rr->neg = a->neg ^ b->neg; - bn_correct_top(rr); - if (r != rr && BN_copy(r, rr) == NULL) - goto err; -@@ -984,6 +1097,10 @@ void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb) - { - BN_ULONG *rr; - -+#ifdef BN_COUNT -+ fprintf(stderr, " bn_mul_normal %d * %d\n", na, nb); -+#endif -+ - if (na < nb) { - int itmp; - BN_ULONG *ltmp; -@@ -1024,6 +1141,9 @@ void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb) - - void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) - { -+#ifdef BN_COUNT -+ fprintf(stderr, " bn_mul_low_normal %d * %d\n", n, n); -+#endif - bn_mul_words(r, a, n, b[0]); - - for (;;) { -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_nist.c b/Cryptlib/OpenSSL/crypto/bn/bn_nist.c -index 53598f9..4a45404 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_nist.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_nist.c -@@ -1,14 +1,63 @@ -+/* crypto/bn/bn_nist.c */ - /* -- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Nils Larsch for the OpenSSL project -+ */ -+/* ==================================================================== -+ * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include "bn_lcl.h" --#include "internal/cryptlib.h" -+#include "cryptlib.h" - - #define BN_NIST_192_TOP (192+BN_BITS2-1)/BN_BITS2 - #define BN_NIST_224_TOP (224+BN_BITS2-1)/BN_BITS2 -@@ -330,8 +379,8 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, - PTR_SIZE_INT mask; - static const BIGNUM _bignum_nist_p_192_sqr = { - (BN_ULONG *)_nist_p_192_sqr, -- OSSL_NELEM(_nist_p_192_sqr), -- OSSL_NELEM(_nist_p_192_sqr), -+ sizeof(_nist_p_192_sqr) / sizeof(_nist_p_192_sqr[0]), -+ sizeof(_nist_p_192_sqr) / sizeof(_nist_p_192_sqr[0]), - 0, BN_FLG_STATIC_DATA - }; - -@@ -475,8 +524,8 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, - } u; - static const BIGNUM _bignum_nist_p_224_sqr = { - (BN_ULONG *)_nist_p_224_sqr, -- OSSL_NELEM(_nist_p_224_sqr), -- OSSL_NELEM(_nist_p_224_sqr), -+ sizeof(_nist_p_224_sqr) / sizeof(_nist_p_224_sqr[0]), -+ sizeof(_nist_p_224_sqr) / sizeof(_nist_p_224_sqr[0]), - 0, BN_FLG_STATIC_DATA - }; - -@@ -596,7 +645,7 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, - #endif - } else if (carry < 0) { - /* -- * it's a bit more complicated logic in this case. if bn_add_words -+ * it's a bit more comlicated logic in this case. if bn_add_words - * yields no carry, then result has to be adjusted by unconditionally - * *adding* the modulus. but if it does, then result has to be - * compared to the modulus and conditionally adjusted by -@@ -656,8 +705,8 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, - } u; - static const BIGNUM _bignum_nist_p_256_sqr = { - (BN_ULONG *)_nist_p_256_sqr, -- OSSL_NELEM(_nist_p_256_sqr), -- OSSL_NELEM(_nist_p_256_sqr), -+ sizeof(_nist_p_256_sqr) / sizeof(_nist_p_256_sqr[0]), -+ sizeof(_nist_p_256_sqr) / sizeof(_nist_p_256_sqr[0]), - 0, BN_FLG_STATIC_DATA - }; - -@@ -902,8 +951,8 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, - } u; - static const BIGNUM _bignum_nist_p_384_sqr = { - (BN_ULONG *)_nist_p_384_sqr, -- OSSL_NELEM(_nist_p_384_sqr), -- OSSL_NELEM(_nist_p_384_sqr), -+ sizeof(_nist_p_384_sqr) / sizeof(_nist_p_384_sqr[0]), -+ sizeof(_nist_p_384_sqr) / sizeof(_nist_p_384_sqr[0]), - 0, BN_FLG_STATIC_DATA - }; - -@@ -1160,8 +1209,8 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, - PTR_SIZE_INT mask; - static const BIGNUM _bignum_nist_p_521_sqr = { - (BN_ULONG *)_nist_p_521_sqr, -- OSSL_NELEM(_nist_p_521_sqr), -- OSSL_NELEM(_nist_p_521_sqr), -+ sizeof(_nist_p_521_sqr) / sizeof(_nist_p_521_sqr[0]), -+ sizeof(_nist_p_521_sqr) / sizeof(_nist_p_521_sqr[0]), - 0, BN_FLG_STATIC_DATA - }; - -@@ -1190,20 +1239,9 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, - top - (BN_NIST_521_TOP - 1), BN_NIST_521_TOP); - /* ... and right shift */ - for (val = t_d[0], i = 0; i < BN_NIST_521_TOP - 1; i++) { --#if 0 -- /* -- * MSC ARM compiler [version 2013, presumably even earlier, -- * much earlier] miscompiles this code, but not one in -- * #else section. See RT#3541. -- */ -- tmp = val >> BN_NIST_521_RSHIFT; -- val = t_d[i + 1]; -- t_d[i] = (tmp | val << BN_NIST_521_LSHIFT) & BN_MASK2; --#else - t_d[i] = (val >> BN_NIST_521_RSHIFT | - (tmp = t_d[i + 1]) << BN_NIST_521_LSHIFT) & BN_MASK2; - val = tmp; --#endif - } - t_d[i] = val >> BN_NIST_521_RSHIFT; - /* lower 521 bits */ -@@ -1222,18 +1260,3 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, - - return 1; - } -- --int (*BN_nist_mod_func(const BIGNUM *p)) (BIGNUM *r, const BIGNUM *a, -- const BIGNUM *field, BN_CTX *ctx) { -- if (BN_ucmp(&_bignum_nist_p_192, p) == 0) -- return BN_nist_mod_192; -- if (BN_ucmp(&_bignum_nist_p_224, p) == 0) -- return BN_nist_mod_224; -- if (BN_ucmp(&_bignum_nist_p_256, p) == 0) -- return BN_nist_mod_256; -- if (BN_ucmp(&_bignum_nist_p_384, p) == 0) -- return BN_nist_mod_384; -- if (BN_ucmp(&_bignum_nist_p_521, p) == 0) -- return BN_nist_mod_521; -- return 0; --} -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_prime.c b/Cryptlib/OpenSSL/crypto/bn/bn_prime.c -index 7103acf..4dab3bb 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_prime.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_prime.c -@@ -1,18 +1,125 @@ --/* -- * WARNING: do not edit! -- * Generated by crypto/bn/bn_prime.pl -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/bn/bn_prime.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+/* ==================================================================== -+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include "bn_lcl.h" -+#include -+ -+/* -+ * NB: these functions have been "upgraded", the deprecated versions (which -+ * are compatibility wrappers using these functions) are in bn_depr.c. - -+ * Geoff -+ */ - - /* - * The quick sieve algorithm approach to weeding out primes is Philip -@@ -25,56 +132,11 @@ static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, - const BIGNUM *a1_odd, int k, BN_CTX *ctx, - BN_MONT_CTX *mont); - static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods); --static int probable_prime_dh_safe(BIGNUM *rnd, int bits, -- const BIGNUM *add, const BIGNUM *rem, -- BN_CTX *ctx); -- --static const int prime_offsets[480] = { -- 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, -- 89, 97, 101, 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, 157, 163, -- 167, 169, 173, 179, 181, 191, 193, 197, 199, 211, 221, 223, 227, 229, -- 233, 239, 241, 247, 251, 257, 263, 269, 271, 277, 281, 283, 289, 293, -- 299, 307, 311, 313, 317, 323, 331, 337, 347, 349, 353, 359, 361, 367, -- 373, 377, 379, 383, 389, 391, 397, 401, 403, 409, 419, 421, 431, 433, -- 437, 439, 443, 449, 457, 461, 463, 467, 479, 481, 487, 491, 493, 499, -- 503, 509, 521, 523, 527, 529, 533, 541, 547, 551, 557, 559, 563, 569, -- 571, 577, 587, 589, 593, 599, 601, 607, 611, 613, 617, 619, 629, 631, -- 641, 643, 647, 653, 659, 661, 667, 673, 677, 683, 689, 691, 697, 701, -- 703, 709, 713, 719, 727, 731, 733, 739, 743, 751, 757, 761, 767, 769, -- 773, 779, 787, 793, 797, 799, 809, 811, 817, 821, 823, 827, 829, 839, -- 841, 851, 853, 857, 859, 863, 871, 877, 881, 883, 887, 893, 899, 901, -- 907, 911, 919, 923, 929, 937, 941, 943, 947, 949, 953, 961, 967, 971, -- 977, 983, 989, 991, 997, 1003, 1007, 1009, 1013, 1019, 1021, 1027, 1031, -- 1033, 1037, 1039, 1049, 1051, 1061, 1063, 1069, 1073, 1079, 1081, 1087, -- 1091, 1093, 1097, 1103, 1109, 1117, 1121, 1123, 1129, 1139, 1147, 1151, -- 1153, 1157, 1159, 1163, 1171, 1181, 1187, 1189, 1193, 1201, 1207, 1213, -- 1217, 1219, 1223, 1229, 1231, 1237, 1241, 1247, 1249, 1259, 1261, 1271, -- 1273, 1277, 1279, 1283, 1289, 1291, 1297, 1301, 1303, 1307, 1313, 1319, -- 1321, 1327, 1333, 1339, 1343, 1349, 1357, 1361, 1363, 1367, 1369, 1373, -- 1381, 1387, 1391, 1399, 1403, 1409, 1411, 1417, 1423, 1427, 1429, 1433, -- 1439, 1447, 1451, 1453, 1457, 1459, 1469, 1471, 1481, 1483, 1487, 1489, -- 1493, 1499, 1501, 1511, 1513, 1517, 1523, 1531, 1537, 1541, 1543, 1549, -- 1553, 1559, 1567, 1571, 1577, 1579, 1583, 1591, 1597, 1601, 1607, 1609, -- 1613, 1619, 1621, 1627, 1633, 1637, 1643, 1649, 1651, 1657, 1663, 1667, -- 1669, 1679, 1681, 1691, 1693, 1697, 1699, 1703, 1709, 1711, 1717, 1721, -- 1723, 1733, 1739, 1741, 1747, 1751, 1753, 1759, 1763, 1769, 1777, 1781, -- 1783, 1787, 1789, 1801, 1807, 1811, 1817, 1819, 1823, 1829, 1831, 1843, -- 1847, 1849, 1853, 1861, 1867, 1871, 1873, 1877, 1879, 1889, 1891, 1901, -- 1907, 1909, 1913, 1919, 1921, 1927, 1931, 1933, 1937, 1943, 1949, 1951, -- 1957, 1961, 1963, 1973, 1979, 1987, 1993, 1997, 1999, 2003, 2011, 2017, -- 2021, 2027, 2029, 2033, 2039, 2041, 2047, 2053, 2059, 2063, 2069, 2071, -- 2077, 2081, 2083, 2087, 2089, 2099, 2111, 2113, 2117, 2119, 2129, 2131, -- 2137, 2141, 2143, 2147, 2153, 2159, 2161, 2171, 2173, 2179, 2183, 2197, -- 2201, 2203, 2207, 2209, 2213, 2221, 2227, 2231, 2237, 2239, 2243, 2249, -- 2251, 2257, 2263, 2267, 2269, 2273, 2279, 2281, 2287, 2291, 2293, 2297, -- 2309, 2311 --}; -- --static const int prime_offset_count = 480; --static const int prime_multiplier = 2310; --static const int prime_multiplier_bits = 11; /* 2^|prime_multiplier_bits| <= -- * |prime_multiplier| */ --static const int first_prime_index = 5; -+static int probable_prime_dh(BIGNUM *rnd, int bits, -+ const BIGNUM *add, const BIGNUM *rem, -+ BN_CTX *ctx); -+static int probable_prime_dh_safe(BIGNUM *rnd, int bits, const BIGNUM *add, -+ const BIGNUM *rem, BN_CTX *ctx); - - int BN_GENCB_call(BN_GENCB *cb, int a, int b) - { -@@ -108,20 +170,9 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, - prime_t *mods = NULL; - int checks = BN_prime_checks_for_size(bits); - -- if (bits < 2) { -- /* There are no prime numbers this small. */ -- BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL); -- return 0; -- } else if (bits == 2 && safe) { -- /* The smallest safe prime (7) is three bits. */ -- BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL); -- return 0; -- } -- -- mods = OPENSSL_zalloc(sizeof(*mods) * NUMPRIMES); -+ mods = OPENSSL_malloc(sizeof(*mods) * NUMPRIMES); - if (mods == NULL) - goto err; -- - ctx = BN_CTX_new(); - if (ctx == NULL) - goto err; -@@ -139,11 +190,11 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, - if (!probable_prime_dh_safe(ret, bits, add, rem, ctx)) - goto err; - } else { -- if (!bn_probable_prime_dh(ret, bits, add, rem, ctx)) -+ if (!probable_prime_dh(ret, bits, add, rem, ctx)) - goto err; - } - } -- -+ /* if (BN_mod_word(ret,(BN_ULONG)3) == 1) goto loop; */ - if (!BN_GENCB_call(cb, 0, c1++)) - /* aborted */ - goto err; -@@ -184,9 +235,10 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, - found = 1; - err: - OPENSSL_free(mods); -- if (ctx != NULL) -+ if (ctx != NULL) { - BN_CTX_end(ctx); -- BN_CTX_free(ctx); -+ BN_CTX_free(ctx); -+ } - bn_check_top(ret); - return found; - } -@@ -218,13 +270,9 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, - /* a is even => a is prime if and only if a == 2 */ - return BN_is_word(a, 2); - if (do_trial_division) { -- for (i = 1; i < NUMPRIMES; i++) { -- BN_ULONG mod = BN_mod_word(a, primes[i]); -- if (mod == (BN_ULONG)-1) -- goto err; -- if (mod == 0) -+ for (i = 1; i < NUMPRIMES; i++) -+ if (BN_mod_word(a, primes[i]) == 0) - return 0; -- } - if (!BN_GENCB_call(cb, 1, -1)) - goto err; - } -@@ -300,88 +348,12 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, - if (ctx_passed == NULL) - BN_CTX_free(ctx); - } -- BN_MONT_CTX_free(mont); -+ if (mont != NULL) -+ BN_MONT_CTX_free(mont); - - return (ret); - } - --int bn_probable_prime_dh_retry(BIGNUM *rnd, int bits, BN_CTX *ctx) --{ -- int i; -- int ret = 0; -- -- loop: -- if (!BN_rand(rnd, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD)) -- goto err; -- -- /* we now have a random number 'rand' to test. */ -- -- for (i = 1; i < NUMPRIMES; i++) { -- /* check that rnd is a prime */ -- BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]); -- if (mod == (BN_ULONG)-1) -- goto err; -- if (mod <= 1) { -- goto loop; -- } -- } -- ret = 1; -- -- err: -- bn_check_top(rnd); -- return (ret); --} -- --int bn_probable_prime_dh_coprime(BIGNUM *rnd, int bits, BN_CTX *ctx) --{ -- int i; -- BIGNUM *offset_index; -- BIGNUM *offset_count; -- int ret = 0; -- -- OPENSSL_assert(bits > prime_multiplier_bits); -- -- BN_CTX_start(ctx); -- if ((offset_index = BN_CTX_get(ctx)) == NULL) -- goto err; -- if ((offset_count = BN_CTX_get(ctx)) == NULL) -- goto err; -- -- if (!BN_add_word(offset_count, prime_offset_count)) -- goto err; -- -- loop: -- if (!BN_rand(rnd, bits - prime_multiplier_bits, -- BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD)) -- goto err; -- if (BN_is_bit_set(rnd, bits)) -- goto loop; -- if (!BN_rand_range(offset_index, offset_count)) -- goto err; -- -- if (!BN_mul_word(rnd, prime_multiplier) -- || !BN_add_word(rnd, prime_offsets[BN_get_word(offset_index)])) -- goto err; -- -- /* we now have a random number 'rand' to test. */ -- -- /* skip coprimes */ -- for (i = first_prime_index; i < NUMPRIMES; i++) { -- /* check that rnd is a prime */ -- BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]); -- if (mod == (BN_ULONG)-1) -- goto err; -- if (mod <= 1) -- goto loop; -- } -- ret = 1; -- -- err: -- BN_CTX_end(ctx); -- bn_check_top(rnd); -- return ret; --} -- - static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, - const BIGNUM *a1_odd, int k, BN_CTX *ctx, - BN_MONT_CTX *mont) -@@ -412,87 +384,37 @@ static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, - static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods) - { - int i; -- BN_ULONG delta; -- BN_ULONG maxdelta = BN_MASK2 - primes[NUMPRIMES - 1]; -- char is_single_word = bits <= BN_BITS2; -+ BN_ULONG delta, maxdelta; - - again: -- if (!BN_rand(rnd, bits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ODD)) -+ if (!BN_rand(rnd, bits, 1, 1)) - return (0); -- /* we now have a random number 'rnd' to test. */ -- for (i = 1; i < NUMPRIMES; i++) { -- BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]); -- if (mod == (BN_ULONG)-1) -- return 0; -- mods[i] = (prime_t) mod; -- } -- /* -- * If bits is so small that it fits into a single word then we -- * additionally don't want to exceed that many bits. -- */ -- if (is_single_word) { -- BN_ULONG size_limit; -- -- if (bits == BN_BITS2) { -- /* -- * Shifting by this much has undefined behaviour so we do it a -- * different way -- */ -- size_limit = ~((BN_ULONG)0) - BN_get_word(rnd); -- } else { -- size_limit = (((BN_ULONG)1) << bits) - BN_get_word(rnd) - 1; -- } -- if (size_limit < maxdelta) -- maxdelta = size_limit; -- } -+ /* we now have a random number 'rand' to test. */ -+ for (i = 1; i < NUMPRIMES; i++) -+ mods[i] = (prime_t) BN_mod_word(rnd, (BN_ULONG)primes[i]); -+ maxdelta = BN_MASK2 - primes[NUMPRIMES - 1]; - delta = 0; -- loop: -- if (is_single_word) { -- BN_ULONG rnd_word = BN_get_word(rnd); -- -- /*- -- * In the case that the candidate prime is a single word then -- * we check that: -- * 1) It's greater than primes[i] because we shouldn't reject -- * 3 as being a prime number because it's a multiple of -- * three. -- * 2) That it's not a multiple of a known prime. We don't -- * check that rnd-1 is also coprime to all the known -- * primes because there aren't many small primes where -- * that's true. -+ loop:for (i = 1; i < NUMPRIMES; i++) { -+ /* -+ * check that rnd is not a prime and also that gcd(rnd-1,primes) == 1 -+ * (except for 2) - */ -- for (i = 1; i < NUMPRIMES && primes[i] < rnd_word; i++) { -- if ((mods[i] + delta) % primes[i] == 0) { -- delta += 2; -- if (delta > maxdelta) -- goto again; -- goto loop; -- } -- } -- } else { -- for (i = 1; i < NUMPRIMES; i++) { -- /* -- * check that rnd is not a prime and also that gcd(rnd-1,primes) -- * == 1 (except for 2) -- */ -- if (((mods[i] + delta) % primes[i]) <= 1) { -- delta += 2; -- if (delta > maxdelta) -- goto again; -- goto loop; -- } -+ if (((mods[i] + delta) % primes[i]) <= 1) { -+ delta += 2; -+ if (delta > maxdelta) -+ goto again; -+ goto loop; - } - } - if (!BN_add_word(rnd, delta)) - return (0); -- if (BN_num_bits(rnd) != bits) -- goto again; - bn_check_top(rnd); - return (1); - } - --int bn_probable_prime_dh(BIGNUM *rnd, int bits, -- const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx) -+static int probable_prime_dh(BIGNUM *rnd, int bits, -+ const BIGNUM *add, const BIGNUM *rem, -+ BN_CTX *ctx) - { - int i, ret = 0; - BIGNUM *t1; -@@ -501,7 +423,7 @@ int bn_probable_prime_dh(BIGNUM *rnd, int bits, - if ((t1 = BN_CTX_get(ctx)) == NULL) - goto err; - -- if (!BN_rand(rnd, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD)) -+ if (!BN_rand(rnd, bits, 0, 1)) - goto err; - - /* we need ((rnd-rem) % add) == 0 */ -@@ -520,20 +442,15 @@ int bn_probable_prime_dh(BIGNUM *rnd, int bits, - - /* we now have a random number 'rand' to test. */ - -- loop: -- for (i = 1; i < NUMPRIMES; i++) { -+ loop:for (i = 1; i < NUMPRIMES; i++) { - /* check that rnd is a prime */ -- BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]); -- if (mod == (BN_ULONG)-1) -- goto err; -- if (mod <= 1) { -+ if (BN_mod_word(rnd, (BN_ULONG)primes[i]) <= 1) { - if (!BN_add(rnd, rnd, add)) - goto err; - goto loop; - } - } - ret = 1; -- - err: - BN_CTX_end(ctx); - bn_check_top(rnd); -@@ -557,7 +474,7 @@ static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd, - if (!BN_rshift1(qadd, padd)) - goto err; - -- if (!BN_rand(q, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD)) -+ if (!BN_rand(q, bits, 0, 1)) - goto err; - - /* we need ((rnd-rem) % add) == 0 */ -@@ -581,17 +498,13 @@ static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd, - if (!BN_add_word(p, 1)) - goto err; - -- loop: -- for (i = 1; i < NUMPRIMES; i++) { -+ loop:for (i = 1; i < NUMPRIMES; i++) { - /* check that p and q are prime */ - /* - * check that for p and q gcd(p-1,primes) == 1 (except for 2) - */ -- BN_ULONG pmod = BN_mod_word(p, (BN_ULONG)primes[i]); -- BN_ULONG qmod = BN_mod_word(q, (BN_ULONG)primes[i]); -- if (pmod == (BN_ULONG)-1 || qmod == (BN_ULONG)-1) -- goto err; -- if (pmod == 0 || qmod == 0) { -+ if ((BN_mod_word(p, (BN_ULONG)primes[i]) == 0) || -+ (BN_mod_word(q, (BN_ULONG)primes[i]) == 0)) { - if (!BN_add(p, p, padd)) - goto err; - if (!BN_add(q, q, qadd)) -@@ -600,7 +513,6 @@ static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd, - } - } - ret = 1; -- - err: - BN_CTX_end(ctx); - bn_check_top(p); -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_prime.h b/Cryptlib/OpenSSL/crypto/bn/bn_prime.h -index 41440fa..5cf0de1 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_prime.h -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_prime.h -@@ -1,274 +1,326 @@ --/* -- * WARNING: do not edit! -- * Generated by crypto/bn/bn_prime.pl -+/* Auto generated by bn_prime.pl */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - --typedef unsigned short prime_t; -+#ifndef EIGHT_BIT - # define NUMPRIMES 2048 -- --static const prime_t primes[2048] = { -- -- 2, 3, 5, 7, 11, 13, 17, 19, -- 23, 29, 31, 37, 41, 43, 47, 53, -- 59, 61, 67, 71, 73, 79, 83, 89, -- 97, 101, 103, 107, 109, 113, 127, 131, -- 137, 139, 149, 151, 157, 163, 167, 173, -- 179, 181, 191, 193, 197, 199, 211, 223, -- 227, 229, 233, 239, 241, 251, 257, 263, -- 269, 271, 277, 281, 283, 293, 307, 311, -- 313, 317, 331, 337, 347, 349, 353, 359, -- 367, 373, 379, 383, 389, 397, 401, 409, -- 419, 421, 431, 433, 439, 443, 449, 457, -- 461, 463, 467, 479, 487, 491, 499, 503, -- 509, 521, 523, 541, 547, 557, 563, 569, -- 571, 577, 587, 593, 599, 601, 607, 613, -- 617, 619, 631, 641, 643, 647, 653, 659, -- 661, 673, 677, 683, 691, 701, 709, 719, -- 727, 733, 739, 743, 751, 757, 761, 769, -- 773, 787, 797, 809, 811, 821, 823, 827, -- 829, 839, 853, 857, 859, 863, 877, 881, -- 883, 887, 907, 911, 919, 929, 937, 941, -- 947, 953, 967, 971, 977, 983, 991, 997, -- 1009, 1013, 1019, 1021, 1031, 1033, 1039, 1049, -- 1051, 1061, 1063, 1069, 1087, 1091, 1093, 1097, -- 1103, 1109, 1117, 1123, 1129, 1151, 1153, 1163, -- 1171, 1181, 1187, 1193, 1201, 1213, 1217, 1223, -- 1229, 1231, 1237, 1249, 1259, 1277, 1279, 1283, -- 1289, 1291, 1297, 1301, 1303, 1307, 1319, 1321, -- 1327, 1361, 1367, 1373, 1381, 1399, 1409, 1423, -- 1427, 1429, 1433, 1439, 1447, 1451, 1453, 1459, -- 1471, 1481, 1483, 1487, 1489, 1493, 1499, 1511, -- 1523, 1531, 1543, 1549, 1553, 1559, 1567, 1571, -- 1579, 1583, 1597, 1601, 1607, 1609, 1613, 1619, -- 1621, 1627, 1637, 1657, 1663, 1667, 1669, 1693, -- 1697, 1699, 1709, 1721, 1723, 1733, 1741, 1747, -- 1753, 1759, 1777, 1783, 1787, 1789, 1801, 1811, -- 1823, 1831, 1847, 1861, 1867, 1871, 1873, 1877, -- 1879, 1889, 1901, 1907, 1913, 1931, 1933, 1949, -- 1951, 1973, 1979, 1987, 1993, 1997, 1999, 2003, -- 2011, 2017, 2027, 2029, 2039, 2053, 2063, 2069, -- 2081, 2083, 2087, 2089, 2099, 2111, 2113, 2129, -- 2131, 2137, 2141, 2143, 2153, 2161, 2179, 2203, -- 2207, 2213, 2221, 2237, 2239, 2243, 2251, 2267, -- 2269, 2273, 2281, 2287, 2293, 2297, 2309, 2311, -- 2333, 2339, 2341, 2347, 2351, 2357, 2371, 2377, -- 2381, 2383, 2389, 2393, 2399, 2411, 2417, 2423, -- 2437, 2441, 2447, 2459, 2467, 2473, 2477, 2503, -- 2521, 2531, 2539, 2543, 2549, 2551, 2557, 2579, -- 2591, 2593, 2609, 2617, 2621, 2633, 2647, 2657, -- 2659, 2663, 2671, 2677, 2683, 2687, 2689, 2693, -- 2699, 2707, 2711, 2713, 2719, 2729, 2731, 2741, -- 2749, 2753, 2767, 2777, 2789, 2791, 2797, 2801, -- 2803, 2819, 2833, 2837, 2843, 2851, 2857, 2861, -- 2879, 2887, 2897, 2903, 2909, 2917, 2927, 2939, -- 2953, 2957, 2963, 2969, 2971, 2999, 3001, 3011, -- 3019, 3023, 3037, 3041, 3049, 3061, 3067, 3079, -- 3083, 3089, 3109, 3119, 3121, 3137, 3163, 3167, -- 3169, 3181, 3187, 3191, 3203, 3209, 3217, 3221, -- 3229, 3251, 3253, 3257, 3259, 3271, 3299, 3301, -- 3307, 3313, 3319, 3323, 3329, 3331, 3343, 3347, -- 3359, 3361, 3371, 3373, 3389, 3391, 3407, 3413, -- 3433, 3449, 3457, 3461, 3463, 3467, 3469, 3491, -- 3499, 3511, 3517, 3527, 3529, 3533, 3539, 3541, -- 3547, 3557, 3559, 3571, 3581, 3583, 3593, 3607, -- 3613, 3617, 3623, 3631, 3637, 3643, 3659, 3671, -- 3673, 3677, 3691, 3697, 3701, 3709, 3719, 3727, -- 3733, 3739, 3761, 3767, 3769, 3779, 3793, 3797, -- 3803, 3821, 3823, 3833, 3847, 3851, 3853, 3863, -- 3877, 3881, 3889, 3907, 3911, 3917, 3919, 3923, -- 3929, 3931, 3943, 3947, 3967, 3989, 4001, 4003, -- 4007, 4013, 4019, 4021, 4027, 4049, 4051, 4057, -- 4073, 4079, 4091, 4093, 4099, 4111, 4127, 4129, -- 4133, 4139, 4153, 4157, 4159, 4177, 4201, 4211, -- 4217, 4219, 4229, 4231, 4241, 4243, 4253, 4259, -- 4261, 4271, 4273, 4283, 4289, 4297, 4327, 4337, -- 4339, 4349, 4357, 4363, 4373, 4391, 4397, 4409, -- 4421, 4423, 4441, 4447, 4451, 4457, 4463, 4481, -- 4483, 4493, 4507, 4513, 4517, 4519, 4523, 4547, -- 4549, 4561, 4567, 4583, 4591, 4597, 4603, 4621, -- 4637, 4639, 4643, 4649, 4651, 4657, 4663, 4673, -- 4679, 4691, 4703, 4721, 4723, 4729, 4733, 4751, -- 4759, 4783, 4787, 4789, 4793, 4799, 4801, 4813, -- 4817, 4831, 4861, 4871, 4877, 4889, 4903, 4909, -- 4919, 4931, 4933, 4937, 4943, 4951, 4957, 4967, -- 4969, 4973, 4987, 4993, 4999, 5003, 5009, 5011, -- 5021, 5023, 5039, 5051, 5059, 5077, 5081, 5087, -- 5099, 5101, 5107, 5113, 5119, 5147, 5153, 5167, -- 5171, 5179, 5189, 5197, 5209, 5227, 5231, 5233, -- 5237, 5261, 5273, 5279, 5281, 5297, 5303, 5309, -- 5323, 5333, 5347, 5351, 5381, 5387, 5393, 5399, -- 5407, 5413, 5417, 5419, 5431, 5437, 5441, 5443, -- 5449, 5471, 5477, 5479, 5483, 5501, 5503, 5507, -- 5519, 5521, 5527, 5531, 5557, 5563, 5569, 5573, -- 5581, 5591, 5623, 5639, 5641, 5647, 5651, 5653, -- 5657, 5659, 5669, 5683, 5689, 5693, 5701, 5711, -- 5717, 5737, 5741, 5743, 5749, 5779, 5783, 5791, -- 5801, 5807, 5813, 5821, 5827, 5839, 5843, 5849, -- 5851, 5857, 5861, 5867, 5869, 5879, 5881, 5897, -- 5903, 5923, 5927, 5939, 5953, 5981, 5987, 6007, -- 6011, 6029, 6037, 6043, 6047, 6053, 6067, 6073, -- 6079, 6089, 6091, 6101, 6113, 6121, 6131, 6133, -- 6143, 6151, 6163, 6173, 6197, 6199, 6203, 6211, -- 6217, 6221, 6229, 6247, 6257, 6263, 6269, 6271, -- 6277, 6287, 6299, 6301, 6311, 6317, 6323, 6329, -- 6337, 6343, 6353, 6359, 6361, 6367, 6373, 6379, -- 6389, 6397, 6421, 6427, 6449, 6451, 6469, 6473, -- 6481, 6491, 6521, 6529, 6547, 6551, 6553, 6563, -- 6569, 6571, 6577, 6581, 6599, 6607, 6619, 6637, -- 6653, 6659, 6661, 6673, 6679, 6689, 6691, 6701, -- 6703, 6709, 6719, 6733, 6737, 6761, 6763, 6779, -- 6781, 6791, 6793, 6803, 6823, 6827, 6829, 6833, -- 6841, 6857, 6863, 6869, 6871, 6883, 6899, 6907, -- 6911, 6917, 6947, 6949, 6959, 6961, 6967, 6971, -- 6977, 6983, 6991, 6997, 7001, 7013, 7019, 7027, -- 7039, 7043, 7057, 7069, 7079, 7103, 7109, 7121, -- 7127, 7129, 7151, 7159, 7177, 7187, 7193, 7207, -- 7211, 7213, 7219, 7229, 7237, 7243, 7247, 7253, -- 7283, 7297, 7307, 7309, 7321, 7331, 7333, 7349, -- 7351, 7369, 7393, 7411, 7417, 7433, 7451, 7457, -- 7459, 7477, 7481, 7487, 7489, 7499, 7507, 7517, -- 7523, 7529, 7537, 7541, 7547, 7549, 7559, 7561, -- 7573, 7577, 7583, 7589, 7591, 7603, 7607, 7621, -- 7639, 7643, 7649, 7669, 7673, 7681, 7687, 7691, -- 7699, 7703, 7717, 7723, 7727, 7741, 7753, 7757, -- 7759, 7789, 7793, 7817, 7823, 7829, 7841, 7853, -- 7867, 7873, 7877, 7879, 7883, 7901, 7907, 7919, -- 7927, 7933, 7937, 7949, 7951, 7963, 7993, 8009, -- 8011, 8017, 8039, 8053, 8059, 8069, 8081, 8087, -- 8089, 8093, 8101, 8111, 8117, 8123, 8147, 8161, -- 8167, 8171, 8179, 8191, 8209, 8219, 8221, 8231, -- 8233, 8237, 8243, 8263, 8269, 8273, 8287, 8291, -- 8293, 8297, 8311, 8317, 8329, 8353, 8363, 8369, -- 8377, 8387, 8389, 8419, 8423, 8429, 8431, 8443, -- 8447, 8461, 8467, 8501, 8513, 8521, 8527, 8537, -- 8539, 8543, 8563, 8573, 8581, 8597, 8599, 8609, -- 8623, 8627, 8629, 8641, 8647, 8663, 8669, 8677, -- 8681, 8689, 8693, 8699, 8707, 8713, 8719, 8731, -- 8737, 8741, 8747, 8753, 8761, 8779, 8783, 8803, -- 8807, 8819, 8821, 8831, 8837, 8839, 8849, 8861, -- 8863, 8867, 8887, 8893, 8923, 8929, 8933, 8941, -- 8951, 8963, 8969, 8971, 8999, 9001, 9007, 9011, -- 9013, 9029, 9041, 9043, 9049, 9059, 9067, 9091, -- 9103, 9109, 9127, 9133, 9137, 9151, 9157, 9161, -- 9173, 9181, 9187, 9199, 9203, 9209, 9221, 9227, -- 9239, 9241, 9257, 9277, 9281, 9283, 9293, 9311, -- 9319, 9323, 9337, 9341, 9343, 9349, 9371, 9377, -- 9391, 9397, 9403, 9413, 9419, 9421, 9431, 9433, -- 9437, 9439, 9461, 9463, 9467, 9473, 9479, 9491, -- 9497, 9511, 9521, 9533, 9539, 9547, 9551, 9587, -- 9601, 9613, 9619, 9623, 9629, 9631, 9643, 9649, -- 9661, 9677, 9679, 9689, 9697, 9719, 9721, 9733, -- 9739, 9743, 9749, 9767, 9769, 9781, 9787, 9791, -- 9803, 9811, 9817, 9829, 9833, 9839, 9851, 9857, -- 9859, 9871, 9883, 9887, 9901, 9907, 9923, 9929, -- 9931, 9941, 9949, 9967, 9973, 10007, 10009, 10037, -- 10039, 10061, 10067, 10069, 10079, 10091, 10093, 10099, -- 10103, 10111, 10133, 10139, 10141, 10151, 10159, 10163, -- 10169, 10177, 10181, 10193, 10211, 10223, 10243, 10247, -- 10253, 10259, 10267, 10271, 10273, 10289, 10301, 10303, -- 10313, 10321, 10331, 10333, 10337, 10343, 10357, 10369, -- 10391, 10399, 10427, 10429, 10433, 10453, 10457, 10459, -- 10463, 10477, 10487, 10499, 10501, 10513, 10529, 10531, -- 10559, 10567, 10589, 10597, 10601, 10607, 10613, 10627, -- 10631, 10639, 10651, 10657, 10663, 10667, 10687, 10691, -- 10709, 10711, 10723, 10729, 10733, 10739, 10753, 10771, -- 10781, 10789, 10799, 10831, 10837, 10847, 10853, 10859, -- 10861, 10867, 10883, 10889, 10891, 10903, 10909, 10937, -- 10939, 10949, 10957, 10973, 10979, 10987, 10993, 11003, -- 11027, 11047, 11057, 11059, 11069, 11071, 11083, 11087, -- 11093, 11113, 11117, 11119, 11131, 11149, 11159, 11161, -- 11171, 11173, 11177, 11197, 11213, 11239, 11243, 11251, -- 11257, 11261, 11273, 11279, 11287, 11299, 11311, 11317, -- 11321, 11329, 11351, 11353, 11369, 11383, 11393, 11399, -- 11411, 11423, 11437, 11443, 11447, 11467, 11471, 11483, -- 11489, 11491, 11497, 11503, 11519, 11527, 11549, 11551, -- 11579, 11587, 11593, 11597, 11617, 11621, 11633, 11657, -- 11677, 11681, 11689, 11699, 11701, 11717, 11719, 11731, -- 11743, 11777, 11779, 11783, 11789, 11801, 11807, 11813, -- 11821, 11827, 11831, 11833, 11839, 11863, 11867, 11887, -- 11897, 11903, 11909, 11923, 11927, 11933, 11939, 11941, -- 11953, 11959, 11969, 11971, 11981, 11987, 12007, 12011, -- 12037, 12041, 12043, 12049, 12071, 12073, 12097, 12101, -- 12107, 12109, 12113, 12119, 12143, 12149, 12157, 12161, -- 12163, 12197, 12203, 12211, 12227, 12239, 12241, 12251, -- 12253, 12263, 12269, 12277, 12281, 12289, 12301, 12323, -- 12329, 12343, 12347, 12373, 12377, 12379, 12391, 12401, -- 12409, 12413, 12421, 12433, 12437, 12451, 12457, 12473, -- 12479, 12487, 12491, 12497, 12503, 12511, 12517, 12527, -- 12539, 12541, 12547, 12553, 12569, 12577, 12583, 12589, -- 12601, 12611, 12613, 12619, 12637, 12641, 12647, 12653, -- 12659, 12671, 12689, 12697, 12703, 12713, 12721, 12739, -- 12743, 12757, 12763, 12781, 12791, 12799, 12809, 12821, -- 12823, 12829, 12841, 12853, 12889, 12893, 12899, 12907, -- 12911, 12917, 12919, 12923, 12941, 12953, 12959, 12967, -- 12973, 12979, 12983, 13001, 13003, 13007, 13009, 13033, -- 13037, 13043, 13049, 13063, 13093, 13099, 13103, 13109, -- 13121, 13127, 13147, 13151, 13159, 13163, 13171, 13177, -- 13183, 13187, 13217, 13219, 13229, 13241, 13249, 13259, -- 13267, 13291, 13297, 13309, 13313, 13327, 13331, 13337, -- 13339, 13367, 13381, 13397, 13399, 13411, 13417, 13421, -- 13441, 13451, 13457, 13463, 13469, 13477, 13487, 13499, -- 13513, 13523, 13537, 13553, 13567, 13577, 13591, 13597, -- 13613, 13619, 13627, 13633, 13649, 13669, 13679, 13681, -- 13687, 13691, 13693, 13697, 13709, 13711, 13721, 13723, -- 13729, 13751, 13757, 13759, 13763, 13781, 13789, 13799, -- 13807, 13829, 13831, 13841, 13859, 13873, 13877, 13879, -- 13883, 13901, 13903, 13907, 13913, 13921, 13931, 13933, -- 13963, 13967, 13997, 13999, 14009, 14011, 14029, 14033, -- 14051, 14057, 14071, 14081, 14083, 14087, 14107, 14143, -- 14149, 14153, 14159, 14173, 14177, 14197, 14207, 14221, -- 14243, 14249, 14251, 14281, 14293, 14303, 14321, 14323, -- 14327, 14341, 14347, 14369, 14387, 14389, 14401, 14407, -- 14411, 14419, 14423, 14431, 14437, 14447, 14449, 14461, -- 14479, 14489, 14503, 14519, 14533, 14537, 14543, 14549, -- 14551, 14557, 14561, 14563, 14591, 14593, 14621, 14627, -- 14629, 14633, 14639, 14653, 14657, 14669, 14683, 14699, -- 14713, 14717, 14723, 14731, 14737, 14741, 14747, 14753, -- 14759, 14767, 14771, 14779, 14783, 14797, 14813, 14821, -- 14827, 14831, 14843, 14851, 14867, 14869, 14879, 14887, -- 14891, 14897, 14923, 14929, 14939, 14947, 14951, 14957, -- 14969, 14983, 15013, 15017, 15031, 15053, 15061, 15073, -- 15077, 15083, 15091, 15101, 15107, 15121, 15131, 15137, -- 15139, 15149, 15161, 15173, 15187, 15193, 15199, 15217, -- 15227, 15233, 15241, 15259, 15263, 15269, 15271, 15277, -- 15287, 15289, 15299, 15307, 15313, 15319, 15329, 15331, -- 15349, 15359, 15361, 15373, 15377, 15383, 15391, 15401, -- 15413, 15427, 15439, 15443, 15451, 15461, 15467, 15473, -- 15493, 15497, 15511, 15527, 15541, 15551, 15559, 15569, -- 15581, 15583, 15601, 15607, 15619, 15629, 15641, 15643, -- 15647, 15649, 15661, 15667, 15671, 15679, 15683, 15727, -- 15731, 15733, 15737, 15739, 15749, 15761, 15767, 15773, -- 15787, 15791, 15797, 15803, 15809, 15817, 15823, 15859, -- 15877, 15881, 15887, 15889, 15901, 15907, 15913, 15919, -- 15923, 15937, 15959, 15971, 15973, 15991, 16001, 16007, -- 16033, 16057, 16061, 16063, 16067, 16069, 16073, 16087, -- 16091, 16097, 16103, 16111, 16127, 16139, 16141, 16183, -- 16187, 16189, 16193, 16217, 16223, 16229, 16231, 16249, -- 16253, 16267, 16273, 16301, 16319, 16333, 16339, 16349, -- 16361, 16363, 16369, 16381, 16411, 16417, 16421, 16427, -- 16433, 16447, 16451, 16453, 16477, 16481, 16487, 16493, -- 16519, 16529, 16547, 16553, 16561, 16567, 16573, 16603, -- 16607, 16619, 16631, 16633, 16649, 16651, 16657, 16661, -- 16673, 16691, 16693, 16699, 16703, 16729, 16741, 16747, -- 16759, 16763, 16787, 16811, 16823, 16829, 16831, 16843, -- 16871, 16879, 16883, 16889, 16901, 16903, 16921, 16927, -- 16931, 16937, 16943, 16963, 16979, 16981, 16987, 16993, -- 17011, 17021, 17027, 17029, 17033, 17041, 17047, 17053, -- 17077, 17093, 17099, 17107, 17117, 17123, 17137, 17159, -- 17167, 17183, 17189, 17191, 17203, 17207, 17209, 17231, -- 17239, 17257, 17291, 17293, 17299, 17317, 17321, 17327, -- 17333, 17341, 17351, 17359, 17377, 17383, 17387, 17389, -- 17393, 17401, 17417, 17419, 17431, 17443, 17449, 17467, -- 17471, 17477, 17483, 17489, 17491, 17497, 17509, 17519, -- 17539, 17551, 17569, 17573, 17579, 17581, 17597, 17599, -- 17609, 17623, 17627, 17657, 17659, 17669, 17681, 17683, -- 17707, 17713, 17729, 17737, 17747, 17749, 17761, 17783, -- 17789, 17791, 17807, 17827, 17837, 17839, 17851, 17863, -+typedef unsigned short prime_t; -+#else -+# define NUMPRIMES 54 -+typedef unsigned char prime_t; -+#endif -+static const prime_t primes[NUMPRIMES] = { -+ 2, 3, 5, 7, 11, 13, 17, 19, -+ 23, 29, 31, 37, 41, 43, 47, 53, -+ 59, 61, 67, 71, 73, 79, 83, 89, -+ 97, 101, 103, 107, 109, 113, 127, 131, -+ 137, 139, 149, 151, 157, 163, 167, 173, -+ 179, 181, 191, 193, 197, 199, 211, 223, -+ 227, 229, 233, 239, 241, 251, -+#ifndef EIGHT_BIT -+ 257, 263, -+ 269, 271, 277, 281, 283, 293, 307, 311, -+ 313, 317, 331, 337, 347, 349, 353, 359, -+ 367, 373, 379, 383, 389, 397, 401, 409, -+ 419, 421, 431, 433, 439, 443, 449, 457, -+ 461, 463, 467, 479, 487, 491, 499, 503, -+ 509, 521, 523, 541, 547, 557, 563, 569, -+ 571, 577, 587, 593, 599, 601, 607, 613, -+ 617, 619, 631, 641, 643, 647, 653, 659, -+ 661, 673, 677, 683, 691, 701, 709, 719, -+ 727, 733, 739, 743, 751, 757, 761, 769, -+ 773, 787, 797, 809, 811, 821, 823, 827, -+ 829, 839, 853, 857, 859, 863, 877, 881, -+ 883, 887, 907, 911, 919, 929, 937, 941, -+ 947, 953, 967, 971, 977, 983, 991, 997, -+ 1009, 1013, 1019, 1021, 1031, 1033, 1039, 1049, -+ 1051, 1061, 1063, 1069, 1087, 1091, 1093, 1097, -+ 1103, 1109, 1117, 1123, 1129, 1151, 1153, 1163, -+ 1171, 1181, 1187, 1193, 1201, 1213, 1217, 1223, -+ 1229, 1231, 1237, 1249, 1259, 1277, 1279, 1283, -+ 1289, 1291, 1297, 1301, 1303, 1307, 1319, 1321, -+ 1327, 1361, 1367, 1373, 1381, 1399, 1409, 1423, -+ 1427, 1429, 1433, 1439, 1447, 1451, 1453, 1459, -+ 1471, 1481, 1483, 1487, 1489, 1493, 1499, 1511, -+ 1523, 1531, 1543, 1549, 1553, 1559, 1567, 1571, -+ 1579, 1583, 1597, 1601, 1607, 1609, 1613, 1619, -+ 1621, 1627, 1637, 1657, 1663, 1667, 1669, 1693, -+ 1697, 1699, 1709, 1721, 1723, 1733, 1741, 1747, -+ 1753, 1759, 1777, 1783, 1787, 1789, 1801, 1811, -+ 1823, 1831, 1847, 1861, 1867, 1871, 1873, 1877, -+ 1879, 1889, 1901, 1907, 1913, 1931, 1933, 1949, -+ 1951, 1973, 1979, 1987, 1993, 1997, 1999, 2003, -+ 2011, 2017, 2027, 2029, 2039, 2053, 2063, 2069, -+ 2081, 2083, 2087, 2089, 2099, 2111, 2113, 2129, -+ 2131, 2137, 2141, 2143, 2153, 2161, 2179, 2203, -+ 2207, 2213, 2221, 2237, 2239, 2243, 2251, 2267, -+ 2269, 2273, 2281, 2287, 2293, 2297, 2309, 2311, -+ 2333, 2339, 2341, 2347, 2351, 2357, 2371, 2377, -+ 2381, 2383, 2389, 2393, 2399, 2411, 2417, 2423, -+ 2437, 2441, 2447, 2459, 2467, 2473, 2477, 2503, -+ 2521, 2531, 2539, 2543, 2549, 2551, 2557, 2579, -+ 2591, 2593, 2609, 2617, 2621, 2633, 2647, 2657, -+ 2659, 2663, 2671, 2677, 2683, 2687, 2689, 2693, -+ 2699, 2707, 2711, 2713, 2719, 2729, 2731, 2741, -+ 2749, 2753, 2767, 2777, 2789, 2791, 2797, 2801, -+ 2803, 2819, 2833, 2837, 2843, 2851, 2857, 2861, -+ 2879, 2887, 2897, 2903, 2909, 2917, 2927, 2939, -+ 2953, 2957, 2963, 2969, 2971, 2999, 3001, 3011, -+ 3019, 3023, 3037, 3041, 3049, 3061, 3067, 3079, -+ 3083, 3089, 3109, 3119, 3121, 3137, 3163, 3167, -+ 3169, 3181, 3187, 3191, 3203, 3209, 3217, 3221, -+ 3229, 3251, 3253, 3257, 3259, 3271, 3299, 3301, -+ 3307, 3313, 3319, 3323, 3329, 3331, 3343, 3347, -+ 3359, 3361, 3371, 3373, 3389, 3391, 3407, 3413, -+ 3433, 3449, 3457, 3461, 3463, 3467, 3469, 3491, -+ 3499, 3511, 3517, 3527, 3529, 3533, 3539, 3541, -+ 3547, 3557, 3559, 3571, 3581, 3583, 3593, 3607, -+ 3613, 3617, 3623, 3631, 3637, 3643, 3659, 3671, -+ 3673, 3677, 3691, 3697, 3701, 3709, 3719, 3727, -+ 3733, 3739, 3761, 3767, 3769, 3779, 3793, 3797, -+ 3803, 3821, 3823, 3833, 3847, 3851, 3853, 3863, -+ 3877, 3881, 3889, 3907, 3911, 3917, 3919, 3923, -+ 3929, 3931, 3943, 3947, 3967, 3989, 4001, 4003, -+ 4007, 4013, 4019, 4021, 4027, 4049, 4051, 4057, -+ 4073, 4079, 4091, 4093, 4099, 4111, 4127, 4129, -+ 4133, 4139, 4153, 4157, 4159, 4177, 4201, 4211, -+ 4217, 4219, 4229, 4231, 4241, 4243, 4253, 4259, -+ 4261, 4271, 4273, 4283, 4289, 4297, 4327, 4337, -+ 4339, 4349, 4357, 4363, 4373, 4391, 4397, 4409, -+ 4421, 4423, 4441, 4447, 4451, 4457, 4463, 4481, -+ 4483, 4493, 4507, 4513, 4517, 4519, 4523, 4547, -+ 4549, 4561, 4567, 4583, 4591, 4597, 4603, 4621, -+ 4637, 4639, 4643, 4649, 4651, 4657, 4663, 4673, -+ 4679, 4691, 4703, 4721, 4723, 4729, 4733, 4751, -+ 4759, 4783, 4787, 4789, 4793, 4799, 4801, 4813, -+ 4817, 4831, 4861, 4871, 4877, 4889, 4903, 4909, -+ 4919, 4931, 4933, 4937, 4943, 4951, 4957, 4967, -+ 4969, 4973, 4987, 4993, 4999, 5003, 5009, 5011, -+ 5021, 5023, 5039, 5051, 5059, 5077, 5081, 5087, -+ 5099, 5101, 5107, 5113, 5119, 5147, 5153, 5167, -+ 5171, 5179, 5189, 5197, 5209, 5227, 5231, 5233, -+ 5237, 5261, 5273, 5279, 5281, 5297, 5303, 5309, -+ 5323, 5333, 5347, 5351, 5381, 5387, 5393, 5399, -+ 5407, 5413, 5417, 5419, 5431, 5437, 5441, 5443, -+ 5449, 5471, 5477, 5479, 5483, 5501, 5503, 5507, -+ 5519, 5521, 5527, 5531, 5557, 5563, 5569, 5573, -+ 5581, 5591, 5623, 5639, 5641, 5647, 5651, 5653, -+ 5657, 5659, 5669, 5683, 5689, 5693, 5701, 5711, -+ 5717, 5737, 5741, 5743, 5749, 5779, 5783, 5791, -+ 5801, 5807, 5813, 5821, 5827, 5839, 5843, 5849, -+ 5851, 5857, 5861, 5867, 5869, 5879, 5881, 5897, -+ 5903, 5923, 5927, 5939, 5953, 5981, 5987, 6007, -+ 6011, 6029, 6037, 6043, 6047, 6053, 6067, 6073, -+ 6079, 6089, 6091, 6101, 6113, 6121, 6131, 6133, -+ 6143, 6151, 6163, 6173, 6197, 6199, 6203, 6211, -+ 6217, 6221, 6229, 6247, 6257, 6263, 6269, 6271, -+ 6277, 6287, 6299, 6301, 6311, 6317, 6323, 6329, -+ 6337, 6343, 6353, 6359, 6361, 6367, 6373, 6379, -+ 6389, 6397, 6421, 6427, 6449, 6451, 6469, 6473, -+ 6481, 6491, 6521, 6529, 6547, 6551, 6553, 6563, -+ 6569, 6571, 6577, 6581, 6599, 6607, 6619, 6637, -+ 6653, 6659, 6661, 6673, 6679, 6689, 6691, 6701, -+ 6703, 6709, 6719, 6733, 6737, 6761, 6763, 6779, -+ 6781, 6791, 6793, 6803, 6823, 6827, 6829, 6833, -+ 6841, 6857, 6863, 6869, 6871, 6883, 6899, 6907, -+ 6911, 6917, 6947, 6949, 6959, 6961, 6967, 6971, -+ 6977, 6983, 6991, 6997, 7001, 7013, 7019, 7027, -+ 7039, 7043, 7057, 7069, 7079, 7103, 7109, 7121, -+ 7127, 7129, 7151, 7159, 7177, 7187, 7193, 7207, -+ 7211, 7213, 7219, 7229, 7237, 7243, 7247, 7253, -+ 7283, 7297, 7307, 7309, 7321, 7331, 7333, 7349, -+ 7351, 7369, 7393, 7411, 7417, 7433, 7451, 7457, -+ 7459, 7477, 7481, 7487, 7489, 7499, 7507, 7517, -+ 7523, 7529, 7537, 7541, 7547, 7549, 7559, 7561, -+ 7573, 7577, 7583, 7589, 7591, 7603, 7607, 7621, -+ 7639, 7643, 7649, 7669, 7673, 7681, 7687, 7691, -+ 7699, 7703, 7717, 7723, 7727, 7741, 7753, 7757, -+ 7759, 7789, 7793, 7817, 7823, 7829, 7841, 7853, -+ 7867, 7873, 7877, 7879, 7883, 7901, 7907, 7919, -+ 7927, 7933, 7937, 7949, 7951, 7963, 7993, 8009, -+ 8011, 8017, 8039, 8053, 8059, 8069, 8081, 8087, -+ 8089, 8093, 8101, 8111, 8117, 8123, 8147, 8161, -+ 8167, 8171, 8179, 8191, 8209, 8219, 8221, 8231, -+ 8233, 8237, 8243, 8263, 8269, 8273, 8287, 8291, -+ 8293, 8297, 8311, 8317, 8329, 8353, 8363, 8369, -+ 8377, 8387, 8389, 8419, 8423, 8429, 8431, 8443, -+ 8447, 8461, 8467, 8501, 8513, 8521, 8527, 8537, -+ 8539, 8543, 8563, 8573, 8581, 8597, 8599, 8609, -+ 8623, 8627, 8629, 8641, 8647, 8663, 8669, 8677, -+ 8681, 8689, 8693, 8699, 8707, 8713, 8719, 8731, -+ 8737, 8741, 8747, 8753, 8761, 8779, 8783, 8803, -+ 8807, 8819, 8821, 8831, 8837, 8839, 8849, 8861, -+ 8863, 8867, 8887, 8893, 8923, 8929, 8933, 8941, -+ 8951, 8963, 8969, 8971, 8999, 9001, 9007, 9011, -+ 9013, 9029, 9041, 9043, 9049, 9059, 9067, 9091, -+ 9103, 9109, 9127, 9133, 9137, 9151, 9157, 9161, -+ 9173, 9181, 9187, 9199, 9203, 9209, 9221, 9227, -+ 9239, 9241, 9257, 9277, 9281, 9283, 9293, 9311, -+ 9319, 9323, 9337, 9341, 9343, 9349, 9371, 9377, -+ 9391, 9397, 9403, 9413, 9419, 9421, 9431, 9433, -+ 9437, 9439, 9461, 9463, 9467, 9473, 9479, 9491, -+ 9497, 9511, 9521, 9533, 9539, 9547, 9551, 9587, -+ 9601, 9613, 9619, 9623, 9629, 9631, 9643, 9649, -+ 9661, 9677, 9679, 9689, 9697, 9719, 9721, 9733, -+ 9739, 9743, 9749, 9767, 9769, 9781, 9787, 9791, -+ 9803, 9811, 9817, 9829, 9833, 9839, 9851, 9857, -+ 9859, 9871, 9883, 9887, 9901, 9907, 9923, 9929, -+ 9931, 9941, 9949, 9967, 9973, 10007, 10009, 10037, -+ 10039, 10061, 10067, 10069, 10079, 10091, 10093, 10099, -+ 10103, 10111, 10133, 10139, 10141, 10151, 10159, 10163, -+ 10169, 10177, 10181, 10193, 10211, 10223, 10243, 10247, -+ 10253, 10259, 10267, 10271, 10273, 10289, 10301, 10303, -+ 10313, 10321, 10331, 10333, 10337, 10343, 10357, 10369, -+ 10391, 10399, 10427, 10429, 10433, 10453, 10457, 10459, -+ 10463, 10477, 10487, 10499, 10501, 10513, 10529, 10531, -+ 10559, 10567, 10589, 10597, 10601, 10607, 10613, 10627, -+ 10631, 10639, 10651, 10657, 10663, 10667, 10687, 10691, -+ 10709, 10711, 10723, 10729, 10733, 10739, 10753, 10771, -+ 10781, 10789, 10799, 10831, 10837, 10847, 10853, 10859, -+ 10861, 10867, 10883, 10889, 10891, 10903, 10909, 10937, -+ 10939, 10949, 10957, 10973, 10979, 10987, 10993, 11003, -+ 11027, 11047, 11057, 11059, 11069, 11071, 11083, 11087, -+ 11093, 11113, 11117, 11119, 11131, 11149, 11159, 11161, -+ 11171, 11173, 11177, 11197, 11213, 11239, 11243, 11251, -+ 11257, 11261, 11273, 11279, 11287, 11299, 11311, 11317, -+ 11321, 11329, 11351, 11353, 11369, 11383, 11393, 11399, -+ 11411, 11423, 11437, 11443, 11447, 11467, 11471, 11483, -+ 11489, 11491, 11497, 11503, 11519, 11527, 11549, 11551, -+ 11579, 11587, 11593, 11597, 11617, 11621, 11633, 11657, -+ 11677, 11681, 11689, 11699, 11701, 11717, 11719, 11731, -+ 11743, 11777, 11779, 11783, 11789, 11801, 11807, 11813, -+ 11821, 11827, 11831, 11833, 11839, 11863, 11867, 11887, -+ 11897, 11903, 11909, 11923, 11927, 11933, 11939, 11941, -+ 11953, 11959, 11969, 11971, 11981, 11987, 12007, 12011, -+ 12037, 12041, 12043, 12049, 12071, 12073, 12097, 12101, -+ 12107, 12109, 12113, 12119, 12143, 12149, 12157, 12161, -+ 12163, 12197, 12203, 12211, 12227, 12239, 12241, 12251, -+ 12253, 12263, 12269, 12277, 12281, 12289, 12301, 12323, -+ 12329, 12343, 12347, 12373, 12377, 12379, 12391, 12401, -+ 12409, 12413, 12421, 12433, 12437, 12451, 12457, 12473, -+ 12479, 12487, 12491, 12497, 12503, 12511, 12517, 12527, -+ 12539, 12541, 12547, 12553, 12569, 12577, 12583, 12589, -+ 12601, 12611, 12613, 12619, 12637, 12641, 12647, 12653, -+ 12659, 12671, 12689, 12697, 12703, 12713, 12721, 12739, -+ 12743, 12757, 12763, 12781, 12791, 12799, 12809, 12821, -+ 12823, 12829, 12841, 12853, 12889, 12893, 12899, 12907, -+ 12911, 12917, 12919, 12923, 12941, 12953, 12959, 12967, -+ 12973, 12979, 12983, 13001, 13003, 13007, 13009, 13033, -+ 13037, 13043, 13049, 13063, 13093, 13099, 13103, 13109, -+ 13121, 13127, 13147, 13151, 13159, 13163, 13171, 13177, -+ 13183, 13187, 13217, 13219, 13229, 13241, 13249, 13259, -+ 13267, 13291, 13297, 13309, 13313, 13327, 13331, 13337, -+ 13339, 13367, 13381, 13397, 13399, 13411, 13417, 13421, -+ 13441, 13451, 13457, 13463, 13469, 13477, 13487, 13499, -+ 13513, 13523, 13537, 13553, 13567, 13577, 13591, 13597, -+ 13613, 13619, 13627, 13633, 13649, 13669, 13679, 13681, -+ 13687, 13691, 13693, 13697, 13709, 13711, 13721, 13723, -+ 13729, 13751, 13757, 13759, 13763, 13781, 13789, 13799, -+ 13807, 13829, 13831, 13841, 13859, 13873, 13877, 13879, -+ 13883, 13901, 13903, 13907, 13913, 13921, 13931, 13933, -+ 13963, 13967, 13997, 13999, 14009, 14011, 14029, 14033, -+ 14051, 14057, 14071, 14081, 14083, 14087, 14107, 14143, -+ 14149, 14153, 14159, 14173, 14177, 14197, 14207, 14221, -+ 14243, 14249, 14251, 14281, 14293, 14303, 14321, 14323, -+ 14327, 14341, 14347, 14369, 14387, 14389, 14401, 14407, -+ 14411, 14419, 14423, 14431, 14437, 14447, 14449, 14461, -+ 14479, 14489, 14503, 14519, 14533, 14537, 14543, 14549, -+ 14551, 14557, 14561, 14563, 14591, 14593, 14621, 14627, -+ 14629, 14633, 14639, 14653, 14657, 14669, 14683, 14699, -+ 14713, 14717, 14723, 14731, 14737, 14741, 14747, 14753, -+ 14759, 14767, 14771, 14779, 14783, 14797, 14813, 14821, -+ 14827, 14831, 14843, 14851, 14867, 14869, 14879, 14887, -+ 14891, 14897, 14923, 14929, 14939, 14947, 14951, 14957, -+ 14969, 14983, 15013, 15017, 15031, 15053, 15061, 15073, -+ 15077, 15083, 15091, 15101, 15107, 15121, 15131, 15137, -+ 15139, 15149, 15161, 15173, 15187, 15193, 15199, 15217, -+ 15227, 15233, 15241, 15259, 15263, 15269, 15271, 15277, -+ 15287, 15289, 15299, 15307, 15313, 15319, 15329, 15331, -+ 15349, 15359, 15361, 15373, 15377, 15383, 15391, 15401, -+ 15413, 15427, 15439, 15443, 15451, 15461, 15467, 15473, -+ 15493, 15497, 15511, 15527, 15541, 15551, 15559, 15569, -+ 15581, 15583, 15601, 15607, 15619, 15629, 15641, 15643, -+ 15647, 15649, 15661, 15667, 15671, 15679, 15683, 15727, -+ 15731, 15733, 15737, 15739, 15749, 15761, 15767, 15773, -+ 15787, 15791, 15797, 15803, 15809, 15817, 15823, 15859, -+ 15877, 15881, 15887, 15889, 15901, 15907, 15913, 15919, -+ 15923, 15937, 15959, 15971, 15973, 15991, 16001, 16007, -+ 16033, 16057, 16061, 16063, 16067, 16069, 16073, 16087, -+ 16091, 16097, 16103, 16111, 16127, 16139, 16141, 16183, -+ 16187, 16189, 16193, 16217, 16223, 16229, 16231, 16249, -+ 16253, 16267, 16273, 16301, 16319, 16333, 16339, 16349, -+ 16361, 16363, 16369, 16381, 16411, 16417, 16421, 16427, -+ 16433, 16447, 16451, 16453, 16477, 16481, 16487, 16493, -+ 16519, 16529, 16547, 16553, 16561, 16567, 16573, 16603, -+ 16607, 16619, 16631, 16633, 16649, 16651, 16657, 16661, -+ 16673, 16691, 16693, 16699, 16703, 16729, 16741, 16747, -+ 16759, 16763, 16787, 16811, 16823, 16829, 16831, 16843, -+ 16871, 16879, 16883, 16889, 16901, 16903, 16921, 16927, -+ 16931, 16937, 16943, 16963, 16979, 16981, 16987, 16993, -+ 17011, 17021, 17027, 17029, 17033, 17041, 17047, 17053, -+ 17077, 17093, 17099, 17107, 17117, 17123, 17137, 17159, -+ 17167, 17183, 17189, 17191, 17203, 17207, 17209, 17231, -+ 17239, 17257, 17291, 17293, 17299, 17317, 17321, 17327, -+ 17333, 17341, 17351, 17359, 17377, 17383, 17387, 17389, -+ 17393, 17401, 17417, 17419, 17431, 17443, 17449, 17467, -+ 17471, 17477, 17483, 17489, 17491, 17497, 17509, 17519, -+ 17539, 17551, 17569, 17573, 17579, 17581, 17597, 17599, -+ 17609, 17623, 17627, 17657, 17659, 17669, 17681, 17683, -+ 17707, 17713, 17729, 17737, 17747, 17749, 17761, 17783, -+ 17789, 17791, 17807, 17827, 17837, 17839, 17851, 17863, -+#endif - }; -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_print.c b/Cryptlib/OpenSSL/crypto/bn/bn_print.c -index a16bde8..f121fb6 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_print.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_print.c -@@ -1,16 +1,65 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/bn/bn_print.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include - #include - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include "bn_lcl.h" - -@@ -64,8 +113,8 @@ char *BN_bn2dec(const BIGNUM *a) - /*- - * get an upper bound for the length of the decimal integer - * num <= (BN_num_bits(a) + 1) * log(2) -- * <= 3 * BN_num_bits(a) * 0.101 + log(2) + 1 (rounding error) -- * <= 3 * BN_num_bits(a) / 10 + 3 * BN_num_bits / 1000 + 1 + 1 -+ * <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1 (rounding error) -+ * <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1 - */ - i = BN_num_bits(a) * 3; - num = (i / 10 + i / 1000 + 1) + 1; -@@ -115,12 +164,16 @@ char *BN_bn2dec(const BIGNUM *a) - } - ok = 1; - err: -- OPENSSL_free(bn_data); -- BN_free(t); -- if (ok) -- return buf; -- OPENSSL_free(buf); -- return NULL; -+ if (bn_data != NULL) -+ OPENSSL_free(bn_data); -+ if (t != NULL) -+ BN_free(t); -+ if (!ok && buf) { -+ OPENSSL_free(buf); -+ buf = NULL; -+ } -+ -+ return (buf); - } - - int BN_hex2bn(BIGNUM **bn, const char *a) -@@ -141,7 +194,7 @@ int BN_hex2bn(BIGNUM **bn, const char *a) - for (i = 0; i <= (INT_MAX/4) && isxdigit((unsigned char)a[i]); i++) - continue; - -- if (i == 0 || i > INT_MAX/4) -+ if (i > INT_MAX/4) - goto err; - - num = i + neg; -@@ -169,8 +222,13 @@ int BN_hex2bn(BIGNUM **bn, const char *a) - l = 0; - for (;;) { - c = a[j - m]; -- k = OPENSSL_hexchar2int(c); -- if (k < 0) -+ if ((c >= '0') && (c <= '9')) -+ k = c - '0'; -+ else if ((c >= 'a') && (c <= 'f')) -+ k = c - 'a' + 10; -+ else if ((c >= 'A') && (c <= 'F')) -+ k = c - 'A' + 10; -+ else - k = 0; /* paranoia */ - l = (l << 4) | k; - -@@ -213,7 +271,7 @@ int BN_dec2bn(BIGNUM **bn, const char *a) - for (i = 0; i <= (INT_MAX/4) && isdigit((unsigned char)a[i]); i++) - continue; - -- if (i == 0 || i > INT_MAX/4) -+ if (i > INT_MAX/4) - goto err; - - num = i + neg; -@@ -245,9 +303,8 @@ int BN_dec2bn(BIGNUM **bn, const char *a) - l += *a - '0'; - a++; - if (++j == BN_DEC_NUM) { -- if (!BN_mul_word(ret, BN_DEC_CONV) -- || !BN_add_word(ret, l)) -- goto err; -+ BN_mul_word(ret, BN_DEC_CONV); -+ BN_add_word(ret, l); - l = 0; - j = 0; - } -@@ -286,7 +343,8 @@ int BN_asc2bn(BIGNUM **bn, const char *a) - return 1; - } - --# ifndef OPENSSL_NO_STDIO -+#ifndef OPENSSL_NO_BIO -+# ifndef OPENSSL_NO_FP_API - int BN_print_fp(FILE *fp, const BIGNUM *a) - { - BIO *b; -@@ -325,6 +383,7 @@ int BN_print(BIO *bp, const BIGNUM *a) - end: - return (ret); - } -+#endif - - char *BN_options(void) - { -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_rand.c b/Cryptlib/OpenSSL/crypto/bn/bn_rand.c -index 9ce4c5f..60d3f22 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_rand.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_rand.c -@@ -1,18 +1,119 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/bn/bn_rand.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+/* ==================================================================== -+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include "bn_lcl.h" - #include --#include - - static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) - { -@@ -21,7 +122,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) - time_t tim; - - if (bits == 0) { -- if (top != BN_RAND_TOP_ANY || bottom != BN_RAND_BOTTOM_ANY) -+ if (top != -1 || bottom != 0) - goto toosmall; - BN_zero(rnd); - return 1; -@@ -33,7 +134,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) - bit = (bits - 1) % 8; - mask = 0xff << (bit + 1); - -- buf = OPENSSL_malloc(bytes); -+ buf = (unsigned char *)OPENSSL_malloc(bytes); - if (buf == NULL) { - BNerr(BN_F_BNRAND, ERR_R_MALLOC_FAILURE); - goto err; -@@ -43,9 +144,11 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) - time(&tim); - RAND_add(&tim, sizeof(tim), 0.0); - -+ /* We ignore the value of pseudorand and always call RAND_bytes */ - if (RAND_bytes(buf, bytes) <= 0) - goto err; - -+#if 1 - if (pseudorand == 2) { - /* - * generate patterns that are more likely to trigger BN library bugs -@@ -54,7 +157,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) - unsigned char c; - - for (i = 0; i < bytes; i++) { -- if (RAND_bytes(&c, 1) <= 0) -+ if (RAND_pseudo_bytes(&c, 1) < 0) - goto err; - if (c >= 128 && i > 0) - buf[i] = buf[i - 1]; -@@ -64,6 +167,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) - buf[i] = 255; - } - } -+#endif - - if (top >= 0) { - if (top) { -@@ -84,7 +188,10 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) - goto err; - ret = 1; - err: -- OPENSSL_clear_free(buf, bytes); -+ if (buf != NULL) { -+ OPENSSL_cleanse(buf, bytes); -+ OPENSSL_free(buf); -+ } - bn_check_top(rnd); - return (ret); - -@@ -103,10 +210,12 @@ int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom) - return bnrand(1, rnd, bits, top, bottom); - } - -+#if 1 - int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom) - { - return bnrand(2, rnd, bits, top, bottom); - } -+#endif - - /* random number r: 0 <= r < range */ - static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range) -@@ -133,7 +242,7 @@ static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range) - * than range - */ - do { -- if (!bn_rand(r, n + 1, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) -+ if (!bn_rand(r, n + 1, -1, 0)) - return 0; - /* - * If r < 3*range, use r := r MOD range (which is either r, r - -@@ -159,7 +268,7 @@ static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range) - } else { - do { - /* range = 11..._2 or range = 101..._2 */ -- if (!bn_rand(r, n, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) -+ if (!bn_rand(r, n, -1, 0)) - return 0; - - if (!--count) { -@@ -183,76 +292,3 @@ int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range) - { - return bn_rand_range(1, r, range); - } -- --/* -- * BN_generate_dsa_nonce generates a random number 0 <= out < range. Unlike -- * BN_rand_range, it also includes the contents of |priv| and |message| in -- * the generation so that an RNG failure isn't fatal as long as |priv| -- * remains secret. This is intended for use in DSA and ECDSA where an RNG -- * weakness leads directly to private key exposure unless this function is -- * used. -- */ --int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, -- const BIGNUM *priv, const unsigned char *message, -- size_t message_len, BN_CTX *ctx) --{ -- SHA512_CTX sha; -- /* -- * We use 512 bits of random data per iteration to ensure that we have at -- * least |range| bits of randomness. -- */ -- unsigned char random_bytes[64]; -- unsigned char digest[SHA512_DIGEST_LENGTH]; -- unsigned done, todo; -- /* We generate |range|+8 bytes of random output. */ -- const unsigned num_k_bytes = BN_num_bytes(range) + 8; -- unsigned char private_bytes[96]; -- unsigned char *k_bytes; -- int ret = 0; -- -- k_bytes = OPENSSL_malloc(num_k_bytes); -- if (k_bytes == NULL) -- goto err; -- -- /* We copy |priv| into a local buffer to avoid exposing its length. */ -- todo = sizeof(priv->d[0]) * priv->top; -- if (todo > sizeof(private_bytes)) { -- /* -- * No reasonable DSA or ECDSA key should have a private key this -- * large and we don't handle this case in order to avoid leaking the -- * length of the private key. -- */ -- BNerr(BN_F_BN_GENERATE_DSA_NONCE, BN_R_PRIVATE_KEY_TOO_LARGE); -- goto err; -- } -- memcpy(private_bytes, priv->d, todo); -- memset(private_bytes + todo, 0, sizeof(private_bytes) - todo); -- -- for (done = 0; done < num_k_bytes;) { -- if (RAND_bytes(random_bytes, sizeof(random_bytes)) != 1) -- goto err; -- SHA512_Init(&sha); -- SHA512_Update(&sha, &done, sizeof(done)); -- SHA512_Update(&sha, private_bytes, sizeof(private_bytes)); -- SHA512_Update(&sha, message, message_len); -- SHA512_Update(&sha, random_bytes, sizeof(random_bytes)); -- SHA512_Final(digest, &sha); -- -- todo = num_k_bytes - done; -- if (todo > SHA512_DIGEST_LENGTH) -- todo = SHA512_DIGEST_LENGTH; -- memcpy(k_bytes + done, digest, todo); -- done += todo; -- } -- -- if (!BN_bin2bn(k_bytes, num_k_bytes, out)) -- goto err; -- if (BN_mod(out, out, range, ctx) != 1) -- goto err; -- ret = 1; -- -- err: -- OPENSSL_free(k_bytes); -- OPENSSL_cleanse(private_bytes, sizeof(private_bytes)); -- return ret; --} -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_recp.c b/Cryptlib/OpenSSL/crypto/bn/bn_recp.c -index 20585b9..f047040 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_recp.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_recp.c -@@ -1,31 +1,82 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/bn/bn_recp.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - --#include "internal/cryptlib.h" -+#include -+#include "cryptlib.h" - #include "bn_lcl.h" - - void BN_RECP_CTX_init(BN_RECP_CTX *recp) - { -- memset(recp, 0, sizeof(*recp)); -- bn_init(&(recp->N)); -- bn_init(&(recp->Nr)); -+ BN_init(&(recp->N)); -+ BN_init(&(recp->Nr)); -+ recp->num_bits = 0; -+ recp->shift = 0; -+ recp->flags = 0; - } - - BN_RECP_CTX *BN_RECP_CTX_new(void) - { - BN_RECP_CTX *ret; - -- if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) -+ if ((ret = (BN_RECP_CTX *)OPENSSL_malloc(sizeof(BN_RECP_CTX))) == NULL) - return (NULL); - -- bn_init(&(ret->N)); -- bn_init(&(ret->Nr)); -+ BN_RECP_CTX_init(ret); - ret->flags = BN_FLG_MALLOCED; - return (ret); - } -@@ -148,6 +199,7 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, - goto err; - r->neg = 0; - -+#if 1 - j = 0; - while (BN_ucmp(r, &(recp->N)) >= 0) { - if (j++ > 2) { -@@ -159,6 +211,7 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, - if (!BN_add_word(d, 1)) - goto err; - } -+#endif - - r->neg = BN_is_zero(r) ? 0 : m->neg; - d->neg = m->neg ^ recp->N.neg; -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_shift.c b/Cryptlib/OpenSSL/crypto/bn/bn_shift.c -index 6a1eec8..9673d9a 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_shift.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_shift.c -@@ -1,13 +1,63 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/bn/bn_shift.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - --#include "internal/cryptlib.h" -+#include -+#include "cryptlib.h" - #include "bn_lcl.h" - - int BN_lshift1(BIGNUM *r, const BIGNUM *a) -@@ -74,8 +124,6 @@ int BN_rshift1(BIGNUM *r, const BIGNUM *a) - c = (t & 1) ? BN_TBIT : 0; - } - r->top = j; -- if (!r->top) -- r->neg = 0; /* don't allow negative zero */ - bn_check_top(r); - return (1); - } -@@ -94,10 +142,10 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) - return 0; - } - -+ r->neg = a->neg; - nw = n / BN_BITS2; - if (bn_wexpand(r, a->top + nw + 1) == NULL) - return (0); -- r->neg = a->neg; - lb = n % BN_BITS2; - rb = BN_BITS2 - lb; - f = a->d; -@@ -112,7 +160,10 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) - t[nw + i + 1] |= (l >> rb) & BN_MASK2; - t[nw + i] = (l << lb) & BN_MASK2; - } -- memset(t, 0, sizeof(*t) * nw); -+ memset(t, 0, nw * sizeof(t[0])); -+ /* -+ * for (i=0; itop = a->top + nw + 1; - bn_correct_top(r); - bn_check_top(r); -@@ -142,9 +193,9 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) - } - i = (BN_num_bits(a) - n + (BN_BITS2 - 1)) / BN_BITS2; - if (r != a) { -+ r->neg = a->neg; - if (bn_wexpand(r, i) == NULL) - return (0); -- r->neg = a->neg; - } else { - if (n == 0) - return 1; /* or the copying loop will go berserk */ -@@ -168,8 +219,6 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) - if ((l = (l >> rb) & BN_MASK2)) - *(t) = l; - } -- if (!r->top) -- r->neg = 0; /* don't allow negative zero */ - bn_check_top(r); - return (1); - } -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_sqr.c b/Cryptlib/OpenSSL/crypto/bn/bn_sqr.c -index 44e7332..256d26e 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_sqr.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_sqr.c -@@ -1,13 +1,63 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/bn/bn_sqr.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - --#include "internal/cryptlib.h" -+#include -+#include "cryptlib.h" - #include "bn_lcl.h" - - /* r must not be a */ -@@ -20,6 +70,9 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) - int ret = 0; - BIGNUM *tmp, *rr; - -+#ifdef BN_COUNT -+ fprintf(stderr, "BN_sqr %d * %d\n", a->top, a->top); -+#endif - bn_check_top(a); - - al = a->top; -@@ -155,6 +208,9 @@ void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t) - int zero, c1; - BN_ULONG ln, lo, *p; - -+# ifdef BN_COUNT -+ fprintf(stderr, " bn_sqr_recursive %d * %d\n", n2, n2); -+# endif - if (n2 == 4) { - # ifndef BN_SQR_COMBA - bn_sqr_normal(r, a, 4, t); -@@ -190,7 +246,7 @@ void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t) - if (!zero) - bn_sqr_recursive(&(t[n2]), t, n, p); - else -- memset(&t[n2], 0, sizeof(*t) * n2); -+ memset(&(t[n2]), 0, n2 * sizeof(BN_ULONG)); - bn_sqr_recursive(r, a, n, p); - bn_sqr_recursive(&(r[n2]), &(a[n]), n, p); - -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c b/Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c -index 84376c7..232af99 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c -@@ -1,13 +1,63 @@ -+/* crypto/bn/bn_sqrt.c */ - /* -- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Lenka Fibikova and Bodo -+ * Moeller for the OpenSSL project. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include "bn_lcl.h" - - BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) -@@ -348,8 +398,9 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) - - end: - if (err) { -- if (ret != in) -+ if (ret != NULL && ret != in) { - BN_clear_free(ret); -+ } - ret = NULL; - } - BN_CTX_end(ctx); -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_srp.c b/Cryptlib/OpenSSL/crypto/bn/bn_srp.c -deleted file mode 100644 -index 58b1691..0000000 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_srp.c -+++ /dev/null -@@ -1,545 +0,0 @@ --/* -- * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include "bn_lcl.h" --#include "e_os.h" -- --#ifndef OPENSSL_NO_SRP -- --#include --#include -- --# if (BN_BYTES == 8) --# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) --# define bn_pack4(a1,a2,a3,a4) ((a1##UI64<<48)|(a2##UI64<<32)|(a3##UI64<<16)|a4##UI64) --# elif defined(__arch64__) --# define bn_pack4(a1,a2,a3,a4) ((a1##UL<<48)|(a2##UL<<32)|(a3##UL<<16)|a4##UL) --# else --# define bn_pack4(a1,a2,a3,a4) ((a1##ULL<<48)|(a2##ULL<<32)|(a3##ULL<<16)|a4##ULL) --# endif --# elif (BN_BYTES == 4) --# define bn_pack4(a1,a2,a3,a4) ((a3##UL<<16)|a4##UL), ((a1##UL<<16)|a2##UL) --# else --# error "unsupported BN_BYTES" --# endif -- --static const BN_ULONG bn_group_1024_value[] = { -- bn_pack4(0x9FC6, 0x1D2F, 0xC0EB, 0x06E3), -- bn_pack4(0xFD51, 0x38FE, 0x8376, 0x435B), -- bn_pack4(0x2FD4, 0xCBF4, 0x976E, 0xAA9A), -- bn_pack4(0x68ED, 0xBC3C, 0x0572, 0x6CC0), -- bn_pack4(0xC529, 0xF566, 0x660E, 0x57EC), -- bn_pack4(0x8255, 0x9B29, 0x7BCF, 0x1885), -- bn_pack4(0xCE8E, 0xF4AD, 0x69B1, 0x5D49), -- bn_pack4(0x5DC7, 0xD7B4, 0x6154, 0xD6B6), -- bn_pack4(0x8E49, 0x5C1D, 0x6089, 0xDAD1), -- bn_pack4(0xE0D5, 0xD8E2, 0x50B9, 0x8BE4), -- bn_pack4(0x383B, 0x4813, 0xD692, 0xC6E0), -- bn_pack4(0xD674, 0xDF74, 0x96EA, 0x81D3), -- bn_pack4(0x9EA2, 0x314C, 0x9C25, 0x6576), -- bn_pack4(0x6072, 0x6187, 0x75FF, 0x3C0B), -- bn_pack4(0x9C33, 0xF80A, 0xFA8F, 0xC5E8), -- bn_pack4(0xEEAF, 0x0AB9, 0xADB3, 0x8DD6) --}; -- --const BIGNUM bn_group_1024 = { -- (BN_ULONG *)bn_group_1024_value, -- OSSL_NELEM(bn_group_1024_value), -- OSSL_NELEM(bn_group_1024_value), -- 0, -- BN_FLG_STATIC_DATA --}; -- --static const BN_ULONG bn_group_1536_value[] = { -- bn_pack4(0xCF76, 0xE3FE, 0xD135, 0xF9BB), -- bn_pack4(0x1518, 0x0F93, 0x499A, 0x234D), -- bn_pack4(0x8CE7, 0xA28C, 0x2442, 0xC6F3), -- bn_pack4(0x5A02, 0x1FFF, 0x5E91, 0x479E), -- bn_pack4(0x7F8A, 0x2FE9, 0xB8B5, 0x292E), -- bn_pack4(0x837C, 0x264A, 0xE3A9, 0xBEB8), -- bn_pack4(0xE442, 0x734A, 0xF7CC, 0xB7AE), -- bn_pack4(0x6577, 0x2E43, 0x7D6C, 0x7F8C), -- bn_pack4(0xDB2F, 0xD53D, 0x24B7, 0xC486), -- bn_pack4(0x6EDF, 0x0195, 0x3934, 0x9627), -- bn_pack4(0x158B, 0xFD3E, 0x2B9C, 0x8CF5), -- bn_pack4(0x764E, 0x3F4B, 0x53DD, 0x9DA1), -- bn_pack4(0x4754, 0x8381, 0xDBC5, 0xB1FC), -- bn_pack4(0x9B60, 0x9E0B, 0xE3BA, 0xB63D), -- bn_pack4(0x8134, 0xB1C8, 0xB979, 0x8914), -- bn_pack4(0xDF02, 0x8A7C, 0xEC67, 0xF0D0), -- bn_pack4(0x80B6, 0x55BB, 0x9A22, 0xE8DC), -- bn_pack4(0x1558, 0x903B, 0xA0D0, 0xF843), -- bn_pack4(0x51C6, 0xA94B, 0xE460, 0x7A29), -- bn_pack4(0x5F4F, 0x5F55, 0x6E27, 0xCBDE), -- bn_pack4(0xBEEE, 0xA961, 0x4B19, 0xCC4D), -- bn_pack4(0xDBA5, 0x1DF4, 0x99AC, 0x4C80), -- bn_pack4(0xB1F1, 0x2A86, 0x17A4, 0x7BBB), -- bn_pack4(0x9DEF, 0x3CAF, 0xB939, 0x277A) --}; -- --const BIGNUM bn_group_1536 = { -- (BN_ULONG *)bn_group_1536_value, -- OSSL_NELEM(bn_group_1536_value), -- OSSL_NELEM(bn_group_1536_value), -- 0, -- BN_FLG_STATIC_DATA --}; -- --static const BN_ULONG bn_group_2048_value[] = { -- bn_pack4(0x0FA7, 0x111F, 0x9E4A, 0xFF73), -- bn_pack4(0x9B65, 0xE372, 0xFCD6, 0x8EF2), -- bn_pack4(0x35DE, 0x236D, 0x525F, 0x5475), -- bn_pack4(0x94B5, 0xC803, 0xD89F, 0x7AE4), -- bn_pack4(0x71AE, 0x35F8, 0xE9DB, 0xFBB6), -- bn_pack4(0x2A56, 0x98F3, 0xA8D0, 0xC382), -- bn_pack4(0x9CCC, 0x041C, 0x7BC3, 0x08D8), -- bn_pack4(0xAF87, 0x4E73, 0x03CE, 0x5329), -- bn_pack4(0x6160, 0x2790, 0x04E5, 0x7AE6), -- bn_pack4(0x032C, 0xFBDB, 0xF52F, 0xB378), -- bn_pack4(0x5EA7, 0x7A27, 0x75D2, 0xECFA), -- bn_pack4(0x5445, 0x23B5, 0x24B0, 0xD57D), -- bn_pack4(0x5B9D, 0x32E6, 0x88F8, 0x7748), -- bn_pack4(0xF1D2, 0xB907, 0x8717, 0x461A), -- bn_pack4(0x76BD, 0x207A, 0x436C, 0x6481), -- bn_pack4(0xCA97, 0xB43A, 0x23FB, 0x8016), -- bn_pack4(0x1D28, 0x1E44, 0x6B14, 0x773B), -- bn_pack4(0x7359, 0xD041, 0xD5C3, 0x3EA7), -- bn_pack4(0xA80D, 0x740A, 0xDBF4, 0xFF74), -- bn_pack4(0x55F9, 0x7993, 0xEC97, 0x5EEA), -- bn_pack4(0x2918, 0xA996, 0x2F0B, 0x93B8), -- bn_pack4(0x661A, 0x05FB, 0xD5FA, 0xAAE8), -- bn_pack4(0xCF60, 0x9517, 0x9A16, 0x3AB3), -- bn_pack4(0xE808, 0x3969, 0xEDB7, 0x67B0), -- bn_pack4(0xCD7F, 0x48A9, 0xDA04, 0xFD50), -- bn_pack4(0xD523, 0x12AB, 0x4B03, 0x310D), -- bn_pack4(0x8193, 0xE075, 0x7767, 0xA13D), -- bn_pack4(0xA373, 0x29CB, 0xB4A0, 0x99ED), -- bn_pack4(0xFC31, 0x9294, 0x3DB5, 0x6050), -- bn_pack4(0xAF72, 0xB665, 0x1987, 0xEE07), -- bn_pack4(0xF166, 0xDE5E, 0x1389, 0x582F), -- bn_pack4(0xAC6B, 0xDB41, 0x324A, 0x9A9B) --}; -- --const BIGNUM bn_group_2048 = { -- (BN_ULONG *)bn_group_2048_value, -- OSSL_NELEM(bn_group_2048_value), -- OSSL_NELEM(bn_group_2048_value), -- 0, -- BN_FLG_STATIC_DATA --}; -- --static const BN_ULONG bn_group_3072_value[] = { -- bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF), -- bn_pack4(0x4B82, 0xD120, 0xA93A, 0xD2CA), -- bn_pack4(0x43DB, 0x5BFC, 0xE0FD, 0x108E), -- bn_pack4(0x08E2, 0x4FA0, 0x74E5, 0xAB31), -- bn_pack4(0x7709, 0x88C0, 0xBAD9, 0x46E2), -- bn_pack4(0xBBE1, 0x1757, 0x7A61, 0x5D6C), -- bn_pack4(0x521F, 0x2B18, 0x177B, 0x200C), -- bn_pack4(0xD876, 0x0273, 0x3EC8, 0x6A64), -- bn_pack4(0xF12F, 0xFA06, 0xD98A, 0x0864), -- bn_pack4(0xCEE3, 0xD226, 0x1AD2, 0xEE6B), -- bn_pack4(0x1E8C, 0x94E0, 0x4A25, 0x619D), -- bn_pack4(0xABF5, 0xAE8C, 0xDB09, 0x33D7), -- bn_pack4(0xB397, 0x0F85, 0xA6E1, 0xE4C7), -- bn_pack4(0x8AEA, 0x7157, 0x5D06, 0x0C7D), -- bn_pack4(0xECFB, 0x8504, 0x58DB, 0xEF0A), -- bn_pack4(0xA855, 0x21AB, 0xDF1C, 0xBA64), -- bn_pack4(0xAD33, 0x170D, 0x0450, 0x7A33), -- bn_pack4(0x1572, 0x8E5A, 0x8AAA, 0xC42D), -- bn_pack4(0x15D2, 0x2618, 0x98FA, 0x0510), -- bn_pack4(0x3995, 0x497C, 0xEA95, 0x6AE5), -- bn_pack4(0xDE2B, 0xCBF6, 0x9558, 0x1718), -- bn_pack4(0xB5C5, 0x5DF0, 0x6F4C, 0x52C9), -- bn_pack4(0x9B27, 0x83A2, 0xEC07, 0xA28F), -- bn_pack4(0xE39E, 0x772C, 0x180E, 0x8603), -- bn_pack4(0x3290, 0x5E46, 0x2E36, 0xCE3B), -- bn_pack4(0xF174, 0x6C08, 0xCA18, 0x217C), -- bn_pack4(0x670C, 0x354E, 0x4ABC, 0x9804), -- bn_pack4(0x9ED5, 0x2907, 0x7096, 0x966D), -- bn_pack4(0x1C62, 0xF356, 0x2085, 0x52BB), -- bn_pack4(0x8365, 0x5D23, 0xDCA3, 0xAD96), -- bn_pack4(0x6916, 0x3FA8, 0xFD24, 0xCF5F), -- bn_pack4(0x98DA, 0x4836, 0x1C55, 0xD39A), -- bn_pack4(0xC200, 0x7CB8, 0xA163, 0xBF05), -- bn_pack4(0x4928, 0x6651, 0xECE4, 0x5B3D), -- bn_pack4(0xAE9F, 0x2411, 0x7C4B, 0x1FE6), -- bn_pack4(0xEE38, 0x6BFB, 0x5A89, 0x9FA5), -- bn_pack4(0x0BFF, 0x5CB6, 0xF406, 0xB7ED), -- bn_pack4(0xF44C, 0x42E9, 0xA637, 0xED6B), -- bn_pack4(0xE485, 0xB576, 0x625E, 0x7EC6), -- bn_pack4(0x4FE1, 0x356D, 0x6D51, 0xC245), -- bn_pack4(0x302B, 0x0A6D, 0xF25F, 0x1437), -- bn_pack4(0xEF95, 0x19B3, 0xCD3A, 0x431B), -- bn_pack4(0x514A, 0x0879, 0x8E34, 0x04DD), -- bn_pack4(0x020B, 0xBEA6, 0x3B13, 0x9B22), -- bn_pack4(0x2902, 0x4E08, 0x8A67, 0xCC74), -- bn_pack4(0xC4C6, 0x628B, 0x80DC, 0x1CD1), -- bn_pack4(0xC90F, 0xDAA2, 0x2168, 0xC234), -- bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF) --}; -- --const BIGNUM bn_group_3072 = { -- (BN_ULONG *)bn_group_3072_value, -- OSSL_NELEM(bn_group_3072_value), -- OSSL_NELEM(bn_group_3072_value), -- 0, -- BN_FLG_STATIC_DATA --}; -- --static const BN_ULONG bn_group_4096_value[] = { -- bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF), -- bn_pack4(0x4DF4, 0x35C9, 0x3406, 0x3199), -- bn_pack4(0x86FF, 0xB7DC, 0x90A6, 0xC08F), -- bn_pack4(0x93B4, 0xEA98, 0x8D8F, 0xDDC1), -- bn_pack4(0xD006, 0x9127, 0xD5B0, 0x5AA9), -- bn_pack4(0xB81B, 0xDD76, 0x2170, 0x481C), -- bn_pack4(0x1F61, 0x2970, 0xCEE2, 0xD7AF), -- bn_pack4(0x233B, 0xA186, 0x515B, 0xE7ED), -- bn_pack4(0x99B2, 0x964F, 0xA090, 0xC3A2), -- bn_pack4(0x287C, 0x5947, 0x4E6B, 0xC05D), -- bn_pack4(0x2E8E, 0xFC14, 0x1FBE, 0xCAA6), -- bn_pack4(0xDBBB, 0xC2DB, 0x04DE, 0x8EF9), -- bn_pack4(0x2583, 0xE9CA, 0x2AD4, 0x4CE8), -- bn_pack4(0x1A94, 0x6834, 0xB615, 0x0BDA), -- bn_pack4(0x99C3, 0x2718, 0x6AF4, 0xE23C), -- bn_pack4(0x8871, 0x9A10, 0xBDBA, 0x5B26), -- bn_pack4(0x1A72, 0x3C12, 0xA787, 0xE6D7), -- bn_pack4(0x4B82, 0xD120, 0xA921, 0x0801), -- bn_pack4(0x43DB, 0x5BFC, 0xE0FD, 0x108E), -- bn_pack4(0x08E2, 0x4FA0, 0x74E5, 0xAB31), -- bn_pack4(0x7709, 0x88C0, 0xBAD9, 0x46E2), -- bn_pack4(0xBBE1, 0x1757, 0x7A61, 0x5D6C), -- bn_pack4(0x521F, 0x2B18, 0x177B, 0x200C), -- bn_pack4(0xD876, 0x0273, 0x3EC8, 0x6A64), -- bn_pack4(0xF12F, 0xFA06, 0xD98A, 0x0864), -- bn_pack4(0xCEE3, 0xD226, 0x1AD2, 0xEE6B), -- bn_pack4(0x1E8C, 0x94E0, 0x4A25, 0x619D), -- bn_pack4(0xABF5, 0xAE8C, 0xDB09, 0x33D7), -- bn_pack4(0xB397, 0x0F85, 0xA6E1, 0xE4C7), -- bn_pack4(0x8AEA, 0x7157, 0x5D06, 0x0C7D), -- bn_pack4(0xECFB, 0x8504, 0x58DB, 0xEF0A), -- bn_pack4(0xA855, 0x21AB, 0xDF1C, 0xBA64), -- bn_pack4(0xAD33, 0x170D, 0x0450, 0x7A33), -- bn_pack4(0x1572, 0x8E5A, 0x8AAA, 0xC42D), -- bn_pack4(0x15D2, 0x2618, 0x98FA, 0x0510), -- bn_pack4(0x3995, 0x497C, 0xEA95, 0x6AE5), -- bn_pack4(0xDE2B, 0xCBF6, 0x9558, 0x1718), -- bn_pack4(0xB5C5, 0x5DF0, 0x6F4C, 0x52C9), -- bn_pack4(0x9B27, 0x83A2, 0xEC07, 0xA28F), -- bn_pack4(0xE39E, 0x772C, 0x180E, 0x8603), -- bn_pack4(0x3290, 0x5E46, 0x2E36, 0xCE3B), -- bn_pack4(0xF174, 0x6C08, 0xCA18, 0x217C), -- bn_pack4(0x670C, 0x354E, 0x4ABC, 0x9804), -- bn_pack4(0x9ED5, 0x2907, 0x7096, 0x966D), -- bn_pack4(0x1C62, 0xF356, 0x2085, 0x52BB), -- bn_pack4(0x8365, 0x5D23, 0xDCA3, 0xAD96), -- bn_pack4(0x6916, 0x3FA8, 0xFD24, 0xCF5F), -- bn_pack4(0x98DA, 0x4836, 0x1C55, 0xD39A), -- bn_pack4(0xC200, 0x7CB8, 0xA163, 0xBF05), -- bn_pack4(0x4928, 0x6651, 0xECE4, 0x5B3D), -- bn_pack4(0xAE9F, 0x2411, 0x7C4B, 0x1FE6), -- bn_pack4(0xEE38, 0x6BFB, 0x5A89, 0x9FA5), -- bn_pack4(0x0BFF, 0x5CB6, 0xF406, 0xB7ED), -- bn_pack4(0xF44C, 0x42E9, 0xA637, 0xED6B), -- bn_pack4(0xE485, 0xB576, 0x625E, 0x7EC6), -- bn_pack4(0x4FE1, 0x356D, 0x6D51, 0xC245), -- bn_pack4(0x302B, 0x0A6D, 0xF25F, 0x1437), -- bn_pack4(0xEF95, 0x19B3, 0xCD3A, 0x431B), -- bn_pack4(0x514A, 0x0879, 0x8E34, 0x04DD), -- bn_pack4(0x020B, 0xBEA6, 0x3B13, 0x9B22), -- bn_pack4(0x2902, 0x4E08, 0x8A67, 0xCC74), -- bn_pack4(0xC4C6, 0x628B, 0x80DC, 0x1CD1), -- bn_pack4(0xC90F, 0xDAA2, 0x2168, 0xC234), -- bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF) --}; -- --const BIGNUM bn_group_4096 = { -- (BN_ULONG *)bn_group_4096_value, -- OSSL_NELEM(bn_group_4096_value), -- OSSL_NELEM(bn_group_4096_value), -- 0, -- BN_FLG_STATIC_DATA --}; -- --static const BN_ULONG bn_group_6144_value[] = { -- bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF), -- bn_pack4(0xE694, 0xF91E, 0x6DCC, 0x4024), -- bn_pack4(0x12BF, 0x2D5B, 0x0B74, 0x74D6), -- bn_pack4(0x043E, 0x8F66, 0x3F48, 0x60EE), -- bn_pack4(0x387F, 0xE8D7, 0x6E3C, 0x0468), -- bn_pack4(0xDA56, 0xC9EC, 0x2EF2, 0x9632), -- bn_pack4(0xEB19, 0xCCB1, 0xA313, 0xD55C), -- bn_pack4(0xF550, 0xAA3D, 0x8A1F, 0xBFF0), -- bn_pack4(0x06A1, 0xD58B, 0xB7C5, 0xDA76), -- bn_pack4(0xA797, 0x15EE, 0xF29B, 0xE328), -- bn_pack4(0x14CC, 0x5ED2, 0x0F80, 0x37E0), -- bn_pack4(0xCC8F, 0x6D7E, 0xBF48, 0xE1D8), -- bn_pack4(0x4BD4, 0x07B2, 0x2B41, 0x54AA), -- bn_pack4(0x0F1D, 0x45B7, 0xFF58, 0x5AC5), -- bn_pack4(0x23A9, 0x7A7E, 0x36CC, 0x88BE), -- bn_pack4(0x59E7, 0xC97F, 0xBEC7, 0xE8F3), -- bn_pack4(0xB5A8, 0x4031, 0x900B, 0x1C9E), -- bn_pack4(0xD55E, 0x702F, 0x4698, 0x0C82), -- bn_pack4(0xF482, 0xD7CE, 0x6E74, 0xFEF6), -- bn_pack4(0xF032, 0xEA15, 0xD172, 0x1D03), -- bn_pack4(0x5983, 0xCA01, 0xC64B, 0x92EC), -- bn_pack4(0x6FB8, 0xF401, 0x378C, 0xD2BF), -- bn_pack4(0x3320, 0x5151, 0x2BD7, 0xAF42), -- bn_pack4(0xDB7F, 0x1447, 0xE6CC, 0x254B), -- bn_pack4(0x44CE, 0x6CBA, 0xCED4, 0xBB1B), -- bn_pack4(0xDA3E, 0xDBEB, 0xCF9B, 0x14ED), -- bn_pack4(0x1797, 0x27B0, 0x865A, 0x8918), -- bn_pack4(0xB06A, 0x53ED, 0x9027, 0xD831), -- bn_pack4(0xE5DB, 0x382F, 0x4130, 0x01AE), -- bn_pack4(0xF8FF, 0x9406, 0xAD9E, 0x530E), -- bn_pack4(0xC975, 0x1E76, 0x3DBA, 0x37BD), -- bn_pack4(0xC1D4, 0xDCB2, 0x6026, 0x46DE), -- bn_pack4(0x36C3, 0xFAB4, 0xD27C, 0x7026), -- bn_pack4(0x4DF4, 0x35C9, 0x3402, 0x8492), -- bn_pack4(0x86FF, 0xB7DC, 0x90A6, 0xC08F), -- bn_pack4(0x93B4, 0xEA98, 0x8D8F, 0xDDC1), -- bn_pack4(0xD006, 0x9127, 0xD5B0, 0x5AA9), -- bn_pack4(0xB81B, 0xDD76, 0x2170, 0x481C), -- bn_pack4(0x1F61, 0x2970, 0xCEE2, 0xD7AF), -- bn_pack4(0x233B, 0xA186, 0x515B, 0xE7ED), -- bn_pack4(0x99B2, 0x964F, 0xA090, 0xC3A2), -- bn_pack4(0x287C, 0x5947, 0x4E6B, 0xC05D), -- bn_pack4(0x2E8E, 0xFC14, 0x1FBE, 0xCAA6), -- bn_pack4(0xDBBB, 0xC2DB, 0x04DE, 0x8EF9), -- bn_pack4(0x2583, 0xE9CA, 0x2AD4, 0x4CE8), -- bn_pack4(0x1A94, 0x6834, 0xB615, 0x0BDA), -- bn_pack4(0x99C3, 0x2718, 0x6AF4, 0xE23C), -- bn_pack4(0x8871, 0x9A10, 0xBDBA, 0x5B26), -- bn_pack4(0x1A72, 0x3C12, 0xA787, 0xE6D7), -- bn_pack4(0x4B82, 0xD120, 0xA921, 0x0801), -- bn_pack4(0x43DB, 0x5BFC, 0xE0FD, 0x108E), -- bn_pack4(0x08E2, 0x4FA0, 0x74E5, 0xAB31), -- bn_pack4(0x7709, 0x88C0, 0xBAD9, 0x46E2), -- bn_pack4(0xBBE1, 0x1757, 0x7A61, 0x5D6C), -- bn_pack4(0x521F, 0x2B18, 0x177B, 0x200C), -- bn_pack4(0xD876, 0x0273, 0x3EC8, 0x6A64), -- bn_pack4(0xF12F, 0xFA06, 0xD98A, 0x0864), -- bn_pack4(0xCEE3, 0xD226, 0x1AD2, 0xEE6B), -- bn_pack4(0x1E8C, 0x94E0, 0x4A25, 0x619D), -- bn_pack4(0xABF5, 0xAE8C, 0xDB09, 0x33D7), -- bn_pack4(0xB397, 0x0F85, 0xA6E1, 0xE4C7), -- bn_pack4(0x8AEA, 0x7157, 0x5D06, 0x0C7D), -- bn_pack4(0xECFB, 0x8504, 0x58DB, 0xEF0A), -- bn_pack4(0xA855, 0x21AB, 0xDF1C, 0xBA64), -- bn_pack4(0xAD33, 0x170D, 0x0450, 0x7A33), -- bn_pack4(0x1572, 0x8E5A, 0x8AAA, 0xC42D), -- bn_pack4(0x15D2, 0x2618, 0x98FA, 0x0510), -- bn_pack4(0x3995, 0x497C, 0xEA95, 0x6AE5), -- bn_pack4(0xDE2B, 0xCBF6, 0x9558, 0x1718), -- bn_pack4(0xB5C5, 0x5DF0, 0x6F4C, 0x52C9), -- bn_pack4(0x9B27, 0x83A2, 0xEC07, 0xA28F), -- bn_pack4(0xE39E, 0x772C, 0x180E, 0x8603), -- bn_pack4(0x3290, 0x5E46, 0x2E36, 0xCE3B), -- bn_pack4(0xF174, 0x6C08, 0xCA18, 0x217C), -- bn_pack4(0x670C, 0x354E, 0x4ABC, 0x9804), -- bn_pack4(0x9ED5, 0x2907, 0x7096, 0x966D), -- bn_pack4(0x1C62, 0xF356, 0x2085, 0x52BB), -- bn_pack4(0x8365, 0x5D23, 0xDCA3, 0xAD96), -- bn_pack4(0x6916, 0x3FA8, 0xFD24, 0xCF5F), -- bn_pack4(0x98DA, 0x4836, 0x1C55, 0xD39A), -- bn_pack4(0xC200, 0x7CB8, 0xA163, 0xBF05), -- bn_pack4(0x4928, 0x6651, 0xECE4, 0x5B3D), -- bn_pack4(0xAE9F, 0x2411, 0x7C4B, 0x1FE6), -- bn_pack4(0xEE38, 0x6BFB, 0x5A89, 0x9FA5), -- bn_pack4(0x0BFF, 0x5CB6, 0xF406, 0xB7ED), -- bn_pack4(0xF44C, 0x42E9, 0xA637, 0xED6B), -- bn_pack4(0xE485, 0xB576, 0x625E, 0x7EC6), -- bn_pack4(0x4FE1, 0x356D, 0x6D51, 0xC245), -- bn_pack4(0x302B, 0x0A6D, 0xF25F, 0x1437), -- bn_pack4(0xEF95, 0x19B3, 0xCD3A, 0x431B), -- bn_pack4(0x514A, 0x0879, 0x8E34, 0x04DD), -- bn_pack4(0x020B, 0xBEA6, 0x3B13, 0x9B22), -- bn_pack4(0x2902, 0x4E08, 0x8A67, 0xCC74), -- bn_pack4(0xC4C6, 0x628B, 0x80DC, 0x1CD1), -- bn_pack4(0xC90F, 0xDAA2, 0x2168, 0xC234), -- bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF) --}; -- --const BIGNUM bn_group_6144 = { -- (BN_ULONG *)bn_group_6144_value, -- OSSL_NELEM(bn_group_6144_value), -- OSSL_NELEM(bn_group_6144_value), -- 0, -- BN_FLG_STATIC_DATA --}; -- --static const BN_ULONG bn_group_8192_value[] = { -- bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF), -- bn_pack4(0x60C9, 0x80DD, 0x98ED, 0xD3DF), -- bn_pack4(0xC81F, 0x56E8, 0x80B9, 0x6E71), -- bn_pack4(0x9E30, 0x50E2, 0x7656, 0x94DF), -- bn_pack4(0x9558, 0xE447, 0x5677, 0xE9AA), -- bn_pack4(0xC919, 0x0DA6, 0xFC02, 0x6E47), -- bn_pack4(0x889A, 0x002E, 0xD5EE, 0x382B), -- bn_pack4(0x4009, 0x438B, 0x481C, 0x6CD7), -- bn_pack4(0x3590, 0x46F4, 0xEB87, 0x9F92), -- bn_pack4(0xFAF3, 0x6BC3, 0x1ECF, 0xA268), -- bn_pack4(0xB1D5, 0x10BD, 0x7EE7, 0x4D73), -- bn_pack4(0xF9AB, 0x4819, 0x5DED, 0x7EA1), -- bn_pack4(0x64F3, 0x1CC5, 0x0846, 0x851D), -- bn_pack4(0x4597, 0xE899, 0xA025, 0x5DC1), -- bn_pack4(0xDF31, 0x0EE0, 0x74AB, 0x6A36), -- bn_pack4(0x6D2A, 0x13F8, 0x3F44, 0xF82D), -- bn_pack4(0x062B, 0x3CF5, 0xB3A2, 0x78A6), -- bn_pack4(0x7968, 0x3303, 0xED5B, 0xDD3A), -- bn_pack4(0xFA9D, 0x4B7F, 0xA2C0, 0x87E8), -- bn_pack4(0x4BCB, 0xC886, 0x2F83, 0x85DD), -- bn_pack4(0x3473, 0xFC64, 0x6CEA, 0x306B), -- bn_pack4(0x13EB, 0x57A8, 0x1A23, 0xF0C7), -- bn_pack4(0x2222, 0x2E04, 0xA403, 0x7C07), -- bn_pack4(0xE3FD, 0xB8BE, 0xFC84, 0x8AD9), -- bn_pack4(0x238F, 0x16CB, 0xE39D, 0x652D), -- bn_pack4(0x3423, 0xB474, 0x2BF1, 0xC978), -- bn_pack4(0x3AAB, 0x639C, 0x5AE4, 0xF568), -- bn_pack4(0x2576, 0xF693, 0x6BA4, 0x2466), -- bn_pack4(0x741F, 0xA7BF, 0x8AFC, 0x47ED), -- bn_pack4(0x3BC8, 0x32B6, 0x8D9D, 0xD300), -- bn_pack4(0xD8BE, 0xC4D0, 0x73B9, 0x31BA), -- bn_pack4(0x3877, 0x7CB6, 0xA932, 0xDF8C), -- bn_pack4(0x74A3, 0x926F, 0x12FE, 0xE5E4), -- bn_pack4(0xE694, 0xF91E, 0x6DBE, 0x1159), -- bn_pack4(0x12BF, 0x2D5B, 0x0B74, 0x74D6), -- bn_pack4(0x043E, 0x8F66, 0x3F48, 0x60EE), -- bn_pack4(0x387F, 0xE8D7, 0x6E3C, 0x0468), -- bn_pack4(0xDA56, 0xC9EC, 0x2EF2, 0x9632), -- bn_pack4(0xEB19, 0xCCB1, 0xA313, 0xD55C), -- bn_pack4(0xF550, 0xAA3D, 0x8A1F, 0xBFF0), -- bn_pack4(0x06A1, 0xD58B, 0xB7C5, 0xDA76), -- bn_pack4(0xA797, 0x15EE, 0xF29B, 0xE328), -- bn_pack4(0x14CC, 0x5ED2, 0x0F80, 0x37E0), -- bn_pack4(0xCC8F, 0x6D7E, 0xBF48, 0xE1D8), -- bn_pack4(0x4BD4, 0x07B2, 0x2B41, 0x54AA), -- bn_pack4(0x0F1D, 0x45B7, 0xFF58, 0x5AC5), -- bn_pack4(0x23A9, 0x7A7E, 0x36CC, 0x88BE), -- bn_pack4(0x59E7, 0xC97F, 0xBEC7, 0xE8F3), -- bn_pack4(0xB5A8, 0x4031, 0x900B, 0x1C9E), -- bn_pack4(0xD55E, 0x702F, 0x4698, 0x0C82), -- bn_pack4(0xF482, 0xD7CE, 0x6E74, 0xFEF6), -- bn_pack4(0xF032, 0xEA15, 0xD172, 0x1D03), -- bn_pack4(0x5983, 0xCA01, 0xC64B, 0x92EC), -- bn_pack4(0x6FB8, 0xF401, 0x378C, 0xD2BF), -- bn_pack4(0x3320, 0x5151, 0x2BD7, 0xAF42), -- bn_pack4(0xDB7F, 0x1447, 0xE6CC, 0x254B), -- bn_pack4(0x44CE, 0x6CBA, 0xCED4, 0xBB1B), -- bn_pack4(0xDA3E, 0xDBEB, 0xCF9B, 0x14ED), -- bn_pack4(0x1797, 0x27B0, 0x865A, 0x8918), -- bn_pack4(0xB06A, 0x53ED, 0x9027, 0xD831), -- bn_pack4(0xE5DB, 0x382F, 0x4130, 0x01AE), -- bn_pack4(0xF8FF, 0x9406, 0xAD9E, 0x530E), -- bn_pack4(0xC975, 0x1E76, 0x3DBA, 0x37BD), -- bn_pack4(0xC1D4, 0xDCB2, 0x6026, 0x46DE), -- bn_pack4(0x36C3, 0xFAB4, 0xD27C, 0x7026), -- bn_pack4(0x4DF4, 0x35C9, 0x3402, 0x8492), -- bn_pack4(0x86FF, 0xB7DC, 0x90A6, 0xC08F), -- bn_pack4(0x93B4, 0xEA98, 0x8D8F, 0xDDC1), -- bn_pack4(0xD006, 0x9127, 0xD5B0, 0x5AA9), -- bn_pack4(0xB81B, 0xDD76, 0x2170, 0x481C), -- bn_pack4(0x1F61, 0x2970, 0xCEE2, 0xD7AF), -- bn_pack4(0x233B, 0xA186, 0x515B, 0xE7ED), -- bn_pack4(0x99B2, 0x964F, 0xA090, 0xC3A2), -- bn_pack4(0x287C, 0x5947, 0x4E6B, 0xC05D), -- bn_pack4(0x2E8E, 0xFC14, 0x1FBE, 0xCAA6), -- bn_pack4(0xDBBB, 0xC2DB, 0x04DE, 0x8EF9), -- bn_pack4(0x2583, 0xE9CA, 0x2AD4, 0x4CE8), -- bn_pack4(0x1A94, 0x6834, 0xB615, 0x0BDA), -- bn_pack4(0x99C3, 0x2718, 0x6AF4, 0xE23C), -- bn_pack4(0x8871, 0x9A10, 0xBDBA, 0x5B26), -- bn_pack4(0x1A72, 0x3C12, 0xA787, 0xE6D7), -- bn_pack4(0x4B82, 0xD120, 0xA921, 0x0801), -- bn_pack4(0x43DB, 0x5BFC, 0xE0FD, 0x108E), -- bn_pack4(0x08E2, 0x4FA0, 0x74E5, 0xAB31), -- bn_pack4(0x7709, 0x88C0, 0xBAD9, 0x46E2), -- bn_pack4(0xBBE1, 0x1757, 0x7A61, 0x5D6C), -- bn_pack4(0x521F, 0x2B18, 0x177B, 0x200C), -- bn_pack4(0xD876, 0x0273, 0x3EC8, 0x6A64), -- bn_pack4(0xF12F, 0xFA06, 0xD98A, 0x0864), -- bn_pack4(0xCEE3, 0xD226, 0x1AD2, 0xEE6B), -- bn_pack4(0x1E8C, 0x94E0, 0x4A25, 0x619D), -- bn_pack4(0xABF5, 0xAE8C, 0xDB09, 0x33D7), -- bn_pack4(0xB397, 0x0F85, 0xA6E1, 0xE4C7), -- bn_pack4(0x8AEA, 0x7157, 0x5D06, 0x0C7D), -- bn_pack4(0xECFB, 0x8504, 0x58DB, 0xEF0A), -- bn_pack4(0xA855, 0x21AB, 0xDF1C, 0xBA64), -- bn_pack4(0xAD33, 0x170D, 0x0450, 0x7A33), -- bn_pack4(0x1572, 0x8E5A, 0x8AAA, 0xC42D), -- bn_pack4(0x15D2, 0x2618, 0x98FA, 0x0510), -- bn_pack4(0x3995, 0x497C, 0xEA95, 0x6AE5), -- bn_pack4(0xDE2B, 0xCBF6, 0x9558, 0x1718), -- bn_pack4(0xB5C5, 0x5DF0, 0x6F4C, 0x52C9), -- bn_pack4(0x9B27, 0x83A2, 0xEC07, 0xA28F), -- bn_pack4(0xE39E, 0x772C, 0x180E, 0x8603), -- bn_pack4(0x3290, 0x5E46, 0x2E36, 0xCE3B), -- bn_pack4(0xF174, 0x6C08, 0xCA18, 0x217C), -- bn_pack4(0x670C, 0x354E, 0x4ABC, 0x9804), -- bn_pack4(0x9ED5, 0x2907, 0x7096, 0x966D), -- bn_pack4(0x1C62, 0xF356, 0x2085, 0x52BB), -- bn_pack4(0x8365, 0x5D23, 0xDCA3, 0xAD96), -- bn_pack4(0x6916, 0x3FA8, 0xFD24, 0xCF5F), -- bn_pack4(0x98DA, 0x4836, 0x1C55, 0xD39A), -- bn_pack4(0xC200, 0x7CB8, 0xA163, 0xBF05), -- bn_pack4(0x4928, 0x6651, 0xECE4, 0x5B3D), -- bn_pack4(0xAE9F, 0x2411, 0x7C4B, 0x1FE6), -- bn_pack4(0xEE38, 0x6BFB, 0x5A89, 0x9FA5), -- bn_pack4(0x0BFF, 0x5CB6, 0xF406, 0xB7ED), -- bn_pack4(0xF44C, 0x42E9, 0xA637, 0xED6B), -- bn_pack4(0xE485, 0xB576, 0x625E, 0x7EC6), -- bn_pack4(0x4FE1, 0x356D, 0x6D51, 0xC245), -- bn_pack4(0x302B, 0x0A6D, 0xF25F, 0x1437), -- bn_pack4(0xEF95, 0x19B3, 0xCD3A, 0x431B), -- bn_pack4(0x514A, 0x0879, 0x8E34, 0x04DD), -- bn_pack4(0x020B, 0xBEA6, 0x3B13, 0x9B22), -- bn_pack4(0x2902, 0x4E08, 0x8A67, 0xCC74), -- bn_pack4(0xC4C6, 0x628B, 0x80DC, 0x1CD1), -- bn_pack4(0xC90F, 0xDAA2, 0x2168, 0xC234), -- bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF) --}; -- --const BIGNUM bn_group_8192 = { -- (BN_ULONG *)bn_group_8192_value, -- OSSL_NELEM(bn_group_8192_value), -- OSSL_NELEM(bn_group_8192_value), -- 0, -- BN_FLG_STATIC_DATA --}; -- --static const BN_ULONG bn_generator_19_value[] = { 19 }; -- --const BIGNUM bn_generator_19 = { -- (BN_ULONG *)bn_generator_19_value, -- 1, -- 1, -- 0, -- BN_FLG_STATIC_DATA --}; --static const BN_ULONG bn_generator_5_value[] = { 5 }; -- --const BIGNUM bn_generator_5 = { -- (BN_ULONG *)bn_generator_5_value, -- 1, -- 1, -- 0, -- BN_FLG_STATIC_DATA --}; --static const BN_ULONG bn_generator_2_value[] = { 2 }; -- --const BIGNUM bn_generator_2 = { -- (BN_ULONG *)bn_generator_2_value, -- 1, -- 1, -- 0, -- BN_FLG_STATIC_DATA --}; -- --#endif -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_word.c b/Cryptlib/OpenSSL/crypto/bn/bn_word.c -index 1af13a5..9b5f9cb 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_word.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_word.c -@@ -1,13 +1,63 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/bn/bn_word.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - --#include "internal/cryptlib.h" -+#include -+#include "cryptlib.h" - #include "bn_lcl.h" - - BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w) -@@ -89,8 +139,6 @@ BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w) - if ((a->top > 0) && (a->d[a->top - 1] == 0)) - a->top--; - ret >>= j; -- if (!a->top) -- a->neg = 0; /* don't allow negative zero */ - bn_check_top(a); - return (ret); - } -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_x931p.c b/Cryptlib/OpenSSL/crypto/bn/bn_x931p.c -index 40734cb..efa48bd 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_x931p.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_x931p.c -@@ -1,15 +1,64 @@ -+/* bn_x931p.c */ - /* -- * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2005. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include - #include --#include "bn_lcl.h" - - /* X9.31 routines for prime derivation */ - -@@ -21,7 +70,7 @@ - static int bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx, - BN_GENCB *cb) - { -- int i = 0, is_prime; -+ int i = 0; - if (!BN_copy(pi, Xpi)) - return 0; - if (!BN_is_odd(pi) && !BN_add_word(pi, 1)) -@@ -29,11 +78,8 @@ static int bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx, - for (;;) { - i++; - BN_GENCB_call(cb, 0, i); -- /* NB 27 MR is specified in X9.31 */ -- is_prime = BN_is_prime_fasttest_ex(pi, 27, ctx, 1, cb); -- if (is_prime < 0) -- return 0; -- if (is_prime) -+ /* NB 27 MR is specificed in X9.31 */ -+ if (BN_is_prime_fasttest_ex(pi, 27, ctx, 1, cb)) - break; - if (!BN_add_word(pi, 2)) - return 0; -@@ -74,9 +120,6 @@ int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, - - pm1 = BN_CTX_get(ctx); - -- if (pm1 == NULL) -- goto err; -- - if (!bn_x931_derive_pi(p1, Xp1, ctx, cb)) - goto err; - -@@ -125,18 +168,14 @@ int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, - goto err; - if (!BN_gcd(t, pm1, e, ctx)) - goto err; -- if (BN_is_one(t)) { -+ if (BN_is_one(t) - /* - * X9.31 specifies 8 MR and 1 Lucas test or any prime test - * offering similar or better guarantees 50 MR is considerably - * better. - */ -- int r = BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb); -- if (r < 0) -- goto err; -- if (r) -- break; -- } -+ && BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb)) -+ break; - if (!BN_add(p, p, p1p2)) - goto err; - } -@@ -153,8 +192,8 @@ int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, - } - - /* -- * Generate pair of parameters Xp, Xq for X9.31 prime generation. Note: nbits -- * parameter is sum of number of bits in both. -+ * Generate pair of paramters Xp, Xq for X9.31 prime generation. Note: nbits -+ * paramter is sum of number of bits in both. - */ - - int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx) -@@ -173,14 +212,14 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx) - * - 1. By setting the top two bits we ensure that the lower bound is - * exceeded. - */ -- if (!BN_rand(Xp, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY)) -+ if (!BN_rand(Xp, nbits, 1, 0)) - goto err; - - BN_CTX_start(ctx); - t = BN_CTX_get(ctx); - - for (i = 0; i < 1000; i++) { -- if (!BN_rand(Xq, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY)) -+ if (!BN_rand(Xq, nbits, 1, 0)) - goto err; - /* Check that |Xp - Xq| > 2^(nbits - 100) */ - BN_sub(t, Xp, Xq); -@@ -221,9 +260,9 @@ int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, - if (!Xp2) - Xp2 = BN_CTX_get(ctx); - -- if (!BN_rand(Xp1, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) -+ if (!BN_rand(Xp1, 101, 0, 0)) - goto error; -- if (!BN_rand(Xp2, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) -+ if (!BN_rand(Xp2, 101, 0, 0)) - goto error; - if (!BN_X931_derive_prime_ex(p, p1, p2, Xp, Xp1, Xp2, e, ctx, cb)) - goto error; -diff --git a/Cryptlib/OpenSSL/crypto/bn/rsaz_exp.c b/Cryptlib/OpenSSL/crypto/bn/rsaz_exp.c -deleted file mode 100644 -index 1a70f6c..0000000 ---- a/Cryptlib/OpenSSL/crypto/bn/rsaz_exp.c -+++ /dev/null -@@ -1,352 +0,0 @@ --/* -- * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --/***************************************************************************** --* * --* Copyright (c) 2012, Intel Corporation * --* * --* All rights reserved. * --* * --* Redistribution and use in source and binary forms, with or without * --* modification, are permitted provided that the following conditions are * --* met: * --* * --* * Redistributions of source code must retain the above copyright * --* notice, this list of conditions and the following disclaimer. * --* * --* * Redistributions in binary form must reproduce the above copyright * --* notice, this list of conditions and the following disclaimer in the * --* documentation and/or other materials provided with the * --* distribution. * --* * --* * Neither the name of the Intel Corporation nor the names of its * --* contributors may be used to endorse or promote products derived from * --* this software without specific prior written permission. * --* * --* * --* THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION ""AS IS"" AND ANY * --* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * --* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * --* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR * --* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * --* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * --* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * --* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * --* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * --* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * --* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * --* * --****************************************************************************** --* Developers and authors: * --* Shay Gueron (1, 2), and Vlad Krasnov (1) * --* (1) Intel Corporation, Israel Development Center, Haifa, Israel * --* (2) University of Haifa, Israel * --*****************************************************************************/ -- --#include --#include "rsaz_exp.h" -- --#ifndef RSAZ_ENABLED --NON_EMPTY_TRANSLATION_UNIT --#else -- --/* -- * See crypto/bn/asm/rsaz-avx2.pl for further details. -- */ --void rsaz_1024_norm2red_avx2(void *red, const void *norm); --void rsaz_1024_mul_avx2(void *ret, const void *a, const void *b, -- const void *n, BN_ULONG k); --void rsaz_1024_sqr_avx2(void *ret, const void *a, const void *n, BN_ULONG k, -- int cnt); --void rsaz_1024_scatter5_avx2(void *tbl, const void *val, int i); --void rsaz_1024_gather5_avx2(void *val, const void *tbl, int i); --void rsaz_1024_red2norm_avx2(void *norm, const void *red); -- --#if defined(__GNUC__) --# define ALIGN64 __attribute__((aligned(64))) --#elif defined(_MSC_VER) --# define ALIGN64 __declspec(align(64)) --#elif defined(__SUNPRO_C) --# define ALIGN64 --# pragma align 64(one,two80) --#else --/* not fatal, might hurt performance a little */ --# define ALIGN64 --#endif -- --ALIGN64 static const BN_ULONG one[40] = { -- 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 --}; -- --ALIGN64 static const BN_ULONG two80[40] = { -- 0, 0, 1 << 22, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 --}; -- --void RSAZ_1024_mod_exp_avx2(BN_ULONG result_norm[16], -- const BN_ULONG base_norm[16], -- const BN_ULONG exponent[16], -- const BN_ULONG m_norm[16], const BN_ULONG RR[16], -- BN_ULONG k0) --{ -- unsigned char storage[320 * 3 + 32 * 9 * 16 + 64]; /* 5.5KB */ -- unsigned char *p_str = storage + (64 - ((size_t)storage % 64)); -- unsigned char *a_inv, *m, *result; -- unsigned char *table_s = p_str + 320 * 3; -- unsigned char *R2 = table_s; /* borrow */ -- int index; -- int wvalue; -- -- if ((((size_t)p_str & 4095) + 320) >> 12) { -- result = p_str; -- a_inv = p_str + 320; -- m = p_str + 320 * 2; /* should not cross page */ -- } else { -- m = p_str; /* should not cross page */ -- result = p_str + 320; -- a_inv = p_str + 320 * 2; -- } -- -- rsaz_1024_norm2red_avx2(m, m_norm); -- rsaz_1024_norm2red_avx2(a_inv, base_norm); -- rsaz_1024_norm2red_avx2(R2, RR); -- -- rsaz_1024_mul_avx2(R2, R2, R2, m, k0); -- rsaz_1024_mul_avx2(R2, R2, two80, m, k0); -- -- /* table[0] = 1 */ -- rsaz_1024_mul_avx2(result, R2, one, m, k0); -- /* table[1] = a_inv^1 */ -- rsaz_1024_mul_avx2(a_inv, a_inv, R2, m, k0); -- -- rsaz_1024_scatter5_avx2(table_s, result, 0); -- rsaz_1024_scatter5_avx2(table_s, a_inv, 1); -- -- /* table[2] = a_inv^2 */ -- rsaz_1024_sqr_avx2(result, a_inv, m, k0, 1); -- rsaz_1024_scatter5_avx2(table_s, result, 2); --#if 0 -- /* this is almost 2x smaller and less than 1% slower */ -- for (index = 3; index < 32; index++) { -- rsaz_1024_mul_avx2(result, result, a_inv, m, k0); -- rsaz_1024_scatter5_avx2(table_s, result, index); -- } --#else -- /* table[4] = a_inv^4 */ -- rsaz_1024_sqr_avx2(result, result, m, k0, 1); -- rsaz_1024_scatter5_avx2(table_s, result, 4); -- /* table[8] = a_inv^8 */ -- rsaz_1024_sqr_avx2(result, result, m, k0, 1); -- rsaz_1024_scatter5_avx2(table_s, result, 8); -- /* table[16] = a_inv^16 */ -- rsaz_1024_sqr_avx2(result, result, m, k0, 1); -- rsaz_1024_scatter5_avx2(table_s, result, 16); -- /* table[17] = a_inv^17 */ -- rsaz_1024_mul_avx2(result, result, a_inv, m, k0); -- rsaz_1024_scatter5_avx2(table_s, result, 17); -- -- /* table[3] */ -- rsaz_1024_gather5_avx2(result, table_s, 2); -- rsaz_1024_mul_avx2(result, result, a_inv, m, k0); -- rsaz_1024_scatter5_avx2(table_s, result, 3); -- /* table[6] */ -- rsaz_1024_sqr_avx2(result, result, m, k0, 1); -- rsaz_1024_scatter5_avx2(table_s, result, 6); -- /* table[12] */ -- rsaz_1024_sqr_avx2(result, result, m, k0, 1); -- rsaz_1024_scatter5_avx2(table_s, result, 12); -- /* table[24] */ -- rsaz_1024_sqr_avx2(result, result, m, k0, 1); -- rsaz_1024_scatter5_avx2(table_s, result, 24); -- /* table[25] */ -- rsaz_1024_mul_avx2(result, result, a_inv, m, k0); -- rsaz_1024_scatter5_avx2(table_s, result, 25); -- -- /* table[5] */ -- rsaz_1024_gather5_avx2(result, table_s, 4); -- rsaz_1024_mul_avx2(result, result, a_inv, m, k0); -- rsaz_1024_scatter5_avx2(table_s, result, 5); -- /* table[10] */ -- rsaz_1024_sqr_avx2(result, result, m, k0, 1); -- rsaz_1024_scatter5_avx2(table_s, result, 10); -- /* table[20] */ -- rsaz_1024_sqr_avx2(result, result, m, k0, 1); -- rsaz_1024_scatter5_avx2(table_s, result, 20); -- /* table[21] */ -- rsaz_1024_mul_avx2(result, result, a_inv, m, k0); -- rsaz_1024_scatter5_avx2(table_s, result, 21); -- -- /* table[7] */ -- rsaz_1024_gather5_avx2(result, table_s, 6); -- rsaz_1024_mul_avx2(result, result, a_inv, m, k0); -- rsaz_1024_scatter5_avx2(table_s, result, 7); -- /* table[14] */ -- rsaz_1024_sqr_avx2(result, result, m, k0, 1); -- rsaz_1024_scatter5_avx2(table_s, result, 14); -- /* table[28] */ -- rsaz_1024_sqr_avx2(result, result, m, k0, 1); -- rsaz_1024_scatter5_avx2(table_s, result, 28); -- /* table[29] */ -- rsaz_1024_mul_avx2(result, result, a_inv, m, k0); -- rsaz_1024_scatter5_avx2(table_s, result, 29); -- -- /* table[9] */ -- rsaz_1024_gather5_avx2(result, table_s, 8); -- rsaz_1024_mul_avx2(result, result, a_inv, m, k0); -- rsaz_1024_scatter5_avx2(table_s, result, 9); -- /* table[18] */ -- rsaz_1024_sqr_avx2(result, result, m, k0, 1); -- rsaz_1024_scatter5_avx2(table_s, result, 18); -- /* table[19] */ -- rsaz_1024_mul_avx2(result, result, a_inv, m, k0); -- rsaz_1024_scatter5_avx2(table_s, result, 19); -- -- /* table[11] */ -- rsaz_1024_gather5_avx2(result, table_s, 10); -- rsaz_1024_mul_avx2(result, result, a_inv, m, k0); -- rsaz_1024_scatter5_avx2(table_s, result, 11); -- /* table[22] */ -- rsaz_1024_sqr_avx2(result, result, m, k0, 1); -- rsaz_1024_scatter5_avx2(table_s, result, 22); -- /* table[23] */ -- rsaz_1024_mul_avx2(result, result, a_inv, m, k0); -- rsaz_1024_scatter5_avx2(table_s, result, 23); -- -- /* table[13] */ -- rsaz_1024_gather5_avx2(result, table_s, 12); -- rsaz_1024_mul_avx2(result, result, a_inv, m, k0); -- rsaz_1024_scatter5_avx2(table_s, result, 13); -- /* table[26] */ -- rsaz_1024_sqr_avx2(result, result, m, k0, 1); -- rsaz_1024_scatter5_avx2(table_s, result, 26); -- /* table[27] */ -- rsaz_1024_mul_avx2(result, result, a_inv, m, k0); -- rsaz_1024_scatter5_avx2(table_s, result, 27); -- -- /* table[15] */ -- rsaz_1024_gather5_avx2(result, table_s, 14); -- rsaz_1024_mul_avx2(result, result, a_inv, m, k0); -- rsaz_1024_scatter5_avx2(table_s, result, 15); -- /* table[30] */ -- rsaz_1024_sqr_avx2(result, result, m, k0, 1); -- rsaz_1024_scatter5_avx2(table_s, result, 30); -- /* table[31] */ -- rsaz_1024_mul_avx2(result, result, a_inv, m, k0); -- rsaz_1024_scatter5_avx2(table_s, result, 31); --#endif -- -- /* load first window */ -- p_str = (unsigned char *)exponent; -- wvalue = p_str[127] >> 3; -- rsaz_1024_gather5_avx2(result, table_s, wvalue); -- -- index = 1014; -- -- while (index > -1) { /* loop for the remaining 127 windows */ -- -- rsaz_1024_sqr_avx2(result, result, m, k0, 5); -- -- wvalue = (p_str[(index / 8) + 1] << 8) | p_str[index / 8]; -- wvalue = (wvalue >> (index % 8)) & 31; -- index -= 5; -- -- rsaz_1024_gather5_avx2(a_inv, table_s, wvalue); /* borrow a_inv */ -- rsaz_1024_mul_avx2(result, result, a_inv, m, k0); -- } -- -- /* square four times */ -- rsaz_1024_sqr_avx2(result, result, m, k0, 4); -- -- wvalue = p_str[0] & 15; -- -- rsaz_1024_gather5_avx2(a_inv, table_s, wvalue); /* borrow a_inv */ -- rsaz_1024_mul_avx2(result, result, a_inv, m, k0); -- -- /* from Montgomery */ -- rsaz_1024_mul_avx2(result, result, one, m, k0); -- -- rsaz_1024_red2norm_avx2(result_norm, result); -- -- OPENSSL_cleanse(storage, sizeof(storage)); --} -- --/* -- * See crypto/bn/rsaz-x86_64.pl for further details. -- */ --void rsaz_512_mul(void *ret, const void *a, const void *b, const void *n, -- BN_ULONG k); --void rsaz_512_mul_scatter4(void *ret, const void *a, const void *n, -- BN_ULONG k, const void *tbl, unsigned int power); --void rsaz_512_mul_gather4(void *ret, const void *a, const void *tbl, -- const void *n, BN_ULONG k, unsigned int power); --void rsaz_512_mul_by_one(void *ret, const void *a, const void *n, BN_ULONG k); --void rsaz_512_sqr(void *ret, const void *a, const void *n, BN_ULONG k, -- int cnt); --void rsaz_512_scatter4(void *tbl, const BN_ULONG *val, int power); --void rsaz_512_gather4(BN_ULONG *val, const void *tbl, int power); -- --void RSAZ_512_mod_exp(BN_ULONG result[8], -- const BN_ULONG base[8], const BN_ULONG exponent[8], -- const BN_ULONG m[8], BN_ULONG k0, const BN_ULONG RR[8]) --{ -- unsigned char storage[16 * 8 * 8 + 64 * 2 + 64]; /* 1.2KB */ -- unsigned char *table = storage + (64 - ((size_t)storage % 64)); -- BN_ULONG *a_inv = (BN_ULONG *)(table + 16 * 8 * 8); -- BN_ULONG *temp = (BN_ULONG *)(table + 16 * 8 * 8 + 8 * 8); -- unsigned char *p_str = (unsigned char *)exponent; -- int index; -- unsigned int wvalue; -- -- /* table[0] = 1_inv */ -- temp[0] = 0 - m[0]; -- temp[1] = ~m[1]; -- temp[2] = ~m[2]; -- temp[3] = ~m[3]; -- temp[4] = ~m[4]; -- temp[5] = ~m[5]; -- temp[6] = ~m[6]; -- temp[7] = ~m[7]; -- rsaz_512_scatter4(table, temp, 0); -- -- /* table [1] = a_inv^1 */ -- rsaz_512_mul(a_inv, base, RR, m, k0); -- rsaz_512_scatter4(table, a_inv, 1); -- -- /* table [2] = a_inv^2 */ -- rsaz_512_sqr(temp, a_inv, m, k0, 1); -- rsaz_512_scatter4(table, temp, 2); -- -- for (index = 3; index < 16; index++) -- rsaz_512_mul_scatter4(temp, a_inv, m, k0, table, index); -- -- /* load first window */ -- wvalue = p_str[63]; -- -- rsaz_512_gather4(temp, table, wvalue >> 4); -- rsaz_512_sqr(temp, temp, m, k0, 4); -- rsaz_512_mul_gather4(temp, temp, table, m, k0, wvalue & 0xf); -- -- for (index = 62; index >= 0; index--) { -- wvalue = p_str[index]; -- -- rsaz_512_sqr(temp, temp, m, k0, 4); -- rsaz_512_mul_gather4(temp, temp, table, m, k0, wvalue >> 4); -- -- rsaz_512_sqr(temp, temp, m, k0, 4); -- rsaz_512_mul_gather4(temp, temp, table, m, k0, wvalue & 0x0f); -- } -- -- /* from Montgomery */ -- rsaz_512_mul_by_one(result, temp, m, k0); -- -- OPENSSL_cleanse(storage, sizeof(storage)); --} -- --#endif -diff --git a/Cryptlib/OpenSSL/crypto/bn/rsaz_exp.h b/Cryptlib/OpenSSL/crypto/bn/rsaz_exp.h -index 9501cc8..229e181 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/rsaz_exp.h -+++ b/Cryptlib/OpenSSL/crypto/bn/rsaz_exp.h -@@ -1,12 +1,3 @@ --/* -- * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- - /***************************************************************************** - * * - * Copyright (c) 2012, Intel Corporation * -diff --git a/Cryptlib/OpenSSL/crypto/buffer/buf_err.c b/Cryptlib/OpenSSL/crypto/buffer/buf_err.c -index a6a2ab8..631eec3 100644 ---- a/Cryptlib/OpenSSL/crypto/buffer/buf_err.c -+++ b/Cryptlib/OpenSSL/crypto/buffer/buf_err.c -@@ -1,11 +1,62 @@ --/* -- * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/buffer/buf_err.c */ -+/* ==================================================================== -+ * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+/* -+ * NOTE: this file was auto generated by the mkerr.pl script: any changes -+ * made to it will be overwritten when the script next updates this file, -+ * only reason strings will be preserved. - */ - - #include -@@ -19,9 +70,12 @@ - # define ERR_REASON(reason) ERR_PACK(ERR_LIB_BUF,0,reason) - - static ERR_STRING_DATA BUF_str_functs[] = { -+ {ERR_FUNC(BUF_F_BUF_MEMDUP), "BUF_memdup"}, - {ERR_FUNC(BUF_F_BUF_MEM_GROW), "BUF_MEM_grow"}, - {ERR_FUNC(BUF_F_BUF_MEM_GROW_CLEAN), "BUF_MEM_grow_clean"}, - {ERR_FUNC(BUF_F_BUF_MEM_NEW), "BUF_MEM_new"}, -+ {ERR_FUNC(BUF_F_BUF_STRDUP), "BUF_strdup"}, -+ {ERR_FUNC(BUF_F_BUF_STRNDUP), "BUF_strndup"}, - {0, NULL} - }; - -@@ -31,7 +85,7 @@ static ERR_STRING_DATA BUF_str_reasons[] = { - - #endif - --int ERR_load_BUF_strings(void) -+void ERR_load_BUF_strings(void) - { - #ifndef OPENSSL_NO_ERR - -@@ -40,5 +94,4 @@ int ERR_load_BUF_strings(void) - ERR_load_strings(0, BUF_str_reasons); - } - #endif -- return 1; - } -diff --git a/Cryptlib/OpenSSL/crypto/buffer/buf_str.c b/Cryptlib/OpenSSL/crypto/buffer/buf_str.c -new file mode 100644 -index 0000000..fa0d608 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/buffer/buf_str.c -@@ -0,0 +1,137 @@ -+/* crypto/buffer/buffer.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#include -+#include "cryptlib.h" -+#include -+#include -+ -+size_t BUF_strnlen(const char *str, size_t maxlen) -+{ -+ const char *p; -+ -+ for (p = str; maxlen-- != 0 && *p != '\0'; ++p) ; -+ -+ return p - str; -+} -+ -+char *BUF_strdup(const char *str) -+{ -+ if (str == NULL) -+ return NULL; -+ return BUF_strndup(str, strlen(str)); -+} -+ -+char *BUF_strndup(const char *str, size_t siz) -+{ -+ char *ret; -+ -+ if (str == NULL) -+ return NULL; -+ -+ siz = BUF_strnlen(str, siz); -+ -+ if (siz >= INT_MAX) -+ return NULL; -+ -+ ret = OPENSSL_malloc(siz + 1); -+ if (ret == NULL) { -+ BUFerr(BUF_F_BUF_STRNDUP, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ -+ memcpy(ret, str, siz); -+ ret[siz] = '\0'; -+ -+ return (ret); -+} -+ -+void *BUF_memdup(const void *data, size_t siz) -+{ -+ void *ret; -+ -+ if (data == NULL || siz >= INT_MAX) -+ return NULL; -+ -+ ret = OPENSSL_malloc(siz); -+ if (ret == NULL) { -+ BUFerr(BUF_F_BUF_MEMDUP, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ return memcpy(ret, data, siz); -+} -+ -+size_t BUF_strlcpy(char *dst, const char *src, size_t size) -+{ -+ size_t l = 0; -+ for (; size > 1 && *src; size--) { -+ *dst++ = *src++; -+ l++; -+ } -+ if (size) -+ *dst = '\0'; -+ return l + strlen(src); -+} -+ -+size_t BUF_strlcat(char *dst, const char *src, size_t size) -+{ -+ size_t l = 0; -+ for (; size > 0 && *dst; size--, dst++) -+ l++; -+ return l + BUF_strlcpy(dst, src, size); -+} -diff --git a/Cryptlib/OpenSSL/crypto/buffer/buffer.c b/Cryptlib/OpenSSL/crypto/buffer/buffer.c -index 6b0bd4a..eff3e08 100644 ---- a/Cryptlib/OpenSSL/crypto/buffer/buffer.c -+++ b/Cryptlib/OpenSSL/crypto/buffer/buffer.c -@@ -1,14 +1,63 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/buffer/buffer.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - - /* -@@ -18,25 +67,18 @@ - */ - #define LIMIT_BEFORE_EXPANSION 0x5ffffffc - --BUF_MEM *BUF_MEM_new_ex(unsigned long flags) --{ -- BUF_MEM *ret; -- -- ret = BUF_MEM_new(); -- if (ret != NULL) -- ret->flags = flags; -- return (ret); --} -- - BUF_MEM *BUF_MEM_new(void) - { - BUF_MEM *ret; - -- ret = OPENSSL_zalloc(sizeof(*ret)); -+ ret = OPENSSL_malloc(sizeof(BUF_MEM)); - if (ret == NULL) { - BUFerr(BUF_F_BUF_MEM_NEW, ERR_R_MALLOC_FAILURE); - return (NULL); - } -+ ret->length = 0; -+ ret->max = 0; -+ ret->data = NULL; - return (ret); - } - -@@ -46,30 +88,13 @@ void BUF_MEM_free(BUF_MEM *a) - return; - - if (a->data != NULL) { -- if (a->flags & BUF_MEM_FLAG_SECURE) -- OPENSSL_secure_free(a->data); -- else -- OPENSSL_clear_free(a->data, a->max); -+ OPENSSL_cleanse(a->data, a->max); -+ OPENSSL_free(a->data); - } - OPENSSL_free(a); - } - --/* Allocate a block of secure memory; copy over old data if there -- * was any, and then free it. */ --static char *sec_alloc_realloc(BUF_MEM *str, size_t len) --{ -- char *ret; -- -- ret = OPENSSL_secure_malloc(len); -- if (str->data != NULL) { -- if (ret != NULL) -- memcpy(ret, str->data, str->length); -- OPENSSL_secure_free(str->data); -- } -- return (ret); --} -- --size_t BUF_MEM_grow(BUF_MEM *str, size_t len) -+int BUF_MEM_grow(BUF_MEM *str, size_t len) - { - char *ret; - size_t n; -@@ -79,8 +104,7 @@ size_t BUF_MEM_grow(BUF_MEM *str, size_t len) - return (len); - } - if (str->max >= len) { -- if (str->data != NULL) -- memset(&str->data[str->length], 0, len - str->length); -+ memset(&str->data[str->length], 0, len - str->length); - str->length = len; - return (len); - } -@@ -90,8 +114,8 @@ size_t BUF_MEM_grow(BUF_MEM *str, size_t len) - return 0; - } - n = (len + 3) / 3 * 4; -- if ((str->flags & BUF_MEM_FLAG_SECURE)) -- ret = sec_alloc_realloc(str, n); -+ if (str->data == NULL) -+ ret = OPENSSL_malloc(n); - else - ret = OPENSSL_realloc(str->data, n); - if (ret == NULL) { -@@ -106,14 +130,13 @@ size_t BUF_MEM_grow(BUF_MEM *str, size_t len) - return (len); - } - --size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len) -+int BUF_MEM_grow_clean(BUF_MEM *str, size_t len) - { - char *ret; - size_t n; - - if (str->length >= len) { -- if (str->data != NULL) -- memset(&str->data[len], 0, str->length - len); -+ memset(&str->data[len], 0, str->length - len); - str->length = len; - return (len); - } -@@ -128,10 +151,10 @@ size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len) - return 0; - } - n = (len + 3) / 3 * 4; -- if ((str->flags & BUF_MEM_FLAG_SECURE)) -- ret = sec_alloc_realloc(str, n); -+ if (str->data == NULL) -+ ret = OPENSSL_malloc(n); - else -- ret = OPENSSL_clear_realloc(str->data, str->max, n); -+ ret = OPENSSL_realloc_clean(str->data, str->max, n); - if (ret == NULL) { - BUFerr(BUF_F_BUF_MEM_GROW_CLEAN, ERR_R_MALLOC_FAILURE); - len = 0; -diff --git a/Cryptlib/OpenSSL/crypto/cmac/cm_ameth.c b/Cryptlib/OpenSSL/crypto/cmac/cm_ameth.c -index a58454a..bf933e0 100644 ---- a/Cryptlib/OpenSSL/crypto/cmac/cm_ameth.c -+++ b/Cryptlib/OpenSSL/crypto/cmac/cm_ameth.c -@@ -1,17 +1,61 @@ - /* -- * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2010. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2010 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include --#include "internal/asn1_int.h" -+#include "asn1_locl.h" - - /* - * CMAC "ASN1" method. This is just here to indicate the maximum CMAC output -@@ -25,8 +69,9 @@ static int cmac_size(const EVP_PKEY *pkey) - - static void cmac_key_free(EVP_PKEY *pkey) - { -- CMAC_CTX *cmctx = EVP_PKEY_get0(pkey); -- CMAC_CTX_free(cmctx); -+ CMAC_CTX *cmctx = (CMAC_CTX *)pkey->pkey.ptr; -+ if (cmctx) -+ CMAC_CTX_free(cmctx); - } - - const EVP_PKEY_ASN1_METHOD cmac_asn1_meth = { -@@ -42,7 +87,7 @@ const EVP_PKEY_ASN1_METHOD cmac_asn1_meth = { - 0, 0, 0, - - cmac_size, -- 0, 0, -+ 0, - 0, 0, 0, 0, 0, 0, 0, - - cmac_key_free, -diff --git a/Cryptlib/OpenSSL/crypto/cmac/cm_pmeth.c b/Cryptlib/OpenSSL/crypto/cmac/cm_pmeth.c -index 10748f1..a2300df 100644 ---- a/Cryptlib/OpenSSL/crypto/cmac/cm_pmeth.c -+++ b/Cryptlib/OpenSSL/crypto/cmac/cm_pmeth.c -@@ -1,26 +1,70 @@ - /* -- * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2010. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2010 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include - #include --#include "internal/evp_int.h" -+#include "evp_locl.h" - - /* The context structure and "key" is simply a CMAC_CTX */ - - static int pkey_cmac_init(EVP_PKEY_CTX *ctx) - { - ctx->data = CMAC_CTX_new(); -- if (ctx->data == NULL) -+ if (!ctx->data) - return 0; - ctx->keygen_info_count = 0; - return 1; -@@ -44,7 +88,7 @@ static int pkey_cmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) - { - CMAC_CTX *cmkey = CMAC_CTX_new(); - CMAC_CTX *cmctx = ctx->data; -- if (cmkey == NULL) -+ if (!cmkey) - return 0; - if (!CMAC_CTX_copy(cmkey, cmctx)) { - CMAC_CTX_free(cmkey); -@@ -57,7 +101,7 @@ static int pkey_cmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) - - static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count) - { -- if (!CMAC_Update(EVP_MD_CTX_pkey_ctx(ctx)->data, data, count)) -+ if (!CMAC_Update(ctx->pctx->data, data, count)) - return 0; - return 1; - } -@@ -65,7 +109,7 @@ static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count) - static int cmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) - { - EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT); -- EVP_MD_CTX_set_update_fn(mctx, int_update); -+ mctx->update = int_update; - return 1; - } - -@@ -113,17 +157,28 @@ static int pkey_cmac_ctrl_str(EVP_PKEY_CTX *ctx, - if (!value) { - return 0; - } -- if (strcmp(type, "cipher") == 0) { -+ if (!strcmp(type, "key")) { -+ void *p = (void *)value; -+ return pkey_cmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, strlen(p), p); -+ } -+ if (!strcmp(type, "cipher")) { - const EVP_CIPHER *c; - c = EVP_get_cipherbyname(value); - if (!c) - return 0; - return pkey_cmac_ctrl(ctx, EVP_PKEY_CTRL_CIPHER, -1, (void *)c); - } -- if (strcmp(type, "key") == 0) -- return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value); -- if (strcmp(type, "hexkey") == 0) -- return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value); -+ if (!strcmp(type, "hexkey")) { -+ unsigned char *key; -+ int r; -+ long keylen; -+ key = string_to_hex(value, &keylen); -+ if (!key) -+ return 0; -+ r = pkey_cmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key); -+ OPENSSL_free(key); -+ return r; -+ } - return -2; - } - -diff --git a/Cryptlib/OpenSSL/crypto/cmac/cmac.c b/Cryptlib/OpenSSL/crypto/cmac/cmac.c -index c4f13a0..2954b6e 100644 ---- a/Cryptlib/OpenSSL/crypto/cmac/cmac.c -+++ b/Cryptlib/OpenSSL/crypto/cmac/cmac.c -@@ -1,21 +1,70 @@ -+/* crypto/cmac/cmac.c */ - /* -- * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -+ * project. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2010 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== - */ - - #include - #include - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - -+#ifdef OPENSSL_FIPS -+# include -+#endif -+ - struct CMAC_CTX_st { - /* Cipher context to use */ -- EVP_CIPHER_CTX *cctx; -+ EVP_CIPHER_CTX cctx; - /* Keys k1 and k2 */ - unsigned char k1[EVP_MAX_BLOCK_LENGTH]; - unsigned char k2[EVP_MAX_BLOCK_LENGTH]; -@@ -29,38 +78,40 @@ struct CMAC_CTX_st { - - /* Make temporary keys K1 and K2 */ - --static void make_kn(unsigned char *k1, const unsigned char *l, int bl) -+static void make_kn(unsigned char *k1, unsigned char *l, int bl) - { - int i; -- unsigned char c = l[0], carry = c >> 7, cnext; -- - /* Shift block to left, including carry */ -- for (i = 0; i < bl - 1; i++, c = cnext) -- k1[i] = (c << 1) | ((cnext = l[i + 1]) >> 7); -- -+ for (i = 0; i < bl; i++) { -+ k1[i] = l[i] << 1; -+ if (i < bl - 1 && l[i + 1] & 0x80) -+ k1[i] |= 1; -+ } - /* If MSB set fixup with R */ -- k1[i] = (c << 1) ^ ((0 - carry) & (bl == 16 ? 0x87 : 0x1b)); -+ if (l[0] & 0x80) -+ k1[bl - 1] ^= bl == 16 ? 0x87 : 0x1b; - } - - CMAC_CTX *CMAC_CTX_new(void) - { - CMAC_CTX *ctx; -- -- ctx = OPENSSL_malloc(sizeof(*ctx)); -- if (ctx == NULL) -- return NULL; -- ctx->cctx = EVP_CIPHER_CTX_new(); -- if (ctx->cctx == NULL) { -- OPENSSL_free(ctx); -+ ctx = OPENSSL_malloc(sizeof(CMAC_CTX)); -+ if (!ctx) - return NULL; -- } -+ EVP_CIPHER_CTX_init(&ctx->cctx); - ctx->nlast_block = -1; - return ctx; - } - - void CMAC_CTX_cleanup(CMAC_CTX *ctx) - { -- EVP_CIPHER_CTX_free(ctx->cctx); -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode() && !ctx->cctx.engine) { -+ FIPS_cmac_ctx_cleanup(ctx); -+ return; -+ } -+#endif -+ EVP_CIPHER_CTX_cleanup(&ctx->cctx); - OPENSSL_cleanse(ctx->tbl, EVP_MAX_BLOCK_LENGTH); - OPENSSL_cleanse(ctx->k1, EVP_MAX_BLOCK_LENGTH); - OPENSSL_cleanse(ctx->k2, EVP_MAX_BLOCK_LENGTH); -@@ -70,7 +121,7 @@ void CMAC_CTX_cleanup(CMAC_CTX *ctx) - - EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx) - { -- return ctx->cctx; -+ return &ctx->cctx; - } - - void CMAC_CTX_free(CMAC_CTX *ctx) -@@ -86,9 +137,9 @@ int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in) - int bl; - if (in->nlast_block == -1) - return 0; -- if (!EVP_CIPHER_CTX_copy(out->cctx, in->cctx)) -+ if (!EVP_CIPHER_CTX_copy(&out->cctx, &in->cctx)) - return 0; -- bl = EVP_CIPHER_CTX_block_size(in->cctx); -+ bl = EVP_CIPHER_CTX_block_size(&in->cctx); - memcpy(out->k1, in->k1, bl); - memcpy(out->k2, in->k2, bl); - memcpy(out->tbl, in->tbl, bl); -@@ -100,38 +151,62 @@ int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in) - int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, - const EVP_CIPHER *cipher, ENGINE *impl) - { -- static const unsigned char zero_iv[EVP_MAX_BLOCK_LENGTH] = { 0 }; -+ static unsigned char zero_iv[EVP_MAX_BLOCK_LENGTH]; -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode()) { -+ /* If we have an ENGINE need to allow non FIPS */ -+ if ((impl || ctx->cctx.engine) -+ && !(ctx->cctx.flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)) { -+ EVPerr(EVP_F_CMAC_INIT, EVP_R_DISABLED_FOR_FIPS); -+ return 0; -+ } -+ -+ /* Switch to FIPS cipher implementation if possible */ -+ if (cipher != NULL) { -+ const EVP_CIPHER *fcipher; -+ fcipher = FIPS_get_cipherbynid(EVP_CIPHER_nid(cipher)); -+ if (fcipher != NULL) -+ cipher = fcipher; -+ } -+ /* -+ * Other algorithm blocking will be done in FIPS_cmac_init, via -+ * FIPS_cipherinit(). -+ */ -+ if (!impl && !ctx->cctx.engine) -+ return FIPS_cmac_init(ctx, key, keylen, cipher, NULL); -+ } -+#endif - /* All zeros means restart */ - if (!key && !cipher && !impl && keylen == 0) { - /* Not initialised */ - if (ctx->nlast_block == -1) - return 0; -- if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, NULL, zero_iv)) -+ if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv)) - return 0; -- memset(ctx->tbl, 0, EVP_CIPHER_CTX_block_size(ctx->cctx)); -+ memset(ctx->tbl, 0, EVP_CIPHER_CTX_block_size(&ctx->cctx)); - ctx->nlast_block = 0; - return 1; - } -- /* Initialise context */ -- if (cipher && !EVP_EncryptInit_ex(ctx->cctx, cipher, impl, NULL, NULL)) -+ /* Initialiase context */ -+ if (cipher && !EVP_EncryptInit_ex(&ctx->cctx, cipher, impl, NULL, NULL)) - return 0; - /* Non-NULL key means initialisation complete */ - if (key) { - int bl; -- if (!EVP_CIPHER_CTX_cipher(ctx->cctx)) -+ if (!EVP_CIPHER_CTX_cipher(&ctx->cctx)) - return 0; -- if (!EVP_CIPHER_CTX_set_key_length(ctx->cctx, keylen)) -+ if (!EVP_CIPHER_CTX_set_key_length(&ctx->cctx, keylen)) - return 0; -- if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, key, zero_iv)) -+ if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, key, zero_iv)) - return 0; -- bl = EVP_CIPHER_CTX_block_size(ctx->cctx); -- if (!EVP_Cipher(ctx->cctx, ctx->tbl, zero_iv, bl)) -+ bl = EVP_CIPHER_CTX_block_size(&ctx->cctx); -+ if (!EVP_Cipher(&ctx->cctx, ctx->tbl, zero_iv, bl)) - return 0; - make_kn(ctx->k1, ctx->tbl, bl); - make_kn(ctx->k2, ctx->k1, bl); - OPENSSL_cleanse(ctx->tbl, bl); - /* Reset context again ready for first data block */ -- if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, NULL, zero_iv)) -+ if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv)) - return 0; - /* Zero tbl so resume works */ - memset(ctx->tbl, 0, bl); -@@ -144,11 +219,15 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen) - { - const unsigned char *data = in; - size_t bl; -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode() && !ctx->cctx.engine) -+ return FIPS_cmac_update(ctx, in, dlen); -+#endif - if (ctx->nlast_block == -1) - return 0; - if (dlen == 0) - return 1; -- bl = EVP_CIPHER_CTX_block_size(ctx->cctx); -+ bl = EVP_CIPHER_CTX_block_size(&ctx->cctx); - /* Copy into partial block if we need to */ - if (ctx->nlast_block > 0) { - size_t nleft; -@@ -163,12 +242,12 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen) - return 1; - data += nleft; - /* Else not final block so encrypt it */ -- if (!EVP_Cipher(ctx->cctx, ctx->tbl, ctx->last_block, bl)) -+ if (!EVP_Cipher(&ctx->cctx, ctx->tbl, ctx->last_block, bl)) - return 0; - } - /* Encrypt all but one of the complete blocks left */ - while (dlen > bl) { -- if (!EVP_Cipher(ctx->cctx, ctx->tbl, data, bl)) -+ if (!EVP_Cipher(&ctx->cctx, ctx->tbl, data, bl)) - return 0; - dlen -= bl; - data += bl; -@@ -183,9 +262,13 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen) - int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen) - { - int i, bl, lb; -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode() && !ctx->cctx.engine) -+ return FIPS_cmac_final(ctx, out, poutlen); -+#endif - if (ctx->nlast_block == -1) - return 0; -- bl = EVP_CIPHER_CTX_block_size(ctx->cctx); -+ bl = EVP_CIPHER_CTX_block_size(&ctx->cctx); - *poutlen = (size_t)bl; - if (!out) - return 1; -@@ -201,7 +284,7 @@ int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen) - for (i = 0; i < bl; i++) - out[i] = ctx->last_block[i] ^ ctx->k2[i]; - } -- if (!EVP_Cipher(ctx->cctx, out, out, bl)) { -+ if (!EVP_Cipher(&ctx->cctx, out, out, bl)) { - OPENSSL_cleanse(out, bl); - return 0; - } -@@ -213,11 +296,11 @@ int CMAC_resume(CMAC_CTX *ctx) - if (ctx->nlast_block == -1) - return 0; - /* -- * The buffer "tbl" contains the last fully encrypted block which is the -+ * The buffer "tbl" containes the last fully encrypted block which is the - * last IV (or all zeroes if no last encrypted block). The last block has -- * not been modified since CMAC_final(). So reinitialising using the last -+ * not been modified since CMAC_final(). So reinitliasing using the last - * decrypted block will allow CMAC to continue after calling - * CMAC_Final(). - */ -- return EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, NULL, ctx->tbl); -+ return EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, ctx->tbl); - } -diff --git a/Cryptlib/OpenSSL/crypto/comp/c_rle.c b/Cryptlib/OpenSSL/crypto/comp/c_rle.c -new file mode 100644 -index 0000000..e9aabbd ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/comp/c_rle.c -@@ -0,0 +1,62 @@ -+#include -+#include -+#include -+#include -+#include -+ -+static int rle_compress_block(COMP_CTX *ctx, unsigned char *out, -+ unsigned int olen, unsigned char *in, -+ unsigned int ilen); -+static int rle_expand_block(COMP_CTX *ctx, unsigned char *out, -+ unsigned int olen, unsigned char *in, -+ unsigned int ilen); -+ -+static COMP_METHOD rle_method = { -+ NID_rle_compression, -+ LN_rle_compression, -+ NULL, -+ NULL, -+ rle_compress_block, -+ rle_expand_block, -+ NULL, -+ NULL, -+}; -+ -+COMP_METHOD *COMP_rle(void) -+{ -+ return (&rle_method); -+} -+ -+static int rle_compress_block(COMP_CTX *ctx, unsigned char *out, -+ unsigned int olen, unsigned char *in, -+ unsigned int ilen) -+{ -+ /* int i; */ -+ -+ if (ilen == 0 || olen < (ilen - 1)) { -+ /* ZZZZZZZZZZZZZZZZZZZZZZ */ -+ return (-1); -+ } -+ -+ *(out++) = 0; -+ memcpy(out, in, ilen); -+ return (ilen + 1); -+} -+ -+static int rle_expand_block(COMP_CTX *ctx, unsigned char *out, -+ unsigned int olen, unsigned char *in, -+ unsigned int ilen) -+{ -+ int i; -+ -+ if (olen < (ilen - 1)) { -+ /* ZZZZZZZZZZZZZZZZZZZZZZ */ -+ return (-1); -+ } -+ -+ i = *(in++); -+ if (i == 0) { -+ memcpy(out, in, ilen - 1); -+ } -+ return (ilen - 1); -+} -diff --git a/Cryptlib/OpenSSL/crypto/comp/c_zlib.c b/Cryptlib/OpenSSL/crypto/comp/c_zlib.c -index 2f38c2e..9c32614 100644 ---- a/Cryptlib/OpenSSL/crypto/comp/c_zlib.c -+++ b/Cryptlib/OpenSSL/crypto/comp/c_zlib.c -@@ -1,21 +1,9 @@ --/* -- * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- - #include - #include - #include - #include --#include "internal/comp.h" -+#include - #include --#include "internal/cryptlib_int.h" --#include "internal/bio.h" --#include "comp_lcl.h" - - COMP_METHOD *COMP_zlib(void); - -@@ -26,6 +14,8 @@ static COMP_METHOD zlib_method_nozlib = { - NULL, - NULL, - NULL, -+ NULL, -+ NULL, - }; - - #ifndef ZLIB -@@ -43,12 +33,14 @@ static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out, - unsigned int olen, unsigned char *in, - unsigned int ilen); - --/* memory allocations functions for zlib initialisation */ -+/* memory allocations functions for zlib intialization */ - static void *zlib_zalloc(void *opaque, unsigned int no, unsigned int size) - { - void *p; - -- p = OPENSSL_zalloc(no * size); -+ p = OPENSSL_malloc(no * size); -+ if (p) -+ memset(p, 0, no * size); - return p; - } - -@@ -57,6 +49,28 @@ static void zlib_zfree(void *opaque, void *address) - OPENSSL_free(address); - } - -+# if 0 -+static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out, -+ unsigned int olen, unsigned char *in, -+ unsigned int ilen); -+static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out, -+ unsigned int olen, unsigned char *in, -+ unsigned int ilen); -+ -+static int zz_uncompress(Bytef *dest, uLongf * destLen, const Bytef *source, -+ uLong sourceLen); -+ -+static COMP_METHOD zlib_stateless_method = { -+ NID_zlib_compression, -+ LN_zlib_compression, -+ NULL, -+ NULL, -+ zlib_compress_block, -+ zlib_expand_block, -+ NULL, -+ NULL, -+}; -+# endif - - static COMP_METHOD zlib_stateful_method = { - NID_zlib_compression, -@@ -64,7 +78,9 @@ static COMP_METHOD zlib_stateful_method = { - zlib_stateful_init, - zlib_stateful_finish, - zlib_stateful_compress_block, -- zlib_stateful_expand_block -+ zlib_stateful_expand_block, -+ NULL, -+ NULL, - }; - - /* -@@ -79,7 +95,7 @@ static COMP_METHOD zlib_stateful_method = { - * OPENSSL_SYS_WIN32) */ - - # ifdef ZLIB_SHARED --# include "internal/dso.h" -+# include - - /* Function pointers */ - typedef int (*compress_ft) (Bytef *dest, uLongf * destLen, -@@ -120,10 +136,13 @@ struct zlib_state { - z_stream ostream; - }; - -+static int zlib_stateful_ex_idx = -1; -+ - static int zlib_stateful_init(COMP_CTX *ctx) - { - int err; -- struct zlib_state *state = OPENSSL_zalloc(sizeof(*state)); -+ struct zlib_state *state = -+ (struct zlib_state *)OPENSSL_malloc(sizeof(struct zlib_state)); - - if (state == NULL) - goto err; -@@ -133,6 +152,8 @@ static int zlib_stateful_init(COMP_CTX *ctx) - state->istream.opaque = Z_NULL; - state->istream.next_in = Z_NULL; - state->istream.next_out = Z_NULL; -+ state->istream.avail_in = 0; -+ state->istream.avail_out = 0; - err = inflateInit_(&state->istream, ZLIB_VERSION, sizeof(z_stream)); - if (err != Z_OK) - goto err; -@@ -142,24 +163,31 @@ static int zlib_stateful_init(COMP_CTX *ctx) - state->ostream.opaque = Z_NULL; - state->ostream.next_in = Z_NULL; - state->ostream.next_out = Z_NULL; -+ state->ostream.avail_in = 0; -+ state->ostream.avail_out = 0; - err = deflateInit_(&state->ostream, Z_DEFAULT_COMPRESSION, - ZLIB_VERSION, sizeof(z_stream)); - if (err != Z_OK) - goto err; - -- ctx->data = state; -+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_COMP, ctx, &ctx->ex_data); -+ CRYPTO_set_ex_data(&ctx->ex_data, zlib_stateful_ex_idx, state); - return 1; - err: -- OPENSSL_free(state); -+ if (state) -+ OPENSSL_free(state); - return 0; - } - - static void zlib_stateful_finish(COMP_CTX *ctx) - { -- struct zlib_state *state = ctx->data; -+ struct zlib_state *state = -+ (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data, -+ zlib_stateful_ex_idx); - inflateEnd(&state->istream); - deflateEnd(&state->ostream); - OPENSSL_free(state); -+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_COMP, ctx, &ctx->ex_data); - } - - static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out, -@@ -167,7 +195,9 @@ static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out, - unsigned int ilen) - { - int err = Z_OK; -- struct zlib_state *state = ctx->data; -+ struct zlib_state *state = -+ (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data, -+ zlib_stateful_ex_idx); - - if (state == NULL) - return -1; -@@ -180,6 +210,11 @@ static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out, - err = deflate(&state->ostream, Z_SYNC_FLUSH); - if (err != Z_OK) - return -1; -+# ifdef DEBUG_ZLIB -+ fprintf(stderr, "compress(%4d)->%4d %s\n", -+ ilen, olen - state->ostream.avail_out, -+ (ilen != olen - state->ostream.avail_out) ? "zlib" : "clear"); -+# endif - return olen - state->ostream.avail_out; - } - -@@ -188,7 +223,10 @@ static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out, - unsigned int ilen) - { - int err = Z_OK; -- struct zlib_state *state = ctx->data; -+ -+ struct zlib_state *state = -+ (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data, -+ zlib_stateful_ex_idx); - - if (state == NULL) - return 0; -@@ -201,9 +239,105 @@ static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out, - err = inflate(&state->istream, Z_SYNC_FLUSH); - if (err != Z_OK) - return -1; -+# ifdef DEBUG_ZLIB -+ fprintf(stderr, "expand(%4d)->%4d %s\n", -+ ilen, olen - state->istream.avail_out, -+ (ilen != olen - state->istream.avail_out) ? "zlib" : "clear"); -+# endif - return olen - state->istream.avail_out; - } - -+# if 0 -+static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out, -+ unsigned int olen, unsigned char *in, -+ unsigned int ilen) -+{ -+ unsigned long l; -+ int i; -+ int clear = 1; -+ -+ if (ilen > 128) { -+ out[0] = 1; -+ l = olen - 1; -+ i = compress(&(out[1]), &l, in, (unsigned long)ilen); -+ if (i != Z_OK) -+ return (-1); -+ if (ilen > l) { -+ clear = 0; -+ l++; -+ } -+ } -+ if (clear) { -+ out[0] = 0; -+ memcpy(&(out[1]), in, ilen); -+ l = ilen + 1; -+ } -+# ifdef DEBUG_ZLIB -+ fprintf(stderr, "compress(%4d)->%4d %s\n", -+ ilen, (int)l, (clear) ? "clear" : "zlib"); -+# endif -+ return ((int)l); -+} -+ -+static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out, -+ unsigned int olen, unsigned char *in, -+ unsigned int ilen) -+{ -+ unsigned long l; -+ int i; -+ -+ if (in[0]) { -+ l = olen; -+ i = zz_uncompress(out, &l, &(in[1]), (unsigned long)ilen - 1); -+ if (i != Z_OK) -+ return (-1); -+ } else { -+ memcpy(out, &(in[1]), ilen - 1); -+ l = ilen - 1; -+ } -+# ifdef DEBUG_ZLIB -+ fprintf(stderr, "expand (%4d)->%4d %s\n", -+ ilen, (int)l, in[0] ? "zlib" : "clear"); -+# endif -+ return ((int)l); -+} -+ -+static int zz_uncompress(Bytef *dest, uLongf * destLen, const Bytef *source, -+ uLong sourceLen) -+{ -+ z_stream stream; -+ int err; -+ -+ stream.next_in = (Bytef *)source; -+ stream.avail_in = (uInt) sourceLen; -+ /* Check for source > 64K on 16-bit machine: */ -+ if ((uLong) stream.avail_in != sourceLen) -+ return Z_BUF_ERROR; -+ -+ stream.next_out = dest; -+ stream.avail_out = (uInt) * destLen; -+ if ((uLong) stream.avail_out != *destLen) -+ return Z_BUF_ERROR; -+ -+ stream.zalloc = (alloc_func) 0; -+ stream.zfree = (free_func) 0; -+ -+ err = inflateInit_(&stream, ZLIB_VERSION, sizeof(z_stream)); -+ if (err != Z_OK) -+ return err; -+ -+ err = inflate(&stream, Z_FINISH); -+ if (err != Z_STREAM_END) { -+ inflateEnd(&stream); -+ return err; -+ } -+ *destLen = stream.total_out; -+ -+ err = inflateEnd(&stream); -+ return err; -+} -+# endif -+ - #endif - - COMP_METHOD *COMP_zlib(void) -@@ -211,19 +345,12 @@ COMP_METHOD *COMP_zlib(void) - COMP_METHOD *meth = &zlib_method_nozlib; - - #ifdef ZLIB_SHARED -- /* LIBZ may be externally defined, and we should respect that value */ --# ifndef LIBZ --# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) --# define LIBZ "ZLIB1" --# elif defined(OPENSSL_SYS_VMS) --# define LIBZ "LIBZ" --# else --# define LIBZ "z" --# endif --# endif -- - if (!zlib_loaded) { -- zlib_dso = DSO_load(NULL, LIBZ, NULL, 0); -+# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) -+ zlib_dso = DSO_load(NULL, "ZLIB1", NULL, 0); -+# else -+ zlib_dso = DSO_load(NULL, "z", NULL, 0); -+# endif - if (zlib_dso != NULL) { - p_compress = (compress_ft) DSO_bind_func(zlib_dso, "compress"); - p_inflateEnd -@@ -242,24 +369,39 @@ COMP_METHOD *COMP_zlib(void) - && p_inflateInit_ && p_deflateEnd - && p_deflate && p_deflateInit_ && p_zError) - zlib_loaded++; -- -- if (!OPENSSL_init_crypto(OPENSSL_INIT_ZLIB, NULL)) { -- comp_zlib_cleanup_int(); -- return meth; -- } -- if (zlib_loaded) -- meth = &zlib_stateful_method; - } - } - #endif --#if defined(ZLIB) -- meth = &zlib_stateful_method; -+#ifdef ZLIB_SHARED -+ if (zlib_loaded) -+#endif -+#if defined(ZLIB) || defined(ZLIB_SHARED) -+ { -+ /* -+ * init zlib_stateful_ex_idx here so that in a multi-process -+ * application it's enough to intialize openssl before forking (idx -+ * will be inherited in all the children) -+ */ -+ if (zlib_stateful_ex_idx == -1) { -+ CRYPTO_w_lock(CRYPTO_LOCK_COMP); -+ if (zlib_stateful_ex_idx == -1) -+ zlib_stateful_ex_idx = -+ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP, -+ 0, NULL, NULL, NULL, NULL); -+ CRYPTO_w_unlock(CRYPTO_LOCK_COMP); -+ if (zlib_stateful_ex_idx == -1) -+ goto err; -+ } -+ -+ meth = &zlib_stateful_method; -+ } -+ err: - #endif - - return (meth); - } - --void comp_zlib_cleanup_int(void) -+void COMP_zlib_cleanup(void) - { - #ifdef ZLIB_SHARED - if (zlib_dso != NULL) -@@ -294,7 +436,7 @@ static int bio_zlib_write(BIO *b, const char *in, int inl); - static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr); - static long bio_zlib_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp); - --static const BIO_METHOD bio_meth_zlib = { -+static BIO_METHOD bio_meth_zlib = { - BIO_TYPE_COMP, - "zlib", - bio_zlib_write, -@@ -307,7 +449,7 @@ static const BIO_METHOD bio_meth_zlib = { - bio_zlib_callback_ctrl - }; - --const BIO_METHOD *BIO_f_zlib(void) -+BIO_METHOD *BIO_f_zlib(void) - { - return &bio_meth_zlib; - } -@@ -322,21 +464,32 @@ static int bio_zlib_new(BIO *bi) - return 0; - } - # endif -- ctx = OPENSSL_zalloc(sizeof(*ctx)); -- if (ctx == NULL) { -+ ctx = OPENSSL_malloc(sizeof(BIO_ZLIB_CTX)); -+ if (!ctx) { - COMPerr(COMP_F_BIO_ZLIB_NEW, ERR_R_MALLOC_FAILURE); - return 0; - } -+ ctx->ibuf = NULL; -+ ctx->obuf = NULL; - ctx->ibufsize = ZLIB_DEFAULT_BUFSIZE; - ctx->obufsize = ZLIB_DEFAULT_BUFSIZE; - ctx->zin.zalloc = Z_NULL; - ctx->zin.zfree = Z_NULL; -+ ctx->zin.next_in = NULL; -+ ctx->zin.avail_in = 0; -+ ctx->zin.next_out = NULL; -+ ctx->zin.avail_out = 0; - ctx->zout.zalloc = Z_NULL; - ctx->zout.zfree = Z_NULL; -+ ctx->zout.next_in = NULL; -+ ctx->zout.avail_in = 0; -+ ctx->zout.next_out = NULL; -+ ctx->zout.avail_out = 0; -+ ctx->odone = 0; - ctx->comp_level = Z_DEFAULT_COMPRESSION; -- BIO_set_init(bi, 1); -- BIO_set_data(bi, ctx); -- -+ bi->init = 1; -+ bi->ptr = (char *)ctx; -+ bi->flags = 0; - return 1; - } - -@@ -345,7 +498,7 @@ static int bio_zlib_free(BIO *bi) - BIO_ZLIB_CTX *ctx; - if (!bi) - return 0; -- ctx = BIO_get_data(bi); -+ ctx = (BIO_ZLIB_CTX *) bi->ptr; - if (ctx->ibuf) { - /* Destroy decompress context */ - inflateEnd(&ctx->zin); -@@ -357,9 +510,9 @@ static int bio_zlib_free(BIO *bi) - OPENSSL_free(ctx->obuf); - } - OPENSSL_free(ctx); -- BIO_set_data(bi, NULL); -- BIO_set_init(bi, 0); -- -+ bi->ptr = NULL; -+ bi->init = 0; -+ bi->flags = 0; - return 1; - } - -@@ -368,16 +521,14 @@ static int bio_zlib_read(BIO *b, char *out, int outl) - BIO_ZLIB_CTX *ctx; - int ret; - z_stream *zin; -- BIO *next = BIO_next(b); -- - if (!out || !outl) - return 0; -- ctx = BIO_get_data(b); -+ ctx = (BIO_ZLIB_CTX *) b->ptr; - zin = &ctx->zin; - BIO_clear_retry_flags(b); - if (!ctx->ibuf) { - ctx->ibuf = OPENSSL_malloc(ctx->ibufsize); -- if (ctx->ibuf == NULL) { -+ if (!ctx->ibuf) { - COMPerr(COMP_F_BIO_ZLIB_READ, ERR_R_MALLOC_FAILURE); - return 0; - } -@@ -407,7 +558,7 @@ static int bio_zlib_read(BIO *b, char *out, int outl) - * No data in input buffer try to read some in, if an error then - * return the total data read. - */ -- ret = BIO_read(next, ctx->ibuf, ctx->ibufsize); -+ ret = BIO_read(b->next_bio, ctx->ibuf, ctx->ibufsize); - if (ret <= 0) { - /* Total data read */ - int tot = outl - zin->avail_out; -@@ -426,11 +577,9 @@ static int bio_zlib_write(BIO *b, const char *in, int inl) - BIO_ZLIB_CTX *ctx; - int ret; - z_stream *zout; -- BIO *next = BIO_next(b); -- - if (!in || !inl) - return 0; -- ctx = BIO_get_data(b); -+ ctx = (BIO_ZLIB_CTX *) b->ptr; - if (ctx->odone) - return 0; - zout = &ctx->zout; -@@ -438,7 +587,7 @@ static int bio_zlib_write(BIO *b, const char *in, int inl) - if (!ctx->obuf) { - ctx->obuf = OPENSSL_malloc(ctx->obufsize); - /* Need error here */ -- if (ctx->obuf == NULL) { -+ if (!ctx->obuf) { - COMPerr(COMP_F_BIO_ZLIB_WRITE, ERR_R_MALLOC_FAILURE); - return 0; - } -@@ -454,7 +603,7 @@ static int bio_zlib_write(BIO *b, const char *in, int inl) - for (;;) { - /* If data in output buffer write it first */ - while (ctx->ocount) { -- ret = BIO_write(next, ctx->optr, ctx->ocount); -+ ret = BIO_write(b->next_bio, ctx->optr, ctx->ocount); - if (ret <= 0) { - /* Total data written */ - int tot = inl - zout->avail_in; -@@ -493,9 +642,7 @@ static int bio_zlib_flush(BIO *b) - BIO_ZLIB_CTX *ctx; - int ret; - z_stream *zout; -- BIO *next = BIO_next(b); -- -- ctx = BIO_get_data(b); -+ ctx = (BIO_ZLIB_CTX *) b->ptr; - /* If no data written or already flush show success */ - if (!ctx->obuf || (ctx->odone && !ctx->ocount)) - return 1; -@@ -507,7 +654,7 @@ static int bio_zlib_flush(BIO *b) - for (;;) { - /* If data in output buffer write it first */ - while (ctx->ocount) { -- ret = BIO_write(next, ctx->optr, ctx->ocount); -+ ret = BIO_write(b->next_bio, ctx->optr, ctx->ocount); - if (ret <= 0) { - BIO_copy_next_retry(b); - return ret; -@@ -542,11 +689,9 @@ static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr) - BIO_ZLIB_CTX *ctx; - int ret, *ip; - int ibs, obs; -- BIO *next = BIO_next(b); -- -- if (next == NULL) -+ if (!b->next_bio) - return 0; -- ctx = BIO_get_data(b); -+ ctx = (BIO_ZLIB_CTX *) b->ptr; - switch (cmd) { - - case BIO_CTRL_RESET: -@@ -558,7 +703,7 @@ static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr) - case BIO_CTRL_FLUSH: - ret = bio_zlib_flush(b); - if (ret > 0) -- ret = BIO_flush(next); -+ ret = BIO_flush(b->next_bio); - break; - - case BIO_C_SET_BUFF_SIZE: -@@ -576,14 +721,18 @@ static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr) - } - - if (ibs != -1) { -- OPENSSL_free(ctx->ibuf); -- ctx->ibuf = NULL; -+ if (ctx->ibuf) { -+ OPENSSL_free(ctx->ibuf); -+ ctx->ibuf = NULL; -+ } - ctx->ibufsize = ibs; - } - - if (obs != -1) { -- OPENSSL_free(ctx->obuf); -- ctx->obuf = NULL; -+ if (ctx->obuf) { -+ OPENSSL_free(ctx->obuf); -+ ctx->obuf = NULL; -+ } - ctx->obufsize = obs; - } - ret = 1; -@@ -591,12 +740,12 @@ static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr) - - case BIO_C_DO_STATE_MACHINE: - BIO_clear_retry_flags(b); -- ret = BIO_ctrl(next, cmd, num, ptr); -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - BIO_copy_next_retry(b); - break; - - default: -- ret = BIO_ctrl(next, cmd, num, ptr); -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - break; - - } -@@ -606,10 +755,9 @@ static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr) - - static long bio_zlib_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) - { -- BIO *next = BIO_next(b); -- if (next == NULL) -+ if (!b->next_bio) - return 0; -- return BIO_callback_ctrl(next, cmd, fp); -+ return BIO_callback_ctrl(b->next_bio, cmd, fp); - } - - #endif -diff --git a/Cryptlib/OpenSSL/crypto/comp/comp_err.c b/Cryptlib/OpenSSL/crypto/comp/comp_err.c -index 8e2e695..8ca159b 100644 ---- a/Cryptlib/OpenSSL/crypto/comp/comp_err.c -+++ b/Cryptlib/OpenSSL/crypto/comp/comp_err.c -@@ -1,11 +1,62 @@ --/* -- * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/comp/comp_err.c */ -+/* ==================================================================== -+ * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+/* -+ * NOTE: this file was auto generated by the mkerr.pl script: any changes -+ * made to it will be overwritten when the script next updates this file, -+ * only reason strings will be preserved. - */ - - #include -@@ -19,10 +70,10 @@ - # define ERR_REASON(reason) ERR_PACK(ERR_LIB_COMP,0,reason) - - static ERR_STRING_DATA COMP_str_functs[] = { -- {ERR_FUNC(COMP_F_BIO_ZLIB_FLUSH), "bio_zlib_flush"}, -- {ERR_FUNC(COMP_F_BIO_ZLIB_NEW), "bio_zlib_new"}, -- {ERR_FUNC(COMP_F_BIO_ZLIB_READ), "bio_zlib_read"}, -- {ERR_FUNC(COMP_F_BIO_ZLIB_WRITE), "bio_zlib_write"}, -+ {ERR_FUNC(COMP_F_BIO_ZLIB_FLUSH), "BIO_ZLIB_FLUSH"}, -+ {ERR_FUNC(COMP_F_BIO_ZLIB_NEW), "BIO_ZLIB_NEW"}, -+ {ERR_FUNC(COMP_F_BIO_ZLIB_READ), "BIO_ZLIB_READ"}, -+ {ERR_FUNC(COMP_F_BIO_ZLIB_WRITE), "BIO_ZLIB_WRITE"}, - {0, NULL} - }; - -@@ -35,7 +86,7 @@ static ERR_STRING_DATA COMP_str_reasons[] = { - - #endif - --int ERR_load_COMP_strings(void) -+void ERR_load_COMP_strings(void) - { - #ifndef OPENSSL_NO_ERR - -@@ -44,5 +95,4 @@ int ERR_load_COMP_strings(void) - ERR_load_strings(0, COMP_str_reasons); - } - #endif -- return 1; - } -diff --git a/Cryptlib/OpenSSL/crypto/comp/comp_lcl.h b/Cryptlib/OpenSSL/crypto/comp/comp_lcl.h -deleted file mode 100644 -index aa45fca..0000000 ---- a/Cryptlib/OpenSSL/crypto/comp/comp_lcl.h -+++ /dev/null -@@ -1,30 +0,0 @@ --/* -- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --struct comp_method_st { -- int type; /* NID for compression library */ -- const char *name; /* A text string to identify the library */ -- int (*init) (COMP_CTX *ctx); -- void (*finish) (COMP_CTX *ctx); -- int (*compress) (COMP_CTX *ctx, -- unsigned char *out, unsigned int olen, -- unsigned char *in, unsigned int ilen); -- int (*expand) (COMP_CTX *ctx, -- unsigned char *out, unsigned int olen, -- unsigned char *in, unsigned int ilen); --}; -- --struct comp_ctx_st { -- struct comp_method_st *meth; -- unsigned long compress_in; -- unsigned long compress_out; -- unsigned long expand_in; -- unsigned long expand_out; -- void* data; --}; -diff --git a/Cryptlib/OpenSSL/crypto/comp/comp_lib.c b/Cryptlib/OpenSSL/crypto/comp/comp_lib.c -index 32afd0d..bd4eb7a 100644 ---- a/Cryptlib/OpenSSL/crypto/comp/comp_lib.c -+++ b/Cryptlib/OpenSSL/crypto/comp/comp_lib.c -@@ -1,25 +1,18 @@ --/* -- * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- - #include - #include - #include - #include - #include --#include "comp_lcl.h" - - COMP_CTX *COMP_CTX_new(COMP_METHOD *meth) - { - COMP_CTX *ret; - -- if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) -+ if ((ret = (COMP_CTX *)OPENSSL_malloc(sizeof(COMP_CTX))) == NULL) { -+ /* ZZZZZZZZZZZZZZZZ */ - return (NULL); -+ } -+ memset(ret, 0, sizeof(COMP_CTX)); - ret->meth = meth; - if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { - OPENSSL_free(ret); -@@ -28,21 +21,6 @@ COMP_CTX *COMP_CTX_new(COMP_METHOD *meth) - return (ret); - } - --const COMP_METHOD *COMP_CTX_get_method(const COMP_CTX *ctx) --{ -- return ctx->meth; --} -- --int COMP_get_type(const COMP_METHOD *meth) --{ -- return meth->type; --} -- --const char *COMP_get_name(const COMP_METHOD *meth) --{ -- return meth->name; --} -- - void COMP_CTX_free(COMP_CTX *ctx) - { - if (ctx == NULL) -@@ -59,6 +37,7 @@ int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen, - { - int ret; - if (ctx->meth->compress == NULL) { -+ /* ZZZZZZZZZZZZZZZZZ */ - return (-1); - } - ret = ctx->meth->compress(ctx, out, olen, in, ilen); -@@ -75,6 +54,7 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, - int ret; - - if (ctx->meth->expand == NULL) { -+ /* ZZZZZZZZZZZZZZZZZ */ - return (-1); - } - ret = ctx->meth->expand(ctx, out, olen, in, ilen); -@@ -84,8 +64,3 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, - } - return (ret); - } -- --int COMP_CTX_get_type(const COMP_CTX* comp) --{ -- return comp->meth ? comp->meth->type : NID_undef; --} -diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_api.c b/Cryptlib/OpenSSL/crypto/conf/conf_api.c -index 5535416..4cf7553 100644 ---- a/Cryptlib/OpenSSL/crypto/conf/conf_api.c -+++ b/Cryptlib/OpenSSL/crypto/conf/conf_api.c -@@ -1,22 +1,81 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* conf_api.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - /* Part of the code in here was originally in conf.c, which is now removed */ - -+#ifndef CONF_DEBUG -+# undef NDEBUG /* avoid conflicting definitions */ -+# define NDEBUG -+#endif -+ -+#include - #include - #include - #include - #include - #include "e_os.h" - --static void value_free_hash(const CONF_VALUE *a, LHASH_OF(CONF_VALUE) *conf); -+static void value_free_hash_doall_arg(CONF_VALUE *a, -+ LHASH_OF(CONF_VALUE) *conf); - static void value_free_stack_doall(CONF_VALUE *a); -+static IMPLEMENT_LHASH_DOALL_ARG_FN(value_free_hash, CONF_VALUE, -+ LHASH_OF(CONF_VALUE)) -+static IMPLEMENT_LHASH_DOALL_FN(value_free_stack, CONF_VALUE) - - /* Up until OpenSSL 0.9.5a, this was get_section */ - CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section) -@@ -98,11 +157,35 @@ char *_CONF_get_string(const CONF *conf, const char *section, - return (getenv(name)); - } - -+#if 0 /* There's no way to provide error checking -+ * with this function, so force implementors -+ * of the higher levels to get a string and -+ * read the number themselves. */ -+long _CONF_get_number(CONF *conf, char *section, char *name) -+{ -+ char *str; -+ long ret = 0; -+ -+ str = _CONF_get_string(conf, section, name); -+ if (str == NULL) -+ return (0); -+ for (;;) { -+ if (conf->meth->is_number(conf, *str)) -+ ret = ret * 10 + conf->meth->to_int(conf, *str); -+ else -+ return (ret); -+ str++; -+ } -+} -+#endif -+ - static unsigned long conf_value_hash(const CONF_VALUE *v) - { -- return (OPENSSL_LH_strhash(v->section) << 2) ^ OPENSSL_LH_strhash(v->name); -+ return (lh_strhash(v->section) << 2) ^ lh_strhash(v->name); - } - -+static IMPLEMENT_LHASH_HASH_FN(conf_value, CONF_VALUE) -+ - static int conf_value_cmp(const CONF_VALUE *a, const CONF_VALUE *b) - { - int i; -@@ -122,42 +205,43 @@ static int conf_value_cmp(const CONF_VALUE *a, const CONF_VALUE *b) - return ((a->name == NULL) ? -1 : 1); - } - -+static IMPLEMENT_LHASH_COMP_FN(conf_value, CONF_VALUE) -+ - int _CONF_new_data(CONF *conf) - { - if (conf == NULL) { - return 0; - } -- if (conf->data == NULL) { -- conf->data = lh_CONF_VALUE_new(conf_value_hash, conf_value_cmp); -- if (conf->data == NULL) -+ if (conf->data == NULL) -+ if ((conf->data = lh_CONF_VALUE_new()) == NULL) { - return 0; -- } -+ } - return 1; - } - --typedef LHASH_OF(CONF_VALUE) LH_CONF_VALUE; -- --IMPLEMENT_LHASH_DOALL_ARG_CONST(CONF_VALUE, LH_CONF_VALUE); -- - void _CONF_free_data(CONF *conf) - { - if (conf == NULL || conf->data == NULL) - return; - -- /* evil thing to make sure the 'OPENSSL_free()' works as expected */ -- lh_CONF_VALUE_set_down_load(conf->data, 0); -- lh_CONF_VALUE_doall_LH_CONF_VALUE(conf->data, value_free_hash, conf->data); -+ lh_CONF_VALUE_down_load(conf->data) = 0; /* evil thing to make * sure the -+ * 'OPENSSL_free()' works as * -+ * expected */ -+ lh_CONF_VALUE_doall_arg(conf->data, -+ LHASH_DOALL_ARG_FN(value_free_hash), -+ LHASH_OF(CONF_VALUE), conf->data); - - /* - * We now have only 'section' entries in the hash table. Due to problems - * with - */ - -- lh_CONF_VALUE_doall(conf->data, value_free_stack_doall); -+ lh_CONF_VALUE_doall(conf->data, LHASH_DOALL_FN(value_free_stack)); - lh_CONF_VALUE_free(conf->data); - } - --static void value_free_hash(const CONF_VALUE *a, LHASH_OF(CONF_VALUE) *conf) -+static void value_free_hash_doall_arg(CONF_VALUE *a, -+ LHASH_OF(CONF_VALUE) *conf) - { - if (a->name != NULL) - (void)lh_CONF_VALUE_delete(conf, a); -@@ -179,7 +263,8 @@ static void value_free_stack_doall(CONF_VALUE *a) - OPENSSL_free(vv->name); - OPENSSL_free(vv); - } -- sk_CONF_VALUE_free(sk); -+ if (sk != NULL) -+ sk_CONF_VALUE_free(sk); - OPENSSL_free(a->section); - OPENSSL_free(a); - } -@@ -188,12 +273,12 @@ static void value_free_stack_doall(CONF_VALUE *a) - CONF_VALUE *_CONF_new_section(CONF *conf, const char *section) - { - STACK_OF(CONF_VALUE) *sk = NULL; -- int i; -+ int ok = 0, i; - CONF_VALUE *v = NULL, *vv; - - if ((sk = sk_CONF_VALUE_new_null()) == NULL) - goto err; -- if ((v = OPENSSL_malloc(sizeof(*v))) == NULL) -+ if ((v = OPENSSL_malloc(sizeof(CONF_VALUE))) == NULL) - goto err; - i = strlen(section) + 1; - if ((v->section = OPENSSL_malloc(i)) == NULL) -@@ -205,10 +290,16 @@ CONF_VALUE *_CONF_new_section(CONF *conf, const char *section) - - vv = lh_CONF_VALUE_insert(conf->data, v); - OPENSSL_assert(vv == NULL); -- return v; -- -+ ok = 1; - err: -- sk_CONF_VALUE_free(sk); -- OPENSSL_free(v); -- return NULL; -+ if (!ok) { -+ if (sk != NULL) -+ sk_CONF_VALUE_free(sk); -+ if (v != NULL) -+ OPENSSL_free(v); -+ v = NULL; -+ } -+ return (v); - } -+ -+IMPLEMENT_STACK_OF(CONF_VALUE) -diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_def.c b/Cryptlib/OpenSSL/crypto/conf/conf_def.c -index 8861b3a..3d308c7 100644 ---- a/Cryptlib/OpenSSL/crypto/conf/conf_def.c -+++ b/Cryptlib/OpenSSL/crypto/conf/conf_def.c -@@ -1,17 +1,66 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/conf/conf.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - /* Part of the code in here was originally in conf.c, which is now removed */ - - #include - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include -@@ -39,6 +88,8 @@ static int def_dump(const CONF *conf, BIO *bp); - static int def_is_number(const CONF *conf, char c); - static int def_to_int(const CONF *conf, char c); - -+const char CONF_def_version[] = "CONF_def" OPENSSL_VERSION_PTEXT; -+ - static CONF_METHOD default_method = { - "OpenSSL default", - def_create, -@@ -79,8 +130,8 @@ static CONF *def_create(CONF_METHOD *meth) - { - CONF *ret; - -- ret = OPENSSL_malloc(sizeof(*ret)); -- if (ret != NULL) -+ ret = OPENSSL_malloc(sizeof(CONF) + sizeof(unsigned short *)); -+ if (ret) - if (meth->init(ret) == 0) { - OPENSSL_free(ret); - ret = NULL; -@@ -94,7 +145,7 @@ static int def_init_default(CONF *conf) - return 0; - - conf->meth = &default_method; -- conf->meth_data = (void *)CONF_type_default; -+ conf->meth_data = CONF_type_default; - conf->data = NULL; - - return 1; -@@ -131,6 +182,10 @@ static int def_destroy_data(CONF *conf) - - static int def_load(CONF *conf, const char *name, long *line) - { -+#ifdef OPENSSL_NO_STDIO -+ CONFerr(CONF_F_DEF_LOAD, ERR_R_SYS_LIB); -+ return 0; -+#else - int ret; - BIO *in = NULL; - -@@ -151,6 +206,7 @@ static int def_load(CONF *conf, const char *name, long *line) - BIO_free(in); - - return ret; -+#endif - } - - static int def_load_bio(CONF *conf, BIO *in, long *line) -@@ -174,7 +230,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) - goto err; - } - -- section = OPENSSL_strdup("default"); -+ section = BUF_strdup("default"); - if (section == NULL) { - CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); - goto err; -@@ -305,19 +361,19 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) - p++; - *p = '\0'; - -- if ((v = OPENSSL_malloc(sizeof(*v))) == NULL) { -+ if (!(v = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) { - CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); - goto err; - } - if (psection == NULL) - psection = section; -- v->name = OPENSSL_malloc(strlen(pname) + 1); -+ v->name = (char *)OPENSSL_malloc(strlen(pname) + 1); - v->value = NULL; - if (v->name == NULL) { - CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); - goto err; - } -- OPENSSL_strlcpy(v->name, pname, strlen(pname) + 1); -+ BUF_strlcpy(v->name, pname, strlen(pname) + 1); - if (!str_copy(conf, psection, &(v->value), start)) - goto err; - -@@ -332,31 +388,53 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) - } - } else - tv = sv; -+#if 1 - if (_CONF_add_string(conf, tv, v) == 0) { - CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); - goto err; - } -+#else -+ v->section = tv->section; -+ if (!sk_CONF_VALUE_push(ts, v)) { -+ CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ vv = (CONF_VALUE *)lh_insert(conf->data, v); -+ if (vv != NULL) { -+ sk_CONF_VALUE_delete_ptr(ts, vv); -+ OPENSSL_free(vv->name); -+ OPENSSL_free(vv->value); -+ OPENSSL_free(vv); -+ } -+#endif - v = NULL; - } - } -- BUF_MEM_free(buff); -- OPENSSL_free(section); -+ if (buff != NULL) -+ BUF_MEM_free(buff); -+ if (section != NULL) -+ OPENSSL_free(section); - return (1); - err: -- BUF_MEM_free(buff); -- OPENSSL_free(section); -+ if (buff != NULL) -+ BUF_MEM_free(buff); -+ if (section != NULL) -+ OPENSSL_free(section); - if (line != NULL) - *line = eline; - BIO_snprintf(btmp, sizeof btmp, "%ld", eline); - ERR_add_error_data(2, "line ", btmp); -- if (h != conf->data) { -+ if ((h != conf->data) && (conf->data != NULL)) { - CONF_free(conf->data); - conf->data = NULL; - } - if (v != NULL) { -- OPENSSL_free(v->name); -- OPENSSL_free(v->value); -- OPENSSL_free(v); -+ if (v->name != NULL) -+ OPENSSL_free(v->name); -+ if (v->value != NULL) -+ OPENSSL_free(v->value); -+ if (v != NULL) -+ OPENSSL_free(v); - } - return (0); - } -@@ -536,12 +614,14 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from) - buf->data[to++] = *(from++); - } - buf->data[to] = '\0'; -- OPENSSL_free(*pto); -+ if (*pto != NULL) -+ OPENSSL_free(*pto); - *pto = buf->data; - OPENSSL_free(buf); - return (1); - err: -- BUF_MEM_free(buf); -+ if (buf != NULL) -+ BUF_MEM_free(buf); - return (0); - } - -@@ -603,7 +683,7 @@ static char *scan_dquote(CONF *conf, char *p) - return (p); - } - --static void dump_value_doall_arg(const CONF_VALUE *a, BIO *out) -+static void dump_value_doall_arg(CONF_VALUE *a, BIO *out) - { - if (a->name) - BIO_printf(out, "[%s] %s=%s\n", a->section, a->name, a->value); -@@ -611,11 +691,12 @@ static void dump_value_doall_arg(const CONF_VALUE *a, BIO *out) - BIO_printf(out, "[[%s]]\n", a->section); - } - --IMPLEMENT_LHASH_DOALL_ARG_CONST(CONF_VALUE, BIO); -+static IMPLEMENT_LHASH_DOALL_ARG_FN(dump_value, CONF_VALUE, BIO) - - static int def_dump(const CONF *conf, BIO *out) - { -- lh_CONF_VALUE_doall_BIO(conf->data, dump_value_doall_arg, out); -+ lh_CONF_VALUE_doall_arg(conf->data, LHASH_DOALL_ARG_FN(dump_value), -+ BIO, out); - return 1; - } - -diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_def.h b/Cryptlib/OpenSSL/crypto/conf/conf_def.h -index da4767e..48b3442 100644 ---- a/Cryptlib/OpenSSL/crypto/conf/conf_def.h -+++ b/Cryptlib/OpenSSL/crypto/conf/conf_def.h -@@ -1,12 +1,64 @@ --/* -- * WARNING: do not edit! -- * Generated by crypto/conf/keysets.pl -+/* crypto/conf/conf_def.h */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+/* -+ * THIS FILE WAS AUTOMAGICALLY GENERATED! Please modify and use keysets.pl to -+ * regenerate it. - */ - - #define CONF_NUMBER 1 -@@ -27,38 +79,38 @@ - #define CONF_ALPHA_NUMERIC_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER| \ - CONF_PUNCTUATION) - --#define KEYTYPES(c) ((const unsigned short *)((c)->meth_data)) -+#define KEYTYPES(c) ((unsigned short *)((c)->meth_data)) - #ifndef CHARSET_EBCDIC --# define IS_COMMENT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_COMMENT) --# define IS_FCOMMENT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_FCOMMENT) --# define IS_EOF(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_EOF) --# define IS_ESC(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_ESC) --# define IS_NUMBER(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_NUMBER) --# define IS_WS(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_WS) --# define IS_ALPHA_NUMERIC(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC) -+# define IS_COMMENT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_COMMENT) -+# define IS_FCOMMENT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_FCOMMENT) -+# define IS_EOF(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_EOF) -+# define IS_ESC(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_ESC) -+# define IS_NUMBER(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_NUMBER) -+# define IS_WS(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_WS) -+# define IS_ALPHA_NUMERIC(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC) - # define IS_ALPHA_NUMERIC_PUNCT(c,a) \ - (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC_PUNCT) --# define IS_QUOTE(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_QUOTE) --# define IS_DQUOTE(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_DQUOTE) --# define IS_HIGHBIT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_HIGHBIT) -+# define IS_QUOTE(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_QUOTE) -+# define IS_DQUOTE(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_DQUOTE) -+# define IS_HIGHBIT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_HIGHBIT) - --#else /* CHARSET_EBCDIC */ -+#else /*CHARSET_EBCDIC*/ - --# define IS_COMMENT(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_COMMENT) --# define IS_FCOMMENT(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_FCOMMENT) --# define IS_EOF(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_EOF) --# define IS_ESC(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_ESC) --# define IS_NUMBER(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_NUMBER) --# define IS_WS(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_WS) --# define IS_ALPHA_NUMERIC(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_ALPHA_NUMERIC) -+# define IS_COMMENT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_COMMENT) -+# define IS_FCOMMENT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_FCOMMENT) -+# define IS_EOF(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_EOF) -+# define IS_ESC(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ESC) -+# define IS_NUMBER(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_NUMBER) -+# define IS_WS(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_WS) -+# define IS_ALPHA_NUMERIC(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC) - # define IS_ALPHA_NUMERIC_PUNCT(c,a) \ -- (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_ALPHA_NUMERIC_PUNCT) --# define IS_QUOTE(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_QUOTE) --# define IS_DQUOTE(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_DQUOTE) --# define IS_HIGHBIT(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_HIGHBIT) --#endif /* CHARSET_EBCDIC */ -+ (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC_PUNCT) -+# define IS_QUOTE(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_QUOTE) -+# define IS_DQUOTE(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_DQUOTE) -+# define IS_HIGHBIT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_HIGHBIT) -+#endif /*CHARSET_EBCDIC*/ - --static const unsigned short CONF_type_default[256] = { -+static unsigned short CONF_type_default[256] = { - 0x0008, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, - 0x0000, 0x0010, 0x0010, 0x0000, 0x0000, 0x0010, 0x0000, 0x0000, - 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, -@@ -93,7 +145,7 @@ static const unsigned short CONF_type_default[256] = { - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, - }; - --static const unsigned short CONF_type_win32[256] = { -+static unsigned short CONF_type_win32[256] = { - 0x0008, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, - 0x0000, 0x0010, 0x0010, 0x0000, 0x0000, 0x0010, 0x0000, 0x0000, - 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, -diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_err.c b/Cryptlib/OpenSSL/crypto/conf/conf_err.c -index b583c05..bb5e2fe 100644 ---- a/Cryptlib/OpenSSL/crypto/conf/conf_err.c -+++ b/Cryptlib/OpenSSL/crypto/conf/conf_err.c -@@ -1,11 +1,62 @@ --/* -- * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/conf/conf_err.c */ -+/* ==================================================================== -+ * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+/* -+ * NOTE: this file was auto generated by the mkerr.pl script: any changes -+ * made to it will be overwritten when the script next updates this file, -+ * only reason strings will be preserved. - */ - - #include -@@ -21,15 +72,18 @@ - static ERR_STRING_DATA CONF_str_functs[] = { - {ERR_FUNC(CONF_F_CONF_DUMP_FP), "CONF_dump_fp"}, - {ERR_FUNC(CONF_F_CONF_LOAD), "CONF_load"}, -+ {ERR_FUNC(CONF_F_CONF_LOAD_BIO), "CONF_load_bio"}, - {ERR_FUNC(CONF_F_CONF_LOAD_FP), "CONF_load_fp"}, -+ {ERR_FUNC(CONF_F_CONF_MODULES_LOAD), "CONF_modules_load"}, - {ERR_FUNC(CONF_F_CONF_PARSE_LIST), "CONF_parse_list"}, -- {ERR_FUNC(CONF_F_DEF_LOAD), "def_load"}, -- {ERR_FUNC(CONF_F_DEF_LOAD_BIO), "def_load_bio"}, -- {ERR_FUNC(CONF_F_MODULE_INIT), "module_init"}, -- {ERR_FUNC(CONF_F_MODULE_LOAD_DSO), "module_load_dso"}, -- {ERR_FUNC(CONF_F_MODULE_RUN), "module_run"}, -+ {ERR_FUNC(CONF_F_DEF_LOAD), "DEF_LOAD"}, -+ {ERR_FUNC(CONF_F_DEF_LOAD_BIO), "DEF_LOAD_BIO"}, -+ {ERR_FUNC(CONF_F_MODULE_INIT), "MODULE_INIT"}, -+ {ERR_FUNC(CONF_F_MODULE_LOAD_DSO), "MODULE_LOAD_DSO"}, -+ {ERR_FUNC(CONF_F_MODULE_RUN), "MODULE_RUN"}, - {ERR_FUNC(CONF_F_NCONF_DUMP_BIO), "NCONF_dump_bio"}, - {ERR_FUNC(CONF_F_NCONF_DUMP_FP), "NCONF_dump_fp"}, -+ {ERR_FUNC(CONF_F_NCONF_GET_NUMBER), "NCONF_get_number"}, - {ERR_FUNC(CONF_F_NCONF_GET_NUMBER_E), "NCONF_get_number_e"}, - {ERR_FUNC(CONF_F_NCONF_GET_SECTION), "NCONF_get_section"}, - {ERR_FUNC(CONF_F_NCONF_GET_STRING), "NCONF_get_string"}, -@@ -37,7 +91,7 @@ static ERR_STRING_DATA CONF_str_functs[] = { - {ERR_FUNC(CONF_F_NCONF_LOAD_BIO), "NCONF_load_bio"}, - {ERR_FUNC(CONF_F_NCONF_LOAD_FP), "NCONF_load_fp"}, - {ERR_FUNC(CONF_F_NCONF_NEW), "NCONF_new"}, -- {ERR_FUNC(CONF_F_STR_COPY), "str_copy"}, -+ {ERR_FUNC(CONF_F_STR_COPY), "STR_COPY"}, - {0, NULL} - }; - -@@ -47,6 +101,7 @@ static ERR_STRING_DATA CONF_str_reasons[] = { - {ERR_REASON(CONF_R_MISSING_CLOSE_SQUARE_BRACKET), - "missing close square bracket"}, - {ERR_REASON(CONF_R_MISSING_EQUAL_SIGN), "missing equal sign"}, -+ {ERR_REASON(CONF_R_MISSING_FINISH_FUNCTION), "missing finish function"}, - {ERR_REASON(CONF_R_MISSING_INIT_FUNCTION), "missing init function"}, - {ERR_REASON(CONF_R_MODULE_INITIALIZATION_ERROR), - "module initialization error"}, -@@ -66,7 +121,7 @@ static ERR_STRING_DATA CONF_str_reasons[] = { - - #endif - --int ERR_load_CONF_strings(void) -+void ERR_load_CONF_strings(void) - { - #ifndef OPENSSL_NO_ERR - -@@ -75,5 +130,4 @@ int ERR_load_CONF_strings(void) - ERR_load_strings(0, CONF_str_reasons); - } - #endif -- return 1; - } -diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_lib.c b/Cryptlib/OpenSSL/crypto/conf/conf_lib.c -index 3532114..952b545 100644 ---- a/Cryptlib/OpenSSL/crypto/conf/conf_lib.c -+++ b/Cryptlib/OpenSSL/crypto/conf/conf_lib.c -@@ -1,21 +1,70 @@ -+/* conf_lib.c */ - /* -- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project -+ * 2000. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include --#include - #include - #include - #include - #include - #include --#include "e_os.h" -+ -+const char CONF_version[] = "CONF" OPENSSL_VERSION_PTEXT; - - static CONF_METHOD *default_CONF_method = NULL; - -@@ -41,6 +90,7 @@ int CONF_set_default_method(CONF_METHOD *meth) - return 1; - } - -+#ifndef OPENSSL_NO_STDIO - LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file, - long *eline) - { -@@ -62,14 +112,15 @@ LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file, - - return ltmp; - } -+#endif - --#ifndef OPENSSL_NO_STDIO -+#ifndef OPENSSL_NO_FP_API - LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp, - long *eline) - { - BIO *btmp; - LHASH_OF(CONF_VALUE) *ltmp; -- if ((btmp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) { -+ if (!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) { - CONFerr(CONF_F_CONF_LOAD_FP, ERR_R_BUF_LIB); - return NULL; - } -@@ -145,13 +196,13 @@ void CONF_free(LHASH_OF(CONF_VALUE) *conf) - NCONF_free_data(&ctmp); - } - --#ifndef OPENSSL_NO_STDIO -+#ifndef OPENSSL_NO_FP_API - int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out) - { - BIO *btmp; - int ret; - -- if ((btmp = BIO_new_fp(out, BIO_NOCLOSE)) == NULL) { -+ if (!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) { - CONFerr(CONF_F_CONF_DUMP_FP, ERR_R_BUF_LIB); - return 0; - } -@@ -206,6 +257,7 @@ void NCONF_free_data(CONF *conf) - conf->meth->destroy_data(conf); - } - -+#ifndef OPENSSL_NO_STDIO - int NCONF_load(CONF *conf, const char *file, long *eline) - { - if (conf == NULL) { -@@ -215,13 +267,14 @@ int NCONF_load(CONF *conf, const char *file, long *eline) - - return conf->meth->load(conf, file, eline); - } -+#endif - --#ifndef OPENSSL_NO_STDIO -+#ifndef OPENSSL_NO_FP_API - int NCONF_load_fp(CONF *conf, FILE *fp, long *eline) - { - BIO *btmp; - int ret; -- if ((btmp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) { -+ if (!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) { - CONFerr(CONF_F_NCONF_LOAD_FP, ERR_R_BUF_LIB); - return 0; - } -@@ -300,12 +353,12 @@ int NCONF_get_number_e(const CONF *conf, const char *group, const char *name, - return 1; - } - --#ifndef OPENSSL_NO_STDIO -+#ifndef OPENSSL_NO_FP_API - int NCONF_dump_fp(const CONF *conf, FILE *out) - { - BIO *btmp; - int ret; -- if ((btmp = BIO_new_fp(out, BIO_NOCLOSE)) == NULL) { -+ if (!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) { - CONFerr(CONF_F_NCONF_DUMP_FP, ERR_R_BUF_LIB); - return 0; - } -@@ -325,41 +378,18 @@ int NCONF_dump_bio(const CONF *conf, BIO *out) - return conf->meth->dump(conf, out); - } - --/* -- * These routines call the C malloc/free, to avoid intermixing with -- * OpenSSL function pointers before the library is initialized. -- */ --OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void) --{ -- OPENSSL_INIT_SETTINGS *ret = malloc(sizeof(*ret)); -- -- if (ret != NULL) -- memset(ret, 0, sizeof(*ret)); -- return ret; --} -- -- --#ifndef OPENSSL_NO_STDIO --int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings, -- const char *appname) -+/* This function should be avoided */ -+#if 0 -+long NCONF_get_number(CONF *conf, char *group, char *name) - { -- char *newappname = NULL; -+ int status; -+ long ret = 0; - -- if (appname != NULL) { -- newappname = strdup(appname); -- if (newappname == NULL) -- return 0; -+ status = NCONF_get_number_e(conf, group, name, &ret); -+ if (status == 0) { -+ /* This function does not believe in errors... */ -+ ERR_get_error(); - } -- -- free(settings->appname); -- settings->appname = newappname; -- -- return 1; -+ return ret; - } - #endif -- --void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings) --{ -- free(settings->appname); -- free(settings); --} -diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_mall.c b/Cryptlib/OpenSSL/crypto/conf/conf_mall.c -index 4e7a434..b4dbd66 100644 ---- a/Cryptlib/OpenSSL/crypto/conf/conf_mall.c -+++ b/Cryptlib/OpenSSL/crypto/conf/conf_mall.c -@@ -1,19 +1,72 @@ -+/* conf_mall.c */ - /* -- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project -+ * 2001. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include -+#include - #include - #include --#include -+#ifndef OPENSSL_NO_ENGINE -+# include -+#endif - - /* Load all OpenSSL builtin modules */ - -@@ -21,7 +74,6 @@ void OPENSSL_load_builtin_modules(void) - { - /* Add builtin modules here */ - ASN1_add_oid_module(); -- ASN1_add_stable_module(); - #ifndef OPENSSL_NO_ENGINE - ENGINE_add_conf_module(); - #endif -diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_mod.c b/Cryptlib/OpenSSL/crypto/conf/conf_mod.c -index 31f838e..13d93ea 100644 ---- a/Cryptlib/OpenSSL/crypto/conf/conf_mod.c -+++ b/Cryptlib/OpenSSL/crypto/conf/conf_mod.c -@@ -1,18 +1,68 @@ -+/* conf_mod.c */ - /* -- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project -+ * 2001. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include - #include - #include --#include "internal/cryptlib.h" --#include "internal/conf.h" --#include "internal/dso.h" -+#include "cryptlib.h" -+#include -+#include - #include - - #define DSO_mod_init_name "OPENSSL_init" -@@ -56,16 +106,16 @@ static STACK_OF(CONF_IMODULE) *initialized_modules = NULL; - - static void module_free(CONF_MODULE *md); - static void module_finish(CONF_IMODULE *imod); --static int module_run(const CONF *cnf, const char *name, const char *value, -+static int module_run(const CONF *cnf, char *name, char *value, - unsigned long flags); - static CONF_MODULE *module_add(DSO *dso, const char *name, - conf_init_func *ifunc, - conf_finish_func *ffunc); --static CONF_MODULE *module_find(const char *name); --static int module_init(CONF_MODULE *pmod, const char *name, const char *value, -+static CONF_MODULE *module_find(char *name); -+static int module_init(CONF_MODULE *pmod, char *name, char *value, - const CONF *cnf); --static CONF_MODULE *module_load_dso(const CONF *cnf, const char *name, -- const char *value); -+static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value, -+ unsigned long flags); - - /* Main function: load modules from a CONF structure */ - -@@ -109,6 +159,7 @@ int CONF_modules_load(const CONF *cnf, const char *appname, - - } - -+#ifndef OPENSSL_NO_STDIO - int CONF_modules_load_file(const char *filename, const char *appname, - unsigned long flags) - { -@@ -116,7 +167,7 @@ int CONF_modules_load_file(const char *filename, const char *appname, - CONF *conf = NULL; - int ret = 0; - conf = NCONF_new(NULL); -- if (conf == NULL) -+ if (!conf) - goto err; - - if (filename == NULL) { -@@ -144,8 +195,9 @@ int CONF_modules_load_file(const char *filename, const char *appname, - - return ret; - } -+#endif - --static int module_run(const CONF *cnf, const char *name, const char *value, -+static int module_run(const CONF *cnf, char *name, char *value, - unsigned long flags) - { - CONF_MODULE *md; -@@ -155,7 +207,7 @@ static int module_run(const CONF *cnf, const char *name, const char *value, - - /* Module not found: try to load DSO */ - if (!md && !(flags & CONF_MFLAGS_NO_DSO)) -- md = module_load_dso(cnf, name, value); -+ md = module_load_dso(cnf, name, value, flags); - - if (!md) { - if (!(flags & CONF_MFLAGS_SILENT)) { -@@ -181,13 +233,13 @@ static int module_run(const CONF *cnf, const char *name, const char *value, - } - - /* Load a module from a DSO */ --static CONF_MODULE *module_load_dso(const CONF *cnf, -- const char *name, const char *value) -+static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value, -+ unsigned long flags) - { - DSO *dso = NULL; - conf_init_func *ifunc; - conf_finish_func *ffunc; -- const char *path = NULL; -+ char *path = NULL; - int errcode = 0; - CONF_MODULE *md; - /* Look for alternative path in module section */ -@@ -216,7 +268,8 @@ static CONF_MODULE *module_load_dso(const CONF *cnf, - return md; - - err: -- DSO_free(dso); -+ if (dso) -+ DSO_free(dso); - CONFerr(CONF_F_MODULE_LOAD_DSO, errcode); - ERR_add_error_data(4, "module=", name, ", path=", path); - return NULL; -@@ -231,21 +284,21 @@ static CONF_MODULE *module_add(DSO *dso, const char *name, - supported_modules = sk_CONF_MODULE_new_null(); - if (supported_modules == NULL) - return NULL; -- tmod = OPENSSL_zalloc(sizeof(*tmod)); -+ tmod = OPENSSL_malloc(sizeof(CONF_MODULE)); - if (tmod == NULL) - return NULL; - - tmod->dso = dso; -- tmod->name = OPENSSL_strdup(name); -- tmod->init = ifunc; -- tmod->finish = ffunc; -+ tmod->name = BUF_strdup(name); - if (tmod->name == NULL) { - OPENSSL_free(tmod); - return NULL; - } -+ tmod->init = ifunc; -+ tmod->finish = ffunc; -+ tmod->links = 0; - - if (!sk_CONF_MODULE_push(supported_modules, tmod)) { -- OPENSSL_free(tmod->name); - OPENSSL_free(tmod); - return NULL; - } -@@ -259,7 +312,7 @@ static CONF_MODULE *module_add(DSO *dso, const char *name, - * initialized more than once. - */ - --static CONF_MODULE *module_find(const char *name) -+static CONF_MODULE *module_find(char *name) - { - CONF_MODULE *tmod; - int i, nchar; -@@ -273,7 +326,7 @@ static CONF_MODULE *module_find(const char *name) - - for (i = 0; i < sk_CONF_MODULE_num(supported_modules); i++) { - tmod = sk_CONF_MODULE_value(supported_modules, i); -- if (strncmp(tmod->name, name, nchar) == 0) -+ if (!strncmp(tmod->name, name, nchar)) - return tmod; - } - -@@ -282,7 +335,7 @@ static CONF_MODULE *module_find(const char *name) - } - - /* initialize a module */ --static int module_init(CONF_MODULE *pmod, const char *name, const char *value, -+static int module_init(CONF_MODULE *pmod, char *name, char *value, - const CONF *cnf) - { - int ret = 1; -@@ -290,13 +343,13 @@ static int module_init(CONF_MODULE *pmod, const char *name, const char *value, - CONF_IMODULE *imod = NULL; - - /* Otherwise add initialized module to list */ -- imod = OPENSSL_malloc(sizeof(*imod)); -- if (imod == NULL) -+ imod = OPENSSL_malloc(sizeof(CONF_IMODULE)); -+ if (!imod) - goto err; - - imod->pmod = pmod; -- imod->name = OPENSSL_strdup(name); -- imod->value = OPENSSL_strdup(value); -+ imod->name = BUF_strdup(name); -+ imod->value = BUF_strdup(value); - imod->usr_data = NULL; - - if (!imod->name || !imod->value) -@@ -336,8 +389,10 @@ static int module_init(CONF_MODULE *pmod, const char *name, const char *value, - - memerr: - if (imod) { -- OPENSSL_free(imod->name); -- OPENSSL_free(imod->value); -+ if (imod->name) -+ OPENSSL_free(imod->name); -+ if (imod->value) -+ OPENSSL_free(imod->value); - OPENSSL_free(imod); - } - -@@ -375,7 +430,8 @@ void CONF_modules_unload(int all) - /* unload a single module */ - static void module_free(CONF_MODULE *md) - { -- DSO_free(md->dso); -+ if (md->dso) -+ DSO_free(md->dso); - OPENSSL_free(md->name); - OPENSSL_free(md); - } -@@ -397,8 +453,6 @@ void CONF_modules_finish(void) - - static void module_finish(CONF_IMODULE *imod) - { -- if (!imod) -- return; - if (imod->pmod->finish) - imod->pmod->finish(imod); - imod->pmod->links--; -@@ -418,7 +472,7 @@ int CONF_module_add(const char *name, conf_init_func *ifunc, - return 0; - } - --void conf_modules_free_int(void) -+void CONF_modules_free(void) - { - CONF_modules_finish(); - CONF_modules_unload(1); -@@ -480,7 +534,7 @@ char *CONF_get1_default_config_file(void) - - file = getenv("OPENSSL_CONF"); - if (file) -- return OPENSSL_strdup(file); -+ return BUF_strdup(file); - - len = strlen(X509_get_default_cert_area()); - #ifndef OPENSSL_SYS_VMS -@@ -490,13 +544,13 @@ char *CONF_get1_default_config_file(void) - - file = OPENSSL_malloc(len + 1); - -- if (file == NULL) -+ if (!file) - return NULL; -- OPENSSL_strlcpy(file, X509_get_default_cert_area(), len + 1); -+ BUF_strlcpy(file, X509_get_default_cert_area(), len + 1); - #ifndef OPENSSL_SYS_VMS -- OPENSSL_strlcat(file, "/", len + 1); -+ BUF_strlcat(file, "/", len + 1); - #endif -- OPENSSL_strlcat(file, OPENSSL_CONF, len + 1); -+ BUF_strlcat(file, OPENSSL_CONF, len + 1); - - return file; - } -diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_sap.c b/Cryptlib/OpenSSL/crypto/conf/conf_sap.c -index bed95ab..a25b636 100644 ---- a/Cryptlib/OpenSSL/crypto/conf/conf_sap.c -+++ b/Cryptlib/OpenSSL/crypto/conf/conf_sap.c -@@ -1,19 +1,72 @@ -+/* conf_sap.c */ - /* -- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project -+ * 2001. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include - #include --#include "internal/cryptlib.h" --#include -+#include "cryptlib.h" -+#include -+#include - #include - #include --#include -+#ifndef OPENSSL_NO_ENGINE -+# include -+#endif - - /* - * This is the automatic configuration loader: it is called automatically by -@@ -23,19 +76,7 @@ - - static int openssl_configured = 0; - --#if OPENSSL_API_COMPAT < 0x10100000L --void OPENSSL_config(const char *appname) --{ -- OPENSSL_INIT_SETTINGS settings; -- -- memset(&settings, 0, sizeof(settings)); -- if (appname != NULL) -- settings.appname = strdup(appname); -- OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, &settings); --} --#endif -- --void openssl_config_int(const char *appname) -+void OPENSSL_config(const char *config_name) - { - if (openssl_configured) - return; -@@ -46,15 +87,15 @@ void openssl_config_int(const char *appname) - ENGINE_load_builtin_engines(); - #endif - ERR_clear_error(); --#ifndef OPENSSL_SYS_UEFI -- CONF_modules_load_file(NULL, appname, -+#ifndef OPENSSL_NO_STDIO -+ CONF_modules_load_file(NULL, config_name, - CONF_MFLAGS_DEFAULT_SECTION | - CONF_MFLAGS_IGNORE_MISSING_FILE); - #endif - openssl_configured = 1; - } - --void openssl_no_config_int(void) -+void OPENSSL_no_config() - { - openssl_configured = 1; - } -diff --git a/Cryptlib/OpenSSL/crypto/constant_time_locl.h b/Cryptlib/OpenSSL/crypto/constant_time_locl.h -new file mode 100644 -index 0000000..c786aea ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/constant_time_locl.h -@@ -0,0 +1,211 @@ -+/* crypto/constant_time_locl.h */ -+/*- -+ * Utilities for constant-time cryptography. -+ * -+ * Author: Emilia Kasper (emilia@openssl.org) -+ * Based on previous work by Bodo Moeller, Emilia Kasper, Adam Langley -+ * (Google). -+ * ==================================================================== -+ * Copyright (c) 2014 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#ifndef HEADER_CONSTANT_TIME_LOCL_H -+# define HEADER_CONSTANT_TIME_LOCL_H -+ -+# include "e_os.h" /* For 'inline' */ -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+/*- -+ * The boolean methods return a bitmask of all ones (0xff...f) for true -+ * and 0 for false. This is useful for choosing a value based on the result -+ * of a conditional in constant time. For example, -+ * -+ * if (a < b) { -+ * c = a; -+ * } else { -+ * c = b; -+ * } -+ * -+ * can be written as -+ * -+ * unsigned int lt = constant_time_lt(a, b); -+ * c = constant_time_select(lt, a, b); -+ */ -+ -+/* -+ * Returns the given value with the MSB copied to all the other -+ * bits. Uses the fact that arithmetic shift shifts-in the sign bit. -+ * However, this is not ensured by the C standard so you may need to -+ * replace this with something else on odd CPUs. -+ */ -+static inline unsigned int constant_time_msb(unsigned int a); -+ -+/* -+ * Returns 0xff..f if a < b and 0 otherwise. -+ */ -+static inline unsigned int constant_time_lt(unsigned int a, unsigned int b); -+/* Convenience method for getting an 8-bit mask. */ -+static inline unsigned char constant_time_lt_8(unsigned int a, -+ unsigned int b); -+ -+/* -+ * Returns 0xff..f if a >= b and 0 otherwise. -+ */ -+static inline unsigned int constant_time_ge(unsigned int a, unsigned int b); -+/* Convenience method for getting an 8-bit mask. */ -+static inline unsigned char constant_time_ge_8(unsigned int a, -+ unsigned int b); -+ -+/* -+ * Returns 0xff..f if a == 0 and 0 otherwise. -+ */ -+static inline unsigned int constant_time_is_zero(unsigned int a); -+/* Convenience method for getting an 8-bit mask. */ -+static inline unsigned char constant_time_is_zero_8(unsigned int a); -+ -+/* -+ * Returns 0xff..f if a == b and 0 otherwise. -+ */ -+static inline unsigned int constant_time_eq(unsigned int a, unsigned int b); -+/* Convenience method for getting an 8-bit mask. */ -+static inline unsigned char constant_time_eq_8(unsigned int a, -+ unsigned int b); -+/* Signed integers. */ -+static inline unsigned int constant_time_eq_int(int a, int b); -+/* Convenience method for getting an 8-bit mask. */ -+static inline unsigned char constant_time_eq_int_8(int a, int b); -+ -+/*- -+ * Returns (mask & a) | (~mask & b). -+ * -+ * When |mask| is all 1s or all 0s (as returned by the methods above), -+ * the select methods return either |a| (if |mask| is nonzero) or |b| -+ * (if |mask| is zero). -+ */ -+static inline unsigned int constant_time_select(unsigned int mask, -+ unsigned int a, -+ unsigned int b); -+/* Convenience method for unsigned chars. */ -+static inline unsigned char constant_time_select_8(unsigned char mask, -+ unsigned char a, -+ unsigned char b); -+/* Convenience method for signed integers. */ -+static inline int constant_time_select_int(unsigned int mask, int a, int b); -+ -+static inline unsigned int constant_time_msb(unsigned int a) -+{ -+ return 0 - (a >> (sizeof(a) * 8 - 1)); -+} -+ -+static inline unsigned int constant_time_lt(unsigned int a, unsigned int b) -+{ -+ return constant_time_msb(a ^ ((a ^ b) | ((a - b) ^ b))); -+} -+ -+static inline unsigned char constant_time_lt_8(unsigned int a, unsigned int b) -+{ -+ return (unsigned char)(constant_time_lt(a, b)); -+} -+ -+static inline unsigned int constant_time_ge(unsigned int a, unsigned int b) -+{ -+ return ~constant_time_lt(a, b); -+} -+ -+static inline unsigned char constant_time_ge_8(unsigned int a, unsigned int b) -+{ -+ return (unsigned char)(constant_time_ge(a, b)); -+} -+ -+static inline unsigned int constant_time_is_zero(unsigned int a) -+{ -+ return constant_time_msb(~a & (a - 1)); -+} -+ -+static inline unsigned char constant_time_is_zero_8(unsigned int a) -+{ -+ return (unsigned char)(constant_time_is_zero(a)); -+} -+ -+static inline unsigned int constant_time_eq(unsigned int a, unsigned int b) -+{ -+ return constant_time_is_zero(a ^ b); -+} -+ -+static inline unsigned char constant_time_eq_8(unsigned int a, unsigned int b) -+{ -+ return (unsigned char)(constant_time_eq(a, b)); -+} -+ -+static inline unsigned int constant_time_eq_int(int a, int b) -+{ -+ return constant_time_eq((unsigned)(a), (unsigned)(b)); -+} -+ -+static inline unsigned char constant_time_eq_int_8(int a, int b) -+{ -+ return constant_time_eq_8((unsigned)(a), (unsigned)(b)); -+} -+ -+static inline unsigned int constant_time_select(unsigned int mask, -+ unsigned int a, -+ unsigned int b) -+{ -+ return (mask & a) | (~mask & b); -+} -+ -+static inline unsigned char constant_time_select_8(unsigned char mask, -+ unsigned char a, -+ unsigned char b) -+{ -+ return (unsigned char)(constant_time_select(mask, a, b)); -+} -+ -+static inline int constant_time_select_int(unsigned int mask, int a, int b) -+{ -+ return (int)(constant_time_select(mask, (unsigned)(a), (unsigned)(b))); -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* HEADER_CONSTANT_TIME_LOCL_H */ -diff --git a/Cryptlib/OpenSSL/crypto/cpt_err.c b/Cryptlib/OpenSSL/crypto/cpt_err.c -index c28dcf1..a513838 100644 ---- a/Cryptlib/OpenSSL/crypto/cpt_err.c -+++ b/Cryptlib/OpenSSL/crypto/cpt_err.c -@@ -1,11 +1,62 @@ --/* -- * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/cpt_err.c */ -+/* ==================================================================== -+ * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+/* -+ * NOTE: this file was auto generated by the mkerr.pl script: any changes -+ * made to it will be overwritten when the script next updates this file, -+ * only reason strings will be preserved. - */ - - #include -@@ -19,30 +70,29 @@ - # define ERR_REASON(reason) ERR_PACK(ERR_LIB_CRYPTO,0,reason) - - static ERR_STRING_DATA CRYPTO_str_functs[] = { -- {ERR_FUNC(CRYPTO_F_CRYPTO_DUP_EX_DATA), "CRYPTO_dup_ex_data"}, -- {ERR_FUNC(CRYPTO_F_CRYPTO_FREE_EX_DATA), "CRYPTO_free_ex_data"}, - {ERR_FUNC(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX), "CRYPTO_get_ex_new_index"}, -- {ERR_FUNC(CRYPTO_F_CRYPTO_MEMDUP), "CRYPTO_memdup"}, -- {ERR_FUNC(CRYPTO_F_CRYPTO_NEW_EX_DATA), "CRYPTO_new_ex_data"}, -+ {ERR_FUNC(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID), "CRYPTO_get_new_dynlockid"}, -+ {ERR_FUNC(CRYPTO_F_CRYPTO_GET_NEW_LOCKID), "CRYPTO_get_new_lockid"}, - {ERR_FUNC(CRYPTO_F_CRYPTO_SET_EX_DATA), "CRYPTO_set_ex_data"}, -+ {ERR_FUNC(CRYPTO_F_DEF_ADD_INDEX), "DEF_ADD_INDEX"}, -+ {ERR_FUNC(CRYPTO_F_DEF_GET_CLASS), "DEF_GET_CLASS"}, - {ERR_FUNC(CRYPTO_F_FIPS_MODE_SET), "FIPS_mode_set"}, -- {ERR_FUNC(CRYPTO_F_GET_AND_LOCK), "get_and_lock"}, -- {ERR_FUNC(CRYPTO_F_OPENSSL_BUF2HEXSTR), "OPENSSL_buf2hexstr"}, -- {ERR_FUNC(CRYPTO_F_OPENSSL_HEXSTR2BUF), "OPENSSL_hexstr2buf"}, -- {ERR_FUNC(CRYPTO_F_OPENSSL_INIT_CRYPTO), "OPENSSL_init_crypto"}, -+ {ERR_FUNC(CRYPTO_F_INT_DUP_EX_DATA), "INT_DUP_EX_DATA"}, -+ {ERR_FUNC(CRYPTO_F_INT_FREE_EX_DATA), "INT_FREE_EX_DATA"}, -+ {ERR_FUNC(CRYPTO_F_INT_NEW_EX_DATA), "INT_NEW_EX_DATA"}, - {0, NULL} - }; - - static ERR_STRING_DATA CRYPTO_str_reasons[] = { - {ERR_REASON(CRYPTO_R_FIPS_MODE_NOT_SUPPORTED), "fips mode not supported"}, -- {ERR_REASON(CRYPTO_R_ILLEGAL_HEX_DIGIT), "illegal hex digit"}, -- {ERR_REASON(CRYPTO_R_ODD_NUMBER_OF_DIGITS), "odd number of digits"}, -+ {ERR_REASON(CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK), -+ "no dynlock create callback"}, - {0, NULL} - }; - - #endif - --int ERR_load_CRYPTO_strings(void) -+void ERR_load_CRYPTO_strings(void) - { - #ifndef OPENSSL_NO_ERR - -@@ -51,5 +101,4 @@ int ERR_load_CRYPTO_strings(void) - ERR_load_strings(0, CRYPTO_str_reasons); - } - #endif -- return 1; - } -diff --git a/Cryptlib/OpenSSL/crypto/cryptlib.c b/Cryptlib/OpenSSL/crypto/cryptlib.c -index 01b8ce5..da4b34d 100644 ---- a/Cryptlib/OpenSSL/crypto/cryptlib.c -+++ b/Cryptlib/OpenSSL/crypto/cryptlib.c -@@ -1,31 +1,682 @@ --/* -- * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/cryptlib.c */ -+/* ==================================================================== -+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ -- -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ - /* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECDH support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ - --#include "internal/cryptlib_int.h" -+#include "cryptlib.h" - #include - -+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) -+static double SSLeay_MSVC5_hack = 0.0; /* and for VC1.5 */ -+#endif -+ -+DECLARE_STACK_OF(CRYPTO_dynlock) -+ -+/* real #defines in crypto.h, keep these upto date */ -+static const char *const lock_names[CRYPTO_NUM_LOCKS] = { -+ "<>", -+ "err", -+ "ex_data", -+ "x509", -+ "x509_info", -+ "x509_pkey", -+ "x509_crl", -+ "x509_req", -+ "dsa", -+ "rsa", -+ "evp_pkey", -+ "x509_store", -+ "ssl_ctx", -+ "ssl_cert", -+ "ssl_session", -+ "ssl_sess_cert", -+ "ssl", -+ "ssl_method", -+ "rand", -+ "rand2", -+ "debug_malloc", -+ "BIO", -+ "gethostbyname", -+ "getservbyname", -+ "readdir", -+ "RSA_blinding", -+ "dh", -+ "debug_malloc2", -+ "dso", -+ "dynlock", -+ "engine", -+ "ui", -+ "ecdsa", -+ "ec", -+ "ecdh", -+ "bn", -+ "ec_pre_comp", -+ "store", -+ "comp", -+ "fips", -+ "fips2", -+#if CRYPTO_NUM_LOCKS != 41 -+# error "Inconsistency between crypto.h and cryptlib.c" -+#endif -+}; -+ -+/* -+ * This is for applications to allocate new type names in the non-dynamic -+ * array of lock names. These are numbered with positive numbers. -+ */ -+static STACK_OF(OPENSSL_STRING) *app_locks = NULL; -+ -+/* -+ * For applications that want a more dynamic way of handling threads, the -+ * following stack is used. These are externally numbered with negative -+ * numbers. -+ */ -+static STACK_OF(CRYPTO_dynlock) *dyn_locks = NULL; -+ -+static void (MS_FAR *locking_callback) (int mode, int type, -+ const char *file, int line) = 0; -+static int (MS_FAR *add_lock_callback) (int *pointer, int amount, -+ int type, const char *file, -+ int line) = 0; -+#ifndef OPENSSL_NO_DEPRECATED -+static unsigned long (MS_FAR *id_callback) (void) = 0; -+#endif -+static void (MS_FAR *threadid_callback) (CRYPTO_THREADID *) = 0; -+static struct CRYPTO_dynlock_value *(MS_FAR *dynlock_create_callback) -+ (const char *file, int line) = 0; -+static void (MS_FAR *dynlock_lock_callback) (int mode, -+ struct CRYPTO_dynlock_value *l, -+ const char *file, int line) = 0; -+static void (MS_FAR *dynlock_destroy_callback) (struct CRYPTO_dynlock_value -+ *l, const char *file, -+ int line) = 0; -+ -+int CRYPTO_get_new_lockid(char *name) -+{ -+ char *str; -+ int i; -+ -+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) -+ /* -+ * A hack to make Visual C++ 5.0 work correctly when linking as a DLL -+ * using /MT. Without this, the application cannot use any floating point -+ * printf's. It also seems to be needed for Visual C 1.5 (win16) -+ */ -+ SSLeay_MSVC5_hack = (double)name[0] * (double)name[1]; -+#endif -+ -+ if ((app_locks == NULL) -+ && ((app_locks = sk_OPENSSL_STRING_new_null()) == NULL)) { -+ CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID, ERR_R_MALLOC_FAILURE); -+ return (0); -+ } -+ if ((str = BUF_strdup(name)) == NULL) { -+ CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID, ERR_R_MALLOC_FAILURE); -+ return (0); -+ } -+ i = sk_OPENSSL_STRING_push(app_locks, str); -+ if (!i) -+ OPENSSL_free(str); -+ else -+ i += CRYPTO_NUM_LOCKS; /* gap of one :-) */ -+ return (i); -+} -+ -+int CRYPTO_num_locks(void) -+{ -+ return CRYPTO_NUM_LOCKS; -+} -+ -+int CRYPTO_get_new_dynlockid(void) -+{ -+ int i = 0; -+ CRYPTO_dynlock *pointer = NULL; -+ -+ if (dynlock_create_callback == NULL) { -+ CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID, -+ CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK); -+ return (0); -+ } -+ CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); -+ if ((dyn_locks == NULL) -+ && ((dyn_locks = sk_CRYPTO_dynlock_new_null()) == NULL)) { -+ CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); -+ CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID, ERR_R_MALLOC_FAILURE); -+ return (0); -+ } -+ CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); -+ -+ pointer = (CRYPTO_dynlock *) OPENSSL_malloc(sizeof(CRYPTO_dynlock)); -+ if (pointer == NULL) { -+ CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID, ERR_R_MALLOC_FAILURE); -+ return (0); -+ } -+ pointer->references = 1; -+ pointer->data = dynlock_create_callback(OPENSSL_FILE, OPENSSL_LINE); -+ if (pointer->data == NULL) { -+ OPENSSL_free(pointer); -+ CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID, ERR_R_MALLOC_FAILURE); -+ return (0); -+ } -+ -+ CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); -+ /* First, try to find an existing empty slot */ -+ i = sk_CRYPTO_dynlock_find(dyn_locks, NULL); -+ /* If there was none, push, thereby creating a new one */ -+ if (i == -1) -+ /* -+ * Since sk_push() returns the number of items on the stack, not the -+ * location of the pushed item, we need to transform the returned -+ * number into a position, by decreasing it. -+ */ -+ i = sk_CRYPTO_dynlock_push(dyn_locks, pointer) - 1; -+ else -+ /* -+ * If we found a place with a NULL pointer, put our pointer in it. -+ */ -+ (void)sk_CRYPTO_dynlock_set(dyn_locks, i, pointer); -+ CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); -+ -+ if (i == -1) { -+ dynlock_destroy_callback(pointer->data, OPENSSL_FILE, OPENSSL_LINE); -+ OPENSSL_free(pointer); -+ } else -+ i += 1; /* to avoid 0 */ -+ return -i; -+} -+ -+void CRYPTO_destroy_dynlockid(int i) -+{ -+ CRYPTO_dynlock *pointer = NULL; -+ if (i) -+ i = -i - 1; -+ if (dynlock_destroy_callback == NULL) -+ return; -+ -+ CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); -+ -+ if (dyn_locks == NULL || i >= sk_CRYPTO_dynlock_num(dyn_locks)) { -+ CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); -+ return; -+ } -+ pointer = sk_CRYPTO_dynlock_value(dyn_locks, i); -+ if (pointer != NULL) { -+ --pointer->references; -+#ifdef REF_CHECK -+ if (pointer->references < 0) { -+ fprintf(stderr, -+ "CRYPTO_destroy_dynlockid, bad reference count\n"); -+ abort(); -+ } else -+#endif -+ if (pointer->references <= 0) { -+ (void)sk_CRYPTO_dynlock_set(dyn_locks, i, NULL); -+ } else -+ pointer = NULL; -+ } -+ CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); -+ -+ if (pointer) { -+ dynlock_destroy_callback(pointer->data, OPENSSL_FILE, OPENSSL_LINE); -+ OPENSSL_free(pointer); -+ } -+} -+ -+struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i) -+{ -+ CRYPTO_dynlock *pointer = NULL; -+ if (i) -+ i = -i - 1; -+ -+ CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); -+ -+ if (dyn_locks != NULL && i < sk_CRYPTO_dynlock_num(dyn_locks)) -+ pointer = sk_CRYPTO_dynlock_value(dyn_locks, i); -+ if (pointer) -+ pointer->references++; -+ -+ CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); -+ -+ if (pointer) -+ return pointer->data; -+ return NULL; -+} -+ -+struct CRYPTO_dynlock_value *(*CRYPTO_get_dynlock_create_callback(void)) -+ (const char *file, int line) { -+ return (dynlock_create_callback); -+} -+ -+void (*CRYPTO_get_dynlock_lock_callback(void)) (int mode, -+ struct CRYPTO_dynlock_value -+ *l, const char *file, -+ int line) { -+ return (dynlock_lock_callback); -+} -+ -+void (*CRYPTO_get_dynlock_destroy_callback(void)) -+ (struct CRYPTO_dynlock_value *l, const char *file, int line) { -+ return (dynlock_destroy_callback); -+} -+ -+void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *(*func) -+ (const char *file, int line)) -+{ -+ dynlock_create_callback = func; -+} -+ -+void CRYPTO_set_dynlock_lock_callback(void (*func) (int mode, -+ struct -+ CRYPTO_dynlock_value *l, -+ const char *file, -+ int line)) -+{ -+ dynlock_lock_callback = func; -+} -+ -+void CRYPTO_set_dynlock_destroy_callback(void (*func) -+ (struct CRYPTO_dynlock_value *l, -+ const char *file, int line)) -+{ -+ dynlock_destroy_callback = func; -+} -+ -+void (*CRYPTO_get_locking_callback(void)) (int mode, int type, -+ const char *file, int line) { -+ return (locking_callback); -+} -+ -+int (*CRYPTO_get_add_lock_callback(void)) (int *num, int mount, int type, -+ const char *file, int line) { -+ return (add_lock_callback); -+} -+ -+void CRYPTO_set_locking_callback(void (*func) (int mode, int type, -+ const char *file, int line)) -+{ -+ /* -+ * Calling this here ensures initialisation before any threads are -+ * started. -+ */ -+ OPENSSL_init(); -+ locking_callback = func; -+} -+ -+void CRYPTO_set_add_lock_callback(int (*func) (int *num, int mount, int type, -+ const char *file, int line)) -+{ -+ add_lock_callback = func; -+} -+ -+/* -+ * the memset() here and in set_pointer() seem overkill, but for the sake of -+ * CRYPTO_THREADID_cmp() this avoids any platform silliness that might cause -+ * two "equal" THREADID structs to not be memcmp()-identical. -+ */ -+void CRYPTO_THREADID_set_numeric(CRYPTO_THREADID *id, unsigned long val) -+{ -+ memset(id, 0, sizeof(*id)); -+ id->val = val; -+} -+ -+static const unsigned char hash_coeffs[] = { 3, 5, 7, 11, 13, 17, 19, 23 }; -+ -+void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr) -+{ -+ unsigned char *dest = (void *)&id->val; -+ unsigned int accum = 0; -+ unsigned char dnum = sizeof(id->val); -+ -+ memset(id, 0, sizeof(*id)); -+ id->ptr = ptr; -+ if (sizeof(id->val) >= sizeof(id->ptr)) { -+ /* -+ * 'ptr' can be embedded in 'val' without loss of uniqueness -+ */ -+ id->val = (unsigned long)id->ptr; -+ return; -+ } -+ /* -+ * hash ptr ==> val. Each byte of 'val' gets the mod-256 total of a -+ * linear function over the bytes in 'ptr', the co-efficients of which -+ * are a sequence of low-primes (hash_coeffs is an 8-element cycle) - the -+ * starting prime for the sequence varies for each byte of 'val' (unique -+ * polynomials unless pointers are >64-bit). For added spice, the totals -+ * accumulate rather than restarting from zero, and the index of the -+ * 'val' byte is added each time (position dependence). If I was a -+ * black-belt, I'd scan big-endian pointers in reverse to give low-order -+ * bits more play, but this isn't crypto and I'd prefer nobody mistake it -+ * as such. Plus I'm lazy. -+ */ -+ while (dnum--) { -+ const unsigned char *src = (void *)&id->ptr; -+ unsigned char snum = sizeof(id->ptr); -+ while (snum--) -+ accum += *(src++) * hash_coeffs[(snum + dnum) & 7]; -+ accum += dnum; -+ *(dest++) = accum & 255; -+ } -+} -+ -+int CRYPTO_THREADID_set_callback(void (*func) (CRYPTO_THREADID *)) -+{ -+ if (threadid_callback) -+ return 0; -+ threadid_callback = func; -+ return 1; -+} -+ -+void (*CRYPTO_THREADID_get_callback(void)) (CRYPTO_THREADID *) { -+ return threadid_callback; -+} -+ -+void CRYPTO_THREADID_current(CRYPTO_THREADID *id) -+{ -+ if (threadid_callback) { -+ threadid_callback(id); -+ return; -+ } -+#ifndef OPENSSL_NO_DEPRECATED -+ /* If the deprecated callback was set, fall back to that */ -+ if (id_callback) { -+ CRYPTO_THREADID_set_numeric(id, id_callback()); -+ return; -+ } -+#endif -+ /* Else pick a backup */ -+#ifdef OPENSSL_SYS_WIN16 -+ CRYPTO_THREADID_set_numeric(id, (unsigned long)GetCurrentTask()); -+#elif defined(OPENSSL_SYS_WIN32) -+ CRYPTO_THREADID_set_numeric(id, (unsigned long)GetCurrentThreadId()); -+#elif defined(OPENSSL_SYS_BEOS) -+ CRYPTO_THREADID_set_numeric(id, (unsigned long)find_thread(NULL)); -+#else -+ /* For everything else, default to using the address of 'errno' */ -+ CRYPTO_THREADID_set_pointer(id, (void *)&errno); -+#endif -+} -+ -+int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a, const CRYPTO_THREADID *b) -+{ -+ return memcmp(a, b, sizeof(*a)); -+} -+ -+void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest, const CRYPTO_THREADID *src) -+{ -+ memcpy(dest, src, sizeof(*src)); -+} -+ -+unsigned long CRYPTO_THREADID_hash(const CRYPTO_THREADID *id) -+{ -+ return id->val; -+} -+ -+#ifndef OPENSSL_NO_DEPRECATED -+unsigned long (*CRYPTO_get_id_callback(void)) (void) { -+ return (id_callback); -+} -+ -+void CRYPTO_set_id_callback(unsigned long (*func) (void)) -+{ -+ id_callback = func; -+} -+ -+unsigned long CRYPTO_thread_id(void) -+{ -+ unsigned long ret = 0; -+ -+ if (id_callback == NULL) { -+# ifdef OPENSSL_SYS_WIN16 -+ ret = (unsigned long)GetCurrentTask(); -+# elif defined(OPENSSL_SYS_WIN32) -+ ret = (unsigned long)GetCurrentThreadId(); -+# elif defined(GETPID_IS_MEANINGLESS) -+ ret = 1L; -+# elif defined(OPENSSL_SYS_BEOS) -+ ret = (unsigned long)find_thread(NULL); -+# else -+ ret = (unsigned long)getpid(); -+# endif -+ } else -+ ret = id_callback(); -+ return (ret); -+} -+#endif -+ -+void CRYPTO_lock(int mode, int type, const char *file, int line) -+{ -+#ifdef LOCK_DEBUG -+ { -+ CRYPTO_THREADID id; -+ char *rw_text, *operation_text; -+ -+ if (mode & CRYPTO_LOCK) -+ operation_text = "lock "; -+ else if (mode & CRYPTO_UNLOCK) -+ operation_text = "unlock"; -+ else -+ operation_text = "ERROR "; -+ -+ if (mode & CRYPTO_READ) -+ rw_text = "r"; -+ else if (mode & CRYPTO_WRITE) -+ rw_text = "w"; -+ else -+ rw_text = "ERROR"; -+ -+ CRYPTO_THREADID_current(&id); -+ fprintf(stderr, "lock:%08lx:(%s)%s %-18s %s:%d\n", -+ CRYPTO_THREADID_hash(&id), rw_text, operation_text, -+ CRYPTO_get_lock_name(type), file, line); -+ } -+#endif -+ if (type < 0) { -+ if (dynlock_lock_callback != NULL) { -+ struct CRYPTO_dynlock_value *pointer -+ = CRYPTO_get_dynlock_value(type); -+ -+ OPENSSL_assert(pointer != NULL); -+ -+ dynlock_lock_callback(mode, pointer, file, line); -+ -+ CRYPTO_destroy_dynlockid(type); -+ } -+ } else if (locking_callback != NULL) -+ locking_callback(mode, type, file, line); -+} -+ -+int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file, -+ int line) -+{ -+ int ret = 0; -+ -+ if (add_lock_callback != NULL) { -+#ifdef LOCK_DEBUG -+ int before = *pointer; -+#endif -+ -+ ret = add_lock_callback(pointer, amount, type, file, line); -+#ifdef LOCK_DEBUG -+ { -+ CRYPTO_THREADID id; -+ CRYPTO_THREADID_current(&id); -+ fprintf(stderr, "ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n", -+ CRYPTO_THREADID_hash(&id), before, amount, ret, -+ CRYPTO_get_lock_name(type), file, line); -+ } -+#endif -+ } else { -+ CRYPTO_lock(CRYPTO_LOCK | CRYPTO_WRITE, type, file, line); -+ -+ ret = *pointer + amount; -+#ifdef LOCK_DEBUG -+ { -+ CRYPTO_THREADID id; -+ CRYPTO_THREADID_current(&id); -+ fprintf(stderr, "ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n", -+ CRYPTO_THREADID_hash(&id), -+ *pointer, amount, ret, -+ CRYPTO_get_lock_name(type), file, line); -+ } -+#endif -+ *pointer = ret; -+ CRYPTO_lock(CRYPTO_UNLOCK | CRYPTO_WRITE, type, file, line); -+ } -+ return (ret); -+} -+ -+const char *CRYPTO_get_lock_name(int type) -+{ -+ if (type < 0) -+ return ("dynamic"); -+ else if (type < CRYPTO_NUM_LOCKS) -+ return (lock_names[type]); -+ else if (type - CRYPTO_NUM_LOCKS > sk_OPENSSL_STRING_num(app_locks)) -+ return ("ERROR"); -+ else -+ return (sk_OPENSSL_STRING_value(app_locks, type - CRYPTO_NUM_LOCKS)); -+} -+ - #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ -+ defined(__INTEL__) || \ - defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined(_M_X64) - - extern unsigned int OPENSSL_ia32cap_P[4]; -+unsigned long *OPENSSL_ia32cap_loc(void) -+{ -+ if (sizeof(long) == 4) -+ /* -+ * If 32-bit application pulls address of OPENSSL_ia32cap_P[0] -+ * clear second element to maintain the illusion that vector -+ * is 32-bit. -+ */ -+ OPENSSL_ia32cap_P[1] = 0; -+ -+ OPENSSL_ia32cap_P[2] = 0; -+ -+ return (unsigned long *)OPENSSL_ia32cap_P; -+} - - # if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY) - #include - # define OPENSSL_CPUID_SETUP --typedef uint64_t IA32CAP; -+# if defined(_WIN32) -+typedef unsigned __int64 IA32CAP; -+# else -+typedef unsigned long long IA32CAP; -+# endif - void OPENSSL_cpuid_setup(void) - { - static int trigger = 0; -@@ -76,6 +727,12 @@ void OPENSSL_cpuid_setup(void) - # else - unsigned int OPENSSL_ia32cap_P[4]; - # endif -+ -+#else -+unsigned long *OPENSSL_ia32cap_loc(void) -+{ -+ return NULL; -+} - #endif - int OPENSSL_NONPIC_relocated = 0; - #if !defined(OPENSSL_CPUID_SETUP) && !defined(OPENSSL_CPUID_OBJ) -@@ -84,6 +741,53 @@ void OPENSSL_cpuid_setup(void) - } - #endif - -+#if (defined(_WIN32) || defined(__CYGWIN__)) && defined(_WINDLL) -+# ifdef __CYGWIN__ -+/* pick DLL_[PROCESS|THREAD]_[ATTACH|DETACH] definitions */ -+# include -+/* -+ * this has side-effect of _WIN32 getting defined, which otherwise is -+ * mutually exclusive with __CYGWIN__... -+ */ -+# endif -+ -+/* -+ * All we really need to do is remove the 'error' state when a thread -+ * detaches -+ */ -+ -+BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) -+{ -+ switch (fdwReason) { -+ case DLL_PROCESS_ATTACH: -+ OPENSSL_cpuid_setup(); -+# if defined(_WIN32_WINNT) -+ { -+ IMAGE_DOS_HEADER *dos_header = (IMAGE_DOS_HEADER *) hinstDLL; -+ IMAGE_NT_HEADERS *nt_headers; -+ -+ if (dos_header->e_magic == IMAGE_DOS_SIGNATURE) { -+ nt_headers = (IMAGE_NT_HEADERS *) ((char *)dos_header -+ + dos_header->e_lfanew); -+ if (nt_headers->Signature == IMAGE_NT_SIGNATURE && -+ hinstDLL != -+ (HINSTANCE) (nt_headers->OptionalHeader.ImageBase)) -+ OPENSSL_NONPIC_relocated = 1; -+ } -+ } -+# endif -+ break; -+ case DLL_THREAD_ATTACH: -+ break; -+ case DLL_THREAD_DETACH: -+ break; -+ case DLL_PROCESS_DETACH: -+ break; -+ } -+ return (TRUE); -+} -+#endif -+ - #if defined(_WIN32) && !defined(__CYGWIN__) - # include - # include -@@ -106,15 +810,15 @@ int OPENSSL_isservice(void) - WCHAR *name; - static union { - void *p; -- FARPROC f; -+ int (*f) (void); - } _OPENSSL_isservice = { - NULL - }; - - if (_OPENSSL_isservice.p == NULL) { -- HANDLE mod = GetModuleHandle(NULL); -- if (mod != NULL) -- _OPENSSL_isservice.f = GetProcAddress(mod, "_OPENSSL_isservice"); -+ HANDLE h = GetModuleHandle(NULL); -+ if (h != NULL) -+ _OPENSSL_isservice.p = GetProcAddress(h, "_OPENSSL_isservice"); - if (_OPENSSL_isservice.p == NULL) - _OPENSSL_isservice.p = (void *)-1; - } -@@ -197,9 +901,12 @@ void OPENSSL_showfatal(const char *fmta, ...) - fmt = (const TCHAR *)L"no stack?"; - break; - } -+# ifndef OPENSSL_NO_MULTIBYTE - if (!MultiByteToWideChar(CP_ACP, 0, fmta, len_0, fmtw, len_0)) -+# endif - for (i = 0; i < len_0; i++) - fmtw[i] = (WCHAR)fmta[i]; -+ - for (i = 0; i < len_0; i++) { - if (fmtw[i] == L'%') - do { -@@ -240,8 +947,8 @@ void OPENSSL_showfatal(const char *fmta, ...) - } while (0); - - va_start(ap, fmta); -- _vsntprintf(buf, OSSL_NELEM(buf) - 1, fmt, ap); -- buf[OSSL_NELEM(buf) - 1] = _T('\0'); -+ _vsntprintf(buf, sizeof(buf) / sizeof(TCHAR) - 1, fmt, ap); -+ buf[sizeof(buf) / sizeof(TCHAR) - 1] = _T('\0'); - va_end(ap); - - # if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333 -@@ -289,10 +996,11 @@ int OPENSSL_isservice(void) - } - #endif - --void OPENSSL_die(const char *message, const char *file, int line) -+void OpenSSLDie(const char *file, int line, const char *assertion) - { -- OPENSSL_showfatal("%s:%d: OpenSSL internal error: %s\n", -- file, line, message); -+ OPENSSL_showfatal -+ ("%s(%d): OpenSSL internal error, assertion failed: %s\n", file, line, -+ assertion); - #if !defined(_WIN32) || defined(__CYGWIN__) - abort(); - #else -@@ -306,27 +1014,14 @@ void OPENSSL_die(const char *message, const char *file, int line) - #endif - } - --#if !defined(OPENSSL_CPUID_OBJ) --/* volatile unsigned char* pointers are there because -- * 1. Accessing a variable declared volatile via a pointer -- * that lacks a volatile qualifier causes undefined behavior. -- * 2. When the variable itself is not volatile the compiler is -- * not required to keep all those reads and can convert -- * this into canonical memcmp() which doesn't read the whole block. -- * Pointers to volatile resolve the first problem fully. The second -- * problem cannot be resolved in any Standard-compliant way but this -- * works the problem around. Compilers typically react to -- * pointers to volatile by preserving the reads and writes through them. -- * The latter is not required by the Standard if the memory pointed to -- * is not volatile. -- * Pointers themselves are volatile in the function signature to work -- * around a subtle bug in gcc 4.6+ which causes writes through -- * pointers to volatile to not be emitted in some rare, -- * never needed in real life, pieces of code. -- */ --int CRYPTO_memcmp(const volatile void * volatile in_a, -- const volatile void * volatile in_b, -- size_t len) -+#ifndef OPENSSL_NO_STDIO -+void *OPENSSL_stderr(void) -+{ -+ return stderr; -+} -+#endif -+ -+int CRYPTO_memcmp(const volatile void *in_a, const volatile void *in_b, size_t len) - { - size_t i; - const volatile unsigned char *a = in_a; -@@ -338,4 +1033,3 @@ int CRYPTO_memcmp(const volatile void * volatile in_a, - - return x; - } --#endif -diff --git a/Cryptlib/OpenSSL/crypto/cryptlib.h b/Cryptlib/OpenSSL/crypto/cryptlib.h -new file mode 100644 -index 0000000..3e3ea5e ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/cryptlib.h -@@ -0,0 +1,113 @@ -+/* crypto/cryptlib.h */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#ifndef HEADER_CRYPTLIB_H -+# define HEADER_CRYPTLIB_H -+ -+# include -+# include -+ -+# include "e_os.h" -+ -+# ifdef OPENSSL_USE_APPLINK -+# define BIO_FLAGS_UPLINK 0x8000 -+# include "ms/uplink.h" -+# endif -+ -+# include -+# include -+# include -+# include -+# include -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+# ifndef OPENSSL_SYS_VMS -+# define X509_CERT_AREA OPENSSLDIR -+# define X509_CERT_DIR OPENSSLDIR "/certs" -+# define X509_CERT_FILE OPENSSLDIR "/cert.pem" -+# define X509_PRIVATE_DIR OPENSSLDIR "/private" -+# else -+# define X509_CERT_AREA "SSLROOT:[000000]" -+# define X509_CERT_DIR "SSLCERTS:" -+# define X509_CERT_FILE "SSLCERTS:cert.pem" -+# define X509_PRIVATE_DIR "SSLPRIVATE:" -+# endif -+ -+# define X509_CERT_DIR_EVP "SSL_CERT_DIR" -+# define X509_CERT_FILE_EVP "SSL_CERT_FILE" -+ -+/* size of string representations */ -+# define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1) -+# define HEX_SIZE(type) (sizeof(type)*2) -+ -+void OPENSSL_cpuid_setup(void); -+extern unsigned int OPENSSL_ia32cap_P[]; -+void OPENSSL_showfatal(const char *fmta, ...); -+#ifndef OPENSSL_NO_STDIO -+void *OPENSSL_stderr(void); -+#endif -+extern int OPENSSL_NONPIC_relocated; -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif -diff --git a/Cryptlib/OpenSSL/crypto/cversion.c b/Cryptlib/OpenSSL/crypto/cversion.c -index 96d8a5b..bfff699 100644 ---- a/Cryptlib/OpenSSL/crypto/cversion.c -+++ b/Cryptlib/OpenSSL/crypto/cversion.c -@@ -1,28 +1,72 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/cversion.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - --#include "internal/cryptlib.h" -+#include "cryptlib.h" - - #ifndef NO_WINDOWS_BRAINDEATH - # include "buildinf.h" - #endif - --unsigned long OpenSSL_version_num(void) --{ -- return OPENSSL_VERSION_NUMBER; --} -- --const char *OpenSSL_version(int t) -+const char *SSLeay_version(int t) - { -- if (t == OPENSSL_VERSION) -+ if (t == SSLEAY_VERSION) - return OPENSSL_VERSION_TEXT; -- if (t == OPENSSL_BUILT_ON) { -+ if (t == SSLEAY_BUILT_ON) { - #ifdef DATE - # ifdef OPENSSL_USE_BUILD_DATE - return (DATE); -@@ -33,33 +77,31 @@ const char *OpenSSL_version(int t) - return ("built on: date not available"); - #endif - } -- if (t == OPENSSL_CFLAGS) { -+ if (t == SSLEAY_CFLAGS) { - #ifdef CFLAGS - return (CFLAGS); - #else - return ("compiler: information not available"); - #endif - } -- if (t == OPENSSL_PLATFORM) { -+ if (t == SSLEAY_PLATFORM) { - #ifdef PLATFORM - return (PLATFORM); - #else - return ("platform: information not available"); - #endif - } -- if (t == OPENSSL_DIR) { -+ if (t == SSLEAY_DIR) { - #ifdef OPENSSLDIR - return "OPENSSLDIR: \"" OPENSSLDIR "\""; - #else - return "OPENSSLDIR: N/A"; --#endif -- } -- if (t == OPENSSL_ENGINES_DIR) { --#ifdef ENGINESDIR -- return "ENGINESDIR: \"" ENGINESDIR "\""; --#else -- return "ENGINESDIR: N/A"; - #endif - } - return ("not available"); - } -+ -+unsigned long SSLeay(void) -+{ -+ return (SSLEAY_VERSION_NUMBER); -+} -diff --git a/Cryptlib/OpenSSL/crypto/des/cbc_cksm.c b/Cryptlib/OpenSSL/crypto/des/cbc_cksm.c -new file mode 100644 -index 0000000..f89b5b9 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/des/cbc_cksm.c -@@ -0,0 +1,103 @@ -+/* crypto/des/cbc_cksm.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#include "des_locl.h" -+ -+DES_LONG DES_cbc_cksum(const unsigned char *in, DES_cblock *output, -+ long length, DES_key_schedule *schedule, -+ const_DES_cblock *ivec) -+{ -+ register DES_LONG tout0, tout1, tin0, tin1; -+ register long l = length; -+ DES_LONG tin[2]; -+ unsigned char *out = &(*output)[0]; -+ const unsigned char *iv = &(*ivec)[0]; -+ -+ c2l(iv, tout0); -+ c2l(iv, tout1); -+ for (; l > 0; l -= 8) { -+ if (l >= 8) { -+ c2l(in, tin0); -+ c2l(in, tin1); -+ } else -+ c2ln(in, tin0, tin1, l); -+ -+ tin0 ^= tout0; -+ tin[0] = tin0; -+ tin1 ^= tout1; -+ tin[1] = tin1; -+ DES_encrypt1((DES_LONG *)tin, schedule, DES_ENCRYPT); -+ /* fix 15/10/91 eay - thanks to keithr@sco.COM */ -+ tout0 = tin[0]; -+ tout1 = tin[1]; -+ } -+ if (out != NULL) { -+ l2c(tout0, out); -+ l2c(tout1, out); -+ } -+ tout0 = tin0 = tin1 = tin[0] = tin[1] = 0; -+ /* -+ * Transform the data in tout1 so that it will match the return value -+ * that the MIT Kerberos mit_des_cbc_cksum API returns. -+ */ -+ tout1 = ((tout1 >> 24L) & 0x000000FF) -+ | ((tout1 >> 8L) & 0x0000FF00) -+ | ((tout1 << 8L) & 0x00FF0000) -+ | ((tout1 << 24L) & 0xFF000000); -+ return (tout1); -+} -diff --git a/Cryptlib/OpenSSL/crypto/des/cbc_enc.c b/Cryptlib/OpenSSL/crypto/des/cbc_enc.c -new file mode 100644 -index 0000000..7ee3599 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/des/cbc_enc.c -@@ -0,0 +1,61 @@ -+/* crypto/des/cbc_enc.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#define CBC_ENC_C__DONT_UPDATE_IV -+ -+#include "ncbc_enc.c" /* des_cbc_encrypt */ -diff --git a/Cryptlib/OpenSSL/crypto/des/cfb64ede.c b/Cryptlib/OpenSSL/crypto/des/cfb64ede.c -new file mode 100644 -index 0000000..5d709c1 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/des/cfb64ede.c -@@ -0,0 +1,249 @@ -+/* crypto/des/cfb64ede.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#include "des_locl.h" -+#include "e_os.h" -+ -+/* -+ * The input and output encrypted as though 64bit cfb mode is being used. -+ * The extra state information to record how much of the 64bit block we have -+ * used is contained in *num; -+ */ -+ -+void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, -+ long length, DES_key_schedule *ks1, -+ DES_key_schedule *ks2, DES_key_schedule *ks3, -+ DES_cblock *ivec, int *num, int enc) -+{ -+ register DES_LONG v0, v1; -+ register long l = length; -+ register int n = *num; -+ DES_LONG ti[2]; -+ unsigned char *iv, c, cc; -+ -+ iv = &(*ivec)[0]; -+ if (enc) { -+ while (l--) { -+ if (n == 0) { -+ c2l(iv, v0); -+ c2l(iv, v1); -+ -+ ti[0] = v0; -+ ti[1] = v1; -+ DES_encrypt3(ti, ks1, ks2, ks3); -+ v0 = ti[0]; -+ v1 = ti[1]; -+ -+ iv = &(*ivec)[0]; -+ l2c(v0, iv); -+ l2c(v1, iv); -+ iv = &(*ivec)[0]; -+ } -+ c = *(in++) ^ iv[n]; -+ *(out++) = c; -+ iv[n] = c; -+ n = (n + 1) & 0x07; -+ } -+ } else { -+ while (l--) { -+ if (n == 0) { -+ c2l(iv, v0); -+ c2l(iv, v1); -+ -+ ti[0] = v0; -+ ti[1] = v1; -+ DES_encrypt3(ti, ks1, ks2, ks3); -+ v0 = ti[0]; -+ v1 = ti[1]; -+ -+ iv = &(*ivec)[0]; -+ l2c(v0, iv); -+ l2c(v1, iv); -+ iv = &(*ivec)[0]; -+ } -+ cc = *(in++); -+ c = iv[n]; -+ iv[n] = cc; -+ *(out++) = c ^ cc; -+ n = (n + 1) & 0x07; -+ } -+ } -+ v0 = v1 = ti[0] = ti[1] = c = cc = 0; -+ *num = n; -+} -+ -+#ifdef undef /* MACRO */ -+void DES_ede2_cfb64_encrypt(unsigned char *in, unsigned char *out, -+ long length, DES_key_schedule ks1, -+ DES_key_schedule ks2, DES_cblock (*ivec), -+ int *num, int enc) -+{ -+ DES_ede3_cfb64_encrypt(in, out, length, ks1, ks2, ks1, ivec, num, enc); -+} -+#endif -+ -+/* -+ * This is compatible with the single key CFB-r for DES, even thought that's -+ * not what EVP needs. -+ */ -+ -+void DES_ede3_cfb_encrypt(const unsigned char *in, unsigned char *out, -+ int numbits, long length, DES_key_schedule *ks1, -+ DES_key_schedule *ks2, DES_key_schedule *ks3, -+ DES_cblock *ivec, int enc) -+{ -+ register DES_LONG d0, d1, v0, v1; -+ register unsigned long l = length, n = ((unsigned int)numbits + 7) / 8; -+ register int num = numbits, i; -+ DES_LONG ti[2]; -+ unsigned char *iv; -+ unsigned char ovec[16]; -+ -+ if (num > 64) -+ return; -+ iv = &(*ivec)[0]; -+ c2l(iv, v0); -+ c2l(iv, v1); -+ if (enc) { -+ while (l >= n) { -+ l -= n; -+ ti[0] = v0; -+ ti[1] = v1; -+ DES_encrypt3(ti, ks1, ks2, ks3); -+ c2ln(in, d0, d1, n); -+ in += n; -+ d0 ^= ti[0]; -+ d1 ^= ti[1]; -+ l2cn(d0, d1, out, n); -+ out += n; -+ /* -+ * 30-08-94 - eay - changed because l>>32 and l<<32 are bad under -+ * gcc :-( -+ */ -+ if (num == 32) { -+ v0 = v1; -+ v1 = d0; -+ } else if (num == 64) { -+ v0 = d0; -+ v1 = d1; -+ } else { -+ iv = &ovec[0]; -+ l2c(v0, iv); -+ l2c(v1, iv); -+ l2c(d0, iv); -+ l2c(d1, iv); -+ /* shift ovec left most of the bits... */ -+ memmove(ovec, ovec + num / 8, 8 + (num % 8 ? 1 : 0)); -+ /* now the remaining bits */ -+ if (num % 8 != 0) -+ for (i = 0; i < 8; ++i) { -+ ovec[i] <<= num % 8; -+ ovec[i] |= ovec[i + 1] >> (8 - num % 8); -+ } -+ iv = &ovec[0]; -+ c2l(iv, v0); -+ c2l(iv, v1); -+ } -+ } -+ } else { -+ while (l >= n) { -+ l -= n; -+ ti[0] = v0; -+ ti[1] = v1; -+ DES_encrypt3(ti, ks1, ks2, ks3); -+ c2ln(in, d0, d1, n); -+ in += n; -+ /* -+ * 30-08-94 - eay - changed because l>>32 and l<<32 are bad under -+ * gcc :-( -+ */ -+ if (num == 32) { -+ v0 = v1; -+ v1 = d0; -+ } else if (num == 64) { -+ v0 = d0; -+ v1 = d1; -+ } else { -+ iv = &ovec[0]; -+ l2c(v0, iv); -+ l2c(v1, iv); -+ l2c(d0, iv); -+ l2c(d1, iv); -+ /* shift ovec left most of the bits... */ -+ memmove(ovec, ovec + num / 8, 8 + (num % 8 ? 1 : 0)); -+ /* now the remaining bits */ -+ if (num % 8 != 0) -+ for (i = 0; i < 8; ++i) { -+ ovec[i] <<= num % 8; -+ ovec[i] |= ovec[i + 1] >> (8 - num % 8); -+ } -+ iv = &ovec[0]; -+ c2l(iv, v0); -+ c2l(iv, v1); -+ } -+ d0 ^= ti[0]; -+ d1 ^= ti[1]; -+ l2cn(d0, d1, out, n); -+ out += n; -+ } -+ } -+ iv = &(*ivec)[0]; -+ l2c(v0, iv); -+ l2c(v1, iv); -+ v0 = v1 = d0 = d1 = ti[0] = ti[1] = 0; -+} -diff --git a/Cryptlib/OpenSSL/crypto/des/cfb64enc.c b/Cryptlib/OpenSSL/crypto/des/cfb64enc.c -new file mode 100644 -index 0000000..7346774 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/des/cfb64enc.c -@@ -0,0 +1,122 @@ -+/* crypto/des/cfb64enc.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#include "des_locl.h" -+ -+/* -+ * The input and output encrypted as though 64bit cfb mode is being used. -+ * The extra state information to record how much of the 64bit block we have -+ * used is contained in *num; -+ */ -+ -+void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out, -+ long length, DES_key_schedule *schedule, -+ DES_cblock *ivec, int *num, int enc) -+{ -+ register DES_LONG v0, v1; -+ register long l = length; -+ register int n = *num; -+ DES_LONG ti[2]; -+ unsigned char *iv, c, cc; -+ -+ iv = &(*ivec)[0]; -+ if (enc) { -+ while (l--) { -+ if (n == 0) { -+ c2l(iv, v0); -+ ti[0] = v0; -+ c2l(iv, v1); -+ ti[1] = v1; -+ DES_encrypt1(ti, schedule, DES_ENCRYPT); -+ iv = &(*ivec)[0]; -+ v0 = ti[0]; -+ l2c(v0, iv); -+ v0 = ti[1]; -+ l2c(v0, iv); -+ iv = &(*ivec)[0]; -+ } -+ c = *(in++) ^ iv[n]; -+ *(out++) = c; -+ iv[n] = c; -+ n = (n + 1) & 0x07; -+ } -+ } else { -+ while (l--) { -+ if (n == 0) { -+ c2l(iv, v0); -+ ti[0] = v0; -+ c2l(iv, v1); -+ ti[1] = v1; -+ DES_encrypt1(ti, schedule, DES_ENCRYPT); -+ iv = &(*ivec)[0]; -+ v0 = ti[0]; -+ l2c(v0, iv); -+ v0 = ti[1]; -+ l2c(v0, iv); -+ iv = &(*ivec)[0]; -+ } -+ cc = *(in++); -+ c = iv[n]; -+ iv[n] = cc; -+ *(out++) = c ^ cc; -+ n = (n + 1) & 0x07; -+ } -+ } -+ v0 = v1 = ti[0] = ti[1] = c = cc = 0; -+ *num = n; -+} -diff --git a/Cryptlib/OpenSSL/crypto/des/cfb_enc.c b/Cryptlib/OpenSSL/crypto/des/cfb_enc.c -new file mode 100644 -index 0000000..bd0e299 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/des/cfb_enc.c -@@ -0,0 +1,199 @@ -+/* crypto/des/cfb_enc.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#include "e_os.h" -+#include "des_locl.h" -+#include -+ -+/* -+ * The input and output are loaded in multiples of 8 bits. What this means is -+ * that if you hame numbits=12 and length=2 the first 12 bits will be -+ * retrieved from the first byte and half the second. The second 12 bits -+ * will come from the 3rd and half the 4th byte. -+ */ -+/* -+ * Until Aug 1 2003 this function did not correctly implement CFB-r, so it -+ * will not be compatible with any encryption prior to that date. Ben. -+ */ -+void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, -+ long length, DES_key_schedule *schedule, -+ DES_cblock *ivec, int enc) -+{ -+ register DES_LONG d0, d1, v0, v1; -+ register unsigned long l = length; -+ register int num = numbits / 8, n = (numbits + 7) / 8, i, rem = -+ numbits % 8; -+ DES_LONG ti[2]; -+ unsigned char *iv; -+#ifndef L_ENDIAN -+ unsigned char ovec[16]; -+#else -+ unsigned int sh[4]; -+ unsigned char *ovec = (unsigned char *)sh; -+ -+ /* I kind of count that compiler optimizes away this assertioni, */ -+ assert(sizeof(sh[0]) == 4); /* as this holds true for all, */ -+ /* but 16-bit platforms... */ -+ -+#endif -+ -+ if (numbits <= 0 || numbits > 64) -+ return; -+ iv = &(*ivec)[0]; -+ c2l(iv, v0); -+ c2l(iv, v1); -+ if (enc) { -+ while (l >= (unsigned long)n) { -+ l -= n; -+ ti[0] = v0; -+ ti[1] = v1; -+ DES_encrypt1((DES_LONG *)ti, schedule, DES_ENCRYPT); -+ c2ln(in, d0, d1, n); -+ in += n; -+ d0 ^= ti[0]; -+ d1 ^= ti[1]; -+ l2cn(d0, d1, out, n); -+ out += n; -+ /* -+ * 30-08-94 - eay - changed because l>>32 and l<<32 are bad under -+ * gcc :-( -+ */ -+ if (numbits == 32) { -+ v0 = v1; -+ v1 = d0; -+ } else if (numbits == 64) { -+ v0 = d0; -+ v1 = d1; -+ } else { -+#ifndef L_ENDIAN -+ iv = &ovec[0]; -+ l2c(v0, iv); -+ l2c(v1, iv); -+ l2c(d0, iv); -+ l2c(d1, iv); -+#else -+ sh[0] = v0, sh[1] = v1, sh[2] = d0, sh[3] = d1; -+#endif -+ if (rem == 0) -+ memmove(ovec, ovec + num, 8); -+ else -+ for (i = 0; i < 8; ++i) -+ ovec[i] = ovec[i + num] << rem | -+ ovec[i + num + 1] >> (8 - rem); -+#ifdef L_ENDIAN -+ v0 = sh[0], v1 = sh[1]; -+#else -+ iv = &ovec[0]; -+ c2l(iv, v0); -+ c2l(iv, v1); -+#endif -+ } -+ } -+ } else { -+ while (l >= (unsigned long)n) { -+ l -= n; -+ ti[0] = v0; -+ ti[1] = v1; -+ DES_encrypt1((DES_LONG *)ti, schedule, DES_ENCRYPT); -+ c2ln(in, d0, d1, n); -+ in += n; -+ /* -+ * 30-08-94 - eay - changed because l>>32 and l<<32 are bad under -+ * gcc :-( -+ */ -+ if (numbits == 32) { -+ v0 = v1; -+ v1 = d0; -+ } else if (numbits == 64) { -+ v0 = d0; -+ v1 = d1; -+ } else { -+#ifndef L_ENDIAN -+ iv = &ovec[0]; -+ l2c(v0, iv); -+ l2c(v1, iv); -+ l2c(d0, iv); -+ l2c(d1, iv); -+#else -+ sh[0] = v0, sh[1] = v1, sh[2] = d0, sh[3] = d1; -+#endif -+ if (rem == 0) -+ memmove(ovec, ovec + num, 8); -+ else -+ for (i = 0; i < 8; ++i) -+ ovec[i] = ovec[i + num] << rem | -+ ovec[i + num + 1] >> (8 - rem); -+#ifdef L_ENDIAN -+ v0 = sh[0], v1 = sh[1]; -+#else -+ iv = &ovec[0]; -+ c2l(iv, v0); -+ c2l(iv, v1); -+#endif -+ } -+ d0 ^= ti[0]; -+ d1 ^= ti[1]; -+ l2cn(d0, d1, out, n); -+ out += n; -+ } -+ } -+ iv = &(*ivec)[0]; -+ l2c(v0, iv); -+ l2c(v1, iv); -+ v0 = v1 = d0 = d1 = ti[0] = ti[1] = 0; -+} -diff --git a/Cryptlib/OpenSSL/crypto/des/des_enc.c b/Cryptlib/OpenSSL/crypto/des/des_enc.c -new file mode 100644 -index 0000000..c0b062d ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/des/des_enc.c -@@ -0,0 +1,389 @@ -+/* crypto/des/des_enc.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#include "des_locl.h" -+#include "spr.h" -+ -+void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc) -+{ -+ register DES_LONG l, r, t, u; -+#ifdef DES_PTR -+ register const unsigned char *des_SP = (const unsigned char *)DES_SPtrans; -+#endif -+#ifndef DES_UNROLL -+ register int i; -+#endif -+ register DES_LONG *s; -+ -+ r = data[0]; -+ l = data[1]; -+ -+ IP(r, l); -+ /* -+ * Things have been modified so that the initial rotate is done outside -+ * the loop. This required the DES_SPtrans values in sp.h to be rotated -+ * 1 bit to the right. One perl script later and things have a 5% speed -+ * up on a sparc2. Thanks to Richard Outerbridge -+ * <71755.204@CompuServe.COM> for pointing this out. -+ */ -+ /* clear the top bits on machines with 8byte longs */ -+ /* shift left by 2 */ -+ r = ROTATE(r, 29) & 0xffffffffL; -+ l = ROTATE(l, 29) & 0xffffffffL; -+ -+ s = ks->ks->deslong; -+ /* -+ * I don't know if it is worth the effort of loop unrolling the inner -+ * loop -+ */ -+ if (enc) { -+#ifdef DES_UNROLL -+ D_ENCRYPT(l, r, 0); /* 1 */ -+ D_ENCRYPT(r, l, 2); /* 2 */ -+ D_ENCRYPT(l, r, 4); /* 3 */ -+ D_ENCRYPT(r, l, 6); /* 4 */ -+ D_ENCRYPT(l, r, 8); /* 5 */ -+ D_ENCRYPT(r, l, 10); /* 6 */ -+ D_ENCRYPT(l, r, 12); /* 7 */ -+ D_ENCRYPT(r, l, 14); /* 8 */ -+ D_ENCRYPT(l, r, 16); /* 9 */ -+ D_ENCRYPT(r, l, 18); /* 10 */ -+ D_ENCRYPT(l, r, 20); /* 11 */ -+ D_ENCRYPT(r, l, 22); /* 12 */ -+ D_ENCRYPT(l, r, 24); /* 13 */ -+ D_ENCRYPT(r, l, 26); /* 14 */ -+ D_ENCRYPT(l, r, 28); /* 15 */ -+ D_ENCRYPT(r, l, 30); /* 16 */ -+#else -+ for (i = 0; i < 32; i += 4) { -+ D_ENCRYPT(l, r, i + 0); /* 1 */ -+ D_ENCRYPT(r, l, i + 2); /* 2 */ -+ } -+#endif -+ } else { -+#ifdef DES_UNROLL -+ D_ENCRYPT(l, r, 30); /* 16 */ -+ D_ENCRYPT(r, l, 28); /* 15 */ -+ D_ENCRYPT(l, r, 26); /* 14 */ -+ D_ENCRYPT(r, l, 24); /* 13 */ -+ D_ENCRYPT(l, r, 22); /* 12 */ -+ D_ENCRYPT(r, l, 20); /* 11 */ -+ D_ENCRYPT(l, r, 18); /* 10 */ -+ D_ENCRYPT(r, l, 16); /* 9 */ -+ D_ENCRYPT(l, r, 14); /* 8 */ -+ D_ENCRYPT(r, l, 12); /* 7 */ -+ D_ENCRYPT(l, r, 10); /* 6 */ -+ D_ENCRYPT(r, l, 8); /* 5 */ -+ D_ENCRYPT(l, r, 6); /* 4 */ -+ D_ENCRYPT(r, l, 4); /* 3 */ -+ D_ENCRYPT(l, r, 2); /* 2 */ -+ D_ENCRYPT(r, l, 0); /* 1 */ -+#else -+ for (i = 30; i > 0; i -= 4) { -+ D_ENCRYPT(l, r, i - 0); /* 16 */ -+ D_ENCRYPT(r, l, i - 2); /* 15 */ -+ } -+#endif -+ } -+ -+ /* rotate and clear the top bits on machines with 8byte longs */ -+ l = ROTATE(l, 3) & 0xffffffffL; -+ r = ROTATE(r, 3) & 0xffffffffL; -+ -+ FP(r, l); -+ data[0] = l; -+ data[1] = r; -+ l = r = t = u = 0; -+} -+ -+void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc) -+{ -+ register DES_LONG l, r, t, u; -+#ifdef DES_PTR -+ register const unsigned char *des_SP = (const unsigned char *)DES_SPtrans; -+#endif -+#ifndef DES_UNROLL -+ register int i; -+#endif -+ register DES_LONG *s; -+ -+ r = data[0]; -+ l = data[1]; -+ -+ /* -+ * Things have been modified so that the initial rotate is done outside -+ * the loop. This required the DES_SPtrans values in sp.h to be rotated -+ * 1 bit to the right. One perl script later and things have a 5% speed -+ * up on a sparc2. Thanks to Richard Outerbridge -+ * <71755.204@CompuServe.COM> for pointing this out. -+ */ -+ /* clear the top bits on machines with 8byte longs */ -+ r = ROTATE(r, 29) & 0xffffffffL; -+ l = ROTATE(l, 29) & 0xffffffffL; -+ -+ s = ks->ks->deslong; -+ /* -+ * I don't know if it is worth the effort of loop unrolling the inner -+ * loop -+ */ -+ if (enc) { -+#ifdef DES_UNROLL -+ D_ENCRYPT(l, r, 0); /* 1 */ -+ D_ENCRYPT(r, l, 2); /* 2 */ -+ D_ENCRYPT(l, r, 4); /* 3 */ -+ D_ENCRYPT(r, l, 6); /* 4 */ -+ D_ENCRYPT(l, r, 8); /* 5 */ -+ D_ENCRYPT(r, l, 10); /* 6 */ -+ D_ENCRYPT(l, r, 12); /* 7 */ -+ D_ENCRYPT(r, l, 14); /* 8 */ -+ D_ENCRYPT(l, r, 16); /* 9 */ -+ D_ENCRYPT(r, l, 18); /* 10 */ -+ D_ENCRYPT(l, r, 20); /* 11 */ -+ D_ENCRYPT(r, l, 22); /* 12 */ -+ D_ENCRYPT(l, r, 24); /* 13 */ -+ D_ENCRYPT(r, l, 26); /* 14 */ -+ D_ENCRYPT(l, r, 28); /* 15 */ -+ D_ENCRYPT(r, l, 30); /* 16 */ -+#else -+ for (i = 0; i < 32; i += 4) { -+ D_ENCRYPT(l, r, i + 0); /* 1 */ -+ D_ENCRYPT(r, l, i + 2); /* 2 */ -+ } -+#endif -+ } else { -+#ifdef DES_UNROLL -+ D_ENCRYPT(l, r, 30); /* 16 */ -+ D_ENCRYPT(r, l, 28); /* 15 */ -+ D_ENCRYPT(l, r, 26); /* 14 */ -+ D_ENCRYPT(r, l, 24); /* 13 */ -+ D_ENCRYPT(l, r, 22); /* 12 */ -+ D_ENCRYPT(r, l, 20); /* 11 */ -+ D_ENCRYPT(l, r, 18); /* 10 */ -+ D_ENCRYPT(r, l, 16); /* 9 */ -+ D_ENCRYPT(l, r, 14); /* 8 */ -+ D_ENCRYPT(r, l, 12); /* 7 */ -+ D_ENCRYPT(l, r, 10); /* 6 */ -+ D_ENCRYPT(r, l, 8); /* 5 */ -+ D_ENCRYPT(l, r, 6); /* 4 */ -+ D_ENCRYPT(r, l, 4); /* 3 */ -+ D_ENCRYPT(l, r, 2); /* 2 */ -+ D_ENCRYPT(r, l, 0); /* 1 */ -+#else -+ for (i = 30; i > 0; i -= 4) { -+ D_ENCRYPT(l, r, i - 0); /* 16 */ -+ D_ENCRYPT(r, l, i - 2); /* 15 */ -+ } -+#endif -+ } -+ /* rotate and clear the top bits on machines with 8byte longs */ -+ data[0] = ROTATE(l, 3) & 0xffffffffL; -+ data[1] = ROTATE(r, 3) & 0xffffffffL; -+ l = r = t = u = 0; -+} -+ -+void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1, -+ DES_key_schedule *ks2, DES_key_schedule *ks3) -+{ -+ register DES_LONG l, r; -+ -+ l = data[0]; -+ r = data[1]; -+ IP(l, r); -+ data[0] = l; -+ data[1] = r; -+ DES_encrypt2((DES_LONG *)data, ks1, DES_ENCRYPT); -+ DES_encrypt2((DES_LONG *)data, ks2, DES_DECRYPT); -+ DES_encrypt2((DES_LONG *)data, ks3, DES_ENCRYPT); -+ l = data[0]; -+ r = data[1]; -+ FP(r, l); -+ data[0] = l; -+ data[1] = r; -+} -+ -+void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1, -+ DES_key_schedule *ks2, DES_key_schedule *ks3) -+{ -+ register DES_LONG l, r; -+ -+ l = data[0]; -+ r = data[1]; -+ IP(l, r); -+ data[0] = l; -+ data[1] = r; -+ DES_encrypt2((DES_LONG *)data, ks3, DES_DECRYPT); -+ DES_encrypt2((DES_LONG *)data, ks2, DES_ENCRYPT); -+ DES_encrypt2((DES_LONG *)data, ks1, DES_DECRYPT); -+ l = data[0]; -+ r = data[1]; -+ FP(r, l); -+ data[0] = l; -+ data[1] = r; -+} -+ -+#ifndef DES_DEFAULT_OPTIONS -+ -+# undef CBC_ENC_C__DONT_UPDATE_IV -+# include "ncbc_enc.c" /* DES_ncbc_encrypt */ -+ -+void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output, -+ long length, DES_key_schedule *ks1, -+ DES_key_schedule *ks2, DES_key_schedule *ks3, -+ DES_cblock *ivec, int enc) -+{ -+ register DES_LONG tin0, tin1; -+ register DES_LONG tout0, tout1, xor0, xor1; -+ register const unsigned char *in; -+ unsigned char *out; -+ register long l = length; -+ DES_LONG tin[2]; -+ unsigned char *iv; -+ -+ in = input; -+ out = output; -+ iv = &(*ivec)[0]; -+ -+ if (enc) { -+ c2l(iv, tout0); -+ c2l(iv, tout1); -+ for (l -= 8; l >= 0; l -= 8) { -+ c2l(in, tin0); -+ c2l(in, tin1); -+ tin0 ^= tout0; -+ tin1 ^= tout1; -+ -+ tin[0] = tin0; -+ tin[1] = tin1; -+ DES_encrypt3((DES_LONG *)tin, ks1, ks2, ks3); -+ tout0 = tin[0]; -+ tout1 = tin[1]; -+ -+ l2c(tout0, out); -+ l2c(tout1, out); -+ } -+ if (l != -8) { -+ c2ln(in, tin0, tin1, l + 8); -+ tin0 ^= tout0; -+ tin1 ^= tout1; -+ -+ tin[0] = tin0; -+ tin[1] = tin1; -+ DES_encrypt3((DES_LONG *)tin, ks1, ks2, ks3); -+ tout0 = tin[0]; -+ tout1 = tin[1]; -+ -+ l2c(tout0, out); -+ l2c(tout1, out); -+ } -+ iv = &(*ivec)[0]; -+ l2c(tout0, iv); -+ l2c(tout1, iv); -+ } else { -+ register DES_LONG t0, t1; -+ -+ c2l(iv, xor0); -+ c2l(iv, xor1); -+ for (l -= 8; l >= 0; l -= 8) { -+ c2l(in, tin0); -+ c2l(in, tin1); -+ -+ t0 = tin0; -+ t1 = tin1; -+ -+ tin[0] = tin0; -+ tin[1] = tin1; -+ DES_decrypt3((DES_LONG *)tin, ks1, ks2, ks3); -+ tout0 = tin[0]; -+ tout1 = tin[1]; -+ -+ tout0 ^= xor0; -+ tout1 ^= xor1; -+ l2c(tout0, out); -+ l2c(tout1, out); -+ xor0 = t0; -+ xor1 = t1; -+ } -+ if (l != -8) { -+ c2l(in, tin0); -+ c2l(in, tin1); -+ -+ t0 = tin0; -+ t1 = tin1; -+ -+ tin[0] = tin0; -+ tin[1] = tin1; -+ DES_decrypt3((DES_LONG *)tin, ks1, ks2, ks3); -+ tout0 = tin[0]; -+ tout1 = tin[1]; -+ -+ tout0 ^= xor0; -+ tout1 ^= xor1; -+ l2cn(tout0, tout1, out, l + 8); -+ xor0 = t0; -+ xor1 = t1; -+ } -+ -+ iv = &(*ivec)[0]; -+ l2c(xor0, iv); -+ l2c(xor1, iv); -+ } -+ tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; -+ tin[0] = tin[1] = 0; -+} -+ -+#endif /* DES_DEFAULT_OPTIONS */ -diff --git a/Cryptlib/OpenSSL/crypto/des/des_locl.h b/Cryptlib/OpenSSL/crypto/des/des_locl.h -new file mode 100644 -index 0000000..23ea9d3 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/des/des_locl.h -@@ -0,0 +1,443 @@ -+/* crypto/des/des_locl.h */ -+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#ifndef HEADER_DES_LOCL_H -+# define HEADER_DES_LOCL_H -+ -+# include -+ -+# if defined(OPENSSL_SYS_WIN32) -+# ifndef OPENSSL_SYS_MSDOS -+# define OPENSSL_SYS_MSDOS -+# endif -+# endif -+ -+# include -+# include -+ -+# ifndef OPENSSL_SYS_MSDOS -+# if !defined(OPENSSL_SYS_VMS) || defined(__DECC) -+# ifdef OPENSSL_UNISTD -+# include OPENSSL_UNISTD -+# else -+# include -+# endif -+# include -+# endif -+# endif -+# include -+ -+# ifdef OPENSSL_SYS_MSDOS /* Visual C++ 2.1 (Windows NT/95) */ -+# include -+# include -+# include -+# include -+# endif -+ -+# if defined(__STDC__) || defined(OPENSSL_SYS_VMS) || defined(M_XENIX) || defined(OPENSSL_SYS_MSDOS) -+# include -+# endif -+ -+# ifdef OPENSSL_BUILD_SHLIBCRYPTO -+# undef OPENSSL_EXTERN -+# define OPENSSL_EXTERN OPENSSL_EXPORT -+# endif -+ -+# define ITERATIONS 16 -+# define HALF_ITERATIONS 8 -+ -+/* used in des_read and des_write */ -+# define MAXWRITE (1024*16) -+# define BSIZE (MAXWRITE+4) -+ -+# define c2l(c,l) (l =((DES_LONG)(*((c)++))) , \ -+ l|=((DES_LONG)(*((c)++)))<< 8L, \ -+ l|=((DES_LONG)(*((c)++)))<<16L, \ -+ l|=((DES_LONG)(*((c)++)))<<24L) -+ -+/* NOTE - c is not incremented as per c2l */ -+# define c2ln(c,l1,l2,n) { \ -+ c+=n; \ -+ l1=l2=0; \ -+ switch (n) { \ -+ case 8: l2 =((DES_LONG)(*(--(c))))<<24L; \ -+ case 7: l2|=((DES_LONG)(*(--(c))))<<16L; \ -+ case 6: l2|=((DES_LONG)(*(--(c))))<< 8L; \ -+ case 5: l2|=((DES_LONG)(*(--(c)))); \ -+ case 4: l1 =((DES_LONG)(*(--(c))))<<24L; \ -+ case 3: l1|=((DES_LONG)(*(--(c))))<<16L; \ -+ case 2: l1|=((DES_LONG)(*(--(c))))<< 8L; \ -+ case 1: l1|=((DES_LONG)(*(--(c)))); \ -+ } \ -+ } -+ -+# define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ -+ *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ -+ *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ -+ *((c)++)=(unsigned char)(((l)>>24L)&0xff)) -+ -+/* -+ * replacements for htonl and ntohl since I have no idea what to do when -+ * faced with machines with 8 byte longs. -+ */ -+# define HDRSIZE 4 -+ -+# define n2l(c,l) (l =((DES_LONG)(*((c)++)))<<24L, \ -+ l|=((DES_LONG)(*((c)++)))<<16L, \ -+ l|=((DES_LONG)(*((c)++)))<< 8L, \ -+ l|=((DES_LONG)(*((c)++)))) -+ -+# define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ -+ *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ -+ *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ -+ *((c)++)=(unsigned char)(((l) )&0xff)) -+ -+/* NOTE - c is not incremented as per l2c */ -+# define l2cn(l1,l2,c,n) { \ -+ c+=n; \ -+ switch (n) { \ -+ case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \ -+ case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \ -+ case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \ -+ case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ -+ case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \ -+ case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \ -+ case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \ -+ case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ -+ } \ -+ } -+ -+# if (defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)) -+# define ROTATE(a,n) (_lrotr(a,n)) -+# elif defined(__ICC) -+# define ROTATE(a,n) (_rotr(a,n)) -+# elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC) -+# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) -+# define ROTATE(a,n) ({ register unsigned int ret; \ -+ asm ("rorl %1,%0" \ -+ : "=r"(ret) \ -+ : "I"(n),"0"(a) \ -+ : "cc"); \ -+ ret; \ -+ }) -+# endif -+# endif -+# ifndef ROTATE -+# define ROTATE(a,n) (((a)>>(n))+((a)<<(32-(n)))) -+# endif -+ -+/* -+ * Don't worry about the LOAD_DATA() stuff, that is used by fcrypt() to add -+ * it's little bit to the front -+ */ -+ -+# ifdef DES_FCRYPT -+ -+# define LOAD_DATA_tmp(R,S,u,t,E0,E1) \ -+ { DES_LONG tmp; LOAD_DATA(R,S,u,t,E0,E1,tmp); } -+ -+# define LOAD_DATA(R,S,u,t,E0,E1,tmp) \ -+ t=R^(R>>16L); \ -+ u=t&E0; t&=E1; \ -+ tmp=(u<<16); u^=R^s[S ]; u^=tmp; \ -+ tmp=(t<<16); t^=R^s[S+1]; t^=tmp -+# else -+# define LOAD_DATA_tmp(a,b,c,d,e,f) LOAD_DATA(a,b,c,d,e,f,g) -+# define LOAD_DATA(R,S,u,t,E0,E1,tmp) \ -+ u=R^s[S ]; \ -+ t=R^s[S+1] -+# endif -+ -+/* -+ * The changes to this macro may help or hinder, depending on the compiler -+ * and the architecture. gcc2 always seems to do well :-). Inspired by Dana -+ * How DO NOT use the alternative version on machines -+ * with 8 byte longs. It does not seem to work on the Alpha, even when -+ * DES_LONG is 4 bytes, probably an issue of accessing non-word aligned -+ * objects :-( -+ */ -+# ifdef DES_PTR -+ -+/* -+ * It recently occurred to me that 0^0^0^0^0^0^0 == 0, so there is no reason -+ * to not xor all the sub items together. This potentially saves a register -+ * since things can be xored directly into L -+ */ -+ -+# if defined(DES_RISC1) || defined(DES_RISC2) -+# ifdef DES_RISC1 -+# define D_ENCRYPT(LL,R,S) { \ -+ unsigned int u1,u2,u3; \ -+ LOAD_DATA(R,S,u,t,E0,E1,u1); \ -+ u2=(int)u>>8L; \ -+ u1=(int)u&0xfc; \ -+ u2&=0xfc; \ -+ t=ROTATE(t,4); \ -+ u>>=16L; \ -+ LL^= *(const DES_LONG *)(des_SP +u1); \ -+ LL^= *(const DES_LONG *)(des_SP+0x200+u2); \ -+ u3=(int)(u>>8L); \ -+ u1=(int)u&0xfc; \ -+ u3&=0xfc; \ -+ LL^= *(const DES_LONG *)(des_SP+0x400+u1); \ -+ LL^= *(const DES_LONG *)(des_SP+0x600+u3); \ -+ u2=(int)t>>8L; \ -+ u1=(int)t&0xfc; \ -+ u2&=0xfc; \ -+ t>>=16L; \ -+ LL^= *(const DES_LONG *)(des_SP+0x100+u1); \ -+ LL^= *(const DES_LONG *)(des_SP+0x300+u2); \ -+ u3=(int)t>>8L; \ -+ u1=(int)t&0xfc; \ -+ u3&=0xfc; \ -+ LL^= *(const DES_LONG *)(des_SP+0x500+u1); \ -+ LL^= *(const DES_LONG *)(des_SP+0x700+u3); } -+# endif -+# ifdef DES_RISC2 -+# define D_ENCRYPT(LL,R,S) { \ -+ unsigned int u1,u2,s1,s2; \ -+ LOAD_DATA(R,S,u,t,E0,E1,u1); \ -+ u2=(int)u>>8L; \ -+ u1=(int)u&0xfc; \ -+ u2&=0xfc; \ -+ t=ROTATE(t,4); \ -+ LL^= *(const DES_LONG *)(des_SP +u1); \ -+ LL^= *(const DES_LONG *)(des_SP+0x200+u2); \ -+ s1=(int)(u>>16L); \ -+ s2=(int)(u>>24L); \ -+ s1&=0xfc; \ -+ s2&=0xfc; \ -+ LL^= *(const DES_LONG *)(des_SP+0x400+s1); \ -+ LL^= *(const DES_LONG *)(des_SP+0x600+s2); \ -+ u2=(int)t>>8L; \ -+ u1=(int)t&0xfc; \ -+ u2&=0xfc; \ -+ LL^= *(const DES_LONG *)(des_SP+0x100+u1); \ -+ LL^= *(const DES_LONG *)(des_SP+0x300+u2); \ -+ s1=(int)(t>>16L); \ -+ s2=(int)(t>>24L); \ -+ s1&=0xfc; \ -+ s2&=0xfc; \ -+ LL^= *(const DES_LONG *)(des_SP+0x500+s1); \ -+ LL^= *(const DES_LONG *)(des_SP+0x700+s2); } -+# endif -+# else -+# define D_ENCRYPT(LL,R,S) { \ -+ LOAD_DATA_tmp(R,S,u,t,E0,E1); \ -+ t=ROTATE(t,4); \ -+ LL^= \ -+ *(const DES_LONG *)(des_SP +((u )&0xfc))^ \ -+ *(const DES_LONG *)(des_SP+0x200+((u>> 8L)&0xfc))^ \ -+ *(const DES_LONG *)(des_SP+0x400+((u>>16L)&0xfc))^ \ -+ *(const DES_LONG *)(des_SP+0x600+((u>>24L)&0xfc))^ \ -+ *(const DES_LONG *)(des_SP+0x100+((t )&0xfc))^ \ -+ *(const DES_LONG *)(des_SP+0x300+((t>> 8L)&0xfc))^ \ -+ *(const DES_LONG *)(des_SP+0x500+((t>>16L)&0xfc))^ \ -+ *(const DES_LONG *)(des_SP+0x700+((t>>24L)&0xfc)); } -+# endif -+ -+# else /* original version */ -+ -+# if defined(DES_RISC1) || defined(DES_RISC2) -+# ifdef DES_RISC1 -+# define D_ENCRYPT(LL,R,S) {\ -+ unsigned int u1,u2,u3; \ -+ LOAD_DATA(R,S,u,t,E0,E1,u1); \ -+ u>>=2L; \ -+ t=ROTATE(t,6); \ -+ u2=(int)u>>8L; \ -+ u1=(int)u&0x3f; \ -+ u2&=0x3f; \ -+ u>>=16L; \ -+ LL^=DES_SPtrans[0][u1]; \ -+ LL^=DES_SPtrans[2][u2]; \ -+ u3=(int)u>>8L; \ -+ u1=(int)u&0x3f; \ -+ u3&=0x3f; \ -+ LL^=DES_SPtrans[4][u1]; \ -+ LL^=DES_SPtrans[6][u3]; \ -+ u2=(int)t>>8L; \ -+ u1=(int)t&0x3f; \ -+ u2&=0x3f; \ -+ t>>=16L; \ -+ LL^=DES_SPtrans[1][u1]; \ -+ LL^=DES_SPtrans[3][u2]; \ -+ u3=(int)t>>8L; \ -+ u1=(int)t&0x3f; \ -+ u3&=0x3f; \ -+ LL^=DES_SPtrans[5][u1]; \ -+ LL^=DES_SPtrans[7][u3]; } -+# endif -+# ifdef DES_RISC2 -+# define D_ENCRYPT(LL,R,S) {\ -+ unsigned int u1,u2,s1,s2; \ -+ LOAD_DATA(R,S,u,t,E0,E1,u1); \ -+ u>>=2L; \ -+ t=ROTATE(t,6); \ -+ u2=(int)u>>8L; \ -+ u1=(int)u&0x3f; \ -+ u2&=0x3f; \ -+ LL^=DES_SPtrans[0][u1]; \ -+ LL^=DES_SPtrans[2][u2]; \ -+ s1=(int)u>>16L; \ -+ s2=(int)u>>24L; \ -+ s1&=0x3f; \ -+ s2&=0x3f; \ -+ LL^=DES_SPtrans[4][s1]; \ -+ LL^=DES_SPtrans[6][s2]; \ -+ u2=(int)t>>8L; \ -+ u1=(int)t&0x3f; \ -+ u2&=0x3f; \ -+ LL^=DES_SPtrans[1][u1]; \ -+ LL^=DES_SPtrans[3][u2]; \ -+ s1=(int)t>>16; \ -+ s2=(int)t>>24L; \ -+ s1&=0x3f; \ -+ s2&=0x3f; \ -+ LL^=DES_SPtrans[5][s1]; \ -+ LL^=DES_SPtrans[7][s2]; } -+# endif -+ -+# else -+ -+# define D_ENCRYPT(LL,R,S) {\ -+ LOAD_DATA_tmp(R,S,u,t,E0,E1); \ -+ t=ROTATE(t,4); \ -+ LL^=\ -+ DES_SPtrans[0][(u>> 2L)&0x3f]^ \ -+ DES_SPtrans[2][(u>>10L)&0x3f]^ \ -+ DES_SPtrans[4][(u>>18L)&0x3f]^ \ -+ DES_SPtrans[6][(u>>26L)&0x3f]^ \ -+ DES_SPtrans[1][(t>> 2L)&0x3f]^ \ -+ DES_SPtrans[3][(t>>10L)&0x3f]^ \ -+ DES_SPtrans[5][(t>>18L)&0x3f]^ \ -+ DES_SPtrans[7][(t>>26L)&0x3f]; } -+# endif -+# endif -+ -+ /*- -+ * IP and FP -+ * The problem is more of a geometric problem that random bit fiddling. -+ 0 1 2 3 4 5 6 7 62 54 46 38 30 22 14 6 -+ 8 9 10 11 12 13 14 15 60 52 44 36 28 20 12 4 -+ 16 17 18 19 20 21 22 23 58 50 42 34 26 18 10 2 -+ 24 25 26 27 28 29 30 31 to 56 48 40 32 24 16 8 0 -+ -+ 32 33 34 35 36 37 38 39 63 55 47 39 31 23 15 7 -+ 40 41 42 43 44 45 46 47 61 53 45 37 29 21 13 5 -+ 48 49 50 51 52 53 54 55 59 51 43 35 27 19 11 3 -+ 56 57 58 59 60 61 62 63 57 49 41 33 25 17 9 1 -+ -+ The output has been subject to swaps of the form -+ 0 1 -> 3 1 but the odd and even bits have been put into -+ 2 3 2 0 -+ different words. The main trick is to remember that -+ t=((l>>size)^r)&(mask); -+ r^=t; -+ l^=(t<>(n))^(b))&(m)),\ -+ (b)^=(t),\ -+ (a)^=((t)<<(n))) -+ -+# define IP(l,r) \ -+ { \ -+ register DES_LONG tt; \ -+ PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \ -+ PERM_OP(l,r,tt,16,0x0000ffffL); \ -+ PERM_OP(r,l,tt, 2,0x33333333L); \ -+ PERM_OP(l,r,tt, 8,0x00ff00ffL); \ -+ PERM_OP(r,l,tt, 1,0x55555555L); \ -+ } -+ -+# define FP(l,r) \ -+ { \ -+ register DES_LONG tt; \ -+ PERM_OP(l,r,tt, 1,0x55555555L); \ -+ PERM_OP(r,l,tt, 8,0x00ff00ffL); \ -+ PERM_OP(l,r,tt, 2,0x33333333L); \ -+ PERM_OP(r,l,tt,16,0x0000ffffL); \ -+ PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \ -+ } -+ -+extern const DES_LONG DES_SPtrans[8][64]; -+ -+void fcrypt_body(DES_LONG *out, DES_key_schedule *ks, -+ DES_LONG Eswap0, DES_LONG Eswap1); -+ -+# ifdef OPENSSL_SMALL_FOOTPRINT -+# undef DES_UNROLL -+# endif -+#endif -diff --git a/Cryptlib/OpenSSL/crypto/des/des_old.c b/Cryptlib/OpenSSL/crypto/des/des_old.c -new file mode 100644 -index 0000000..c5c5a00 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/des/des_old.c -@@ -0,0 +1,345 @@ -+/* crypto/des/des_old.c */ -+ -+/*- -+ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING -+ * -+ * The function names in here are deprecated and are only present to -+ * provide an interface compatible with libdes. OpenSSL now provides -+ * functions where "des_" has been replaced with "DES_" in the names, -+ * to make it possible to make incompatible changes that are needed -+ * for C type security and other stuff. -+ * -+ * Please consider starting to use the DES_ functions rather than the -+ * des_ ones. The des_ functions will dissapear completely before -+ * OpenSSL 1.0! -+ * -+ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING -+ */ -+ -+/* -+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project -+ * 2001. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+#define OPENSSL_DES_LIBDES_COMPATIBILITY -+#include -+#include -+ -+const char *_ossl_old_des_options(void) -+{ -+ return DES_options(); -+} -+ -+void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input, -+ _ossl_old_des_cblock *output, -+ des_key_schedule ks1, des_key_schedule ks2, -+ des_key_schedule ks3, int enc) -+{ -+ DES_ecb3_encrypt((const_DES_cblock *)input, output, -+ (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, -+ (DES_key_schedule *)ks3, enc); -+} -+ -+DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input, -+ _ossl_old_des_cblock *output, long length, -+ des_key_schedule schedule, -+ _ossl_old_des_cblock *ivec) -+{ -+ return DES_cbc_cksum((unsigned char *)input, output, length, -+ (DES_key_schedule *)schedule, ivec); -+} -+ -+void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input, -+ _ossl_old_des_cblock *output, long length, -+ des_key_schedule schedule, -+ _ossl_old_des_cblock *ivec, int enc) -+{ -+ DES_cbc_encrypt((unsigned char *)input, (unsigned char *)output, -+ length, (DES_key_schedule *)schedule, ivec, enc); -+} -+ -+void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input, -+ _ossl_old_des_cblock *output, long length, -+ des_key_schedule schedule, -+ _ossl_old_des_cblock *ivec, int enc) -+{ -+ DES_ncbc_encrypt((unsigned char *)input, (unsigned char *)output, -+ length, (DES_key_schedule *)schedule, ivec, enc); -+} -+ -+void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input, -+ _ossl_old_des_cblock *output, long length, -+ des_key_schedule schedule, -+ _ossl_old_des_cblock *ivec, -+ _ossl_old_des_cblock *inw, -+ _ossl_old_des_cblock *outw, int enc) -+{ -+ DES_xcbc_encrypt((unsigned char *)input, (unsigned char *)output, -+ length, (DES_key_schedule *)schedule, ivec, inw, outw, -+ enc); -+} -+ -+void _ossl_old_des_cfb_encrypt(unsigned char *in, unsigned char *out, -+ int numbits, long length, -+ des_key_schedule schedule, -+ _ossl_old_des_cblock *ivec, int enc) -+{ -+ DES_cfb_encrypt(in, out, numbits, length, -+ (DES_key_schedule *)schedule, ivec, enc); -+} -+ -+void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input, -+ _ossl_old_des_cblock *output, -+ des_key_schedule ks, int enc) -+{ -+ DES_ecb_encrypt(input, output, (DES_key_schedule *)ks, enc); -+} -+ -+void _ossl_old_des_encrypt(DES_LONG *data, des_key_schedule ks, int enc) -+{ -+ DES_encrypt1(data, (DES_key_schedule *)ks, enc); -+} -+ -+void _ossl_old_des_encrypt2(DES_LONG *data, des_key_schedule ks, int enc) -+{ -+ DES_encrypt2(data, (DES_key_schedule *)ks, enc); -+} -+ -+void _ossl_old_des_encrypt3(DES_LONG *data, des_key_schedule ks1, -+ des_key_schedule ks2, des_key_schedule ks3) -+{ -+ DES_encrypt3(data, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, -+ (DES_key_schedule *)ks3); -+} -+ -+void _ossl_old_des_decrypt3(DES_LONG *data, des_key_schedule ks1, -+ des_key_schedule ks2, des_key_schedule ks3) -+{ -+ DES_decrypt3(data, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, -+ (DES_key_schedule *)ks3); -+} -+ -+void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input, -+ _ossl_old_des_cblock *output, long length, -+ des_key_schedule ks1, -+ des_key_schedule ks2, -+ des_key_schedule ks3, -+ _ossl_old_des_cblock *ivec, int enc) -+{ -+ DES_ede3_cbc_encrypt((unsigned char *)input, (unsigned char *)output, -+ length, (DES_key_schedule *)ks1, -+ (DES_key_schedule *)ks2, (DES_key_schedule *)ks3, -+ ivec, enc); -+} -+ -+void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out, -+ long length, des_key_schedule ks1, -+ des_key_schedule ks2, -+ des_key_schedule ks3, -+ _ossl_old_des_cblock *ivec, int *num, -+ int enc) -+{ -+ DES_ede3_cfb64_encrypt(in, out, length, -+ (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, -+ (DES_key_schedule *)ks3, ivec, num, enc); -+} -+ -+void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out, -+ long length, des_key_schedule ks1, -+ des_key_schedule ks2, -+ des_key_schedule ks3, -+ _ossl_old_des_cblock *ivec, int *num) -+{ -+ DES_ede3_ofb64_encrypt(in, out, length, -+ (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, -+ (DES_key_schedule *)ks3, ivec, num); -+} -+ -+#if 0 /* broken code, preserved just in case anyone -+ * specifically looks for this */ -+void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), -+ _ossl_old_des_cblock (*in_white), -+ _ossl_old_des_cblock (*out_white)) -+{ -+ DES_xwhite_in2out(des_key, in_white, out_white); -+} -+#endif -+ -+int _ossl_old_des_enc_read(int fd, char *buf, int len, des_key_schedule sched, -+ _ossl_old_des_cblock *iv) -+{ -+ return DES_enc_read(fd, buf, len, (DES_key_schedule *)sched, iv); -+} -+ -+int _ossl_old_des_enc_write(int fd, char *buf, int len, -+ des_key_schedule sched, _ossl_old_des_cblock *iv) -+{ -+ return DES_enc_write(fd, buf, len, (DES_key_schedule *)sched, iv); -+} -+ -+char *_ossl_old_des_fcrypt(const char *buf, const char *salt, char *ret) -+{ -+ return DES_fcrypt(buf, salt, ret); -+} -+ -+char *_ossl_old_des_crypt(const char *buf, const char *salt) -+{ -+ return DES_crypt(buf, salt); -+} -+ -+char *_ossl_old_crypt(const char *buf, const char *salt) -+{ -+ return DES_crypt(buf, salt); -+} -+ -+void _ossl_old_des_ofb_encrypt(unsigned char *in, unsigned char *out, -+ int numbits, long length, -+ des_key_schedule schedule, -+ _ossl_old_des_cblock *ivec) -+{ -+ DES_ofb_encrypt(in, out, numbits, length, (DES_key_schedule *)schedule, -+ ivec); -+} -+ -+void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input, -+ _ossl_old_des_cblock *output, long length, -+ des_key_schedule schedule, -+ _ossl_old_des_cblock *ivec, int enc) -+{ -+ DES_pcbc_encrypt((unsigned char *)input, (unsigned char *)output, -+ length, (DES_key_schedule *)schedule, ivec, enc); -+} -+ -+DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input, -+ _ossl_old_des_cblock *output, long length, -+ int out_count, _ossl_old_des_cblock *seed) -+{ -+ return DES_quad_cksum((unsigned char *)input, output, length, -+ out_count, seed); -+} -+ -+void _ossl_old_des_random_seed(_ossl_old_des_cblock key) -+{ -+ RAND_seed(key, sizeof(_ossl_old_des_cblock)); -+} -+ -+void _ossl_old_des_random_key(_ossl_old_des_cblock ret) -+{ -+ DES_random_key((DES_cblock *)ret); -+} -+ -+int _ossl_old_des_read_password(_ossl_old_des_cblock *key, const char *prompt, -+ int verify) -+{ -+ return DES_read_password(key, prompt, verify); -+} -+ -+int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1, -+ _ossl_old_des_cblock *key2, -+ const char *prompt, int verify) -+{ -+ return DES_read_2passwords(key1, key2, prompt, verify); -+} -+ -+void _ossl_old_des_set_odd_parity(_ossl_old_des_cblock *key) -+{ -+ DES_set_odd_parity(key); -+} -+ -+int _ossl_old_des_is_weak_key(_ossl_old_des_cblock *key) -+{ -+ return DES_is_weak_key(key); -+} -+ -+int _ossl_old_des_set_key(_ossl_old_des_cblock *key, -+ des_key_schedule schedule) -+{ -+ return DES_set_key(key, (DES_key_schedule *)schedule); -+} -+ -+int _ossl_old_des_key_sched(_ossl_old_des_cblock *key, -+ des_key_schedule schedule) -+{ -+ return DES_key_sched(key, (DES_key_schedule *)schedule); -+} -+ -+void _ossl_old_des_string_to_key(char *str, _ossl_old_des_cblock *key) -+{ -+ DES_string_to_key(str, key); -+} -+ -+void _ossl_old_des_string_to_2keys(char *str, _ossl_old_des_cblock *key1, -+ _ossl_old_des_cblock *key2) -+{ -+ DES_string_to_2keys(str, key1, key2); -+} -+ -+void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out, -+ long length, des_key_schedule schedule, -+ _ossl_old_des_cblock *ivec, int *num, -+ int enc) -+{ -+ DES_cfb64_encrypt(in, out, length, (DES_key_schedule *)schedule, -+ ivec, num, enc); -+} -+ -+void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out, -+ long length, des_key_schedule schedule, -+ _ossl_old_des_cblock *ivec, int *num) -+{ -+ DES_ofb64_encrypt(in, out, length, (DES_key_schedule *)schedule, -+ ivec, num); -+} -diff --git a/Cryptlib/OpenSSL/crypto/des/des_old2.c b/Cryptlib/OpenSSL/crypto/des/des_old2.c -new file mode 100644 -index 0000000..247ff8d ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/des/des_old2.c -@@ -0,0 +1,80 @@ -+/* crypto/des/des_old.c */ -+ -+/* -+ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING The -+ * function names in here are deprecated and are only present to provide an -+ * interface compatible with OpenSSL 0.9.6c. OpenSSL now provides functions -+ * where "des_" has been replaced with "DES_" in the names, to make it -+ * possible to make incompatible changes that are needed for C type security -+ * and other stuff. Please consider starting to use the DES_ functions -+ * rather than the des_ ones. The des_ functions will dissapear completely -+ * before OpenSSL 1.0! WARNING WARNING WARNING WARNING WARNING WARNING -+ * WARNING WARNING -+ */ -+ -+/* -+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project -+ * 2001. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+#undef OPENSSL_DES_LIBDES_COMPATIBILITY -+#include -+#include -+ -+void _ossl_096_des_random_seed(DES_cblock *key) -+{ -+ RAND_seed(key, sizeof(DES_cblock)); -+} -diff --git a/Cryptlib/OpenSSL/crypto/des/des_ver.h b/Cryptlib/OpenSSL/crypto/des/des_ver.h -new file mode 100644 -index 0000000..276de2b ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/des/des_ver.h -@@ -0,0 +1,73 @@ -+/* crypto/des/des_ver.h */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#include -+ -+#ifdef OPENSSL_BUILD_SHLIBCRYPTO -+# undef OPENSSL_EXTERN -+# define OPENSSL_EXTERN OPENSSL_EXPORT -+#endif -+ -+/* The following macros make sure the names are different from libdes names */ -+#define DES_version OSSL_DES_version -+#define libdes_version OSSL_libdes_version -+ -+/* SSLeay version string */ -+OPENSSL_EXTERN const char OSSL_DES_version[]; -+/* old libdes version string */ -+OPENSSL_EXTERN const char OSSL_libdes_version[]; -diff --git a/Cryptlib/OpenSSL/crypto/des/ecb3_enc.c b/Cryptlib/OpenSSL/crypto/des/ecb3_enc.c -new file mode 100644 -index 0000000..c49fbd4 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/des/ecb3_enc.c -@@ -0,0 +1,82 @@ -+/* crypto/des/ecb3_enc.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#include "des_locl.h" -+ -+void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, -+ DES_key_schedule *ks1, DES_key_schedule *ks2, -+ DES_key_schedule *ks3, int enc) -+{ -+ register DES_LONG l0, l1; -+ DES_LONG ll[2]; -+ const unsigned char *in = &(*input)[0]; -+ unsigned char *out = &(*output)[0]; -+ -+ c2l(in, l0); -+ c2l(in, l1); -+ ll[0] = l0; -+ ll[1] = l1; -+ if (enc) -+ DES_encrypt3(ll, ks1, ks2, ks3); -+ else -+ DES_decrypt3(ll, ks1, ks2, ks3); -+ l0 = ll[0]; -+ l1 = ll[1]; -+ l2c(l0, out); -+ l2c(l1, out); -+} -diff --git a/Cryptlib/OpenSSL/crypto/des/ecb_enc.c b/Cryptlib/OpenSSL/crypto/des/ecb_enc.c -new file mode 100644 -index 0000000..f97fd97 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/des/ecb_enc.c -@@ -0,0 +1,124 @@ -+/* crypto/des/ecb_enc.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#include "des_locl.h" -+#include "des_ver.h" -+#include -+#include -+ -+OPENSSL_GLOBAL const char libdes_version[] = "libdes" OPENSSL_VERSION_PTEXT; -+OPENSSL_GLOBAL const char DES_version[] = "DES" OPENSSL_VERSION_PTEXT; -+ -+const char *DES_options(void) -+{ -+ static int init = 1; -+ static char buf[32]; -+ -+ if (init) { -+ const char *ptr, *unroll, *risc, *size; -+ -+#ifdef DES_PTR -+ ptr = "ptr"; -+#else -+ ptr = "idx"; -+#endif -+#if defined(DES_RISC1) || defined(DES_RISC2) -+# ifdef DES_RISC1 -+ risc = "risc1"; -+# endif -+# ifdef DES_RISC2 -+ risc = "risc2"; -+# endif -+#else -+ risc = "cisc"; -+#endif -+#ifdef DES_UNROLL -+ unroll = "16"; -+#else -+ unroll = "2"; -+#endif -+ if (sizeof(DES_LONG) != sizeof(long)) -+ size = "int"; -+ else -+ size = "long"; -+ BIO_snprintf(buf, sizeof buf, "des(%s,%s,%s,%s)", ptr, risc, unroll, -+ size); -+ init = 0; -+ } -+ return (buf); -+} -+ -+void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output, -+ DES_key_schedule *ks, int enc) -+{ -+ register DES_LONG l; -+ DES_LONG ll[2]; -+ const unsigned char *in = &(*input)[0]; -+ unsigned char *out = &(*output)[0]; -+ -+ c2l(in, l); -+ ll[0] = l; -+ c2l(in, l); -+ ll[1] = l; -+ DES_encrypt1(ll, ks, enc); -+ l = ll[0]; -+ l2c(l, out); -+ l = ll[1]; -+ l2c(l, out); -+ l = ll[0] = ll[1] = 0; -+} -diff --git a/Cryptlib/OpenSSL/crypto/des/ede_cbcm_enc.c b/Cryptlib/OpenSSL/crypto/des/ede_cbcm_enc.c -new file mode 100644 -index 0000000..86f27d0 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/des/ede_cbcm_enc.c -@@ -0,0 +1,189 @@ -+/* ede_cbcm_enc.c */ -+/* -+ * Written by Ben Laurie for the OpenSSL project 13 Feb -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+/* -+ * -+ * This is an implementation of Triple DES Cipher Block Chaining with Output -+ * Feedback Masking, by Coppersmith, Johnson and Matyas, (IBM and Certicom). -+ * -+ * Note that there is a known attack on this by Biham and Knudsen but it -+ * takes a lot of work: -+ * -+ * http://www.cs.technion.ac.il/users/wwwb/cgi-bin/tr-get.cgi/1998/CS/CS0928.ps.gz -+ * -+ */ -+ -+#include /* To see if OPENSSL_NO_DESCBCM is defined */ -+ -+#ifndef OPENSSL_NO_DESCBCM -+# include "des_locl.h" -+ -+void DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out, -+ long length, DES_key_schedule *ks1, -+ DES_key_schedule *ks2, DES_key_schedule *ks3, -+ DES_cblock *ivec1, DES_cblock *ivec2, int enc) -+{ -+ register DES_LONG tin0, tin1; -+ register DES_LONG tout0, tout1, xor0, xor1, m0, m1; -+ register long l = length; -+ DES_LONG tin[2]; -+ unsigned char *iv1, *iv2; -+ -+ iv1 = &(*ivec1)[0]; -+ iv2 = &(*ivec2)[0]; -+ -+ if (enc) { -+ c2l(iv1, m0); -+ c2l(iv1, m1); -+ c2l(iv2, tout0); -+ c2l(iv2, tout1); -+ for (l -= 8; l >= -7; l -= 8) { -+ tin[0] = m0; -+ tin[1] = m1; -+ DES_encrypt1(tin, ks3, 1); -+ m0 = tin[0]; -+ m1 = tin[1]; -+ -+ if (l < 0) { -+ c2ln(in, tin0, tin1, l + 8); -+ } else { -+ c2l(in, tin0); -+ c2l(in, tin1); -+ } -+ tin0 ^= tout0; -+ tin1 ^= tout1; -+ -+ tin[0] = tin0; -+ tin[1] = tin1; -+ DES_encrypt1(tin, ks1, 1); -+ tin[0] ^= m0; -+ tin[1] ^= m1; -+ DES_encrypt1(tin, ks2, 0); -+ tin[0] ^= m0; -+ tin[1] ^= m1; -+ DES_encrypt1(tin, ks1, 1); -+ tout0 = tin[0]; -+ tout1 = tin[1]; -+ -+ l2c(tout0, out); -+ l2c(tout1, out); -+ } -+ iv1 = &(*ivec1)[0]; -+ l2c(m0, iv1); -+ l2c(m1, iv1); -+ -+ iv2 = &(*ivec2)[0]; -+ l2c(tout0, iv2); -+ l2c(tout1, iv2); -+ } else { -+ register DES_LONG t0, t1; -+ -+ c2l(iv1, m0); -+ c2l(iv1, m1); -+ c2l(iv2, xor0); -+ c2l(iv2, xor1); -+ for (l -= 8; l >= -7; l -= 8) { -+ tin[0] = m0; -+ tin[1] = m1; -+ DES_encrypt1(tin, ks3, 1); -+ m0 = tin[0]; -+ m1 = tin[1]; -+ -+ c2l(in, tin0); -+ c2l(in, tin1); -+ -+ t0 = tin0; -+ t1 = tin1; -+ -+ tin[0] = tin0; -+ tin[1] = tin1; -+ DES_encrypt1(tin, ks1, 0); -+ tin[0] ^= m0; -+ tin[1] ^= m1; -+ DES_encrypt1(tin, ks2, 1); -+ tin[0] ^= m0; -+ tin[1] ^= m1; -+ DES_encrypt1(tin, ks1, 0); -+ tout0 = tin[0]; -+ tout1 = tin[1]; -+ -+ tout0 ^= xor0; -+ tout1 ^= xor1; -+ if (l < 0) { -+ l2cn(tout0, tout1, out, l + 8); -+ } else { -+ l2c(tout0, out); -+ l2c(tout1, out); -+ } -+ xor0 = t0; -+ xor1 = t1; -+ } -+ -+ iv1 = &(*ivec1)[0]; -+ l2c(m0, iv1); -+ l2c(m1, iv1); -+ -+ iv2 = &(*ivec2)[0]; -+ l2c(xor0, iv2); -+ l2c(xor1, iv2); -+ } -+ tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; -+ tin[0] = tin[1] = 0; -+} -+#endif -diff --git a/Cryptlib/OpenSSL/crypto/des/enc_read.c b/Cryptlib/OpenSSL/crypto/des/enc_read.c -new file mode 100644 -index 0000000..fcb6654 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/des/enc_read.c -@@ -0,0 +1,235 @@ -+/* crypto/des/enc_read.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#include -+#include -+#include "cryptlib.h" -+#include "des_locl.h" -+ -+/* This has some uglies in it but it works - even over sockets. */ -+/* -+ * extern int errno; -+ */ -+OPENSSL_IMPLEMENT_GLOBAL(int, DES_rw_mode, DES_PCBC_MODE) -+ -+/*- -+ * WARNINGS: -+ * -+ * - The data format used by DES_enc_write() and DES_enc_read() -+ * has a cryptographic weakness: When asked to write more -+ * than MAXWRITE bytes, DES_enc_write will split the data -+ * into several chunks that are all encrypted -+ * using the same IV. So don't use these functions unless you -+ * are sure you know what you do (in which case you might -+ * not want to use them anyway). -+ * -+ * - This code cannot handle non-blocking sockets. -+ * -+ * - This function uses an internal state and thus cannot be -+ * used on multiple files. -+ */ -+int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched, -+ DES_cblock *iv) -+{ -+#if defined(OPENSSL_NO_POSIX_IO) -+ return (0); -+#else -+ /* data to be unencrypted */ -+ int net_num = 0; -+ static unsigned char *net = NULL; -+ /* -+ * extra unencrypted data for when a block of 100 comes in but is -+ * des_read one byte at a time. -+ */ -+ static unsigned char *unnet = NULL; -+ static int unnet_start = 0; -+ static int unnet_left = 0; -+ static unsigned char *tmpbuf = NULL; -+ int i; -+ long num = 0, rnum; -+ unsigned char *p; -+ -+ if (tmpbuf == NULL) { -+ tmpbuf = OPENSSL_malloc(BSIZE); -+ if (tmpbuf == NULL) -+ return (-1); -+ } -+ if (net == NULL) { -+ net = OPENSSL_malloc(BSIZE); -+ if (net == NULL) -+ return (-1); -+ } -+ if (unnet == NULL) { -+ unnet = OPENSSL_malloc(BSIZE); -+ if (unnet == NULL) -+ return (-1); -+ } -+ /* left over data from last decrypt */ -+ if (unnet_left != 0) { -+ if (unnet_left < len) { -+ /* -+ * we still still need more data but will return with the number -+ * of bytes we have - should always check the return value -+ */ -+ memcpy(buf, &(unnet[unnet_start]), unnet_left); -+ /* -+ * eay 26/08/92 I had the next 2 lines reversed :-( -+ */ -+ i = unnet_left; -+ unnet_start = unnet_left = 0; -+ } else { -+ memcpy(buf, &(unnet[unnet_start]), len); -+ unnet_start += len; -+ unnet_left -= len; -+ i = len; -+ } -+ return (i); -+ } -+ -+ /* We need to get more data. */ -+ if (len > MAXWRITE) -+ len = MAXWRITE; -+ -+ /* first - get the length */ -+ while (net_num < HDRSIZE) { -+# ifndef OPENSSL_SYS_WIN32 -+ i = read(fd, (void *)&(net[net_num]), HDRSIZE - net_num); -+# else -+ i = _read(fd, (void *)&(net[net_num]), HDRSIZE - net_num); -+# endif -+# ifdef EINTR -+ if ((i == -1) && (errno == EINTR)) -+ continue; -+# endif -+ if (i <= 0) -+ return (0); -+ net_num += i; -+ } -+ -+ /* we now have at net_num bytes in net */ -+ p = net; -+ /* num=0; */ -+ n2l(p, num); -+ /* -+ * num should be rounded up to the next group of eight we make sure that -+ * we have read a multiple of 8 bytes from the net. -+ */ -+ if ((num > MAXWRITE) || (num < 0)) /* error */ -+ return (-1); -+ rnum = (num < 8) ? 8 : ((num + 7) / 8 * 8); -+ -+ net_num = 0; -+ while (net_num < rnum) { -+# ifndef OPENSSL_SYS_WIN32 -+ i = read(fd, (void *)&(net[net_num]), rnum - net_num); -+# else -+ i = _read(fd, (void *)&(net[net_num]), rnum - net_num); -+# endif -+# ifdef EINTR -+ if ((i == -1) && (errno == EINTR)) -+ continue; -+# endif -+ if (i <= 0) -+ return (0); -+ net_num += i; -+ } -+ -+ /* Check if there will be data left over. */ -+ if (len < num) { -+ if (DES_rw_mode & DES_PCBC_MODE) -+ DES_pcbc_encrypt(net, unnet, num, sched, iv, DES_DECRYPT); -+ else -+ DES_cbc_encrypt(net, unnet, num, sched, iv, DES_DECRYPT); -+ memcpy(buf, unnet, len); -+ unnet_start = len; -+ unnet_left = num - len; -+ -+ /* -+ * The following line is done because we return num as the number of -+ * bytes read. -+ */ -+ num = len; -+ } else { -+ /*- -+ * >output is a multiple of 8 byes, if len < rnum -+ * >we must be careful. The user must be aware that this -+ * >routine will write more bytes than he asked for. -+ * >The length of the buffer must be correct. -+ * FIXED - Should be ok now 18-9-90 - eay */ -+ if (len < rnum) { -+ -+ if (DES_rw_mode & DES_PCBC_MODE) -+ DES_pcbc_encrypt(net, tmpbuf, num, sched, iv, DES_DECRYPT); -+ else -+ DES_cbc_encrypt(net, tmpbuf, num, sched, iv, DES_DECRYPT); -+ -+ /* -+ * eay 26/08/92 fix a bug that returned more bytes than you asked -+ * for (returned len bytes :-( -+ */ -+ memcpy(buf, tmpbuf, num); -+ } else { -+ if (DES_rw_mode & DES_PCBC_MODE) -+ DES_pcbc_encrypt(net, buf, num, sched, iv, DES_DECRYPT); -+ else -+ DES_cbc_encrypt(net, buf, num, sched, iv, DES_DECRYPT); -+ } -+ } -+ return num; -+#endif /* OPENSSL_NO_POSIX_IO */ -+} -diff --git a/Cryptlib/OpenSSL/crypto/des/enc_writ.c b/Cryptlib/OpenSSL/crypto/des/enc_writ.c -new file mode 100644 -index 0000000..c2aaa8e ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/des/enc_writ.c -@@ -0,0 +1,182 @@ -+/* crypto/des/enc_writ.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#include -+#include -+#include -+#include "cryptlib.h" -+#include "des_locl.h" -+#include -+ -+/*- -+ * WARNINGS: -+ * -+ * - The data format used by DES_enc_write() and DES_enc_read() -+ * has a cryptographic weakness: When asked to write more -+ * than MAXWRITE bytes, DES_enc_write will split the data -+ * into several chunks that are all encrypted -+ * using the same IV. So don't use these functions unless you -+ * are sure you know what you do (in which case you might -+ * not want to use them anyway). -+ * -+ * - This code cannot handle non-blocking sockets. -+ */ -+ -+int DES_enc_write(int fd, const void *_buf, int len, -+ DES_key_schedule *sched, DES_cblock *iv) -+{ -+#if defined(OPENSSL_NO_POSIX_IO) -+ return (-1); -+#else -+# ifdef _LIBC -+ extern unsigned long time(); -+ extern int write(); -+# endif -+ const unsigned char *buf = _buf; -+ long rnum; -+ int i, j, k, outnum; -+ static unsigned char *outbuf = NULL; -+ unsigned char shortbuf[8]; -+ unsigned char *p; -+ const unsigned char *cp; -+ static int start = 1; -+ -+ if (len < 0) -+ return -1; -+ -+ if (outbuf == NULL) { -+ outbuf = OPENSSL_malloc(BSIZE + HDRSIZE); -+ if (outbuf == NULL) -+ return (-1); -+ } -+ /* -+ * If we are sending less than 8 bytes, the same char will look the same -+ * if we don't pad it out with random bytes -+ */ -+ if (start) { -+ start = 0; -+ } -+ -+ /* lets recurse if we want to send the data in small chunks */ -+ if (len > MAXWRITE) { -+ j = 0; -+ for (i = 0; i < len; i += k) { -+ k = DES_enc_write(fd, &(buf[i]), -+ ((len - i) > MAXWRITE) ? MAXWRITE : (len - i), -+ sched, iv); -+ if (k < 0) -+ return (k); -+ else -+ j += k; -+ } -+ return (j); -+ } -+ -+ /* write length first */ -+ p = outbuf; -+ l2n(len, p); -+ -+ /* pad short strings */ -+ if (len < 8) { -+ cp = shortbuf; -+ memcpy(shortbuf, buf, len); -+ if (RAND_bytes(shortbuf + len, 8 - len) <= 0) { -+ return -1; -+ } -+ rnum = 8; -+ } else { -+ cp = buf; -+ rnum = ((len + 7) / 8 * 8); /* round up to nearest eight */ -+ } -+ -+ if (DES_rw_mode & DES_PCBC_MODE) -+ DES_pcbc_encrypt(cp, &(outbuf[HDRSIZE]), (len < 8) ? 8 : len, sched, -+ iv, DES_ENCRYPT); -+ else -+ DES_cbc_encrypt(cp, &(outbuf[HDRSIZE]), (len < 8) ? 8 : len, sched, -+ iv, DES_ENCRYPT); -+ -+ /* output */ -+ outnum = rnum + HDRSIZE; -+ -+ for (j = 0; j < outnum; j += i) { -+ /* -+ * eay 26/08/92 I was not doing writing from where we got up to. -+ */ -+# ifndef _WIN32 -+ i = write(fd, (void *)&(outbuf[j]), outnum - j); -+# else -+ i = _write(fd, (void *)&(outbuf[j]), outnum - j); -+# endif -+ if (i == -1) { -+# ifdef EINTR -+ if (errno == EINTR) -+ i = 0; -+ else -+# endif -+ /* -+ * This is really a bad error - very bad It will stuff-up -+ * both ends. -+ */ -+ return (-1); -+ } -+ } -+ -+ return (len); -+#endif /* OPENSSL_NO_POSIX_IO */ -+} -diff --git a/Cryptlib/OpenSSL/crypto/des/fcrypt.c b/Cryptlib/OpenSSL/crypto/des/fcrypt.c -new file mode 100644 -index 0000000..111f1e4 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/des/fcrypt.c -@@ -0,0 +1,167 @@ -+/* NOCW */ -+#include -+#ifdef _OSD_POSIX -+# ifndef CHARSET_EBCDIC -+# define CHARSET_EBCDIC 1 -+# endif -+#endif -+#ifdef CHARSET_EBCDIC -+# include -+#endif -+ -+/* -+ * This version of crypt has been developed from my MIT compatible DES -+ * library. Eric Young (eay@cryptsoft.com) -+ */ -+ -+/* -+ * Modification by Jens Kupferschmidt (Cu) I have included directive PARA for -+ * shared memory computers. I have included a directive LONGCRYPT to using -+ * this routine to cipher passwords with more then 8 bytes like HP-UX 10.x it -+ * used. The MAXPLEN definition is the maximum of length of password and can -+ * changed. I have defined 24. -+ */ -+ -+#include "des_locl.h" -+ -+/* -+ * Added more values to handle illegal salt values the way normal crypt() -+ * implementations do. The patch was sent by Bjorn Gronvall -+ */ -+static unsigned const char con_salt[128] = { -+ 0xD2, 0xD3, 0xD4, 0xD5, 0xD6, 0xD7, 0xD8, 0xD9, -+ 0xDA, 0xDB, 0xDC, 0xDD, 0xDE, 0xDF, 0xE0, 0xE1, -+ 0xE2, 0xE3, 0xE4, 0xE5, 0xE6, 0xE7, 0xE8, 0xE9, -+ 0xEA, 0xEB, 0xEC, 0xED, 0xEE, 0xEF, 0xF0, 0xF1, -+ 0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7, 0xF8, 0xF9, -+ 0xFA, 0xFB, 0xFC, 0xFD, 0xFE, 0xFF, 0x00, 0x01, -+ 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, -+ 0x0A, 0x0B, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, -+ 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, -+ 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, -+ 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, -+ 0x23, 0x24, 0x25, 0x20, 0x21, 0x22, 0x23, 0x24, -+ 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, -+ 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, -+ 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, -+ 0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, 0x44, -+}; -+ -+static unsigned const char cov_2char[64] = { -+ 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, -+ 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, -+ 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C, -+ 0x4D, 0x4E, 0x4F, 0x50, 0x51, 0x52, 0x53, 0x54, -+ 0x55, 0x56, 0x57, 0x58, 0x59, 0x5A, 0x61, 0x62, -+ 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A, -+ 0x6B, 0x6C, 0x6D, 0x6E, 0x6F, 0x70, 0x71, 0x72, -+ 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7A -+}; -+ -+char *DES_crypt(const char *buf, const char *salt) -+{ -+ static char buff[14]; -+ -+#ifndef CHARSET_EBCDIC -+ return (DES_fcrypt(buf, salt, buff)); -+#else -+ char e_salt[2 + 1]; -+ char e_buf[32 + 1]; /* replace 32 by 8 ? */ -+ char *ret; -+ -+ /* Copy at most 2 chars of salt */ -+ if ((e_salt[0] = salt[0]) != '\0') -+ e_salt[1] = salt[1]; -+ -+ /* Copy at most 32 chars of password */ -+ strncpy(e_buf, buf, sizeof(e_buf)); -+ -+ /* Make sure we have a delimiter */ -+ e_salt[sizeof(e_salt) - 1] = e_buf[sizeof(e_buf) - 1] = '\0'; -+ -+ /* Convert the e_salt to ASCII, as that's what DES_fcrypt works on */ -+ ebcdic2ascii(e_salt, e_salt, sizeof e_salt); -+ -+ /* Convert the cleartext password to ASCII */ -+ ebcdic2ascii(e_buf, e_buf, sizeof e_buf); -+ -+ /* Encrypt it (from/to ASCII) */ -+ ret = DES_fcrypt(e_buf, e_salt, buff); -+ -+ /* Convert the result back to EBCDIC */ -+ ascii2ebcdic(ret, ret, strlen(ret)); -+ -+ return ret; -+#endif -+} -+ -+char *DES_fcrypt(const char *buf, const char *salt, char *ret) -+{ -+ unsigned int i, j, x, y; -+ DES_LONG Eswap0, Eswap1; -+ DES_LONG out[2], ll; -+ DES_cblock key; -+ DES_key_schedule ks; -+ unsigned char bb[9]; -+ unsigned char *b = bb; -+ unsigned char c, u; -+ -+ /* -+ * eay 25/08/92 If you call crypt("pwd","*") as often happens when you -+ * have * as the pwd field in /etc/passwd, the function returns -+ * *\0XXXXXXXXX The \0 makes the string look like * so the pwd "*" would -+ * crypt to "*". This was found when replacing the crypt in our shared -+ * libraries. People found that the disabled accounts effectively had no -+ * passwd :-(. -+ */ -+#ifndef CHARSET_EBCDIC -+ x = ret[0] = ((salt[0] == '\0') ? 'A' : salt[0]); -+ Eswap0 = con_salt[x] << 2; -+ x = ret[1] = ((salt[1] == '\0') ? 'A' : salt[1]); -+ Eswap1 = con_salt[x] << 6; -+#else -+ x = ret[0] = ((salt[0] == '\0') ? os_toascii['A'] : salt[0]); -+ Eswap0 = con_salt[x] << 2; -+ x = ret[1] = ((salt[1] == '\0') ? os_toascii['A'] : salt[1]); -+ Eswap1 = con_salt[x] << 6; -+#endif -+ -+ /* -+ * EAY r=strlen(buf); r=(r+7)/8; -+ */ -+ for (i = 0; i < 8; i++) { -+ c = *(buf++); -+ if (!c) -+ break; -+ key[i] = (c << 1); -+ } -+ for (; i < 8; i++) -+ key[i] = 0; -+ -+ DES_set_key_unchecked(&key, &ks); -+ fcrypt_body(&(out[0]), &ks, Eswap0, Eswap1); -+ -+ ll = out[0]; -+ l2c(ll, b); -+ ll = out[1]; -+ l2c(ll, b); -+ y = 0; -+ u = 0x80; -+ bb[8] = 0; -+ for (i = 2; i < 13; i++) { -+ c = 0; -+ for (j = 0; j < 6; j++) { -+ c <<= 1; -+ if (bb[y] & u) -+ c |= 1; -+ u >>= 1; -+ if (!u) { -+ y++; -+ u = 0x80; -+ } -+ } -+ ret[i] = cov_2char[c]; -+ } -+ ret[13] = '\0'; -+ return (ret); -+} -diff --git a/Cryptlib/OpenSSL/crypto/des/fcrypt_b.c b/Cryptlib/OpenSSL/crypto/des/fcrypt_b.c -new file mode 100644 -index 0000000..b9e8738 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/des/fcrypt_b.c -@@ -0,0 +1,140 @@ -+/* crypto/des/fcrypt_b.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#include -+ -+/* -+ * This version of crypt has been developed from my MIT compatible DES -+ * library. The library is available at pub/Crypto/DES at ftp.psy.uq.oz.au -+ * Eric Young (eay@cryptsoft.com) -+ */ -+ -+#define DES_FCRYPT -+#include "des_locl.h" -+#undef DES_FCRYPT -+ -+#undef PERM_OP -+#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\ -+ (b)^=(t),\ -+ (a)^=((t)<<(n))) -+ -+#undef HPERM_OP -+#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\ -+ (a)=(a)^(t)^(t>>(16-(n))))\ -+ -+void fcrypt_body(DES_LONG *out, DES_key_schedule *ks, DES_LONG Eswap0, -+ DES_LONG Eswap1) -+{ -+ register DES_LONG l, r, t, u; -+#ifdef DES_PTR -+ register const unsigned char *des_SP = (const unsigned char *)DES_SPtrans; -+#endif -+ register DES_LONG *s; -+ register int j; -+ register DES_LONG E0, E1; -+ -+ l = 0; -+ r = 0; -+ -+ s = (DES_LONG *)ks; -+ E0 = Eswap0; -+ E1 = Eswap1; -+ -+ for (j = 0; j < 25; j++) { -+#ifndef DES_UNROLL -+ register int i; -+ -+ for (i = 0; i < 32; i += 4) { -+ D_ENCRYPT(l, r, i + 0); /* 1 */ -+ D_ENCRYPT(r, l, i + 2); /* 2 */ -+ } -+#else -+ D_ENCRYPT(l, r, 0); /* 1 */ -+ D_ENCRYPT(r, l, 2); /* 2 */ -+ D_ENCRYPT(l, r, 4); /* 3 */ -+ D_ENCRYPT(r, l, 6); /* 4 */ -+ D_ENCRYPT(l, r, 8); /* 5 */ -+ D_ENCRYPT(r, l, 10); /* 6 */ -+ D_ENCRYPT(l, r, 12); /* 7 */ -+ D_ENCRYPT(r, l, 14); /* 8 */ -+ D_ENCRYPT(l, r, 16); /* 9 */ -+ D_ENCRYPT(r, l, 18); /* 10 */ -+ D_ENCRYPT(l, r, 20); /* 11 */ -+ D_ENCRYPT(r, l, 22); /* 12 */ -+ D_ENCRYPT(l, r, 24); /* 13 */ -+ D_ENCRYPT(r, l, 26); /* 14 */ -+ D_ENCRYPT(l, r, 28); /* 15 */ -+ D_ENCRYPT(r, l, 30); /* 16 */ -+#endif -+ -+ t = l; -+ l = r; -+ r = t; -+ } -+ l = ROTATE(l, 3) & 0xffffffffL; -+ r = ROTATE(r, 3) & 0xffffffffL; -+ -+ PERM_OP(l, r, t, 1, 0x55555555L); -+ PERM_OP(r, l, t, 8, 0x00ff00ffL); -+ PERM_OP(l, r, t, 2, 0x33333333L); -+ PERM_OP(r, l, t, 16, 0x0000ffffL); -+ PERM_OP(l, r, t, 4, 0x0f0f0f0fL); -+ -+ out[0] = r; -+ out[1] = l; -+} -diff --git a/Cryptlib/OpenSSL/crypto/des/ncbc_enc.c b/Cryptlib/OpenSSL/crypto/des/ncbc_enc.c -new file mode 100644 -index 0000000..ab267cb ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/des/ncbc_enc.c -@@ -0,0 +1,154 @@ -+/* crypto/des/ncbc_enc.c */ -+/*- -+ * #included by: -+ * cbc_enc.c (DES_cbc_encrypt) -+ * des_enc.c (DES_ncbc_encrypt) -+ */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#include "des_locl.h" -+ -+#ifdef CBC_ENC_C__DONT_UPDATE_IV -+void DES_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, -+ DES_key_schedule *_schedule, DES_cblock *ivec, int enc) -+#else -+void DES_ncbc_encrypt(const unsigned char *in, unsigned char *out, -+ long length, DES_key_schedule *_schedule, -+ DES_cblock *ivec, int enc) -+#endif -+{ -+ register DES_LONG tin0, tin1; -+ register DES_LONG tout0, tout1, xor0, xor1; -+ register long l = length; -+ DES_LONG tin[2]; -+ unsigned char *iv; -+ -+ iv = &(*ivec)[0]; -+ -+ if (enc) { -+ c2l(iv, tout0); -+ c2l(iv, tout1); -+ for (l -= 8; l >= 0; l -= 8) { -+ c2l(in, tin0); -+ c2l(in, tin1); -+ tin0 ^= tout0; -+ tin[0] = tin0; -+ tin1 ^= tout1; -+ tin[1] = tin1; -+ DES_encrypt1((DES_LONG *)tin, _schedule, DES_ENCRYPT); -+ tout0 = tin[0]; -+ l2c(tout0, out); -+ tout1 = tin[1]; -+ l2c(tout1, out); -+ } -+ if (l != -8) { -+ c2ln(in, tin0, tin1, l + 8); -+ tin0 ^= tout0; -+ tin[0] = tin0; -+ tin1 ^= tout1; -+ tin[1] = tin1; -+ DES_encrypt1((DES_LONG *)tin, _schedule, DES_ENCRYPT); -+ tout0 = tin[0]; -+ l2c(tout0, out); -+ tout1 = tin[1]; -+ l2c(tout1, out); -+ } -+#ifndef CBC_ENC_C__DONT_UPDATE_IV -+ iv = &(*ivec)[0]; -+ l2c(tout0, iv); -+ l2c(tout1, iv); -+#endif -+ } else { -+ c2l(iv, xor0); -+ c2l(iv, xor1); -+ for (l -= 8; l >= 0; l -= 8) { -+ c2l(in, tin0); -+ tin[0] = tin0; -+ c2l(in, tin1); -+ tin[1] = tin1; -+ DES_encrypt1((DES_LONG *)tin, _schedule, DES_DECRYPT); -+ tout0 = tin[0] ^ xor0; -+ tout1 = tin[1] ^ xor1; -+ l2c(tout0, out); -+ l2c(tout1, out); -+ xor0 = tin0; -+ xor1 = tin1; -+ } -+ if (l != -8) { -+ c2l(in, tin0); -+ tin[0] = tin0; -+ c2l(in, tin1); -+ tin[1] = tin1; -+ DES_encrypt1((DES_LONG *)tin, _schedule, DES_DECRYPT); -+ tout0 = tin[0] ^ xor0; -+ tout1 = tin[1] ^ xor1; -+ l2cn(tout0, tout1, out, l + 8); -+#ifndef CBC_ENC_C__DONT_UPDATE_IV -+ xor0 = tin0; -+ xor1 = tin1; -+#endif -+ } -+#ifndef CBC_ENC_C__DONT_UPDATE_IV -+ iv = &(*ivec)[0]; -+ l2c(xor0, iv); -+ l2c(xor1, iv); -+#endif -+ } -+ tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; -+ tin[0] = tin[1] = 0; -+} -diff --git a/Cryptlib/OpenSSL/crypto/des/ofb64ede.c b/Cryptlib/OpenSSL/crypto/des/ofb64ede.c -new file mode 100644 -index 0000000..45c6750 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/des/ofb64ede.c -@@ -0,0 +1,123 @@ -+/* crypto/des/ofb64ede.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#include "des_locl.h" -+ -+/* -+ * The input and output encrypted as though 64bit ofb mode is being used. -+ * The extra state information to record how much of the 64bit block we have -+ * used is contained in *num; -+ */ -+void DES_ede3_ofb64_encrypt(register const unsigned char *in, -+ register unsigned char *out, long length, -+ DES_key_schedule *k1, DES_key_schedule *k2, -+ DES_key_schedule *k3, DES_cblock *ivec, int *num) -+{ -+ register DES_LONG v0, v1; -+ register int n = *num; -+ register long l = length; -+ DES_cblock d; -+ register char *dp; -+ DES_LONG ti[2]; -+ unsigned char *iv; -+ int save = 0; -+ -+ iv = &(*ivec)[0]; -+ c2l(iv, v0); -+ c2l(iv, v1); -+ ti[0] = v0; -+ ti[1] = v1; -+ dp = (char *)d; -+ l2c(v0, dp); -+ l2c(v1, dp); -+ while (l--) { -+ if (n == 0) { -+ /* ti[0]=v0; */ -+ /* ti[1]=v1; */ -+ DES_encrypt3(ti, k1, k2, k3); -+ v0 = ti[0]; -+ v1 = ti[1]; -+ -+ dp = (char *)d; -+ l2c(v0, dp); -+ l2c(v1, dp); -+ save++; -+ } -+ *(out++) = *(in++) ^ d[n]; -+ n = (n + 1) & 0x07; -+ } -+ if (save) { -+/*- v0=ti[0]; -+ v1=ti[1];*/ -+ iv = &(*ivec)[0]; -+ l2c(v0, iv); -+ l2c(v1, iv); -+ } -+ v0 = v1 = ti[0] = ti[1] = 0; -+ *num = n; -+} -+ -+#ifdef undef /* MACRO */ -+void DES_ede2_ofb64_encrypt(register unsigned char *in, -+ register unsigned char *out, long length, -+ DES_key_schedule k1, DES_key_schedule k2, -+ DES_cblock (*ivec), int *num) -+{ -+ DES_ede3_ofb64_encrypt(in, out, length, k1, k2, k1, ivec, num); -+} -+#endif -diff --git a/Cryptlib/OpenSSL/crypto/des/ofb64enc.c b/Cryptlib/OpenSSL/crypto/des/ofb64enc.c -new file mode 100644 -index 0000000..8e72dec ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/des/ofb64enc.c -@@ -0,0 +1,109 @@ -+/* crypto/des/ofb64enc.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#include "des_locl.h" -+ -+/* -+ * The input and output encrypted as though 64bit ofb mode is being used. -+ * The extra state information to record how much of the 64bit block we have -+ * used is contained in *num; -+ */ -+void DES_ofb64_encrypt(register const unsigned char *in, -+ register unsigned char *out, long length, -+ DES_key_schedule *schedule, DES_cblock *ivec, int *num) -+{ -+ register DES_LONG v0, v1, t; -+ register int n = *num; -+ register long l = length; -+ DES_cblock d; -+ register unsigned char *dp; -+ DES_LONG ti[2]; -+ unsigned char *iv; -+ int save = 0; -+ -+ iv = &(*ivec)[0]; -+ c2l(iv, v0); -+ c2l(iv, v1); -+ ti[0] = v0; -+ ti[1] = v1; -+ dp = d; -+ l2c(v0, dp); -+ l2c(v1, dp); -+ while (l--) { -+ if (n == 0) { -+ DES_encrypt1(ti, schedule, DES_ENCRYPT); -+ dp = d; -+ t = ti[0]; -+ l2c(t, dp); -+ t = ti[1]; -+ l2c(t, dp); -+ save++; -+ } -+ *(out++) = *(in++) ^ d[n]; -+ n = (n + 1) & 0x07; -+ } -+ if (save) { -+ v0 = ti[0]; -+ v1 = ti[1]; -+ iv = &(*ivec)[0]; -+ l2c(v0, iv); -+ l2c(v1, iv); -+ } -+ t = v0 = v1 = ti[0] = ti[1] = 0; -+ *num = n; -+} -diff --git a/Cryptlib/OpenSSL/crypto/des/ofb_enc.c b/Cryptlib/OpenSSL/crypto/des/ofb_enc.c -new file mode 100644 -index 0000000..02a7877 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/des/ofb_enc.c -@@ -0,0 +1,131 @@ -+/* crypto/des/ofb_enc.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#include "des_locl.h" -+ -+/* -+ * The input and output are loaded in multiples of 8 bits. What this means is -+ * that if you hame numbits=12 and length=2 the first 12 bits will be -+ * retrieved from the first byte and half the second. The second 12 bits -+ * will come from the 3rd and half the 4th byte. -+ */ -+void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits, -+ long length, DES_key_schedule *schedule, -+ DES_cblock *ivec) -+{ -+ register DES_LONG d0, d1, vv0, vv1, v0, v1, n = (numbits + 7) / 8; -+ register DES_LONG mask0, mask1; -+ register long l = length; -+ register int num = numbits; -+ DES_LONG ti[2]; -+ unsigned char *iv; -+ -+ if (num > 64) -+ return; -+ if (num > 32) { -+ mask0 = 0xffffffffL; -+ if (num >= 64) -+ mask1 = mask0; -+ else -+ mask1 = (1L << (num - 32)) - 1; -+ } else { -+ if (num == 32) -+ mask0 = 0xffffffffL; -+ else -+ mask0 = (1L << num) - 1; -+ mask1 = 0x00000000L; -+ } -+ -+ iv = &(*ivec)[0]; -+ c2l(iv, v0); -+ c2l(iv, v1); -+ ti[0] = v0; -+ ti[1] = v1; -+ while (l-- > 0) { -+ ti[0] = v0; -+ ti[1] = v1; -+ DES_encrypt1((DES_LONG *)ti, schedule, DES_ENCRYPT); -+ vv0 = ti[0]; -+ vv1 = ti[1]; -+ c2ln(in, d0, d1, n); -+ in += n; -+ d0 = (d0 ^ vv0) & mask0; -+ d1 = (d1 ^ vv1) & mask1; -+ l2cn(d0, d1, out, n); -+ out += n; -+ -+ if (num == 32) { -+ v0 = v1; -+ v1 = vv0; -+ } else if (num == 64) { -+ v0 = vv0; -+ v1 = vv1; -+ } else if (num > 32) { /* && num != 64 */ -+ v0 = ((v1 >> (num - 32)) | (vv0 << (64 - num))) & 0xffffffffL; -+ v1 = ((vv0 >> (num - 32)) | (vv1 << (64 - num))) & 0xffffffffL; -+ } else { /* num < 32 */ -+ -+ v0 = ((v0 >> num) | (v1 << (32 - num))) & 0xffffffffL; -+ v1 = ((v1 >> num) | (vv0 << (32 - num))) & 0xffffffffL; -+ } -+ } -+ iv = &(*ivec)[0]; -+ l2c(v0, iv); -+ l2c(v1, iv); -+ v0 = v1 = d0 = d1 = ti[0] = ti[1] = vv0 = vv1 = 0; -+} -diff --git a/Cryptlib/OpenSSL/crypto/des/pcbc_enc.c b/Cryptlib/OpenSSL/crypto/des/pcbc_enc.c -new file mode 100644 -index 0000000..144d5ed ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/des/pcbc_enc.c -@@ -0,0 +1,115 @@ -+/* crypto/des/pcbc_enc.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#include "des_locl.h" -+ -+void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output, -+ long length, DES_key_schedule *schedule, -+ DES_cblock *ivec, int enc) -+{ -+ register DES_LONG sin0, sin1, xor0, xor1, tout0, tout1; -+ DES_LONG tin[2]; -+ const unsigned char *in; -+ unsigned char *out, *iv; -+ -+ in = input; -+ out = output; -+ iv = &(*ivec)[0]; -+ -+ if (enc) { -+ c2l(iv, xor0); -+ c2l(iv, xor1); -+ for (; length > 0; length -= 8) { -+ if (length >= 8) { -+ c2l(in, sin0); -+ c2l(in, sin1); -+ } else -+ c2ln(in, sin0, sin1, length); -+ tin[0] = sin0 ^ xor0; -+ tin[1] = sin1 ^ xor1; -+ DES_encrypt1((DES_LONG *)tin, schedule, DES_ENCRYPT); -+ tout0 = tin[0]; -+ tout1 = tin[1]; -+ xor0 = sin0 ^ tout0; -+ xor1 = sin1 ^ tout1; -+ l2c(tout0, out); -+ l2c(tout1, out); -+ } -+ } else { -+ c2l(iv, xor0); -+ c2l(iv, xor1); -+ for (; length > 0; length -= 8) { -+ c2l(in, sin0); -+ c2l(in, sin1); -+ tin[0] = sin0; -+ tin[1] = sin1; -+ DES_encrypt1((DES_LONG *)tin, schedule, DES_DECRYPT); -+ tout0 = tin[0] ^ xor0; -+ tout1 = tin[1] ^ xor1; -+ if (length >= 8) { -+ l2c(tout0, out); -+ l2c(tout1, out); -+ } else -+ l2cn(tout0, tout1, out, length); -+ xor0 = tout0 ^ sin0; -+ xor1 = tout1 ^ sin1; -+ } -+ } -+ tin[0] = tin[1] = 0; -+ sin0 = sin1 = xor0 = xor1 = tout0 = tout1 = 0; -+} -diff --git a/Cryptlib/OpenSSL/crypto/des/qud_cksm.c b/Cryptlib/OpenSSL/crypto/des/qud_cksm.c -new file mode 100644 -index 0000000..2a168a5 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/des/qud_cksm.c -@@ -0,0 +1,143 @@ -+/* crypto/des/qud_cksm.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+/* -+ * From "Message Authentication" R.R. Jueneman, S.M. Matyas, C.H. Meyer IEEE -+ * Communications Magazine Sept 1985 Vol. 23 No. 9 p 29-40 This module in -+ * only based on the code in this paper and is almost definitely not the same -+ * as the MIT implementation. -+ */ -+#include "des_locl.h" -+ -+/* bug fix for dos - 7/6/91 - Larry hughes@logos.ucs.indiana.edu */ -+#define Q_B0(a) (((DES_LONG)(a))) -+#define Q_B1(a) (((DES_LONG)(a))<<8) -+#define Q_B2(a) (((DES_LONG)(a))<<16) -+#define Q_B3(a) (((DES_LONG)(a))<<24) -+ -+/* used to scramble things a bit */ -+/* Got the value MIT uses via brute force :-) 2/10/90 eay */ -+#define NOISE ((DES_LONG)83653421L) -+ -+DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[], -+ long length, int out_count, DES_cblock *seed) -+{ -+ DES_LONG z0, z1, t0, t1; -+ int i; -+ long l; -+ const unsigned char *cp; -+#ifdef _CRAY -+ struct lp_st { -+ int a:32; -+ int b:32; -+ } *lp; -+#else -+ DES_LONG *lp; -+#endif -+ -+ if (out_count < 1) -+ out_count = 1; -+#ifdef _CRAY -+ lp = (struct lp_st *)&(output[0])[0]; -+#else -+ lp = (DES_LONG *)&(output[0])[0]; -+#endif -+ -+ z0 = Q_B0((*seed)[0]) | Q_B1((*seed)[1]) | Q_B2((*seed)[2]) | -+ Q_B3((*seed)[3]); -+ z1 = Q_B0((*seed)[4]) | Q_B1((*seed)[5]) | Q_B2((*seed)[6]) | -+ Q_B3((*seed)[7]); -+ -+ for (i = 0; ((i < 4) && (i < out_count)); i++) { -+ cp = input; -+ l = length; -+ while (l > 0) { -+ if (l > 1) { -+ t0 = (DES_LONG)(*(cp++)); -+ t0 |= (DES_LONG)Q_B1(*(cp++)); -+ l--; -+ } else -+ t0 = (DES_LONG)(*(cp++)); -+ l--; -+ /* add */ -+ t0 += z0; -+ t0 &= 0xffffffffL; -+ t1 = z1; -+ /* square, well sort of square */ -+ z0 = ((((t0 * t0) & 0xffffffffL) + ((t1 * t1) & 0xffffffffL)) -+ & 0xffffffffL) % 0x7fffffffL; -+ z1 = ((t0 * ((t1 + NOISE) & 0xffffffffL)) & 0xffffffffL) % -+ 0x7fffffffL; -+ } -+ if (lp != NULL) { -+ /* -+ * The MIT library assumes that the checksum is composed of -+ * 2*out_count 32 bit ints -+ */ -+#ifdef _CRAY -+ (*lp).a = z0; -+ (*lp).b = z1; -+ lp++; -+#else -+ *lp++ = z0; -+ *lp++ = z1; -+#endif -+ } -+ } -+ return (z0); -+} -diff --git a/Cryptlib/OpenSSL/crypto/des/rand_key.c b/Cryptlib/OpenSSL/crypto/des/rand_key.c -new file mode 100644 -index 0000000..b75cc5f ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/des/rand_key.c -@@ -0,0 +1,67 @@ -+/* crypto/des/rand_key.c */ -+/* ==================================================================== -+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+#include -+#include -+ -+int DES_random_key(DES_cblock *ret) -+{ -+ do { -+ if (RAND_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1) -+ return (0); -+ } while (DES_is_weak_key(ret)); -+ DES_set_odd_parity(ret); -+ return (1); -+} -diff --git a/Cryptlib/OpenSSL/crypto/des/read2pwd.c b/Cryptlib/OpenSSL/crypto/des/read2pwd.c -new file mode 100644 -index 0000000..7633139 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/des/read2pwd.c -@@ -0,0 +1,144 @@ -+/* crypto/des/read2pwd.c */ -+/* ==================================================================== -+ * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#include -+#include -+#include -+#include -+ -+#ifndef BUFSIZ -+#define BUFSIZ 256 -+#endif -+ -+int DES_read_password(DES_cblock *key, const char *prompt, int verify) -+{ -+ int ok; -+ char buf[BUFSIZ], buff[BUFSIZ]; -+ -+ if ((ok = UI_UTIL_read_pw(buf, buff, BUFSIZ, prompt, verify)) == 0) -+ DES_string_to_key(buf, key); -+ OPENSSL_cleanse(buf, BUFSIZ); -+ OPENSSL_cleanse(buff, BUFSIZ); -+ return (ok); -+} -+ -+int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, -+ const char *prompt, int verify) -+{ -+ int ok; -+ char buf[BUFSIZ], buff[BUFSIZ]; -+ -+ if ((ok = UI_UTIL_read_pw(buf, buff, BUFSIZ, prompt, verify)) == 0) -+ DES_string_to_2keys(buf, key1, key2); -+ OPENSSL_cleanse(buf, BUFSIZ); -+ OPENSSL_cleanse(buff, BUFSIZ); -+ return (ok); -+} -diff --git a/Cryptlib/OpenSSL/crypto/des/rpc_des.h b/Cryptlib/OpenSSL/crypto/des/rpc_des.h -new file mode 100644 -index 0000000..4db9062 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/des/rpc_des.h -@@ -0,0 +1,130 @@ -+/* crypto/des/rpc_des.h */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+/* @(#)des.h 2.2 88/08/10 4.0 RPCSRC; from 2.7 88/02/08 SMI */ -+/*- -+ * Sun RPC is a product of Sun Microsystems, Inc. and is provided for -+ * unrestricted use provided that this legend is included on all tape -+ * media and as a part of the software program in whole or part. Users -+ * may copy or modify Sun RPC without charge, but are not authorized -+ * to license or distribute it to anyone else except as part of a product or -+ * program developed by the user. -+ * -+ * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE -+ * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. -+ * -+ * Sun RPC is provided with no support and without any obligation on the -+ * part of Sun Microsystems, Inc. to assist in its use, correction, -+ * modification or enhancement. -+ * -+ * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE -+ * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC -+ * OR ANY PART THEREOF. -+ * -+ * In no event will Sun Microsystems, Inc. be liable for any lost revenue -+ * or profits or other special, indirect and consequential damages, even if -+ * Sun has been advised of the possibility of such damages. -+ * -+ * Sun Microsystems, Inc. -+ * 2550 Garcia Avenue -+ * Mountain View, California 94043 -+ */ -+/* -+ * Generic DES driver interface -+ * Keep this file hardware independent! -+ * Copyright (c) 1986 by Sun Microsystems, Inc. -+ */ -+ -+#define DES_MAXLEN 65536 /* maximum # of bytes to encrypt */ -+#define DES_QUICKLEN 16 /* maximum # of bytes to encrypt quickly */ -+ -+#ifdef HEADER_DES_H -+# undef ENCRYPT -+# undef DECRYPT -+#endif -+ -+enum desdir { ENCRYPT, DECRYPT }; -+enum desmode { CBC, ECB }; -+ -+/* -+ * parameters to ioctl call -+ */ -+struct desparams { -+ unsigned char des_key[8]; /* key (with low bit parity) */ -+ enum desdir des_dir; /* direction */ -+ enum desmode des_mode; /* mode */ -+ unsigned char des_ivec[8]; /* input vector */ -+ unsigned des_len; /* number of bytes to crypt */ -+ union { -+ unsigned char UDES_data[DES_QUICKLEN]; -+ unsigned char *UDES_buf; -+ } UDES; -+#define des_data UDES.UDES_data /* direct data here if quick */ -+#define des_buf UDES.UDES_buf /* otherwise, pointer to data */ -+}; -+ -+/* -+ * Encrypt an arbitrary sized buffer -+ */ -+#define DESIOCBLOCK _IOWR('d', 6, struct desparams) -+ -+/* -+ * Encrypt of small amount of data, quickly -+ */ -+#define DESIOCQUICK _IOWR('d', 7, struct desparams) -diff --git a/Cryptlib/OpenSSL/crypto/des/rpc_enc.c b/Cryptlib/OpenSSL/crypto/des/rpc_enc.c -new file mode 100644 -index 0000000..f5a84c5 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/des/rpc_enc.c -@@ -0,0 +1,100 @@ -+/* crypto/des/rpc_enc.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#include "rpc_des.h" -+#include "des_locl.h" -+#include "des_ver.h" -+ -+int _des_crypt(char *buf, int len, struct desparams *desp); -+int _des_crypt(char *buf, int len, struct desparams *desp) -+{ -+ DES_key_schedule ks; -+ int enc; -+ -+ DES_set_key_unchecked(&desp->des_key, &ks); -+ enc = (desp->des_dir == ENCRYPT) ? DES_ENCRYPT : DES_DECRYPT; -+ -+ if (desp->des_mode == CBC) -+ DES_ecb_encrypt((const_DES_cblock *)desp->UDES.UDES_buf, -+ (DES_cblock *)desp->UDES.UDES_buf, &ks, enc); -+ else { -+ DES_ncbc_encrypt(desp->UDES.UDES_buf, desp->UDES.UDES_buf, -+ len, &ks, &desp->des_ivec, enc); -+#ifdef undef -+ /* -+ * len will always be %8 if called from common_crypt in secure_rpc. -+ * Libdes's cbc encrypt does not copy back the iv, so we have to do -+ * it here. -+ */ -+ /* It does now :-) eay 20/09/95 */ -+ -+ a = (char *)&(desp->UDES.UDES_buf[len - 8]); -+ b = (char *)&(desp->des_ivec[0]); -+ -+ *(a++) = *(b++); -+ *(a++) = *(b++); -+ *(a++) = *(b++); -+ *(a++) = *(b++); -+ *(a++) = *(b++); -+ *(a++) = *(b++); -+ *(a++) = *(b++); -+ *(a++) = *(b++); -+#endif -+ } -+ return (1); -+} -diff --git a/Cryptlib/OpenSSL/crypto/des/set_key.c b/Cryptlib/OpenSSL/crypto/des/set_key.c -new file mode 100644 -index 0000000..8fd8fe1 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/des/set_key.c -@@ -0,0 +1,447 @@ -+/* crypto/des/set_key.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+/*- -+ * set_key.c v 1.4 eay 24/9/91 -+ * 1.4 Speed up by 400% :-) -+ * 1.3 added register declarations. -+ * 1.2 unrolled make_key_sched a bit more -+ * 1.1 added norm_expand_bits -+ * 1.0 First working version -+ */ -+#include -+#include "des_locl.h" -+ -+OPENSSL_IMPLEMENT_GLOBAL(int, DES_check_key, 0) -+ /* -+ * defaults to false -+ */ -+static const unsigned char odd_parity[256] = { -+ 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14, -+ 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31, -+ 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47, -+ 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62, -+ 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79, -+ 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94, -+ 97, 97, 98, 98, 100, 100, 103, 103, 104, 104, 107, 107, 109, 109, 110, -+ 110, -+ 112, 112, 115, 115, 117, 117, 118, 118, 121, 121, 122, 122, 124, 124, 127, -+ 127, -+ 128, 128, 131, 131, 133, 133, 134, 134, 137, 137, 138, 138, 140, 140, 143, -+ 143, -+ 145, 145, 146, 146, 148, 148, 151, 151, 152, 152, 155, 155, 157, 157, 158, -+ 158, -+ 161, 161, 162, 162, 164, 164, 167, 167, 168, 168, 171, 171, 173, 173, 174, -+ 174, -+ 176, 176, 179, 179, 181, 181, 182, 182, 185, 185, 186, 186, 188, 188, 191, -+ 191, -+ 193, 193, 194, 194, 196, 196, 199, 199, 200, 200, 203, 203, 205, 205, 206, -+ 206, -+ 208, 208, 211, 211, 213, 213, 214, 214, 217, 217, 218, 218, 220, 220, 223, -+ 223, -+ 224, 224, 227, 227, 229, 229, 230, 230, 233, 233, 234, 234, 236, 236, 239, -+ 239, -+ 241, 241, 242, 242, 244, 244, 247, 247, 248, 248, 251, 251, 253, 253, 254, -+ 254 -+}; -+ -+void DES_set_odd_parity(DES_cblock *key) -+{ -+ unsigned int i; -+ -+ for (i = 0; i < DES_KEY_SZ; i++) -+ (*key)[i] = odd_parity[(*key)[i]]; -+} -+ -+int DES_check_key_parity(const_DES_cblock *key) -+{ -+ unsigned int i; -+ -+ for (i = 0; i < DES_KEY_SZ; i++) { -+ if ((*key)[i] != odd_parity[(*key)[i]]) -+ return (0); -+ } -+ return (1); -+} -+ -+/*- -+ * Weak and semi week keys as take from -+ * %A D.W. Davies -+ * %A W.L. Price -+ * %T Security for Computer Networks -+ * %I John Wiley & Sons -+ * %D 1984 -+ * Many thanks to smb@ulysses.att.com (Steven Bellovin) for the reference -+ * (and actual cblock values). -+ */ -+#define NUM_WEAK_KEY 16 -+static const DES_cblock weak_keys[NUM_WEAK_KEY] = { -+ /* weak keys */ -+ {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01}, -+ {0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE}, -+ {0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E}, -+ {0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1}, -+ /* semi-weak keys */ -+ {0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE}, -+ {0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01}, -+ {0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1}, -+ {0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E}, -+ {0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1}, -+ {0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01}, -+ {0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE}, -+ {0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E}, -+ {0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E}, -+ {0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01}, -+ {0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE}, -+ {0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1} -+}; -+ -+int DES_is_weak_key(const_DES_cblock *key) -+{ -+ int i; -+ -+ for (i = 0; i < NUM_WEAK_KEY; i++) -+ /* -+ * Added == 0 to comparison, I obviously don't run this section very -+ * often :-(, thanks to engineering@MorningStar.Com for the fix eay -+ * 93/06/29 Another problem, I was comparing only the first 4 bytes, -+ * 97/03/18 -+ */ -+ if (memcmp(weak_keys[i], key, sizeof(DES_cblock)) == 0) -+ return (1); -+ return (0); -+} -+ -+/*- -+ * NOW DEFINED IN des_local.h -+ * See ecb_encrypt.c for a pseudo description of these macros. -+ * #define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\ -+ * (b)^=(t),\ -+ * (a)=((a)^((t)<<(n)))) -+ */ -+ -+#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\ -+ (a)=(a)^(t)^(t>>(16-(n)))) -+ -+static const DES_LONG des_skb[8][64] = { -+ { -+ /* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */ -+ 0x00000000L, 0x00000010L, 0x20000000L, 0x20000010L, -+ 0x00010000L, 0x00010010L, 0x20010000L, 0x20010010L, -+ 0x00000800L, 0x00000810L, 0x20000800L, 0x20000810L, -+ 0x00010800L, 0x00010810L, 0x20010800L, 0x20010810L, -+ 0x00000020L, 0x00000030L, 0x20000020L, 0x20000030L, -+ 0x00010020L, 0x00010030L, 0x20010020L, 0x20010030L, -+ 0x00000820L, 0x00000830L, 0x20000820L, 0x20000830L, -+ 0x00010820L, 0x00010830L, 0x20010820L, 0x20010830L, -+ 0x00080000L, 0x00080010L, 0x20080000L, 0x20080010L, -+ 0x00090000L, 0x00090010L, 0x20090000L, 0x20090010L, -+ 0x00080800L, 0x00080810L, 0x20080800L, 0x20080810L, -+ 0x00090800L, 0x00090810L, 0x20090800L, 0x20090810L, -+ 0x00080020L, 0x00080030L, 0x20080020L, 0x20080030L, -+ 0x00090020L, 0x00090030L, 0x20090020L, 0x20090030L, -+ 0x00080820L, 0x00080830L, 0x20080820L, 0x20080830L, -+ 0x00090820L, 0x00090830L, 0x20090820L, 0x20090830L, -+ }, -+ { -+ /* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */ -+ 0x00000000L, 0x02000000L, 0x00002000L, 0x02002000L, -+ 0x00200000L, 0x02200000L, 0x00202000L, 0x02202000L, -+ 0x00000004L, 0x02000004L, 0x00002004L, 0x02002004L, -+ 0x00200004L, 0x02200004L, 0x00202004L, 0x02202004L, -+ 0x00000400L, 0x02000400L, 0x00002400L, 0x02002400L, -+ 0x00200400L, 0x02200400L, 0x00202400L, 0x02202400L, -+ 0x00000404L, 0x02000404L, 0x00002404L, 0x02002404L, -+ 0x00200404L, 0x02200404L, 0x00202404L, 0x02202404L, -+ 0x10000000L, 0x12000000L, 0x10002000L, 0x12002000L, -+ 0x10200000L, 0x12200000L, 0x10202000L, 0x12202000L, -+ 0x10000004L, 0x12000004L, 0x10002004L, 0x12002004L, -+ 0x10200004L, 0x12200004L, 0x10202004L, 0x12202004L, -+ 0x10000400L, 0x12000400L, 0x10002400L, 0x12002400L, -+ 0x10200400L, 0x12200400L, 0x10202400L, 0x12202400L, -+ 0x10000404L, 0x12000404L, 0x10002404L, 0x12002404L, -+ 0x10200404L, 0x12200404L, 0x10202404L, 0x12202404L, -+ }, -+ { -+ /* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */ -+ 0x00000000L, 0x00000001L, 0x00040000L, 0x00040001L, -+ 0x01000000L, 0x01000001L, 0x01040000L, 0x01040001L, -+ 0x00000002L, 0x00000003L, 0x00040002L, 0x00040003L, -+ 0x01000002L, 0x01000003L, 0x01040002L, 0x01040003L, -+ 0x00000200L, 0x00000201L, 0x00040200L, 0x00040201L, -+ 0x01000200L, 0x01000201L, 0x01040200L, 0x01040201L, -+ 0x00000202L, 0x00000203L, 0x00040202L, 0x00040203L, -+ 0x01000202L, 0x01000203L, 0x01040202L, 0x01040203L, -+ 0x08000000L, 0x08000001L, 0x08040000L, 0x08040001L, -+ 0x09000000L, 0x09000001L, 0x09040000L, 0x09040001L, -+ 0x08000002L, 0x08000003L, 0x08040002L, 0x08040003L, -+ 0x09000002L, 0x09000003L, 0x09040002L, 0x09040003L, -+ 0x08000200L, 0x08000201L, 0x08040200L, 0x08040201L, -+ 0x09000200L, 0x09000201L, 0x09040200L, 0x09040201L, -+ 0x08000202L, 0x08000203L, 0x08040202L, 0x08040203L, -+ 0x09000202L, 0x09000203L, 0x09040202L, 0x09040203L, -+ }, -+ { -+ /* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */ -+ 0x00000000L, 0x00100000L, 0x00000100L, 0x00100100L, -+ 0x00000008L, 0x00100008L, 0x00000108L, 0x00100108L, -+ 0x00001000L, 0x00101000L, 0x00001100L, 0x00101100L, -+ 0x00001008L, 0x00101008L, 0x00001108L, 0x00101108L, -+ 0x04000000L, 0x04100000L, 0x04000100L, 0x04100100L, -+ 0x04000008L, 0x04100008L, 0x04000108L, 0x04100108L, -+ 0x04001000L, 0x04101000L, 0x04001100L, 0x04101100L, -+ 0x04001008L, 0x04101008L, 0x04001108L, 0x04101108L, -+ 0x00020000L, 0x00120000L, 0x00020100L, 0x00120100L, -+ 0x00020008L, 0x00120008L, 0x00020108L, 0x00120108L, -+ 0x00021000L, 0x00121000L, 0x00021100L, 0x00121100L, -+ 0x00021008L, 0x00121008L, 0x00021108L, 0x00121108L, -+ 0x04020000L, 0x04120000L, 0x04020100L, 0x04120100L, -+ 0x04020008L, 0x04120008L, 0x04020108L, 0x04120108L, -+ 0x04021000L, 0x04121000L, 0x04021100L, 0x04121100L, -+ 0x04021008L, 0x04121008L, 0x04021108L, 0x04121108L, -+ }, -+ { -+ /* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */ -+ 0x00000000L, 0x10000000L, 0x00010000L, 0x10010000L, -+ 0x00000004L, 0x10000004L, 0x00010004L, 0x10010004L, -+ 0x20000000L, 0x30000000L, 0x20010000L, 0x30010000L, -+ 0x20000004L, 0x30000004L, 0x20010004L, 0x30010004L, -+ 0x00100000L, 0x10100000L, 0x00110000L, 0x10110000L, -+ 0x00100004L, 0x10100004L, 0x00110004L, 0x10110004L, -+ 0x20100000L, 0x30100000L, 0x20110000L, 0x30110000L, -+ 0x20100004L, 0x30100004L, 0x20110004L, 0x30110004L, -+ 0x00001000L, 0x10001000L, 0x00011000L, 0x10011000L, -+ 0x00001004L, 0x10001004L, 0x00011004L, 0x10011004L, -+ 0x20001000L, 0x30001000L, 0x20011000L, 0x30011000L, -+ 0x20001004L, 0x30001004L, 0x20011004L, 0x30011004L, -+ 0x00101000L, 0x10101000L, 0x00111000L, 0x10111000L, -+ 0x00101004L, 0x10101004L, 0x00111004L, 0x10111004L, -+ 0x20101000L, 0x30101000L, 0x20111000L, 0x30111000L, -+ 0x20101004L, 0x30101004L, 0x20111004L, 0x30111004L, -+ }, -+ { -+ /* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */ -+ 0x00000000L, 0x08000000L, 0x00000008L, 0x08000008L, -+ 0x00000400L, 0x08000400L, 0x00000408L, 0x08000408L, -+ 0x00020000L, 0x08020000L, 0x00020008L, 0x08020008L, -+ 0x00020400L, 0x08020400L, 0x00020408L, 0x08020408L, -+ 0x00000001L, 0x08000001L, 0x00000009L, 0x08000009L, -+ 0x00000401L, 0x08000401L, 0x00000409L, 0x08000409L, -+ 0x00020001L, 0x08020001L, 0x00020009L, 0x08020009L, -+ 0x00020401L, 0x08020401L, 0x00020409L, 0x08020409L, -+ 0x02000000L, 0x0A000000L, 0x02000008L, 0x0A000008L, -+ 0x02000400L, 0x0A000400L, 0x02000408L, 0x0A000408L, -+ 0x02020000L, 0x0A020000L, 0x02020008L, 0x0A020008L, -+ 0x02020400L, 0x0A020400L, 0x02020408L, 0x0A020408L, -+ 0x02000001L, 0x0A000001L, 0x02000009L, 0x0A000009L, -+ 0x02000401L, 0x0A000401L, 0x02000409L, 0x0A000409L, -+ 0x02020001L, 0x0A020001L, 0x02020009L, 0x0A020009L, -+ 0x02020401L, 0x0A020401L, 0x02020409L, 0x0A020409L, -+ }, -+ { -+ /* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */ -+ 0x00000000L, 0x00000100L, 0x00080000L, 0x00080100L, -+ 0x01000000L, 0x01000100L, 0x01080000L, 0x01080100L, -+ 0x00000010L, 0x00000110L, 0x00080010L, 0x00080110L, -+ 0x01000010L, 0x01000110L, 0x01080010L, 0x01080110L, -+ 0x00200000L, 0x00200100L, 0x00280000L, 0x00280100L, -+ 0x01200000L, 0x01200100L, 0x01280000L, 0x01280100L, -+ 0x00200010L, 0x00200110L, 0x00280010L, 0x00280110L, -+ 0x01200010L, 0x01200110L, 0x01280010L, 0x01280110L, -+ 0x00000200L, 0x00000300L, 0x00080200L, 0x00080300L, -+ 0x01000200L, 0x01000300L, 0x01080200L, 0x01080300L, -+ 0x00000210L, 0x00000310L, 0x00080210L, 0x00080310L, -+ 0x01000210L, 0x01000310L, 0x01080210L, 0x01080310L, -+ 0x00200200L, 0x00200300L, 0x00280200L, 0x00280300L, -+ 0x01200200L, 0x01200300L, 0x01280200L, 0x01280300L, -+ 0x00200210L, 0x00200310L, 0x00280210L, 0x00280310L, -+ 0x01200210L, 0x01200310L, 0x01280210L, 0x01280310L, -+ }, -+ { -+ /* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */ -+ 0x00000000L, 0x04000000L, 0x00040000L, 0x04040000L, -+ 0x00000002L, 0x04000002L, 0x00040002L, 0x04040002L, -+ 0x00002000L, 0x04002000L, 0x00042000L, 0x04042000L, -+ 0x00002002L, 0x04002002L, 0x00042002L, 0x04042002L, -+ 0x00000020L, 0x04000020L, 0x00040020L, 0x04040020L, -+ 0x00000022L, 0x04000022L, 0x00040022L, 0x04040022L, -+ 0x00002020L, 0x04002020L, 0x00042020L, 0x04042020L, -+ 0x00002022L, 0x04002022L, 0x00042022L, 0x04042022L, -+ 0x00000800L, 0x04000800L, 0x00040800L, 0x04040800L, -+ 0x00000802L, 0x04000802L, 0x00040802L, 0x04040802L, -+ 0x00002800L, 0x04002800L, 0x00042800L, 0x04042800L, -+ 0x00002802L, 0x04002802L, 0x00042802L, 0x04042802L, -+ 0x00000820L, 0x04000820L, 0x00040820L, 0x04040820L, -+ 0x00000822L, 0x04000822L, 0x00040822L, 0x04040822L, -+ 0x00002820L, 0x04002820L, 0x00042820L, 0x04042820L, -+ 0x00002822L, 0x04002822L, 0x00042822L, 0x04042822L, -+ } -+}; -+ -+int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule) -+{ -+ if (DES_check_key) { -+ return DES_set_key_checked(key, schedule); -+ } else { -+ DES_set_key_unchecked(key, schedule); -+ return 0; -+ } -+} -+ -+/*- -+ * return 0 if key parity is odd (correct), -+ * return -1 if key parity error, -+ * return -2 if illegal weak key. -+ */ -+int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule) -+{ -+ if (!DES_check_key_parity(key)) -+ return (-1); -+ if (DES_is_weak_key(key)) -+ return (-2); -+ DES_set_key_unchecked(key, schedule); -+ return 0; -+} -+ -+void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule) -+#ifdef OPENSSL_FIPS -+{ -+ fips_cipher_abort(DES); -+ private_DES_set_key_unchecked(key, schedule); -+} -+ -+void private_DES_set_key_unchecked(const_DES_cblock *key, -+ DES_key_schedule *schedule) -+#endif -+{ -+ static const int shifts2[16] = -+ { 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0 }; -+ register DES_LONG c, d, t, s, t2; -+ register const unsigned char *in; -+ register DES_LONG *k; -+ register int i; -+ -+#ifdef OPENBSD_DEV_CRYPTO -+ memcpy(schedule->key, key, sizeof schedule->key); -+ schedule->session = NULL; -+#endif -+ k = &schedule->ks->deslong[0]; -+ in = &(*key)[0]; -+ -+ c2l(in, c); -+ c2l(in, d); -+ -+ /* -+ * do PC1 in 47 simple operations :-) Thanks to John Fletcher -+ * (john_fletcher@lccmail.ocf.llnl.gov) for the inspiration. :-) -+ */ -+ PERM_OP(d, c, t, 4, 0x0f0f0f0fL); -+ HPERM_OP(c, t, -2, 0xcccc0000L); -+ HPERM_OP(d, t, -2, 0xcccc0000L); -+ PERM_OP(d, c, t, 1, 0x55555555L); -+ PERM_OP(c, d, t, 8, 0x00ff00ffL); -+ PERM_OP(d, c, t, 1, 0x55555555L); -+ d = (((d & 0x000000ffL) << 16L) | (d & 0x0000ff00L) | -+ ((d & 0x00ff0000L) >> 16L) | ((c & 0xf0000000L) >> 4L)); -+ c &= 0x0fffffffL; -+ -+ for (i = 0; i < ITERATIONS; i++) { -+ if (shifts2[i]) { -+ c = ((c >> 2L) | (c << 26L)); -+ d = ((d >> 2L) | (d << 26L)); -+ } else { -+ c = ((c >> 1L) | (c << 27L)); -+ d = ((d >> 1L) | (d << 27L)); -+ } -+ c &= 0x0fffffffL; -+ d &= 0x0fffffffL; -+ /* -+ * could be a few less shifts but I am to lazy at this point in time -+ * to investigate -+ */ -+ s = des_skb[0][(c) & 0x3f] | -+ des_skb[1][((c >> 6L) & 0x03) | ((c >> 7L) & 0x3c)] | -+ des_skb[2][((c >> 13L) & 0x0f) | ((c >> 14L) & 0x30)] | -+ des_skb[3][((c >> 20L) & 0x01) | ((c >> 21L) & 0x06) | -+ ((c >> 22L) & 0x38)]; -+ t = des_skb[4][(d) & 0x3f] | -+ des_skb[5][((d >> 7L) & 0x03) | ((d >> 8L) & 0x3c)] | -+ des_skb[6][(d >> 15L) & 0x3f] | -+ des_skb[7][((d >> 21L) & 0x0f) | ((d >> 22L) & 0x30)]; -+ -+ /* table contained 0213 4657 */ -+ t2 = ((t << 16L) | (s & 0x0000ffffL)) & 0xffffffffL; -+ *(k++) = ROTATE(t2, 30) & 0xffffffffL; -+ -+ t2 = ((s >> 16L) | (t & 0xffff0000L)); -+ *(k++) = ROTATE(t2, 26) & 0xffffffffL; -+ } -+} -+ -+int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule) -+{ -+ return (DES_set_key(key, schedule)); -+} -+ -+/*- -+#undef des_fixup_key_parity -+void des_fixup_key_parity(des_cblock *key) -+ { -+ des_set_odd_parity(key); -+ } -+*/ -diff --git a/Cryptlib/OpenSSL/crypto/des/spr.h b/Cryptlib/OpenSSL/crypto/des/spr.h -new file mode 100644 -index 0000000..e85d310 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/des/spr.h -@@ -0,0 +1,212 @@ -+/* crypto/des/spr.h */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+OPENSSL_GLOBAL const DES_LONG DES_SPtrans[8][64] = { -+ { -+ /* nibble 0 */ -+ 0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L, -+ 0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L, -+ 0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L, -+ 0x02000802L, 0x02000000L, 0x00000000L, 0x00080002L, -+ 0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L, -+ 0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L, -+ 0x00000002L, 0x00000800L, 0x00080800L, 0x02080002L, -+ 0x00000800L, 0x02000802L, 0x02080002L, 0x00000000L, -+ 0x00000000L, 0x02080802L, 0x02000800L, 0x00080002L, -+ 0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L, -+ 0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L, -+ 0x00080802L, 0x00000002L, 0x02000002L, 0x02080000L, -+ 0x02080802L, 0x00080800L, 0x02080000L, 0x02000802L, -+ 0x02000000L, 0x00000802L, 0x00080002L, 0x00000000L, -+ 0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L, -+ 0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L, -+ }, -+ { -+ /* nibble 1 */ -+ 0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L, -+ 0x40000010L, 0x00008010L, 0x40008000L, 0x00108000L, -+ 0x00008000L, 0x40100010L, 0x00000010L, 0x40008000L, -+ 0x00100010L, 0x40108000L, 0x40100000L, 0x00000010L, -+ 0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L, -+ 0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L, -+ 0x40008010L, 0x00108010L, 0x40108000L, 0x40000010L, -+ 0x40000000L, 0x00100000L, 0x00008010L, 0x40108010L, -+ 0x00100010L, 0x40108000L, 0x40008000L, 0x00108010L, -+ 0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L, -+ 0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L, -+ 0x00008000L, 0x40000000L, 0x00108010L, 0x40008010L, -+ 0x40108000L, 0x00008000L, 0x00000000L, 0x40000010L, -+ 0x00000010L, 0x40108010L, 0x00108000L, 0x40100000L, -+ 0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L, -+ 0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L, -+ }, -+ { -+ /* nibble 2 */ -+ 0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L, -+ 0x00040001L, 0x04000000L, 0x04000101L, 0x00040100L, -+ 0x04000100L, 0x00040000L, 0x04040000L, 0x00000001L, -+ 0x04040101L, 0x00000101L, 0x00000001L, 0x04040001L, -+ 0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L, -+ 0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L, -+ 0x04040001L, 0x04000100L, 0x00040101L, 0x04040000L, -+ 0x00040100L, 0x00000000L, 0x04000000L, 0x00040101L, -+ 0x04040100L, 0x00000100L, 0x00000001L, 0x00040000L, -+ 0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L, -+ 0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L, -+ 0x00040001L, 0x04000000L, 0x04040101L, 0x00000001L, -+ 0x00040101L, 0x04000001L, 0x04000000L, 0x04040101L, -+ 0x00040000L, 0x04000100L, 0x04000101L, 0x00040100L, -+ 0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L, -+ 0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L, -+ }, -+ { -+ /* nibble 3 */ -+ 0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L, -+ 0x00000000L, 0x10400000L, 0x10001008L, 0x00400008L, -+ 0x10401000L, 0x10000008L, 0x10000000L, 0x00001008L, -+ 0x10000008L, 0x00401008L, 0x00400000L, 0x10000000L, -+ 0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L, -+ 0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L, -+ 0x00001008L, 0x00000000L, 0x00400008L, 0x10401000L, -+ 0x10001000L, 0x10400008L, 0x10401008L, 0x00400000L, -+ 0x10400008L, 0x00001008L, 0x00400000L, 0x10000008L, -+ 0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L, -+ 0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L, -+ 0x00000000L, 0x10400008L, 0x10401000L, 0x00001000L, -+ 0x10000000L, 0x10401008L, 0x00401008L, 0x00400000L, -+ 0x10401008L, 0x00000008L, 0x10001000L, 0x00401008L, -+ 0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L, -+ 0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L, -+ }, -+ { -+ /* nibble 4 */ -+ 0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L, -+ 0x08010020L, 0x08000400L, 0x00010420L, 0x08010000L, -+ 0x00010000L, 0x00000020L, 0x08000020L, 0x00010400L, -+ 0x08000420L, 0x08010020L, 0x08010400L, 0x00000000L, -+ 0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L, -+ 0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L, -+ 0x00000020L, 0x08000420L, 0x08010420L, 0x00010020L, -+ 0x08010000L, 0x00000400L, 0x00000420L, 0x08010400L, -+ 0x08010400L, 0x08000420L, 0x00010020L, 0x08010000L, -+ 0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L, -+ 0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L, -+ 0x00010420L, 0x08000000L, 0x00000400L, 0x00010020L, -+ 0x08000420L, 0x00000400L, 0x00000000L, 0x08010420L, -+ 0x08010020L, 0x08010400L, 0x00000420L, 0x00010000L, -+ 0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L, -+ 0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L, -+ }, -+ { -+ /* nibble 5 */ -+ 0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L, -+ 0x00200040L, 0x00002000L, 0x80002040L, 0x00200000L, -+ 0x00002040L, 0x80202040L, 0x00202000L, 0x80000000L, -+ 0x80002000L, 0x80000040L, 0x80200000L, 0x00202040L, -+ 0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L, -+ 0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L, -+ 0x80202040L, 0x80200000L, 0x80000000L, 0x00002040L, -+ 0x00000040L, 0x00202000L, 0x00202040L, 0x80002000L, -+ 0x00002040L, 0x80000000L, 0x80002000L, 0x00202040L, -+ 0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L, -+ 0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L, -+ 0x00200040L, 0x80202040L, 0x00202000L, 0x00000040L, -+ 0x80202040L, 0x00202000L, 0x00200000L, 0x80002040L, -+ 0x80000040L, 0x80200000L, 0x00202040L, 0x00000000L, -+ 0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L, -+ 0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L, -+ }, -+ { -+ /* nibble 6 */ -+ 0x00004000L, 0x00000200L, 0x01000200L, 0x01000004L, -+ 0x01004204L, 0x00004004L, 0x00004200L, 0x00000000L, -+ 0x01000000L, 0x01000204L, 0x00000204L, 0x01004000L, -+ 0x00000004L, 0x01004200L, 0x01004000L, 0x00000204L, -+ 0x01000204L, 0x00004000L, 0x00004004L, 0x01004204L, -+ 0x00000000L, 0x01000200L, 0x01000004L, 0x00004200L, -+ 0x01004004L, 0x00004204L, 0x01004200L, 0x00000004L, -+ 0x00004204L, 0x01004004L, 0x00000200L, 0x01000000L, -+ 0x00004204L, 0x01004000L, 0x01004004L, 0x00000204L, -+ 0x00004000L, 0x00000200L, 0x01000000L, 0x01004004L, -+ 0x01000204L, 0x00004204L, 0x00004200L, 0x00000000L, -+ 0x00000200L, 0x01000004L, 0x00000004L, 0x01000200L, -+ 0x00000000L, 0x01000204L, 0x01000200L, 0x00004200L, -+ 0x00000204L, 0x00004000L, 0x01004204L, 0x01000000L, -+ 0x01004200L, 0x00000004L, 0x00004004L, 0x01004204L, -+ 0x01000004L, 0x01004200L, 0x01004000L, 0x00004004L, -+ }, -+ { -+ /* nibble 7 */ -+ 0x20800080L, 0x20820000L, 0x00020080L, 0x00000000L, -+ 0x20020000L, 0x00800080L, 0x20800000L, 0x20820080L, -+ 0x00000080L, 0x20000000L, 0x00820000L, 0x00020080L, -+ 0x00820080L, 0x20020080L, 0x20000080L, 0x20800000L, -+ 0x00020000L, 0x00820080L, 0x00800080L, 0x20020000L, -+ 0x20820080L, 0x20000080L, 0x00000000L, 0x00820000L, -+ 0x20000000L, 0x00800000L, 0x20020080L, 0x20800080L, -+ 0x00800000L, 0x00020000L, 0x20820000L, 0x00000080L, -+ 0x00800000L, 0x00020000L, 0x20000080L, 0x20820080L, -+ 0x00020080L, 0x20000000L, 0x00000000L, 0x00820000L, -+ 0x20800080L, 0x20020080L, 0x20020000L, 0x00800080L, -+ 0x20820000L, 0x00000080L, 0x00800080L, 0x20020000L, -+ 0x20820080L, 0x00800000L, 0x20800000L, 0x20000080L, -+ 0x00820000L, 0x00020080L, 0x20020080L, 0x20800000L, -+ 0x00000080L, 0x20820000L, 0x00820080L, 0x00000000L, -+ 0x20000000L, 0x20800080L, 0x00020000L, 0x00820080L, -+ } -+}; -diff --git a/Cryptlib/OpenSSL/crypto/des/str2key.c b/Cryptlib/OpenSSL/crypto/des/str2key.c -new file mode 100644 -index 0000000..38a478c ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/des/str2key.c -@@ -0,0 +1,164 @@ -+/* crypto/des/str2key.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#include -+#include "des_locl.h" -+ -+void DES_string_to_key(const char *str, DES_cblock *key) -+{ -+ DES_key_schedule ks; -+ int i, length; -+ register unsigned char j; -+ -+ memset(key, 0, 8); -+ length = strlen(str); -+#ifdef OLD_STR_TO_KEY -+ for (i = 0; i < length; i++) -+ (*key)[i % 8] ^= (str[i] << 1); -+#else /* MIT COMPATIBLE */ -+ for (i = 0; i < length; i++) { -+ j = str[i]; -+ if ((i % 16) < 8) -+ (*key)[i % 8] ^= (j << 1); -+ else { -+ /* Reverse the bit order 05/05/92 eay */ -+ j = ((j << 4) & 0xf0) | ((j >> 4) & 0x0f); -+ j = ((j << 2) & 0xcc) | ((j >> 2) & 0x33); -+ j = ((j << 1) & 0xaa) | ((j >> 1) & 0x55); -+ (*key)[7 - (i % 8)] ^= j; -+ } -+ } -+#endif -+ DES_set_odd_parity(key); -+#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY -+ if (DES_is_weak_key(key)) -+ (*key)[7] ^= 0xF0; -+ DES_set_key(key, &ks); -+#else -+ DES_set_key_unchecked(key, &ks); -+#endif -+ DES_cbc_cksum((const unsigned char *)str, key, length, &ks, key); -+ OPENSSL_cleanse(&ks, sizeof(ks)); -+ DES_set_odd_parity(key); -+} -+ -+void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2) -+{ -+ DES_key_schedule ks; -+ int i, length; -+ register unsigned char j; -+ -+ memset(key1, 0, 8); -+ memset(key2, 0, 8); -+ length = strlen(str); -+#ifdef OLD_STR_TO_KEY -+ if (length <= 8) { -+ for (i = 0; i < length; i++) { -+ (*key2)[i] = (*key1)[i] = (str[i] << 1); -+ } -+ } else { -+ for (i = 0; i < length; i++) { -+ if ((i / 8) & 1) -+ (*key2)[i % 8] ^= (str[i] << 1); -+ else -+ (*key1)[i % 8] ^= (str[i] << 1); -+ } -+ } -+#else /* MIT COMPATIBLE */ -+ for (i = 0; i < length; i++) { -+ j = str[i]; -+ if ((i % 32) < 16) { -+ if ((i % 16) < 8) -+ (*key1)[i % 8] ^= (j << 1); -+ else -+ (*key2)[i % 8] ^= (j << 1); -+ } else { -+ j = ((j << 4) & 0xf0) | ((j >> 4) & 0x0f); -+ j = ((j << 2) & 0xcc) | ((j >> 2) & 0x33); -+ j = ((j << 1) & 0xaa) | ((j >> 1) & 0x55); -+ if ((i % 16) < 8) -+ (*key1)[7 - (i % 8)] ^= j; -+ else -+ (*key2)[7 - (i % 8)] ^= j; -+ } -+ } -+ if (length <= 8) -+ memcpy(key2, key1, 8); -+#endif -+ DES_set_odd_parity(key1); -+ DES_set_odd_parity(key2); -+#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY -+ if (DES_is_weak_key(key1)) -+ (*key1)[7] ^= 0xF0; -+ DES_set_key(key1, &ks); -+#else -+ DES_set_key_unchecked(key1, &ks); -+#endif -+ DES_cbc_cksum((const unsigned char *)str, key1, length, &ks, key1); -+#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY -+ if (DES_is_weak_key(key2)) -+ (*key2)[7] ^= 0xF0; -+ DES_set_key(key2, &ks); -+#else -+ DES_set_key_unchecked(key2, &ks); -+#endif -+ DES_cbc_cksum((const unsigned char *)str, key2, length, &ks, key2); -+ OPENSSL_cleanse(&ks, sizeof(ks)); -+ DES_set_odd_parity(key1); -+ DES_set_odd_parity(key2); -+} -diff --git a/Cryptlib/OpenSSL/crypto/des/xcbc_enc.c b/Cryptlib/OpenSSL/crypto/des/xcbc_enc.c -new file mode 100644 -index 0000000..6fe021b ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/des/xcbc_enc.c -@@ -0,0 +1,216 @@ -+/* crypto/des/xcbc_enc.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#include "des_locl.h" -+ -+/* RSA's DESX */ -+ -+#if 0 /* broken code, preserved just in case anyone -+ * specifically looks for this */ -+static const unsigned char desx_white_in2out[256] = { -+ 0xBD, 0x56, 0xEA, 0xF2, 0xA2, 0xF1, 0xAC, 0x2A, 0xB0, 0x93, 0xD1, 0x9C, -+ 0x1B, 0x33, 0xFD, 0xD0, -+ 0x30, 0x04, 0xB6, 0xDC, 0x7D, 0xDF, 0x32, 0x4B, 0xF7, 0xCB, 0x45, 0x9B, -+ 0x31, 0xBB, 0x21, 0x5A, -+ 0x41, 0x9F, 0xE1, 0xD9, 0x4A, 0x4D, 0x9E, 0xDA, 0xA0, 0x68, 0x2C, 0xC3, -+ 0x27, 0x5F, 0x80, 0x36, -+ 0x3E, 0xEE, 0xFB, 0x95, 0x1A, 0xFE, 0xCE, 0xA8, 0x34, 0xA9, 0x13, 0xF0, -+ 0xA6, 0x3F, 0xD8, 0x0C, -+ 0x78, 0x24, 0xAF, 0x23, 0x52, 0xC1, 0x67, 0x17, 0xF5, 0x66, 0x90, 0xE7, -+ 0xE8, 0x07, 0xB8, 0x60, -+ 0x48, 0xE6, 0x1E, 0x53, 0xF3, 0x92, 0xA4, 0x72, 0x8C, 0x08, 0x15, 0x6E, -+ 0x86, 0x00, 0x84, 0xFA, -+ 0xF4, 0x7F, 0x8A, 0x42, 0x19, 0xF6, 0xDB, 0xCD, 0x14, 0x8D, 0x50, 0x12, -+ 0xBA, 0x3C, 0x06, 0x4E, -+ 0xEC, 0xB3, 0x35, 0x11, 0xA1, 0x88, 0x8E, 0x2B, 0x94, 0x99, 0xB7, 0x71, -+ 0x74, 0xD3, 0xE4, 0xBF, -+ 0x3A, 0xDE, 0x96, 0x0E, 0xBC, 0x0A, 0xED, 0x77, 0xFC, 0x37, 0x6B, 0x03, -+ 0x79, 0x89, 0x62, 0xC6, -+ 0xD7, 0xC0, 0xD2, 0x7C, 0x6A, 0x8B, 0x22, 0xA3, 0x5B, 0x05, 0x5D, 0x02, -+ 0x75, 0xD5, 0x61, 0xE3, -+ 0x18, 0x8F, 0x55, 0x51, 0xAD, 0x1F, 0x0B, 0x5E, 0x85, 0xE5, 0xC2, 0x57, -+ 0x63, 0xCA, 0x3D, 0x6C, -+ 0xB4, 0xC5, 0xCC, 0x70, 0xB2, 0x91, 0x59, 0x0D, 0x47, 0x20, 0xC8, 0x4F, -+ 0x58, 0xE0, 0x01, 0xE2, -+ 0x16, 0x38, 0xC4, 0x6F, 0x3B, 0x0F, 0x65, 0x46, 0xBE, 0x7E, 0x2D, 0x7B, -+ 0x82, 0xF9, 0x40, 0xB5, -+ 0x1D, 0x73, 0xF8, 0xEB, 0x26, 0xC7, 0x87, 0x97, 0x25, 0x54, 0xB1, 0x28, -+ 0xAA, 0x98, 0x9D, 0xA5, -+ 0x64, 0x6D, 0x7A, 0xD4, 0x10, 0x81, 0x44, 0xEF, 0x49, 0xD6, 0xAE, 0x2E, -+ 0xDD, 0x76, 0x5C, 0x2F, -+ 0xA7, 0x1C, 0xC9, 0x09, 0x69, 0x9A, 0x83, 0xCF, 0x29, 0x39, 0xB9, 0xE9, -+ 0x4C, 0xFF, 0x43, 0xAB, -+}; -+ -+void DES_xwhite_in2out(const_DES_cblock *des_key, const_DES_cblock *in_white, -+ DES_cblock *out_white) -+{ -+ int out0, out1; -+ int i; -+ const unsigned char *key = &(*des_key)[0]; -+ const unsigned char *in = &(*in_white)[0]; -+ unsigned char *out = &(*out_white)[0]; -+ -+ out[0] = out[1] = out[2] = out[3] = out[4] = out[5] = out[6] = out[7] = 0; -+ out0 = out1 = 0; -+ for (i = 0; i < 8; i++) { -+ out[i] = key[i] ^ desx_white_in2out[out0 ^ out1]; -+ out0 = out1; -+ out1 = (int)out[i & 0x07]; -+ } -+ -+ out0 = out[0]; -+ out1 = out[i]; /* BUG: out-of-bounds read */ -+ for (i = 0; i < 8; i++) { -+ out[i] = in[i] ^ desx_white_in2out[out0 ^ out1]; -+ out0 = out1; -+ out1 = (int)out[i & 0x07]; -+ } -+} -+#endif -+ -+void DES_xcbc_encrypt(const unsigned char *in, unsigned char *out, -+ long length, DES_key_schedule *schedule, -+ DES_cblock *ivec, const_DES_cblock *inw, -+ const_DES_cblock *outw, int enc) -+{ -+ register DES_LONG tin0, tin1; -+ register DES_LONG tout0, tout1, xor0, xor1; -+ register DES_LONG inW0, inW1, outW0, outW1; -+ register const unsigned char *in2; -+ register long l = length; -+ DES_LONG tin[2]; -+ unsigned char *iv; -+ -+ in2 = &(*inw)[0]; -+ c2l(in2, inW0); -+ c2l(in2, inW1); -+ in2 = &(*outw)[0]; -+ c2l(in2, outW0); -+ c2l(in2, outW1); -+ -+ iv = &(*ivec)[0]; -+ -+ if (enc) { -+ c2l(iv, tout0); -+ c2l(iv, tout1); -+ for (l -= 8; l >= 0; l -= 8) { -+ c2l(in, tin0); -+ c2l(in, tin1); -+ tin0 ^= tout0 ^ inW0; -+ tin[0] = tin0; -+ tin1 ^= tout1 ^ inW1; -+ tin[1] = tin1; -+ DES_encrypt1(tin, schedule, DES_ENCRYPT); -+ tout0 = tin[0] ^ outW0; -+ l2c(tout0, out); -+ tout1 = tin[1] ^ outW1; -+ l2c(tout1, out); -+ } -+ if (l != -8) { -+ c2ln(in, tin0, tin1, l + 8); -+ tin0 ^= tout0 ^ inW0; -+ tin[0] = tin0; -+ tin1 ^= tout1 ^ inW1; -+ tin[1] = tin1; -+ DES_encrypt1(tin, schedule, DES_ENCRYPT); -+ tout0 = tin[0] ^ outW0; -+ l2c(tout0, out); -+ tout1 = tin[1] ^ outW1; -+ l2c(tout1, out); -+ } -+ iv = &(*ivec)[0]; -+ l2c(tout0, iv); -+ l2c(tout1, iv); -+ } else { -+ c2l(iv, xor0); -+ c2l(iv, xor1); -+ for (l -= 8; l > 0; l -= 8) { -+ c2l(in, tin0); -+ tin[0] = tin0 ^ outW0; -+ c2l(in, tin1); -+ tin[1] = tin1 ^ outW1; -+ DES_encrypt1(tin, schedule, DES_DECRYPT); -+ tout0 = tin[0] ^ xor0 ^ inW0; -+ tout1 = tin[1] ^ xor1 ^ inW1; -+ l2c(tout0, out); -+ l2c(tout1, out); -+ xor0 = tin0; -+ xor1 = tin1; -+ } -+ if (l != -8) { -+ c2l(in, tin0); -+ tin[0] = tin0 ^ outW0; -+ c2l(in, tin1); -+ tin[1] = tin1 ^ outW1; -+ DES_encrypt1(tin, schedule, DES_DECRYPT); -+ tout0 = tin[0] ^ xor0 ^ inW0; -+ tout1 = tin[1] ^ xor1 ^ inW1; -+ l2cn(tout0, tout1, out, l + 8); -+ xor0 = tin0; -+ xor1 = tin1; -+ } -+ -+ iv = &(*ivec)[0]; -+ l2c(xor0, iv); -+ l2c(xor1, iv); -+ } -+ tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; -+ inW0 = inW1 = outW0 = outW1 = 0; -+ tin[0] = tin[1] = 0; -+} -diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_ameth.c b/Cryptlib/OpenSSL/crypto/dh/dh_ameth.c -index cd77867..4558283 100644 ---- a/Cryptlib/OpenSSL/crypto/dh/dh_ameth.c -+++ b/Cryptlib/OpenSSL/crypto/dh/dh_ameth.c -@@ -1,21 +1,73 @@ - /* -- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2006. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include --#include "dh_locl.h" -+#include - #include --#include "internal/asn1_int.h" --#include "internal/evp_int.h" --#include -+#include "asn1_locl.h" -+#ifndef OPENSSL_NO_CMS -+# include -+#endif -+ -+extern const EVP_PKEY_ASN1_METHOD dhx_asn1_meth; - - /* - * i2d/d2i like DH parameter functions which use the appropriate routine for -@@ -47,8 +99,8 @@ static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) - const unsigned char *p, *pm; - int pklen, pmlen; - int ptype; -- const void *pval; -- const ASN1_STRING *pstr; -+ void *pval; -+ ASN1_STRING *pstr; - X509_ALGOR *palg; - ASN1_INTEGER *public_key = NULL; - -@@ -67,18 +119,18 @@ static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) - pm = pstr->data; - pmlen = pstr->length; - -- if ((dh = d2i_dhp(pkey, &pm, pmlen)) == NULL) { -+ if (!(dh = d2i_dhp(pkey, &pm, pmlen))) { - DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR); - goto err; - } - -- if ((public_key = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL) { -+ if (!(public_key = d2i_ASN1_INTEGER(NULL, &p, pklen))) { - DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR); - goto err; - } - - /* We have parameters now set public key */ -- if ((dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)) == NULL) { -+ if (!(dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) { - DHerr(DH_F_DH_PUB_DECODE, DH_R_BN_DECODE_ERROR); - goto err; - } -@@ -88,8 +140,10 @@ static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) - return 1; - - err: -- ASN1_INTEGER_free(public_key); -- DH_free(dh); -+ if (public_key) -+ ASN1_INTEGER_free(public_key); -+ if (dh) -+ DH_free(dh); - return 0; - - } -@@ -106,7 +160,7 @@ static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) - dh = pkey->pkey.dh; - - str = ASN1_STRING_new(); -- if (str == NULL) { -+ if (!str) { - DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); - goto err; - } -@@ -135,26 +189,28 @@ static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) - return 1; - - err: -- OPENSSL_free(penc); -- ASN1_STRING_free(str); -+ if (penc) -+ OPENSSL_free(penc); -+ if (str) -+ ASN1_STRING_free(str); - - return 0; - } - - /* - * PKCS#8 DH is defined in PKCS#11 of all places. It is similar to DH in that -- * the AlgorithmIdentifier contains the parameters, the private key is -- * explicitly included and the pubkey must be recalculated. -+ * the AlgorithmIdentifier contains the paramaters, the private key is -+ * explcitly included and the pubkey must be recalculated. - */ - --static int dh_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) -+static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) - { - const unsigned char *p, *pm; - int pklen, pmlen; - int ptype; -- const void *pval; -- const ASN1_STRING *pstr; -- const X509_ALGOR *palg; -+ void *pval; -+ ASN1_STRING *pstr; -+ X509_ALGOR *palg; - ASN1_INTEGER *privkey = NULL; - - DH *dh = NULL; -@@ -166,18 +222,17 @@ static int dh_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) - - if (ptype != V_ASN1_SEQUENCE) - goto decerr; -- if ((privkey = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL) -+ -+ if (!(privkey = d2i_ASN1_INTEGER(NULL, &p, pklen))) - goto decerr; - - pstr = pval; - pm = pstr->data; - pmlen = pstr->length; -- if ((dh = d2i_dhp(pkey, &pm, pmlen)) == NULL) -+ if (!(dh = d2i_dhp(pkey, &pm, pmlen))) - goto decerr; -- - /* We have parameters now set private key */ -- if ((dh->priv_key = BN_secure_new()) == NULL -- || !ASN1_INTEGER_to_BN(privkey, dh->priv_key)) { -+ if (!(dh->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) { - DHerr(DH_F_DH_PRIV_DECODE, DH_R_BN_ERROR); - goto dherr; - } -@@ -208,7 +263,7 @@ static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) - - params = ASN1_STRING_new(); - -- if (params == NULL) { -+ if (!params) { - DHerr(DH_F_DH_PRIV_ENCODE, ERR_R_MALLOC_FAILURE); - goto err; - } -@@ -240,18 +295,29 @@ static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) - return 1; - - err: -- OPENSSL_free(dp); -- ASN1_STRING_free(params); -- ASN1_STRING_clear_free(prkey); -+ if (dp != NULL) -+ OPENSSL_free(dp); -+ if (params != NULL) -+ ASN1_STRING_free(params); -+ if (prkey != NULL) -+ ASN1_STRING_clear_free(prkey); - return 0; - } - -+static void update_buflen(const BIGNUM *b, size_t *pbuflen) -+{ -+ size_t i; -+ if (!b) -+ return; -+ if (*pbuflen < (i = (size_t)BN_num_bytes(b))) -+ *pbuflen = i; -+} -+ - static int dh_param_decode(EVP_PKEY *pkey, - const unsigned char **pder, int derlen) - { - DH *dh; -- -- if ((dh = d2i_dhp(pkey, pder, derlen)) == NULL) { -+ if (!(dh = d2i_dhp(pkey, pder, derlen))) { - DHerr(DH_F_DH_PARAM_DECODE, ERR_R_DH_LIB); - return 0; - } -@@ -264,10 +330,15 @@ static int dh_param_encode(const EVP_PKEY *pkey, unsigned char **pder) - return i2d_dhp(pkey, pkey->pkey.dh, pder); - } - --static int do_dh_print(BIO *bp, const DH *x, int indent, int ptype) -+static int do_dh_print(BIO *bp, const DH *x, int indent, -+ ASN1_PCTX *ctx, int ptype) - { -- int reason = ERR_R_BUF_LIB; -+ unsigned char *m = NULL; -+ int reason = ERR_R_BUF_LIB, ret = 0; -+ size_t buf_len = 0; -+ - const char *ktype = NULL; -+ - BIGNUM *priv_key, *pub_key; - - if (ptype == 2) -@@ -280,12 +351,20 @@ static int do_dh_print(BIO *bp, const DH *x, int indent, int ptype) - else - pub_key = NULL; - -- if (x->p == NULL || (ptype == 2 && priv_key == NULL) -- || (ptype > 0 && pub_key == NULL)) { -+ update_buflen(x->p, &buf_len); -+ -+ if (buf_len == 0) { - reason = ERR_R_PASSED_NULL_PARAMETER; - goto err; - } - -+ update_buflen(x->g, &buf_len); -+ update_buflen(x->q, &buf_len); -+ update_buflen(x->j, &buf_len); -+ update_buflen(x->counter, &buf_len); -+ update_buflen(pub_key, &buf_len); -+ update_buflen(priv_key, &buf_len); -+ - if (ptype == 2) - ktype = "DH Private-Key"; - else if (ptype == 1) -@@ -293,23 +372,29 @@ static int do_dh_print(BIO *bp, const DH *x, int indent, int ptype) - else - ktype = "DH Parameters"; - -+ m = OPENSSL_malloc(buf_len + 10); -+ if (m == NULL) { -+ reason = ERR_R_MALLOC_FAILURE; -+ goto err; -+ } -+ - BIO_indent(bp, indent, 128); - if (BIO_printf(bp, "%s: (%d bit)\n", ktype, BN_num_bits(x->p)) <= 0) - goto err; - indent += 4; - -- if (!ASN1_bn_print(bp, "private-key:", priv_key, NULL, indent)) -+ if (!ASN1_bn_print(bp, "private-key:", priv_key, m, indent)) - goto err; -- if (!ASN1_bn_print(bp, "public-key:", pub_key, NULL, indent)) -+ if (!ASN1_bn_print(bp, "public-key:", pub_key, m, indent)) - goto err; - -- if (!ASN1_bn_print(bp, "prime:", x->p, NULL, indent)) -+ if (!ASN1_bn_print(bp, "prime:", x->p, m, indent)) - goto err; -- if (!ASN1_bn_print(bp, "generator:", x->g, NULL, indent)) -+ if (!ASN1_bn_print(bp, "generator:", x->g, m, indent)) - goto err; -- if (x->q && !ASN1_bn_print(bp, "subgroup order:", x->q, NULL, indent)) -+ if (x->q && !ASN1_bn_print(bp, "subgroup order:", x->q, m, indent)) - goto err; -- if (x->j && !ASN1_bn_print(bp, "subgroup factor:", x->j, NULL, indent)) -+ if (x->j && !ASN1_bn_print(bp, "subgroup factor:", x->j, m, indent)) - goto err; - if (x->seed) { - int i; -@@ -328,7 +413,7 @@ static int do_dh_print(BIO *bp, const DH *x, int indent, int ptype) - if (BIO_write(bp, "\n", 1) <= 0) - return (0); - } -- if (x->counter && !ASN1_bn_print(bp, "counter:", x->counter, NULL, indent)) -+ if (x->counter && !ASN1_bn_print(bp, "counter:", x->counter, m, indent)) - goto err; - if (x->length != 0) { - BIO_indent(bp, indent, 128); -@@ -337,11 +422,14 @@ static int do_dh_print(BIO *bp, const DH *x, int indent, int ptype) - goto err; - } - -- return 1; -- -+ ret = 1; -+ if (0) { - err: -- DHerr(DH_F_DO_DH_PRINT, reason); -- return 0; -+ DHerr(DH_F_DO_DH_PRINT, reason); -+ } -+ if (m != NULL) -+ OPENSSL_free(m); -+ return (ret); - } - - static int int_dh_size(const EVP_PKEY *pkey) -@@ -354,11 +442,6 @@ static int dh_bits(const EVP_PKEY *pkey) - return BN_num_bits(pkey->pkey.dh->p); - } - --static int dh_security_bits(const EVP_PKEY *pkey) --{ -- return DH_security_bits(pkey->pkey.dh); --} -- - static int dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) - { - if (BN_cmp(a->pkey.dh->p, b->pkey.dh->p) || -@@ -380,7 +463,8 @@ static int int_dh_bn_cpy(BIGNUM **dst, const BIGNUM *src) - return 0; - } else - a = NULL; -- BN_free(*dst); -+ if (*dst) -+ BN_free(*dst); - *dst = a; - return 1; - } -@@ -398,11 +482,13 @@ static int int_dh_param_copy(DH *to, const DH *from, int is_x942) - return 0; - if (!int_dh_bn_cpy(&to->j, from->j)) - return 0; -- OPENSSL_free(to->seed); -- to->seed = NULL; -- to->seedlen = 0; -+ if (to->seed) { -+ OPENSSL_free(to->seed); -+ to->seed = NULL; -+ to->seedlen = 0; -+ } - if (from->seed) { -- to->seed = OPENSSL_memdup(from->seed, from->seedlen); -+ to->seed = BUF_memdup(from->seed, from->seedlen); - if (!to->seed) - return 0; - to->seedlen = from->seedlen; -@@ -416,7 +502,7 @@ DH *DHparams_dup(DH *dh) - { - DH *ret; - ret = DH_new(); -- if (ret == NULL) -+ if (!ret) - return NULL; - if (!int_dh_param_copy(ret, dh, -1)) { - DH_free(ret); -@@ -427,11 +513,6 @@ DH *DHparams_dup(DH *dh) - - static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) - { -- if (to->pkey.dh == NULL) { -- to->pkey.dh = DH_new(); -- if (to->pkey.dh == NULL) -- return 0; -- } - return int_dh_param_copy(to->pkey.dh, from->pkey.dh, - from->ameth == &dhx_asn1_meth); - } -@@ -456,24 +537,24 @@ static int dh_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) - static int dh_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx) - { -- return do_dh_print(bp, pkey->pkey.dh, indent, 0); -+ return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 0); - } - - static int dh_public_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx) - { -- return do_dh_print(bp, pkey->pkey.dh, indent, 1); -+ return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 1); - } - - static int dh_private_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx) - { -- return do_dh_print(bp, pkey->pkey.dh, indent, 2); -+ return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 2); - } - - int DHparams_print(BIO *bp, const DH *x) - { -- return do_dh_print(bp, x, 4, 0); -+ return do_dh_print(bp, x, 4, NULL, 0); - } - - #ifndef OPENSSL_NO_CMS -@@ -522,7 +603,6 @@ const EVP_PKEY_ASN1_METHOD dh_asn1_meth = { - - int_dh_size, - dh_bits, -- dh_security_bits, - - dh_param_decode, - dh_param_encode, -@@ -555,7 +635,6 @@ const EVP_PKEY_ASN1_METHOD dhx_asn1_meth = { - - int_dh_size, - dh_bits, -- dh_security_bits, - - dh_param_decode, - dh_param_encode, -@@ -574,9 +653,9 @@ const EVP_PKEY_ASN1_METHOD dhx_asn1_meth = { - static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx, - X509_ALGOR *alg, ASN1_BIT_STRING *pubkey) - { -- const ASN1_OBJECT *aoid; -+ ASN1_OBJECT *aoid; - int atype; -- const void *aval; -+ void *aval; - ASN1_INTEGER *public_key = NULL; - int rv = 0; - EVP_PKEY *pkpeer = NULL, *pk = NULL; -@@ -600,32 +679,35 @@ static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx, - dhpeer = DHparams_dup(pk->pkey.dh); - /* We have parameters now set public key */ - plen = ASN1_STRING_length(pubkey); -- p = ASN1_STRING_get0_data(pubkey); -+ p = ASN1_STRING_data(pubkey); - if (!p || !plen) - goto err; - -- if ((public_key = d2i_ASN1_INTEGER(NULL, &p, plen)) == NULL) { -+ if (!(public_key = d2i_ASN1_INTEGER(NULL, &p, plen))) { - DHerr(DH_F_DH_CMS_SET_PEERKEY, DH_R_DECODE_ERROR); - goto err; - } - - /* We have parameters now set public key */ -- if ((dhpeer->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)) == NULL) { -+ if (!(dhpeer->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) { - DHerr(DH_F_DH_CMS_SET_PEERKEY, DH_R_BN_DECODE_ERROR); - goto err; - } - - pkpeer = EVP_PKEY_new(); -- if (pkpeer == NULL) -+ if (!pkpeer) - goto err; - EVP_PKEY_assign(pkpeer, pk->ameth->pkey_id, dhpeer); - dhpeer = NULL; - if (EVP_PKEY_derive_set_peer(pctx, pkpeer) > 0) - rv = 1; - err: -- ASN1_INTEGER_free(public_key); -- EVP_PKEY_free(pkpeer); -- DH_free(dhpeer); -+ if (public_key) -+ ASN1_INTEGER_free(public_key); -+ if (pkpeer) -+ EVP_PKEY_free(pkpeer); -+ if (dhpeer) -+ DH_free(dhpeer); - return rv; - } - -@@ -690,7 +772,7 @@ static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri) - - if (ukm) { - dukmlen = ASN1_STRING_length(ukm); -- dukm = OPENSSL_memdup(ASN1_STRING_get0_data(ukm), dukmlen); -+ dukm = BUF_memdup(ASN1_STRING_data(ukm), dukmlen); - if (!dukm) - goto err; - } -@@ -701,8 +783,10 @@ static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri) - - rv = 1; - err: -- X509_ALGOR_free(kekalg); -- OPENSSL_free(dukm); -+ if (kekalg) -+ X509_ALGOR_free(kekalg); -+ if (dukm) -+ OPENSSL_free(dukm); - return rv; - } - -@@ -741,7 +825,7 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri) - EVP_CIPHER_CTX *ctx; - int keylen; - X509_ALGOR *talg, *wrap_alg = NULL; -- const ASN1_OBJECT *aoid; -+ ASN1_OBJECT *aoid; - ASN1_BIT_STRING *pubkey; - ASN1_STRING *wrap_str; - ASN1_OCTET_STRING *ukm; -@@ -762,7 +846,8 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri) - X509_ALGOR_get0(&aoid, NULL, NULL, talg); - /* Is everything uninitialised? */ - if (aoid == OBJ_nid2obj(NID_undef)) { -- ASN1_INTEGER *pubk = BN_to_ASN1_INTEGER(pkey->pkey.dh->pub_key, NULL); -+ ASN1_INTEGER *pubk; -+ pubk = BN_to_ASN1_INTEGER(pkey->pkey.dh->pub_key, NULL); - if (!pubk) - goto err; - /* Set the key */ -@@ -780,7 +865,7 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri) - V_ASN1_UNDEF, NULL); - } - -- /* See if custom parameters set */ -+ /* See if custom paraneters set */ - kdf_type = EVP_PKEY_CTX_get_dh_kdf_type(pctx); - if (kdf_type <= 0) - goto err; -@@ -816,11 +901,11 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri) - /* Package wrap algorithm in an AlgorithmIdentifier */ - - wrap_alg = X509_ALGOR_new(); -- if (wrap_alg == NULL) -+ if (!wrap_alg) - goto err; - wrap_alg->algorithm = OBJ_nid2obj(wrap_nid); - wrap_alg->parameter = ASN1_TYPE_new(); -- if (wrap_alg->parameter == NULL) -+ if (!wrap_alg->parameter) - goto err; - if (EVP_CIPHER_param_to_asn1(ctx, wrap_alg->parameter) <= 0) - goto err; -@@ -834,7 +919,7 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri) - - if (ukm) { - dukmlen = ASN1_STRING_length(ukm); -- dukm = OPENSSL_memdup(ASN1_STRING_get0_data(ukm), dukmlen); -+ dukm = BUF_memdup(ASN1_STRING_data(ukm), dukmlen); - if (!dukm) - goto err; - } -@@ -852,7 +937,7 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri) - if (!penc || !penclen) - goto err; - wrap_str = ASN1_STRING_new(); -- if (wrap_str == NULL) -+ if (!wrap_str) - goto err; - ASN1_STRING_set0(wrap_str, penc, penclen); - penc = NULL; -@@ -862,8 +947,10 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri) - rv = 1; - - err: -- OPENSSL_free(penc); -- X509_ALGOR_free(wrap_alg); -+ if (penc) -+ OPENSSL_free(penc); -+ if (wrap_alg) -+ X509_ALGOR_free(wrap_alg); - return rv; - } - -diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_asn1.c b/Cryptlib/OpenSSL/crypto/dh/dh_asn1.c -index 7c72fd6..f470214 100644 ---- a/Cryptlib/OpenSSL/crypto/dh/dh_asn1.c -+++ b/Cryptlib/OpenSSL/crypto/dh/dh_asn1.c -@@ -1,16 +1,66 @@ -+/* dh_asn1.c */ - /* -- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2000. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include --#include "dh_locl.h" -+#include - #include - #include - -@@ -20,7 +70,7 @@ static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - { - if (operation == ASN1_OP_NEW_PRE) { - *pval = (ASN1_VALUE *)DH_new(); -- if (*pval != NULL) -+ if (*pval) - return 2; - return 0; - } else if (operation == ASN1_OP_FREE_PRE) { -@@ -60,7 +110,7 @@ typedef struct { - ASN1_SEQUENCE(DHvparams) = { - ASN1_SIMPLE(int_dhvparams, seed, ASN1_BIT_STRING), - ASN1_SIMPLE(int_dhvparams, counter, BIGNUM) --} static_ASN1_SEQUENCE_END_name(int_dhvparams, DHvparams) -+} ASN1_SEQUENCE_END_name(int_dhvparams, DHvparams) - - ASN1_SEQUENCE(DHxparams) = { - ASN1_SIMPLE(int_dhx942_dh, p, BIGNUM), -@@ -68,7 +118,7 @@ ASN1_SEQUENCE(DHxparams) = { - ASN1_SIMPLE(int_dhx942_dh, q, BIGNUM), - ASN1_OPT(int_dhx942_dh, j, BIGNUM), - ASN1_OPT(int_dhx942_dh, vparams, DHvparams), --} static_ASN1_SEQUENCE_END_name(int_dhx942_dh, DHxparams) -+} ASN1_SEQUENCE_END_name(int_dhx942_dh, DHxparams) - - int_dhx942_dh *d2i_int_dhx(int_dhx942_dh **a, - const unsigned char **pp, long length); -@@ -76,23 +126,24 @@ int i2d_int_dhx(const int_dhx942_dh *a, unsigned char **pp); - - IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(int_dhx942_dh, DHxparams, int_dhx) - --/* Application public function: read in X9.42 DH parameters into DH structure */ -+/* Application leve function: read in X9.42 DH parameters into DH structure */ - - DH *d2i_DHxparams(DH **a, const unsigned char **pp, long length) - { - int_dhx942_dh *dhx = NULL; - DH *dh = NULL; - dh = DH_new(); -- if (dh == NULL) -+ if (!dh) - return NULL; - dhx = d2i_int_dhx(NULL, pp, length); -- if (dhx == NULL) { -+ if (!dhx) { - DH_free(dh); - return NULL; - } - - if (a) { -- DH_free(*a); -+ if (*a) -+ DH_free(*a); - *a = dh; - } - -diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_check.c b/Cryptlib/OpenSSL/crypto/dh/dh_check.c -index 3b0fa59..0277041 100644 ---- a/Cryptlib/OpenSSL/crypto/dh/dh_check.c -+++ b/Cryptlib/OpenSSL/crypto/dh/dh_check.c -@@ -1,56 +1,65 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/dh/dh_check.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include --#include "dh_locl.h" -- --/*- -- * Check that p and g are suitable enough -- * -- * p is odd -- * 1 < g < p - 1 -- */ -- --int DH_check_params(const DH *dh, int *ret) --{ -- int ok = 0; -- BIGNUM *tmp = NULL; -- BN_CTX *ctx = NULL; -- -- *ret = 0; -- ctx = BN_CTX_new(); -- if (ctx == NULL) -- goto err; -- BN_CTX_start(ctx); -- tmp = BN_CTX_get(ctx); -- if (tmp == NULL) -- goto err; -- -- if (!BN_is_odd(dh->p)) -- *ret |= DH_CHECK_P_NOT_PRIME; -- if (BN_is_negative(dh->g) || BN_is_zero(dh->g) || BN_is_one(dh->g)) -- *ret |= DH_NOT_SUITABLE_GENERATOR; -- if (BN_copy(tmp, dh->p) == NULL || !BN_sub_word(tmp, 1)) -- goto err; -- if (BN_cmp(dh->g, tmp) >= 0) -- *ret |= DH_NOT_SUITABLE_GENERATOR; -- -- ok = 1; -- err: -- if (ctx != NULL) { -- BN_CTX_end(ctx); -- BN_CTX_free(ctx); -- } -- return (ok); --} -+#include - - /*- - * Check that p is a safe prime and -@@ -64,7 +73,7 @@ int DH_check_params(const DH *dh, int *ret) - - int DH_check(const DH *dh, int *ret) - { -- int ok = 0, r; -+ int ok = 0; - BN_CTX *ctx = NULL; - BN_ULONG l; - BIGNUM *t1 = NULL, *t2 = NULL; -@@ -93,10 +102,7 @@ int DH_check(const DH *dh, int *ret) - if (!BN_is_one(t1)) - *ret |= DH_NOT_SUITABLE_GENERATOR; - } -- r = BN_is_prime_ex(dh->q, BN_prime_checks, ctx, NULL); -- if (r < 0) -- goto err; -- if (!r) -+ if (!BN_is_prime_ex(dh->q, BN_prime_checks, ctx, NULL)) - *ret |= DH_CHECK_Q_NOT_PRIME; - /* Check p == 1 mod q i.e. q divides p - 1 */ - if (!BN_div(t1, t2, dh->p, dh->q, ctx)) -@@ -108,31 +114,29 @@ int DH_check(const DH *dh, int *ret) - - } else if (BN_is_word(dh->g, DH_GENERATOR_2)) { - l = BN_mod_word(dh->p, 24); -- if (l == (BN_ULONG)-1) -- goto err; - if (l != 11) - *ret |= DH_NOT_SUITABLE_GENERATOR; -- } else if (BN_is_word(dh->g, DH_GENERATOR_5)) { -+ } -+#if 0 -+ else if (BN_is_word(dh->g, DH_GENERATOR_3)) { -+ l = BN_mod_word(dh->p, 12); -+ if (l != 5) -+ *ret |= DH_NOT_SUITABLE_GENERATOR; -+ } -+#endif -+ else if (BN_is_word(dh->g, DH_GENERATOR_5)) { - l = BN_mod_word(dh->p, 10); -- if (l == (BN_ULONG)-1) -- goto err; - if ((l != 3) && (l != 7)) - *ret |= DH_NOT_SUITABLE_GENERATOR; - } else - *ret |= DH_UNABLE_TO_CHECK_GENERATOR; - -- r = BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL); -- if (r < 0) -- goto err; -- if (!r) -+ if (!BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL)) - *ret |= DH_CHECK_P_NOT_PRIME; - else if (!dh->q) { - if (!BN_rshift1(t1, dh->p)) - goto err; -- r = BN_is_prime_ex(t1, BN_prime_checks, ctx, NULL); -- if (r < 0) -- goto err; -- if (!r) -+ if (!BN_is_prime_ex(t1, BN_prime_checks, ctx, NULL)) - *ret |= DH_CHECK_P_NOT_SAFE_PRIME; - } - ok = 1; -diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_depr.c b/Cryptlib/OpenSSL/crypto/dh/dh_depr.c -index f8ed1b7..b622119 100644 ---- a/Cryptlib/OpenSSL/crypto/dh/dh_depr.c -+++ b/Cryptlib/OpenSSL/crypto/dh/dh_depr.c -@@ -1,45 +1,81 @@ --/* -- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/dh/dh_depr.c */ -+/* ==================================================================== -+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - /* This file contains deprecated functions as wrappers to the new ones */ - --#include --#if OPENSSL_API_COMPAT >= 0x00908000L --NON_EMPTY_TRANSLATION_UNIT --#else -+#include -+#include "cryptlib.h" -+#include -+#include - --# include --# include "internal/cryptlib.h" --# include --# include -+static void *dummy = &dummy; - -+#ifndef OPENSSL_NO_DEPRECATED - DH *DH_generate_parameters(int prime_len, int generator, - void (*callback) (int, int, void *), void *cb_arg) - { -- BN_GENCB *cb; -+ BN_GENCB cb; - DH *ret = NULL; - - if ((ret = DH_new()) == NULL) - return NULL; -- cb = BN_GENCB_new(); -- if (cb == NULL) { -- DH_free(ret); -- return NULL; -- } - -- BN_GENCB_set_old(cb, callback, cb_arg); -+ BN_GENCB_set_old(&cb, callback, cb_arg); - -- if (DH_generate_parameters_ex(ret, prime_len, generator, cb)) { -- BN_GENCB_free(cb); -+ if (DH_generate_parameters_ex(ret, prime_len, generator, &cb)) - return ret; -- } -- BN_GENCB_free(cb); - DH_free(ret); - return NULL; - } -diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_err.c b/Cryptlib/OpenSSL/crypto/dh/dh_err.c -index 4e21f28..b890cca 100644 ---- a/Cryptlib/OpenSSL/crypto/dh/dh_err.c -+++ b/Cryptlib/OpenSSL/crypto/dh/dh_err.c -@@ -1,11 +1,62 @@ --/* -- * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/dh/dh_err.c */ -+/* ==================================================================== -+ * Copyright (c) 1999-2013 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+/* -+ * NOTE: this file was auto generated by the mkerr.pl script: any changes -+ * made to it will be overwritten when the script next updates this file, -+ * only reason strings will be preserved. - */ - - #include -@@ -19,25 +70,26 @@ - # define ERR_REASON(reason) ERR_PACK(ERR_LIB_DH,0,reason) - - static ERR_STRING_DATA DH_str_functs[] = { -- {ERR_FUNC(DH_F_COMPUTE_KEY), "compute_key"}, -+ {ERR_FUNC(DH_F_COMPUTE_KEY), "COMPUTE_KEY"}, - {ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"}, -- {ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "dh_builtin_genparams"}, -- {ERR_FUNC(DH_F_DH_CMS_DECRYPT), "dh_cms_decrypt"}, -- {ERR_FUNC(DH_F_DH_CMS_SET_PEERKEY), "dh_cms_set_peerkey"}, -- {ERR_FUNC(DH_F_DH_CMS_SET_SHARED_INFO), "dh_cms_set_shared_info"}, -- {ERR_FUNC(DH_F_DH_METH_DUP), "DH_meth_dup"}, -- {ERR_FUNC(DH_F_DH_METH_NEW), "DH_meth_new"}, -- {ERR_FUNC(DH_F_DH_METH_SET1_NAME), "DH_meth_set1_name"}, -+ {ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"}, -+ {ERR_FUNC(DH_F_DH_CMS_DECRYPT), "DH_CMS_DECRYPT"}, -+ {ERR_FUNC(DH_F_DH_CMS_SET_PEERKEY), "DH_CMS_SET_PEERKEY"}, -+ {ERR_FUNC(DH_F_DH_CMS_SET_SHARED_INFO), "DH_CMS_SET_SHARED_INFO"}, -+ {ERR_FUNC(DH_F_DH_COMPUTE_KEY), "DH_compute_key"}, -+ {ERR_FUNC(DH_F_DH_GENERATE_KEY), "DH_generate_key"}, -+ {ERR_FUNC(DH_F_DH_GENERATE_PARAMETERS_EX), "DH_generate_parameters_ex"}, - {ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"}, -- {ERR_FUNC(DH_F_DH_PARAM_DECODE), "dh_param_decode"}, -- {ERR_FUNC(DH_F_DH_PRIV_DECODE), "dh_priv_decode"}, -- {ERR_FUNC(DH_F_DH_PRIV_ENCODE), "dh_priv_encode"}, -- {ERR_FUNC(DH_F_DH_PUB_DECODE), "dh_pub_decode"}, -- {ERR_FUNC(DH_F_DH_PUB_ENCODE), "dh_pub_encode"}, -- {ERR_FUNC(DH_F_DO_DH_PRINT), "do_dh_print"}, -- {ERR_FUNC(DH_F_GENERATE_KEY), "generate_key"}, -- {ERR_FUNC(DH_F_PKEY_DH_DERIVE), "pkey_dh_derive"}, -- {ERR_FUNC(DH_F_PKEY_DH_KEYGEN), "pkey_dh_keygen"}, -+ {ERR_FUNC(DH_F_DH_PARAM_DECODE), "DH_PARAM_DECODE"}, -+ {ERR_FUNC(DH_F_DH_PRIV_DECODE), "DH_PRIV_DECODE"}, -+ {ERR_FUNC(DH_F_DH_PRIV_ENCODE), "DH_PRIV_ENCODE"}, -+ {ERR_FUNC(DH_F_DH_PUB_DECODE), "DH_PUB_DECODE"}, -+ {ERR_FUNC(DH_F_DH_PUB_ENCODE), "DH_PUB_ENCODE"}, -+ {ERR_FUNC(DH_F_DO_DH_PRINT), "DO_DH_PRINT"}, -+ {ERR_FUNC(DH_F_GENERATE_KEY), "GENERATE_KEY"}, -+ {ERR_FUNC(DH_F_GENERATE_PARAMETERS), "GENERATE_PARAMETERS"}, -+ {ERR_FUNC(DH_F_PKEY_DH_DERIVE), "PKEY_DH_DERIVE"}, -+ {ERR_FUNC(DH_F_PKEY_DH_KEYGEN), "PKEY_DH_KEYGEN"}, - {0, NULL} - }; - -@@ -49,7 +101,9 @@ static ERR_STRING_DATA DH_str_reasons[] = { - {ERR_REASON(DH_R_INVALID_PUBKEY), "invalid public key"}, - {ERR_REASON(DH_R_KDF_PARAMETER_ERROR), "kdf parameter error"}, - {ERR_REASON(DH_R_KEYS_NOT_SET), "keys not set"}, -+ {ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL), "key size too small"}, - {ERR_REASON(DH_R_MODULUS_TOO_LARGE), "modulus too large"}, -+ {ERR_REASON(DH_R_NON_FIPS_METHOD), "non fips method"}, - {ERR_REASON(DH_R_NO_PARAMETERS_SET), "no parameters set"}, - {ERR_REASON(DH_R_NO_PRIVATE_VALUE), "no private value"}, - {ERR_REASON(DH_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"}, -@@ -60,7 +114,7 @@ static ERR_STRING_DATA DH_str_reasons[] = { - - #endif - --int ERR_load_DH_strings(void) -+void ERR_load_DH_strings(void) - { - #ifndef OPENSSL_NO_ERR - -@@ -69,5 +123,4 @@ int ERR_load_DH_strings(void) - ERR_load_strings(0, DH_str_reasons); - } - #endif -- return 1; - } -diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_gen.c b/Cryptlib/OpenSSL/crypto/dh/dh_gen.c -index 27ecb98..5bedb66 100644 ---- a/Cryptlib/OpenSSL/crypto/dh/dh_gen.c -+++ b/Cryptlib/OpenSSL/crypto/dh/dh_gen.c -@@ -1,10 +1,59 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/dh/dh_gen.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - /* -@@ -13,9 +62,13 @@ - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include --#include "dh_locl.h" -+#include -+ -+#ifdef OPENSSL_FIPS -+# include -+#endif - - static int dh_builtin_genparams(DH *ret, int prime_len, int generator, - BN_GENCB *cb); -@@ -23,8 +76,19 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, - int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, - BN_GENCB *cb) - { -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode() && !(ret->meth->flags & DH_FLAG_FIPS_METHOD) -+ && !(ret->flags & DH_FLAG_NON_FIPS_ALLOW)) { -+ DHerr(DH_F_DH_GENERATE_PARAMETERS_EX, DH_R_NON_FIPS_METHOD); -+ return 0; -+ } -+#endif - if (ret->meth->generate_params) - return ret->meth->generate_params(ret, prime_len, generator, cb); -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode()) -+ return FIPS_dh_generate_parameters_ex(ret, prime_len, generator, cb); -+#endif - return dh_builtin_genparams(ret, prime_len, generator, cb); - } - -@@ -87,7 +151,17 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, - if (!BN_set_word(t2, 11)) - goto err; - g = 2; -- } else if (generator == DH_GENERATOR_5) { -+ } -+#if 0 /* does not work for safe primes */ -+ else if (generator == DH_GENERATOR_3) { -+ if (!BN_set_word(t1, 12)) -+ goto err; -+ if (!BN_set_word(t2, 5)) -+ goto err; -+ g = 3; -+ } -+#endif -+ else if (generator == DH_GENERATOR_5) { - if (!BN_set_word(t1, 10)) - goto err; - if (!BN_set_word(t2, 3)) -diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_kdf.c b/Cryptlib/OpenSSL/crypto/dh/dh_kdf.c -deleted file mode 100644 -index 2782eee..0000000 ---- a/Cryptlib/OpenSSL/crypto/dh/dh_kdf.c -+++ /dev/null -@@ -1,150 +0,0 @@ --/* -- * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include -- --#ifndef OPENSSL_NO_CMS --#include --#include --#include --#include --#include -- -- --/* Key derivation from X9.42/RFC2631 */ --/* Uses CMS functions, hence the #ifdef wrapper. */ -- --#define DH_KDF_MAX (1L << 30) -- --/* Skip past an ASN1 structure: for OBJECT skip content octets too */ -- --static int skip_asn1(unsigned char **pp, long *plen, int exptag) --{ -- const unsigned char *q = *pp; -- int i, tag, xclass; -- long tmplen; -- i = ASN1_get_object(&q, &tmplen, &tag, &xclass, *plen); -- if (i & 0x80) -- return 0; -- if (tag != exptag || xclass != V_ASN1_UNIVERSAL) -- return 0; -- if (tag == V_ASN1_OBJECT) -- q += tmplen; -- *plen -= q - *pp; -- *pp = (unsigned char *)q; -- return 1; --} -- --/* -- * Encode the DH shared info structure, return an offset to the counter value -- * so we can update the structure without reencoding it. -- */ -- --static int dh_sharedinfo_encode(unsigned char **pder, unsigned char **pctr, -- ASN1_OBJECT *key_oid, size_t outlen, -- const unsigned char *ukm, size_t ukmlen) --{ -- unsigned char *p; -- int derlen; -- long tlen; -- /* "magic" value to check offset is sane */ -- static unsigned char ctr[4] = { 0xF3, 0x17, 0x22, 0x53 }; -- X509_ALGOR atmp; -- ASN1_OCTET_STRING ctr_oct, ukm_oct, *pukm_oct; -- ASN1_TYPE ctr_atype; -- if (ukmlen > DH_KDF_MAX || outlen > DH_KDF_MAX) -- return 0; -- ctr_oct.data = ctr; -- ctr_oct.length = 4; -- ctr_oct.flags = 0; -- ctr_oct.type = V_ASN1_OCTET_STRING; -- ctr_atype.type = V_ASN1_OCTET_STRING; -- ctr_atype.value.octet_string = &ctr_oct; -- atmp.algorithm = key_oid; -- atmp.parameter = &ctr_atype; -- if (ukm) { -- ukm_oct.type = V_ASN1_OCTET_STRING; -- ukm_oct.flags = 0; -- ukm_oct.data = (unsigned char *)ukm; -- ukm_oct.length = ukmlen; -- pukm_oct = &ukm_oct; -- } else -- pukm_oct = NULL; -- derlen = CMS_SharedInfo_encode(pder, &atmp, pukm_oct, outlen); -- if (derlen <= 0) -- return 0; -- p = *pder; -- tlen = derlen; -- if (!skip_asn1(&p, &tlen, V_ASN1_SEQUENCE)) -- return 0; -- if (!skip_asn1(&p, &tlen, V_ASN1_SEQUENCE)) -- return 0; -- if (!skip_asn1(&p, &tlen, V_ASN1_OBJECT)) -- return 0; -- if (!skip_asn1(&p, &tlen, V_ASN1_OCTET_STRING)) -- return 0; -- if (CRYPTO_memcmp(p, ctr, 4)) -- return 0; -- *pctr = p; -- return derlen; --} -- --int DH_KDF_X9_42(unsigned char *out, size_t outlen, -- const unsigned char *Z, size_t Zlen, -- ASN1_OBJECT *key_oid, -- const unsigned char *ukm, size_t ukmlen, const EVP_MD *md) --{ -- EVP_MD_CTX *mctx = NULL; -- int rv = 0; -- unsigned int i; -- size_t mdlen; -- unsigned char *der = NULL, *ctr; -- int derlen; -- if (Zlen > DH_KDF_MAX) -- return 0; -- mctx = EVP_MD_CTX_new(); -- if (mctx == NULL) -- return 0; -- mdlen = EVP_MD_size(md); -- derlen = dh_sharedinfo_encode(&der, &ctr, key_oid, outlen, ukm, ukmlen); -- if (derlen == 0) -- goto err; -- for (i = 1;; i++) { -- unsigned char mtmp[EVP_MAX_MD_SIZE]; -- if (!EVP_DigestInit_ex(mctx, md, NULL) -- || !EVP_DigestUpdate(mctx, Z, Zlen)) -- goto err; -- ctr[3] = i & 0xFF; -- ctr[2] = (i >> 8) & 0xFF; -- ctr[1] = (i >> 16) & 0xFF; -- ctr[0] = (i >> 24) & 0xFF; -- if (!EVP_DigestUpdate(mctx, der, derlen)) -- goto err; -- if (outlen >= mdlen) { -- if (!EVP_DigestFinal(mctx, out, NULL)) -- goto err; -- outlen -= mdlen; -- if (outlen == 0) -- break; -- out += mdlen; -- } else { -- if (!EVP_DigestFinal(mctx, mtmp, NULL)) -- goto err; -- memcpy(out, mtmp, outlen); -- OPENSSL_cleanse(mtmp, mdlen); -- break; -- } -- } -- rv = 1; -- err: -- OPENSSL_free(der); -- EVP_MD_CTX_free(mctx); -- return rv; --} --#endif -diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_key.c b/Cryptlib/OpenSSL/crypto/dh/dh_key.c -index 204e5a7..387558f 100644 ---- a/Cryptlib/OpenSSL/crypto/dh/dh_key.c -+++ b/Cryptlib/OpenSSL/crypto/dh/dh_key.c -@@ -1,16 +1,66 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/dh/dh_key.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" --#include "dh_locl.h" --#include "internal/bn_int.h" -+#include "cryptlib.h" -+#include -+#include -+#include - - static int generate_key(DH *dh); - static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); -@@ -22,11 +72,25 @@ static int dh_finish(DH *dh); - - int DH_generate_key(DH *dh) - { -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD) -+ && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW)) { -+ DHerr(DH_F_DH_GENERATE_KEY, DH_R_NON_FIPS_METHOD); -+ return 0; -+ } -+#endif - return dh->meth->generate_key(dh); - } - - int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) - { -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD) -+ && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW)) { -+ DHerr(DH_F_DH_COMPUTE_KEY, DH_R_NON_FIPS_METHOD); -+ return 0; -+ } -+#endif - return dh->meth->compute_key(key, pub_key, dh); - } - -@@ -51,7 +115,7 @@ static DH_METHOD dh_ossl = { - dh_bn_mod_exp, - dh_init, - dh_finish, -- DH_FLAG_FIPS_METHOD, -+ 0, - NULL, - NULL - }; -@@ -75,7 +139,7 @@ static int generate_key(DH *dh) - goto err; - - if (dh->priv_key == NULL) { -- priv_key = BN_secure_new(); -+ priv_key = BN_new(); - if (priv_key == NULL) - goto err; - generate_new_key = 1; -@@ -91,7 +155,7 @@ static int generate_key(DH *dh) - - if (dh->flags & DH_FLAG_CACHE_MONT_P) { - mont = BN_MONT_CTX_set_locked(&dh->method_mont_p, -- dh->lock, dh->p, ctx); -+ CRYPTO_LOCK_DH, dh->p, ctx); - if (!mont) - goto err; - } -@@ -106,24 +170,24 @@ static int generate_key(DH *dh) - } else { - /* secret exponent length */ - l = dh->length ? dh->length : BN_num_bits(dh->p) - 1; -- if (!BN_rand(priv_key, l, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) -+ if (!BN_rand(priv_key, l, 0, 0)) - goto err; - } - } - - { -- BIGNUM *prk = BN_new(); -+ BIGNUM local_prk; -+ BIGNUM *prk; - -- if (prk == NULL) -- goto err; -- BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME); -+ if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) { -+ BN_init(&local_prk); -+ prk = &local_prk; -+ BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME); -+ } else -+ prk = priv_key; - -- if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) { -- BN_free(prk); -+ if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) - goto err; -- } -- /* We MUST free prk before any further use of priv_key */ -- BN_free(prk); - } - - dh->pub_key = pub_key; -@@ -133,9 +197,9 @@ static int generate_key(DH *dh) - if (ok != 1) - DHerr(DH_F_GENERATE_KEY, ERR_R_BN_LIB); - -- if (pub_key != dh->pub_key) -+ if ((pub_key != NULL) && (dh->pub_key == NULL)) - BN_free(pub_key); -- if (priv_key != dh->priv_key) -+ if ((priv_key != NULL) && (dh->priv_key == NULL)) - BN_free(priv_key); - BN_CTX_free(ctx); - return (ok); -@@ -169,8 +233,11 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) - - if (dh->flags & DH_FLAG_CACHE_MONT_P) { - mont = BN_MONT_CTX_set_locked(&dh->method_mont_p, -- dh->lock, dh->p, ctx); -- BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME); -+ CRYPTO_LOCK_DH, dh->p, ctx); -+ if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) { -+ /* XXX */ -+ BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME); -+ } - if (!mont) - goto err; - } -@@ -199,7 +266,15 @@ static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, - const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) - { -- return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx); -+ /* -+ * If a is only one word long and constant time is false, use the faster -+ * exponenentiation function. -+ */ -+ if (a->top == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0)) { -+ BN_ULONG A = a->d[0]; -+ return BN_mod_exp_mont_word(r, A, p, m, ctx, m_ctx); -+ } else -+ return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx); - } - - static int dh_init(DH *dh) -@@ -210,6 +285,7 @@ static int dh_init(DH *dh) - - static int dh_finish(DH *dh) - { -- BN_MONT_CTX_free(dh->method_mont_p); -+ if (dh->method_mont_p) -+ BN_MONT_CTX_free(dh->method_mont_p); - return (1); - } -diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_lib.c b/Cryptlib/OpenSSL/crypto/dh/dh_lib.c -index adf1771..bebc160 100644 ---- a/Cryptlib/OpenSSL/crypto/dh/dh_lib.c -+++ b/Cryptlib/OpenSSL/crypto/dh/dh_lib.c -@@ -1,17 +1,74 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/dh/dh_lib.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include --#include "dh_locl.h" --#include -+#include -+#ifndef OPENSSL_NO_ENGINE -+# include -+#endif -+ -+#ifdef OPENSSL_FIPS -+# include -+#endif -+ -+const char DH_version[] = "Diffie-Hellman" OPENSSL_VERSION_PTEXT; - - static const DH_METHOD *default_DH_method = NULL; - -@@ -22,8 +79,16 @@ void DH_set_default_method(const DH_METHOD *meth) - - const DH_METHOD *DH_get_default_method(void) - { -- if (!default_DH_method) -+ if (!default_DH_method) { -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode()) -+ return FIPS_dh_openssl(); -+ else -+ return DH_OpenSSL(); -+#else - default_DH_method = DH_OpenSSL(); -+#endif -+ } - return default_DH_method; - } - -@@ -38,8 +103,10 @@ int DH_set_method(DH *dh, const DH_METHOD *meth) - if (mtmp->finish) - mtmp->finish(dh); - #ifndef OPENSSL_NO_ENGINE -- ENGINE_finish(dh->engine); -- dh->engine = NULL; -+ if (dh->engine) { -+ ENGINE_finish(dh->engine); -+ dh->engine = NULL; -+ } - #endif - dh->meth = meth; - if (meth->init) -@@ -54,102 +121,132 @@ DH *DH_new(void) - - DH *DH_new_method(ENGINE *engine) - { -- DH *ret = OPENSSL_zalloc(sizeof(*ret)); -+ DH *ret; - -+ ret = (DH *)OPENSSL_malloc(sizeof(DH)); - if (ret == NULL) { - DHerr(DH_F_DH_NEW_METHOD, ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- -- ret->references = 1; -- ret->lock = CRYPTO_THREAD_lock_new(); -- if (ret->lock == NULL) { -- DHerr(DH_F_DH_NEW_METHOD, ERR_R_MALLOC_FAILURE); -- OPENSSL_free(ret); -- return NULL; -+ return (NULL); - } - - ret->meth = DH_get_default_method(); - #ifndef OPENSSL_NO_ENGINE -- ret->flags = ret->meth->flags; /* early default init */ - if (engine) { - if (!ENGINE_init(engine)) { - DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB); -- goto err; -+ OPENSSL_free(ret); -+ return NULL; - } - ret->engine = engine; - } else - ret->engine = ENGINE_get_default_DH(); - if (ret->engine) { - ret->meth = ENGINE_get_DH(ret->engine); -- if (ret->meth == NULL) { -+ if (!ret->meth) { - DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB); -- goto err; -+ ENGINE_finish(ret->engine); -+ OPENSSL_free(ret); -+ return NULL; - } - } - #endif - -- ret->flags = ret->meth->flags; -- -- if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data)) -- goto err; -- -+ ret->pad = 0; -+ ret->version = 0; -+ ret->p = NULL; -+ ret->g = NULL; -+ ret->length = 0; -+ ret->pub_key = NULL; -+ ret->priv_key = NULL; -+ ret->q = NULL; -+ ret->j = NULL; -+ ret->seed = NULL; -+ ret->seedlen = 0; -+ ret->counter = NULL; -+ ret->method_mont_p = NULL; -+ ret->references = 1; -+ ret->flags = ret->meth->flags & ~DH_FLAG_NON_FIPS_ALLOW; -+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); - if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { -- DHerr(DH_F_DH_NEW_METHOD, ERR_R_INIT_FAIL); --err: -- DH_free(ret); -+#ifndef OPENSSL_NO_ENGINE -+ if (ret->engine) -+ ENGINE_finish(ret->engine); -+#endif -+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); -+ OPENSSL_free(ret); - ret = NULL; - } -- -- return ret; -+ return (ret); - } - - void DH_free(DH *r) - { - int i; -- - if (r == NULL) - return; -- -- CRYPTO_atomic_add(&r->references, -1, &i, r->lock); -- REF_PRINT_COUNT("DH", r); -+ i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH); -+#ifdef REF_PRINT -+ REF_PRINT("DH", r); -+#endif - if (i > 0) - return; -- REF_ASSERT_ISNT(i < 0); -+#ifdef REF_CHECK -+ if (i < 0) { -+ fprintf(stderr, "DH_free, bad reference count\n"); -+ abort(); -+ } -+#endif - - if (r->meth->finish) - r->meth->finish(r); - #ifndef OPENSSL_NO_ENGINE -- ENGINE_finish(r->engine); -+ if (r->engine) -+ ENGINE_finish(r->engine); - #endif - - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data); - -- CRYPTO_THREAD_lock_free(r->lock); -- -- BN_clear_free(r->p); -- BN_clear_free(r->g); -- BN_clear_free(r->q); -- BN_clear_free(r->j); -- OPENSSL_free(r->seed); -- BN_clear_free(r->counter); -- BN_clear_free(r->pub_key); -- BN_clear_free(r->priv_key); -+ if (r->p != NULL) -+ BN_clear_free(r->p); -+ if (r->g != NULL) -+ BN_clear_free(r->g); -+ if (r->q != NULL) -+ BN_clear_free(r->q); -+ if (r->j != NULL) -+ BN_clear_free(r->j); -+ if (r->seed) -+ OPENSSL_free(r->seed); -+ if (r->counter != NULL) -+ BN_clear_free(r->counter); -+ if (r->pub_key != NULL) -+ BN_clear_free(r->pub_key); -+ if (r->priv_key != NULL) -+ BN_clear_free(r->priv_key); - OPENSSL_free(r); - } - - int DH_up_ref(DH *r) - { -- int i; -- -- if (CRYPTO_atomic_add(&r->references, 1, &i, r->lock) <= 0) -- return 0; -- -- REF_PRINT_COUNT("DH", r); -- REF_ASSERT_ISNT(i < 2); -+ int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DH); -+#ifdef REF_PRINT -+ REF_PRINT("DH", r); -+#endif -+#ifdef REF_CHECK -+ if (i < 2) { -+ fprintf(stderr, "DH_up, bad reference count\n"); -+ abort(); -+ } -+#endif - return ((i > 1) ? 1 : 0); - } - -+int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, -+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) -+{ -+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, argl, argp, -+ new_func, dup_func, free_func); -+} -+ - int DH_set_ex_data(DH *d, int idx, void *arg) - { - return (CRYPTO_set_ex_data(&d->ex_data, idx, arg)); -@@ -160,125 +257,7 @@ void *DH_get_ex_data(DH *d, int idx) - return (CRYPTO_get_ex_data(&d->ex_data, idx)); - } - --int DH_bits(const DH *dh) --{ -- return BN_num_bits(dh->p); --} -- - int DH_size(const DH *dh) - { - return (BN_num_bytes(dh->p)); - } -- --int DH_security_bits(const DH *dh) --{ -- int N; -- if (dh->q) -- N = BN_num_bits(dh->q); -- else if (dh->length) -- N = dh->length; -- else -- N = -1; -- return BN_security_bits(BN_num_bits(dh->p), N); --} -- -- --void DH_get0_pqg(const DH *dh, -- const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) --{ -- if (p != NULL) -- *p = dh->p; -- if (q != NULL) -- *q = dh->q; -- if (g != NULL) -- *g = dh->g; --} -- --int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) --{ -- /* If the fields p and g in d are NULL, the corresponding input -- * parameters MUST be non-NULL. q may remain NULL. -- */ -- if ((dh->p == NULL && p == NULL) -- || (dh->g == NULL && g == NULL)) -- return 0; -- -- if (p != NULL) { -- BN_free(dh->p); -- dh->p = p; -- } -- if (q != NULL) { -- BN_free(dh->q); -- dh->q = q; -- } -- if (g != NULL) { -- BN_free(dh->g); -- dh->g = g; -- } -- -- if (q != NULL) { -- dh->length = BN_num_bits(q); -- } -- -- return 1; --} -- --long DH_get_length(const DH *dh) --{ -- return dh->length; --} -- --int DH_set_length(DH *dh, long length) --{ -- dh->length = length; -- return 1; --} -- --void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) --{ -- if (pub_key != NULL) -- *pub_key = dh->pub_key; -- if (priv_key != NULL) -- *priv_key = dh->priv_key; --} -- --int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) --{ -- /* If the field pub_key in dh is NULL, the corresponding input -- * parameters MUST be non-NULL. The priv_key field may -- * be left NULL. -- */ -- if (dh->pub_key == NULL && pub_key == NULL) -- return 0; -- -- if (pub_key != NULL) { -- BN_free(dh->pub_key); -- dh->pub_key = pub_key; -- } -- if (priv_key != NULL) { -- BN_free(dh->priv_key); -- dh->priv_key = priv_key; -- } -- -- return 1; --} -- --void DH_clear_flags(DH *dh, int flags) --{ -- dh->flags &= ~flags; --} -- --int DH_test_flags(const DH *dh, int flags) --{ -- return dh->flags & flags; --} -- --void DH_set_flags(DH *dh, int flags) --{ -- dh->flags |= flags; --} -- --ENGINE *DH_get0_engine(DH *dh) --{ -- return dh->engine; --} -diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_locl.h b/Cryptlib/OpenSSL/crypto/dh/dh_locl.h -deleted file mode 100644 -index 19301c3..0000000 ---- a/Cryptlib/OpenSSL/crypto/dh/dh_locl.h -+++ /dev/null -@@ -1,56 +0,0 @@ --/* -- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include -- --struct dh_st { -- /* -- * This first argument is used to pick up errors when a DH is passed -- * instead of a EVP_PKEY -- */ -- int pad; -- int version; -- BIGNUM *p; -- BIGNUM *g; -- long length; /* optional */ -- BIGNUM *pub_key; /* g^x % p */ -- BIGNUM *priv_key; /* x */ -- int flags; -- BN_MONT_CTX *method_mont_p; -- /* Place holders if we want to do X9.42 DH */ -- BIGNUM *q; -- BIGNUM *j; -- unsigned char *seed; -- int seedlen; -- BIGNUM *counter; -- int references; -- CRYPTO_EX_DATA ex_data; -- const DH_METHOD *meth; -- ENGINE *engine; -- CRYPTO_RWLOCK *lock; --}; -- --struct dh_method { -- char *name; -- /* Methods here */ -- int (*generate_key) (DH *dh); -- int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh); -- -- /* Can be null */ -- int (*bn_mod_exp) (const DH *dh, BIGNUM *r, const BIGNUM *a, -- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, -- BN_MONT_CTX *m_ctx); -- int (*init) (DH *dh); -- int (*finish) (DH *dh); -- int flags; -- char *app_data; -- /* If this is non-NULL, it will be used to generate parameters */ -- int (*generate_params) (DH *dh, int prime_len, int generator, -- BN_GENCB *cb); --}; -diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_meth.c b/Cryptlib/OpenSSL/crypto/dh/dh_meth.c -deleted file mode 100644 -index ce6114c..0000000 ---- a/Cryptlib/OpenSSL/crypto/dh/dh_meth.c -+++ /dev/null -@@ -1,173 +0,0 @@ --/* -- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include "dh_locl.h" --#include --#include -- --DH_METHOD *DH_meth_new(const char *name, int flags) --{ -- DH_METHOD *dhm = OPENSSL_zalloc(sizeof(*dhm)); -- -- if (dhm != NULL) { -- dhm->flags = flags; -- -- dhm->name = OPENSSL_strdup(name); -- if (dhm->name != NULL) -- return dhm; -- -- OPENSSL_free(dhm); -- } -- -- DHerr(DH_F_DH_METH_NEW, ERR_R_MALLOC_FAILURE); -- return NULL; --} -- --void DH_meth_free(DH_METHOD *dhm) --{ -- if (dhm != NULL) { -- OPENSSL_free(dhm->name); -- OPENSSL_free(dhm); -- } --} -- --DH_METHOD *DH_meth_dup(const DH_METHOD *dhm) --{ -- DH_METHOD *ret = OPENSSL_malloc(sizeof(*ret)); -- -- if (ret != NULL) { -- memcpy(ret, dhm, sizeof(*dhm)); -- -- ret->name = OPENSSL_strdup(dhm->name); -- if (ret->name != NULL) -- return ret; -- -- OPENSSL_free(ret); -- } -- -- DHerr(DH_F_DH_METH_DUP, ERR_R_MALLOC_FAILURE); -- return NULL; --} -- --const char *DH_meth_get0_name(const DH_METHOD *dhm) --{ -- return dhm->name; --} -- --int DH_meth_set1_name(DH_METHOD *dhm, const char *name) --{ -- char *tmpname = OPENSSL_strdup(name); -- -- if (tmpname == NULL) { -- DHerr(DH_F_DH_METH_SET1_NAME, ERR_R_MALLOC_FAILURE); -- return 0; -- } -- -- OPENSSL_free(dhm->name); -- dhm->name = tmpname; -- -- return 1; --} -- --int DH_meth_get_flags(DH_METHOD *dhm) --{ -- return dhm->flags; --} -- --int DH_meth_set_flags(DH_METHOD *dhm, int flags) --{ -- dhm->flags = flags; -- return 1; --} -- --void *DH_meth_get0_app_data(const DH_METHOD *dhm) --{ -- return dhm->app_data; --} -- --int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data) --{ -- dhm->app_data = app_data; -- return 1; --} -- --int (*DH_meth_get_generate_key(const DH_METHOD *dhm)) (DH *) --{ -- return dhm->generate_key; --} -- --int DH_meth_set_generate_key(DH_METHOD *dhm, int (*generate_key) (DH *)) --{ -- dhm->generate_key = generate_key; -- return 1; --} -- --int (*DH_meth_get_compute_key(const DH_METHOD *dhm)) -- (unsigned char *key, const BIGNUM *pub_key, DH *dh) --{ -- return dhm->compute_key; --} -- --int DH_meth_set_compute_key(DH_METHOD *dhm, -- int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh)) --{ -- dhm->compute_key = compute_key; -- return 1; --} -- -- --int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm)) -- (const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, -- BN_CTX *, BN_MONT_CTX *) --{ -- return dhm->bn_mod_exp; --} -- --int DH_meth_set_bn_mod_exp(DH_METHOD *dhm, -- int (*bn_mod_exp) (const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *, -- const BIGNUM *, BN_CTX *, BN_MONT_CTX *)) --{ -- dhm->bn_mod_exp = bn_mod_exp; -- return 1; --} -- --int (*DH_meth_get_init(const DH_METHOD *dhm))(DH *) --{ -- return dhm->init; --} -- --int DH_meth_set_init(DH_METHOD *dhm, int (*init)(DH *)) --{ -- dhm->init = init; -- return 1; --} -- --int (*DH_meth_get_finish(const DH_METHOD *dhm)) (DH *) --{ -- return dhm->finish; --} -- --int DH_meth_set_finish(DH_METHOD *dhm, int (*finish) (DH *)) --{ -- dhm->finish = finish; -- return 1; --} -- --int (*DH_meth_get_generate_params(const DH_METHOD *dhm)) -- (DH *, int, int, BN_GENCB *) --{ -- return dhm->generate_params; --} -- --int DH_meth_set_generate_params(DH_METHOD *dhm, -- int (*generate_params) (DH *, int, int, BN_GENCB *)) --{ -- dhm->generate_params = generate_params; -- return 1; --} -diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_pmeth.c b/Cryptlib/OpenSSL/crypto/dh/dh_pmeth.c -index c3e03c7..926be98 100644 ---- a/Cryptlib/OpenSSL/crypto/dh/dh_pmeth.c -+++ b/Cryptlib/OpenSSL/crypto/dh/dh_pmeth.c -@@ -1,22 +1,73 @@ - /* -- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2006. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include --#include "dh_locl.h" -+#include - #include --#include -+#ifndef OPENSSL_NO_DSA -+# include -+#endif - #include --#include "internal/evp_int.h" -+#include "evp_locl.h" - - /* DH pkey context structure */ - -@@ -47,14 +98,22 @@ typedef struct { - static int pkey_dh_init(EVP_PKEY_CTX *ctx) - { - DH_PKEY_CTX *dctx; -- -- dctx = OPENSSL_zalloc(sizeof(*dctx)); -- if (dctx == NULL) -+ dctx = OPENSSL_malloc(sizeof(DH_PKEY_CTX)); -+ if (!dctx) - return 0; - dctx->prime_len = 1024; - dctx->subprime_len = -1; - dctx->generator = 2; -+ dctx->use_dsa = 0; -+ dctx->md = NULL; -+ dctx->rfc5114_param = 0; -+ - dctx->kdf_type = EVP_PKEY_DH_KDF_NONE; -+ dctx->kdf_oid = NULL; -+ dctx->kdf_md = NULL; -+ dctx->kdf_ukm = NULL; -+ dctx->kdf_ukmlen = 0; -+ dctx->kdf_outlen = 0; - - ctx->data = dctx; - ctx->keygen_info = dctx->gentmp; -@@ -63,17 +122,6 @@ static int pkey_dh_init(EVP_PKEY_CTX *ctx) - return 1; - } - --static void pkey_dh_cleanup(EVP_PKEY_CTX *ctx) --{ -- DH_PKEY_CTX *dctx = ctx->data; -- if (dctx != NULL) { -- OPENSSL_free(dctx->kdf_ukm); -- ASN1_OBJECT_free(dctx->kdf_oid); -- OPENSSL_free(dctx); -- } --} -- -- - static int pkey_dh_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) - { - DH_PKEY_CTX *dctx, *sctx; -@@ -90,19 +138,29 @@ static int pkey_dh_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) - - dctx->kdf_type = sctx->kdf_type; - dctx->kdf_oid = OBJ_dup(sctx->kdf_oid); -- if (dctx->kdf_oid == NULL) -+ if (!dctx->kdf_oid) - return 0; - dctx->kdf_md = sctx->kdf_md; -- if (sctx->kdf_ukm != NULL) { -- dctx->kdf_ukm = OPENSSL_memdup(sctx->kdf_ukm, sctx->kdf_ukmlen); -- if (dctx->kdf_ukm == NULL) -- return 0; -+ if (dctx->kdf_ukm) { -+ dctx->kdf_ukm = BUF_memdup(sctx->kdf_ukm, sctx->kdf_ukmlen); - dctx->kdf_ukmlen = sctx->kdf_ukmlen; - } - dctx->kdf_outlen = sctx->kdf_outlen; - return 1; - } - -+static void pkey_dh_cleanup(EVP_PKEY_CTX *ctx) -+{ -+ DH_PKEY_CTX *dctx = ctx->data; -+ if (dctx) { -+ if (dctx->kdf_ukm) -+ OPENSSL_free(dctx->kdf_ukm); -+ if (dctx->kdf_oid) -+ ASN1_OBJECT_free(dctx->kdf_oid); -+ OPENSSL_free(dctx); -+ } -+} -+ - static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) - { - DH_PKEY_CTX *dctx = ctx->data; -@@ -177,7 +235,8 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) - return 1; - - case EVP_PKEY_CTRL_DH_KDF_UKM: -- OPENSSL_free(dctx->kdf_ukm); -+ if (dctx->kdf_ukm) -+ OPENSSL_free(dctx->kdf_ukm); - dctx->kdf_ukm = p2; - if (p2) - dctx->kdf_ukmlen = p1; -@@ -190,7 +249,8 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) - return dctx->kdf_ukmlen; - - case EVP_PKEY_CTRL_DH_KDF_OID: -- ASN1_OBJECT_free(dctx->kdf_oid); -+ if (dctx->kdf_oid) -+ ASN1_OBJECT_free(dctx->kdf_oid); - dctx->kdf_oid = p2; - return 1; - -@@ -207,12 +267,12 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) - static int pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx, - const char *type, const char *value) - { -- if (strcmp(type, "dh_paramgen_prime_len") == 0) { -+ if (!strcmp(type, "dh_paramgen_prime_len")) { - int len; - len = atoi(value); - return EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len); - } -- if (strcmp(type, "dh_rfc5114") == 0) { -+ if (!strcmp(type, "dh_rfc5114")) { - DH_PKEY_CTX *dctx = ctx->data; - int len; - len = atoi(value); -@@ -221,17 +281,17 @@ static int pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx, - dctx->rfc5114_param = len; - return 1; - } -- if (strcmp(type, "dh_paramgen_generator") == 0) { -+ if (!strcmp(type, "dh_paramgen_generator")) { - int len; - len = atoi(value); - return EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, len); - } -- if (strcmp(type, "dh_paramgen_subprime_len") == 0) { -+ if (!strcmp(type, "dh_paramgen_subprime_len")) { - int len; - len = atoi(value); - return EVP_PKEY_CTX_set_dh_paramgen_subprime_len(ctx, len); - } -- if (strcmp(type, "dh_paramgen_type") == 0) { -+ if (!strcmp(type, "dh_paramgen_type")) { - int typ; - typ = atoi(value); - return EVP_PKEY_CTX_set_dh_paramgen_type(ctx, typ); -@@ -264,7 +324,7 @@ static DSA *dsa_dh_generate(DH_PKEY_CTX *dctx, BN_GENCB *pcb) - if (dctx->use_dsa > 2) - return NULL; - ret = DSA_new(); -- if (ret == NULL) -+ if (!ret) - return NULL; - if (subprime_len == -1) { - if (prime_len >= 2048) -@@ -297,7 +357,7 @@ static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) - { - DH *dh = NULL; - DH_PKEY_CTX *dctx = ctx->data; -- BN_GENCB *pcb; -+ BN_GENCB *pcb, cb; - int ret; - if (dctx->rfc5114_param) { - switch (dctx->rfc5114_param) { -@@ -321,9 +381,7 @@ static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) - } - - if (ctx->pkey_gencb) { -- pcb = BN_GENCB_new(); -- if (pcb == NULL) -- return 0; -+ pcb = &cb; - evp_pkey_set_cb_translate(pcb, ctx); - } else - pcb = NULL; -@@ -331,8 +389,7 @@ static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) - if (dctx->use_dsa) { - DSA *dsa_dh; - dsa_dh = dsa_dh_generate(dctx, pcb); -- BN_GENCB_free(pcb); -- if (dsa_dh == NULL) -+ if (!dsa_dh) - return 0; - dh = DSA_dup_DH(dsa_dh); - DSA_free(dsa_dh); -@@ -343,13 +400,11 @@ static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) - } - #endif - dh = DH_new(); -- if (dh == NULL) { -- BN_GENCB_free(pcb); -+ if (!dh) - return 0; -- } - ret = DH_generate_parameters_ex(dh, - dctx->prime_len, dctx->generator, pcb); -- BN_GENCB_free(pcb); -+ - if (ret) - EVP_PKEY_assign_DH(pkey, dh); - else -@@ -365,7 +420,7 @@ static int pkey_dh_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) - return 0; - } - dh = DH_new(); -- if (dh == NULL) -+ if (!dh) - return 0; - EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, dh); - /* Note: if error return, pkey is freed by parent routine */ -@@ -400,7 +455,6 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, - } - #ifndef OPENSSL_NO_CMS - else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) { -- - unsigned char *Z = NULL; - size_t Zlen = 0; - if (!dctx->kdf_outlen || !dctx->kdf_oid) -@@ -414,7 +468,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, - ret = 0; - Zlen = DH_size(dh); - Z = OPENSSL_malloc(Zlen); -- if (Z == NULL) { -+ if (!Z) { - goto err; - } - if (DH_compute_key_padded(Z, dhpub, dh) <= 0) -@@ -425,7 +479,10 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, - *keylen = dctx->kdf_outlen; - ret = 1; - err: -- OPENSSL_clear_free(Z, Zlen); -+ if (Z) { -+ OPENSSL_cleanse(Z, Zlen); -+ OPENSSL_free(Z); -+ } - return ret; - } - #endif -diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_prn.c b/Cryptlib/OpenSSL/crypto/dh/dh_prn.c -index 283fb0f..5d6c3a3 100644 ---- a/Cryptlib/OpenSSL/crypto/dh/dh_prn.c -+++ b/Cryptlib/OpenSSL/crypto/dh/dh_prn.c -@@ -1,18 +1,67 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/asn1/t_pkey.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - --#ifndef OPENSSL_NO_STDIO -+#ifndef OPENSSL_NO_FP_API - int DHparams_print_fp(FILE *fp, const DH *x) - { - BIO *b; -diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_rfc5114.c b/Cryptlib/OpenSSL/crypto/dh/dh_rfc5114.c -index c4a2195..e96e2aa 100644 ---- a/Cryptlib/OpenSSL/crypto/dh/dh_rfc5114.c -+++ b/Cryptlib/OpenSSL/crypto/dh/dh_rfc5114.c -@@ -1,40 +1,284 @@ - /* -- * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2011. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" --#include "dh_locl.h" -+#include "cryptlib.h" -+#include - #include --#include "internal/bn_dh.h" -+ -+/* DH parameters from RFC5114 */ -+ -+#if BN_BITS2 == 64 -+static const BN_ULONG dh1024_160_p[] = { -+ 0xDF1FB2BC2E4A4371ULL, 0xE68CFDA76D4DA708ULL, 0x45BF37DF365C1A65ULL, -+ 0xA151AF5F0DC8B4BDULL, 0xFAA31A4FF55BCCC0ULL, 0x4EFFD6FAE5644738ULL, -+ 0x98488E9C219A7372ULL, 0xACCBDD7D90C4BD70ULL, 0x24975C3CD49B83BFULL, -+ 0x13ECB4AEA9061123ULL, 0x9838EF1E2EE652C0ULL, 0x6073E28675A23D18ULL, -+ 0x9A6A9DCA52D23B61ULL, 0x52C99FBCFB06A3C6ULL, 0xDE92DE5EAE5D54ECULL, -+ 0xB10B8F96A080E01DULL -+}; -+ -+static const BN_ULONG dh1024_160_g[] = { -+ 0x855E6EEB22B3B2E5ULL, 0x858F4DCEF97C2A24ULL, 0x2D779D5918D08BC8ULL, -+ 0xD662A4D18E73AFA3ULL, 0x1DBF0A0169B6A28AULL, 0xA6A24C087A091F53ULL, -+ 0x909D0D2263F80A76ULL, 0xD7FBD7D3B9A92EE1ULL, 0x5E91547F9E2749F4ULL, -+ 0x160217B4B01B886AULL, 0x777E690F5504F213ULL, 0x266FEA1E5C41564BULL, -+ 0xD6406CFF14266D31ULL, 0xF8104DD258AC507FULL, 0x6765A442EFB99905ULL, -+ 0xA4D1CBD5C3FD3412ULL -+}; -+ -+static const BN_ULONG dh1024_160_q[] = { -+ 0x64B7CB9D49462353ULL, 0x81A8DF278ABA4E7DULL, 0x00000000F518AA87ULL -+}; -+ -+static const BN_ULONG dh2048_224_p[] = { -+ 0x0AC4DFFE0C10E64FULL, 0xCF9DE5384E71B81CULL, 0x7EF363E2FFA31F71ULL, -+ 0xE3FB73C16B8E75B9ULL, 0xC9B53DCF4BA80A29ULL, 0x23F10B0E16E79763ULL, -+ 0xC52172E413042E9BULL, 0xBE60E69CC928B2B9ULL, 0x80CD86A1B9E587E8ULL, -+ 0x315D75E198C641A4ULL, 0xCDF93ACC44328387ULL, 0x15987D9ADC0A486DULL, -+ 0x7310F7121FD5A074ULL, 0x278273C7DE31EFDCULL, 0x1602E714415D9330ULL, -+ 0x81286130BC8985DBULL, 0xB3BF8A3170918836ULL, 0x6A00E0A0B9C49708ULL, -+ 0xC6BA0B2C8BBC27BEULL, 0xC9F98D11ED34DBF6ULL, 0x7AD5B7D0B6C12207ULL, -+ 0xD91E8FEF55B7394BULL, 0x9037C9EDEFDA4DF8ULL, 0x6D3F8152AD6AC212ULL, -+ 0x1DE6B85A1274A0A6ULL, 0xEB3D688A309C180EULL, 0xAF9A3C407BA1DF15ULL, -+ 0xE6FA141DF95A56DBULL, 0xB54B1597B61D0A75ULL, 0xA20D64E5683B9FD1ULL, -+ 0xD660FAA79559C51FULL, 0xAD107E1E9123A9D0ULL -+}; -+ -+static const BN_ULONG dh2048_224_g[] = { -+ 0x84B890D3191F2BFAULL, 0x81BC087F2A7065B3ULL, 0x19C418E1F6EC0179ULL, -+ 0x7B5A0F1C71CFFF4CULL, 0xEDFE72FE9B6AA4BDULL, 0x81E1BCFE94B30269ULL, -+ 0x566AFBB48D6C0191ULL, 0xB539CCE3409D13CDULL, 0x6AA21E7F5F2FF381ULL, -+ 0xD9E263E4770589EFULL, 0x10E183EDD19963DDULL, 0xB70A8137150B8EEBULL, -+ 0x051AE3D428C8F8ACULL, 0xBB77A86F0C1AB15BULL, 0x6E3025E316A330EFULL, -+ 0x19529A45D6F83456ULL, 0xF180EB34118E98D1ULL, 0xB5F6C6B250717CBEULL, -+ 0x09939D54DA7460CDULL, 0xE247150422EA1ED4ULL, 0xB8A762D0521BC98AULL, -+ 0xF4D027275AC1348BULL, 0xC17669101999024AULL, 0xBE5E9001A8D66AD7ULL, -+ 0xC57DB17C620A8652ULL, 0xAB739D7700C29F52ULL, 0xDD921F01A70C4AFAULL, -+ 0xA6824A4E10B9A6F0ULL, 0x74866A08CFE4FFE3ULL, 0x6CDEBE7B89998CAFULL, -+ 0x9DF30B5C8FFDAC50ULL, 0xAC4032EF4F2D9AE3ULL -+}; -+ -+static const BN_ULONG dh2048_224_q[] = { -+ 0xBF389A99B36371EBULL, 0x1F80535A4738CEBCULL, 0xC58D93FE99717710ULL, -+ 0x00000000801C0D34ULL -+}; -+ -+static const BN_ULONG dh2048_256_p[] = { -+ 0xDB094AE91E1A1597ULL, 0x693877FAD7EF09CAULL, 0x6116D2276E11715FULL, -+ 0xA4B54330C198AF12ULL, 0x75F26375D7014103ULL, 0xC3A3960A54E710C3ULL, -+ 0xDED4010ABD0BE621ULL, 0xC0B857F689962856ULL, 0xB3CA3F7971506026ULL, -+ 0x1CCACB83E6B486F6ULL, 0x67E144E514056425ULL, 0xF6A167B5A41825D9ULL, -+ 0x3AD8347796524D8EULL, 0xF13C6D9A51BFA4ABULL, 0x2D52526735488A0EULL, -+ 0xB63ACAE1CAA6B790ULL, 0x4FDB70C581B23F76ULL, 0xBC39A0BF12307F5CULL, -+ 0xB941F54EB1E59BB8ULL, 0x6C5BFC11D45F9088ULL, 0x22E0B1EF4275BF7BULL, -+ 0x91F9E6725B4758C0ULL, 0x5A8A9D306BCF67EDULL, 0x209E0C6497517ABDULL, -+ 0x3BF4296D830E9A7CULL, 0x16C3D91134096FAAULL, 0xFAF7DF4561B2AA30ULL, -+ 0xE00DF8F1D61957D4ULL, 0x5D2CEED4435E3B00ULL, 0x8CEEF608660DD0F2ULL, -+ 0xFFBBD19C65195999ULL, 0x87A8E61DB4B6663CULL -+}; -+ -+static const BN_ULONG dh2048_256_g[] = { -+ 0x664B4C0F6CC41659ULL, 0x5E2327CFEF98C582ULL, 0xD647D148D4795451ULL, -+ 0x2F63078490F00EF8ULL, 0x184B523D1DB246C3ULL, 0xC7891428CDC67EB6ULL, -+ 0x7FD028370DF92B52ULL, 0xB3353BBB64E0EC37ULL, 0xECD06E1557CD0915ULL, -+ 0xB7D2BBD2DF016199ULL, 0xC8484B1E052588B9ULL, 0xDB2A3B7313D3FE14ULL, -+ 0xD052B985D182EA0AULL, 0xA4BD1BFFE83B9C80ULL, 0xDFC967C1FB3F2E55ULL, -+ 0xB5045AF2767164E1ULL, 0x1D14348F6F2F9193ULL, 0x64E67982428EBC83ULL, -+ 0x8AC376D282D6ED38ULL, 0x777DE62AAAB8A862ULL, 0xDDF463E5E9EC144BULL, -+ 0x0196F931C77A57F2ULL, 0xA55AE31341000A65ULL, 0x901228F8C28CBB18ULL, -+ 0xBC3773BF7E8C6F62ULL, 0xBE3A6C1B0C6B47B1ULL, 0xFF4FED4AAC0BB555ULL, -+ 0x10DBC15077BE463FULL, 0x07F4793A1A0BA125ULL, 0x4CA7B18F21EF2054ULL, -+ 0x2E77506660EDBD48ULL, 0x3FB32C9B73134D0BULL -+}; -+ -+static const BN_ULONG dh2048_256_q[] = { -+ 0xA308B0FE64F5FBD3ULL, 0x99B1A47D1EB3750BULL, 0xB447997640129DA2ULL, -+ 0x8CF83642A709A097ULL -+}; -+ -+#elif BN_BITS2 == 32 -+ -+static const BN_ULONG dh1024_160_p[] = { -+ 0x2E4A4371, 0xDF1FB2BC, 0x6D4DA708, 0xE68CFDA7, 0x365C1A65, 0x45BF37DF, -+ 0x0DC8B4BD, 0xA151AF5F, 0xF55BCCC0, 0xFAA31A4F, 0xE5644738, 0x4EFFD6FA, -+ 0x219A7372, 0x98488E9C, 0x90C4BD70, 0xACCBDD7D, 0xD49B83BF, 0x24975C3C, -+ 0xA9061123, 0x13ECB4AE, 0x2EE652C0, 0x9838EF1E, 0x75A23D18, 0x6073E286, -+ 0x52D23B61, 0x9A6A9DCA, 0xFB06A3C6, 0x52C99FBC, 0xAE5D54EC, 0xDE92DE5E, -+ 0xA080E01D, 0xB10B8F96 -+}; -+ -+static const BN_ULONG dh1024_160_g[] = { -+ 0x22B3B2E5, 0x855E6EEB, 0xF97C2A24, 0x858F4DCE, 0x18D08BC8, 0x2D779D59, -+ 0x8E73AFA3, 0xD662A4D1, 0x69B6A28A, 0x1DBF0A01, 0x7A091F53, 0xA6A24C08, -+ 0x63F80A76, 0x909D0D22, 0xB9A92EE1, 0xD7FBD7D3, 0x9E2749F4, 0x5E91547F, -+ 0xB01B886A, 0x160217B4, 0x5504F213, 0x777E690F, 0x5C41564B, 0x266FEA1E, -+ 0x14266D31, 0xD6406CFF, 0x58AC507F, 0xF8104DD2, 0xEFB99905, 0x6765A442, -+ 0xC3FD3412, 0xA4D1CBD5 -+}; -+ -+static const BN_ULONG dh1024_160_q[] = { -+ 0x49462353, 0x64B7CB9D, 0x8ABA4E7D, 0x81A8DF27, 0xF518AA87 -+}; -+ -+static const BN_ULONG dh2048_224_p[] = { -+ 0x0C10E64F, 0x0AC4DFFE, 0x4E71B81C, 0xCF9DE538, 0xFFA31F71, 0x7EF363E2, -+ 0x6B8E75B9, 0xE3FB73C1, 0x4BA80A29, 0xC9B53DCF, 0x16E79763, 0x23F10B0E, -+ 0x13042E9B, 0xC52172E4, 0xC928B2B9, 0xBE60E69C, 0xB9E587E8, 0x80CD86A1, -+ 0x98C641A4, 0x315D75E1, 0x44328387, 0xCDF93ACC, 0xDC0A486D, 0x15987D9A, -+ 0x1FD5A074, 0x7310F712, 0xDE31EFDC, 0x278273C7, 0x415D9330, 0x1602E714, -+ 0xBC8985DB, 0x81286130, 0x70918836, 0xB3BF8A31, 0xB9C49708, 0x6A00E0A0, -+ 0x8BBC27BE, 0xC6BA0B2C, 0xED34DBF6, 0xC9F98D11, 0xB6C12207, 0x7AD5B7D0, -+ 0x55B7394B, 0xD91E8FEF, 0xEFDA4DF8, 0x9037C9ED, 0xAD6AC212, 0x6D3F8152, -+ 0x1274A0A6, 0x1DE6B85A, 0x309C180E, 0xEB3D688A, 0x7BA1DF15, 0xAF9A3C40, -+ 0xF95A56DB, 0xE6FA141D, 0xB61D0A75, 0xB54B1597, 0x683B9FD1, 0xA20D64E5, -+ 0x9559C51F, 0xD660FAA7, 0x9123A9D0, 0xAD107E1E -+}; -+ -+static const BN_ULONG dh2048_224_g[] = { -+ 0x191F2BFA, 0x84B890D3, 0x2A7065B3, 0x81BC087F, 0xF6EC0179, 0x19C418E1, -+ 0x71CFFF4C, 0x7B5A0F1C, 0x9B6AA4BD, 0xEDFE72FE, 0x94B30269, 0x81E1BCFE, -+ 0x8D6C0191, 0x566AFBB4, 0x409D13CD, 0xB539CCE3, 0x5F2FF381, 0x6AA21E7F, -+ 0x770589EF, 0xD9E263E4, 0xD19963DD, 0x10E183ED, 0x150B8EEB, 0xB70A8137, -+ 0x28C8F8AC, 0x051AE3D4, 0x0C1AB15B, 0xBB77A86F, 0x16A330EF, 0x6E3025E3, -+ 0xD6F83456, 0x19529A45, 0x118E98D1, 0xF180EB34, 0x50717CBE, 0xB5F6C6B2, -+ 0xDA7460CD, 0x09939D54, 0x22EA1ED4, 0xE2471504, 0x521BC98A, 0xB8A762D0, -+ 0x5AC1348B, 0xF4D02727, 0x1999024A, 0xC1766910, 0xA8D66AD7, 0xBE5E9001, -+ 0x620A8652, 0xC57DB17C, 0x00C29F52, 0xAB739D77, 0xA70C4AFA, 0xDD921F01, -+ 0x10B9A6F0, 0xA6824A4E, 0xCFE4FFE3, 0x74866A08, 0x89998CAF, 0x6CDEBE7B, -+ 0x8FFDAC50, 0x9DF30B5C, 0x4F2D9AE3, 0xAC4032EF -+}; -+ -+static const BN_ULONG dh2048_224_q[] = { -+ 0xB36371EB, 0xBF389A99, 0x4738CEBC, 0x1F80535A, 0x99717710, 0xC58D93FE, -+ 0x801C0D34 -+}; -+ -+static const BN_ULONG dh2048_256_p[] = { -+ 0x1E1A1597, 0xDB094AE9, 0xD7EF09CA, 0x693877FA, 0x6E11715F, 0x6116D227, -+ 0xC198AF12, 0xA4B54330, 0xD7014103, 0x75F26375, 0x54E710C3, 0xC3A3960A, -+ 0xBD0BE621, 0xDED4010A, 0x89962856, 0xC0B857F6, 0x71506026, 0xB3CA3F79, -+ 0xE6B486F6, 0x1CCACB83, 0x14056425, 0x67E144E5, 0xA41825D9, 0xF6A167B5, -+ 0x96524D8E, 0x3AD83477, 0x51BFA4AB, 0xF13C6D9A, 0x35488A0E, 0x2D525267, -+ 0xCAA6B790, 0xB63ACAE1, 0x81B23F76, 0x4FDB70C5, 0x12307F5C, 0xBC39A0BF, -+ 0xB1E59BB8, 0xB941F54E, 0xD45F9088, 0x6C5BFC11, 0x4275BF7B, 0x22E0B1EF, -+ 0x5B4758C0, 0x91F9E672, 0x6BCF67ED, 0x5A8A9D30, 0x97517ABD, 0x209E0C64, -+ 0x830E9A7C, 0x3BF4296D, 0x34096FAA, 0x16C3D911, 0x61B2AA30, 0xFAF7DF45, -+ 0xD61957D4, 0xE00DF8F1, 0x435E3B00, 0x5D2CEED4, 0x660DD0F2, 0x8CEEF608, -+ 0x65195999, 0xFFBBD19C, 0xB4B6663C, 0x87A8E61D -+}; -+ -+static const BN_ULONG dh2048_256_g[] = { -+ 0x6CC41659, 0x664B4C0F, 0xEF98C582, 0x5E2327CF, 0xD4795451, 0xD647D148, -+ 0x90F00EF8, 0x2F630784, 0x1DB246C3, 0x184B523D, 0xCDC67EB6, 0xC7891428, -+ 0x0DF92B52, 0x7FD02837, 0x64E0EC37, 0xB3353BBB, 0x57CD0915, 0xECD06E15, -+ 0xDF016199, 0xB7D2BBD2, 0x052588B9, 0xC8484B1E, 0x13D3FE14, 0xDB2A3B73, -+ 0xD182EA0A, 0xD052B985, 0xE83B9C80, 0xA4BD1BFF, 0xFB3F2E55, 0xDFC967C1, -+ 0x767164E1, 0xB5045AF2, 0x6F2F9193, 0x1D14348F, 0x428EBC83, 0x64E67982, -+ 0x82D6ED38, 0x8AC376D2, 0xAAB8A862, 0x777DE62A, 0xE9EC144B, 0xDDF463E5, -+ 0xC77A57F2, 0x0196F931, 0x41000A65, 0xA55AE313, 0xC28CBB18, 0x901228F8, -+ 0x7E8C6F62, 0xBC3773BF, 0x0C6B47B1, 0xBE3A6C1B, 0xAC0BB555, 0xFF4FED4A, -+ 0x77BE463F, 0x10DBC150, 0x1A0BA125, 0x07F4793A, 0x21EF2054, 0x4CA7B18F, -+ 0x60EDBD48, 0x2E775066, 0x73134D0B, 0x3FB32C9B -+}; -+ -+static const BN_ULONG dh2048_256_q[] = { -+ 0x64F5FBD3, 0xA308B0FE, 0x1EB3750B, 0x99B1A47D, 0x40129DA2, 0xB4479976, -+ 0xA709A097, 0x8CF83642 -+}; -+ -+#else -+# error "unsupported BN_BITS2" -+#endif -+ -+/* Macro to make a BIGNUM from static data */ -+ -+#define make_dh_bn(x) static const BIGNUM _bignum_##x = { (BN_ULONG *) x, \ -+ sizeof(x)/sizeof(BN_ULONG),\ -+ sizeof(x)/sizeof(BN_ULONG),\ -+ 0, BN_FLG_STATIC_DATA } - - /* - * Macro to make a DH structure from BIGNUM data. NB: although just copying -- * the BIGNUM static pointers would be more efficient, we can't do that -- * because they get wiped using BN_clear_free() when DH_free() is called. -+ * the BIGNUM static pointers would be more efficient we can't as they get -+ * wiped using BN_clear_free() when DH_free() is called. - */ - - #define make_dh(x) \ --DH *DH_get_##x(void) \ --{ \ -- DH *dh = DH_new(); \ --\ -- if (dh == NULL) \ -- return NULL; \ -- dh->p = BN_dup(&_bignum_dh##x##_p); \ -- dh->g = BN_dup(&_bignum_dh##x##_g); \ -- dh->q = BN_dup(&_bignum_dh##x##_q); \ -- if (dh->p == NULL || dh->q == NULL || dh->g == NULL) {\ -- DH_free(dh); \ -- return NULL; \ -- } \ -- return dh; \ --} -+DH * DH_get_##x(void) \ -+ { \ -+ DH *dh; \ -+ make_dh_bn(dh##x##_p); \ -+ make_dh_bn(dh##x##_q); \ -+ make_dh_bn(dh##x##_g); \ -+ dh = DH_new(); \ -+ if (!dh) \ -+ return NULL; \ -+ dh->p = BN_dup(&_bignum_dh##x##_p); \ -+ dh->g = BN_dup(&_bignum_dh##x##_g); \ -+ dh->q = BN_dup(&_bignum_dh##x##_q); \ -+ if (!dh->p || !dh->q || !dh->g) \ -+ { \ -+ DH_free(dh); \ -+ return NULL; \ -+ } \ -+ return dh; \ -+ } - - make_dh(1024_160) - make_dh(2048_224) -diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_beos.c b/Cryptlib/OpenSSL/crypto/dso/dso_beos.c -new file mode 100644 -index 0000000..68ebcd8 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/dso/dso_beos.c -@@ -0,0 +1,253 @@ -+/* dso_beos.c */ -+/* -+ * Written by Marcin Konicki (ahwayakchih@neoni.net) for the OpenSSL project -+ * 2000. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+#include -+#include -+#include "cryptlib.h" -+#include -+ -+#if !defined(OPENSSL_SYS_BEOS) -+DSO_METHOD *DSO_METHOD_beos(void) -+{ -+ return NULL; -+} -+#else -+ -+# include -+ -+static int beos_load(DSO *dso); -+static int beos_unload(DSO *dso); -+static void *beos_bind_var(DSO *dso, const char *symname); -+static DSO_FUNC_TYPE beos_bind_func(DSO *dso, const char *symname); -+# if 0 -+static int beos_unbind_var(DSO *dso, char *symname, void *symptr); -+static int beos_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr); -+static int beos_init(DSO *dso); -+static int beos_finish(DSO *dso); -+static long beos_ctrl(DSO *dso, int cmd, long larg, void *parg); -+# endif -+static char *beos_name_converter(DSO *dso, const char *filename); -+ -+static DSO_METHOD dso_meth_beos = { -+ "OpenSSL 'beos' shared library method", -+ beos_load, -+ beos_unload, -+ beos_bind_var, -+ beos_bind_func, -+/* For now, "unbind" doesn't exist */ -+# if 0 -+ NULL, /* unbind_var */ -+ NULL, /* unbind_func */ -+# endif -+ NULL, /* ctrl */ -+ beos_name_converter, -+ NULL, /* init */ -+ NULL /* finish */ -+}; -+ -+DSO_METHOD *DSO_METHOD_beos(void) -+{ -+ return (&dso_meth_beos); -+} -+ -+/* -+ * For this DSO_METHOD, our meth_data STACK will contain; (i) a pointer to -+ * the handle (image_id) returned from load_add_on(). -+ */ -+ -+static int beos_load(DSO *dso) -+{ -+ image_id id; -+ /* See applicable comments from dso_dl.c */ -+ char *filename = DSO_convert_filename(dso, NULL); -+ -+ if (filename == NULL) { -+ DSOerr(DSO_F_BEOS_LOAD, DSO_R_NO_FILENAME); -+ goto err; -+ } -+ id = load_add_on(filename); -+ if (id < 1) { -+ DSOerr(DSO_F_BEOS_LOAD, DSO_R_LOAD_FAILED); -+ ERR_add_error_data(3, "filename(", filename, ")"); -+ goto err; -+ } -+ if (!sk_push(dso->meth_data, (char *)id)) { -+ DSOerr(DSO_F_BEOS_LOAD, DSO_R_STACK_ERROR); -+ goto err; -+ } -+ /* Success */ -+ dso->loaded_filename = filename; -+ return (1); -+ err: -+ /* Cleanup ! */ -+ if (filename != NULL) -+ OPENSSL_free(filename); -+ if (id > 0) -+ unload_add_on(id); -+ return (0); -+} -+ -+static int beos_unload(DSO *dso) -+{ -+ image_id id; -+ if (dso == NULL) { -+ DSOerr(DSO_F_BEOS_UNLOAD, ERR_R_PASSED_NULL_PARAMETER); -+ return (0); -+ } -+ if (sk_num(dso->meth_data) < 1) -+ return (1); -+ id = (image_id) sk_pop(dso->meth_data); -+ if (id < 1) { -+ DSOerr(DSO_F_BEOS_UNLOAD, DSO_R_NULL_HANDLE); -+ return (0); -+ } -+ if (unload_add_on(id) != B_OK) { -+ DSOerr(DSO_F_BEOS_UNLOAD, DSO_R_UNLOAD_FAILED); -+ /* -+ * We should push the value back onto the stack in case of a retry. -+ */ -+ sk_push(dso->meth_data, (char *)id); -+ return (0); -+ } -+ return (1); -+} -+ -+static void *beos_bind_var(DSO *dso, const char *symname) -+{ -+ image_id id; -+ void *sym; -+ -+ if ((dso == NULL) || (symname == NULL)) { -+ DSOerr(DSO_F_BEOS_BIND_VAR, ERR_R_PASSED_NULL_PARAMETER); -+ return (NULL); -+ } -+ if (sk_num(dso->meth_data) < 1) { -+ DSOerr(DSO_F_BEOS_BIND_VAR, DSO_R_STACK_ERROR); -+ return (NULL); -+ } -+ id = (image_id) sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); -+ if (id < 1) { -+ DSOerr(DSO_F_BEOS_BIND_VAR, DSO_R_NULL_HANDLE); -+ return (NULL); -+ } -+ if (get_image_symbol(id, symname, B_SYMBOL_TYPE_DATA, &sym) != B_OK) { -+ DSOerr(DSO_F_BEOS_BIND_VAR, DSO_R_SYM_FAILURE); -+ ERR_add_error_data(3, "symname(", symname, ")"); -+ return (NULL); -+ } -+ return (sym); -+} -+ -+static DSO_FUNC_TYPE beos_bind_func(DSO *dso, const char *symname) -+{ -+ image_id id; -+ void *sym; -+ -+ if ((dso == NULL) || (symname == NULL)) { -+ DSOerr(DSO_F_BEOS_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER); -+ return (NULL); -+ } -+ if (sk_num(dso->meth_data) < 1) { -+ DSOerr(DSO_F_BEOS_BIND_FUNC, DSO_R_STACK_ERROR); -+ return (NULL); -+ } -+ id = (image_id) sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); -+ if (id < 1) { -+ DSOerr(DSO_F_BEOS_BIND_FUNC, DSO_R_NULL_HANDLE); -+ return (NULL); -+ } -+ if (get_image_symbol(id, symname, B_SYMBOL_TYPE_TEXT, &sym) != B_OK) { -+ DSOerr(DSO_F_BEOS_BIND_FUNC, DSO_R_SYM_FAILURE); -+ ERR_add_error_data(3, "symname(", symname, ")"); -+ return (NULL); -+ } -+ return ((DSO_FUNC_TYPE)sym); -+} -+ -+/* This one is the same as the one in dlfcn */ -+static char *beos_name_converter(DSO *dso, const char *filename) -+{ -+ char *translated; -+ int len, rsize, transform; -+ -+ len = strlen(filename); -+ rsize = len + 1; -+ transform = (strstr(filename, "/") == NULL); -+ if (transform) { -+ /* We will convert this to "%s.so" or "lib%s.so" */ -+ rsize += 3; /* The length of ".so" */ -+ if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) -+ rsize += 3; /* The length of "lib" */ -+ } -+ translated = OPENSSL_malloc(rsize); -+ if (translated == NULL) { -+ DSOerr(DSO_F_BEOS_NAME_CONVERTER, DSO_R_NAME_TRANSLATION_FAILED); -+ return (NULL); -+ } -+ if (transform) { -+ if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) -+ sprintf(translated, "lib%s.so", filename); -+ else -+ sprintf(translated, "%s.so", filename); -+ } else -+ sprintf(translated, "%s", filename); -+ return (translated); -+} -+ -+#endif -diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_dl.c b/Cryptlib/OpenSSL/crypto/dso/dso_dl.c -index d80bf56..ceedf66 100644 ---- a/Cryptlib/OpenSSL/crypto/dso/dso_dl.c -+++ b/Cryptlib/OpenSSL/crypto/dso/dso_dl.c -@@ -1,15 +1,72 @@ -+/* dso_dl.c */ - /* -- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project -+ * 2000. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - --#include "dso_locl.h" -+#include -+#include "cryptlib.h" -+#include - --#ifdef DSO_DL -+#ifndef DSO_DL -+DSO_METHOD *DSO_METHOD_dl(void) -+{ -+ return NULL; -+} -+#else - - # include - -@@ -18,7 +75,15 @@ - - static int dl_load(DSO *dso); - static int dl_unload(DSO *dso); -+static void *dl_bind_var(DSO *dso, const char *symname); - static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname); -+# if 0 -+static int dl_unbind_var(DSO *dso, char *symname, void *symptr); -+static int dl_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr); -+static int dl_init(DSO *dso); -+static int dl_finish(DSO *dso); -+static int dl_ctrl(DSO *dso, int cmd, long larg, void *parg); -+# endif - static char *dl_name_converter(DSO *dso, const char *filename); - static char *dl_merger(DSO *dso, const char *filespec1, - const char *filespec2); -@@ -29,7 +94,13 @@ static DSO_METHOD dso_meth_dl = { - "OpenSSL 'dl' shared library method", - dl_load, - dl_unload, -+ dl_bind_var, - dl_bind_func, -+/* For now, "unbind" doesn't exist */ -+# if 0 -+ NULL, /* unbind_var */ -+ NULL, /* unbind_func */ -+# endif - NULL, /* ctrl */ - dl_name_converter, - dl_merger, -@@ -39,9 +110,9 @@ static DSO_METHOD dso_meth_dl = { - dl_globallookup - }; - --DSO_METHOD *DSO_METHOD_openssl(void) -+DSO_METHOD *DSO_METHOD_dl(void) - { -- return &dso_meth_dl; -+ return (&dso_meth_dl); - } - - /* -@@ -56,7 +127,7 @@ static int dl_load(DSO *dso) - /* - * We don't do any fancy retries or anything, just take the method's (or - * DSO's if it has the callback set) best translation of the -- * platform-independent filename and try once with that. -+ * platform-independant filename and try once with that. - */ - char *filename = DSO_convert_filename(dso, NULL); - -@@ -68,10 +139,8 @@ static int dl_load(DSO *dso) - (dso->flags & DSO_FLAG_NO_NAME_TRANSLATION ? 0 : - DYNAMIC_PATH), 0L); - if (ptr == NULL) { -- char errbuf[160]; - DSOerr(DSO_F_DL_LOAD, DSO_R_LOAD_FAILED); -- if (openssl_strerror_r(errno, errbuf, sizeof(errbuf))) -- ERR_add_error_data(4, "filename(", filename, "): ", errbuf); -+ ERR_add_error_data(4, "filename(", filename, "): ", strerror(errno)); - goto err; - } - if (!sk_push(dso->meth_data, (char *)ptr)) { -@@ -86,7 +155,8 @@ static int dl_load(DSO *dso) - return (1); - err: - /* Cleanup! */ -- OPENSSL_free(filename); -+ if (filename != NULL) -+ OPENSSL_free(filename); - if (ptr != NULL) - shl_unload(ptr); - return (0); -@@ -115,6 +185,32 @@ static int dl_unload(DSO *dso) - return (1); - } - -+static void *dl_bind_var(DSO *dso, const char *symname) -+{ -+ shl_t ptr; -+ void *sym; -+ -+ if ((dso == NULL) || (symname == NULL)) { -+ DSOerr(DSO_F_DL_BIND_VAR, ERR_R_PASSED_NULL_PARAMETER); -+ return (NULL); -+ } -+ if (sk_num(dso->meth_data) < 1) { -+ DSOerr(DSO_F_DL_BIND_VAR, DSO_R_STACK_ERROR); -+ return (NULL); -+ } -+ ptr = (shl_t) sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); -+ if (ptr == NULL) { -+ DSOerr(DSO_F_DL_BIND_VAR, DSO_R_NULL_HANDLE); -+ return (NULL); -+ } -+ if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0) { -+ DSOerr(DSO_F_DL_BIND_VAR, DSO_R_SYM_FAILURE); -+ ERR_add_error_data(4, "symname(", symname, "): ", strerror(errno)); -+ return (NULL); -+ } -+ return (sym); -+} -+ - static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname) - { - shl_t ptr; -@@ -134,10 +230,8 @@ static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname) - return (NULL); - } - if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0) { -- char errbuf[160]; - DSOerr(DSO_F_DL_BIND_FUNC, DSO_R_SYM_FAILURE); -- if (openssl_strerror_r(errno, errbuf, sizeof(errbuf))) -- ERR_add_error_data(4, "symname(", symname, "): ", errbuf); -+ ERR_add_error_data(4, "symname(", symname, "): ", strerror(errno)); - return (NULL); - } - return ((DSO_FUNC_TYPE)sym); -@@ -156,21 +250,23 @@ static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2) - * if the second file specification is missing. - */ - if (!filespec2 || filespec1[0] == '/') { -- merged = OPENSSL_strdup(filespec1); -- if (merged == NULL) { -+ merged = OPENSSL_malloc(strlen(filespec1) + 1); -+ if (!merged) { - DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE); - return (NULL); - } -+ strcpy(merged, filespec1); - } - /* - * If the first file specification is missing, the second one rules. - */ - else if (!filespec1) { -- merged = OPENSSL_strdup(filespec2); -- if (merged == NULL) { -+ merged = OPENSSL_malloc(strlen(filespec2) + 1); -+ if (!merged) { - DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE); - return (NULL); - } -+ strcpy(merged, filespec2); - } else - /* - * This part isn't as trivial as it looks. It assumes that the -@@ -185,12 +281,12 @@ static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2) - spec2len = (filespec2 ? strlen(filespec2) : 0); - len = spec2len + (filespec1 ? strlen(filespec1) : 0); - -- if (spec2len && filespec2[spec2len - 1] == '/') { -+ if (filespec2 && filespec2[spec2len - 1] == '/') { - spec2len--; - len--; - } - merged = OPENSSL_malloc(len + 2); -- if (merged == NULL) { -+ if (!merged) { - DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE); - return (NULL); - } -@@ -206,8 +302,13 @@ static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2) - * unlikely that both the "dl" *and* "dlfcn" variants are being compiled at - * the same time, there's no great duplicating the code. Figuring out an - * elegant way to share one copy of the code would be more difficult and -- * would not leave the implementations independent. -+ * would not leave the implementations independant. - */ -+# if defined(__hpux) -+static const char extension[] = ".sl"; -+# else -+static const char extension[] = ".so"; -+# endif - static char *dl_name_converter(DSO *dso, const char *filename) - { - char *translated; -@@ -218,7 +319,7 @@ static char *dl_name_converter(DSO *dso, const char *filename) - transform = (strstr(filename, "/") == NULL); - { - /* We will convert this to "%s.s?" or "lib%s.s?" */ -- rsize += strlen(DSO_EXTENSION); /* The length of ".s?" */ -+ rsize += strlen(extension); /* The length of ".s?" */ - if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) - rsize += 3; /* The length of "lib" */ - } -@@ -229,9 +330,9 @@ static char *dl_name_converter(DSO *dso, const char *filename) - } - if (transform) { - if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) -- sprintf(translated, "lib%s%s", filename, DSO_EXTENSION); -+ sprintf(translated, "lib%s%s", filename, extension); - else -- sprintf(translated, "%s%s", filename, DSO_EXTENSION); -+ sprintf(translated, "%s%s", filename, extension); - } else - sprintf(translated, "%s", filename); - return (translated); -diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c b/Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c -index a4b0cdd..78df723 100644 ---- a/Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c -+++ b/Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c -@@ -1,10 +1,60 @@ -+/* dso_dlfcn.c */ - /* -- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project -+ * 2000. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - /* -@@ -16,9 +66,16 @@ - # define _GNU_SOURCE /* make sure dladdr is declared */ - #endif - --#include "dso_locl.h" -+#include -+#include "cryptlib.h" -+#include - --#ifdef DSO_DLFCN -+#ifndef DSO_DLFCN -+DSO_METHOD *DSO_METHOD_dlfcn(void) -+{ -+ return NULL; -+} -+#else - - # ifdef HAVE_DLFCN_H - # ifdef __osf__ -@@ -40,7 +97,14 @@ - - static int dlfcn_load(DSO *dso); - static int dlfcn_unload(DSO *dso); -+static void *dlfcn_bind_var(DSO *dso, const char *symname); - static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname); -+# if 0 -+static int dlfcn_unbind(DSO *dso, char *symname, void *symptr); -+static int dlfcn_init(DSO *dso); -+static int dlfcn_finish(DSO *dso); -+static long dlfcn_ctrl(DSO *dso, int cmd, long larg, void *parg); -+# endif - static char *dlfcn_name_converter(DSO *dso, const char *filename); - static char *dlfcn_merger(DSO *dso, const char *filespec1, - const char *filespec2); -@@ -51,7 +115,13 @@ static DSO_METHOD dso_meth_dlfcn = { - "OpenSSL 'dlfcn' shared library method", - dlfcn_load, - dlfcn_unload, -+ dlfcn_bind_var, - dlfcn_bind_func, -+/* For now, "unbind" doesn't exist */ -+# if 0 -+ NULL, /* unbind_var */ -+ NULL, /* unbind_func */ -+# endif - NULL, /* ctrl */ - dlfcn_name_converter, - dlfcn_merger, -@@ -61,9 +131,9 @@ static DSO_METHOD dso_meth_dlfcn = { - dlfcn_globallookup - }; - --DSO_METHOD *DSO_METHOD_openssl(void) -+DSO_METHOD *DSO_METHOD_dlfcn(void) - { -- return &dso_meth_dlfcn; -+ return (&dso_meth_dlfcn); - } - - /* -@@ -85,7 +155,11 @@ DSO_METHOD *DSO_METHOD_openssl(void) - # endif - # endif - # else --# define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */ -+# ifdef OPENSSL_SYS_SUNOS -+# define DLOPEN_FLAG 1 -+# else -+# define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */ -+# endif - # endif - - /* -@@ -123,7 +197,8 @@ static int dlfcn_load(DSO *dso) - return (1); - err: - /* Cleanup! */ -- OPENSSL_free(filename); -+ if (filename != NULL) -+ OPENSSL_free(filename); - if (ptr != NULL) - dlclose(ptr); - return (0); -@@ -152,6 +227,32 @@ static int dlfcn_unload(DSO *dso) - return (1); - } - -+static void *dlfcn_bind_var(DSO *dso, const char *symname) -+{ -+ void *ptr, *sym; -+ -+ if ((dso == NULL) || (symname == NULL)) { -+ DSOerr(DSO_F_DLFCN_BIND_VAR, ERR_R_PASSED_NULL_PARAMETER); -+ return (NULL); -+ } -+ if (sk_void_num(dso->meth_data) < 1) { -+ DSOerr(DSO_F_DLFCN_BIND_VAR, DSO_R_STACK_ERROR); -+ return (NULL); -+ } -+ ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1); -+ if (ptr == NULL) { -+ DSOerr(DSO_F_DLFCN_BIND_VAR, DSO_R_NULL_HANDLE); -+ return (NULL); -+ } -+ sym = dlsym(ptr, symname); -+ if (sym == NULL) { -+ DSOerr(DSO_F_DLFCN_BIND_VAR, DSO_R_SYM_FAILURE); -+ ERR_add_error_data(4, "symname(", symname, "): ", dlerror()); -+ return (NULL); -+ } -+ return (sym); -+} -+ - static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname) - { - void *ptr; -@@ -196,21 +297,23 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1, - * if the second file specification is missing. - */ - if (!filespec2 || (filespec1 != NULL && filespec1[0] == '/')) { -- merged = OPENSSL_strdup(filespec1); -- if (merged == NULL) { -+ merged = OPENSSL_malloc(strlen(filespec1) + 1); -+ if (!merged) { - DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE); - return (NULL); - } -+ strcpy(merged, filespec1); - } - /* - * If the first file specification is missing, the second one rules. - */ - else if (!filespec1) { -- merged = OPENSSL_strdup(filespec2); -- if (merged == NULL) { -+ merged = OPENSSL_malloc(strlen(filespec2) + 1); -+ if (!merged) { - DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE); - return (NULL); - } -+ strcpy(merged, filespec2); - } else { - /* - * This part isn't as trivial as it looks. It assumes that the -@@ -229,7 +332,7 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1, - len--; - } - merged = OPENSSL_malloc(len + 2); -- if (merged == NULL) { -+ if (!merged) { - DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE); - return (NULL); - } -@@ -240,6 +343,14 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1, - return (merged); - } - -+# ifdef OPENSSL_SYS_MACOSX -+# define DSO_ext ".dylib" -+# define DSO_extlen 6 -+# else -+# define DSO_ext ".so" -+# define DSO_extlen 3 -+# endif -+ - static char *dlfcn_name_converter(DSO *dso, const char *filename) - { - char *translated; -@@ -250,7 +361,7 @@ static char *dlfcn_name_converter(DSO *dso, const char *filename) - transform = (strstr(filename, "/") == NULL); - if (transform) { - /* We will convert this to "%s.so" or "lib%s.so" etc */ -- rsize += strlen(DSO_EXTENSION); /* The length of ".so" */ -+ rsize += DSO_extlen; /* The length of ".so" */ - if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) - rsize += 3; /* The length of "lib" */ - } -@@ -261,9 +372,9 @@ static char *dlfcn_name_converter(DSO *dso, const char *filename) - } - if (transform) { - if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) -- sprintf(translated, "lib%s" DSO_EXTENSION, filename); -+ sprintf(translated, "lib%s" DSO_ext, filename); - else -- sprintf(translated, "%s" DSO_EXTENSION, filename); -+ sprintf(translated, "%s" DSO_ext, filename); - } else - sprintf(translated, "%s", filename); - return (translated); -diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_err.c b/Cryptlib/OpenSSL/crypto/dso/dso_err.c -index 07588d5..e143cc0 100644 ---- a/Cryptlib/OpenSSL/crypto/dso/dso_err.c -+++ b/Cryptlib/OpenSSL/crypto/dso/dso_err.c -@@ -1,16 +1,67 @@ --/* -- * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/dso/dso_err.c */ -+/* ==================================================================== -+ * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+/* -+ * NOTE: this file was auto generated by the mkerr.pl script: any changes -+ * made to it will be overwritten when the script next updates this file, -+ * only reason strings will be preserved. - */ - - #include - #include --#include "internal/dso.h" -+#include - - /* BEGIN ERROR CODES */ - #ifndef OPENSSL_NO_ERR -@@ -19,41 +70,55 @@ - # define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSO,0,reason) - - static ERR_STRING_DATA DSO_str_functs[] = { -- {ERR_FUNC(DSO_F_DLFCN_BIND_FUNC), "dlfcn_bind_func"}, -- {ERR_FUNC(DSO_F_DLFCN_LOAD), "dlfcn_load"}, -- {ERR_FUNC(DSO_F_DLFCN_MERGER), "dlfcn_merger"}, -- {ERR_FUNC(DSO_F_DLFCN_NAME_CONVERTER), "dlfcn_name_converter"}, -- {ERR_FUNC(DSO_F_DLFCN_UNLOAD), "dlfcn_unload"}, -- {ERR_FUNC(DSO_F_DL_BIND_FUNC), "dl_bind_func"}, -- {ERR_FUNC(DSO_F_DL_LOAD), "dl_load"}, -- {ERR_FUNC(DSO_F_DL_MERGER), "dl_merger"}, -- {ERR_FUNC(DSO_F_DL_NAME_CONVERTER), "dl_name_converter"}, -- {ERR_FUNC(DSO_F_DL_UNLOAD), "dl_unload"}, -+ {ERR_FUNC(DSO_F_BEOS_BIND_FUNC), "BEOS_BIND_FUNC"}, -+ {ERR_FUNC(DSO_F_BEOS_BIND_VAR), "BEOS_BIND_VAR"}, -+ {ERR_FUNC(DSO_F_BEOS_LOAD), "BEOS_LOAD"}, -+ {ERR_FUNC(DSO_F_BEOS_NAME_CONVERTER), "BEOS_NAME_CONVERTER"}, -+ {ERR_FUNC(DSO_F_BEOS_UNLOAD), "BEOS_UNLOAD"}, -+ {ERR_FUNC(DSO_F_DLFCN_BIND_FUNC), "DLFCN_BIND_FUNC"}, -+ {ERR_FUNC(DSO_F_DLFCN_BIND_VAR), "DLFCN_BIND_VAR"}, -+ {ERR_FUNC(DSO_F_DLFCN_LOAD), "DLFCN_LOAD"}, -+ {ERR_FUNC(DSO_F_DLFCN_MERGER), "DLFCN_MERGER"}, -+ {ERR_FUNC(DSO_F_DLFCN_NAME_CONVERTER), "DLFCN_NAME_CONVERTER"}, -+ {ERR_FUNC(DSO_F_DLFCN_UNLOAD), "DLFCN_UNLOAD"}, -+ {ERR_FUNC(DSO_F_DL_BIND_FUNC), "DL_BIND_FUNC"}, -+ {ERR_FUNC(DSO_F_DL_BIND_VAR), "DL_BIND_VAR"}, -+ {ERR_FUNC(DSO_F_DL_LOAD), "DL_LOAD"}, -+ {ERR_FUNC(DSO_F_DL_MERGER), "DL_MERGER"}, -+ {ERR_FUNC(DSO_F_DL_NAME_CONVERTER), "DL_NAME_CONVERTER"}, -+ {ERR_FUNC(DSO_F_DL_UNLOAD), "DL_UNLOAD"}, - {ERR_FUNC(DSO_F_DSO_BIND_FUNC), "DSO_bind_func"}, -+ {ERR_FUNC(DSO_F_DSO_BIND_VAR), "DSO_bind_var"}, - {ERR_FUNC(DSO_F_DSO_CONVERT_FILENAME), "DSO_convert_filename"}, - {ERR_FUNC(DSO_F_DSO_CTRL), "DSO_ctrl"}, - {ERR_FUNC(DSO_F_DSO_FREE), "DSO_free"}, - {ERR_FUNC(DSO_F_DSO_GET_FILENAME), "DSO_get_filename"}, -+ {ERR_FUNC(DSO_F_DSO_GET_LOADED_FILENAME), "DSO_get_loaded_filename"}, - {ERR_FUNC(DSO_F_DSO_GLOBAL_LOOKUP), "DSO_global_lookup"}, - {ERR_FUNC(DSO_F_DSO_LOAD), "DSO_load"}, - {ERR_FUNC(DSO_F_DSO_MERGE), "DSO_merge"}, - {ERR_FUNC(DSO_F_DSO_NEW_METHOD), "DSO_new_method"}, - {ERR_FUNC(DSO_F_DSO_PATHBYADDR), "DSO_pathbyaddr"}, - {ERR_FUNC(DSO_F_DSO_SET_FILENAME), "DSO_set_filename"}, -+ {ERR_FUNC(DSO_F_DSO_SET_NAME_CONVERTER), "DSO_set_name_converter"}, - {ERR_FUNC(DSO_F_DSO_UP_REF), "DSO_up_ref"}, -- {ERR_FUNC(DSO_F_VMS_BIND_SYM), "vms_bind_sym"}, -- {ERR_FUNC(DSO_F_VMS_LOAD), "vms_load"}, -- {ERR_FUNC(DSO_F_VMS_MERGER), "vms_merger"}, -- {ERR_FUNC(DSO_F_VMS_UNLOAD), "vms_unload"}, -- {ERR_FUNC(DSO_F_WIN32_BIND_FUNC), "win32_bind_func"}, -- {ERR_FUNC(DSO_F_WIN32_GLOBALLOOKUP), "win32_globallookup"}, -- {ERR_FUNC(DSO_F_WIN32_JOINER), "win32_joiner"}, -- {ERR_FUNC(DSO_F_WIN32_LOAD), "win32_load"}, -- {ERR_FUNC(DSO_F_WIN32_MERGER), "win32_merger"}, -- {ERR_FUNC(DSO_F_WIN32_NAME_CONVERTER), "win32_name_converter"}, -- {ERR_FUNC(DSO_F_WIN32_PATHBYADDR), "win32_pathbyaddr"}, -- {ERR_FUNC(DSO_F_WIN32_SPLITTER), "win32_splitter"}, -- {ERR_FUNC(DSO_F_WIN32_UNLOAD), "win32_unload"}, -+ {ERR_FUNC(DSO_F_GLOBAL_LOOKUP_FUNC), "GLOBAL_LOOKUP_FUNC"}, -+ {ERR_FUNC(DSO_F_PATHBYADDR), "PATHBYADDR"}, -+ {ERR_FUNC(DSO_F_VMS_BIND_SYM), "VMS_BIND_SYM"}, -+ {ERR_FUNC(DSO_F_VMS_LOAD), "VMS_LOAD"}, -+ {ERR_FUNC(DSO_F_VMS_MERGER), "VMS_MERGER"}, -+ {ERR_FUNC(DSO_F_VMS_UNLOAD), "VMS_UNLOAD"}, -+ {ERR_FUNC(DSO_F_WIN32_BIND_FUNC), "WIN32_BIND_FUNC"}, -+ {ERR_FUNC(DSO_F_WIN32_BIND_VAR), "WIN32_BIND_VAR"}, -+ {ERR_FUNC(DSO_F_WIN32_GLOBALLOOKUP), "WIN32_GLOBALLOOKUP"}, -+ {ERR_FUNC(DSO_F_WIN32_GLOBALLOOKUP_FUNC), "WIN32_GLOBALLOOKUP_FUNC"}, -+ {ERR_FUNC(DSO_F_WIN32_JOINER), "WIN32_JOINER"}, -+ {ERR_FUNC(DSO_F_WIN32_LOAD), "WIN32_LOAD"}, -+ {ERR_FUNC(DSO_F_WIN32_MERGER), "WIN32_MERGER"}, -+ {ERR_FUNC(DSO_F_WIN32_NAME_CONVERTER), "WIN32_NAME_CONVERTER"}, -+ {ERR_FUNC(DSO_F_WIN32_PATHBYADDR), "WIN32_PATHBYADDR"}, -+ {ERR_FUNC(DSO_F_WIN32_SPLITTER), "WIN32_SPLITTER"}, -+ {ERR_FUNC(DSO_F_WIN32_UNLOAD), "WIN32_UNLOAD"}, - {0, NULL} - }; - -@@ -68,6 +133,7 @@ static ERR_STRING_DATA DSO_str_reasons[] = { - {ERR_REASON(DSO_R_LOAD_FAILED), "could not load the shared library"}, - {ERR_REASON(DSO_R_NAME_TRANSLATION_FAILED), "name translation failed"}, - {ERR_REASON(DSO_R_NO_FILENAME), "no filename"}, -+ {ERR_REASON(DSO_R_NO_FILE_SPECIFICATION), "no file specification"}, - {ERR_REASON(DSO_R_NULL_HANDLE), "a null shared library handle was used"}, - {ERR_REASON(DSO_R_SET_FILENAME_FAILED), "set filename failed"}, - {ERR_REASON(DSO_R_STACK_ERROR), "the meth_data stack is corrupt"}, -@@ -80,7 +146,7 @@ static ERR_STRING_DATA DSO_str_reasons[] = { - - #endif - --int ERR_load_DSO_strings(void) -+void ERR_load_DSO_strings(void) - { - #ifndef OPENSSL_NO_ERR - -@@ -89,5 +155,4 @@ int ERR_load_DSO_strings(void) - ERR_load_strings(0, DSO_str_reasons); - } - #endif -- return 1; - } -diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_lib.c b/Cryptlib/OpenSSL/crypto/dso/dso_lib.c -index f58237d..2beb7c1 100644 ---- a/Cryptlib/OpenSSL/crypto/dso/dso_lib.c -+++ b/Cryptlib/OpenSSL/crypto/dso/dso_lib.c -@@ -1,33 +1,114 @@ -+/* dso_lib.c */ - /* -- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project -+ * 2000. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - --#include "dso_locl.h" -+#include -+#include -+#include "cryptlib.h" -+#include - - static DSO_METHOD *default_DSO_meth = NULL; - --static DSO *DSO_new_method(DSO_METHOD *meth) -+DSO *DSO_new(void) -+{ -+ return (DSO_new_method(NULL)); -+} -+ -+void DSO_set_default_method(DSO_METHOD *meth) -+{ -+ default_DSO_meth = meth; -+} -+ -+DSO_METHOD *DSO_get_default_method(void) -+{ -+ return (default_DSO_meth); -+} -+ -+DSO_METHOD *DSO_get_method(DSO *dso) -+{ -+ return (dso->meth); -+} -+ -+DSO_METHOD *DSO_set_method(DSO *dso, DSO_METHOD *meth) -+{ -+ DSO_METHOD *mtmp; -+ mtmp = dso->meth; -+ dso->meth = meth; -+ return (mtmp); -+} -+ -+DSO *DSO_new_method(DSO_METHOD *meth) - { - DSO *ret; - -- if (default_DSO_meth == NULL) { -+ if (default_DSO_meth == NULL) - /* - * We default to DSO_METH_openssl() which in turn defaults to - * stealing the "best available" method. Will fallback to - * DSO_METH_null() in the worst case. - */ - default_DSO_meth = DSO_METHOD_openssl(); -- } -- ret = OPENSSL_zalloc(sizeof(*ret)); -+ ret = (DSO *)OPENSSL_malloc(sizeof(DSO)); - if (ret == NULL) { - DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE); - return (NULL); - } -+ memset(ret, 0, sizeof(DSO)); - ret->meth_data = sk_void_new_null(); - if (ret->meth_data == NULL) { - /* sk_new doesn't generate any errors so we do */ -@@ -35,62 +116,59 @@ static DSO *DSO_new_method(DSO_METHOD *meth) - OPENSSL_free(ret); - return (NULL); - } -- ret->meth = default_DSO_meth; -+ if (meth == NULL) -+ ret->meth = default_DSO_meth; -+ else -+ ret->meth = meth; - ret->references = 1; -- ret->lock = CRYPTO_THREAD_lock_new(); -- if (ret->lock == NULL) { -- DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE); -+ if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { - sk_void_free(ret->meth_data); - OPENSSL_free(ret); -- return NULL; -- } -- -- if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { -- DSO_free(ret); - ret = NULL; - } -- -- return ret; --} -- --DSO *DSO_new(void) --{ -- return DSO_new_method(NULL); -+ return (ret); - } - - int DSO_free(DSO *dso) - { - int i; - -- if (dso == NULL) -- return (1); -- -- if (CRYPTO_atomic_add(&dso->references, -1, &i, dso->lock) <= 0) -- return 0; -+ if (dso == NULL) { -+ DSOerr(DSO_F_DSO_FREE, ERR_R_PASSED_NULL_PARAMETER); -+ return (0); -+ } - -- REF_PRINT_COUNT("DSO", dso); -+ i = CRYPTO_add(&dso->references, -1, CRYPTO_LOCK_DSO); -+#ifdef REF_PRINT -+ REF_PRINT("DSO", dso); -+#endif - if (i > 0) -- return 1; -- REF_ASSERT_ISNT(i < 0); -+ return (1); -+#ifdef REF_CHECK -+ if (i < 0) { -+ fprintf(stderr, "DSO_free, bad reference count\n"); -+ abort(); -+ } -+#endif - -- if ((dso->flags & DSO_FLAG_NO_UNLOAD_ON_FREE) == 0) { -- if ((dso->meth->dso_unload != NULL) && !dso->meth->dso_unload(dso)) { -- DSOerr(DSO_F_DSO_FREE, DSO_R_UNLOAD_FAILED); -- return 0; -- } -+ if ((dso->meth->dso_unload != NULL) && !dso->meth->dso_unload(dso)) { -+ DSOerr(DSO_F_DSO_FREE, DSO_R_UNLOAD_FAILED); -+ return (0); - } - - if ((dso->meth->finish != NULL) && !dso->meth->finish(dso)) { - DSOerr(DSO_F_DSO_FREE, DSO_R_FINISH_FAILED); -- return 0; -+ return (0); - } - - sk_void_free(dso->meth_data); -- OPENSSL_free(dso->filename); -- OPENSSL_free(dso->loaded_filename); -- CRYPTO_THREAD_lock_free(dso->lock); -+ if (dso->filename != NULL) -+ OPENSSL_free(dso->filename); -+ if (dso->loaded_filename != NULL) -+ OPENSSL_free(dso->loaded_filename); -+ - OPENSSL_free(dso); -- return 1; -+ return (1); - } - - int DSO_flags(DSO *dso) -@@ -100,19 +178,13 @@ int DSO_flags(DSO *dso) - - int DSO_up_ref(DSO *dso) - { -- int i; -- - if (dso == NULL) { - DSOerr(DSO_F_DSO_UP_REF, ERR_R_PASSED_NULL_PARAMETER); -- return 0; -+ return (0); - } - -- if (CRYPTO_atomic_add(&dso->references, 1, &i, dso->lock) <= 0) -- return 0; -- -- REF_PRINT_COUNT("DSO", r); -- REF_ASSERT_ISNT(i < 2); -- return ((i > 1) ? 1 : 0); -+ CRYPTO_add(&dso->references, 1, CRYPTO_LOCK_DSO); -+ return (1); - } - - DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags) -@@ -169,6 +241,26 @@ DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags) - return (NULL); - } - -+void *DSO_bind_var(DSO *dso, const char *symname) -+{ -+ void *ret = NULL; -+ -+ if ((dso == NULL) || (symname == NULL)) { -+ DSOerr(DSO_F_DSO_BIND_VAR, ERR_R_PASSED_NULL_PARAMETER); -+ return (NULL); -+ } -+ if (dso->meth->dso_bind_var == NULL) { -+ DSOerr(DSO_F_DSO_BIND_VAR, DSO_R_UNSUPPORTED); -+ return (NULL); -+ } -+ if ((ret = dso->meth->dso_bind_var(dso, symname)) == NULL) { -+ DSOerr(DSO_F_DSO_BIND_VAR, DSO_R_SYM_FAILURE); -+ return (NULL); -+ } -+ /* Success */ -+ return (ret); -+} -+ - DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname) - { - DSO_FUNC_TYPE ret = NULL; -@@ -227,6 +319,19 @@ long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg) - return (dso->meth->dso_ctrl(dso, cmd, larg, parg)); - } - -+int DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb, -+ DSO_NAME_CONVERTER_FUNC *oldcb) -+{ -+ if (dso == NULL) { -+ DSOerr(DSO_F_DSO_SET_NAME_CONVERTER, ERR_R_PASSED_NULL_PARAMETER); -+ return (0); -+ } -+ if (oldcb) -+ *oldcb = dso->name_converter; -+ dso->name_converter = cb; -+ return (1); -+} -+ - const char *DSO_get_filename(DSO *dso) - { - if (dso == NULL) { -@@ -249,12 +354,14 @@ int DSO_set_filename(DSO *dso, const char *filename) - return (0); - } - /* We'll duplicate filename */ -- copied = OPENSSL_strdup(filename); -+ copied = OPENSSL_malloc(strlen(filename) + 1); - if (copied == NULL) { - DSOerr(DSO_F_DSO_SET_FILENAME, ERR_R_MALLOC_FAILURE); - return (0); - } -- OPENSSL_free(dso->filename); -+ BUF_strlcpy(copied, filename, strlen(filename) + 1); -+ if (dso->filename) -+ OPENSSL_free(dso->filename); - dso->filename = copied; - return (1); - } -@@ -297,15 +404,25 @@ char *DSO_convert_filename(DSO *dso, const char *filename) - result = dso->meth->dso_name_converter(dso, filename); - } - if (result == NULL) { -- result = OPENSSL_strdup(filename); -+ result = OPENSSL_malloc(strlen(filename) + 1); - if (result == NULL) { - DSOerr(DSO_F_DSO_CONVERT_FILENAME, ERR_R_MALLOC_FAILURE); - return (NULL); - } -+ BUF_strlcpy(result, filename, strlen(filename) + 1); - } - return (result); - } - -+const char *DSO_get_loaded_filename(DSO *dso) -+{ -+ if (dso == NULL) { -+ DSOerr(DSO_F_DSO_GET_LOADED_FILENAME, ERR_R_PASSED_NULL_PARAMETER); -+ return (NULL); -+ } -+ return (dso->loaded_filename); -+} -+ - int DSO_pathbyaddr(void *addr, char *path, int sz) - { - DSO_METHOD *meth = default_DSO_meth; -@@ -318,24 +435,6 @@ int DSO_pathbyaddr(void *addr, char *path, int sz) - return (*meth->pathbyaddr) (addr, path, sz); - } - --DSO *DSO_dsobyaddr(void *addr, int flags) --{ -- DSO *ret = NULL; -- char *filename = NULL; -- int len = DSO_pathbyaddr(addr, NULL, 0); -- -- if (len < 0) -- return NULL; -- -- filename = OPENSSL_malloc(len); -- if (filename != NULL -- && DSO_pathbyaddr(addr, filename, len) == len) -- ret = DSO_load(NULL, filename, NULL, flags); -- -- OPENSSL_free(filename); -- return ret; --} -- - void *DSO_global_lookup(const char *name) - { - DSO_METHOD *meth = default_DSO_meth; -diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_locl.h b/Cryptlib/OpenSSL/crypto/dso/dso_locl.h -deleted file mode 100644 -index fbfad05..0000000 ---- a/Cryptlib/OpenSSL/crypto/dso/dso_locl.h -+++ /dev/null -@@ -1,106 +0,0 @@ --/* -- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include --#include "internal/cryptlib.h" --#include "internal/dso.h" --#include "internal/dso_conf.h" -- --/**********************************************************************/ --/* The low-level handle type used to refer to a loaded shared library */ -- --struct dso_st { -- DSO_METHOD *meth; -- /* -- * Standard dlopen uses a (void *). Win32 uses a HANDLE. VMS doesn't use -- * anything but will need to cache the filename for use in the dso_bind -- * handler. All in all, let each method control its own destiny. -- * "Handles" and such go in a STACK. -- */ -- STACK_OF(void) *meth_data; -- int references; -- int flags; -- /* -- * For use by applications etc ... use this for your bits'n'pieces, don't -- * touch meth_data! -- */ -- CRYPTO_EX_DATA ex_data; -- /* -- * If this callback function pointer is set to non-NULL, then it will be -- * used in DSO_load() in place of meth->dso_name_converter. NB: This -- * should normally set using DSO_set_name_converter(). -- */ -- DSO_NAME_CONVERTER_FUNC name_converter; -- /* -- * If this callback function pointer is set to non-NULL, then it will be -- * used in DSO_load() in place of meth->dso_merger. NB: This should -- * normally set using DSO_set_merger(). -- */ -- DSO_MERGER_FUNC merger; -- /* -- * This is populated with (a copy of) the platform-independent filename -- * used for this DSO. -- */ -- char *filename; -- /* -- * This is populated with (a copy of) the translated filename by which -- * the DSO was actually loaded. It is NULL iff the DSO is not currently -- * loaded. NB: This is here because the filename translation process may -- * involve a callback being invoked more than once not only to convert to -- * a platform-specific form, but also to try different filenames in the -- * process of trying to perform a load. As such, this variable can be -- * used to indicate (a) whether this DSO structure corresponds to a -- * loaded library or not, and (b) the filename with which it was actually -- * loaded. -- */ -- char *loaded_filename; -- CRYPTO_RWLOCK *lock; --}; -- --struct dso_meth_st { -- const char *name; -- /* -- * Loads a shared library, NB: new DSO_METHODs must ensure that a -- * successful load populates the loaded_filename field, and likewise a -- * successful unload OPENSSL_frees and NULLs it out. -- */ -- int (*dso_load) (DSO *dso); -- /* Unloads a shared library */ -- int (*dso_unload) (DSO *dso); -- /* -- * Binds a function - assumes a return type of DSO_FUNC_TYPE. This should -- * be cast to the real function prototype by the caller. Platforms that -- * don't have compatible representations for different prototypes (this -- * is possible within ANSI C) are highly unlikely to have shared -- * libraries at all, let alone a DSO_METHOD implemented for them. -- */ -- DSO_FUNC_TYPE (*dso_bind_func) (DSO *dso, const char *symname); -- /* -- * The generic (yuck) "ctrl()" function. NB: Negative return values -- * (rather than zero) indicate errors. -- */ -- long (*dso_ctrl) (DSO *dso, int cmd, long larg, void *parg); -- /* -- * The default DSO_METHOD-specific function for converting filenames to a -- * canonical native form. -- */ -- DSO_NAME_CONVERTER_FUNC dso_name_converter; -- /* -- * The default DSO_METHOD-specific function for converting filenames to a -- * canonical native form. -- */ -- DSO_MERGER_FUNC dso_merger; -- /* [De]Initialisation handlers. */ -- int (*init) (DSO *dso); -- int (*finish) (DSO *dso); -- /* Return pathname of the module containing location */ -- int (*pathbyaddr) (void *addr, char *path, int sz); -- /* Perform global symbol lookup, i.e. among *all* modules */ -- void *(*globallookup) (const char *symname); --}; -diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_null.c b/Cryptlib/OpenSSL/crypto/dso/dso_null.c -new file mode 100644 -index 0000000..20122d1 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/dso/dso_null.c -@@ -0,0 +1,92 @@ -+/* dso_null.c */ -+/* -+ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project -+ * 2000. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+/* -+ * This "NULL" method is provided as the fallback for systems that have no -+ * appropriate support for "shared-libraries". -+ */ -+ -+#include -+#include "cryptlib.h" -+#include -+ -+static DSO_METHOD dso_meth_null = { -+ "NULL shared library method", -+ NULL, /* load */ -+ NULL, /* unload */ -+ NULL, /* bind_var */ -+ NULL, /* bind_func */ -+/* For now, "unbind" doesn't exist */ -+#if 0 -+ NULL, /* unbind_var */ -+ NULL, /* unbind_func */ -+#endif -+ NULL, /* ctrl */ -+ NULL, /* dso_name_converter */ -+ NULL, /* dso_merger */ -+ NULL, /* init */ -+ NULL, /* finish */ -+ NULL, /* pathbyaddr */ -+ NULL /* globallookup */ -+}; -+ -+DSO_METHOD *DSO_METHOD_null(void) -+{ -+ return (&dso_meth_null); -+} -diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_openssl.c b/Cryptlib/OpenSSL/crypto/dso/dso_openssl.c -index 6626331..087e989 100644 ---- a/Cryptlib/OpenSSL/crypto/dso/dso_openssl.c -+++ b/Cryptlib/OpenSSL/crypto/dso/dso_openssl.c -@@ -1,22 +1,83 @@ -+/* dso_openssl.c */ - /* -- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project -+ * 2000. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - --#include "dso_locl.h" -+#include -+#include "cryptlib.h" -+#include - --#if !defined(DSO_VMS) && !defined(DSO_DLCFN) && !defined(DSO_DL) && !defined(DSO_WIN32) && !defined(DSO_DLFCN) -- --static DSO_METHOD dso_meth_null = { -- "NULL shared library method" --}; -+/* We just pinch the method from an appropriate "default" method. */ - - DSO_METHOD *DSO_METHOD_openssl(void) - { -- return &dso_meth_null; --} -+#ifdef DEF_DSO_METHOD -+ return (DEF_DSO_METHOD()); -+#elif defined(DSO_DLFCN) -+ return (DSO_METHOD_dlfcn()); -+#elif defined(DSO_DL) -+ return (DSO_METHOD_dl()); -+#elif defined(DSO_WIN32) -+ return (DSO_METHOD_win32()); -+#elif defined(DSO_VMS) -+ return (DSO_METHOD_vms()); -+#elif defined(DSO_BEOS) -+ return (DSO_METHOD_beos()); -+#else -+ return (DSO_METHOD_null()); - #endif -+} -diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_vms.c b/Cryptlib/OpenSSL/crypto/dso/dso_vms.c -index b9a98dd..1efd84b 100644 ---- a/Cryptlib/OpenSSL/crypto/dso/dso_vms.c -+++ b/Cryptlib/OpenSSL/crypto/dso/dso_vms.c -@@ -1,25 +1,82 @@ -+/* dso_vms.c */ - /* -- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project -+ * 2000. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - --#include "dso_locl.h" -+#include -+#include -+#include -+#include "cryptlib.h" -+#include - --#ifdef OPENSSL_SYS_VMS -+#ifndef OPENSSL_SYS_VMS -+DSO_METHOD *DSO_METHOD_vms(void) -+{ -+ return NULL; -+} -+#else - - # pragma message disable DOLLARID --# include - # include - # include --# include - # include - # include - # include --# include "../vms_rms.h" -+# include "vms_rms.h" - - /* Some compiler options may mask the declaration of "_malloc32". */ - # if __INITIAL_POINTER_SIZE && defined _ANSI_C_SOURCE -@@ -36,7 +93,15 @@ void *_malloc32(__size_t); - - static int vms_load(DSO *dso); - static int vms_unload(DSO *dso); -+static void *vms_bind_var(DSO *dso, const char *symname); - static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname); -+# if 0 -+static int vms_unbind_var(DSO *dso, char *symname, void *symptr); -+static int vms_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr); -+static int vms_init(DSO *dso); -+static int vms_finish(DSO *dso); -+static long vms_ctrl(DSO *dso, int cmd, long larg, void *parg); -+# endif - static char *vms_name_converter(DSO *dso, const char *filename); - static char *vms_merger(DSO *dso, const char *filespec1, - const char *filespec2); -@@ -45,14 +110,18 @@ static DSO_METHOD dso_meth_vms = { - "OpenSSL 'VMS' shared library method", - vms_load, - NULL, /* unload */ -+ vms_bind_var, - vms_bind_func, -+/* For now, "unbind" doesn't exist */ -+# if 0 -+ NULL, /* unbind_var */ -+ NULL, /* unbind_func */ -+# endif - NULL, /* ctrl */ - vms_name_converter, - vms_merger, - NULL, /* init */ -- NULL, /* finish */ -- NULL, /* pathbyaddr */ -- NULL /* globallookup */ -+ NULL /* finish */ - }; - - /* -@@ -76,9 +145,9 @@ typedef struct dso_internal_st { - char imagename[NAMX_MAXRSS + 1]; - } DSO_VMS_INTERNAL; - --DSO_METHOD *DSO_METHOD_openssl(void) -+DSO_METHOD *DSO_METHOD_vms(void) - { -- return &dso_meth_vms; -+ return (&dso_meth_vms); - } - - static int vms_load(DSO *dso) -@@ -103,7 +172,7 @@ static int vms_load(DSO *dso) - # endif /* __INITIAL_POINTER_SIZE == 64 */ - - const char *sp1, *sp2; /* Search result */ -- const char *ext = NULL; /* possible extension to add */ -+ const char *ext = NULL; /* possible extension to add */ - - if (filename == NULL) { - DSOerr(DSO_F_VMS_LOAD, DSO_R_NO_FILENAME); -@@ -173,7 +242,7 @@ static int vms_load(DSO *dso) - goto err; - } - -- p = DSO_MALLOC(sizeof(*p)); -+ p = DSO_MALLOC(sizeof(DSO_VMS_INTERNAL)); - if (p == NULL) { - DSOerr(DSO_F_VMS_LOAD, ERR_R_MALLOC_FAILURE); - goto err; -@@ -210,8 +279,10 @@ static int vms_load(DSO *dso) - return (1); - err: - /* Cleanup! */ -- OPENSSL_free(p); -- OPENSSL_free(filename); -+ if (p != NULL) -+ OPENSSL_free(p); -+ if (filename != NULL) -+ OPENSSL_free(filename); - return (0); - } - -@@ -267,10 +338,11 @@ void vms_bind_sym(DSO *dso, const char *symname, void **sym) - { - DSO_VMS_INTERNAL *ptr; - int status; --# ifdef LIB$M_FIS_MIXEDCASE -- int flags = LIB$M_FIS_MIXEDCASE; -+# if 0 -+ int flags = (1 << 4); /* LIB$M_FIS_MIXEDCASE, but this symbol isn't -+ * defined in VMS older than 7.0 or so */ - # else -- int flags = (1 << 4); -+ int flags = 0; - # endif - struct dsc$descriptor_s symname_dsc; - -@@ -355,6 +427,13 @@ void vms_bind_sym(DSO *dso, const char *symname, void **sym) - return; - } - -+static void *vms_bind_var(DSO *dso, const char *symname) -+{ -+ void *sym = 0; -+ vms_bind_sym(dso, symname, &sym); -+ return sym; -+} -+ - static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname) - { - DSO_FUNC_TYPE sym = 0; -@@ -447,7 +526,7 @@ static char *vms_merger(DSO *dso, const char *filespec1, - } - - merged = OPENSSL_malloc(nam.NAMX_ESL + 1); -- if (merged == NULL) -+ if (!merged) - goto malloc_err; - strncpy(merged, nam.NAMX_ESA, nam.NAMX_ESL); - merged[nam.NAMX_ESL] = '\0'; -@@ -460,7 +539,7 @@ static char *vms_name_converter(DSO *dso, const char *filename) - { - int len = strlen(filename); - char *not_translated = OPENSSL_malloc(len + 1); -- if (not_translated != NULL) -+ if (not_translated) - strcpy(not_translated, filename); - return (not_translated); - } -diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_win32.c b/Cryptlib/OpenSSL/crypto/dso/dso_win32.c -index 4a4c34a..706e754 100644 ---- a/Cryptlib/OpenSSL/crypto/dso/dso_win32.c -+++ b/Cryptlib/OpenSSL/crypto/dso/dso_win32.c -@@ -1,15 +1,73 @@ -+/* dso_win32.c */ - /* -- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project -+ * 2000. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - --#include "dso_locl.h" -+#include -+#include -+#include "cryptlib.h" -+#include - --#if defined(DSO_WIN32) -+#if !defined(DSO_WIN32) -+DSO_METHOD *DSO_METHOD_win32(void) -+{ -+ return NULL; -+} -+#else - - # ifdef _WIN32_WCE - # if _WIN32_WCE < 300 -@@ -59,10 +117,19 @@ static HINSTANCE LoadLibraryA(LPCSTR lpLibFileName) - - static int win32_load(DSO *dso); - static int win32_unload(DSO *dso); -+static void *win32_bind_var(DSO *dso, const char *symname); - static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname); -+# if 0 -+static int win32_unbind_var(DSO *dso, char *symname, void *symptr); -+static int win32_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr); -+static int win32_init(DSO *dso); -+static int win32_finish(DSO *dso); -+static long win32_ctrl(DSO *dso, int cmd, long larg, void *parg); -+# endif - static char *win32_name_converter(DSO *dso, const char *filename); - static char *win32_merger(DSO *dso, const char *filespec1, - const char *filespec2); -+static int win32_pathbyaddr(void *addr, char *path, int sz); - static void *win32_globallookup(const char *name); - - static const char *openssl_strnchr(const char *string, int c, size_t len); -@@ -71,19 +138,25 @@ static DSO_METHOD dso_meth_win32 = { - "OpenSSL 'win32' shared library method", - win32_load, - win32_unload, -+ win32_bind_var, - win32_bind_func, -+/* For now, "unbind" doesn't exist */ -+# if 0 -+ NULL, /* unbind_var */ -+ NULL, /* unbind_func */ -+# endif - NULL, /* ctrl */ - win32_name_converter, - win32_merger, - NULL, /* init */ - NULL, /* finish */ -- NULL, /* pathbyaddr */ -+ win32_pathbyaddr, - win32_globallookup - }; - --DSO_METHOD *DSO_METHOD_openssl(void) -+DSO_METHOD *DSO_METHOD_win32(void) - { -- return &dso_meth_win32; -+ return (&dso_meth_win32); - } - - /* -@@ -107,7 +180,7 @@ static int win32_load(DSO *dso) - ERR_add_error_data(3, "filename(", filename, ")"); - goto err; - } -- p = OPENSSL_malloc(sizeof(*p)); -+ p = (HINSTANCE *) OPENSSL_malloc(sizeof(HINSTANCE)); - if (p == NULL) { - DSOerr(DSO_F_WIN32_LOAD, ERR_R_MALLOC_FAILURE); - goto err; -@@ -122,8 +195,10 @@ static int win32_load(DSO *dso) - return (1); - err: - /* Cleanup ! */ -- OPENSSL_free(filename); -- OPENSSL_free(p); -+ if (filename != NULL) -+ OPENSSL_free(filename); -+ if (p != NULL) -+ OPENSSL_free(p); - if (h != NULL) - FreeLibrary(h); - return (0); -@@ -156,13 +231,41 @@ static int win32_unload(DSO *dso) - return (1); - } - -+/* -+ * Using GetProcAddress for variables? TODO: Check this out in the Win32 API -+ * docs, there's probably a variant for variables. -+ */ -+static void *win32_bind_var(DSO *dso, const char *symname) -+{ -+ HINSTANCE *ptr; -+ void *sym; -+ -+ if ((dso == NULL) || (symname == NULL)) { -+ DSOerr(DSO_F_WIN32_BIND_VAR, ERR_R_PASSED_NULL_PARAMETER); -+ return (NULL); -+ } -+ if (sk_void_num(dso->meth_data) < 1) { -+ DSOerr(DSO_F_WIN32_BIND_VAR, DSO_R_STACK_ERROR); -+ return (NULL); -+ } -+ ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1); -+ if (ptr == NULL) { -+ DSOerr(DSO_F_WIN32_BIND_VAR, DSO_R_NULL_HANDLE); -+ return (NULL); -+ } -+ sym = GetProcAddress(*ptr, symname); -+ if (sym == NULL) { -+ DSOerr(DSO_F_WIN32_BIND_VAR, DSO_R_SYM_FAILURE); -+ ERR_add_error_data(3, "symname(", symname, ")"); -+ return (NULL); -+ } -+ return (sym); -+} -+ - static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname) - { - HINSTANCE *ptr; -- union { -- void *p; -- FARPROC f; -- } sym; -+ void *sym; - - if ((dso == NULL) || (symname == NULL)) { - DSOerr(DSO_F_WIN32_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER); -@@ -177,13 +280,13 @@ static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname) - DSOerr(DSO_F_WIN32_BIND_FUNC, DSO_R_NULL_HANDLE); - return (NULL); - } -- sym.f = GetProcAddress(*ptr, symname); -- if (sym.p == NULL) { -+ sym = GetProcAddress(*ptr, symname); -+ if (sym == NULL) { - DSOerr(DSO_F_WIN32_BIND_FUNC, DSO_R_SYM_FAILURE); - ERR_add_error_data(3, "symname(", symname, ")"); - return (NULL); - } -- return ((DSO_FUNC_TYPE)sym.f); -+ return ((DSO_FUNC_TYPE)sym); - } - - struct file_st { -@@ -215,12 +318,13 @@ static struct file_st *win32_splitter(DSO *dso, const char *filename, - return (NULL); - } - -- result = OPENSSL_zalloc(sizeof(*result)); -+ result = OPENSSL_malloc(sizeof(struct file_st)); - if (result == NULL) { - DSOerr(DSO_F_WIN32_SPLITTER, ERR_R_MALLOC_FAILURE); - return (NULL); - } - -+ memset(result, 0, sizeof(struct file_st)); - position = IN_DEVICE; - - if ((filename[0] == '\\' && filename[1] == '\\') -@@ -338,7 +442,7 @@ static char *win32_joiner(DSO *dso, const struct file_st *file_split) - } - - result = OPENSSL_malloc(len + 1); -- if (result == NULL) { -+ if (!result) { - DSOerr(DSO_F_WIN32_JOINER, ERR_R_MALLOC_FAILURE); - return (NULL); - } -@@ -372,6 +476,13 @@ static char *win32_joiner(DSO *dso, const struct file_st *file_split) - offset++; - start = end + 1; - } -+# if 0 /* Not needed, since the directory converter -+ * above already appeneded a backslash */ -+ if (file_split->predir && (file_split->dir || file_split->file)) { -+ result[offset] = '\\'; -+ offset++; -+ } -+# endif - start = file_split->dir; - while (file_split->dirlen > (start - file_split->dir)) { - const char *end = openssl_strnchr(start, '/', -@@ -385,6 +496,13 @@ static char *win32_joiner(DSO *dso, const struct file_st *file_split) - offset++; - start = end + 1; - } -+# if 0 /* Not needed, since the directory converter -+ * above already appeneded a backslash */ -+ if (file_split->dir && file_split->file) { -+ result[offset] = '\\'; -+ offset++; -+ } -+# endif - strncpy(&result[offset], file_split->file, file_split->filelen); - offset += file_split->filelen; - result[offset] = '\0'; -@@ -404,14 +522,14 @@ static char *win32_merger(DSO *dso, const char *filespec1, - } - if (!filespec2) { - merged = OPENSSL_malloc(strlen(filespec1) + 1); -- if (merged == NULL) { -+ if (!merged) { - DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE); - return (NULL); - } - strcpy(merged, filespec1); - } else if (!filespec1) { - merged = OPENSSL_malloc(strlen(filespec2) + 1); -- if (merged == NULL) { -+ if (!merged) { - DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE); - return (NULL); - } -@@ -507,6 +625,106 @@ typedef HANDLE(WINAPI *CREATETOOLHELP32SNAPSHOT) (DWORD, DWORD); - typedef BOOL(WINAPI *CLOSETOOLHELP32SNAPSHOT) (HANDLE); - typedef BOOL(WINAPI *MODULE32) (HANDLE, MODULEENTRY32 *); - -+static int win32_pathbyaddr(void *addr, char *path, int sz) -+{ -+ HMODULE dll; -+ HANDLE hModuleSnap = INVALID_HANDLE_VALUE; -+ MODULEENTRY32 me32; -+ CREATETOOLHELP32SNAPSHOT create_snap; -+ CLOSETOOLHELP32SNAPSHOT close_snap; -+ MODULE32 module_first, module_next; -+ -+ if (addr == NULL) { -+ union { -+ int (*f) (void *, char *, int); -+ void *p; -+ } t = { -+ win32_pathbyaddr -+ }; -+ addr = t.p; -+ } -+ -+ dll = LoadLibrary(TEXT(DLLNAME)); -+ if (dll == NULL) { -+ DSOerr(DSO_F_WIN32_PATHBYADDR, DSO_R_UNSUPPORTED); -+ return -1; -+ } -+ -+ create_snap = (CREATETOOLHELP32SNAPSHOT) -+ GetProcAddress(dll, "CreateToolhelp32Snapshot"); -+ if (create_snap == NULL) { -+ FreeLibrary(dll); -+ DSOerr(DSO_F_WIN32_PATHBYADDR, DSO_R_UNSUPPORTED); -+ return -1; -+ } -+ /* We take the rest for granted... */ -+# ifdef _WIN32_WCE -+ close_snap = (CLOSETOOLHELP32SNAPSHOT) -+ GetProcAddress(dll, "CloseToolhelp32Snapshot"); -+# else -+ close_snap = (CLOSETOOLHELP32SNAPSHOT) CloseHandle; -+# endif -+ module_first = (MODULE32) GetProcAddress(dll, "Module32First"); -+ module_next = (MODULE32) GetProcAddress(dll, "Module32Next"); -+ -+ hModuleSnap = (*create_snap) (TH32CS_SNAPMODULE, 0); -+ if (hModuleSnap == INVALID_HANDLE_VALUE) { -+ FreeLibrary(dll); -+ DSOerr(DSO_F_WIN32_PATHBYADDR, DSO_R_UNSUPPORTED); -+ return -1; -+ } -+ -+ me32.dwSize = sizeof(me32); -+ -+ if (!(*module_first) (hModuleSnap, &me32)) { -+ (*close_snap) (hModuleSnap); -+ FreeLibrary(dll); -+ DSOerr(DSO_F_WIN32_PATHBYADDR, DSO_R_FAILURE); -+ return -1; -+ } -+ -+ do { -+ if ((BYTE *) addr >= me32.modBaseAddr && -+ (BYTE *) addr < me32.modBaseAddr + me32.modBaseSize) { -+ (*close_snap) (hModuleSnap); -+ FreeLibrary(dll); -+# ifdef _WIN32_WCE -+# if _WIN32_WCE >= 101 -+ return WideCharToMultiByte(CP_ACP, 0, me32.szExePath, -1, -+ path, sz, NULL, NULL); -+# else -+ { -+ int i, len = (int)wcslen(me32.szExePath); -+ if (sz <= 0) -+ return len + 1; -+ if (len >= sz) -+ len = sz - 1; -+ for (i = 0; i < len; i++) -+ path[i] = (char)me32.szExePath[i]; -+ path[len++] = 0; -+ return len; -+ } -+# endif -+# else -+ { -+ int len = (int)strlen(me32.szExePath); -+ if (sz <= 0) -+ return len + 1; -+ if (len >= sz) -+ len = sz - 1; -+ memcpy(path, me32.szExePath, len); -+ path[len++] = 0; -+ return len; -+ } -+# endif -+ } -+ } while ((*module_next) (hModuleSnap, &me32)); -+ -+ (*close_snap) (hModuleSnap); -+ FreeLibrary(dll); -+ return 0; -+} -+ - static void *win32_globallookup(const char *name) - { - HMODULE dll; -@@ -515,10 +733,7 @@ static void *win32_globallookup(const char *name) - CREATETOOLHELP32SNAPSHOT create_snap; - CLOSETOOLHELP32SNAPSHOT close_snap; - MODULE32 module_first, module_next; -- union { -- void *p; -- FARPROC f; -- } ret = { NULL }; -+ FARPROC ret = NULL; - - dll = LoadLibrary(TEXT(DLLNAME)); - if (dll == NULL) { -@@ -559,10 +774,10 @@ static void *win32_globallookup(const char *name) - } - - do { -- if ((ret.f = GetProcAddress(me32.hModule, name))) { -+ if ((ret = GetProcAddress(me32.hModule, name))) { - (*close_snap) (hModuleSnap); - FreeLibrary(dll); -- return ret.p; -+ return ret; - } - } while ((*module_next) (hModuleSnap, &me32)); - -diff --git a/Cryptlib/OpenSSL/crypto/ebcdic.c b/Cryptlib/OpenSSL/crypto/ebcdic.c -index 6871953..fd6df92 100644 ---- a/Cryptlib/OpenSSL/crypto/ebcdic.c -+++ b/Cryptlib/OpenSSL/crypto/ebcdic.c -@@ -1,103 +1,21 @@ --/* -- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -+/* crypto/ebcdic.c */ - --# include - #ifndef CHARSET_EBCDIC --NON_EMPTY_TRANSLATION_UNIT --#else - --# include -+# include -+# if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX) || defined(__clang__) -+static void *dummy = &dummy; -+# endif -+ -+#else /* CHARSET_EBCDIC */ - -+# include "ebcdic.h" - /*- - * Initial Port for Apache-1.3 by - * Adapted for OpenSSL-0.9.4 by - */ - --# ifdef CHARSET_EBCDIC_TEST --/* -- * Here we're looking to test the EBCDIC code on an ASCII system so we don't do -- * any translation in these tables at all. -- */ -- --/* The ebcdic-to-ascii table: */ --const unsigned char os_toascii[256] = { -- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, -- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, -- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, -- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, -- 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, -- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, -- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, -- 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, -- 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, -- 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, -- 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, -- 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, -- 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, -- 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, -- 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, -- 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, -- 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, -- 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, -- 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, -- 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, -- 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, -- 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, -- 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, -- 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, -- 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, -- 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, -- 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, -- 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, -- 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, -- 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, -- 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, -- 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff --}; -- --/* The ascii-to-ebcdic table: */ --const unsigned char os_toebcdic[256] = { -- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, -- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, -- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, -- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, -- 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, -- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, -- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, -- 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, -- 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, -- 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, -- 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, -- 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, -- 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, -- 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, -- 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, -- 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, -- 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, -- 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, -- 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, -- 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, -- 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, -- 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, -- 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, -- 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, -- 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, -- 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, -- 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, -- 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, -- 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, -- 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, -- 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, -- 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff --}; -- --# elif defined(_OSD_POSIX) -+# ifdef _OSD_POSIX - /* - * "BS2000 OSD" is a POSIX subsystem on a main frame. It is made by Siemens - * AG, Germany, for their BS2000 mainframe machines. Within the POSIX -@@ -255,7 +173,7 @@ const unsigned char os_toebcdic[256] = { - * systems. It is a modified version of the BS2000 table. - * - * Bijective EBCDIC (character set IBM-1047) to US-ASCII table: This table is -- * bijective - there are no ambiguous or duplicate characters. -+ * bijective - there are no ambigous or duplicate characters. - */ - const unsigned char os_toascii[256] = { - 0x00, 0x01, 0x02, 0x03, 0x85, 0x09, 0x86, 0x7f, /* 00-0f: */ -diff --git a/Cryptlib/OpenSSL/crypto/err/err.c b/Cryptlib/OpenSSL/crypto/err/err.c -index 44a293a..52dc9a5 100644 ---- a/Cryptlib/OpenSSL/crypto/err/err.c -+++ b/Cryptlib/OpenSSL/crypto/err/err.c -@@ -1,24 +1,126 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/err/err.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+/* ==================================================================== -+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include - #include - #include --#include --#include --#include -+#include "cryptlib.h" - #include - #include - #include - #include --#include --#include -+#include -+ -+DECLARE_LHASH_OF(ERR_STRING_DATA); -+DECLARE_LHASH_OF(ERR_STATE); - - static void err_load_strings(int lib, ERR_STRING_DATA *str); - -@@ -40,8 +142,6 @@ static ERR_STRING_DATA ERR_str_libraries[] = { - {ERR_PACK(ERR_LIB_CONF, 0, 0), "configuration file routines"}, - {ERR_PACK(ERR_LIB_CRYPTO, 0, 0), "common libcrypto routines"}, - {ERR_PACK(ERR_LIB_EC, 0, 0), "elliptic curve routines"}, -- {ERR_PACK(ERR_LIB_ECDSA, 0, 0), "ECDSA routines"}, -- {ERR_PACK(ERR_LIB_ECDH, 0, 0), "ECDH routines"}, - {ERR_PACK(ERR_LIB_SSL, 0, 0), "SSL routines"}, - {ERR_PACK(ERR_LIB_BIO, 0, 0), "BIO routines"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, 0), "PKCS7 routines"}, -@@ -52,13 +152,9 @@ static ERR_STRING_DATA ERR_str_libraries[] = { - {ERR_PACK(ERR_LIB_TS, 0, 0), "time stamp routines"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, 0), "engine routines"}, - {ERR_PACK(ERR_LIB_OCSP, 0, 0), "OCSP routines"}, -- {ERR_PACK(ERR_LIB_UI, 0, 0), "UI routines"}, - {ERR_PACK(ERR_LIB_FIPS, 0, 0), "FIPS routines"}, - {ERR_PACK(ERR_LIB_CMS, 0, 0), "CMS routines"}, - {ERR_PACK(ERR_LIB_HMAC, 0, 0), "HMAC routines"}, -- {ERR_PACK(ERR_LIB_CT, 0, 0), "CT routines"}, -- {ERR_PACK(ERR_LIB_ASYNC, 0, 0), "ASYNC routines"}, -- {ERR_PACK(ERR_LIB_KDF, 0, 0), "KDF routines"}, - {0, NULL}, - }; - -@@ -76,12 +172,6 @@ static ERR_STRING_DATA ERR_str_functs[] = { - # endif - {ERR_PACK(0, SYS_F_OPENDIR, 0), "opendir"}, - {ERR_PACK(0, SYS_F_FREAD, 0), "fread"}, -- {ERR_PACK(0, SYS_F_GETADDRINFO, 0), "getaddrinfo"}, -- {ERR_PACK(0, SYS_F_GETNAMEINFO, 0), "getnameinfo"}, -- {ERR_PACK(0, SYS_F_SETSOCKOPT, 0), "setsockopt"}, -- {ERR_PACK(0, SYS_F_GETSOCKOPT, 0), "getsockopt"}, -- {ERR_PACK(0, SYS_F_GETSOCKNAME, 0), "getsockname"}, -- {ERR_PACK(0, SYS_F_GETHOSTBYNAME, 0), "gethostbyname"}, - {0, NULL}, - }; - -@@ -97,14 +187,25 @@ static ERR_STRING_DATA ERR_str_reasons[] = { - {ERR_R_DSA_LIB, "DSA lib"}, - {ERR_R_X509_LIB, "X509 lib"}, - {ERR_R_ASN1_LIB, "ASN1 lib"}, -+ {ERR_R_CONF_LIB, "CONF lib"}, -+ {ERR_R_CRYPTO_LIB, "CRYPTO lib"}, - {ERR_R_EC_LIB, "EC lib"}, -+ {ERR_R_SSL_LIB, "SSL lib"}, - {ERR_R_BIO_LIB, "BIO lib"}, - {ERR_R_PKCS7_LIB, "PKCS7 lib"}, - {ERR_R_X509V3_LIB, "X509V3 lib"}, -+ {ERR_R_PKCS12_LIB, "PKCS12 lib"}, -+ {ERR_R_RAND_LIB, "RAND lib"}, -+ {ERR_R_DSO_LIB, "DSO lib"}, - {ERR_R_ENGINE_LIB, "ENGINE lib"}, -- {ERR_R_ECDSA_LIB, "ECDSA lib"}, -+ {ERR_R_OCSP_LIB, "OCSP lib"}, -+ {ERR_R_TS_LIB, "TS lib"}, - - {ERR_R_NESTED_ASN1_ERROR, "nested asn1 error"}, -+ {ERR_R_BAD_ASN1_OBJECT_HEADER, "bad asn1 object header"}, -+ {ERR_R_BAD_GET_ASN1_OBJECT_CALL, "bad get asn1 object call"}, -+ {ERR_R_EXPECTING_AN_ASN1_SEQUENCE, "expecting an asn1 sequence"}, -+ {ERR_R_ASN1_LENGTH_MISMATCH, "asn1 length mismatch"}, - {ERR_R_MISSING_ASN1_EOS, "missing asn1 eos"}, - - {ERR_R_FATAL, "fatal"}, -@@ -114,31 +215,125 @@ static ERR_STRING_DATA ERR_str_reasons[] = { - {ERR_R_PASSED_NULL_PARAMETER, "passed a null parameter"}, - {ERR_R_INTERNAL_ERROR, "internal error"}, - {ERR_R_DISABLED, "called a function that was disabled at compile-time"}, -- {ERR_R_INIT_FAIL, "init fail"}, - - {0, NULL}, - }; - #endif - --static CRYPTO_ONCE err_init = CRYPTO_ONCE_STATIC_INIT; --static CRYPTO_THREAD_LOCAL err_thread_local; -- --static CRYPTO_ONCE err_string_init = CRYPTO_ONCE_STATIC_INIT; --static CRYPTO_RWLOCK *err_string_lock; -+/* Define the predeclared (but externally opaque) "ERR_FNS" type */ -+struct st_ERR_FNS { -+ /* Works on the "error_hash" string table */ -+ LHASH_OF(ERR_STRING_DATA) *(*cb_err_get) (int create); -+ void (*cb_err_del) (void); -+ ERR_STRING_DATA *(*cb_err_get_item) (const ERR_STRING_DATA *); -+ ERR_STRING_DATA *(*cb_err_set_item) (ERR_STRING_DATA *); -+ ERR_STRING_DATA *(*cb_err_del_item) (ERR_STRING_DATA *); -+ /* Works on the "thread_hash" error-state table */ -+ LHASH_OF(ERR_STATE) *(*cb_thread_get) (int create); -+ void (*cb_thread_release) (LHASH_OF(ERR_STATE) **hash); -+ ERR_STATE *(*cb_thread_get_item) (const ERR_STATE *); -+ ERR_STATE *(*cb_thread_set_item) (ERR_STATE *); -+ void (*cb_thread_del_item) (const ERR_STATE *); -+ /* Returns the next available error "library" numbers */ -+ int (*cb_get_next_lib) (void); -+}; - -+/* Predeclarations of the "err_defaults" functions */ -+static LHASH_OF(ERR_STRING_DATA) *int_err_get(int create); -+static void int_err_del(void); - static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *); -+static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *); -+static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *); -+static LHASH_OF(ERR_STATE) *int_thread_get(int create); -+static void int_thread_release(LHASH_OF(ERR_STATE) **hash); -+static ERR_STATE *int_thread_get_item(const ERR_STATE *); -+static ERR_STATE *int_thread_set_item(ERR_STATE *); -+static void int_thread_del_item(const ERR_STATE *); -+static int int_err_get_next_lib(void); -+/* The static ERR_FNS table using these defaults functions */ -+static const ERR_FNS err_defaults = { -+ int_err_get, -+ int_err_del, -+ int_err_get_item, -+ int_err_set_item, -+ int_err_del_item, -+ int_thread_get, -+ int_thread_release, -+ int_thread_get_item, -+ int_thread_set_item, -+ int_thread_del_item, -+ int_err_get_next_lib -+}; -+ -+/* The replacable table of ERR_FNS functions we use at run-time */ -+static const ERR_FNS *err_fns = NULL; -+ -+/* Eg. rather than using "err_get()", use "ERRFN(err_get)()". */ -+#define ERRFN(a) err_fns->cb_##a - - /* -- * The internal state -+ * The internal state used by "err_defaults" - as such, the setting, reading, -+ * creating, and deleting of this data should only be permitted via the -+ * "err_defaults" functions. This way, a linked module can completely defer -+ * all ERR state operation (together with requisite locking) to the -+ * implementations and state in the loading application. - */ -- - static LHASH_OF(ERR_STRING_DATA) *int_error_hash = NULL; -+static LHASH_OF(ERR_STATE) *int_thread_hash = NULL; -+static int int_thread_hash_references = 0; - static int int_err_library_number = ERR_LIB_USER; - -+/* -+ * Internal function that checks whether "err_fns" is set and if not, sets it -+ * to the defaults. -+ */ -+static void err_fns_check(void) -+{ -+ if (err_fns) -+ return; -+ -+ CRYPTO_w_lock(CRYPTO_LOCK_ERR); -+ if (!err_fns) -+ err_fns = &err_defaults; -+ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); -+} -+ -+/* API functions to get or set the underlying ERR functions. */ -+ -+const ERR_FNS *ERR_get_implementation(void) -+{ -+ err_fns_check(); -+ return err_fns; -+} -+ -+int ERR_set_implementation(const ERR_FNS *fns) -+{ -+ int ret = 0; -+ -+ CRYPTO_w_lock(CRYPTO_LOCK_ERR); -+ /* -+ * It's too late if 'err_fns' is non-NULL. BTW: not much point setting an -+ * error is there?! -+ */ -+ if (!err_fns) { -+ err_fns = fns; -+ ret = 1; -+ } -+ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); -+ return ret; -+} -+ -+/* -+ * These are the callbacks provided to "lh_new()" when creating the LHASH -+ * tables internal to the "err_defaults" implementation. -+ */ -+ - static unsigned long get_error_values(int inc, int top, const char **file, - int *line, const char **data, - int *flags); - -+/* The internal functions used in the "err_defaults" implementation */ -+ - static unsigned long err_string_data_hash(const ERR_STRING_DATA *a) - { - unsigned long ret, l; -@@ -148,24 +343,221 @@ static unsigned long err_string_data_hash(const ERR_STRING_DATA *a) - return (ret ^ ret % 19 * 13); - } - -+static IMPLEMENT_LHASH_HASH_FN(err_string_data, ERR_STRING_DATA) -+ - static int err_string_data_cmp(const ERR_STRING_DATA *a, - const ERR_STRING_DATA *b) - { - return (int)(a->error - b->error); - } - -+static IMPLEMENT_LHASH_COMP_FN(err_string_data, ERR_STRING_DATA) -+ -+static LHASH_OF(ERR_STRING_DATA) *int_err_get(int create) -+{ -+ LHASH_OF(ERR_STRING_DATA) *ret = NULL; -+ -+ CRYPTO_w_lock(CRYPTO_LOCK_ERR); -+ if (!int_error_hash && create) { -+ CRYPTO_push_info("int_err_get (err.c)"); -+ int_error_hash = lh_ERR_STRING_DATA_new(); -+ CRYPTO_pop_info(); -+ } -+ if (int_error_hash) -+ ret = int_error_hash; -+ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); -+ -+ return ret; -+} -+ -+static void int_err_del(void) -+{ -+ CRYPTO_w_lock(CRYPTO_LOCK_ERR); -+ if (int_error_hash) { -+ lh_ERR_STRING_DATA_free(int_error_hash); -+ int_error_hash = NULL; -+ } -+ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); -+} -+ - static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *d) - { -- ERR_STRING_DATA *p = NULL; -+ ERR_STRING_DATA *p; -+ LHASH_OF(ERR_STRING_DATA) *hash; -+ -+ err_fns_check(); -+ hash = ERRFN(err_get) (0); -+ if (!hash) -+ return NULL; -+ -+ CRYPTO_r_lock(CRYPTO_LOCK_ERR); -+ p = lh_ERR_STRING_DATA_retrieve(hash, d); -+ CRYPTO_r_unlock(CRYPTO_LOCK_ERR); -+ -+ return p; -+} -+ -+static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *d) -+{ -+ ERR_STRING_DATA *p; -+ LHASH_OF(ERR_STRING_DATA) *hash; -+ -+ err_fns_check(); -+ hash = ERRFN(err_get) (1); -+ if (!hash) -+ return NULL; -+ -+ CRYPTO_w_lock(CRYPTO_LOCK_ERR); -+ p = lh_ERR_STRING_DATA_insert(hash, d); -+ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); -+ -+ return p; -+} -+ -+static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *d) -+{ -+ ERR_STRING_DATA *p; -+ LHASH_OF(ERR_STRING_DATA) *hash; -+ -+ err_fns_check(); -+ hash = ERRFN(err_get) (0); -+ if (!hash) -+ return NULL; -+ -+ CRYPTO_w_lock(CRYPTO_LOCK_ERR); -+ p = lh_ERR_STRING_DATA_delete(hash, d); -+ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); -+ -+ return p; -+} -+ -+static unsigned long err_state_hash(const ERR_STATE *a) -+{ -+ return CRYPTO_THREADID_hash(&a->tid) * 13; -+} -+ -+static IMPLEMENT_LHASH_HASH_FN(err_state, ERR_STATE) -+ -+static int err_state_cmp(const ERR_STATE *a, const ERR_STATE *b) -+{ -+ return CRYPTO_THREADID_cmp(&a->tid, &b->tid); -+} -+ -+static IMPLEMENT_LHASH_COMP_FN(err_state, ERR_STATE) -+ -+static LHASH_OF(ERR_STATE) *int_thread_get(int create) -+{ -+ LHASH_OF(ERR_STATE) *ret = NULL; -+ -+ CRYPTO_w_lock(CRYPTO_LOCK_ERR); -+ if (!int_thread_hash && create) { -+ CRYPTO_push_info("int_thread_get (err.c)"); -+ int_thread_hash = lh_ERR_STATE_new(); -+ CRYPTO_pop_info(); -+ } -+ if (int_thread_hash) { -+ int_thread_hash_references++; -+ ret = int_thread_hash; -+ } -+ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); -+ return ret; -+} -+ -+static void int_thread_release(LHASH_OF(ERR_STATE) **hash) -+{ -+ int i; -+ -+ if (hash == NULL || *hash == NULL) -+ return; -+ -+ i = CRYPTO_add(&int_thread_hash_references, -1, CRYPTO_LOCK_ERR); -+ -+#ifdef REF_PRINT -+ fprintf(stderr, "%4d:%s\n", int_thread_hash_references, "ERR"); -+#endif -+ if (i > 0) -+ return; -+#ifdef REF_CHECK -+ if (i < 0) { -+ fprintf(stderr, "int_thread_release, bad reference count\n"); -+ abort(); /* ok */ -+ } -+#endif -+ *hash = NULL; -+} -+ -+static ERR_STATE *int_thread_get_item(const ERR_STATE *d) -+{ -+ ERR_STATE *p; -+ LHASH_OF(ERR_STATE) *hash; -+ -+ err_fns_check(); -+ hash = ERRFN(thread_get) (0); -+ if (!hash) -+ return NULL; - -- CRYPTO_THREAD_read_lock(err_string_lock); -- if (int_error_hash != NULL) -- p = lh_ERR_STRING_DATA_retrieve(int_error_hash, d); -- CRYPTO_THREAD_unlock(err_string_lock); -+ CRYPTO_r_lock(CRYPTO_LOCK_ERR); -+ p = lh_ERR_STATE_retrieve(hash, d); -+ CRYPTO_r_unlock(CRYPTO_LOCK_ERR); - -+ ERRFN(thread_release) (&hash); - return p; - } - -+static ERR_STATE *int_thread_set_item(ERR_STATE *d) -+{ -+ ERR_STATE *p; -+ LHASH_OF(ERR_STATE) *hash; -+ -+ err_fns_check(); -+ hash = ERRFN(thread_get) (1); -+ if (!hash) -+ return NULL; -+ -+ CRYPTO_w_lock(CRYPTO_LOCK_ERR); -+ p = lh_ERR_STATE_insert(hash, d); -+ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); -+ -+ ERRFN(thread_release) (&hash); -+ return p; -+} -+ -+static void int_thread_del_item(const ERR_STATE *d) -+{ -+ ERR_STATE *p; -+ LHASH_OF(ERR_STATE) *hash; -+ -+ err_fns_check(); -+ hash = ERRFN(thread_get) (0); -+ if (!hash) -+ return; -+ -+ CRYPTO_w_lock(CRYPTO_LOCK_ERR); -+ p = lh_ERR_STATE_delete(hash, d); -+ /* make sure we don't leak memory */ -+ if (int_thread_hash_references == 1 -+ && int_thread_hash && lh_ERR_STATE_num_items(int_thread_hash) == 0) { -+ lh_ERR_STATE_free(int_thread_hash); -+ int_thread_hash = NULL; -+ } -+ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); -+ -+ ERRFN(thread_release) (&hash); -+ if (p) -+ ERR_STATE_free(p); -+} -+ -+static int int_err_get_next_lib(void) -+{ -+ int ret; -+ -+ CRYPTO_w_lock(CRYPTO_LOCK_ERR); -+ ret = int_err_library_number++; -+ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); -+ -+ return ret; -+} -+ - #ifndef OPENSSL_NO_ERR - # define NUM_SYS_STR_REASONS 127 - # define LEN_SYS_STR_REASON 32 -@@ -185,12 +577,19 @@ static void build_SYS_str_reasons(void) - { - /* OPENSSL_malloc cannot be used here, use static storage instead */ - static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON]; -- static int init = 1; - int i; -+ static int init = 1; - -- CRYPTO_THREAD_write_lock(err_string_lock); -+ CRYPTO_r_lock(CRYPTO_LOCK_ERR); - if (!init) { -- CRYPTO_THREAD_unlock(err_string_lock); -+ CRYPTO_r_unlock(CRYPTO_LOCK_ERR); -+ return; -+ } -+ -+ CRYPTO_r_unlock(CRYPTO_LOCK_ERR); -+ CRYPTO_w_lock(CRYPTO_LOCK_ERR); -+ if (!init) { -+ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); - return; - } - -@@ -200,8 +599,12 @@ static void build_SYS_str_reasons(void) - str->error = (unsigned long)i; - if (str->string == NULL) { - char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]); -- if (openssl_strerror_r(i, *dest, sizeof(*dest))) -+ char *src = strerror(i); -+ if (src != NULL) { -+ strncpy(*dest, src, sizeof *dest); -+ (*dest)[sizeof *dest - 1] = '\0'; - str->string = *dest; -+ } - } - if (str->string == NULL) - str->string = "unknown"; -@@ -214,13 +617,14 @@ static void build_SYS_str_reasons(void) - - init = 0; - -- CRYPTO_THREAD_unlock(err_string_lock); -+ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); - } - #endif - - #define err_clear_data(p,i) \ - do { \ -- if ((p)->err_data_flags[i] & ERR_TXT_MALLOCED) \ -+ if (((p)->err_data[i] != NULL) && \ -+ (p)->err_data_flags[i] & ERR_TXT_MALLOCED) \ - { \ - OPENSSL_free((p)->err_data[i]); \ - (p)->err_data[i]=NULL; \ -@@ -250,85 +654,48 @@ static void ERR_STATE_free(ERR_STATE *s) - OPENSSL_free(s); - } - --DEFINE_RUN_ONCE_STATIC(do_err_strings_init) --{ -- OPENSSL_init_crypto(0, NULL); -- err_string_lock = CRYPTO_THREAD_lock_new(); -- return err_string_lock != NULL; --} -- --void err_cleanup(void) --{ -- CRYPTO_THREAD_lock_free(err_string_lock); -- err_string_lock = NULL; --} -- --int ERR_load_ERR_strings(void) -+void ERR_load_ERR_strings(void) - { -+ err_fns_check(); - #ifndef OPENSSL_NO_ERR -- if (!RUN_ONCE(&err_string_init, do_err_strings_init)) -- return 0; -- - err_load_strings(0, ERR_str_libraries); - err_load_strings(0, ERR_str_reasons); - err_load_strings(ERR_LIB_SYS, ERR_str_functs); - build_SYS_str_reasons(); - err_load_strings(ERR_LIB_SYS, SYS_str_reasons); - #endif -- return 1; - } - - static void err_load_strings(int lib, ERR_STRING_DATA *str) - { -- CRYPTO_THREAD_write_lock(err_string_lock); -- if (int_error_hash == NULL) -- int_error_hash = lh_ERR_STRING_DATA_new(err_string_data_hash, -- err_string_data_cmp); -- if (int_error_hash != NULL) { -- for (; str->error; str++) { -- if (lib) -- str->error |= ERR_PACK(lib, 0, 0); -- (void)lh_ERR_STRING_DATA_insert(int_error_hash, str); -- } -+ while (str->error) { -+ if (lib) -+ str->error |= ERR_PACK(lib, 0, 0); -+ ERRFN(err_set_item) (str); -+ str++; - } -- CRYPTO_THREAD_unlock(err_string_lock); - } - --int ERR_load_strings(int lib, ERR_STRING_DATA *str) -+void ERR_load_strings(int lib, ERR_STRING_DATA *str) - { -- if (ERR_load_ERR_strings() == 0) -- return 0; -+ ERR_load_ERR_strings(); - err_load_strings(lib, str); -- return 1; - } - --int ERR_unload_strings(int lib, ERR_STRING_DATA *str) -+void ERR_unload_strings(int lib, ERR_STRING_DATA *str) - { -- if (!RUN_ONCE(&err_string_init, do_err_strings_init)) -- return 0; -- -- CRYPTO_THREAD_write_lock(err_string_lock); -- if (int_error_hash != NULL) { -- for (; str->error; str++) { -- if (lib) -- str->error |= ERR_PACK(lib, 0, 0); -- (void)lh_ERR_STRING_DATA_delete(int_error_hash, str); -- } -+ while (str->error) { -+ if (lib) -+ str->error |= ERR_PACK(lib, 0, 0); -+ ERRFN(err_del_item) (str); -+ str++; - } -- CRYPTO_THREAD_unlock(err_string_lock); -- -- return 1; - } - --void err_free_strings_int(void) -+void ERR_free_strings(void) - { -- if (!RUN_ONCE(&err_string_init, do_err_strings_init)) -- return; -- -- CRYPTO_THREAD_write_lock(err_string_lock); -- lh_ERR_STRING_DATA_free(int_error_hash); -- int_error_hash = NULL; -- CRYPTO_THREAD_unlock(err_string_lock); -+ err_fns_check(); -+ ERRFN(err_del) (); - } - - /********************************************************/ -@@ -547,6 +914,7 @@ void ERR_error_string_n(unsigned long e, char *buf, size_t len) - } - } - -+/* BAD for multi-threading: uses a local buffer if ret == NULL */ - /* - * ERR_error_string_n should be used instead for ret != NULL as - * ERR_error_string cannot know how large the buffer is -@@ -562,18 +930,33 @@ char *ERR_error_string(unsigned long e, char *ret) - return ret; - } - -+LHASH_OF(ERR_STRING_DATA) *ERR_get_string_table(void) -+{ -+ err_fns_check(); -+ return ERRFN(err_get) (0); -+} -+ -+LHASH_OF(ERR_STATE) *ERR_get_err_state_table(void) -+{ -+ err_fns_check(); -+ return ERRFN(thread_get) (0); -+} -+ -+void ERR_release_err_state_table(LHASH_OF(ERR_STATE) **hash) -+{ -+ err_fns_check(); -+ ERRFN(thread_release) (hash); -+} -+ - const char *ERR_lib_error_string(unsigned long e) - { - ERR_STRING_DATA d, *p; - unsigned long l; - -- if (!RUN_ONCE(&err_string_init, do_err_strings_init)) { -- return NULL; -- } -- -+ err_fns_check(); - l = ERR_GET_LIB(e); - d.error = ERR_PACK(l, 0, 0); -- p = int_err_get_item(&d); -+ p = ERRFN(err_get_item) (&d); - return ((p == NULL) ? NULL : p->string); - } - -@@ -582,14 +965,11 @@ const char *ERR_func_error_string(unsigned long e) - ERR_STRING_DATA d, *p; - unsigned long l, f; - -- if (!RUN_ONCE(&err_string_init, do_err_strings_init)) { -- return NULL; -- } -- -+ err_fns_check(); - l = ERR_GET_LIB(e); - f = ERR_GET_FUNC(e); - d.error = ERR_PACK(l, f, 0); -- p = int_err_get_item(&d); -+ p = ERRFN(err_get_item) (&d); - return ((p == NULL) ? NULL : p->string); - } - -@@ -598,87 +978,85 @@ const char *ERR_reason_error_string(unsigned long e) - ERR_STRING_DATA d, *p = NULL; - unsigned long l, r; - -- if (!RUN_ONCE(&err_string_init, do_err_strings_init)) { -- return NULL; -- } -- -+ err_fns_check(); - l = ERR_GET_LIB(e); - r = ERR_GET_REASON(e); - d.error = ERR_PACK(l, 0, r); -- p = int_err_get_item(&d); -+ p = ERRFN(err_get_item) (&d); - if (!p) { - d.error = ERR_PACK(0, 0, r); -- p = int_err_get_item(&d); -+ p = ERRFN(err_get_item) (&d); - } - return ((p == NULL) ? NULL : p->string); - } - --void err_delete_thread_state(void) -+void ERR_remove_thread_state(const CRYPTO_THREADID *id) - { -- ERR_STATE *state = ERR_get_state(); -- if (state == NULL) -- return; -- -- CRYPTO_THREAD_set_local(&err_thread_local, NULL); -- ERR_STATE_free(state); --} -+ ERR_STATE tmp; - --#if OPENSSL_API_COMPAT < 0x10100000L --void ERR_remove_thread_state(void *dummy) --{ -+ if (id) -+ CRYPTO_THREADID_cpy(&tmp.tid, id); -+ else -+ CRYPTO_THREADID_current(&tmp.tid); -+ err_fns_check(); -+ /* -+ * thread_del_item automatically destroys the LHASH if the number of -+ * items reaches zero. -+ */ -+ ERRFN(thread_del_item) (&tmp); - } --#endif - --#if OPENSSL_API_COMPAT < 0x10000000L -+#ifndef OPENSSL_NO_DEPRECATED - void ERR_remove_state(unsigned long pid) - { -+ ERR_remove_thread_state(NULL); - } - #endif - --DEFINE_RUN_ONCE_STATIC(err_do_init) --{ -- return CRYPTO_THREAD_init_local(&err_thread_local, NULL); --} -- - ERR_STATE *ERR_get_state(void) - { -- ERR_STATE *state = NULL; -- -- if (!RUN_ONCE(&err_init, err_do_init)) -- return NULL; -- -- state = CRYPTO_THREAD_get_local(&err_thread_local); -- -- if (state == NULL) { -- state = OPENSSL_zalloc(sizeof(*state)); -- if (state == NULL) -- return NULL; -- -- if (!CRYPTO_THREAD_set_local(&err_thread_local, state)) { -- ERR_STATE_free(state); -- return NULL; -+ static ERR_STATE fallback; -+ ERR_STATE *ret, tmp, *tmpp = NULL; -+ int i; -+ CRYPTO_THREADID tid; -+ -+ err_fns_check(); -+ CRYPTO_THREADID_current(&tid); -+ CRYPTO_THREADID_cpy(&tmp.tid, &tid); -+ ret = ERRFN(thread_get_item) (&tmp); -+ -+ /* ret == the error state, if NULL, make a new one */ -+ if (ret == NULL) { -+ ret = (ERR_STATE *)OPENSSL_malloc(sizeof(ERR_STATE)); -+ if (ret == NULL) -+ return (&fallback); -+ CRYPTO_THREADID_cpy(&ret->tid, &tid); -+ ret->top = 0; -+ ret->bottom = 0; -+ for (i = 0; i < ERR_NUM_ERRORS; i++) { -+ ret->err_data[i] = NULL; -+ ret->err_data_flags[i] = 0; - } -- -- /* Ignore failures from these */ -- OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); -- ossl_init_thread_start(OPENSSL_INIT_THREAD_ERR_STATE); -+ tmpp = ERRFN(thread_set_item) (ret); -+ /* To check if insertion failed, do a get. */ -+ if (ERRFN(thread_get_item) (ret) != ret) { -+ ERR_STATE_free(ret); /* could not insert it */ -+ return (&fallback); -+ } -+ /* -+ * If a race occured in this function and we came second, tmpp is the -+ * first one that we just replaced. -+ */ -+ if (tmpp) -+ ERR_STATE_free(tmpp); - } -- -- return state; -+ return ret; - } - - int ERR_get_next_error_library(void) - { -- int ret; -- -- if (!RUN_ONCE(&err_string_init, do_err_strings_init)) { -- return 0; -- } -- -- CRYPTO_THREAD_write_lock(err_string_lock); -- ret = int_err_library_number++; -- CRYPTO_THREAD_unlock(err_string_lock); -- return ret; -+ err_fns_check(); -+ return ERRFN(get_next_lib) (); - } - - void ERR_set_error_data(char *data, int flags) -@@ -728,10 +1106,10 @@ void ERR_add_error_vdata(int num, va_list args) - if (p == NULL) { - OPENSSL_free(str); - return; -- } -- str = p; -+ } else -+ str = p; - } -- OPENSSL_strlcat(str, a, (size_t)s + 1); -+ BUF_strlcat(str, a, (size_t)s + 1); - } - } - ERR_set_error_data(str, ERR_TXT_MALLOCED | ERR_TXT_STRING); -diff --git a/Cryptlib/OpenSSL/crypto/err/err_all.c b/Cryptlib/OpenSSL/crypto/err/err_all.c -index 3b1304f..d7575a7 100644 ---- a/Cryptlib/OpenSSL/crypto/err/err_all.c -+++ b/Cryptlib/OpenSSL/crypto/err/err_all.c -@@ -1,23 +1,87 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/err/err_all.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/err_int.h" - #include - #include --#include -+#ifndef OPENSSL_NO_EC -+# include -+#endif - #include - #include --#include --#include --#include --#include -+#ifndef OPENSSL_NO_COMP -+# include -+#endif -+#ifndef OPENSSL_NO_RSA -+# include -+#endif -+#ifndef OPENSSL_NO_DH -+# include -+#endif -+#ifndef OPENSSL_NO_DSA -+# include -+#endif -+#ifndef OPENSSL_NO_ECDSA -+# include -+#endif -+#ifndef OPENSSL_NO_ECDH -+# include -+#endif - #include - #include - #include -@@ -26,8 +90,10 @@ - #include - #include - #include --#include "internal/dso.h" --#include -+#include -+#ifndef OPENSSL_NO_ENGINE -+# include -+#endif - #include - #include - #include -@@ -35,75 +101,68 @@ - # include - #endif - #include --#include --#include --#include --#include -+#ifndef OPENSSL_NO_CMS -+# include -+#endif -+#ifndef OPENSSL_NO_JPAKE -+# include -+#endif - --int err_load_crypto_strings_int(void) -+void ERR_load_crypto_strings(void) - { -- if ( --#ifdef OPENSSL_FIPS -- FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata) == 0 || --#endif - #ifndef OPENSSL_NO_ERR -- ERR_load_ERR_strings() == 0 || /* include error strings for SYSerr */ -- ERR_load_BN_strings() == 0 || -+ ERR_load_ERR_strings(); /* include error strings for SYSerr */ -+ ERR_load_BN_strings(); - # ifndef OPENSSL_NO_RSA -- ERR_load_RSA_strings() == 0 || -+ ERR_load_RSA_strings(); - # endif - # ifndef OPENSSL_NO_DH -- ERR_load_DH_strings() == 0 || -+ ERR_load_DH_strings(); - # endif -- ERR_load_EVP_strings() == 0 || -- ERR_load_BUF_strings() == 0 || -- ERR_load_OBJ_strings() == 0 || -- ERR_load_PEM_strings() == 0 || -+ ERR_load_EVP_strings(); -+ ERR_load_BUF_strings(); -+ ERR_load_OBJ_strings(); -+ ERR_load_PEM_strings(); - # ifndef OPENSSL_NO_DSA -- ERR_load_DSA_strings() == 0 || -+ ERR_load_DSA_strings(); - # endif -- ERR_load_X509_strings() == 0 || -- ERR_load_ASN1_strings() == 0 || -- ERR_load_CONF_strings() == 0 || -- ERR_load_CRYPTO_strings() == 0 || -+ ERR_load_X509_strings(); -+ ERR_load_ASN1_strings(); -+ ERR_load_CONF_strings(); -+ ERR_load_CRYPTO_strings(); - # ifndef OPENSSL_NO_COMP -- ERR_load_COMP_strings() == 0 || -+ ERR_load_COMP_strings(); - # endif - # ifndef OPENSSL_NO_EC -- ERR_load_EC_strings() == 0 || -+ ERR_load_EC_strings(); - # endif -- /* skip ERR_load_SSL_strings() because it is not in this library */ -- ERR_load_BIO_strings() == 0 || -- ERR_load_PKCS7_strings() == 0 || -- ERR_load_X509V3_strings() == 0 || -- ERR_load_PKCS12_strings() == 0 || -- ERR_load_RAND_strings() == 0 || -- ERR_load_DSO_strings() == 0 || --# ifndef OPENSSL_NO_TS -- ERR_load_TS_strings() == 0 || -+# ifndef OPENSSL_NO_ECDSA -+ ERR_load_ECDSA_strings(); - # endif --# ifndef OPENSSL_NO_ENGINE -- ERR_load_ENGINE_strings() == 0 || -+# ifndef OPENSSL_NO_ECDH -+ ERR_load_ECDH_strings(); - # endif --# ifndef OPENSSL_NO_OCSP -- ERR_load_OCSP_strings() == 0 || -+ /* skip ERR_load_SSL_strings() because it is not in this library */ -+ ERR_load_BIO_strings(); -+ ERR_load_PKCS7_strings(); -+ ERR_load_X509V3_strings(); -+ ERR_load_PKCS12_strings(); -+ ERR_load_RAND_strings(); -+ ERR_load_DSO_strings(); -+ ERR_load_TS_strings(); -+# ifndef OPENSSL_NO_ENGINE -+ ERR_load_ENGINE_strings(); - # endif --#ifndef OPENSSL_NO_UI -- ERR_load_UI_strings() == 0 || --#endif -+ ERR_load_OCSP_strings(); -+ ERR_load_UI_strings(); - # ifdef OPENSSL_FIPS -- ERR_load_FIPS_strings() == 0 || -+ ERR_load_FIPS_strings(); - # endif - # ifndef OPENSSL_NO_CMS -- ERR_load_CMS_strings() == 0 || -+ ERR_load_CMS_strings(); - # endif --# ifndef OPENSSL_NO_CT -- ERR_load_CT_strings() == 0 || -+# ifndef OPENSSL_NO_JPAKE -+ ERR_load_JPAKE_strings(); - # endif -- ERR_load_ASYNC_strings() == 0 || - #endif -- ERR_load_KDF_strings() == 0) -- return 0; -- -- return 1; - } -diff --git a/Cryptlib/OpenSSL/crypto/err/err_prn.c b/Cryptlib/OpenSSL/crypto/err/err_prn.c -index c7dc1d1..6e352ef 100644 ---- a/Cryptlib/OpenSSL/crypto/err/err_prn.c -+++ b/Cryptlib/OpenSSL/crypto/err/err_prn.c -@@ -1,14 +1,63 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/err/err_prn.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include -@@ -22,45 +71,43 @@ void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u), - char buf2[4096]; - const char *file, *data; - int line, flags; -- /* -- * We don't know what kind of thing CRYPTO_THREAD_ID is. Here is our best -- * attempt to convert it into something we can print. -- */ -- union { -- CRYPTO_THREAD_ID tid; -- unsigned long ltid; -- } tid; -- -- tid.ltid = 0; -- tid.tid = CRYPTO_THREAD_get_current_id(); -+ unsigned long es; -+ CRYPTO_THREADID cur; - -+ CRYPTO_THREADID_current(&cur); -+ es = CRYPTO_THREADID_hash(&cur); - while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0) { - ERR_error_string_n(l, buf, sizeof buf); -- BIO_snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", tid.ltid, buf, -+ BIO_snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", es, buf, - file, line, (flags & ERR_TXT_STRING) ? data : ""); - if (cb(buf2, strlen(buf2), u) <= 0) - break; /* abort outputting the error report */ - } - } - --static int print_bio(const char *str, size_t len, void *bp) -+#ifndef OPENSSL_NO_FP_API -+static int print_fp(const char *str, size_t len, void *fp) - { -- return BIO_write((BIO *)bp, str, len); -+ BIO bio; -+ -+ BIO_set(&bio, BIO_s_file()); -+ BIO_set_fp(&bio, fp, BIO_NOCLOSE); -+ -+ return BIO_printf(&bio, "%s", str); - } - --void ERR_print_errors(BIO *bp) -+void ERR_print_errors_fp(FILE *fp) - { -- ERR_print_errors_cb(print_bio, bp); -+ ERR_print_errors_cb(print_fp, fp); - } -+#endif - --#ifndef OPENSSL_NO_STDIO --void ERR_print_errors_fp(FILE *fp) -+static int print_bio(const char *str, size_t len, void *bp) - { -- BIO *bio = BIO_new_fp(fp, BIO_NOCLOSE); -- if (bio == NULL) -- return; -+ return BIO_write((BIO *)bp, str, len); -+} - -- ERR_print_errors_cb(print_bio, bio); -- BIO_free(bio); -+void ERR_print_errors(BIO *bp) -+{ -+ ERR_print_errors_cb(print_bio, bp); - } --#endif -diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_b64.c b/Cryptlib/OpenSSL/crypto/evp/bio_b64.c -index 32a884a..538b520 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/bio_b64.c -+++ b/Cryptlib/OpenSSL/crypto/evp/bio_b64.c -@@ -1,18 +1,66 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/evp/bio_b64.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include --#include "internal/bio.h" - - static int b64_write(BIO *h, const char *buf, int num); - static int b64_read(BIO *h, char *buf, int size); -@@ -41,12 +89,12 @@ typedef struct b64_struct { - int encode; - int start; /* have we started decoding yet? */ - int cont; /* <= 0 when finished */ -- EVP_ENCODE_CTX *base64; -+ EVP_ENCODE_CTX base64; - char buf[EVP_ENCODE_LENGTH(B64_BLOCK_SIZE) + 10]; - char tmp[B64_BLOCK_SIZE]; - } BIO_B64_CTX; - --static const BIO_METHOD methods_b64 = { -+static BIO_METHOD methods_b64 = { - BIO_TYPE_BASE64, "base64 encoding", - b64_write, - b64_read, -@@ -58,50 +106,43 @@ static const BIO_METHOD methods_b64 = { - b64_callback_ctrl, - }; - -- --const BIO_METHOD *BIO_f_base64(void) -+BIO_METHOD *BIO_f_base64(void) - { -- return &methods_b64; -+ return (&methods_b64); - } - - static int b64_new(BIO *bi) - { - BIO_B64_CTX *ctx; - -- ctx = OPENSSL_zalloc(sizeof(*ctx)); -+ ctx = (BIO_B64_CTX *)OPENSSL_malloc(sizeof(BIO_B64_CTX)); - if (ctx == NULL) -- return 0; -+ return (0); - -+ ctx->buf_len = 0; -+ ctx->tmp_len = 0; -+ ctx->tmp_nl = 0; -+ ctx->buf_off = 0; - ctx->cont = 1; - ctx->start = 1; -- ctx->base64 = EVP_ENCODE_CTX_new(); -- if (ctx->base64 == NULL) { -- OPENSSL_free(ctx); -- return 0; -- } -- -- BIO_set_data(bi, ctx); -- BIO_set_init(bi, 1); -+ ctx->encode = 0; - -- return 1; -+ bi->init = 1; -+ bi->ptr = (char *)ctx; -+ bi->flags = 0; -+ bi->num = 0; -+ return (1); - } - - static int b64_free(BIO *a) - { -- BIO_B64_CTX *ctx; - if (a == NULL) -- return 0; -- -- ctx = BIO_get_data(a); -- if (ctx == NULL) -- return 0; -- -- EVP_ENCODE_CTX_free(ctx->base64); -- OPENSSL_free(ctx); -- BIO_set_data(a, NULL); -- BIO_set_init(a, 0); -- -- return 1; -+ return (0); -+ OPENSSL_free(a->ptr); -+ a->ptr = NULL; -+ a->init = 0; -+ a->flags = 0; -+ return (1); - } - - static int b64_read(BIO *b, char *out, int outl) -@@ -109,15 +150,13 @@ static int b64_read(BIO *b, char *out, int outl) - int ret = 0, i, ii, j, k, x, n, num, ret_code = 0; - BIO_B64_CTX *ctx; - unsigned char *p, *q; -- BIO *next; - - if (out == NULL) - return (0); -- ctx = (BIO_B64_CTX *)BIO_get_data(b); -+ ctx = (BIO_B64_CTX *)b->ptr; - -- next = BIO_next(b); -- if ((ctx == NULL) || (next == NULL)) -- return 0; -+ if ((ctx == NULL) || (b->next_bio == NULL)) -+ return (0); - - BIO_clear_retry_flags(b); - -@@ -126,7 +165,7 @@ static int b64_read(BIO *b, char *out, int outl) - ctx->buf_len = 0; - ctx->buf_off = 0; - ctx->tmp_len = 0; -- EVP_DecodeInit(ctx->base64); -+ EVP_DecodeInit(&(ctx->base64)); - } - - /* First check if there are bytes decoded/encoded */ -@@ -157,14 +196,14 @@ static int b64_read(BIO *b, char *out, int outl) - if (ctx->cont <= 0) - break; - -- i = BIO_read(next, &(ctx->tmp[ctx->tmp_len]), -+ i = BIO_read(b->next_bio, &(ctx->tmp[ctx->tmp_len]), - B64_BLOCK_SIZE - ctx->tmp_len); - - if (i <= 0) { - ret_code = i; - - /* Should we continue next time we are called? */ -- if (!BIO_should_retry(next)) { -+ if (!BIO_should_retry(b->next_bio)) { - ctx->cont = i; - /* If buffer empty break */ - if (ctx->tmp_len == 0) -@@ -205,11 +244,11 @@ static int b64_read(BIO *b, char *out, int outl) - continue; - } - -- k = EVP_DecodeUpdate(ctx->base64, -+ k = EVP_DecodeUpdate(&(ctx->base64), - (unsigned char *)ctx->buf, - &num, p, q - p); - if ((k <= 0) && (num == 0) && (ctx->start)) -- EVP_DecodeInit(ctx->base64); -+ EVP_DecodeInit(&ctx->base64); - else { - if (p != (unsigned char *) - &(ctx->tmp[0])) { -@@ -218,7 +257,7 @@ static int b64_read(BIO *b, char *out, int outl) - for (x = 0; x < i; x++) - ctx->tmp[x] = p[x]; - } -- EVP_DecodeInit(ctx->base64); -+ EVP_DecodeInit(&ctx->base64); - ctx->start = 0; - break; - } -@@ -259,7 +298,11 @@ static int b64_read(BIO *b, char *out, int outl) - if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) { - int z, jj; - -+#if 0 -+ jj = (i >> 2) << 2; -+#else - jj = i & ~3; /* process per 4 */ -+#endif - z = EVP_DecodeBlock((unsigned char *)ctx->buf, - (unsigned char *)ctx->tmp, jj); - if (jj > 2) { -@@ -282,7 +325,7 @@ static int b64_read(BIO *b, char *out, int outl) - } - i = z; - } else { -- i = EVP_DecodeUpdate(ctx->base64, -+ i = EVP_DecodeUpdate(&(ctx->base64), - (unsigned char *)ctx->buf, &ctx->buf_len, - (unsigned char *)ctx->tmp, i); - ctx->tmp_len = 0; -@@ -320,13 +363,8 @@ static int b64_write(BIO *b, const char *in, int inl) - int n; - int i; - BIO_B64_CTX *ctx; -- BIO *next; -- -- ctx = (BIO_B64_CTX *)BIO_get_data(b); -- next = BIO_next(b); -- if ((ctx == NULL) || (next == NULL)) -- return 0; - -+ ctx = (BIO_B64_CTX *)b->ptr; - BIO_clear_retry_flags(b); - - if (ctx->encode != B64_ENCODE) { -@@ -334,7 +372,7 @@ static int b64_write(BIO *b, const char *in, int inl) - ctx->buf_len = 0; - ctx->buf_off = 0; - ctx->tmp_len = 0; -- EVP_EncodeInit(ctx->base64); -+ EVP_EncodeInit(&(ctx->base64)); - } - - OPENSSL_assert(ctx->buf_off < (int)sizeof(ctx->buf)); -@@ -342,7 +380,7 @@ static int b64_write(BIO *b, const char *in, int inl) - OPENSSL_assert(ctx->buf_len >= ctx->buf_off); - n = ctx->buf_len - ctx->buf_off; - while (n > 0) { -- i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n); -+ i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n); - if (i <= 0) { - BIO_copy_next_retry(b); - return (i); -@@ -403,10 +441,9 @@ static int b64_write(BIO *b, const char *in, int inl) - ret += n; - } - } else { -- if (!EVP_EncodeUpdate(ctx->base64, -- (unsigned char *)ctx->buf, &ctx->buf_len, -- (unsigned char *)in, n)) -- return ((ret == 0) ? -1 : ret); -+ EVP_EncodeUpdate(&(ctx->base64), -+ (unsigned char *)ctx->buf, &ctx->buf_len, -+ (unsigned char *)in, n); - OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); - OPENSSL_assert(ctx->buf_len >= ctx->buf_off); - ret += n; -@@ -417,7 +454,7 @@ static int b64_write(BIO *b, const char *in, int inl) - ctx->buf_off = 0; - n = ctx->buf_len; - while (n > 0) { -- i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n); -+ i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n); - if (i <= 0) { - BIO_copy_next_retry(b); - return ((ret == 0) ? i : ret); -@@ -439,40 +476,36 @@ static long b64_ctrl(BIO *b, int cmd, long num, void *ptr) - BIO_B64_CTX *ctx; - long ret = 1; - int i; -- BIO *next; - -- ctx = (BIO_B64_CTX *)BIO_get_data(b); -- next = BIO_next(b); -- if ((ctx == NULL) || (next == NULL)) -- return 0; -+ ctx = (BIO_B64_CTX *)b->ptr; - - switch (cmd) { - case BIO_CTRL_RESET: - ctx->cont = 1; - ctx->start = 1; - ctx->encode = B64_NONE; -- ret = BIO_ctrl(next, cmd, num, ptr); -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - break; - case BIO_CTRL_EOF: /* More to read */ - if (ctx->cont <= 0) - ret = 1; - else -- ret = BIO_ctrl(next, cmd, num, ptr); -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - break; - case BIO_CTRL_WPENDING: /* More to write in buffer */ - OPENSSL_assert(ctx->buf_len >= ctx->buf_off); - ret = ctx->buf_len - ctx->buf_off; - if ((ret == 0) && (ctx->encode != B64_NONE) -- && (EVP_ENCODE_CTX_num(ctx->base64) != 0)) -+ && (ctx->base64.num != 0)) - ret = 1; - else if (ret <= 0) -- ret = BIO_ctrl(next, cmd, num, ptr); -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - break; - case BIO_CTRL_PENDING: /* More to read in buffer */ - OPENSSL_assert(ctx->buf_len >= ctx->buf_off); - ret = ctx->buf_len - ctx->buf_off; - if (ret <= 0) -- ret = BIO_ctrl(next, cmd, num, ptr); -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - break; - case BIO_CTRL_FLUSH: - /* do a final write */ -@@ -491,21 +524,20 @@ static long b64_ctrl(BIO *b, int cmd, long num, void *ptr) - ctx->tmp_len = 0; - goto again; - } -- } else if (ctx->encode != B64_NONE -- && EVP_ENCODE_CTX_num(ctx->base64) != 0) { -+ } else if (ctx->encode != B64_NONE && ctx->base64.num != 0) { - ctx->buf_off = 0; -- EVP_EncodeFinal(ctx->base64, -+ EVP_EncodeFinal(&(ctx->base64), - (unsigned char *)ctx->buf, &(ctx->buf_len)); - /* push out the bytes */ - goto again; - } - /* Finally flush the underlying BIO */ -- ret = BIO_ctrl(next, cmd, num, ptr); -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - break; - - case BIO_C_DO_STATE_MACHINE: - BIO_clear_retry_flags(b); -- ret = BIO_ctrl(next, cmd, num, ptr); -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - BIO_copy_next_retry(b); - break; - -@@ -515,22 +547,21 @@ static long b64_ctrl(BIO *b, int cmd, long num, void *ptr) - case BIO_CTRL_GET: - case BIO_CTRL_SET: - default: -- ret = BIO_ctrl(next, cmd, num, ptr); -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - break; - } -- return ret; -+ return (ret); - } - - static long b64_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) - { - long ret = 1; -- BIO *next = BIO_next(b); - -- if (next == NULL) -- return 0; -+ if (b->next_bio == NULL) -+ return (0); - switch (cmd) { - default: -- ret = BIO_callback_ctrl(next, cmd, fp); -+ ret = BIO_callback_ctrl(b->next_bio, cmd, fp); - break; - } - return (ret); -diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_enc.c b/Cryptlib/OpenSSL/crypto/evp/bio_enc.c -index 5a3beef..0806f23 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/bio_enc.c -+++ b/Cryptlib/OpenSSL/crypto/evp/bio_enc.c -@@ -1,18 +1,66 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/evp/bio_enc.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include --#include "internal/bio.h" - - static int enc_write(BIO *h, const char *buf, int num); - static int enc_read(BIO *h, char *buf, int size); -@@ -27,8 +75,7 @@ static int enc_new(BIO *h); - static int enc_free(BIO *data); - static long enc_callback_ctrl(BIO *h, int cmd, bio_info_cb *fps); - #define ENC_BLOCK_SIZE (1024*4) --#define ENC_MIN_CHUNK (256) --#define BUF_OFFSET (ENC_MIN_CHUNK + EVP_MAX_BLOCK_LENGTH) -+#define BUF_OFFSET (EVP_MAX_BLOCK_LENGTH*2) - - typedef struct enc_struct { - int buf_len; -@@ -36,16 +83,15 @@ typedef struct enc_struct { - int cont; /* <= 0 when finished */ - int finished; - int ok; /* bad decrypt */ -- EVP_CIPHER_CTX *cipher; -- unsigned char *read_start, *read_end; -+ EVP_CIPHER_CTX cipher; - /* - * buf is larger than ENC_BLOCK_SIZE because EVP_DecryptUpdate can return - * up to a block more data than is presented to it - */ -- unsigned char buf[BUF_OFFSET + ENC_BLOCK_SIZE]; -+ char buf[ENC_BLOCK_SIZE + BUF_OFFSET + 2]; - } BIO_ENC_CTX; - --static const BIO_METHOD methods_enc = { -+static BIO_METHOD methods_enc = { - BIO_TYPE_CIPHER, "cipher", - enc_write, - enc_read, -@@ -57,7 +103,7 @@ static const BIO_METHOD methods_enc = { - enc_callback_ctrl, - }; - --const BIO_METHOD *BIO_f_cipher(void) -+BIO_METHOD *BIO_f_cipher(void) - { - return (&methods_enc); - } -@@ -66,22 +112,21 @@ static int enc_new(BIO *bi) - { - BIO_ENC_CTX *ctx; - -- ctx = OPENSSL_zalloc(sizeof(*ctx)); -+ ctx = (BIO_ENC_CTX *)OPENSSL_malloc(sizeof(BIO_ENC_CTX)); - if (ctx == NULL) -- return 0; -+ return (0); -+ EVP_CIPHER_CTX_init(&ctx->cipher); - -- ctx->cipher = EVP_CIPHER_CTX_new(); -- if (ctx->cipher == NULL) { -- OPENSSL_free(ctx); -- return 0; -- } -+ ctx->buf_len = 0; -+ ctx->buf_off = 0; - ctx->cont = 1; -+ ctx->finished = 0; - ctx->ok = 1; -- ctx->read_end = ctx->read_start = &(ctx->buf[BUF_OFFSET]); -- BIO_set_data(bi, ctx); -- BIO_set_init(bi, 1); - -- return 1; -+ bi->init = 0; -+ bi->ptr = (char *)ctx; -+ bi->flags = 0; -+ return (1); - } - - static int enc_free(BIO *a) -@@ -89,33 +134,28 @@ static int enc_free(BIO *a) - BIO_ENC_CTX *b; - - if (a == NULL) -- return 0; -- -- b = BIO_get_data(a); -- if (b == NULL) -- return 0; -- -- EVP_CIPHER_CTX_free(b->cipher); -- OPENSSL_clear_free(b, sizeof(BIO_ENC_CTX)); -- BIO_set_data(a, NULL); -- BIO_set_init(a, 0); -- -- return 1; -+ return (0); -+ b = (BIO_ENC_CTX *)a->ptr; -+ EVP_CIPHER_CTX_cleanup(&(b->cipher)); -+ OPENSSL_cleanse(a->ptr, sizeof(BIO_ENC_CTX)); -+ OPENSSL_free(a->ptr); -+ a->ptr = NULL; -+ a->init = 0; -+ a->flags = 0; -+ return (1); - } - - static int enc_read(BIO *b, char *out, int outl) - { -- int ret = 0, i, blocksize; -+ int ret = 0, i; - BIO_ENC_CTX *ctx; -- BIO *next; - - if (out == NULL) - return (0); -- ctx = BIO_get_data(b); -+ ctx = (BIO_ENC_CTX *)b->ptr; - -- next = BIO_next(b); -- if ((ctx == NULL) || (next == NULL)) -- return 0; -+ if ((ctx == NULL) || (b->next_bio == NULL)) -+ return (0); - - /* First check if there are bytes decoded/encoded */ - if (ctx->buf_len > 0) { -@@ -133,10 +173,6 @@ static int enc_read(BIO *b, char *out, int outl) - } - } - -- blocksize = EVP_CIPHER_CTX_block_size(ctx->cipher); -- if (blocksize == 1) -- blocksize = 0; -- - /* - * At this point, we have room of outl bytes and an empty buffer, so we - * should read in some more. -@@ -146,21 +182,18 @@ static int enc_read(BIO *b, char *out, int outl) - if (ctx->cont <= 0) - break; - -- if (ctx->read_start == ctx->read_end) { /* time to read more data */ -- ctx->read_end = ctx->read_start = &(ctx->buf[BUF_OFFSET]); -- i = BIO_read(next, ctx->read_start, ENC_BLOCK_SIZE); -- if (i > 0) -- ctx->read_end += i; -- } else { -- i = ctx->read_end - ctx->read_start; -- } -+ /* -+ * read in at IV offset, read the EVP_Cipher documentation about why -+ */ -+ i = BIO_read(b->next_bio, &(ctx->buf[BUF_OFFSET]), ENC_BLOCK_SIZE); - - if (i <= 0) { - /* Should be continue next time we are called? */ -- if (!BIO_should_retry(next)) { -+ if (!BIO_should_retry(b->next_bio)) { - ctx->cont = i; -- i = EVP_CipherFinal_ex(ctx->cipher, -- ctx->buf, &(ctx->buf_len)); -+ i = EVP_CipherFinal_ex(&(ctx->cipher), -+ (unsigned char *)ctx->buf, -+ &(ctx->buf_len)); - ctx->ok = i; - ctx->buf_off = 0; - } else { -@@ -168,40 +201,14 @@ static int enc_read(BIO *b, char *out, int outl) - break; - } - } else { -- if (outl > ENC_MIN_CHUNK) { -- /* -- * Depending on flags block cipher decrypt can write -- * one extra block and then back off, i.e. output buffer -- * has to accommodate extra block... -- */ -- int j = outl - blocksize, buf_len; -- -- if (!EVP_CipherUpdate(ctx->cipher, -- (unsigned char *)out, &buf_len, -- ctx->read_start, i > j ? j : i)) { -- BIO_clear_retry_flags(b); -- return 0; -- } -- ret += buf_len; -- out += buf_len; -- outl -= buf_len; -- -- if ((i -= j) <= 0) { -- ctx->read_start = ctx->read_end; -- continue; -- } -- ctx->read_start += j; -- } -- if (i > ENC_MIN_CHUNK) -- i = ENC_MIN_CHUNK; -- if (!EVP_CipherUpdate(ctx->cipher, -- ctx->buf, &ctx->buf_len, -- ctx->read_start, i)) { -+ if (!EVP_CipherUpdate(&ctx->cipher, -+ (unsigned char *)ctx->buf, &ctx->buf_len, -+ (unsigned char *)&(ctx->buf[BUF_OFFSET]), -+ i)) { - BIO_clear_retry_flags(b); - ctx->ok = 0; - return 0; - } -- ctx->read_start += i; - ctx->cont = 1; - /* - * Note: it is possible for EVP_CipherUpdate to decrypt zero -@@ -235,19 +242,14 @@ static int enc_write(BIO *b, const char *in, int inl) - { - int ret = 0, n, i; - BIO_ENC_CTX *ctx; -- BIO *next; -- -- ctx = BIO_get_data(b); -- next = BIO_next(b); -- if ((ctx == NULL) || (next == NULL)) -- return 0; - -+ ctx = (BIO_ENC_CTX *)b->ptr; - ret = inl; - - BIO_clear_retry_flags(b); - n = ctx->buf_len - ctx->buf_off; - while (n > 0) { -- i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n); -+ i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n); - if (i <= 0) { - BIO_copy_next_retry(b); - return (i); -@@ -263,9 +265,9 @@ static int enc_write(BIO *b, const char *in, int inl) - ctx->buf_off = 0; - while (inl > 0) { - n = (inl > ENC_BLOCK_SIZE) ? ENC_BLOCK_SIZE : inl; -- if (!EVP_CipherUpdate(ctx->cipher, -- ctx->buf, &ctx->buf_len, -- (const unsigned char *)in, n)) { -+ if (!EVP_CipherUpdate(&ctx->cipher, -+ (unsigned char *)ctx->buf, &ctx->buf_len, -+ (unsigned char *)in, n)) { - BIO_clear_retry_flags(b); - ctx->ok = 0; - return 0; -@@ -276,7 +278,7 @@ static int enc_write(BIO *b, const char *in, int inl) - ctx->buf_off = 0; - n = ctx->buf_len; - while (n > 0) { -- i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n); -+ i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n); - if (i <= 0) { - BIO_copy_next_retry(b); - return (ret == inl) ? i : ret - inl; -@@ -298,37 +300,32 @@ static long enc_ctrl(BIO *b, int cmd, long num, void *ptr) - long ret = 1; - int i; - EVP_CIPHER_CTX **c_ctx; -- BIO *next; - -- ctx = BIO_get_data(b); -- next = BIO_next(b); -- if (ctx == NULL) -- return 0; -+ ctx = (BIO_ENC_CTX *)b->ptr; - - switch (cmd) { - case BIO_CTRL_RESET: - ctx->ok = 1; - ctx->finished = 0; -- if (!EVP_CipherInit_ex(ctx->cipher, NULL, NULL, NULL, NULL, -- EVP_CIPHER_CTX_encrypting(ctx->cipher))) -- return 0; -- ret = BIO_ctrl(next, cmd, num, ptr); -+ EVP_CipherInit_ex(&(ctx->cipher), NULL, NULL, NULL, NULL, -+ ctx->cipher.encrypt); -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - break; - case BIO_CTRL_EOF: /* More to read */ - if (ctx->cont <= 0) - ret = 1; - else -- ret = BIO_ctrl(next, cmd, num, ptr); -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - break; - case BIO_CTRL_WPENDING: - ret = ctx->buf_len - ctx->buf_off; - if (ret <= 0) -- ret = BIO_ctrl(next, cmd, num, ptr); -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - break; - case BIO_CTRL_PENDING: /* More to read in buffer */ - ret = ctx->buf_len - ctx->buf_off; - if (ret <= 0) -- ret = BIO_ctrl(next, cmd, num, ptr); -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - break; - case BIO_CTRL_FLUSH: - /* do a final write */ -@@ -342,7 +339,7 @@ static long enc_ctrl(BIO *b, int cmd, long num, void *ptr) - if (!ctx->finished) { - ctx->finished = 1; - ctx->buf_off = 0; -- ret = EVP_CipherFinal_ex(ctx->cipher, -+ ret = EVP_CipherFinal_ex(&(ctx->cipher), - (unsigned char *)ctx->buf, - &(ctx->buf_len)); - ctx->ok = (int)ret; -@@ -354,33 +351,31 @@ static long enc_ctrl(BIO *b, int cmd, long num, void *ptr) - } - - /* Finally flush the underlying BIO */ -- ret = BIO_ctrl(next, cmd, num, ptr); -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - break; - case BIO_C_GET_CIPHER_STATUS: - ret = (long)ctx->ok; - break; - case BIO_C_DO_STATE_MACHINE: - BIO_clear_retry_flags(b); -- ret = BIO_ctrl(next, cmd, num, ptr); -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - BIO_copy_next_retry(b); - break; - case BIO_C_GET_CIPHER_CTX: - c_ctx = (EVP_CIPHER_CTX **)ptr; -- *c_ctx = ctx->cipher; -- BIO_set_init(b, 1); -+ (*c_ctx) = &(ctx->cipher); -+ b->init = 1; - break; - case BIO_CTRL_DUP: - dbio = (BIO *)ptr; -- dctx = BIO_get_data(dbio); -- dctx->cipher = EVP_CIPHER_CTX_new(); -- if (dctx->cipher == NULL) -- return 0; -- ret = EVP_CIPHER_CTX_copy(dctx->cipher, ctx->cipher); -+ dctx = (BIO_ENC_CTX *)dbio->ptr; -+ EVP_CIPHER_CTX_init(&dctx->cipher); -+ ret = EVP_CIPHER_CTX_copy(&dctx->cipher, &ctx->cipher); - if (ret) -- BIO_set_init(dbio, 1); -+ dbio->init = 1; - break; - default: -- ret = BIO_ctrl(next, cmd, num, ptr); -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - break; - } - return (ret); -@@ -389,13 +384,12 @@ static long enc_ctrl(BIO *b, int cmd, long num, void *ptr) - static long enc_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) - { - long ret = 1; -- BIO *next = BIO_next(b); - -- if (next == NULL) -+ if (b->next_bio == NULL) - return (0); - switch (cmd) { - default: -- ret = BIO_callback_ctrl(next, cmd, fp); -+ ret = BIO_callback_ctrl(b->next_bio, cmd, fp); - break; - } - return (ret); -@@ -421,29 +415,23 @@ EVP_CIPHER_ctx *c; - } - */ - --int BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k, -- const unsigned char *i, int e) -+void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k, -+ const unsigned char *i, int e) - { - BIO_ENC_CTX *ctx; -- long (*callback) (struct bio_st *, int, const char *, int, long, long); -- -- ctx = BIO_get_data(b); -- if (ctx == NULL) -- return 0; -- -- callback = BIO_get_callback(b); - -- if ((callback != NULL) && -- (callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, -- 0L) <= 0)) -- return 0; -+ if (b == NULL) -+ return; - -- BIO_set_init(b, 1); -+ if ((b->callback != NULL) && -+ (b->callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, 0L) <= -+ 0)) -+ return; - -- if (!EVP_CipherInit_ex(ctx->cipher, c, NULL, k, i, e)) -- return 0; -+ b->init = 1; -+ ctx = (BIO_ENC_CTX *)b->ptr; -+ EVP_CipherInit_ex(&(ctx->cipher), c, NULL, k, i, e); - -- if (callback != NULL) -- return callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, 1L); -- return 1; -+ if (b->callback != NULL) -+ b->callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, 1L); - } -diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_md.c b/Cryptlib/OpenSSL/crypto/evp/bio_md.c -index cd968ec..f0b0c0c 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/bio_md.c -+++ b/Cryptlib/OpenSSL/crypto/evp/bio_md.c -@@ -1,20 +1,66 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/evp/bio_md.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include --#include "internal/evp_int.h" --#include "evp_locl.h" --#include "internal/bio.h" - - /* - * BIO_put and BIO_get both add to the digest, BIO_gets returns the digest -@@ -31,7 +77,7 @@ static int md_new(BIO *h); - static int md_free(BIO *data); - static long md_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); - --static const BIO_METHOD methods_md = { -+static BIO_METHOD methods_md = { - BIO_TYPE_MD, "message digest", - md_write, - md_read, -@@ -43,7 +89,7 @@ static const BIO_METHOD methods_md = { - md_callback_ctrl, - }; - --const BIO_METHOD *BIO_f_md(void) -+BIO_METHOD *BIO_f_md(void) - { - return (&methods_md); - } -@@ -52,44 +98,41 @@ static int md_new(BIO *bi) - { - EVP_MD_CTX *ctx; - -- ctx = EVP_MD_CTX_new(); -+ ctx = EVP_MD_CTX_create(); - if (ctx == NULL) - return (0); - -- BIO_set_init(bi, 1); -- BIO_set_data(bi, ctx); -- -- return 1; -+ bi->init = 0; -+ bi->ptr = (char *)ctx; -+ bi->flags = 0; -+ return (1); - } - - static int md_free(BIO *a) - { - if (a == NULL) - return (0); -- EVP_MD_CTX_free(BIO_get_data(a)); -- BIO_set_data(a, NULL); -- BIO_set_init(a, 0); -- -- return 1; -+ EVP_MD_CTX_destroy(a->ptr); -+ a->ptr = NULL; -+ a->init = 0; -+ a->flags = 0; -+ return (1); - } - - static int md_read(BIO *b, char *out, int outl) - { - int ret = 0; - EVP_MD_CTX *ctx; -- BIO *next; - - if (out == NULL) - return (0); -+ ctx = b->ptr; - -- ctx = BIO_get_data(b); -- next = BIO_next(b); -- -- if ((ctx == NULL) || (next == NULL)) -+ if ((ctx == NULL) || (b->next_bio == NULL)) - return (0); - -- ret = BIO_read(next, out, outl); -- if (BIO_get_init(b)) { -+ ret = BIO_read(b->next_bio, out, outl); -+ if (b->init) { - if (ret > 0) { - if (EVP_DigestUpdate(ctx, (unsigned char *)out, - (unsigned int)ret) <= 0) -@@ -105,17 +148,14 @@ static int md_write(BIO *b, const char *in, int inl) - { - int ret = 0; - EVP_MD_CTX *ctx; -- BIO *next; - - if ((in == NULL) || (inl <= 0)) -- return 0; -- -- ctx = BIO_get_data(b); -- next = BIO_next(b); -- if ((ctx != NULL) && (next != NULL)) -- ret = BIO_write(next, in, inl); -+ return (0); -+ ctx = b->ptr; - -- if (BIO_get_init(b)) { -+ if ((ctx != NULL) && (b->next_bio != NULL)) -+ ret = BIO_write(b->next_bio, in, inl); -+ if (b->init) { - if (ret > 0) { - if (!EVP_DigestUpdate(ctx, (const unsigned char *)in, - (unsigned int)ret)) { -@@ -124,11 +164,11 @@ static int md_write(BIO *b, const char *in, int inl) - } - } - } -- if (next != NULL) { -+ if (b->next_bio != NULL) { - BIO_clear_retry_flags(b); - BIO_copy_next_retry(b); - } -- return ret; -+ return (ret); - } - - static long md_ctrl(BIO *b, int cmd, long num, void *ptr) -@@ -137,23 +177,21 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr) - const EVP_MD **ppmd; - EVP_MD *md; - long ret = 1; -- BIO *dbio, *next; -- -+ BIO *dbio; - -- ctx = BIO_get_data(b); -- next = BIO_next(b); -+ ctx = b->ptr; - - switch (cmd) { - case BIO_CTRL_RESET: -- if (BIO_get_init(b)) -+ if (b->init) - ret = EVP_DigestInit_ex(ctx, ctx->digest, NULL); - else - ret = 0; - if (ret > 0) -- ret = BIO_ctrl(next, cmd, num, ptr); -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - break; - case BIO_C_GET_MD: -- if (BIO_get_init(b)) { -+ if (b->init) { - ppmd = ptr; - *ppmd = ctx->digest; - } else -@@ -162,17 +200,17 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr) - case BIO_C_GET_MD_CTX: - pctx = ptr; - *pctx = ctx; -- BIO_set_init(b, 1); -+ b->init = 1; - break; - case BIO_C_SET_MD_CTX: -- if (BIO_get_init(b)) -- BIO_set_data(b, ptr); -+ if (b->init) -+ b->ptr = ptr; - else - ret = 0; - break; - case BIO_C_DO_STATE_MACHINE: - BIO_clear_retry_flags(b); -- ret = BIO_ctrl(next, cmd, num, ptr); -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - BIO_copy_next_retry(b); - break; - -@@ -180,17 +218,17 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr) - md = ptr; - ret = EVP_DigestInit_ex(ctx, md, NULL); - if (ret > 0) -- BIO_set_init(b, 1); -+ b->init = 1; - break; - case BIO_CTRL_DUP: - dbio = ptr; -- dctx = BIO_get_data(dbio); -+ dctx = dbio->ptr; - if (!EVP_MD_CTX_copy_ex(dctx, ctx)) - return 0; -- BIO_set_init(b, 1); -+ b->init = 1; - break; - default: -- ret = BIO_ctrl(next, cmd, num, ptr); -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - break; - } - return (ret); -@@ -199,16 +237,12 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr) - static long md_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) - { - long ret = 1; -- BIO *next; -- -- next = BIO_next(b); -- -- if (next == NULL) -- return 0; - -+ if (b->next_bio == NULL) -+ return (0); - switch (cmd) { - default: -- ret = BIO_callback_ctrl(next, cmd, fp); -+ ret = BIO_callback_ctrl(b->next_bio, cmd, fp); - break; - } - return (ret); -@@ -219,13 +253,20 @@ static int md_gets(BIO *bp, char *buf, int size) - EVP_MD_CTX *ctx; - unsigned int ret; - -- ctx = BIO_get_data(bp); -- -+ ctx = bp->ptr; - if (size < ctx->digest->md_size) -- return 0; -- -+ return (0); - if (EVP_DigestFinal_ex(ctx, (unsigned char *)buf, &ret) <= 0) - return -1; - - return ((int)ret); - } -+ -+/*- -+static int md_puts(bp,str) -+BIO *bp; -+char *str; -+ { -+ return(-1); -+ } -+*/ -diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_ok.c b/Cryptlib/OpenSSL/crypto/evp/bio_ok.c -index 7974b96..16e151f 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/bio_ok.c -+++ b/Cryptlib/OpenSSL/crypto/evp/bio_ok.c -@@ -1,10 +1,59 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/evp/bio_ok.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - /*- -@@ -71,12 +120,11 @@ - #include - #include - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include --#include "internal/bio.h" -+#include - #include - #include --#include "internal/evp_int.h" - - static int ok_write(BIO *h, const char *buf, int num); - static int ok_read(BIO *h, char *buf, int size); -@@ -85,10 +133,10 @@ static int ok_new(BIO *h); - static int ok_free(BIO *data); - static long ok_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); - --static __owur int sig_out(BIO *b); --static __owur int sig_in(BIO *b); --static __owur int block_out(BIO *b); --static __owur int block_in(BIO *b); -+static int sig_out(BIO *b); -+static int sig_in(BIO *b); -+static int block_out(BIO *b); -+static int block_in(BIO *b); - #define OK_BLOCK_SIZE (1024*4) - #define OK_BLOCK_BLOCK 4 - #define IOBS (OK_BLOCK_SIZE+ OK_BLOCK_BLOCK+ 3*EVP_MAX_MD_SIZE) -@@ -101,13 +149,13 @@ typedef struct ok_struct { - size_t buf_off_save; - int cont; /* <= 0 when finished */ - int finished; -- EVP_MD_CTX *md; -+ EVP_MD_CTX md; - int blockout; /* output block is ready */ - int sigio; /* must process signature */ - unsigned char buf[IOBS]; - } BIO_OK_CTX; - --static const BIO_METHOD methods_ok = { -+static BIO_METHOD methods_ok = { - BIO_TYPE_CIPHER, "reliable", - ok_write, - ok_read, -@@ -119,7 +167,7 @@ static const BIO_METHOD methods_ok = { - ok_callback_ctrl, - }; - --const BIO_METHOD *BIO_f_reliable(void) -+BIO_METHOD *BIO_f_reliable(void) - { - return (&methods_ok); - } -@@ -128,54 +176,51 @@ static int ok_new(BIO *bi) - { - BIO_OK_CTX *ctx; - -- ctx = OPENSSL_zalloc(sizeof(*ctx)); -+ ctx = (BIO_OK_CTX *)OPENSSL_malloc(sizeof(BIO_OK_CTX)); - if (ctx == NULL) -- return 0; -+ return (0); - -+ ctx->buf_len = 0; -+ ctx->buf_off = 0; -+ ctx->buf_len_save = 0; -+ ctx->buf_off_save = 0; - ctx->cont = 1; -+ ctx->finished = 0; -+ ctx->blockout = 0; - ctx->sigio = 1; -- ctx->md = EVP_MD_CTX_new(); -- if (ctx->md == NULL) { -- OPENSSL_free(ctx); -- return 0; -- } -- BIO_set_init(bi, 0); -- BIO_set_data(bi, ctx); - -- return 1; -+ EVP_MD_CTX_init(&ctx->md); -+ -+ bi->init = 0; -+ bi->ptr = (char *)ctx; -+ bi->flags = 0; -+ return (1); - } - - static int ok_free(BIO *a) - { -- BIO_OK_CTX *ctx; -- - if (a == NULL) -- return 0; -- -- ctx = BIO_get_data(a); -- -- EVP_MD_CTX_free(ctx->md); -- OPENSSL_clear_free(ctx, sizeof(BIO_OK_CTX)); -- BIO_set_data(a, NULL); -- BIO_set_init(a, 0); -- -- return 1; -+ return (0); -+ EVP_MD_CTX_cleanup(&((BIO_OK_CTX *)a->ptr)->md); -+ OPENSSL_cleanse(a->ptr, sizeof(BIO_OK_CTX)); -+ OPENSSL_free(a->ptr); -+ a->ptr = NULL; -+ a->init = 0; -+ a->flags = 0; -+ return (1); - } - - static int ok_read(BIO *b, char *out, int outl) - { - int ret = 0, i, n; - BIO_OK_CTX *ctx; -- BIO *next; - - if (out == NULL) -- return 0; -- -- ctx = BIO_get_data(b); -- next = BIO_next(b); -+ return (0); -+ ctx = (BIO_OK_CTX *)b->ptr; - -- if ((ctx == NULL) || (next == NULL) || (BIO_get_init(b) == 0)) -- return 0; -+ if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0)) -+ return (0); - - while (outl > 0) { - -@@ -214,7 +259,7 @@ static int ok_read(BIO *b, char *out, int outl) - - /* no clean bytes in buffer -- fill it */ - n = IOBS - ctx->buf_len; -- i = BIO_read(next, &(ctx->buf[ctx->buf_len]), n); -+ i = BIO_read(b->next_bio, &(ctx->buf[ctx->buf_len]), n); - - if (i <= 0) - break; /* nothing new */ -@@ -245,23 +290,21 @@ static int ok_read(BIO *b, char *out, int outl) - - BIO_clear_retry_flags(b); - BIO_copy_next_retry(b); -- return ret; -+ return (ret); - } - - static int ok_write(BIO *b, const char *in, int inl) - { - int ret = 0, n, i; - BIO_OK_CTX *ctx; -- BIO *next; - - if (inl <= 0) - return inl; - -- ctx = BIO_get_data(b); -- next = BIO_next(b); -+ ctx = (BIO_OK_CTX *)b->ptr; - ret = inl; - -- if ((ctx == NULL) || (next == NULL) || (BIO_get_init(b) == 0)) -+ if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0)) - return (0); - - if (ctx->sigio && !sig_out(b)) -@@ -271,7 +314,7 @@ static int ok_write(BIO *b, const char *in, int inl) - BIO_clear_retry_flags(b); - n = ctx->buf_len - ctx->buf_off; - while (ctx->blockout && n > 0) { -- i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n); -+ i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n); - if (i <= 0) { - BIO_copy_next_retry(b); - if (!BIO_should_retry(b)) -@@ -295,7 +338,8 @@ static int ok_write(BIO *b, const char *in, int inl) - n = (inl + ctx->buf_len > OK_BLOCK_SIZE + OK_BLOCK_BLOCK) ? - (int)(OK_BLOCK_SIZE + OK_BLOCK_BLOCK - ctx->buf_len) : inl; - -- memcpy(&ctx->buf[ctx->buf_len], in, n); -+ memcpy((unsigned char *)(&(ctx->buf[ctx->buf_len])), -+ (unsigned char *)in, n); - ctx->buf_len += n; - inl -= n; - in += n; -@@ -320,10 +364,8 @@ static long ok_ctrl(BIO *b, int cmd, long num, void *ptr) - const EVP_MD **ppmd; - long ret = 1; - int i; -- BIO *next; - -- ctx = BIO_get_data(b); -- next = BIO_next(b); -+ ctx = b->ptr; - - switch (cmd) { - case BIO_CTRL_RESET: -@@ -335,19 +377,19 @@ static long ok_ctrl(BIO *b, int cmd, long num, void *ptr) - ctx->finished = 0; - ctx->blockout = 0; - ctx->sigio = 1; -- ret = BIO_ctrl(next, cmd, num, ptr); -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - break; - case BIO_CTRL_EOF: /* More to read */ - if (ctx->cont <= 0) - ret = 1; - else -- ret = BIO_ctrl(next, cmd, num, ptr); -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - break; - case BIO_CTRL_PENDING: /* More to read in buffer */ - case BIO_CTRL_WPENDING: /* More to read in buffer */ - ret = ctx->blockout ? ctx->buf_len - ctx->buf_off : 0; - if (ret <= 0) -- ret = BIO_ctrl(next, cmd, num, ptr); -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - break; - case BIO_CTRL_FLUSH: - /* do a final write */ -@@ -368,11 +410,11 @@ static long ok_ctrl(BIO *b, int cmd, long num, void *ptr) - ctx->cont = (int)ret; - - /* Finally flush the underlying BIO */ -- ret = BIO_ctrl(next, cmd, num, ptr); -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - break; - case BIO_C_DO_STATE_MACHINE: - BIO_clear_retry_flags(b); -- ret = BIO_ctrl(next, cmd, num, ptr); -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - BIO_copy_next_retry(b); - break; - case BIO_CTRL_INFO: -@@ -380,41 +422,36 @@ static long ok_ctrl(BIO *b, int cmd, long num, void *ptr) - break; - case BIO_C_SET_MD: - md = ptr; -- if (!EVP_DigestInit_ex(ctx->md, md, NULL)) -+ if (!EVP_DigestInit_ex(&ctx->md, md, NULL)) - return 0; -- BIO_set_init(b, 1); -+ b->init = 1; - break; - case BIO_C_GET_MD: -- if (BIO_get_init(b)) { -+ if (b->init) { - ppmd = ptr; -- *ppmd = EVP_MD_CTX_md(ctx->md); -+ *ppmd = ctx->md.digest; - } else - ret = 0; - break; - default: -- ret = BIO_ctrl(next, cmd, num, ptr); -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - break; - } -- return ret; -+ return (ret); - } - - static long ok_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) - { - long ret = 1; -- BIO *next; -- -- next = BIO_next(b); -- -- if (next == NULL) -- return 0; - -+ if (b->next_bio == NULL) -+ return (0); - switch (cmd) { - default: -- ret = BIO_callback_ctrl(next, cmd, fp); -+ ret = BIO_callback_ctrl(b->next_bio, cmd, fp); - break; - } -- -- return ret; -+ return (ret); - } - - static void longswap(void *_ptr, size_t len) -@@ -441,36 +478,30 @@ static int sig_out(BIO *b) - { - BIO_OK_CTX *ctx; - EVP_MD_CTX *md; -- const EVP_MD *digest; -- int md_size; -- void *md_data; - -- ctx = BIO_get_data(b); -- md = ctx->md; -- digest = EVP_MD_CTX_md(md); -- md_size = EVP_MD_size(digest); -- md_data = EVP_MD_CTX_md_data(md); -+ ctx = b->ptr; -+ md = &ctx->md; - -- if (ctx->buf_len + 2 * md_size > OK_BLOCK_SIZE) -+ if (ctx->buf_len + 2 * md->digest->md_size > OK_BLOCK_SIZE) - return 1; - -- if (!EVP_DigestInit_ex(md, digest, NULL)) -+ if (!EVP_DigestInit_ex(md, md->digest, NULL)) - goto berr; - /* - * FIXME: there's absolutely no guarantee this makes any sense at all, - * particularly now EVP_MD_CTX has been restructured. - */ -- if (RAND_bytes(md_data, md_size) <= 0) -+ if (RAND_bytes(md->md_data, md->digest->md_size) <= 0) - goto berr; -- memcpy(&(ctx->buf[ctx->buf_len]), md_data, md_size); -- longswap(&(ctx->buf[ctx->buf_len]), md_size); -- ctx->buf_len += md_size; -+ memcpy(&(ctx->buf[ctx->buf_len]), md->md_data, md->digest->md_size); -+ longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size); -+ ctx->buf_len += md->digest->md_size; - - if (!EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN))) - goto berr; - if (!EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL)) - goto berr; -- ctx->buf_len += md_size; -+ ctx->buf_len += md->digest->md_size; - ctx->blockout = 1; - ctx->sigio = 0; - return 1; -@@ -485,31 +516,25 @@ static int sig_in(BIO *b) - EVP_MD_CTX *md; - unsigned char tmp[EVP_MAX_MD_SIZE]; - int ret = 0; -- const EVP_MD *digest; -- int md_size; -- void *md_data; - -- ctx = BIO_get_data(b); -- md = ctx->md; -- digest = EVP_MD_CTX_md(md); -- md_size = EVP_MD_size(digest); -- md_data = EVP_MD_CTX_md_data(md); -+ ctx = b->ptr; -+ md = &ctx->md; - -- if ((int)(ctx->buf_len - ctx->buf_off) < 2 * md_size) -+ if ((int)(ctx->buf_len - ctx->buf_off) < 2 * md->digest->md_size) - return 1; - -- if (!EVP_DigestInit_ex(md, digest, NULL)) -+ if (!EVP_DigestInit_ex(md, md->digest, NULL)) - goto berr; -- memcpy(md_data, &(ctx->buf[ctx->buf_off]), md_size); -- longswap(md_data, md_size); -- ctx->buf_off += md_size; -+ memcpy(md->md_data, &(ctx->buf[ctx->buf_off]), md->digest->md_size); -+ longswap(md->md_data, md->digest->md_size); -+ ctx->buf_off += md->digest->md_size; - - if (!EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN))) - goto berr; - if (!EVP_DigestFinal_ex(md, tmp, NULL)) - goto berr; -- ret = memcmp(&(ctx->buf[ctx->buf_off]), tmp, md_size) == 0; -- ctx->buf_off += md_size; -+ ret = memcmp(&(ctx->buf[ctx->buf_off]), tmp, md->digest->md_size) == 0; -+ ctx->buf_off += md->digest->md_size; - if (ret == 1) { - ctx->sigio = 0; - if (ctx->buf_len != ctx->buf_off) { -@@ -532,13 +557,9 @@ static int block_out(BIO *b) - BIO_OK_CTX *ctx; - EVP_MD_CTX *md; - unsigned long tl; -- const EVP_MD *digest; -- int md_size; - -- ctx = BIO_get_data(b); -- md = ctx->md; -- digest = EVP_MD_CTX_md(md); -- md_size = EVP_MD_size(digest); -+ ctx = b->ptr; -+ md = &ctx->md; - - tl = ctx->buf_len - OK_BLOCK_BLOCK; - ctx->buf[0] = (unsigned char)(tl >> 24); -@@ -550,7 +571,7 @@ static int block_out(BIO *b) - goto berr; - if (!EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL)) - goto berr; -- ctx->buf_len += md_size; -+ ctx->buf_len += md->digest->md_size; - ctx->blockout = 1; - return 1; - berr: -@@ -564,11 +585,9 @@ static int block_in(BIO *b) - EVP_MD_CTX *md; - unsigned long tl = 0; - unsigned char tmp[EVP_MAX_MD_SIZE]; -- int md_size; - -- ctx = BIO_get_data(b); -- md = ctx->md; -- md_size = EVP_MD_size(EVP_MD_CTX_md(md)); -+ ctx = b->ptr; -+ md = &ctx->md; - - assert(sizeof(tl) >= OK_BLOCK_BLOCK); /* always true */ - tl = ctx->buf[0]; -@@ -579,7 +598,7 @@ static int block_in(BIO *b) - tl <<= 8; - tl |= ctx->buf[3]; - -- if (ctx->buf_len < tl + OK_BLOCK_BLOCK + md_size) -+ if (ctx->buf_len < tl + OK_BLOCK_BLOCK + md->digest->md_size) - return 1; - - if (!EVP_DigestUpdate(md, -@@ -587,9 +606,10 @@ static int block_in(BIO *b) - goto berr; - if (!EVP_DigestFinal_ex(md, tmp, NULL)) - goto berr; -- if (memcmp(&(ctx->buf[tl + OK_BLOCK_BLOCK]), tmp, md_size) == 0) { -+ if (memcmp(&(ctx->buf[tl + OK_BLOCK_BLOCK]), tmp, md->digest->md_size) == -+ 0) { - /* there might be parts from next block lurking around ! */ -- ctx->buf_off_save = tl + OK_BLOCK_BLOCK + md_size; -+ ctx->buf_off_save = tl + OK_BLOCK_BLOCK + md->digest->md_size; - ctx->buf_len_save = ctx->buf_len; - ctx->buf_off = OK_BLOCK_BLOCK; - ctx->buf_len = tl + OK_BLOCK_BLOCK; -diff --git a/Cryptlib/OpenSSL/crypto/evp/c_all.c b/Cryptlib/OpenSSL/crypto/evp/c_all.c -new file mode 100644 -index 0000000..719e34d ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/evp/c_all.c -@@ -0,0 +1,85 @@ -+/* crypto/evp/c_all.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#include -+#include "cryptlib.h" -+#include -+#ifndef OPENSSL_NO_ENGINE -+# include -+#endif -+ -+#if 0 -+# undef OpenSSL_add_all_algorithms -+ -+void OpenSSL_add_all_algorithms(void) -+{ -+ OPENSSL_add_all_algorithms_noconf(); -+} -+#endif -+ -+void OPENSSL_add_all_algorithms_noconf(void) -+{ -+ /* -+ * For the moment OPENSSL_cpuid_setup does something -+ * only on IA-32, but we reserve the option for all -+ * platforms... -+ */ -+ OPENSSL_cpuid_setup(); -+ OpenSSL_add_all_ciphers(); -+ OpenSSL_add_all_digests(); -+} -diff --git a/Cryptlib/OpenSSL/crypto/evp/c_allc.c b/Cryptlib/OpenSSL/crypto/evp/c_allc.c -index 6ed31ed..280e584 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/c_allc.c -+++ b/Cryptlib/OpenSSL/crypto/evp/c_allc.c -@@ -1,20 +1,68 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/evp/c_allc.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include --#include - #include - #include - --void openssl_add_all_ciphers_int(void) -+void OpenSSL_add_all_ciphers(void) - { - - #ifndef OPENSSL_NO_DES -@@ -44,13 +92,8 @@ void openssl_add_all_ciphers_int(void) - - EVP_add_cipher(EVP_des_ecb()); - EVP_add_cipher(EVP_des_ede()); -- EVP_add_cipher_alias(SN_des_ede_ecb, "DES-EDE-ECB"); -- EVP_add_cipher_alias(SN_des_ede_ecb, "des-ede-ecb"); - EVP_add_cipher(EVP_des_ede3()); -- EVP_add_cipher_alias(SN_des_ede3_ecb, "DES-EDE3-ECB"); -- EVP_add_cipher_alias(SN_des_ede3_ecb, "des-ede3-ecb"); - EVP_add_cipher(EVP_des_ede3_wrap()); -- EVP_add_cipher_alias(SN_id_smime_alg_CMS3DESwrap, "des3-wrap"); - #endif - - #ifndef OPENSSL_NO_RC4 -@@ -88,9 +131,6 @@ void openssl_add_all_ciphers_int(void) - EVP_add_cipher(EVP_rc2_64_cbc()); - EVP_add_cipher_alias(SN_rc2_cbc, "RC2"); - EVP_add_cipher_alias(SN_rc2_cbc, "rc2"); -- EVP_add_cipher_alias(SN_rc2_cbc, "rc2-128"); -- EVP_add_cipher_alias(SN_rc2_64_cbc, "rc2-64"); -- EVP_add_cipher_alias(SN_rc2_40_cbc, "rc2-40"); - #endif - - #ifndef OPENSSL_NO_BF -@@ -123,6 +163,7 @@ void openssl_add_all_ciphers_int(void) - EVP_add_cipher_alias(SN_rc5_cbc, "RC5"); - #endif - -+#ifndef OPENSSL_NO_AES - EVP_add_cipher(EVP_aes_128_ecb()); - EVP_add_cipher(EVP_aes_128_cbc()); - EVP_add_cipher(EVP_aes_128_cfb()); -@@ -131,14 +172,9 @@ void openssl_add_all_ciphers_int(void) - EVP_add_cipher(EVP_aes_128_ofb()); - EVP_add_cipher(EVP_aes_128_ctr()); - EVP_add_cipher(EVP_aes_128_gcm()); --#ifndef OPENSSL_NO_OCB -- EVP_add_cipher(EVP_aes_128_ocb()); --#endif - EVP_add_cipher(EVP_aes_128_xts()); - EVP_add_cipher(EVP_aes_128_ccm()); - EVP_add_cipher(EVP_aes_128_wrap()); -- EVP_add_cipher_alias(SN_id_aes128_wrap, "aes128-wrap"); -- EVP_add_cipher(EVP_aes_128_wrap_pad()); - EVP_add_cipher_alias(SN_aes_128_cbc, "AES128"); - EVP_add_cipher_alias(SN_aes_128_cbc, "aes128"); - EVP_add_cipher(EVP_aes_192_ecb()); -@@ -149,13 +185,8 @@ void openssl_add_all_ciphers_int(void) - EVP_add_cipher(EVP_aes_192_ofb()); - EVP_add_cipher(EVP_aes_192_ctr()); - EVP_add_cipher(EVP_aes_192_gcm()); --#ifndef OPENSSL_NO_OCB -- EVP_add_cipher(EVP_aes_192_ocb()); --#endif - EVP_add_cipher(EVP_aes_192_ccm()); - EVP_add_cipher(EVP_aes_192_wrap()); -- EVP_add_cipher_alias(SN_id_aes192_wrap, "aes192-wrap"); -- EVP_add_cipher(EVP_aes_192_wrap_pad()); - EVP_add_cipher_alias(SN_aes_192_cbc, "AES192"); - EVP_add_cipher_alias(SN_aes_192_cbc, "aes192"); - EVP_add_cipher(EVP_aes_256_ecb()); -@@ -166,20 +197,20 @@ void openssl_add_all_ciphers_int(void) - EVP_add_cipher(EVP_aes_256_ofb()); - EVP_add_cipher(EVP_aes_256_ctr()); - EVP_add_cipher(EVP_aes_256_gcm()); --#ifndef OPENSSL_NO_OCB -- EVP_add_cipher(EVP_aes_256_ocb()); --#endif - EVP_add_cipher(EVP_aes_256_xts()); - EVP_add_cipher(EVP_aes_256_ccm()); - EVP_add_cipher(EVP_aes_256_wrap()); -- EVP_add_cipher_alias(SN_id_aes256_wrap, "aes256-wrap"); -- EVP_add_cipher(EVP_aes_256_wrap_pad()); - EVP_add_cipher_alias(SN_aes_256_cbc, "AES256"); - EVP_add_cipher_alias(SN_aes_256_cbc, "aes256"); -+# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) - EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1()); - EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1()); -+# endif -+# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256) - EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256()); - EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256()); -+# endif -+#endif - - #ifndef OPENSSL_NO_CAMELLIA - EVP_add_cipher(EVP_camellia_128_ecb()); -@@ -206,15 +237,5 @@ void openssl_add_all_ciphers_int(void) - EVP_add_cipher(EVP_camellia_256_ofb()); - EVP_add_cipher_alias(SN_camellia_256_cbc, "CAMELLIA256"); - EVP_add_cipher_alias(SN_camellia_256_cbc, "camellia256"); -- EVP_add_cipher(EVP_camellia_128_ctr()); -- EVP_add_cipher(EVP_camellia_192_ctr()); -- EVP_add_cipher(EVP_camellia_256_ctr()); --#endif -- --#ifndef OPENSSL_NO_CHACHA -- EVP_add_cipher(EVP_chacha20()); --# ifndef OPENSSL_NO_POLY1305 -- EVP_add_cipher(EVP_chacha20_poly1305()); --# endif - #endif - } -diff --git a/Cryptlib/OpenSSL/crypto/evp/c_alld.c b/Cryptlib/OpenSSL/crypto/evp/c_alld.c -index ec79734..fdbe3ee 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/c_alld.c -+++ b/Cryptlib/OpenSSL/crypto/evp/c_alld.c -@@ -1,49 +1,114 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/evp/c_alld.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include --#include - #include - #include - --void openssl_add_all_digests_int(void) -+void OpenSSL_add_all_digests(void) - { - #ifndef OPENSSL_NO_MD4 - EVP_add_digest(EVP_md4()); - #endif - #ifndef OPENSSL_NO_MD5 - EVP_add_digest(EVP_md5()); -+ EVP_add_digest_alias(SN_md5, "ssl2-md5"); - EVP_add_digest_alias(SN_md5, "ssl3-md5"); -- EVP_add_digest(EVP_md5_sha1()); - #endif -+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0) -+ EVP_add_digest(EVP_sha()); -+# ifndef OPENSSL_NO_DSA -+ EVP_add_digest(EVP_dss()); -+# endif -+#endif -+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) - EVP_add_digest(EVP_sha1()); - EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); - EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); -+# ifndef OPENSSL_NO_DSA -+ EVP_add_digest(EVP_dss1()); -+ EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2); -+ EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1"); -+ EVP_add_digest_alias(SN_dsaWithSHA1, "dss1"); -+# endif -+# ifndef OPENSSL_NO_ECDSA -+ EVP_add_digest(EVP_ecdsa()); -+# endif -+#endif - #if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES) - EVP_add_digest(EVP_mdc2()); - #endif --#ifndef OPENSSL_NO_RMD160 -+#ifndef OPENSSL_NO_RIPEMD - EVP_add_digest(EVP_ripemd160()); - EVP_add_digest_alias(SN_ripemd160, "ripemd"); - EVP_add_digest_alias(SN_ripemd160, "rmd160"); - #endif -+#ifndef OPENSSL_NO_SHA256 - EVP_add_digest(EVP_sha224()); - EVP_add_digest(EVP_sha256()); -+#endif -+#ifndef OPENSSL_NO_SHA512 - EVP_add_digest(EVP_sha384()); - EVP_add_digest(EVP_sha512()); -+#endif - #ifndef OPENSSL_NO_WHIRLPOOL - EVP_add_digest(EVP_whirlpool()); - #endif --#ifndef OPENSSL_NO_BLAKE2 -- EVP_add_digest(EVP_blake2b512()); -- EVP_add_digest(EVP_blake2s256()); --#endif - } -diff --git a/Cryptlib/OpenSSL/crypto/evp/cmeth_lib.c b/Cryptlib/OpenSSL/crypto/evp/cmeth_lib.c -deleted file mode 100644 -index e2295c4..0000000 ---- a/Cryptlib/OpenSSL/crypto/evp/cmeth_lib.c -+++ /dev/null -@@ -1,151 +0,0 @@ --/* -- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include -- --#include --#include "internal/evp_int.h" --#include "evp_locl.h" -- --EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len) --{ -- EVP_CIPHER *cipher = OPENSSL_zalloc(sizeof(EVP_CIPHER)); -- -- if (cipher != NULL) { -- cipher->nid = cipher_type; -- cipher->block_size = block_size; -- cipher->key_len = key_len; -- } -- return cipher; --} -- --EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher) --{ -- EVP_CIPHER *to = EVP_CIPHER_meth_new(cipher->nid, cipher->block_size, -- cipher->key_len); -- -- if (to != NULL) -- memcpy(to, cipher, sizeof(*to)); -- return to; --} -- --void EVP_CIPHER_meth_free(EVP_CIPHER *cipher) --{ -- OPENSSL_free(cipher); --} -- --int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len) --{ -- cipher->iv_len = iv_len; -- return 1; --} -- --int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags) --{ -- cipher->flags = flags; -- return 1; --} -- --int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size) --{ -- cipher->ctx_size = ctx_size; -- return 1; --} -- --int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher, -- int (*init) (EVP_CIPHER_CTX *ctx, -- const unsigned char *key, -- const unsigned char *iv, -- int enc)) --{ -- cipher->init = init; -- return 1; --} -- --int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher, -- int (*do_cipher) (EVP_CIPHER_CTX *ctx, -- unsigned char *out, -- const unsigned char *in, -- size_t inl)) --{ -- cipher->do_cipher = do_cipher; -- return 1; --} -- --int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher, -- int (*cleanup) (EVP_CIPHER_CTX *)) --{ -- cipher->cleanup = cleanup; -- return 1; --} -- --int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher, -- int (*set_asn1_parameters) (EVP_CIPHER_CTX *, -- ASN1_TYPE *)) --{ -- cipher->set_asn1_parameters = set_asn1_parameters; -- return 1; --} -- --int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher, -- int (*get_asn1_parameters) (EVP_CIPHER_CTX *, -- ASN1_TYPE *)) --{ -- cipher->get_asn1_parameters = get_asn1_parameters; -- return 1; --} -- --int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher, -- int (*ctrl) (EVP_CIPHER_CTX *, int type, -- int arg, void *ptr)) --{ -- cipher->ctrl = ctrl; -- return 1; --} -- -- --int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, -- const unsigned char *key, -- const unsigned char *iv, -- int enc) --{ -- return cipher->init; --} --int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, -- unsigned char *out, -- const unsigned char *in, -- size_t inl) --{ -- return cipher->do_cipher; --} -- --int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *) --{ -- return cipher->cleanup; --} -- --int (*EVP_CIPHER_meth_get_set_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, -- ASN1_TYPE *) --{ -- return cipher->set_asn1_parameters; --} -- --int (*EVP_CIPHER_meth_get_get_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, -- ASN1_TYPE *) --{ -- return cipher->get_asn1_parameters; --} -- --int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, -- int type, int arg, -- void *ptr) --{ -- return cipher->ctrl; --} -- -diff --git a/Cryptlib/OpenSSL/crypto/evp/digest.c b/Cryptlib/OpenSSL/crypto/evp/digest.c -index 65eff7c..4db1796 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/digest.c -+++ b/Cryptlib/OpenSSL/crypto/evp/digest.c -@@ -1,75 +1,173 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/evp/digest.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+/* ==================================================================== -+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include --#include --#include "internal/evp_int.h" --#include "evp_locl.h" -- --/* This call frees resources associated with the context */ --int EVP_MD_CTX_reset(EVP_MD_CTX *ctx) --{ -- if (ctx == NULL) -- return 1; -- -- /* -- * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because -- * sometimes only copies of the context are ever finalised. -- */ -- if (ctx->digest && ctx->digest->cleanup -- && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED)) -- ctx->digest->cleanup(ctx); -- if (ctx->digest && ctx->digest->ctx_size && ctx->md_data -- && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) { -- OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); -- } -- EVP_PKEY_CTX_free(ctx->pctx); - #ifndef OPENSSL_NO_ENGINE -- ENGINE_finish(ctx->engine); -+# include - #endif -- OPENSSL_cleanse(ctx, sizeof(*ctx)); - -- return 1; --} -+#ifdef OPENSSL_FIPS -+# include -+# include "evp_locl.h" -+#endif - --EVP_MD_CTX *EVP_MD_CTX_new(void) -+void EVP_MD_CTX_init(EVP_MD_CTX *ctx) - { -- return OPENSSL_zalloc(sizeof(EVP_MD_CTX)); -+ memset(ctx, '\0', sizeof *ctx); - } - --void EVP_MD_CTX_free(EVP_MD_CTX *ctx) -+EVP_MD_CTX *EVP_MD_CTX_create(void) - { -- EVP_MD_CTX_reset(ctx); -- OPENSSL_free(ctx); -+ EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof *ctx); -+ -+ if (ctx) -+ EVP_MD_CTX_init(ctx); -+ -+ return ctx; - } - - int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) - { -- EVP_MD_CTX_reset(ctx); -+ EVP_MD_CTX_init(ctx); - return EVP_DigestInit_ex(ctx, type, NULL); - } - - int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) - { - EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED); -+#ifdef OPENSSL_FIPS -+ /* If FIPS mode switch to approved implementation if possible */ -+ if (FIPS_mode()) { -+ const EVP_MD *fipsmd; -+ if (type) { -+ fipsmd = evp_get_fips_md(type); -+ if (fipsmd) -+ type = fipsmd; -+ } -+ } -+#endif - #ifndef OPENSSL_NO_ENGINE - /* - * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so - * this context may already have an ENGINE! Try to avoid releasing the - * previous handle, re-querying for an ENGINE, and having a -- * reinitialisation, when it may all be unnecessary. -+ * reinitialisation, when it may all be unecessary. - */ -- if (ctx->engine && ctx->digest && -- (type == NULL || (type->type == ctx->digest->type))) -+ if (ctx->engine && ctx->digest && (!type || -+ (type -+ && (type->type == -+ ctx->digest->type)))) - goto skip_to_init; - if (type) { - /* -@@ -77,21 +175,21 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) - * previous check attempted to avoid this if the same ENGINE and - * EVP_MD could be used). - */ -- ENGINE_finish(ctx->engine); -- if (impl != NULL) { -+ if (ctx->engine) -+ ENGINE_finish(ctx->engine); -+ if (impl) { - if (!ENGINE_init(impl)) { - EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR); - return 0; - } -- } else { -+ } else - /* Ask if an ENGINE is reserved for this job */ - impl = ENGINE_get_digest_engine(type->type); -- } -- if (impl != NULL) { -+ if (impl) { - /* There's an ENGINE for this job ... (apparently) */ - const EVP_MD *d = ENGINE_get_digest(impl, type->type); -- -- if (d == NULL) { -+ if (!d) { -+ /* Same comment from evp_enc.c */ - EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR); - ENGINE_finish(impl); - return 0; -@@ -115,13 +213,13 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) - #endif - if (ctx->digest != type) { - if (ctx->digest && ctx->digest->ctx_size) { -- OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); -+ OPENSSL_free(ctx->md_data); - ctx->md_data = NULL; - } - ctx->digest = type; - if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) { - ctx->update = type->update; -- ctx->md_data = OPENSSL_zalloc(type->ctx_size); -+ ctx->md_data = OPENSSL_malloc(type->ctx_size); - if (ctx->md_data == NULL) { - EVPerr(EVP_F_EVP_DIGESTINIT_EX, ERR_R_MALLOC_FAILURE); - return 0; -@@ -140,11 +238,24 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) - } - if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) - return 1; -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode()) { -+ if (FIPS_digestinit(ctx, type)) -+ return 1; -+ OPENSSL_free(ctx->md_data); -+ ctx->md_data = NULL; -+ return 0; -+ } -+#endif - return ctx->digest->init(ctx); - } - - int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) - { -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode()) -+ return FIPS_digestupdate(ctx, data, count); -+#endif - return ctx->update(ctx, data, count); - } - -@@ -153,7 +264,7 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) - { - int ret; - ret = EVP_DigestFinal_ex(ctx, md, size); -- EVP_MD_CTX_reset(ctx); -+ EVP_MD_CTX_cleanup(ctx); - return ret; - } - -@@ -161,6 +272,10 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) - int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) - { - int ret; -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode()) -+ return FIPS_digestfinal(ctx, md, size); -+#endif - - OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); - ret = ctx->digest->final(ctx, md); -@@ -176,7 +291,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) - - int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in) - { -- EVP_MD_CTX_reset(out); -+ EVP_MD_CTX_init(out); - return EVP_MD_CTX_copy_ex(out, in); - } - -@@ -200,22 +315,15 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) - EVP_MD_CTX_set_flags(out, EVP_MD_CTX_FLAG_REUSE); - } else - tmp_buf = NULL; -- EVP_MD_CTX_reset(out); -- memcpy(out, in, sizeof(*out)); -- -- /* Null these variables, since they are getting fixed up -- * properly below. Anything else may cause a memleak and/or -- * double free if any of the memory allocations below fail -- */ -- out->md_data = NULL; -- out->pctx = NULL; -+ EVP_MD_CTX_cleanup(out); -+ memcpy(out, in, sizeof *out); - - if (in->md_data && out->digest->ctx_size) { - if (tmp_buf) - out->md_data = tmp_buf; - else { - out->md_data = OPENSSL_malloc(out->digest->ctx_size); -- if (out->md_data == NULL) { -+ if (!out->md_data) { - EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, ERR_R_MALLOC_FAILURE); - return 0; - } -@@ -228,7 +336,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) - if (in->pctx) { - out->pctx = EVP_PKEY_CTX_dup(in->pctx); - if (!out->pctx) { -- EVP_MD_CTX_reset(out); -+ EVP_MD_CTX_cleanup(out); - return 0; - } - } -@@ -243,27 +351,58 @@ int EVP_Digest(const void *data, size_t count, - unsigned char *md, unsigned int *size, const EVP_MD *type, - ENGINE *impl) - { -- EVP_MD_CTX *ctx = EVP_MD_CTX_new(); -+ EVP_MD_CTX ctx; - int ret; - -- if (ctx == NULL) -- return 0; -- EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_ONESHOT); -- ret = EVP_DigestInit_ex(ctx, type, impl) -- && EVP_DigestUpdate(ctx, data, count) -- && EVP_DigestFinal_ex(ctx, md, size); -- EVP_MD_CTX_free(ctx); -+ EVP_MD_CTX_init(&ctx); -+ EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_ONESHOT); -+ ret = EVP_DigestInit_ex(&ctx, type, impl) -+ && EVP_DigestUpdate(&ctx, data, count) -+ && EVP_DigestFinal_ex(&ctx, md, size); -+ EVP_MD_CTX_cleanup(&ctx); - - return ret; - } - --int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2) -+void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx) - { -- if (ctx->digest && ctx->digest->md_ctrl) { -- int ret = ctx->digest->md_ctrl(ctx, cmd, p1, p2); -- if (ret <= 0) -- return 0; -- return 1; -+ if (ctx) { -+ EVP_MD_CTX_cleanup(ctx); -+ OPENSSL_free(ctx); -+ } -+} -+ -+/* This call frees resources associated with the context */ -+int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) -+{ -+#ifndef OPENSSL_FIPS -+ /* -+ * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because -+ * sometimes only copies of the context are ever finalised. -+ */ -+ if (ctx->digest && ctx->digest->cleanup -+ && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED)) -+ ctx->digest->cleanup(ctx); -+ if (ctx->digest && ctx->digest->ctx_size && ctx->md_data -+ && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) { -+ OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size); -+ OPENSSL_free(ctx->md_data); - } -- return 0; -+#endif -+ if (ctx->pctx) -+ EVP_PKEY_CTX_free(ctx->pctx); -+#ifndef OPENSSL_NO_ENGINE -+ if (ctx->engine) -+ /* -+ * The EVP_MD we used belongs to an ENGINE, release the functional -+ * reference we held for this reason. -+ */ -+ ENGINE_finish(ctx->engine); -+#endif -+#ifdef OPENSSL_FIPS -+ FIPS_md_ctx_cleanup(ctx); -+#endif -+ memset(ctx, '\0', sizeof *ctx); -+ -+ return 1; - } -diff --git a/Cryptlib/OpenSSL/crypto/evp/e_aes.c b/Cryptlib/OpenSSL/crypto/evp/e_aes.c -index 17822f2..7c62d32 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/e_aes.c -+++ b/Cryptlib/OpenSSL/crypto/evp/e_aes.c -@@ -1,23 +1,67 @@ --/* -- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* ==================================================================== -+ * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include -+#ifndef OPENSSL_NO_AES - #include --#include --#include --#include --#include --#include --#include "internal/evp_int.h" --#include "modes_lcl.h" --#include --#include "evp_locl.h" -+# include -+# include -+# include -+# include -+# include -+# include "evp_locl.h" -+# include "modes_lcl.h" -+# include -+ -+# undef EVP_CIPH_FLAG_FIPS -+# define EVP_CIPH_FLAG_FIPS 0 - - typedef struct { - union { -@@ -69,38 +113,13 @@ typedef struct { - int tag_set; /* Set if tag is valid */ - int len_set; /* Set if message length set */ - int L, M; /* L and M parameters from RFC3610 */ -- int tls_aad_len; /* TLS AAD length */ - CCM128_CONTEXT ccm; - ccm128_f str; - } EVP_AES_CCM_CTX; - --#ifndef OPENSSL_NO_OCB --typedef struct { -- union { -- double align; -- AES_KEY ks; -- } ksenc; /* AES key schedule to use for encryption */ -- union { -- double align; -- AES_KEY ks; -- } ksdec; /* AES key schedule to use for decryption */ -- int key_set; /* Set if key initialised */ -- int iv_set; /* Set if an iv is set */ -- OCB128_CONTEXT ocb; -- unsigned char *iv; /* Temporary IV store */ -- unsigned char tag[16]; -- unsigned char data_buf[16]; /* Store partial data blocks */ -- unsigned char aad_buf[16]; /* Store partial AAD blocks */ -- int data_buf_len; -- int aad_buf_len; -- int ivlen; /* IV length */ -- int taglen; --} EVP_AES_OCB_CTX; --#endif -- --#define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4)) -+# define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4)) - --#ifdef VPAES_ASM -+# ifdef VPAES_ASM - int vpaes_set_encrypt_key(const unsigned char *userKey, int bits, - AES_KEY *key); - int vpaes_set_decrypt_key(const unsigned char *userKey, int bits, -@@ -115,8 +134,8 @@ void vpaes_cbc_encrypt(const unsigned char *in, - unsigned char *out, - size_t length, - const AES_KEY *key, unsigned char *ivec, int enc); --#endif --#ifdef BSAES_ASM -+# endif -+# ifdef BSAES_ASM - void bsaes_cbc_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, - unsigned char ivec[16], int enc); -@@ -129,55 +148,54 @@ void bsaes_xts_encrypt(const unsigned char *inp, unsigned char *out, - void bsaes_xts_decrypt(const unsigned char *inp, unsigned char *out, - size_t len, const AES_KEY *key1, - const AES_KEY *key2, const unsigned char iv[16]); --#endif --#ifdef AES_CTR_ASM -+# endif -+# ifdef AES_CTR_ASM - void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const AES_KEY *key, - const unsigned char ivec[AES_BLOCK_SIZE]); --#endif --#ifdef AES_XTS_ASM --void AES_xts_encrypt(const char *inp, char *out, size_t len, -+# endif -+# ifdef AES_XTS_ASM -+void AES_xts_encrypt(const unsigned char *inp, unsigned char *out, size_t len, - const AES_KEY *key1, const AES_KEY *key2, - const unsigned char iv[16]); --void AES_xts_decrypt(const char *inp, char *out, size_t len, -+void AES_xts_decrypt(const unsigned char *inp, unsigned char *out, size_t len, - const AES_KEY *key1, const AES_KEY *key2, - const unsigned char iv[16]); --#endif -+# endif - --#if defined(OPENSSL_CPUID_OBJ) && (defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC)) --# include "ppc_arch.h" --# ifdef VPAES_ASM --# define VPAES_CAPABLE (OPENSSL_ppccap_P & PPC_ALTIVEC) -+# if defined(OPENSSL_CPUID_OBJ) && (defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC)) -+# include "ppc_arch.h" -+# ifdef VPAES_ASM -+# define VPAES_CAPABLE (OPENSSL_ppccap_P & PPC_ALTIVEC) -+# endif -+# define HWAES_CAPABLE (OPENSSL_ppccap_P & PPC_CRYPTO207) -+# define HWAES_set_encrypt_key aes_p8_set_encrypt_key -+# define HWAES_set_decrypt_key aes_p8_set_decrypt_key -+# define HWAES_encrypt aes_p8_encrypt -+# define HWAES_decrypt aes_p8_decrypt -+# define HWAES_cbc_encrypt aes_p8_cbc_encrypt -+# define HWAES_ctr32_encrypt_blocks aes_p8_ctr32_encrypt_blocks - # endif --# define HWAES_CAPABLE (OPENSSL_ppccap_P & PPC_CRYPTO207) --# define HWAES_set_encrypt_key aes_p8_set_encrypt_key --# define HWAES_set_decrypt_key aes_p8_set_decrypt_key --# define HWAES_encrypt aes_p8_encrypt --# define HWAES_decrypt aes_p8_decrypt --# define HWAES_cbc_encrypt aes_p8_cbc_encrypt --# define HWAES_ctr32_encrypt_blocks aes_p8_ctr32_encrypt_blocks --# define HWAES_xts_encrypt aes_p8_xts_encrypt --# define HWAES_xts_decrypt aes_p8_xts_decrypt --#endif - --#if defined(AES_ASM) && !defined(I386_ONLY) && ( \ -+# if defined(AES_ASM) && !defined(I386_ONLY) && ( \ - ((defined(__i386) || defined(__i386__) || \ - defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \ - defined(__x86_64) || defined(__x86_64__) || \ -- defined(_M_AMD64) || defined(_M_X64) ) -+ defined(_M_AMD64) || defined(_M_X64) || \ -+ defined(__INTEL__) ) - - extern unsigned int OPENSSL_ia32cap_P[]; - --# ifdef VPAES_ASM --# define VPAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32))) --# endif --# ifdef BSAES_ASM --# define BSAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32))) --# endif -+# ifdef VPAES_ASM -+# define VPAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32))) -+# endif -+# ifdef BSAES_ASM -+# define BSAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32))) -+# endif - /* - * AES-NI section - */ --# define AESNI_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(57-32))) -+# define AESNI_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(57-32))) - - int aesni_set_encrypt_key(const unsigned char *userKey, int bits, - AES_KEY *key); -@@ -228,43 +246,41 @@ void aesni_ccm64_decrypt_blocks(const unsigned char *in, - const unsigned char ivec[16], - unsigned char cmac[16]); - --# if defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64) -+# if defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64) - size_t aesni_gcm_encrypt(const unsigned char *in, - unsigned char *out, - size_t len, - const void *key, unsigned char ivec[16], u64 *Xi); --# define AES_gcm_encrypt aesni_gcm_encrypt -+# define AES_gcm_encrypt aesni_gcm_encrypt - size_t aesni_gcm_decrypt(const unsigned char *in, - unsigned char *out, - size_t len, - const void *key, unsigned char ivec[16], u64 *Xi); --# define AES_gcm_decrypt aesni_gcm_decrypt -+# define AES_gcm_decrypt aesni_gcm_decrypt - void gcm_ghash_avx(u64 Xi[2], const u128 Htable[16], const u8 *in, - size_t len); --# define AES_GCM_ASM(gctx) (gctx->ctr==aesni_ctr32_encrypt_blocks && \ -+# define AES_GCM_ASM(gctx) (gctx->ctr==aesni_ctr32_encrypt_blocks && \ - gctx->gcm.ghash==gcm_ghash_avx) --# define AES_GCM_ASM2(gctx) (gctx->gcm.block==(block128_f)aesni_encrypt && \ -+# define AES_GCM_ASM2(gctx) (gctx->gcm.block==(block128_f)aesni_encrypt && \ - gctx->gcm.ghash==gcm_ghash_avx) --# undef AES_GCM_ASM2 /* minor size optimization */ --# endif -+# undef AES_GCM_ASM2 /* minor size optimization */ -+# endif - - static int aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) - { - int ret, mode; -- EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); -+ EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data; - -- mode = EVP_CIPHER_CTX_mode(ctx); -+ mode = ctx->cipher->flags & EVP_CIPH_MODE; - if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) - && !enc) { -- ret = aesni_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, -- &dat->ks.ks); -+ ret = aesni_set_decrypt_key(key, ctx->key_len * 8, ctx->cipher_data); - dat->block = (block128_f) aesni_decrypt; - dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? - (cbc128_f) aesni_cbc_encrypt : NULL; - } else { -- ret = aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, -- &dat->ks.ks); -+ ret = aesni_set_encrypt_key(key, ctx->key_len * 8, ctx->cipher_data); - dat->block = (block128_f) aesni_encrypt; - if (mode == EVP_CIPH_CBC_MODE) - dat->stream.cbc = (cbc128_f) aesni_cbc_encrypt; -@@ -285,9 +301,7 @@ static int aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - static int aesni_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) - { -- aesni_cbc_encrypt(in, out, len, &EVP_C_DATA(EVP_AES_KEY,ctx)->ks.ks, -- EVP_CIPHER_CTX_iv_noconst(ctx), -- EVP_CIPHER_CTX_encrypting(ctx)); -+ aesni_cbc_encrypt(in, out, len, ctx->cipher_data, ctx->iv, ctx->encrypt); - - return 1; - } -@@ -295,46 +309,44 @@ static int aesni_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - static int aesni_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) - { -- size_t bl = EVP_CIPHER_CTX_block_size(ctx); -+ size_t bl = ctx->cipher->block_size; - - if (len < bl) - return 1; - -- aesni_ecb_encrypt(in, out, len, &EVP_C_DATA(EVP_AES_KEY,ctx)->ks.ks, -- EVP_CIPHER_CTX_encrypting(ctx)); -+ aesni_ecb_encrypt(in, out, len, ctx->cipher_data, ctx->encrypt); - - return 1; - } - --# define aesni_ofb_cipher aes_ofb_cipher -+# define aesni_ofb_cipher aes_ofb_cipher - static int aesni_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - --# define aesni_cfb_cipher aes_cfb_cipher -+# define aesni_cfb_cipher aes_cfb_cipher - static int aesni_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - --# define aesni_cfb8_cipher aes_cfb8_cipher -+# define aesni_cfb8_cipher aes_cfb8_cipher - static int aesni_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - --# define aesni_cfb1_cipher aes_cfb1_cipher -+# define aesni_cfb1_cipher aes_cfb1_cipher - static int aesni_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - --# define aesni_ctr_cipher aes_ctr_cipher -+# define aesni_ctr_cipher aes_ctr_cipher - static int aesni_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - - static int aesni_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) - { -- EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx); -+ EVP_AES_GCM_CTX *gctx = ctx->cipher_data; - if (!iv && !key) - return 1; - if (key) { -- aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, -- &gctx->ks.ks); -+ aesni_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks); - CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f) aesni_encrypt); - gctx->ctr = (ctr128_f) aesni_ctr32_encrypt_blocks; - /* -@@ -359,34 +371,31 @@ static int aesni_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - return 1; - } - --# define aesni_gcm_cipher aes_gcm_cipher -+# define aesni_gcm_cipher aes_gcm_cipher - static int aesni_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - - static int aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) - { -- EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx); -+ EVP_AES_XTS_CTX *xctx = ctx->cipher_data; - if (!iv && !key) - return 1; - - if (key) { - /* key_len is two AES keys */ - if (enc) { -- aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4, -- &xctx->ks1.ks); -+ aesni_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f) aesni_encrypt; - xctx->stream = aesni_xts_encrypt; - } else { -- aesni_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4, -- &xctx->ks1.ks); -+ aesni_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f) aesni_decrypt; - xctx->stream = aesni_xts_decrypt; - } - -- aesni_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2, -- EVP_CIPHER_CTX_key_length(ctx) * 4, -- &xctx->ks2.ks); -+ aesni_set_encrypt_key(key + ctx->key_len / 2, -+ ctx->key_len * 4, &xctx->ks2.ks); - xctx->xts.block2 = (block128_f) aesni_encrypt; - - xctx->xts.key1 = &xctx->ks1; -@@ -394,25 +403,24 @@ static int aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - - if (iv) { - xctx->xts.key2 = &xctx->ks2; -- memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 16); -+ memcpy(ctx->iv, iv, 16); - } - - return 1; - } - --# define aesni_xts_cipher aes_xts_cipher -+# define aesni_xts_cipher aes_xts_cipher - static int aesni_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - - static int aesni_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) - { -- EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx); -+ EVP_AES_CCM_CTX *cctx = ctx->cipher_data; - if (!iv && !key) - return 1; - if (key) { -- aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, -- &cctx->ks.ks); -+ aesni_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks.ks); - CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, - &cctx->ks, (block128_f) aesni_encrypt); - cctx->str = enc ? (ccm128_f) aesni_ccm64_encrypt_blocks : -@@ -420,86 +428,17 @@ static int aesni_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - cctx->key_set = 1; - } - if (iv) { -- memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 15 - cctx->L); -+ memcpy(ctx->iv, iv, 15 - cctx->L); - cctx->iv_set = 1; - } - return 1; - } - --# define aesni_ccm_cipher aes_ccm_cipher -+# define aesni_ccm_cipher aes_ccm_cipher - static int aesni_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - --# ifndef OPENSSL_NO_OCB --void aesni_ocb_encrypt(const unsigned char *in, unsigned char *out, -- size_t blocks, const void *key, -- size_t start_block_num, -- unsigned char offset_i[16], -- const unsigned char L_[][16], -- unsigned char checksum[16]); --void aesni_ocb_decrypt(const unsigned char *in, unsigned char *out, -- size_t blocks, const void *key, -- size_t start_block_num, -- unsigned char offset_i[16], -- const unsigned char L_[][16], -- unsigned char checksum[16]); -- --static int aesni_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -- const unsigned char *iv, int enc) --{ -- EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx); -- if (!iv && !key) -- return 1; -- if (key) { -- do { -- /* -- * We set both the encrypt and decrypt key here because decrypt -- * needs both. We could possibly optimise to remove setting the -- * decrypt for an encryption operation. -- */ -- aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, -- &octx->ksenc.ks); -- aesni_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, -- &octx->ksdec.ks); -- if (!CRYPTO_ocb128_init(&octx->ocb, -- &octx->ksenc.ks, &octx->ksdec.ks, -- (block128_f) aesni_encrypt, -- (block128_f) aesni_decrypt, -- enc ? aesni_ocb_encrypt -- : aesni_ocb_decrypt)) -- return 0; -- } -- while (0); -- -- /* -- * If we have an iv we can set it directly, otherwise use saved IV. -- */ -- if (iv == NULL && octx->iv_set) -- iv = octx->iv; -- if (iv) { -- if (CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen) -- != 1) -- return 0; -- octx->iv_set = 1; -- } -- octx->key_set = 1; -- } else { -- /* If key set use IV, otherwise copy */ -- if (octx->key_set) -- CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen); -- else -- memcpy(octx->iv, iv, octx->ivlen); -- octx->iv_set = 1; -- } -- return 1; --} -- --# define aesni_ocb_cipher aes_ocb_cipher --static int aesni_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -- const unsigned char *in, size_t len); --# endif /* OPENSSL_NO_OCB */ -- --# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ -+# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ - static const EVP_CIPHER aesni_##keylen##_##mode = { \ - nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \ - flags|EVP_CIPH_##MODE##_MODE, \ -@@ -520,7 +459,7 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \ - const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ - { return AESNI_CAPABLE?&aesni_##keylen##_##mode:&aes_##keylen##_##mode; } - --# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \ -+# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \ - static const EVP_CIPHER aesni_##keylen##_##mode = { \ - nid##_##keylen##_##mode,blocksize, \ - (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \ -@@ -542,24 +481,13 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \ - const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ - { return AESNI_CAPABLE?&aesni_##keylen##_##mode:&aes_##keylen##_##mode; } - --#elif defined(AES_ASM) && (defined(__sparc) || defined(__sparc__)) -+# elif defined(AES_ASM) && (defined(__sparc) || defined(__sparc__)) - --# include "sparc_arch.h" -+# include "sparc_arch.h" - - extern unsigned int OPENSSL_sparcv9cap_P[]; - --/* -- * Initial Fujitsu SPARC64 X support -- */ --# define HWAES_CAPABLE (OPENSSL_sparcv9cap_P[0] & SPARCV9_FJAESX) --# define HWAES_set_encrypt_key aes_fx_set_encrypt_key --# define HWAES_set_decrypt_key aes_fx_set_decrypt_key --# define HWAES_encrypt aes_fx_encrypt --# define HWAES_decrypt aes_fx_decrypt --# define HWAES_cbc_encrypt aes_fx_cbc_encrypt --# define HWAES_ctr32_encrypt_blocks aes_fx_ctr32_encrypt_blocks -- --# define SPARC_AES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_AES) -+# define SPARC_AES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_AES) - - void aes_t4_set_encrypt_key(const unsigned char *key, int bits, AES_KEY *ks); - void aes_t4_set_decrypt_key(const unsigned char *key, int bits, AES_KEY *ks); -@@ -576,7 +504,7 @@ void aes_t4_decrypt(const unsigned char *in, unsigned char *out, - * non-key-length specific routines would require conditional branches - * either in inner loops or on subroutines' entries. Former is hardly - * acceptable, while latter means code size increase to size occupied -- * by multiple key-length specific subroutines, so why fight? -+ * by multiple key-length specfic subroutines, so why fight? - */ - void aes128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const AES_KEY *key, -@@ -622,14 +550,14 @@ static int aes_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) - { - int ret, mode, bits; -- EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); -+ EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data; - -- mode = EVP_CIPHER_CTX_mode(ctx); -- bits = EVP_CIPHER_CTX_key_length(ctx) * 8; -+ mode = ctx->cipher->flags & EVP_CIPH_MODE; -+ bits = ctx->key_len * 8; - if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) - && !enc) { - ret = 0; -- aes_t4_set_decrypt_key(key, bits, &dat->ks.ks); -+ aes_t4_set_decrypt_key(key, bits, ctx->cipher_data); - dat->block = (block128_f) aes_t4_decrypt; - switch (bits) { - case 128: -@@ -649,7 +577,7 @@ static int aes_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - } - } else { - ret = 0; -- aes_t4_set_encrypt_key(key, bits, &dat->ks.ks); -+ aes_t4_set_encrypt_key(key, bits, ctx->cipher_data); - dat->block = (block128_f) aes_t4_encrypt; - switch (bits) { - case 128: -@@ -689,42 +617,42 @@ static int aes_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - return 1; - } - --# define aes_t4_cbc_cipher aes_cbc_cipher -+# define aes_t4_cbc_cipher aes_cbc_cipher - static int aes_t4_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - --# define aes_t4_ecb_cipher aes_ecb_cipher -+# define aes_t4_ecb_cipher aes_ecb_cipher - static int aes_t4_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - --# define aes_t4_ofb_cipher aes_ofb_cipher -+# define aes_t4_ofb_cipher aes_ofb_cipher - static int aes_t4_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - --# define aes_t4_cfb_cipher aes_cfb_cipher -+# define aes_t4_cfb_cipher aes_cfb_cipher - static int aes_t4_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - --# define aes_t4_cfb8_cipher aes_cfb8_cipher -+# define aes_t4_cfb8_cipher aes_cfb8_cipher - static int aes_t4_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - --# define aes_t4_cfb1_cipher aes_cfb1_cipher -+# define aes_t4_cfb1_cipher aes_cfb1_cipher - static int aes_t4_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - --# define aes_t4_ctr_cipher aes_ctr_cipher -+# define aes_t4_ctr_cipher aes_ctr_cipher - static int aes_t4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - - static int aes_t4_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) - { -- EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx); -+ EVP_AES_GCM_CTX *gctx = ctx->cipher_data; - if (!iv && !key) - return 1; - if (key) { -- int bits = EVP_CIPHER_CTX_key_length(ctx) * 8; -+ int bits = ctx->key_len * 8; - aes_t4_set_encrypt_key(key, bits, &gctx->ks.ks); - CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, - (block128_f) aes_t4_encrypt); -@@ -763,19 +691,19 @@ static int aes_t4_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - return 1; - } - --# define aes_t4_gcm_cipher aes_gcm_cipher -+# define aes_t4_gcm_cipher aes_gcm_cipher - static int aes_t4_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - - static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) - { -- EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx); -+ EVP_AES_XTS_CTX *xctx = ctx->cipher_data; - if (!iv && !key) - return 1; - - if (key) { -- int bits = EVP_CIPHER_CTX_key_length(ctx) * 4; -+ int bits = ctx->key_len * 4; - xctx->stream = NULL; - /* key_len is two AES keys */ - if (enc) { -@@ -785,6 +713,11 @@ static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - case 128: - xctx->stream = aes128_t4_xts_encrypt; - break; -+# if 0 /* not yet */ -+ case 192: -+ xctx->stream = aes192_t4_xts_encrypt; -+ break; -+# endif - case 256: - xctx->stream = aes256_t4_xts_encrypt; - break; -@@ -792,13 +725,17 @@ static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - return 0; - } - } else { -- aes_t4_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4, -- &xctx->ks1.ks); -+ aes_t4_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f) aes_t4_decrypt; - switch (bits) { - case 128: - xctx->stream = aes128_t4_xts_decrypt; - break; -+# if 0 /* not yet */ -+ case 192: -+ xctx->stream = aes192_t4_xts_decrypt; -+ break; -+# endif - case 256: - xctx->stream = aes256_t4_xts_decrypt; - break; -@@ -807,9 +744,8 @@ static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - } - } - -- aes_t4_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2, -- EVP_CIPHER_CTX_key_length(ctx) * 4, -- &xctx->ks2.ks); -+ aes_t4_set_encrypt_key(key + ctx->key_len / 2, -+ ctx->key_len * 4, &xctx->ks2.ks); - xctx->xts.block2 = (block128_f) aes_t4_encrypt; - - xctx->xts.key1 = &xctx->ks1; -@@ -817,97 +753,61 @@ static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - - if (iv) { - xctx->xts.key2 = &xctx->ks2; -- memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 16); -+ memcpy(ctx->iv, iv, 16); - } - - return 1; - } - --# define aes_t4_xts_cipher aes_xts_cipher -+# define aes_t4_xts_cipher aes_xts_cipher - static int aes_t4_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - - static int aes_t4_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) - { -- EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx); -+ EVP_AES_CCM_CTX *cctx = ctx->cipher_data; - if (!iv && !key) - return 1; - if (key) { -- int bits = EVP_CIPHER_CTX_key_length(ctx) * 8; -+ int bits = ctx->key_len * 8; - aes_t4_set_encrypt_key(key, bits, &cctx->ks.ks); - CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, - &cctx->ks, (block128_f) aes_t4_encrypt); -+# if 0 /* not yet */ -+ switch (bits) { -+ case 128: -+ cctx->str = enc ? (ccm128_f) aes128_t4_ccm64_encrypt : -+ (ccm128_f) ae128_t4_ccm64_decrypt; -+ break; -+ case 192: -+ cctx->str = enc ? (ccm128_f) aes192_t4_ccm64_encrypt : -+ (ccm128_f) ae192_t4_ccm64_decrypt; -+ break; -+ case 256: -+ cctx->str = enc ? (ccm128_f) aes256_t4_ccm64_encrypt : -+ (ccm128_f) ae256_t4_ccm64_decrypt; -+ break; -+ default: -+ return 0; -+ } -+# else - cctx->str = NULL; -+# endif - cctx->key_set = 1; - } - if (iv) { -- memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 15 - cctx->L); -+ memcpy(ctx->iv, iv, 15 - cctx->L); - cctx->iv_set = 1; - } - return 1; - } - --# define aes_t4_ccm_cipher aes_ccm_cipher -+# define aes_t4_ccm_cipher aes_ccm_cipher - static int aes_t4_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - --# ifndef OPENSSL_NO_OCB --static int aes_t4_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -- const unsigned char *iv, int enc) --{ -- EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx); -- if (!iv && !key) -- return 1; -- if (key) { -- do { -- /* -- * We set both the encrypt and decrypt key here because decrypt -- * needs both. We could possibly optimise to remove setting the -- * decrypt for an encryption operation. -- */ -- aes_t4_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, -- &octx->ksenc.ks); -- aes_t4_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, -- &octx->ksdec.ks); -- if (!CRYPTO_ocb128_init(&octx->ocb, -- &octx->ksenc.ks, &octx->ksdec.ks, -- (block128_f) aes_t4_encrypt, -- (block128_f) aes_t4_decrypt, -- NULL)) -- return 0; -- } -- while (0); -- -- /* -- * If we have an iv we can set it directly, otherwise use saved IV. -- */ -- if (iv == NULL && octx->iv_set) -- iv = octx->iv; -- if (iv) { -- if (CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen) -- != 1) -- return 0; -- octx->iv_set = 1; -- } -- octx->key_set = 1; -- } else { -- /* If key set use IV, otherwise copy */ -- if (octx->key_set) -- CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen); -- else -- memcpy(octx->iv, iv, octx->ivlen); -- octx->iv_set = 1; -- } -- return 1; --} -- --# define aes_t4_ocb_cipher aes_ocb_cipher --static int aes_t4_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -- const unsigned char *in, size_t len); --# endif /* OPENSSL_NO_OCB */ -- --# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ -+# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ - static const EVP_CIPHER aes_t4_##keylen##_##mode = { \ - nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \ - flags|EVP_CIPH_##MODE##_MODE, \ -@@ -928,7 +828,7 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \ - const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ - { return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; } - --# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \ -+# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \ - static const EVP_CIPHER aes_t4_##keylen##_##mode = { \ - nid##_##keylen##_##mode,blocksize, \ - (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \ -@@ -950,9 +850,9 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \ - const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ - { return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; } - --#else -+# else - --# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ -+# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ - static const EVP_CIPHER aes_##keylen##_##mode = { \ - nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \ - flags|EVP_CIPH_##MODE##_MODE, \ -@@ -964,7 +864,7 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \ - const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ - { return &aes_##keylen##_##mode; } - --# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \ -+# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \ - static const EVP_CIPHER aes_##keylen##_##mode = { \ - nid##_##keylen##_##mode,blocksize, \ - (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \ -@@ -976,29 +876,25 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \ - NULL,NULL,aes_##mode##_ctrl,NULL }; \ - const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ - { return &aes_##keylen##_##mode; } -+# endif - --#endif -- --#if defined(OPENSSL_CPUID_OBJ) && (defined(__arm__) || defined(__arm) || defined(__aarch64__)) --# include "arm_arch.h" --# if __ARM_MAX_ARCH__>=7 --# if defined(BSAES_ASM) --# define BSAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON) -+# if defined(OPENSSL_CPUID_OBJ) && (defined(__arm__) || defined(__arm) || defined(__aarch64__)) -+# include "arm_arch.h" -+# if __ARM_MAX_ARCH__>=7 -+# if defined(BSAES_ASM) -+# define BSAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON) -+# endif -+# define HWAES_CAPABLE (OPENSSL_armcap_P & ARMV8_AES) -+# define HWAES_set_encrypt_key aes_v8_set_encrypt_key -+# define HWAES_set_decrypt_key aes_v8_set_decrypt_key -+# define HWAES_encrypt aes_v8_encrypt -+# define HWAES_decrypt aes_v8_decrypt -+# define HWAES_cbc_encrypt aes_v8_cbc_encrypt -+# define HWAES_ctr32_encrypt_blocks aes_v8_ctr32_encrypt_blocks - # endif --# if defined(VPAES_ASM) --# define VPAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON) --# endif --# define HWAES_CAPABLE (OPENSSL_armcap_P & ARMV8_AES) --# define HWAES_set_encrypt_key aes_v8_set_encrypt_key --# define HWAES_set_decrypt_key aes_v8_set_decrypt_key --# define HWAES_encrypt aes_v8_encrypt --# define HWAES_decrypt aes_v8_decrypt --# define HWAES_cbc_encrypt aes_v8_cbc_encrypt --# define HWAES_ctr32_encrypt_blocks aes_v8_ctr32_encrypt_blocks - # endif --#endif - --#if defined(HWAES_CAPABLE) -+# if defined(HWAES_CAPABLE) - int HWAES_set_encrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key); - int HWAES_set_decrypt_key(const unsigned char *userKey, const int bits, -@@ -1013,15 +909,9 @@ void HWAES_cbc_encrypt(const unsigned char *in, unsigned char *out, - void HWAES_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, - size_t len, const AES_KEY *key, - const unsigned char ivec[16]); --void HWAES_xts_encrypt(const unsigned char *inp, unsigned char *out, -- size_t len, const AES_KEY *key1, -- const AES_KEY *key2, const unsigned char iv[16]); --void HWAES_xts_decrypt(const unsigned char *inp, unsigned char *out, -- size_t len, const AES_KEY *key1, -- const AES_KEY *key2, const unsigned char iv[16]); --#endif -+# endif - --#define BLOCK_CIPHER_generic_pack(nid,keylen,flags) \ -+# define BLOCK_CIPHER_generic_pack(nid,keylen,flags) \ - BLOCK_CIPHER_generic(nid,keylen,16,16,cbc,cbc,CBC,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_generic(nid,keylen,16,0,ecb,ecb,ECB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_generic(nid,keylen,1,16,ofb128,ofb,OFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ -@@ -1034,97 +924,85 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) - { - int ret, mode; -- EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); -+ EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data; - -- mode = EVP_CIPHER_CTX_mode(ctx); -+ mode = ctx->cipher->flags & EVP_CIPH_MODE; - if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) -- && !enc) { --#ifdef HWAES_CAPABLE -+ && !enc) -+# ifdef HWAES_CAPABLE - if (HWAES_CAPABLE) { -- ret = HWAES_set_decrypt_key(key, -- EVP_CIPHER_CTX_key_length(ctx) * 8, -- &dat->ks.ks); -+ ret = HWAES_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks); - dat->block = (block128_f) HWAES_decrypt; - dat->stream.cbc = NULL; --# ifdef HWAES_cbc_encrypt -+# ifdef HWAES_cbc_encrypt - if (mode == EVP_CIPH_CBC_MODE) - dat->stream.cbc = (cbc128_f) HWAES_cbc_encrypt; --# endif -+# endif - } else --#endif --#ifdef BSAES_CAPABLE -+# endif -+# ifdef BSAES_CAPABLE - if (BSAES_CAPABLE && mode == EVP_CIPH_CBC_MODE) { -- ret = AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, -- &dat->ks.ks); -+ ret = AES_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks); - dat->block = (block128_f) AES_decrypt; - dat->stream.cbc = (cbc128_f) bsaes_cbc_encrypt; - } else --#endif --#ifdef VPAES_CAPABLE -+# endif -+# ifdef VPAES_CAPABLE - if (VPAES_CAPABLE) { -- ret = vpaes_set_decrypt_key(key, -- EVP_CIPHER_CTX_key_length(ctx) * 8, -- &dat->ks.ks); -+ ret = vpaes_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks); - dat->block = (block128_f) vpaes_decrypt; - dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? - (cbc128_f) vpaes_cbc_encrypt : NULL; - } else --#endif -+# endif - { -- ret = AES_set_decrypt_key(key, -- EVP_CIPHER_CTX_key_length(ctx) * 8, -- &dat->ks.ks); -+ ret = AES_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks); - dat->block = (block128_f) AES_decrypt; - dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? - (cbc128_f) AES_cbc_encrypt : NULL; -- } - } else --#ifdef HWAES_CAPABLE -+# ifdef HWAES_CAPABLE - if (HWAES_CAPABLE) { -- ret = HWAES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, -- &dat->ks.ks); -+ ret = HWAES_set_encrypt_key(key, ctx->key_len * 8, &dat->ks.ks); - dat->block = (block128_f) HWAES_encrypt; - dat->stream.cbc = NULL; --# ifdef HWAES_cbc_encrypt -+# ifdef HWAES_cbc_encrypt - if (mode == EVP_CIPH_CBC_MODE) - dat->stream.cbc = (cbc128_f) HWAES_cbc_encrypt; - else --# endif --# ifdef HWAES_ctr32_encrypt_blocks -+# endif -+# ifdef HWAES_ctr32_encrypt_blocks - if (mode == EVP_CIPH_CTR_MODE) - dat->stream.ctr = (ctr128_f) HWAES_ctr32_encrypt_blocks; - else --# endif -+# endif - (void)0; /* terminate potentially open 'else' */ - } else --#endif --#ifdef BSAES_CAPABLE -+# endif -+# ifdef BSAES_CAPABLE - if (BSAES_CAPABLE && mode == EVP_CIPH_CTR_MODE) { -- ret = AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, -- &dat->ks.ks); -+ ret = AES_set_encrypt_key(key, ctx->key_len * 8, &dat->ks.ks); - dat->block = (block128_f) AES_encrypt; - dat->stream.ctr = (ctr128_f) bsaes_ctr32_encrypt_blocks; - } else --#endif --#ifdef VPAES_CAPABLE -+# endif -+# ifdef VPAES_CAPABLE - if (VPAES_CAPABLE) { -- ret = vpaes_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, -- &dat->ks.ks); -+ ret = vpaes_set_encrypt_key(key, ctx->key_len * 8, &dat->ks.ks); - dat->block = (block128_f) vpaes_encrypt; - dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? - (cbc128_f) vpaes_cbc_encrypt : NULL; - } else --#endif -+# endif - { -- ret = AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, -- &dat->ks.ks); -+ ret = AES_set_encrypt_key(key, ctx->key_len * 8, &dat->ks.ks); - dat->block = (block128_f) AES_encrypt; - dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? - (cbc128_f) AES_cbc_encrypt : NULL; --#ifdef AES_CTR_ASM -+# ifdef AES_CTR_ASM - if (mode == EVP_CIPH_CTR_MODE) - dat->stream.ctr = (ctr128_f) AES_ctr32_encrypt; --#endif -+# endif - } - - if (ret < 0) { -@@ -1138,18 +1016,14 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) - { -- EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); -+ EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data; - - if (dat->stream.cbc) -- (*dat->stream.cbc) (in, out, len, &dat->ks, -- EVP_CIPHER_CTX_iv_noconst(ctx), -- EVP_CIPHER_CTX_encrypting(ctx)); -- else if (EVP_CIPHER_CTX_encrypting(ctx)) -- CRYPTO_cbc128_encrypt(in, out, len, &dat->ks, -- EVP_CIPHER_CTX_iv_noconst(ctx), dat->block); -+ (*dat->stream.cbc) (in, out, len, &dat->ks, ctx->iv, ctx->encrypt); -+ else if (ctx->encrypt) -+ CRYPTO_cbc128_encrypt(in, out, len, &dat->ks, ctx->iv, dat->block); - else -- CRYPTO_cbc128_decrypt(in, out, len, &dat->ks, -- EVP_CIPHER_CTX_iv_noconst(ctx), dat->block); -+ CRYPTO_cbc128_decrypt(in, out, len, &dat->ks, ctx->iv, dat->block); - - return 1; - } -@@ -1157,9 +1031,9 @@ static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - static int aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) - { -- size_t bl = EVP_CIPHER_CTX_block_size(ctx); -+ size_t bl = ctx->cipher->block_size; - size_t i; -- EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); -+ EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data; - - if (len < bl) - return 1; -@@ -1173,70 +1047,52 @@ static int aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - static int aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) - { -- EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); -+ EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data; - -- int num = EVP_CIPHER_CTX_num(ctx); - CRYPTO_ofb128_encrypt(in, out, len, &dat->ks, -- EVP_CIPHER_CTX_iv_noconst(ctx), &num, dat->block); -- EVP_CIPHER_CTX_set_num(ctx, num); -+ ctx->iv, &ctx->num, dat->block); - return 1; - } - - static int aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) - { -- EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); -+ EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data; - -- int num = EVP_CIPHER_CTX_num(ctx); - CRYPTO_cfb128_encrypt(in, out, len, &dat->ks, -- EVP_CIPHER_CTX_iv_noconst(ctx), &num, -- EVP_CIPHER_CTX_encrypting(ctx), dat->block); -- EVP_CIPHER_CTX_set_num(ctx, num); -+ ctx->iv, &ctx->num, ctx->encrypt, dat->block); - return 1; - } - - static int aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) - { -- EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); -+ EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data; - -- int num = EVP_CIPHER_CTX_num(ctx); - CRYPTO_cfb128_8_encrypt(in, out, len, &dat->ks, -- EVP_CIPHER_CTX_iv_noconst(ctx), &num, -- EVP_CIPHER_CTX_encrypting(ctx), dat->block); -- EVP_CIPHER_CTX_set_num(ctx, num); -+ ctx->iv, &ctx->num, ctx->encrypt, dat->block); - return 1; - } - - static int aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) - { -- EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); -+ EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data; - -- if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) { -- int num = EVP_CIPHER_CTX_num(ctx); -+ if (ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) { - CRYPTO_cfb128_1_encrypt(in, out, len, &dat->ks, -- EVP_CIPHER_CTX_iv_noconst(ctx), &num, -- EVP_CIPHER_CTX_encrypting(ctx), dat->block); -- EVP_CIPHER_CTX_set_num(ctx, num); -+ ctx->iv, &ctx->num, ctx->encrypt, dat->block); - return 1; - } - - while (len >= MAXBITCHUNK) { -- int num = EVP_CIPHER_CTX_num(ctx); - CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks, -- EVP_CIPHER_CTX_iv_noconst(ctx), &num, -- EVP_CIPHER_CTX_encrypting(ctx), dat->block); -- EVP_CIPHER_CTX_set_num(ctx, num); -+ ctx->iv, &ctx->num, ctx->encrypt, dat->block); - len -= MAXBITCHUNK; - } -- if (len) { -- int num = EVP_CIPHER_CTX_num(ctx); -+ if (len) - CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks, -- EVP_CIPHER_CTX_iv_noconst(ctx), &num, -- EVP_CIPHER_CTX_encrypting(ctx), dat->block); -- EVP_CIPHER_CTX_set_num(ctx, num); -- } -+ ctx->iv, &ctx->num, ctx->encrypt, dat->block); - - return 1; - } -@@ -1244,34 +1100,28 @@ static int aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - static int aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) - { -- unsigned int num = EVP_CIPHER_CTX_num(ctx); -- EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); -+ unsigned int num = ctx->num; -+ EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data; - - if (dat->stream.ctr) - CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks, -- EVP_CIPHER_CTX_iv_noconst(ctx), -- EVP_CIPHER_CTX_buf_noconst(ctx), -- &num, dat->stream.ctr); -+ ctx->iv, ctx->buf, &num, dat->stream.ctr); - else - CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, -- EVP_CIPHER_CTX_iv_noconst(ctx), -- EVP_CIPHER_CTX_buf_noconst(ctx), &num, -- dat->block); -- EVP_CIPHER_CTX_set_num(ctx, num); -+ ctx->iv, ctx->buf, &num, dat->block); -+ ctx->num = (size_t)num; - return 1; - } - --BLOCK_CIPHER_generic_pack(NID_aes, 128, 0) -- BLOCK_CIPHER_generic_pack(NID_aes, 192, 0) -- BLOCK_CIPHER_generic_pack(NID_aes, 256, 0) -+BLOCK_CIPHER_generic_pack(NID_aes, 128, EVP_CIPH_FLAG_FIPS) -+ BLOCK_CIPHER_generic_pack(NID_aes, 192, EVP_CIPH_FLAG_FIPS) -+ BLOCK_CIPHER_generic_pack(NID_aes, 256, EVP_CIPH_FLAG_FIPS) - - static int aes_gcm_cleanup(EVP_CIPHER_CTX *c) - { -- EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,c); -- if (gctx == NULL) -- return 0; -+ EVP_AES_GCM_CTX *gctx = c->cipher_data; - OPENSSL_cleanse(&gctx->gcm, sizeof(gctx->gcm)); -- if (gctx->iv != EVP_CIPHER_CTX_iv_noconst(c)) -+ if (gctx->iv != c->iv) - OPENSSL_free(gctx->iv); - return 1; - } -@@ -1294,44 +1144,43 @@ static void ctr64_inc(unsigned char *counter) - - static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) - { -- EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,c); -+ EVP_AES_GCM_CTX *gctx = c->cipher_data; - switch (type) { - case EVP_CTRL_INIT: - gctx->key_set = 0; - gctx->iv_set = 0; -- gctx->ivlen = EVP_CIPHER_CTX_iv_length(c); -- gctx->iv = EVP_CIPHER_CTX_iv_noconst(c); -+ gctx->ivlen = c->cipher->iv_len; -+ gctx->iv = c->iv; - gctx->taglen = -1; - gctx->iv_gen = 0; - gctx->tls_aad_len = -1; - return 1; - -- case EVP_CTRL_AEAD_SET_IVLEN: -+ case EVP_CTRL_GCM_SET_IVLEN: - if (arg <= 0) - return 0; - /* Allocate memory for IV if needed */ - if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) { -- if (gctx->iv != EVP_CIPHER_CTX_iv_noconst(c)) -+ if (gctx->iv != c->iv) - OPENSSL_free(gctx->iv); - gctx->iv = OPENSSL_malloc(arg); -- if (gctx->iv == NULL) -+ if (!gctx->iv) - return 0; - } - gctx->ivlen = arg; - return 1; - -- case EVP_CTRL_AEAD_SET_TAG: -- if (arg <= 0 || arg > 16 || EVP_CIPHER_CTX_encrypting(c)) -+ case EVP_CTRL_GCM_SET_TAG: -+ if (arg <= 0 || arg > 16 || c->encrypt) - return 0; -- memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg); -+ memcpy(c->buf, ptr, arg); - gctx->taglen = arg; - return 1; - -- case EVP_CTRL_AEAD_GET_TAG: -- if (arg <= 0 || arg > 16 || !EVP_CIPHER_CTX_encrypting(c) -- || gctx->taglen < 0) -+ case EVP_CTRL_GCM_GET_TAG: -+ if (arg <= 0 || arg > 16 || !c->encrypt || gctx->taglen < 0) - return 0; -- memcpy(ptr, EVP_CIPHER_CTX_buf_noconst(c), arg); -+ memcpy(ptr, c->buf, arg); - return 1; - - case EVP_CTRL_GCM_SET_IV_FIXED: -@@ -1349,8 +1198,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) - return 0; - if (arg) - memcpy(gctx->iv, ptr, arg); -- if (EVP_CIPHER_CTX_encrypting(c) -- && RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0) -+ if (c->encrypt && RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0) - return 0; - gctx->iv_gen = 1; - return 1; -@@ -1371,8 +1219,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) - return 1; - - case EVP_CTRL_GCM_SET_IV_INV: -- if (gctx->iv_gen == 0 || gctx->key_set == 0 -- || EVP_CIPHER_CTX_encrypting(c)) -+ if (gctx->iv_gen == 0 || gctx->key_set == 0 || c->encrypt) - return 0; - memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg); - CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen); -@@ -1383,24 +1230,17 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) - /* Save the AAD for later use */ - if (arg != EVP_AEAD_TLS1_AAD_LEN) - return 0; -- memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg); -+ memcpy(c->buf, ptr, arg); - gctx->tls_aad_len = arg; - { -- unsigned int len = -- EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] << 8 -- | EVP_CIPHER_CTX_buf_noconst(c)[arg - 1]; -+ unsigned int len = c->buf[arg - 2] << 8 | c->buf[arg - 1]; - /* Correct length for explicit IV */ -- if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN) -- return 0; - len -= EVP_GCM_TLS_EXPLICIT_IV_LEN; - /* If decrypting correct for tag too */ -- if (!EVP_CIPHER_CTX_encrypting(c)) { -- if (len < EVP_GCM_TLS_TAG_LEN) -- return 0; -+ if (!c->encrypt) - len -= EVP_GCM_TLS_TAG_LEN; -- } -- EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] = len >> 8; -- EVP_CIPHER_CTX_buf_noconst(c)[arg - 1] = len & 0xff; -+ c->buf[arg - 2] = len >> 8; -+ c->buf[arg - 1] = len & 0xff; - } - /* Extra padding: tag appended to record */ - return EVP_GCM_TLS_TAG_LEN; -@@ -1408,17 +1248,17 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) - case EVP_CTRL_COPY: - { - EVP_CIPHER_CTX *out = ptr; -- EVP_AES_GCM_CTX *gctx_out = EVP_C_DATA(EVP_AES_GCM_CTX,out); -+ EVP_AES_GCM_CTX *gctx_out = out->cipher_data; - if (gctx->gcm.key) { - if (gctx->gcm.key != &gctx->ks) - return 0; - gctx_out->gcm.key = &gctx_out->ks; - } -- if (gctx->iv == EVP_CIPHER_CTX_iv_noconst(c)) -- gctx_out->iv = EVP_CIPHER_CTX_iv_noconst(out); -+ if (gctx->iv == c->iv) -+ gctx_out->iv = out->iv; - else { - gctx_out->iv = OPENSSL_malloc(gctx->ivlen); -- if (gctx_out->iv == NULL) -+ if (!gctx_out->iv) - return 0; - memcpy(gctx_out->iv, gctx->iv, gctx->ivlen); - } -@@ -1434,56 +1274,52 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) - static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) - { -- EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx); -+ EVP_AES_GCM_CTX *gctx = ctx->cipher_data; - if (!iv && !key) - return 1; - if (key) { - do { --#ifdef HWAES_CAPABLE -+# ifdef HWAES_CAPABLE - if (HWAES_CAPABLE) { -- HWAES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, -- &gctx->ks.ks); -+ HWAES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks); - CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, - (block128_f) HWAES_encrypt); --# ifdef HWAES_ctr32_encrypt_blocks -+# ifdef HWAES_ctr32_encrypt_blocks - gctx->ctr = (ctr128_f) HWAES_ctr32_encrypt_blocks; --# else -+# else - gctx->ctr = NULL; --# endif -+# endif - break; - } else --#endif --#ifdef BSAES_CAPABLE -+# endif -+# ifdef BSAES_CAPABLE - if (BSAES_CAPABLE) { -- AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, -- &gctx->ks.ks); -+ AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks); - CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, - (block128_f) AES_encrypt); - gctx->ctr = (ctr128_f) bsaes_ctr32_encrypt_blocks; - break; - } else --#endif --#ifdef VPAES_CAPABLE -+# endif -+# ifdef VPAES_CAPABLE - if (VPAES_CAPABLE) { -- vpaes_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, -- &gctx->ks.ks); -+ vpaes_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks); - CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, - (block128_f) vpaes_encrypt); - gctx->ctr = NULL; - break; - } else --#endif -+# endif - (void)0; /* terminate potentially open 'else' */ - -- AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, -- &gctx->ks.ks); -+ AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks); - CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, - (block128_f) AES_encrypt); --#ifdef AES_CTR_ASM -+# ifdef AES_CTR_ASM - gctx->ctr = (ctr128_f) AES_ctr32_encrypt; --#else -+# else - gctx->ctr = NULL; --#endif -+# endif - } while (0); - - /* -@@ -1518,7 +1354,7 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) - { -- EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx); -+ EVP_AES_GCM_CTX *gctx = ctx->cipher_data; - int rv = -1; - /* Encrypt/decrypt must be performed in place */ - if (out != in -@@ -1528,23 +1364,22 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - * Set IV from start of buffer or generate IV and write to start of - * buffer. - */ -- if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CIPHER_CTX_encrypting(ctx) ? -+ if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ? - EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV, - EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0) - goto err; - /* Use saved AAD */ -- if (CRYPTO_gcm128_aad(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx), -- gctx->tls_aad_len)) -+ if (CRYPTO_gcm128_aad(&gctx->gcm, ctx->buf, gctx->tls_aad_len)) - goto err; - /* Fix buffer and length to point to payload */ - in += EVP_GCM_TLS_EXPLICIT_IV_LEN; - out += EVP_GCM_TLS_EXPLICIT_IV_LEN; - len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN; -- if (EVP_CIPHER_CTX_encrypting(ctx)) { -+ if (ctx->encrypt) { - /* Encrypt payload */ - if (gctx->ctr) { - size_t bulk = 0; --#if defined(AES_GCM_ASM) -+# if defined(AES_GCM_ASM) - if (len >= 32 && AES_GCM_ASM(gctx)) { - if (CRYPTO_gcm128_encrypt(&gctx->gcm, NULL, NULL, 0)) - return -1; -@@ -1554,7 +1389,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - gctx->gcm.Yi.c, gctx->gcm.Xi.u); - gctx->gcm.len.u[1] += bulk; - } --#endif -+# endif - if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm, - in + bulk, - out + bulk, -@@ -1562,7 +1397,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - goto err; - } else { - size_t bulk = 0; --#if defined(AES_GCM_ASM2) -+# if defined(AES_GCM_ASM2) - if (len >= 32 && AES_GCM_ASM2(gctx)) { - if (CRYPTO_gcm128_encrypt(&gctx->gcm, NULL, NULL, 0)) - return -1; -@@ -1572,7 +1407,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - gctx->gcm.Yi.c, gctx->gcm.Xi.u); - gctx->gcm.len.u[1] += bulk; - } --#endif -+# endif - if (CRYPTO_gcm128_encrypt(&gctx->gcm, - in + bulk, out + bulk, len - bulk)) - goto err; -@@ -1585,7 +1420,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - /* Decrypt */ - if (gctx->ctr) { - size_t bulk = 0; --#if defined(AES_GCM_ASM) -+# if defined(AES_GCM_ASM) - if (len >= 16 && AES_GCM_ASM(gctx)) { - if (CRYPTO_gcm128_decrypt(&gctx->gcm, NULL, NULL, 0)) - return -1; -@@ -1595,7 +1430,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - gctx->gcm.Yi.c, gctx->gcm.Xi.u); - gctx->gcm.len.u[1] += bulk; - } --#endif -+# endif - if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm, - in + bulk, - out + bulk, -@@ -1603,7 +1438,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - goto err; - } else { - size_t bulk = 0; --#if defined(AES_GCM_ASM2) -+# if defined(AES_GCM_ASM2) - if (len >= 16 && AES_GCM_ASM2(gctx)) { - if (CRYPTO_gcm128_decrypt(&gctx->gcm, NULL, NULL, 0)) - return -1; -@@ -1613,17 +1448,15 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - gctx->gcm.Yi.c, gctx->gcm.Xi.u); - gctx->gcm.len.u[1] += bulk; - } --#endif -+# endif - if (CRYPTO_gcm128_decrypt(&gctx->gcm, - in + bulk, out + bulk, len - bulk)) - goto err; - } - /* Retrieve tag */ -- CRYPTO_gcm128_tag(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx), -- EVP_GCM_TLS_TAG_LEN); -+ CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, EVP_GCM_TLS_TAG_LEN); - /* If tag mismatch wipe buffer */ -- if (CRYPTO_memcmp(EVP_CIPHER_CTX_buf_noconst(ctx), in + len, -- EVP_GCM_TLS_TAG_LEN)) { -+ if (CRYPTO_memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) { - OPENSSL_cleanse(out, len); - goto err; - } -@@ -1639,7 +1472,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) - { -- EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx); -+ EVP_AES_GCM_CTX *gctx = ctx->cipher_data; - /* If not set up, return error */ - if (!gctx->key_set) - return -1; -@@ -1653,10 +1486,10 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - if (out == NULL) { - if (CRYPTO_gcm128_aad(&gctx->gcm, in, len)) - return -1; -- } else if (EVP_CIPHER_CTX_encrypting(ctx)) { -+ } else if (ctx->encrypt) { - if (gctx->ctr) { - size_t bulk = 0; --#if defined(AES_GCM_ASM) -+# if defined(AES_GCM_ASM) - if (len >= 32 && AES_GCM_ASM(gctx)) { - size_t res = (16 - gctx->gcm.mres) % 16; - -@@ -1670,7 +1503,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - gctx->gcm.len.u[1] += bulk; - bulk += res; - } --#endif -+# endif - if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm, - in + bulk, - out + bulk, -@@ -1678,7 +1511,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - return -1; - } else { - size_t bulk = 0; --#if defined(AES_GCM_ASM2) -+# if defined(AES_GCM_ASM2) - if (len >= 32 && AES_GCM_ASM2(gctx)) { - size_t res = (16 - gctx->gcm.mres) % 16; - -@@ -1692,7 +1525,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - gctx->gcm.len.u[1] += bulk; - bulk += res; - } --#endif -+# endif - if (CRYPTO_gcm128_encrypt(&gctx->gcm, - in + bulk, out + bulk, len - bulk)) - return -1; -@@ -1700,7 +1533,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - } else { - if (gctx->ctr) { - size_t bulk = 0; --#if defined(AES_GCM_ASM) -+# if defined(AES_GCM_ASM) - if (len >= 16 && AES_GCM_ASM(gctx)) { - size_t res = (16 - gctx->gcm.mres) % 16; - -@@ -1714,7 +1547,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - gctx->gcm.len.u[1] += bulk; - bulk += res; - } --#endif -+# endif - if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm, - in + bulk, - out + bulk, -@@ -1722,7 +1555,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - return -1; - } else { - size_t bulk = 0; --#if defined(AES_GCM_ASM2) -+# if defined(AES_GCM_ASM2) - if (len >= 16 && AES_GCM_ASM2(gctx)) { - size_t res = (16 - gctx->gcm.mres) % 16; - -@@ -1736,7 +1569,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - gctx->gcm.len.u[1] += bulk; - bulk += res; - } --#endif -+# endif - if (CRYPTO_gcm128_decrypt(&gctx->gcm, - in + bulk, out + bulk, len - bulk)) - return -1; -@@ -1744,17 +1577,15 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - } - return len; - } else { -- if (!EVP_CIPHER_CTX_encrypting(ctx)) { -+ if (!ctx->encrypt) { - if (gctx->taglen < 0) - return -1; -- if (CRYPTO_gcm128_finish(&gctx->gcm, -- EVP_CIPHER_CTX_buf_noconst(ctx), -- gctx->taglen) != 0) -+ if (CRYPTO_gcm128_finish(&gctx->gcm, ctx->buf, gctx->taglen) != 0) - return -1; - gctx->iv_set = 0; - return 0; - } -- CRYPTO_gcm128_tag(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx), 16); -+ CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, 16); - gctx->taglen = 16; - /* Don't reuse the IV */ - gctx->iv_set = 0; -@@ -1763,24 +1594,27 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - - } - --#define CUSTOM_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 \ -+# define CUSTOM_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 \ - | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ - | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \ - | EVP_CIPH_CUSTOM_COPY) - - BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, gcm, GCM, -- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) -+ EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER | -+ CUSTOM_FLAGS) - BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, gcm, GCM, -- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) -+ EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER | -+ CUSTOM_FLAGS) - BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, gcm, GCM, -- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) -+ EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER | -+ CUSTOM_FLAGS) - - static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) - { -- EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,c); -+ EVP_AES_XTS_CTX *xctx = c->cipher_data; - if (type == EVP_CTRL_COPY) { - EVP_CIPHER_CTX *out = ptr; -- EVP_AES_XTS_CTX *xctx_out = EVP_C_DATA(EVP_AES_XTS_CTX,out); -+ EVP_AES_XTS_CTX *xctx_out = out->cipher_data; - if (xctx->xts.key1) { - if (xctx->xts.key1 != &xctx->ks1) - return 0; -@@ -1803,90 +1637,75 @@ static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) - static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) - { -- EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx); -+ EVP_AES_XTS_CTX *xctx = ctx->cipher_data; - if (!iv && !key) - return 1; - - if (key) - do { --#ifdef AES_XTS_ASM -+# ifdef AES_XTS_ASM - xctx->stream = enc ? AES_xts_encrypt : AES_xts_decrypt; --#else -+# else - xctx->stream = NULL; --#endif -+# endif - /* key_len is two AES keys */ --#ifdef HWAES_CAPABLE -+# ifdef HWAES_CAPABLE - if (HWAES_CAPABLE) { - if (enc) { -- HWAES_set_encrypt_key(key, -- EVP_CIPHER_CTX_key_length(ctx) * 4, -+ HWAES_set_encrypt_key(key, ctx->key_len * 4, - &xctx->ks1.ks); - xctx->xts.block1 = (block128_f) HWAES_encrypt; --# ifdef HWAES_xts_encrypt -- xctx->stream = HWAES_xts_encrypt; --# endif - } else { -- HWAES_set_decrypt_key(key, -- EVP_CIPHER_CTX_key_length(ctx) * 4, -+ HWAES_set_decrypt_key(key, ctx->key_len * 4, - &xctx->ks1.ks); - xctx->xts.block1 = (block128_f) HWAES_decrypt; --# ifdef HWAES_xts_decrypt -- xctx->stream = HWAES_xts_decrypt; --#endif - } - -- HWAES_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2, -- EVP_CIPHER_CTX_key_length(ctx) * 4, -- &xctx->ks2.ks); -+ HWAES_set_encrypt_key(key + ctx->key_len / 2, -+ ctx->key_len * 4, &xctx->ks2.ks); - xctx->xts.block2 = (block128_f) HWAES_encrypt; - - xctx->xts.key1 = &xctx->ks1; - break; - } else --#endif --#ifdef BSAES_CAPABLE -+# endif -+# ifdef BSAES_CAPABLE - if (BSAES_CAPABLE) - xctx->stream = enc ? bsaes_xts_encrypt : bsaes_xts_decrypt; - else --#endif --#ifdef VPAES_CAPABLE -+# endif -+# ifdef VPAES_CAPABLE - if (VPAES_CAPABLE) { - if (enc) { -- vpaes_set_encrypt_key(key, -- EVP_CIPHER_CTX_key_length(ctx) * 4, -+ vpaes_set_encrypt_key(key, ctx->key_len * 4, - &xctx->ks1.ks); - xctx->xts.block1 = (block128_f) vpaes_encrypt; - } else { -- vpaes_set_decrypt_key(key, -- EVP_CIPHER_CTX_key_length(ctx) * 4, -+ vpaes_set_decrypt_key(key, ctx->key_len * 4, - &xctx->ks1.ks); - xctx->xts.block1 = (block128_f) vpaes_decrypt; - } - -- vpaes_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2, -- EVP_CIPHER_CTX_key_length(ctx) * 4, -- &xctx->ks2.ks); -+ vpaes_set_encrypt_key(key + ctx->key_len / 2, -+ ctx->key_len * 4, &xctx->ks2.ks); - xctx->xts.block2 = (block128_f) vpaes_encrypt; - - xctx->xts.key1 = &xctx->ks1; - break; - } else --#endif -+# endif - (void)0; /* terminate potentially open 'else' */ - - if (enc) { -- AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4, -- &xctx->ks1.ks); -+ AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f) AES_encrypt; - } else { -- AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4, -- &xctx->ks1.ks); -+ AES_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f) AES_decrypt; - } - -- AES_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2, -- EVP_CIPHER_CTX_key_length(ctx) * 4, -- &xctx->ks2.ks); -+ AES_set_encrypt_key(key + ctx->key_len / 2, -+ ctx->key_len * 4, &xctx->ks2.ks); - xctx->xts.block2 = (block128_f) AES_encrypt; - - xctx->xts.key1 = &xctx->ks1; -@@ -1894,7 +1713,7 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - - if (iv) { - xctx->xts.key2 = &xctx->ks2; -- memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 16); -+ memcpy(ctx->iv, iv, 16); - } - - return 1; -@@ -1903,34 +1722,34 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - static int aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) - { -- EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx); -+ EVP_AES_XTS_CTX *xctx = ctx->cipher_data; - if (!xctx->xts.key1 || !xctx->xts.key2) - return 0; - if (!out || !in || len < AES_BLOCK_SIZE) - return 0; - if (xctx->stream) - (*xctx->stream) (in, out, len, -- xctx->xts.key1, xctx->xts.key2, -- EVP_CIPHER_CTX_iv_noconst(ctx)); -- else if (CRYPTO_xts128_encrypt(&xctx->xts, EVP_CIPHER_CTX_iv_noconst(ctx), -- in, out, len, -- EVP_CIPHER_CTX_encrypting(ctx))) -+ xctx->xts.key1, xctx->xts.key2, ctx->iv); -+ else if (CRYPTO_xts128_encrypt(&xctx->xts, ctx->iv, in, out, len, -+ ctx->encrypt)) - return 0; - return 1; - } - --#define aes_xts_cleanup NULL -+# define aes_xts_cleanup NULL - --#define XTS_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV \ -+# define XTS_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV \ - | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \ - | EVP_CIPH_CUSTOM_COPY) - --BLOCK_CIPHER_custom(NID_aes, 128, 1, 16, xts, XTS, XTS_FLAGS) -- BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS, XTS_FLAGS) -+BLOCK_CIPHER_custom(NID_aes, 128, 1, 16, xts, XTS, -+ EVP_CIPH_FLAG_FIPS | XTS_FLAGS) -+ BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS, -+ EVP_CIPH_FLAG_FIPS | XTS_FLAGS) - - static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) - { -- EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,c); -+ EVP_AES_CCM_CTX *cctx = c->cipher_data; - switch (type) { - case EVP_CTRL_INIT: - cctx->key_set = 0; -@@ -1939,44 +1758,9 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) - cctx->M = 12; - cctx->tag_set = 0; - cctx->len_set = 0; -- cctx->tls_aad_len = -1; - return 1; - -- case EVP_CTRL_AEAD_TLS1_AAD: -- /* Save the AAD for later use */ -- if (arg != EVP_AEAD_TLS1_AAD_LEN) -- return 0; -- memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg); -- cctx->tls_aad_len = arg; -- { -- uint16_t len = -- EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] << 8 -- | EVP_CIPHER_CTX_buf_noconst(c)[arg - 1]; -- /* Correct length for explicit IV */ -- if (len < EVP_CCM_TLS_EXPLICIT_IV_LEN) -- return 0; -- len -= EVP_CCM_TLS_EXPLICIT_IV_LEN; -- /* If decrypting correct for tag too */ -- if (!EVP_CIPHER_CTX_encrypting(c)) { -- if (len < cctx->M) -- return 0; -- len -= cctx->M; -- } -- EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] = len >> 8; -- EVP_CIPHER_CTX_buf_noconst(c)[arg - 1] = len & 0xff; -- } -- /* Extra padding: tag appended to record */ -- return cctx->M; -- -- case EVP_CTRL_CCM_SET_IV_FIXED: -- /* Sanity check length */ -- if (arg != EVP_CCM_TLS_FIXED_IV_LEN) -- return 0; -- /* Just copy to first part of IV */ -- memcpy(EVP_CIPHER_CTX_iv_noconst(c), ptr, arg); -- return 1; -- -- case EVP_CTRL_AEAD_SET_IVLEN: -+ case EVP_CTRL_CCM_SET_IVLEN: - arg = 15 - arg; - case EVP_CTRL_CCM_SET_L: - if (arg < 2 || arg > 8) -@@ -1984,20 +1768,20 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) - cctx->L = arg; - return 1; - -- case EVP_CTRL_AEAD_SET_TAG: -+ case EVP_CTRL_CCM_SET_TAG: - if ((arg & 1) || arg < 4 || arg > 16) - return 0; -- if (EVP_CIPHER_CTX_encrypting(c) && ptr) -+ if (c->encrypt && ptr) - return 0; - if (ptr) { - cctx->tag_set = 1; -- memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg); -+ memcpy(c->buf, ptr, arg); - } - cctx->M = arg; - return 1; - -- case EVP_CTRL_AEAD_GET_TAG: -- if (!EVP_CIPHER_CTX_encrypting(c) || !cctx->tag_set) -+ case EVP_CTRL_CCM_GET_TAG: -+ if (!c->encrypt || !cctx->tag_set) - return 0; - if (!CRYPTO_ccm128_tag(&cctx->ccm, ptr, (size_t)arg)) - return 0; -@@ -2009,7 +1793,7 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) - case EVP_CTRL_COPY: - { - EVP_CIPHER_CTX *out = ptr; -- EVP_AES_CCM_CTX *cctx_out = EVP_C_DATA(EVP_AES_CCM_CTX,out); -+ EVP_AES_CCM_CTX *cctx_out = out->cipher_data; - if (cctx->ccm.key) { - if (cctx->ccm.key != &cctx->ks) - return 0; -@@ -2027,15 +1811,14 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) - static int aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) - { -- EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx); -+ EVP_AES_CCM_CTX *cctx = ctx->cipher_data; - if (!iv && !key) - return 1; - if (key) - do { --#ifdef HWAES_CAPABLE -+# ifdef HWAES_CAPABLE - if (HWAES_CAPABLE) { -- HWAES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, -- &cctx->ks.ks); -+ HWAES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks.ks); - - CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, - &cctx->ks, (block128_f) HWAES_encrypt); -@@ -2043,101 +1826,43 @@ static int aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - cctx->key_set = 1; - break; - } else --#endif --#ifdef VPAES_CAPABLE -+# endif -+# ifdef VPAES_CAPABLE - if (VPAES_CAPABLE) { -- vpaes_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, -- &cctx->ks.ks); -+ vpaes_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks.ks); - CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, - &cctx->ks, (block128_f) vpaes_encrypt); - cctx->str = NULL; - cctx->key_set = 1; - break; - } --#endif -- AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, -- &cctx->ks.ks); -+# endif -+ AES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks.ks); - CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, - &cctx->ks, (block128_f) AES_encrypt); - cctx->str = NULL; - cctx->key_set = 1; - } while (0); - if (iv) { -- memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 15 - cctx->L); -+ memcpy(ctx->iv, iv, 15 - cctx->L); - cctx->iv_set = 1; - } - return 1; - } - --static int aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -- const unsigned char *in, size_t len) --{ -- EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx); -- CCM128_CONTEXT *ccm = &cctx->ccm; -- /* Encrypt/decrypt must be performed in place */ -- if (out != in || len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->M)) -- return -1; -- /* If encrypting set explicit IV from sequence number (start of AAD) */ -- if (EVP_CIPHER_CTX_encrypting(ctx)) -- memcpy(out, EVP_CIPHER_CTX_buf_noconst(ctx), -- EVP_CCM_TLS_EXPLICIT_IV_LEN); -- /* Get rest of IV from explicit IV */ -- memcpy(EVP_CIPHER_CTX_iv_noconst(ctx) + EVP_CCM_TLS_FIXED_IV_LEN, in, -- EVP_CCM_TLS_EXPLICIT_IV_LEN); -- /* Correct length value */ -- len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M; -- if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx), 15 - cctx->L, -- len)) -- return -1; -- /* Use saved AAD */ -- CRYPTO_ccm128_aad(ccm, EVP_CIPHER_CTX_buf_noconst(ctx), cctx->tls_aad_len); -- /* Fix buffer to point to payload */ -- in += EVP_CCM_TLS_EXPLICIT_IV_LEN; -- out += EVP_CCM_TLS_EXPLICIT_IV_LEN; -- if (EVP_CIPHER_CTX_encrypting(ctx)) { -- if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, -- cctx->str) : -- CRYPTO_ccm128_encrypt(ccm, in, out, len)) -- return -1; -- if (!CRYPTO_ccm128_tag(ccm, out + len, cctx->M)) -- return -1; -- return len + EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M; -- } else { -- if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len, -- cctx->str) : -- !CRYPTO_ccm128_decrypt(ccm, in, out, len)) { -- unsigned char tag[16]; -- if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) { -- if (!CRYPTO_memcmp(tag, in + len, cctx->M)) -- return len; -- } -- } -- OPENSSL_cleanse(out, len); -- return -1; -- } --} -- - static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) - { -- EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx); -+ EVP_AES_CCM_CTX *cctx = ctx->cipher_data; - CCM128_CONTEXT *ccm = &cctx->ccm; - /* If not set up, return error */ -- if (!cctx->key_set) -+ if (!cctx->iv_set && !cctx->key_set) - return -1; -- -- if (cctx->tls_aad_len >= 0) -- return aes_ccm_tls_cipher(ctx, out, in, len); -- -- if (!cctx->iv_set) -- return -1; -- -- if (!EVP_CIPHER_CTX_encrypting(ctx) && !cctx->tag_set) -+ if (!ctx->encrypt && !cctx->tag_set) - return -1; - if (!out) { - if (!in) { -- if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx), -- 15 - cctx->L, len)) -+ if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len)) - return -1; - cctx->len_set = 1; - return len; -@@ -2153,12 +1878,11 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - return 0; - /* If not set length yet do it */ - if (!cctx->len_set) { -- if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx), -- 15 - cctx->L, len)) -+ if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len)) - return -1; - cctx->len_set = 1; - } -- if (EVP_CIPHER_CTX_encrypting(ctx)) { -+ if (ctx->encrypt) { - if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, - cctx->str) : - CRYPTO_ccm128_encrypt(ccm, in, out, len)) -@@ -2172,8 +1896,7 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - !CRYPTO_ccm128_decrypt(ccm, in, out, len)) { - unsigned char tag[16]; - if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) { -- if (!CRYPTO_memcmp(tag, EVP_CIPHER_CTX_buf_noconst(ctx), -- cctx->M)) -+ if (!CRYPTO_memcmp(tag, ctx->buf, cctx->M)) - rv = len; - } - } -@@ -2184,17 +1907,18 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - cctx->len_set = 0; - return rv; - } -+ - } - --#define aes_ccm_cleanup NULL -+# define aes_ccm_cleanup NULL - - BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM, -- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) -+ EVP_CIPH_FLAG_FIPS | CUSTOM_FLAGS) - BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM, -- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) -+ EVP_CIPH_FLAG_FIPS | CUSTOM_FLAGS) - BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM, -- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) -- -+ EVP_CIPH_FLAG_FIPS | CUSTOM_FLAGS) -+#endif - typedef struct { - union { - double align; -@@ -2207,22 +1931,20 @@ typedef struct { - static int aes_wrap_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) - { -- EVP_AES_WRAP_CTX *wctx = EVP_C_DATA(EVP_AES_WRAP_CTX,ctx); -+ EVP_AES_WRAP_CTX *wctx = ctx->cipher_data; - if (!iv && !key) - return 1; - if (key) { -- if (EVP_CIPHER_CTX_encrypting(ctx)) -- AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, -- &wctx->ks.ks); -+ if (ctx->encrypt) -+ AES_set_encrypt_key(key, ctx->key_len * 8, &wctx->ks.ks); - else -- AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, -- &wctx->ks.ks); -+ AES_set_decrypt_key(key, ctx->key_len * 8, &wctx->ks.ks); - if (!iv) - wctx->iv = NULL; - } - if (iv) { -- memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, EVP_CIPHER_CTX_iv_length(ctx)); -- wctx->iv = EVP_CIPHER_CTX_iv_noconst(ctx); -+ memcpy(ctx->iv, iv, 8); -+ wctx->iv = ctx->iv; - } - return 1; - } -@@ -2230,59 +1952,28 @@ static int aes_wrap_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - static int aes_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inlen) - { -- EVP_AES_WRAP_CTX *wctx = EVP_C_DATA(EVP_AES_WRAP_CTX,ctx); -+ EVP_AES_WRAP_CTX *wctx = ctx->cipher_data; - size_t rv; -- /* AES wrap with padding has IV length of 4, without padding 8 */ -- int pad = EVP_CIPHER_CTX_iv_length(ctx) == 4; -- /* No final operation so always return zero length */ - if (!in) - return 0; -- /* Input length must always be non-zero */ -- if (!inlen) -+ if (inlen % 8) - return -1; -- /* If decrypting need at least 16 bytes and multiple of 8 */ -- if (!EVP_CIPHER_CTX_encrypting(ctx) && (inlen < 16 || inlen & 0x7)) -+ if (ctx->encrypt && inlen < 8) - return -1; -- /* If not padding input must be multiple of 8 */ -- if (!pad && inlen & 0x7) -+ if (!ctx->encrypt && inlen < 16) - return -1; -- if (is_partially_overlapping(out, in, inlen)) { -- EVPerr(EVP_F_AES_WRAP_CIPHER, EVP_R_PARTIALLY_OVERLAPPING); -- return 0; -- } - if (!out) { -- if (EVP_CIPHER_CTX_encrypting(ctx)) { -- /* If padding round up to multiple of 8 */ -- if (pad) -- inlen = (inlen + 7) / 8 * 8; -- /* 8 byte prefix */ -+ if (ctx->encrypt) - return inlen + 8; -- } else { -- /* -- * If not padding output will be exactly 8 bytes smaller than -- * input. If padding it will be at least 8 bytes smaller but we -- * don't know how much. -- */ -- return inlen - 8; -- } -- } -- if (pad) { -- if (EVP_CIPHER_CTX_encrypting(ctx)) -- rv = CRYPTO_128_wrap_pad(&wctx->ks.ks, wctx->iv, -- out, in, inlen, -- (block128_f) AES_encrypt); - else -- rv = CRYPTO_128_unwrap_pad(&wctx->ks.ks, wctx->iv, -- out, in, inlen, -- (block128_f) AES_decrypt); -- } else { -- if (EVP_CIPHER_CTX_encrypting(ctx)) -- rv = CRYPTO_128_wrap(&wctx->ks.ks, wctx->iv, -- out, in, inlen, (block128_f) AES_encrypt); -- else -- rv = CRYPTO_128_unwrap(&wctx->ks.ks, wctx->iv, -- out, in, inlen, (block128_f) AES_decrypt); -+ return inlen - 8; - } -+ if (ctx->encrypt) -+ rv = CRYPTO_128_wrap(&wctx->ks.ks, wctx->iv, out, in, inlen, -+ (block128_f) AES_encrypt); -+ else -+ rv = CRYPTO_128_unwrap(&wctx->ks.ks, wctx->iv, out, in, inlen, -+ (block128_f) AES_decrypt); - return rv ? (int)rv : -1; - } - -@@ -2331,372 +2022,3 @@ const EVP_CIPHER *EVP_aes_256_wrap(void) - { - return &aes_256_wrap; - } -- --static const EVP_CIPHER aes_128_wrap_pad = { -- NID_id_aes128_wrap_pad, -- 8, 16, 4, WRAP_FLAGS, -- aes_wrap_init_key, aes_wrap_cipher, -- NULL, -- sizeof(EVP_AES_WRAP_CTX), -- NULL, NULL, NULL, NULL --}; -- --const EVP_CIPHER *EVP_aes_128_wrap_pad(void) --{ -- return &aes_128_wrap_pad; --} -- --static const EVP_CIPHER aes_192_wrap_pad = { -- NID_id_aes192_wrap_pad, -- 8, 24, 4, WRAP_FLAGS, -- aes_wrap_init_key, aes_wrap_cipher, -- NULL, -- sizeof(EVP_AES_WRAP_CTX), -- NULL, NULL, NULL, NULL --}; -- --const EVP_CIPHER *EVP_aes_192_wrap_pad(void) --{ -- return &aes_192_wrap_pad; --} -- --static const EVP_CIPHER aes_256_wrap_pad = { -- NID_id_aes256_wrap_pad, -- 8, 32, 4, WRAP_FLAGS, -- aes_wrap_init_key, aes_wrap_cipher, -- NULL, -- sizeof(EVP_AES_WRAP_CTX), -- NULL, NULL, NULL, NULL --}; -- --const EVP_CIPHER *EVP_aes_256_wrap_pad(void) --{ -- return &aes_256_wrap_pad; --} -- --#ifndef OPENSSL_NO_OCB --static int aes_ocb_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) --{ -- EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,c); -- EVP_CIPHER_CTX *newc; -- EVP_AES_OCB_CTX *new_octx; -- -- switch (type) { -- case EVP_CTRL_INIT: -- octx->key_set = 0; -- octx->iv_set = 0; -- octx->ivlen = EVP_CIPHER_CTX_iv_length(c); -- octx->iv = EVP_CIPHER_CTX_iv_noconst(c); -- octx->taglen = 16; -- octx->data_buf_len = 0; -- octx->aad_buf_len = 0; -- return 1; -- -- case EVP_CTRL_AEAD_SET_IVLEN: -- /* IV len must be 1 to 15 */ -- if (arg <= 0 || arg > 15) -- return 0; -- -- octx->ivlen = arg; -- return 1; -- -- case EVP_CTRL_AEAD_SET_TAG: -- if (!ptr) { -- /* Tag len must be 0 to 16 */ -- if (arg < 0 || arg > 16) -- return 0; -- -- octx->taglen = arg; -- return 1; -- } -- if (arg != octx->taglen || EVP_CIPHER_CTX_encrypting(c)) -- return 0; -- memcpy(octx->tag, ptr, arg); -- return 1; -- -- case EVP_CTRL_AEAD_GET_TAG: -- if (arg != octx->taglen || !EVP_CIPHER_CTX_encrypting(c)) -- return 0; -- -- memcpy(ptr, octx->tag, arg); -- return 1; -- -- case EVP_CTRL_COPY: -- newc = (EVP_CIPHER_CTX *)ptr; -- new_octx = EVP_C_DATA(EVP_AES_OCB_CTX,newc); -- return CRYPTO_ocb128_copy_ctx(&new_octx->ocb, &octx->ocb, -- &new_octx->ksenc.ks, -- &new_octx->ksdec.ks); -- -- default: -- return -1; -- -- } --} -- --# ifdef HWAES_CAPABLE --# ifdef HWAES_ocb_encrypt --void HWAES_ocb_encrypt(const unsigned char *in, unsigned char *out, -- size_t blocks, const void *key, -- size_t start_block_num, -- unsigned char offset_i[16], -- const unsigned char L_[][16], -- unsigned char checksum[16]); --# else --# define HWAES_ocb_encrypt ((ocb128_f)NULL) --# endif --# ifdef HWAES_ocb_decrypt --void HWAES_ocb_decrypt(const unsigned char *in, unsigned char *out, -- size_t blocks, const void *key, -- size_t start_block_num, -- unsigned char offset_i[16], -- const unsigned char L_[][16], -- unsigned char checksum[16]); --# else --# define HWAES_ocb_decrypt ((ocb128_f)NULL) --# endif --# endif -- --static int aes_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -- const unsigned char *iv, int enc) --{ -- EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx); -- if (!iv && !key) -- return 1; -- if (key) { -- do { -- /* -- * We set both the encrypt and decrypt key here because decrypt -- * needs both. We could possibly optimise to remove setting the -- * decrypt for an encryption operation. -- */ --# ifdef HWAES_CAPABLE -- if (HWAES_CAPABLE) { -- HWAES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, -- &octx->ksenc.ks); -- HWAES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, -- &octx->ksdec.ks); -- if (!CRYPTO_ocb128_init(&octx->ocb, -- &octx->ksenc.ks, &octx->ksdec.ks, -- (block128_f) HWAES_encrypt, -- (block128_f) HWAES_decrypt, -- enc ? HWAES_ocb_encrypt -- : HWAES_ocb_decrypt)) -- return 0; -- break; -- } --# endif --# ifdef VPAES_CAPABLE -- if (VPAES_CAPABLE) { -- vpaes_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, -- &octx->ksenc.ks); -- vpaes_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, -- &octx->ksdec.ks); -- if (!CRYPTO_ocb128_init(&octx->ocb, -- &octx->ksenc.ks, &octx->ksdec.ks, -- (block128_f) vpaes_encrypt, -- (block128_f) vpaes_decrypt, -- NULL)) -- return 0; -- break; -- } --# endif -- AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, -- &octx->ksenc.ks); -- AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, -- &octx->ksdec.ks); -- if (!CRYPTO_ocb128_init(&octx->ocb, -- &octx->ksenc.ks, &octx->ksdec.ks, -- (block128_f) AES_encrypt, -- (block128_f) AES_decrypt, -- NULL)) -- return 0; -- } -- while (0); -- -- /* -- * If we have an iv we can set it directly, otherwise use saved IV. -- */ -- if (iv == NULL && octx->iv_set) -- iv = octx->iv; -- if (iv) { -- if (CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen) -- != 1) -- return 0; -- octx->iv_set = 1; -- } -- octx->key_set = 1; -- } else { -- /* If key set use IV, otherwise copy */ -- if (octx->key_set) -- CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen); -- else -- memcpy(octx->iv, iv, octx->ivlen); -- octx->iv_set = 1; -- } -- return 1; --} -- --static int aes_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -- const unsigned char *in, size_t len) --{ -- unsigned char *buf; -- int *buf_len; -- int written_len = 0; -- size_t trailing_len; -- EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx); -- -- /* If IV or Key not set then return error */ -- if (!octx->iv_set) -- return -1; -- -- if (!octx->key_set) -- return -1; -- -- if (in != NULL) { -- /* -- * Need to ensure we are only passing full blocks to low level OCB -- * routines. We do it here rather than in EVP_EncryptUpdate/ -- * EVP_DecryptUpdate because we need to pass full blocks of AAD too -- * and those routines don't support that -- */ -- -- /* Are we dealing with AAD or normal data here? */ -- if (out == NULL) { -- buf = octx->aad_buf; -- buf_len = &(octx->aad_buf_len); -- } else { -- buf = octx->data_buf; -- buf_len = &(octx->data_buf_len); -- -- if (is_partially_overlapping(out + *buf_len, in, len)) { -- EVPerr(EVP_F_AES_OCB_CIPHER, EVP_R_PARTIALLY_OVERLAPPING); -- return 0; -- } -- } -- -- /* -- * If we've got a partially filled buffer from a previous call then -- * use that data first -- */ -- if (*buf_len > 0) { -- unsigned int remaining; -- -- remaining = AES_BLOCK_SIZE - (*buf_len); -- if (remaining > len) { -- memcpy(buf + (*buf_len), in, len); -- *(buf_len) += len; -- return 0; -- } -- memcpy(buf + (*buf_len), in, remaining); -- -- /* -- * If we get here we've filled the buffer, so process it -- */ -- len -= remaining; -- in += remaining; -- if (out == NULL) { -- if (!CRYPTO_ocb128_aad(&octx->ocb, buf, AES_BLOCK_SIZE)) -- return -1; -- } else if (EVP_CIPHER_CTX_encrypting(ctx)) { -- if (!CRYPTO_ocb128_encrypt(&octx->ocb, buf, out, -- AES_BLOCK_SIZE)) -- return -1; -- } else { -- if (!CRYPTO_ocb128_decrypt(&octx->ocb, buf, out, -- AES_BLOCK_SIZE)) -- return -1; -- } -- written_len = AES_BLOCK_SIZE; -- *buf_len = 0; -- if (out != NULL) -- out += AES_BLOCK_SIZE; -- } -- -- /* Do we have a partial block to handle at the end? */ -- trailing_len = len % AES_BLOCK_SIZE; -- -- /* -- * If we've got some full blocks to handle, then process these first -- */ -- if (len != trailing_len) { -- if (out == NULL) { -- if (!CRYPTO_ocb128_aad(&octx->ocb, in, len - trailing_len)) -- return -1; -- } else if (EVP_CIPHER_CTX_encrypting(ctx)) { -- if (!CRYPTO_ocb128_encrypt -- (&octx->ocb, in, out, len - trailing_len)) -- return -1; -- } else { -- if (!CRYPTO_ocb128_decrypt -- (&octx->ocb, in, out, len - trailing_len)) -- return -1; -- } -- written_len += len - trailing_len; -- in += len - trailing_len; -- } -- -- /* Handle any trailing partial block */ -- if (trailing_len > 0) { -- memcpy(buf, in, trailing_len); -- *buf_len = trailing_len; -- } -- -- return written_len; -- } else { -- /* -- * First of all empty the buffer of any partial block that we might -- * have been provided - both for data and AAD -- */ -- if (octx->data_buf_len > 0) { -- if (EVP_CIPHER_CTX_encrypting(ctx)) { -- if (!CRYPTO_ocb128_encrypt(&octx->ocb, octx->data_buf, out, -- octx->data_buf_len)) -- return -1; -- } else { -- if (!CRYPTO_ocb128_decrypt(&octx->ocb, octx->data_buf, out, -- octx->data_buf_len)) -- return -1; -- } -- written_len = octx->data_buf_len; -- octx->data_buf_len = 0; -- } -- if (octx->aad_buf_len > 0) { -- if (!CRYPTO_ocb128_aad -- (&octx->ocb, octx->aad_buf, octx->aad_buf_len)) -- return -1; -- octx->aad_buf_len = 0; -- } -- /* If decrypting then verify */ -- if (!EVP_CIPHER_CTX_encrypting(ctx)) { -- if (octx->taglen < 0) -- return -1; -- if (CRYPTO_ocb128_finish(&octx->ocb, -- octx->tag, octx->taglen) != 0) -- return -1; -- octx->iv_set = 0; -- return written_len; -- } -- /* If encrypting then just get the tag */ -- if (CRYPTO_ocb128_tag(&octx->ocb, octx->tag, 16) != 1) -- return -1; -- /* Don't reuse the IV */ -- octx->iv_set = 0; -- return written_len; -- } --} -- --static int aes_ocb_cleanup(EVP_CIPHER_CTX *c) --{ -- EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,c); -- CRYPTO_ocb128_cleanup(&octx->ocb); -- return 1; --} -- --BLOCK_CIPHER_custom(NID_aes, 128, 16, 12, ocb, OCB, -- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) --BLOCK_CIPHER_custom(NID_aes, 192, 16, 12, ocb, OCB, -- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) --BLOCK_CIPHER_custom(NID_aes, 256, 16, 12, ocb, OCB, -- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) --#endif /* OPENSSL_NO_OCB */ -diff --git a/Cryptlib/OpenSSL/crypto/evp/e_aes_cbc_hmac_sha1.c b/Cryptlib/OpenSSL/crypto/evp/e_aes_cbc_hmac_sha1.c -index 52c7c74..6dfd590 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/e_aes_cbc_hmac_sha1.c -+++ b/Cryptlib/OpenSSL/crypto/evp/e_aes_cbc_hmac_sha1.c -@@ -1,10 +1,50 @@ --/* -- * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* ==================================================================== -+ * Copyright (c) 2011-2013 The OpenSSL Project. All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== - */ - - #include -@@ -12,14 +52,31 @@ - #include - #include - --#include --#include --#include --#include --#include --#include "modes_lcl.h" --#include "internal/evp_int.h" --#include "internal/constant_time_locl.h" -+#if !defined(OPENSSL_NO_AES) && !defined(OPENSSL_NO_SHA1) -+ -+# include -+# include -+# include -+# include -+# include -+# include "modes_lcl.h" -+# include "constant_time_locl.h" -+ -+# ifndef EVP_CIPH_FLAG_AEAD_CIPHER -+# define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 -+# define EVP_CTRL_AEAD_TLS1_AAD 0x16 -+# define EVP_CTRL_AEAD_SET_MAC_KEY 0x17 -+# endif -+ -+# if !defined(EVP_CIPH_FLAG_DEFAULT_ASN1) -+# define EVP_CIPH_FLAG_DEFAULT_ASN1 0 -+# endif -+ -+# if !defined(EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) -+# define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0 -+# endif -+ -+# define TLS1_1_VERSION 0x0302 - - typedef struct { - AES_KEY ks; -@@ -31,14 +88,15 @@ typedef struct { - } aux; - } EVP_AES_HMAC_SHA1; - --#define NO_PAYLOAD_LENGTH ((size_t)-1) -+# define NO_PAYLOAD_LENGTH ((size_t)-1) - --#if defined(AES_ASM) && ( \ -+# if defined(AES_ASM) && ( \ - defined(__x86_64) || defined(__x86_64__) || \ -- defined(_M_AMD64) || defined(_M_X64) ) -+ defined(_M_AMD64) || defined(_M_X64) || \ -+ defined(__INTEL__) ) - - extern unsigned int OPENSSL_ia32cap_P[]; --# define AESNI_CAPABLE (1<<(57-32)) -+# define AESNI_CAPABLE (1<<(57-32)) - - int aesni_set_encrypt_key(const unsigned char *userKey, int bits, - AES_KEY *key); -@@ -58,7 +116,7 @@ void aesni256_cbc_sha1_dec(const void *inp, void *out, size_t blocks, - const AES_KEY *key, unsigned char iv[16], - SHA_CTX *ctx, const void *in0); - --# define data(ctx) ((EVP_AES_HMAC_SHA1 *)EVP_CIPHER_CTX_get_cipher_data(ctx)) -+# define data(ctx) ((EVP_AES_HMAC_SHA1 *)(ctx)->cipher_data) - - static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, - const unsigned char *inkey, -@@ -68,13 +126,9 @@ static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, - int ret; - - if (enc) -- ret = aesni_set_encrypt_key(inkey, -- EVP_CIPHER_CTX_key_length(ctx) * 8, -- &key->ks); -+ ret = aesni_set_encrypt_key(inkey, ctx->key_len * 8, &key->ks); - else -- ret = aesni_set_decrypt_key(inkey, -- EVP_CIPHER_CTX_key_length(ctx) * 8, -- &key->ks); -+ ret = aesni_set_decrypt_key(inkey, ctx->key_len * 8, &key->ks); - - SHA1_Init(&key->head); /* handy when benchmarking */ - key->tail = key->head; -@@ -85,12 +139,12 @@ static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, - return ret < 0 ? 0 : 1; - } - --# define STITCHED_CALL --# undef STITCHED_DECRYPT_CALL -+# define STITCHED_CALL -+# undef STITCHED_DECRYPT_CALL - --# if !defined(STITCHED_CALL) --# define aes_off 0 --# endif -+# if !defined(STITCHED_CALL) -+# define aes_off 0 -+# endif - - void sha1_block_data_order(void *c, const void *p, size_t len); - -@@ -125,12 +179,12 @@ static void sha1_update(SHA_CTX *c, const void *data, size_t len) - SHA1_Update(c, ptr, res); - } - --# ifdef SHA1_Update --# undef SHA1_Update --# endif --# define SHA1_Update sha1_update -+# ifdef SHA1_Update -+# undef SHA1_Update -+# endif -+# define SHA1_Update sha1_update - --# if !defined(OPENSSL_NO_MULTIBLOCK) -+# if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK - - typedef struct { - unsigned int A[8], B[8], C[8], D[8], E[8]; -@@ -169,9 +223,9 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key, - 0; - size_t ret = 0; - u8 *IVs; --# if defined(BSWAP8) -+# if defined(BSWAP8) - u64 seqnum; --# endif -+# endif - - /* ask for IVs in bulk */ - if (RAND_bytes((IVs = blocks[0].c), 16 * x4) <= 0) -@@ -205,15 +259,15 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key, - IVs += 16; - } - --# if defined(BSWAP8) -+# if defined(BSWAP8) - memcpy(blocks[0].c, key->md.data, 8); - seqnum = BSWAP8(blocks[0].q[0]); --# endif -+# endif - for (i = 0; i < x4; i++) { - unsigned int len = (i == (x4 - 1) ? last : frag); --# if !defined(BSWAP8) -+# if !defined(BSWAP8) - unsigned int carry, j; --# endif -+# endif - - ctx->A[i] = key->md.h0; - ctx->B[i] = key->md.h1; -@@ -222,14 +276,14 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key, - ctx->E[i] = key->md.h4; - - /* fix seqnum */ --# if defined(BSWAP8) -+# if defined(BSWAP8) - blocks[i].q[0] = BSWAP8(seqnum + i); --# else -+# else - for (carry = i, j = 8; j--;) { - blocks[i].c[j] = ((u8 *)key->md.data)[j] + carry; - carry = (blocks[i].c[j] - carry) >> (sizeof(carry) * 8 - 1); - } --# endif -+# endif - blocks[i].c[8] = ((u8 *)key->md.data)[8]; - blocks[i].c[9] = ((u8 *)key->md.data)[9]; - blocks[i].c[10] = ((u8 *)key->md.data)[10]; -@@ -248,10 +302,10 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key, - /* hash 13-byte headers and first 64-13 bytes of inputs */ - sha1_multi_block(ctx, edges, n4x); - /* hash bulk inputs */ --# define MAXCHUNKSIZE 2048 --# if MAXCHUNKSIZE%64 --# error "MAXCHUNKSIZE is not divisible by 64" --# elif MAXCHUNKSIZE -+# define MAXCHUNKSIZE 2048 -+# if MAXCHUNKSIZE%64 -+# error "MAXCHUNKSIZE is not divisible by 64" -+# elif MAXCHUNKSIZE - /* - * goal is to minimize pressure on L1 cache by moving in shorter steps, - * so that hashed data is still in the cache by the time we encrypt it -@@ -280,8 +334,8 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key, - minblocks -= MAXCHUNKSIZE / 64; - } while (minblocks > MAXCHUNKSIZE / 64); - } --# endif --# undef MAXCHUNKSIZE -+# endif -+# undef MAXCHUNKSIZE - sha1_multi_block(ctx, hash_d, n4x); - - memset(blocks, 0, sizeof(blocks)); -@@ -296,18 +350,18 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key, - len += 64 + 13; /* 64 is HMAC header */ - len *= 8; /* convert to bits */ - if (off < (64 - 8)) { --# ifdef BSWAP4 -+# ifdef BSWAP4 - blocks[i].d[15] = BSWAP4(len); --# else -+# else - PUTU32(blocks[i].c + 60, len); --# endif -+# endif - edges[i].blocks = 1; - } else { --# ifdef BSWAP4 -+# ifdef BSWAP4 - blocks[i].d[31] = BSWAP4(len); --# else -+# else - PUTU32(blocks[i].c + 124, len); --# endif -+# endif - edges[i].blocks = 2; - } - edges[i].ptr = blocks[i].c; -@@ -318,7 +372,7 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key, - - memset(blocks, 0, sizeof(blocks)); - for (i = 0; i < x4; i++) { --# ifdef BSWAP4 -+# ifdef BSWAP4 - blocks[i].d[0] = BSWAP4(ctx->A[i]); - ctx->A[i] = key->tail.h0; - blocks[i].d[1] = BSWAP4(ctx->B[i]); -@@ -331,7 +385,7 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key, - ctx->E[i] = key->tail.h4; - blocks[i].c[20] = 0x80; - blocks[i].d[15] = BSWAP4((64 + 20) * 8); --# else -+# else - PUTU32(blocks[i].c + 0, ctx->A[i]); - ctx->A[i] = key->tail.h0; - PUTU32(blocks[i].c + 4, ctx->B[i]); -@@ -344,7 +398,7 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key, - ctx->E[i] = key->tail.h4; - blocks[i].c[20] = 0x80; - PUTU32(blocks[i].c + 60, (64 + 20) * 8); --# endif -+# endif - edges[i].ptr = blocks[i].c; - edges[i].blocks = 1; - } -@@ -397,7 +451,7 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key, - - return ret; - } --# endif -+# endif - - static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -@@ -407,18 +461,18 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - size_t plen = key->payload_length, iv = 0, /* explicit IV in TLS 1.1 and - * later */ - sha_off = 0; --# if defined(STITCHED_CALL) -+# if defined(STITCHED_CALL) - size_t aes_off = 0, blocks; - - sha_off = SHA_CBLOCK - key->md.num; --# endif -+# endif - - key->payload_length = NO_PAYLOAD_LENGTH; - - if (len % AES_BLOCK_SIZE) - return 0; - -- if (EVP_CIPHER_CTX_encrypting(ctx)) { -+ if (ctx->encrypt) { - if (plen == NO_PAYLOAD_LENGTH) - plen = len; - else if (len != -@@ -428,14 +482,13 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - else if (key->aux.tls_ver >= TLS1_1_VERSION) - iv = AES_BLOCK_SIZE; - --# if defined(STITCHED_CALL) -+# if defined(STITCHED_CALL) - if (plen > (sha_off + iv) - && (blocks = (plen - (sha_off + iv)) / SHA_CBLOCK)) { - SHA1_Update(&key->md, in + iv, sha_off); - - aesni_cbc_sha1_enc(in, out, blocks, &key->ks, -- EVP_CIPHER_CTX_iv_noconst(ctx), -- &key->md, in + iv + sha_off); -+ ctx->iv, &key->md, in + iv + sha_off); - blocks *= SHA_CBLOCK; - aes_off += blocks; - sha_off += blocks; -@@ -446,7 +499,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - } else { - sha_off = 0; - } --# endif -+# endif - sha_off += iv; - SHA1_Update(&key->md, in + sha_off, plen - sha_off); - -@@ -466,10 +519,10 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - out[plen] = l; - /* encrypt HMAC|padding at once */ - aesni_cbc_encrypt(out + aes_off, out + aes_off, len - aes_off, -- &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1); -+ &key->ks, ctx->iv, 1); - } else { - aesni_cbc_encrypt(in + aes_off, out + aes_off, len - aes_off, -- &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1); -+ &key->ks, ctx->iv, 1); - } - } else { - union { -@@ -488,10 +541,10 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - unsigned int u[SHA_LBLOCK]; - unsigned char c[SHA_CBLOCK]; - } *data = (void *)key->md.data; --# if defined(STITCHED_DECRYPT_CALL) -+# if defined(STITCHED_DECRYPT_CALL) - unsigned char tail_iv[AES_BLOCK_SIZE]; - int stitch = 0; --# endif -+# endif - - if ((key->aux.tls_aad[plen - 4] << 8 | key->aux.tls_aad[plen - 3]) - >= TLS1_1_VERSION) { -@@ -499,15 +552,14 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - return 0; - - /* omit explicit iv */ -- memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), in, AES_BLOCK_SIZE); -- -+ memcpy(ctx->iv, in, AES_BLOCK_SIZE); - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; - len -= AES_BLOCK_SIZE; - } else if (len < (SHA_DIGEST_LENGTH + 1)) - return 0; - --# if defined(STITCHED_DECRYPT_CALL) -+# if defined(STITCHED_DECRYPT_CALL) - if (len >= 1024 && ctx->key_len == 32) { - /* decrypt last block */ - memcpy(tail_iv, in + len - 2 * AES_BLOCK_SIZE, -@@ -517,10 +569,9 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - &key->ks, tail_iv, 0); - stitch = 1; - } else --# endif -+# endif - /* decrypt HMAC|padding at once */ -- aesni_cbc_encrypt(in, out, len, &key->ks, -- EVP_CIPHER_CTX_iv_noconst(ctx), 0); -+ aesni_cbc_encrypt(in, out, len, &key->ks, ctx->iv, 0); - - /* figure out payload length */ - pad = out[len - 1]; -@@ -542,7 +593,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - key->md = key->head; - SHA1_Update(&key->md, key->aux.tls_aad, plen); - --# if defined(STITCHED_DECRYPT_CALL) -+# if defined(STITCHED_DECRYPT_CALL) - if (stitch) { - blocks = (len - (256 + 32 + SHA_CBLOCK)) / SHA_CBLOCK; - aes_off = len - AES_BLOCK_SIZE - blocks * SHA_CBLOCK; -@@ -563,9 +614,9 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - key->md.Nl += (blocks << 3); /* at most 18 bits */ - memcpy(ctx->iv, tail_iv, AES_BLOCK_SIZE); - } --# endif -+# endif - --# if 1 -+# if 1 - len -= SHA_DIGEST_LENGTH; /* amend mac */ - if (len >= (256 + SHA_CBLOCK)) { - j = (len - (256 + SHA_CBLOCK)) & (0 - SHA_CBLOCK); -@@ -578,15 +629,15 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - - /* but pretend as if we hashed padded payload */ - bitlen = key->md.Nl + (inp_len << 3); /* at most 18 bits */ --# ifdef BSWAP4 -+# ifdef BSWAP4 - bitlen = BSWAP4(bitlen); --# else -+# else - mac.c[0] = 0; - mac.c[1] = (unsigned char)(bitlen >> 16); - mac.c[2] = (unsigned char)(bitlen >> 8); - mac.c[3] = (unsigned char)bitlen; - bitlen = mac.u[0]; --# endif -+# endif - - pmac->u[0] = 0; - pmac->u[1] = 0; -@@ -643,13 +694,13 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - pmac->u[3] |= key->md.h3 & mask; - pmac->u[4] |= key->md.h4 & mask; - --# ifdef BSWAP4 -+# ifdef BSWAP4 - pmac->u[0] = BSWAP4(pmac->u[0]); - pmac->u[1] = BSWAP4(pmac->u[1]); - pmac->u[2] = BSWAP4(pmac->u[2]); - pmac->u[3] = BSWAP4(pmac->u[3]); - pmac->u[4] = BSWAP4(pmac->u[4]); --# else -+# else - for (i = 0; i < 5; i++) { - res = pmac->u[i]; - pmac->c[4 * i + 0] = (unsigned char)(res >> 24); -@@ -657,9 +708,9 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - pmac->c[4 * i + 2] = (unsigned char)(res >> 8); - pmac->c[4 * i + 3] = (unsigned char)res; - } --# endif -+# endif - len += SHA_DIGEST_LENGTH; --# else -+# else - SHA1_Update(&key->md, out, inp_len); - res = key->md.num; - SHA1_Final(pmac->c, &key->md); -@@ -678,7 +729,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - for (; inp_blocks < pad_blocks; inp_blocks++) - sha1_block_data_order(&key->md, data, 1); - } --# endif -+# endif - key->md = key->tail; - SHA1_Update(&key->md, pmac->c, SHA_DIGEST_LENGTH); - SHA1_Final(pmac->c, &key->md); -@@ -686,7 +737,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - /* verify HMAC */ - out += inp_len; - len -= inp_len; --# if 1 -+# if 1 - { - unsigned char *p = out + len - 1 - maxpad - SHA_DIGEST_LENGTH; - size_t off = out - p; -@@ -708,7 +759,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1)); - ret &= (int)~res; - } --# else -+# else - for (res = 0, i = 0; i < SHA_DIGEST_LENGTH; i++) - res |= out[i] ^ pmac->c[i]; - res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1)); -@@ -722,10 +773,10 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - - res = (0 - res) >> (sizeof(res) * 8 - 1); - ret &= (int)~res; --# endif -+# endif - return ret; - } else { --# if defined(STITCHED_DECRYPT_CALL) -+# if defined(STITCHED_DECRYPT_CALL) - if (len >= 1024 && ctx->key_len == 32) { - if (sha_off %= SHA_CBLOCK) - blocks = (len - 3 * SHA_CBLOCK) / SHA_CBLOCK; -@@ -748,10 +799,9 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - if (key->md.Nl < (unsigned int)blocks) - key->md.Nh++; - } else --# endif -+# endif - /* decrypt HMAC|padding at once */ -- aesni_cbc_encrypt(in, out, len, &key->ks, -- EVP_CIPHER_CTX_iv_noconst(ctx), 0); -+ aesni_cbc_encrypt(in, out, len, &key->ks, ctx->iv, 0); - - SHA1_Update(&key->md, out, len); - } -@@ -802,10 +852,10 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, - - if (arg != EVP_AEAD_TLS1_AAD_LEN) - return -1; -- -+ - len = p[arg - 2] << 8 | p[arg - 1]; - -- if (EVP_CIPHER_CTX_encrypting(ctx)) { -+ if (ctx->encrypt) { - key->payload_length = len; - if ((key->aux.tls_ver = - p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) { -@@ -826,7 +876,7 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, - return SHA_DIGEST_LENGTH; - } - } --# if !defined(OPENSSL_NO_MULTIBLOCK) -+# if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK - case EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE: - return (int)(5 + 16 + ((arg + 20 + 16) & -16)); - case EVP_CTRL_TLS1_1_MULTIBLOCK_AAD: -@@ -841,7 +891,7 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, - - inp_len = param->inp[11] << 8 | param->inp[12]; - -- if (EVP_CIPHER_CTX_encrypting(ctx)) { -+ if (ctx->encrypt) { - if ((param->inp[9] << 8 | param->inp[10]) < TLS1_1_VERSION) - return -1; - -@@ -889,19 +939,19 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, - param->interleave / 4); - } - case EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT: --# endif -+# endif - default: - return -1; - } - } - - static EVP_CIPHER aesni_128_cbc_hmac_sha1_cipher = { --# ifdef NID_aes_128_cbc_hmac_sha1 -+# ifdef NID_aes_128_cbc_hmac_sha1 - NID_aes_128_cbc_hmac_sha1, --# else -+# else - NID_undef, --# endif -- AES_BLOCK_SIZE, 16, AES_BLOCK_SIZE, -+# endif -+ 16, 16, 16, - EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | - EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK, - aesni_cbc_hmac_sha1_init_key, -@@ -915,12 +965,12 @@ static EVP_CIPHER aesni_128_cbc_hmac_sha1_cipher = { - }; - - static EVP_CIPHER aesni_256_cbc_hmac_sha1_cipher = { --# ifdef NID_aes_256_cbc_hmac_sha1 -+# ifdef NID_aes_256_cbc_hmac_sha1 - NID_aes_256_cbc_hmac_sha1, --# else -+# else - NID_undef, --# endif -- AES_BLOCK_SIZE, 32, AES_BLOCK_SIZE, -+# endif -+ 16, 32, 16, - EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | - EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK, - aesni_cbc_hmac_sha1_init_key, -@@ -944,7 +994,7 @@ const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void) - return (OPENSSL_ia32cap_P[1] & AESNI_CAPABLE ? - &aesni_256_cbc_hmac_sha1_cipher : NULL); - } --#else -+# else - const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void) - { - return NULL; -@@ -954,4 +1004,5 @@ const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void) - { - return NULL; - } -+# endif - #endif -diff --git a/Cryptlib/OpenSSL/crypto/evp/e_aes_cbc_hmac_sha256.c b/Cryptlib/OpenSSL/crypto/evp/e_aes_cbc_hmac_sha256.c -index 5a92e0b..46c9d03 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/e_aes_cbc_hmac_sha256.c -+++ b/Cryptlib/OpenSSL/crypto/evp/e_aes_cbc_hmac_sha256.c -@@ -1,10 +1,50 @@ --/* -- * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* ==================================================================== -+ * Copyright (c) 2011-2013 The OpenSSL Project. All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== - */ - - #include -@@ -12,15 +52,31 @@ - #include - #include - -+#if !defined(OPENSSL_NO_AES) && !defined(OPENSSL_NO_SHA256) -+ -+# include -+# include -+# include -+# include -+# include -+# include "modes_lcl.h" -+# include "constant_time_locl.h" - --#include --#include --#include --#include --#include --#include "modes_lcl.h" --#include "internal/constant_time_locl.h" --#include "internal/evp_int.h" -+# ifndef EVP_CIPH_FLAG_AEAD_CIPHER -+# define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 -+# define EVP_CTRL_AEAD_TLS1_AAD 0x16 -+# define EVP_CTRL_AEAD_SET_MAC_KEY 0x17 -+# endif -+ -+# if !defined(EVP_CIPH_FLAG_DEFAULT_ASN1) -+# define EVP_CIPH_FLAG_DEFAULT_ASN1 0 -+# endif -+ -+# if !defined(EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) -+# define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0 -+# endif -+ -+# define TLS1_1_VERSION 0x0302 - - typedef struct { - AES_KEY ks; -@@ -34,12 +90,13 @@ typedef struct { - - # define NO_PAYLOAD_LENGTH ((size_t)-1) - --#if defined(AES_ASM) && ( \ -+# if defined(AES_ASM) && ( \ - defined(__x86_64) || defined(__x86_64__) || \ -- defined(_M_AMD64) || defined(_M_X64) ) -+ defined(_M_AMD64) || defined(_M_X64) || \ -+ defined(__INTEL__) ) - - extern unsigned int OPENSSL_ia32cap_P[]; --# define AESNI_CAPABLE (1<<(57-32)) -+# define AESNI_CAPABLE (1<<(57-32)) - - int aesni_set_encrypt_key(const unsigned char *userKey, int bits, - AES_KEY *key); -@@ -55,7 +112,7 @@ int aesni_cbc_sha256_enc(const void *inp, void *out, size_t blocks, - const AES_KEY *key, unsigned char iv[16], - SHA256_CTX *ctx, const void *in0); - --# define data(ctx) ((EVP_AES_HMAC_SHA256 *)EVP_CIPHER_CTX_get_cipher_data(ctx)) -+# define data(ctx) ((EVP_AES_HMAC_SHA256 *)(ctx)->cipher_data) - - static int aesni_cbc_hmac_sha256_init_key(EVP_CIPHER_CTX *ctx, - const unsigned char *inkey, -@@ -65,13 +122,10 @@ static int aesni_cbc_hmac_sha256_init_key(EVP_CIPHER_CTX *ctx, - int ret; - - if (enc) -- ret = aesni_set_encrypt_key(inkey, -- EVP_CIPHER_CTX_key_length(ctx) * 8, -- &key->ks); -+ memset(&key->ks, 0, sizeof(key->ks.rd_key)), -+ ret = aesni_set_encrypt_key(inkey, ctx->key_len * 8, &key->ks); - else -- ret = aesni_set_decrypt_key(inkey, -- EVP_CIPHER_CTX_key_length(ctx) * 8, -- &key->ks); -+ ret = aesni_set_decrypt_key(inkey, ctx->key_len * 8, &key->ks); - - SHA256_Init(&key->head); /* handy when benchmarking */ - key->tail = key->head; -@@ -82,11 +136,11 @@ static int aesni_cbc_hmac_sha256_init_key(EVP_CIPHER_CTX *ctx, - return ret < 0 ? 0 : 1; - } - --# define STITCHED_CALL -+# define STITCHED_CALL - --# if !defined(STITCHED_CALL) --# define aes_off 0 --# endif -+# if !defined(STITCHED_CALL) -+# define aes_off 0 -+# endif - - void sha256_block_data_order(void *c, const void *p, size_t len); - -@@ -121,12 +175,12 @@ static void sha256_update(SHA256_CTX *c, const void *data, size_t len) - SHA256_Update(c, ptr, res); - } - --# ifdef SHA256_Update --# undef SHA256_Update --# endif --# define SHA256_Update sha256_update -+# ifdef SHA256_Update -+# undef SHA256_Update -+# endif -+# define SHA256_Update sha256_update - --# if !defined(OPENSSL_NO_MULTIBLOCK) -+# if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK - - typedef struct { - unsigned int A[8], B[8], C[8], D[8], E[8], F[8], G[8], H[8]; -@@ -165,9 +219,9 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key, - 0; - size_t ret = 0; - u8 *IVs; --# if defined(BSWAP8) -+# if defined(BSWAP8) - u64 seqnum; --# endif -+# endif - - /* ask for IVs in bulk */ - if (RAND_bytes((IVs = blocks[0].c), 16 * x4) <= 0) -@@ -202,15 +256,15 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key, - IVs += 16; - } - --# if defined(BSWAP8) -+# if defined(BSWAP8) - memcpy(blocks[0].c, key->md.data, 8); - seqnum = BSWAP8(blocks[0].q[0]); --# endif -+# endif - for (i = 0; i < x4; i++) { - unsigned int len = (i == (x4 - 1) ? last : frag); --# if !defined(BSWAP8) -+# if !defined(BSWAP8) - unsigned int carry, j; --# endif -+# endif - - ctx->A[i] = key->md.h[0]; - ctx->B[i] = key->md.h[1]; -@@ -222,14 +276,14 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key, - ctx->H[i] = key->md.h[7]; - - /* fix seqnum */ --# if defined(BSWAP8) -+# if defined(BSWAP8) - blocks[i].q[0] = BSWAP8(seqnum + i); --# else -+# else - for (carry = i, j = 8; j--;) { - blocks[i].c[j] = ((u8 *)key->md.data)[j] + carry; - carry = (blocks[i].c[j] - carry) >> (sizeof(carry) * 8 - 1); - } --# endif -+# endif - blocks[i].c[8] = ((u8 *)key->md.data)[8]; - blocks[i].c[9] = ((u8 *)key->md.data)[9]; - blocks[i].c[10] = ((u8 *)key->md.data)[10]; -@@ -248,10 +302,10 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key, - /* hash 13-byte headers and first 64-13 bytes of inputs */ - sha256_multi_block(ctx, edges, n4x); - /* hash bulk inputs */ --# define MAXCHUNKSIZE 2048 --# if MAXCHUNKSIZE%64 --# error "MAXCHUNKSIZE is not divisible by 64" --# elif MAXCHUNKSIZE -+# define MAXCHUNKSIZE 2048 -+# if MAXCHUNKSIZE%64 -+# error "MAXCHUNKSIZE is not divisible by 64" -+# elif MAXCHUNKSIZE - /* - * goal is to minimize pressure on L1 cache by moving in shorter steps, - * so that hashed data is still in the cache by the time we encrypt it -@@ -280,8 +334,8 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key, - minblocks -= MAXCHUNKSIZE / 64; - } while (minblocks > MAXCHUNKSIZE / 64); - } --# endif --# undef MAXCHUNKSIZE -+# endif -+# undef MAXCHUNKSIZE - sha256_multi_block(ctx, hash_d, n4x); - - memset(blocks, 0, sizeof(blocks)); -@@ -296,18 +350,18 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key, - len += 64 + 13; /* 64 is HMAC header */ - len *= 8; /* convert to bits */ - if (off < (64 - 8)) { --# ifdef BSWAP4 -+# ifdef BSWAP4 - blocks[i].d[15] = BSWAP4(len); --# else -+# else - PUTU32(blocks[i].c + 60, len); --# endif -+# endif - edges[i].blocks = 1; - } else { --# ifdef BSWAP4 -+# ifdef BSWAP4 - blocks[i].d[31] = BSWAP4(len); --# else -+# else - PUTU32(blocks[i].c + 124, len); --# endif -+# endif - edges[i].blocks = 2; - } - edges[i].ptr = blocks[i].c; -@@ -318,7 +372,7 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key, - - memset(blocks, 0, sizeof(blocks)); - for (i = 0; i < x4; i++) { --# ifdef BSWAP4 -+# ifdef BSWAP4 - blocks[i].d[0] = BSWAP4(ctx->A[i]); - ctx->A[i] = key->tail.h[0]; - blocks[i].d[1] = BSWAP4(ctx->B[i]); -@@ -337,7 +391,7 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key, - ctx->H[i] = key->tail.h[7]; - blocks[i].c[32] = 0x80; - blocks[i].d[15] = BSWAP4((64 + 32) * 8); --# else -+# else - PUTU32(blocks[i].c + 0, ctx->A[i]); - ctx->A[i] = key->tail.h[0]; - PUTU32(blocks[i].c + 4, ctx->B[i]); -@@ -356,7 +410,7 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key, - ctx->H[i] = key->tail.h[7]; - blocks[i].c[32] = 0x80; - PUTU32(blocks[i].c + 60, (64 + 32) * 8); --# endif -+# endif - edges[i].ptr = blocks[i].c; - edges[i].blocks = 1; - } -@@ -412,7 +466,7 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key, - - return ret; - } --# endif -+# endif - - static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, - unsigned char *out, -@@ -423,18 +477,18 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, - size_t plen = key->payload_length, iv = 0, /* explicit IV in TLS 1.1 and - * later */ - sha_off = 0; --# if defined(STITCHED_CALL) -+# if defined(STITCHED_CALL) - size_t aes_off = 0, blocks; - - sha_off = SHA256_CBLOCK - key->md.num; --# endif -+# endif - - key->payload_length = NO_PAYLOAD_LENGTH; - - if (len % AES_BLOCK_SIZE) - return 0; - -- if (EVP_CIPHER_CTX_encrypting(ctx)) { -+ if (ctx->encrypt) { - if (plen == NO_PAYLOAD_LENGTH) - plen = len; - else if (len != -@@ -444,7 +498,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, - else if (key->aux.tls_ver >= TLS1_1_VERSION) - iv = AES_BLOCK_SIZE; - --# if defined(STITCHED_CALL) -+# if defined(STITCHED_CALL) - /* - * Assembly stitch handles AVX-capable processors, but its - * performance is not optimal on AMD Jaguar, ~40% worse, for -@@ -462,8 +516,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, - SHA256_Update(&key->md, in + iv, sha_off); - - (void)aesni_cbc_sha256_enc(in, out, blocks, &key->ks, -- EVP_CIPHER_CTX_iv_noconst(ctx), -- &key->md, in + iv + sha_off); -+ ctx->iv, &key->md, in + iv + sha_off); - blocks *= SHA256_CBLOCK; - aes_off += blocks; - sha_off += blocks; -@@ -474,7 +527,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, - } else { - sha_off = 0; - } --# endif -+# endif - sha_off += iv; - SHA256_Update(&key->md, in + sha_off, plen - sha_off); - -@@ -494,10 +547,10 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, - out[plen] = l; - /* encrypt HMAC|padding at once */ - aesni_cbc_encrypt(out + aes_off, out + aes_off, len - aes_off, -- &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1); -+ &key->ks, ctx->iv, 1); - } else { - aesni_cbc_encrypt(in + aes_off, out + aes_off, len - aes_off, -- &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1); -+ &key->ks, ctx->iv, 1); - } - } else { - union { -@@ -509,8 +562,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, - pmac = (void *)(((size_t)mac.c + 63) & ((size_t)0 - 64)); - - /* decrypt HMAC|padding at once */ -- aesni_cbc_encrypt(in, out, len, &key->ks, -- EVP_CIPHER_CTX_iv_noconst(ctx), 0); -+ aesni_cbc_encrypt(in, out, len, &key->ks, ctx->iv, 0); - - if (plen != NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */ - size_t inp_len, mask, j, i; -@@ -552,7 +604,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, - key->md = key->head; - SHA256_Update(&key->md, key->aux.tls_aad, plen); - --# if 1 -+# if 1 - len -= SHA256_DIGEST_LENGTH; /* amend mac */ - if (len >= (256 + SHA256_CBLOCK)) { - j = (len - (256 + SHA256_CBLOCK)) & (0 - SHA256_CBLOCK); -@@ -565,15 +617,15 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, - - /* but pretend as if we hashed padded payload */ - bitlen = key->md.Nl + (inp_len << 3); /* at most 18 bits */ --# ifdef BSWAP4 -+# ifdef BSWAP4 - bitlen = BSWAP4(bitlen); --# else -+# else - mac.c[0] = 0; - mac.c[1] = (unsigned char)(bitlen >> 16); - mac.c[2] = (unsigned char)(bitlen >> 8); - mac.c[3] = (unsigned char)bitlen; - bitlen = mac.u[0]; --# endif -+# endif - - pmac->u[0] = 0; - pmac->u[1] = 0; -@@ -642,7 +694,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, - pmac->u[6] |= key->md.h[6] & mask; - pmac->u[7] |= key->md.h[7] & mask; - --# ifdef BSWAP4 -+# ifdef BSWAP4 - pmac->u[0] = BSWAP4(pmac->u[0]); - pmac->u[1] = BSWAP4(pmac->u[1]); - pmac->u[2] = BSWAP4(pmac->u[2]); -@@ -651,7 +703,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, - pmac->u[5] = BSWAP4(pmac->u[5]); - pmac->u[6] = BSWAP4(pmac->u[6]); - pmac->u[7] = BSWAP4(pmac->u[7]); --# else -+# else - for (i = 0; i < 8; i++) { - res = pmac->u[i]; - pmac->c[4 * i + 0] = (unsigned char)(res >> 24); -@@ -659,9 +711,9 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, - pmac->c[4 * i + 2] = (unsigned char)(res >> 8); - pmac->c[4 * i + 3] = (unsigned char)res; - } --# endif -+# endif - len += SHA256_DIGEST_LENGTH; --# else -+# else - SHA256_Update(&key->md, out, inp_len); - res = key->md.num; - SHA256_Final(pmac->c, &key->md); -@@ -680,7 +732,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, - for (; inp_blocks < pad_blocks; inp_blocks++) - sha1_block_data_order(&key->md, data, 1); - } --# endif -+# endif - key->md = key->tail; - SHA256_Update(&key->md, pmac->c, SHA256_DIGEST_LENGTH); - SHA256_Final(pmac->c, &key->md); -@@ -688,7 +740,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, - /* verify HMAC */ - out += inp_len; - len -= inp_len; --# if 1 -+# if 1 - { - unsigned char *p = - out + len - 1 - maxpad - SHA256_DIGEST_LENGTH; -@@ -711,7 +763,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, - res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1)); - ret &= (int)~res; - } --# else -+# else - for (res = 0, i = 0; i < SHA256_DIGEST_LENGTH; i++) - res |= out[i] ^ pmac->c[i]; - res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1)); -@@ -725,7 +777,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, - - res = (0 - res) >> (sizeof(res) * 8 - 1); - ret &= (int)~res; --# endif -+# endif - return ret; - } else { - SHA256_Update(&key->md, out, len); -@@ -739,7 +791,6 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, - void *ptr) - { - EVP_AES_HMAC_SHA256 *key = data(ctx); -- unsigned int u_arg = (unsigned int)arg; - - switch (type) { - case EVP_CTRL_AEAD_SET_MAC_KEY: -@@ -749,10 +800,7 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, - - memset(hmac_key, 0, sizeof(hmac_key)); - -- if (arg < 0) -- return -1; -- -- if (u_arg > sizeof(hmac_key)) { -+ if (arg > (int)sizeof(hmac_key)) { - SHA256_Init(&key->head); - SHA256_Update(&key->head, ptr, arg); - SHA256_Final(hmac_key, &key->head); -@@ -782,7 +830,7 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, - if (arg != EVP_AEAD_TLS1_AAD_LEN) - return -1; - -- if (EVP_CIPHER_CTX_encrypting(ctx)) { -+ if (ctx->encrypt) { - key->payload_length = len; - if ((key->aux.tls_ver = - p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) { -@@ -803,7 +851,7 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, - return SHA256_DIGEST_LENGTH; - } - } --# if !defined(OPENSSL_NO_MULTIBLOCK) -+# if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK - case EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE: - return (int)(5 + 16 + ((arg + 32 + 16) & -16)); - case EVP_CTRL_TLS1_1_MULTIBLOCK_AAD: -@@ -813,15 +861,12 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, - unsigned int n4x = 1, x4; - unsigned int frag, last, packlen, inp_len; - -- if (arg < 0) -- return -1; -- -- if (u_arg < sizeof(EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM)) -+ if (arg < (int)sizeof(EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM)) - return -1; - - inp_len = param->inp[11] << 8 | param->inp[12]; - -- if (EVP_CIPHER_CTX_encrypting(ctx)) { -+ if (ctx->encrypt) { - if ((param->inp[9] << 8 | param->inp[10]) < TLS1_1_VERSION) - return -1; - -@@ -869,19 +914,19 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, - param->interleave / 4); - } - case EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT: --# endif -+# endif - default: - return -1; - } - } - - static EVP_CIPHER aesni_128_cbc_hmac_sha256_cipher = { --# ifdef NID_aes_128_cbc_hmac_sha256 -+# ifdef NID_aes_128_cbc_hmac_sha256 - NID_aes_128_cbc_hmac_sha256, --# else -+# else - NID_undef, --# endif -- AES_BLOCK_SIZE, 16, AES_BLOCK_SIZE, -+# endif -+ 16, 16, 16, - EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | - EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK, - aesni_cbc_hmac_sha256_init_key, -@@ -895,12 +940,12 @@ static EVP_CIPHER aesni_128_cbc_hmac_sha256_cipher = { - }; - - static EVP_CIPHER aesni_256_cbc_hmac_sha256_cipher = { --# ifdef NID_aes_256_cbc_hmac_sha256 -+# ifdef NID_aes_256_cbc_hmac_sha256 - NID_aes_256_cbc_hmac_sha256, --# else -+# else - NID_undef, --# endif -- AES_BLOCK_SIZE, 32, AES_BLOCK_SIZE, -+# endif -+ 16, 32, 16, - EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | - EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK, - aesni_cbc_hmac_sha256_init_key, -@@ -926,7 +971,7 @@ const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void) - aesni_cbc_sha256_enc(NULL, NULL, 0, NULL, NULL, NULL, NULL) ? - &aesni_256_cbc_hmac_sha256_cipher : NULL); - } --#else -+# else - const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void) - { - return NULL; -@@ -936,4 +981,5 @@ const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void) - { - return NULL; - } -+# endif - #endif -diff --git a/Cryptlib/OpenSSL/crypto/evp/e_bf.c b/Cryptlib/OpenSSL/crypto/evp/e_bf.c -index dc38690..d6a0178 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/e_bf.c -+++ b/Cryptlib/OpenSSL/crypto/evp/e_bf.c -@@ -1,17 +1,66 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/evp/e_bf.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #ifndef OPENSSL_NO_BF - # include --# include "internal/evp_int.h" -+# include "evp_locl.h" - # include - # include - -diff --git a/Cryptlib/OpenSSL/crypto/evp/e_camellia.c b/Cryptlib/OpenSSL/crypto/evp/e_camellia.c -index b50fa0b..f273f9c 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/e_camellia.c -+++ b/Cryptlib/OpenSSL/crypto/evp/e_camellia.c -@@ -1,23 +1,66 @@ --/* -- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/evp/e_camellia.c */ -+/* ==================================================================== -+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#ifdef OPENSSL_NO_CAMELLIA --NON_EMPTY_TRANSLATION_UNIT --#else -- -+#ifndef OPENSSL_NO_CAMELLIA - # include - # include - # include - # include - # include --# include "internal/evp_int.h" -+# include "evp_locl.h" - # include "modes_lcl.h" - - static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -@@ -76,11 +119,10 @@ static int cmll_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) - { - int ret, mode, bits; -- EVP_CAMELLIA_KEY *dat = -- (EVP_CAMELLIA_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx); -+ EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data; - -- mode = EVP_CIPHER_CTX_mode(ctx); -- bits = EVP_CIPHER_CTX_key_length(ctx) * 8; -+ mode = ctx->cipher->flags & EVP_CIPH_MODE; -+ bits = ctx->key_len * 8; - - cmll_t4_set_key(key, bits, &dat->ks); - -@@ -206,23 +248,24 @@ const EVP_CIPHER *EVP_camellia_##keylen##_##mode(void) \ - BLOCK_CIPHER_generic(nid,keylen,1,16,ofb128,ofb,OFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_generic(nid,keylen,1,16,cfb128,cfb,CFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_generic(nid,keylen,1,16,cfb1,cfb1,CFB,flags) \ -- BLOCK_CIPHER_generic(nid,keylen,1,16,cfb8,cfb8,CFB,flags) \ -- BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags) -- -+ BLOCK_CIPHER_generic(nid,keylen,1,16,cfb8,cfb8,CFB,flags) -+# if 0 /* not yet, missing NID */ -+BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags) -+# endif - /* The subkey for Camellia is generated. */ - static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) - { - int ret, mode; -- EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx); -+ EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data; - -- ret = Camellia_set_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, &dat->ks); -+ ret = Camellia_set_key(key, ctx->key_len * 8, &dat->ks); - if (ret < 0) { - EVPerr(EVP_F_CAMELLIA_INIT_KEY, EVP_R_CAMELLIA_KEY_SETUP_FAILED); - return 0; - } - -- mode = EVP_CIPHER_CTX_mode(ctx); -+ mode = ctx->cipher->flags & EVP_CIPH_MODE; - if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) - && !enc) { - dat->block = (block128_f) Camellia_decrypt; -@@ -240,18 +283,14 @@ static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - static int camellia_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) - { -- EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx); -+ EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data; - - if (dat->stream.cbc) -- (*dat->stream.cbc) (in, out, len, &dat->ks, -- EVP_CIPHER_CTX_iv_noconst(ctx), -- EVP_CIPHER_CTX_encrypting(ctx)); -- else if (EVP_CIPHER_CTX_encrypting(ctx)) -- CRYPTO_cbc128_encrypt(in, out, len, &dat->ks, -- EVP_CIPHER_CTX_iv_noconst(ctx), dat->block); -+ (*dat->stream.cbc) (in, out, len, &dat->ks, ctx->iv, ctx->encrypt); -+ else if (ctx->encrypt) -+ CRYPTO_cbc128_encrypt(in, out, len, &dat->ks, ctx->iv, dat->block); - else -- CRYPTO_cbc128_decrypt(in, out, len, &dat->ks, -- EVP_CIPHER_CTX_iv_noconst(ctx), dat->block); -+ CRYPTO_cbc128_decrypt(in, out, len, &dat->ks, ctx->iv, dat->block); - - return 1; - } -@@ -259,9 +298,9 @@ static int camellia_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - static int camellia_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) - { -- size_t bl = EVP_CIPHER_CTX_block_size(ctx); -+ size_t bl = ctx->cipher->block_size; - size_t i; -- EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx); -+ EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data; - - if (len < bl) - return 1; -@@ -275,90 +314,81 @@ static int camellia_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - static int camellia_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) - { -- EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx); -+ EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data; - -- int num = EVP_CIPHER_CTX_num(ctx); - CRYPTO_ofb128_encrypt(in, out, len, &dat->ks, -- EVP_CIPHER_CTX_iv_noconst(ctx), &num, dat->block); -- EVP_CIPHER_CTX_set_num(ctx, num); -+ ctx->iv, &ctx->num, dat->block); - return 1; - } - - static int camellia_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) - { -- EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx); -+ EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data; - -- int num = EVP_CIPHER_CTX_num(ctx); - CRYPTO_cfb128_encrypt(in, out, len, &dat->ks, -- EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block); -- EVP_CIPHER_CTX_set_num(ctx, num); -+ ctx->iv, &ctx->num, ctx->encrypt, dat->block); - return 1; - } - - static int camellia_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) - { -- EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx); -+ EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data; - -- int num = EVP_CIPHER_CTX_num(ctx); - CRYPTO_cfb128_8_encrypt(in, out, len, &dat->ks, -- EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block); -- EVP_CIPHER_CTX_set_num(ctx, num); -+ ctx->iv, &ctx->num, ctx->encrypt, dat->block); - return 1; - } - - static int camellia_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) - { -- EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx); -+ EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data; - -- if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) { -- int num = EVP_CIPHER_CTX_num(ctx); -+ if (ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) { - CRYPTO_cfb128_1_encrypt(in, out, len, &dat->ks, -- EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block); -- EVP_CIPHER_CTX_set_num(ctx, num); -+ ctx->iv, &ctx->num, ctx->encrypt, dat->block); - return 1; - } - - while (len >= MAXBITCHUNK) { -- int num = EVP_CIPHER_CTX_num(ctx); - CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks, -- EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block); -+ ctx->iv, &ctx->num, ctx->encrypt, dat->block); - len -= MAXBITCHUNK; -- EVP_CIPHER_CTX_set_num(ctx, num); - } -- if (len) { -- int num = EVP_CIPHER_CTX_num(ctx); -+ if (len) - CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks, -- EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block); -- EVP_CIPHER_CTX_set_num(ctx, num); -- } -+ ctx->iv, &ctx->num, ctx->encrypt, dat->block); - - return 1; - } - -+# if 0 /* not yet, missing NID */ - static int camellia_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) - { -- unsigned int num = EVP_CIPHER_CTX_num(ctx); -- EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx); -+ unsigned int num = ctx->num; -+ EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data; - - if (dat->stream.ctr) - CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks, -- EVP_CIPHER_CTX_iv_noconst(ctx), -- EVP_CIPHER_CTX_buf_noconst(ctx), &num, -- dat->stream.ctr); -+ ctx->iv, ctx->buf, &num, dat->stream.ctr); - else - CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, -- EVP_CIPHER_CTX_iv_noconst(ctx), -- EVP_CIPHER_CTX_buf_noconst(ctx), &num, -- dat->block); -- EVP_CIPHER_CTX_set_num(ctx, num); -+ ctx->iv, ctx->buf, &num, dat->block); -+ ctx->num = (size_t)num; - return 1; - } -+# endif - - BLOCK_CIPHER_generic_pack(NID_camellia, 128, 0) - BLOCK_CIPHER_generic_pack(NID_camellia, 192, 0) - BLOCK_CIPHER_generic_pack(NID_camellia, 256, 0) -+#else -+ -+# ifdef PEDANTIC -+static void *dummy = &dummy; -+# endif -+ - #endif -diff --git a/Cryptlib/OpenSSL/crypto/evp/e_cast.c b/Cryptlib/OpenSSL/crypto/evp/e_cast.c -index 259d440..3f74548 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/e_cast.c -+++ b/Cryptlib/OpenSSL/crypto/evp/e_cast.c -@@ -1,19 +1,68 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/evp/e_cast.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - - #ifndef OPENSSL_NO_CAST - # include - # include --# include "internal/evp_int.h" -+# include "evp_locl.h" - # include - - static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -diff --git a/Cryptlib/OpenSSL/crypto/evp/e_chacha20_poly1305.c b/Cryptlib/OpenSSL/crypto/evp/e_chacha20_poly1305.c -deleted file mode 100644 -index 7fd4f8d..0000000 ---- a/Cryptlib/OpenSSL/crypto/evp/e_chacha20_poly1305.c -+++ /dev/null -@@ -1,454 +0,0 @@ --/* -- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include --#include "internal/cryptlib.h" -- --#ifndef OPENSSL_NO_CHACHA -- --# include --# include --# include "evp_locl.h" --# include "internal/evp_int.h" --# include "internal/chacha.h" -- --typedef struct { -- union { -- double align; /* this ensures even sizeof(EVP_CHACHA_KEY)%8==0 */ -- unsigned int d[CHACHA_KEY_SIZE / 4]; -- } key; -- unsigned int counter[CHACHA_CTR_SIZE / 4]; -- unsigned char buf[CHACHA_BLK_SIZE]; -- unsigned int partial_len; --} EVP_CHACHA_KEY; -- --#define data(ctx) ((EVP_CHACHA_KEY *)(ctx)->cipher_data) -- --static int chacha_init_key(EVP_CIPHER_CTX *ctx, -- const unsigned char user_key[CHACHA_KEY_SIZE], -- const unsigned char iv[CHACHA_CTR_SIZE], int enc) --{ -- EVP_CHACHA_KEY *key = data(ctx); -- unsigned int i; -- -- if (user_key) -- for (i = 0; i < CHACHA_KEY_SIZE; i+=4) { -- key->key.d[i/4] = CHACHA_U8TOU32(user_key+i); -- } -- -- if (iv) -- for (i = 0; i < CHACHA_CTR_SIZE; i+=4) { -- key->counter[i/4] = CHACHA_U8TOU32(iv+i); -- } -- -- key->partial_len = 0; -- -- return 1; --} -- --static int chacha_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out, -- const unsigned char *inp, size_t len) --{ -- EVP_CHACHA_KEY *key = data(ctx); -- unsigned int n, rem, ctr32; -- -- if ((n = key->partial_len)) { -- while (len && n < CHACHA_BLK_SIZE) { -- *out++ = *inp++ ^ key->buf[n++]; -- len--; -- } -- key->partial_len = n; -- -- if (len == 0) -- return 1; -- -- if (n == CHACHA_BLK_SIZE) { -- key->partial_len = 0; -- key->counter[0]++; -- if (key->counter[0] == 0) -- key->counter[1]++; -- } -- } -- -- rem = (unsigned int)(len % CHACHA_BLK_SIZE); -- len -= rem; -- ctr32 = key->counter[0]; -- while (len >= CHACHA_BLK_SIZE) { -- size_t blocks = len / CHACHA_BLK_SIZE; -- /* -- * 1<<28 is just a not-so-small yet not-so-large number... -- * Below condition is practically never met, but it has to -- * be checked for code correctness. -- */ -- if (sizeof(size_t)>sizeof(unsigned int) && blocks>(1U<<28)) -- blocks = (1U<<28); -- -- /* -- * As ChaCha20_ctr32 operates on 32-bit counter, caller -- * has to handle overflow. 'if' below detects the -- * overflow, which is then handled by limiting the -- * amount of blocks to the exact overflow point... -- */ -- ctr32 += (unsigned int)blocks; -- if (ctr32 < blocks) { -- blocks -= ctr32; -- ctr32 = 0; -- } -- blocks *= CHACHA_BLK_SIZE; -- ChaCha20_ctr32(out, inp, blocks, key->key.d, key->counter); -- len -= blocks; -- inp += blocks; -- out += blocks; -- -- key->counter[0] = ctr32; -- if (ctr32 == 0) key->counter[1]++; -- } -- -- if (rem) { -- memset(key->buf, 0, sizeof(key->buf)); -- ChaCha20_ctr32(key->buf, key->buf, CHACHA_BLK_SIZE, -- key->key.d, key->counter); -- for (n = 0; n < rem; n++) -- out[n] = inp[n] ^ key->buf[n]; -- key->partial_len = rem; -- } -- -- return 1; --} -- --static const EVP_CIPHER chacha20 = { -- NID_chacha20, -- 1, /* block_size */ -- CHACHA_KEY_SIZE, /* key_len */ -- CHACHA_CTR_SIZE, /* iv_len, 128-bit counter in the context */ -- EVP_CIPH_CUSTOM_IV | EVP_CIPH_ALWAYS_CALL_INIT, -- chacha_init_key, -- chacha_cipher, -- NULL, -- sizeof(EVP_CHACHA_KEY), -- NULL, -- NULL, -- NULL, -- NULL --}; -- --const EVP_CIPHER *EVP_chacha20(void) --{ -- return (&chacha20); --} -- --# ifndef OPENSSL_NO_POLY1305 --# include "internal/poly1305.h" -- --typedef struct { -- EVP_CHACHA_KEY key; -- unsigned int nonce[12/4]; -- unsigned char tag[POLY1305_BLOCK_SIZE]; -- struct { uint64_t aad, text; } len; -- int aad, mac_inited, tag_len, nonce_len; -- size_t tls_payload_length; --} EVP_CHACHA_AEAD_CTX; -- --# define NO_TLS_PAYLOAD_LENGTH ((size_t)-1) --# define aead_data(ctx) ((EVP_CHACHA_AEAD_CTX *)(ctx)->cipher_data) --# define POLY1305_ctx(actx) ((POLY1305 *)(actx + 1)) -- --static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx, -- const unsigned char *inkey, -- const unsigned char *iv, int enc) --{ -- EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx); -- -- if (!inkey && !iv) -- return 1; -- -- actx->len.aad = 0; -- actx->len.text = 0; -- actx->aad = 0; -- actx->mac_inited = 0; -- actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH; -- -- if (iv != NULL) { -- unsigned char temp[CHACHA_CTR_SIZE] = { 0 }; -- -- /* pad on the left */ -- if (actx->nonce_len <= CHACHA_CTR_SIZE) -- memcpy(temp + CHACHA_CTR_SIZE - actx->nonce_len, iv, actx->nonce_len); -- -- chacha_init_key(ctx, inkey, temp, enc); -- -- actx->nonce[0] = actx->key.counter[1]; -- actx->nonce[1] = actx->key.counter[2]; -- actx->nonce[2] = actx->key.counter[3]; -- } else { -- chacha_init_key(ctx, inkey, NULL, enc); -- } -- -- return 1; --} -- --static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -- const unsigned char *in, size_t len) --{ -- EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx); -- size_t rem, plen = actx->tls_payload_length; -- static const unsigned char zero[POLY1305_BLOCK_SIZE] = { 0 }; -- -- if (!actx->mac_inited) { -- actx->key.counter[0] = 0; -- memset(actx->key.buf, 0, sizeof(actx->key.buf)); -- ChaCha20_ctr32(actx->key.buf, actx->key.buf, CHACHA_BLK_SIZE, -- actx->key.key.d, actx->key.counter); -- Poly1305_Init(POLY1305_ctx(actx), actx->key.buf); -- actx->key.counter[0] = 1; -- actx->key.partial_len = 0; -- actx->len.aad = actx->len.text = 0; -- actx->mac_inited = 1; -- } -- -- if (in) { /* aad or text */ -- if (out == NULL) { /* aad */ -- Poly1305_Update(POLY1305_ctx(actx), in, len); -- actx->len.aad += len; -- actx->aad = 1; -- return len; -- } else { /* plain- or ciphertext */ -- if (actx->aad) { /* wrap up aad */ -- if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE)) -- Poly1305_Update(POLY1305_ctx(actx), zero, -- POLY1305_BLOCK_SIZE - rem); -- actx->aad = 0; -- } -- -- actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH; -- if (plen == NO_TLS_PAYLOAD_LENGTH) -- plen = len; -- else if (len != plen + POLY1305_BLOCK_SIZE) -- return -1; -- -- if (ctx->encrypt) { /* plaintext */ -- chacha_cipher(ctx, out, in, plen); -- Poly1305_Update(POLY1305_ctx(actx), out, plen); -- in += plen; -- out += plen; -- actx->len.text += plen; -- } else { /* ciphertext */ -- Poly1305_Update(POLY1305_ctx(actx), in, plen); -- chacha_cipher(ctx, out, in, plen); -- in += plen; -- out += plen; -- actx->len.text += plen; -- } -- } -- } -- if (in == NULL /* explicit final */ -- || plen != len) { /* or tls mode */ -- const union { -- long one; -- char little; -- } is_endian = { 1 }; -- unsigned char temp[POLY1305_BLOCK_SIZE]; -- -- if (actx->aad) { /* wrap up aad */ -- if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE)) -- Poly1305_Update(POLY1305_ctx(actx), zero, -- POLY1305_BLOCK_SIZE - rem); -- actx->aad = 0; -- } -- -- if ((rem = (size_t)actx->len.text % POLY1305_BLOCK_SIZE)) -- Poly1305_Update(POLY1305_ctx(actx), zero, -- POLY1305_BLOCK_SIZE - rem); -- -- if (is_endian.little) { -- Poly1305_Update(POLY1305_ctx(actx), -- (unsigned char *)&actx->len, POLY1305_BLOCK_SIZE); -- } else { -- temp[0] = (unsigned char)(actx->len.aad); -- temp[1] = (unsigned char)(actx->len.aad>>8); -- temp[2] = (unsigned char)(actx->len.aad>>16); -- temp[3] = (unsigned char)(actx->len.aad>>24); -- temp[4] = (unsigned char)(actx->len.aad>>32); -- temp[5] = (unsigned char)(actx->len.aad>>40); -- temp[6] = (unsigned char)(actx->len.aad>>48); -- temp[7] = (unsigned char)(actx->len.aad>>56); -- -- temp[8] = (unsigned char)(actx->len.text); -- temp[9] = (unsigned char)(actx->len.text>>8); -- temp[10] = (unsigned char)(actx->len.text>>16); -- temp[11] = (unsigned char)(actx->len.text>>24); -- temp[12] = (unsigned char)(actx->len.text>>32); -- temp[13] = (unsigned char)(actx->len.text>>40); -- temp[14] = (unsigned char)(actx->len.text>>48); -- temp[15] = (unsigned char)(actx->len.text>>56); -- -- Poly1305_Update(POLY1305_ctx(actx), temp, POLY1305_BLOCK_SIZE); -- } -- Poly1305_Final(POLY1305_ctx(actx), ctx->encrypt ? actx->tag -- : temp); -- actx->mac_inited = 0; -- -- if (in != NULL && len != plen) { /* tls mode */ -- if (ctx->encrypt) { -- memcpy(out, actx->tag, POLY1305_BLOCK_SIZE); -- } else { -- if (CRYPTO_memcmp(temp, in, POLY1305_BLOCK_SIZE)) { -- memset(out - plen, 0, plen); -- return -1; -- } -- } -- } -- else if (!ctx->encrypt) { -- if (CRYPTO_memcmp(temp, actx->tag, actx->tag_len)) -- return -1; -- } -- } -- return len; --} -- --static int chacha20_poly1305_cleanup(EVP_CIPHER_CTX *ctx) --{ -- EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx); -- if (actx) -- OPENSSL_cleanse(ctx->cipher_data, sizeof(*actx) + Poly1305_ctx_size()); -- return 1; --} -- --static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, -- void *ptr) --{ -- EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx); -- -- switch(type) { -- case EVP_CTRL_INIT: -- if (actx == NULL) -- actx = ctx->cipher_data -- = OPENSSL_zalloc(sizeof(*actx) + Poly1305_ctx_size()); -- if (actx == NULL) { -- EVPerr(EVP_F_CHACHA20_POLY1305_CTRL, EVP_R_INITIALIZATION_ERROR); -- return 0; -- } -- actx->len.aad = 0; -- actx->len.text = 0; -- actx->aad = 0; -- actx->mac_inited = 0; -- actx->tag_len = 0; -- actx->nonce_len = 12; -- actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH; -- return 1; -- -- case EVP_CTRL_COPY: -- if (actx) { -- EVP_CIPHER_CTX *dst = (EVP_CIPHER_CTX *)ptr; -- -- dst->cipher_data = -- OPENSSL_memdup(actx, sizeof(*actx) + Poly1305_ctx_size()); -- if (dst->cipher_data == NULL) { -- EVPerr(EVP_F_CHACHA20_POLY1305_CTRL, EVP_R_COPY_ERROR); -- return 0; -- } -- } -- return 1; -- -- case EVP_CTRL_AEAD_SET_IVLEN: -- if (arg <= 0 || arg > CHACHA_CTR_SIZE) -- return 0; -- actx->nonce_len = arg; -- return 1; -- -- case EVP_CTRL_AEAD_SET_IV_FIXED: -- if (arg != 12) -- return 0; -- actx->nonce[0] = actx->key.counter[1] -- = CHACHA_U8TOU32((unsigned char *)ptr); -- actx->nonce[1] = actx->key.counter[2] -- = CHACHA_U8TOU32((unsigned char *)ptr+4); -- actx->nonce[2] = actx->key.counter[3] -- = CHACHA_U8TOU32((unsigned char *)ptr+8); -- return 1; -- -- case EVP_CTRL_AEAD_SET_TAG: -- if (arg <= 0 || arg > POLY1305_BLOCK_SIZE) -- return 0; -- if (ptr != NULL) { -- memcpy(actx->tag, ptr, arg); -- actx->tag_len = arg; -- } -- return 1; -- -- case EVP_CTRL_AEAD_GET_TAG: -- if (arg <= 0 || arg > POLY1305_BLOCK_SIZE || !ctx->encrypt) -- return 0; -- memcpy(ptr, actx->tag, arg); -- return 1; -- -- case EVP_CTRL_AEAD_TLS1_AAD: -- if (arg != EVP_AEAD_TLS1_AAD_LEN) -- return 0; -- { -- unsigned int len; -- unsigned char *aad = ptr, temp[POLY1305_BLOCK_SIZE]; -- -- len = aad[EVP_AEAD_TLS1_AAD_LEN - 2] << 8 | -- aad[EVP_AEAD_TLS1_AAD_LEN - 1]; -- if (!ctx->encrypt) { -- if (len < POLY1305_BLOCK_SIZE) -- return 0; -- len -= POLY1305_BLOCK_SIZE; /* discount attached tag */ -- memcpy(temp, aad, EVP_AEAD_TLS1_AAD_LEN - 2); -- aad = temp; -- temp[EVP_AEAD_TLS1_AAD_LEN - 2] = (unsigned char)(len >> 8); -- temp[EVP_AEAD_TLS1_AAD_LEN - 1] = (unsigned char)len; -- } -- actx->tls_payload_length = len; -- -- /* -- * merge record sequence number as per RFC7905 -- */ -- actx->key.counter[1] = actx->nonce[0]; -- actx->key.counter[2] = actx->nonce[1] ^ CHACHA_U8TOU32(aad); -- actx->key.counter[3] = actx->nonce[2] ^ CHACHA_U8TOU32(aad+4); -- actx->mac_inited = 0; -- chacha20_poly1305_cipher(ctx, NULL, aad, EVP_AEAD_TLS1_AAD_LEN); -- return POLY1305_BLOCK_SIZE; /* tag length */ -- } -- -- case EVP_CTRL_AEAD_SET_MAC_KEY: -- /* no-op */ -- return 1; -- -- default: -- return -1; -- } --} -- --static EVP_CIPHER chacha20_poly1305 = { -- NID_chacha20_poly1305, -- 1, /* block_size */ -- CHACHA_KEY_SIZE, /* key_len */ -- 12, /* iv_len, 96-bit nonce in the context */ -- EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_CUSTOM_IV | -- EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT | -- EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_CUSTOM_CIPHER, -- chacha20_poly1305_init_key, -- chacha20_poly1305_cipher, -- chacha20_poly1305_cleanup, -- 0, /* 0 moves context-specific structure allocation to ctrl */ -- NULL, /* set_asn1_parameters */ -- NULL, /* get_asn1_parameters */ -- chacha20_poly1305_ctrl, -- NULL /* app_data */ --}; -- --const EVP_CIPHER *EVP_chacha20_poly1305(void) --{ -- return(&chacha20_poly1305); --} --# endif --#endif -diff --git a/Cryptlib/OpenSSL/crypto/evp/e_des.c b/Cryptlib/OpenSSL/crypto/evp/e_des.c -index 9b2facf..8ca65cd 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/e_des.c -+++ b/Cryptlib/OpenSSL/crypto/evp/e_des.c -@@ -1,18 +1,67 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/evp/e_des.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #ifndef OPENSSL_NO_DES - # include - # include --# include "internal/evp_int.h" -+# include "evp_locl.h" - # include - # include - -@@ -57,8 +106,7 @@ static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - { - BLOCK_CIPHER_ecb_loop() - DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), -- EVP_CIPHER_CTX_get_cipher_data(ctx), -- EVP_CIPHER_CTX_encrypting(ctx)); -+ ctx->cipher_data, ctx->encrypt); - return 1; - } - -@@ -66,49 +114,37 @@ static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) - { - while (inl >= EVP_MAXCHUNK) { -- int num = EVP_CIPHER_CTX_num(ctx); -- DES_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, -- EVP_CIPHER_CTX_get_cipher_data(ctx), -- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), &num); -- EVP_CIPHER_CTX_set_num(ctx, num); -+ DES_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data, -+ (DES_cblock *)ctx->iv, &ctx->num); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; - } -- if (inl) { -- int num = EVP_CIPHER_CTX_num(ctx); -- DES_ofb64_encrypt(in, out, (long)inl, -- EVP_CIPHER_CTX_get_cipher_data(ctx), -- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), &num); -- EVP_CIPHER_CTX_set_num(ctx, num); -- } -+ if (inl) -+ DES_ofb64_encrypt(in, out, (long)inl, ctx->cipher_data, -+ (DES_cblock *)ctx->iv, &ctx->num); - return 1; - } - - static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) - { -- EVP_DES_KEY *dat = (EVP_DES_KEY *) EVP_CIPHER_CTX_get_cipher_data(ctx); -+ EVP_DES_KEY *dat = (EVP_DES_KEY *) ctx->cipher_data; - - if (dat->stream.cbc != NULL) { -- (*dat->stream.cbc) (in, out, inl, &dat->ks.ks, -- EVP_CIPHER_CTX_iv_noconst(ctx)); -+ (*dat->stream.cbc) (in, out, inl, &dat->ks.ks, ctx->iv); - return 1; - } - while (inl >= EVP_MAXCHUNK) { -- DES_ncbc_encrypt(in, out, (long)EVP_MAXCHUNK, -- EVP_CIPHER_CTX_get_cipher_data(ctx), -- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), -- EVP_CIPHER_CTX_encrypting(ctx)); -+ DES_ncbc_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data, -+ (DES_cblock *)ctx->iv, ctx->encrypt); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; - } - if (inl) -- DES_ncbc_encrypt(in, out, (long)inl, -- EVP_CIPHER_CTX_get_cipher_data(ctx), -- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), -- EVP_CIPHER_CTX_encrypting(ctx)); -+ DES_ncbc_encrypt(in, out, (long)inl, ctx->cipher_data, -+ (DES_cblock *)ctx->iv, ctx->encrypt); - return 1; - } - -@@ -116,24 +152,15 @@ static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) - { - while (inl >= EVP_MAXCHUNK) { -- int num = EVP_CIPHER_CTX_num(ctx); -- DES_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK, -- EVP_CIPHER_CTX_get_cipher_data(ctx), -- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), &num, -- EVP_CIPHER_CTX_encrypting(ctx)); -- EVP_CIPHER_CTX_set_num(ctx, num); -+ DES_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data, -+ (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; - } -- if (inl) { -- int num = EVP_CIPHER_CTX_num(ctx); -- DES_cfb64_encrypt(in, out, (long)inl, -- EVP_CIPHER_CTX_get_cipher_data(ctx), -- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), &num, -- EVP_CIPHER_CTX_encrypting(ctx)); -- EVP_CIPHER_CTX_set_num(ctx, num); -- } -+ if (inl) -+ DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data, -+ (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); - return 1; - } - -@@ -153,9 +180,8 @@ static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - while (inl && inl >= chunk) { - for (n = 0; n < chunk * 8; ++n) { - c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0; -- DES_cfb_encrypt(c, d, 1, 1, EVP_CIPHER_CTX_get_cipher_data(ctx), -- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), -- EVP_CIPHER_CTX_encrypting(ctx)); -+ DES_cfb_encrypt(c, d, 1, 1, ctx->cipher_data, -+ (DES_cblock *)ctx->iv, ctx->encrypt); - out[n / 8] = - (out[n / 8] & ~(0x80 >> (unsigned int)(n % 8))) | - ((d[0] & 0x80) >> (unsigned int)(n % 8)); -@@ -174,19 +200,15 @@ static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) - { - while (inl >= EVP_MAXCHUNK) { -- DES_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK, -- EVP_CIPHER_CTX_get_cipher_data(ctx), -- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), -- EVP_CIPHER_CTX_encrypting(ctx)); -+ DES_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK, ctx->cipher_data, -+ (DES_cblock *)ctx->iv, ctx->encrypt); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; - } - if (inl) -- DES_cfb_encrypt(in, out, 8, (long)inl, -- EVP_CIPHER_CTX_get_cipher_data(ctx), -- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), -- EVP_CIPHER_CTX_encrypting(ctx)); -+ DES_cfb_encrypt(in, out, 8, (long)inl, ctx->cipher_data, -+ (DES_cblock *)ctx->iv, ctx->encrypt); - return 1; - } - -@@ -206,12 +228,12 @@ static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) - { - DES_cblock *deskey = (DES_cblock *)key; -- EVP_DES_KEY *dat = (EVP_DES_KEY *) EVP_CIPHER_CTX_get_cipher_data(ctx); -+ EVP_DES_KEY *dat = (EVP_DES_KEY *) ctx->cipher_data; - - dat->stream.cbc = NULL; - # if defined(SPARC_DES_CAPABLE) - if (SPARC_DES_CAPABLE) { -- int mode = EVP_CIPHER_CTX_mode(ctx); -+ int mode = ctx->cipher->flags & EVP_CIPH_MODE; - - if (mode == EVP_CIPH_CBC_MODE) { - des_t4_key_expand(key, &dat->ks.ks); -@@ -220,7 +242,12 @@ static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - } - } - # endif -- DES_set_key_unchecked(deskey, EVP_CIPHER_CTX_get_cipher_data(ctx)); -+# ifdef EVP_CHECK_DES_KEY -+ if (DES_set_key_checked(deskey, dat->ks.ks) != 0) -+ return 0; -+# else -+ DES_set_key_unchecked(deskey, ctx->cipher_data); -+# endif - return 1; - } - -diff --git a/Cryptlib/OpenSSL/crypto/evp/e_des3.c b/Cryptlib/OpenSSL/crypto/evp/e_des3.c -index da77936..0e910d6 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/e_des3.c -+++ b/Cryptlib/OpenSSL/crypto/evp/e_des3.c -@@ -1,21 +1,73 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/evp/e_des3.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #ifndef OPENSSL_NO_DES - # include - # include --# include "internal/evp_int.h" -+# include "evp_locl.h" - # include - # include --# include "evp_locl.h" -+ -+/* Block use of implementations in FIPS mode */ -+# undef EVP_CIPH_FLAG_FIPS -+# define EVP_CIPH_FLAG_FIPS 0 - - typedef struct { - union { -@@ -55,7 +107,7 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - - static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); - --# define data(ctx) EVP_C_DATA(DES_EDE_KEY,ctx) -+# define data(ctx) ((DES_EDE_KEY *)(ctx)->cipher_data) - - /* - * Because of various casts and different args can't use -@@ -69,7 +121,7 @@ static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - DES_ecb3_encrypt((const_DES_cblock *)(in + i), - (DES_cblock *)(out + i), - &data(ctx)->ks1, &data(ctx)->ks2, -- &data(ctx)->ks3, EVP_CIPHER_CTX_encrypting(ctx)); -+ &data(ctx)->ks3, ctx->encrypt); - return 1; - } - -@@ -77,26 +129,20 @@ static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) - { - while (inl >= EVP_MAXCHUNK) { -- int num = EVP_CIPHER_CTX_num(ctx); - DES_ede3_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, - &data(ctx)->ks1, &data(ctx)->ks2, -- &data(ctx)->ks3, -- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), -- &num); -- EVP_CIPHER_CTX_set_num(ctx, num); -+ &data(ctx)->ks3, (DES_cblock *)ctx->iv, -+ &ctx->num); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; - } -- if (inl) { -- int num = EVP_CIPHER_CTX_num(ctx); -+ if (inl) - DES_ede3_ofb64_encrypt(in, out, (long)inl, - &data(ctx)->ks1, &data(ctx)->ks2, -- &data(ctx)->ks3, -- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), -- &num); -- EVP_CIPHER_CTX_set_num(ctx, num); -- } -+ &data(ctx)->ks3, (DES_cblock *)ctx->iv, -+ &ctx->num); -+ - return 1; - } - -@@ -105,17 +151,26 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - { - DES_EDE_KEY *dat = data(ctx); - -- if (dat->stream.cbc != NULL) { -- (*dat->stream.cbc) (in, out, inl, dat->ks.ks, -- EVP_CIPHER_CTX_iv_noconst(ctx)); -+# ifdef KSSL_DEBUG -+ { -+ int i; -+ fprintf(stderr, "des_ede_cbc_cipher(ctx=%p, buflen=%d)\n", ctx, -+ ctx->buf_len); -+ fprintf(stderr, "\t iv= "); -+ for (i = 0; i < 8; i++) -+ fprintf(stderr, "%02X", ctx->iv[i]); -+ fprintf(stderr, "\n"); -+ } -+# endif /* KSSL_DEBUG */ -+ if (dat->stream.cbc) { -+ (*dat->stream.cbc) (in, out, inl, dat->ks.ks, ctx->iv); - return 1; - } - - while (inl >= EVP_MAXCHUNK) { - DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, - &dat->ks1, &dat->ks2, &dat->ks3, -- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), -- EVP_CIPHER_CTX_encrypting(ctx)); -+ (DES_cblock *)ctx->iv, ctx->encrypt); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; -@@ -123,8 +178,7 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - if (inl) - DES_ede3_cbc_encrypt(in, out, (long)inl, - &dat->ks1, &dat->ks2, &dat->ks3, -- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), -- EVP_CIPHER_CTX_encrypting(ctx)); -+ (DES_cblock *)ctx->iv, ctx->encrypt); - return 1; - } - -@@ -132,26 +186,19 @@ static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) - { - while (inl >= EVP_MAXCHUNK) { -- int num = EVP_CIPHER_CTX_num(ctx); - DES_ede3_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK, - &data(ctx)->ks1, &data(ctx)->ks2, -- &data(ctx)->ks3, -- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), -- &num, EVP_CIPHER_CTX_encrypting(ctx)); -- EVP_CIPHER_CTX_set_num(ctx, num); -+ &data(ctx)->ks3, (DES_cblock *)ctx->iv, -+ &ctx->num, ctx->encrypt); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; - } -- if (inl) { -- int num = EVP_CIPHER_CTX_num(ctx); -+ if (inl) - DES_ede3_cfb64_encrypt(in, out, (long)inl, - &data(ctx)->ks1, &data(ctx)->ks2, -- &data(ctx)->ks3, -- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), -- &num, EVP_CIPHER_CTX_encrypting(ctx)); -- EVP_CIPHER_CTX_set_num(ctx, num); -- } -+ &data(ctx)->ks3, (DES_cblock *)ctx->iv, -+ &ctx->num, ctx->encrypt); - return 1; - } - -@@ -165,15 +212,12 @@ static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - size_t n; - unsigned char c[1], d[1]; - -- if (!EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) -- inl *= 8; - for (n = 0; n < inl; ++n) { - c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0; - DES_ede3_cfb_encrypt(c, d, 1, 1, - &data(ctx)->ks1, &data(ctx)->ks2, -- &data(ctx)->ks3, -- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), -- EVP_CIPHER_CTX_encrypting(ctx)); -+ &data(ctx)->ks3, (DES_cblock *)ctx->iv, -+ ctx->encrypt); - out[n / 8] = (out[n / 8] & ~(0x80 >> (unsigned int)(n % 8))) - | ((d[0] & 0x80) >> (unsigned int)(n % 8)); - } -@@ -187,9 +231,8 @@ static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - while (inl >= EVP_MAXCHUNK) { - DES_ede3_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK, - &data(ctx)->ks1, &data(ctx)->ks2, -- &data(ctx)->ks3, -- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), -- EVP_CIPHER_CTX_encrypting(ctx)); -+ &data(ctx)->ks3, (DES_cblock *)ctx->iv, -+ ctx->encrypt); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; -@@ -197,9 +240,8 @@ static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - if (inl) - DES_ede3_cfb_encrypt(in, out, 8, (long)inl, - &data(ctx)->ks1, &data(ctx)->ks2, -- &data(ctx)->ks3, -- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), -- EVP_CIPHER_CTX_encrypting(ctx)); -+ &data(ctx)->ks3, (DES_cblock *)ctx->iv, -+ ctx->encrypt); - return 1; - } - -@@ -211,16 +253,19 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, - # define des_ede3_cbc_cipher des_ede_cbc_cipher - # define des_ede3_ecb_cipher des_ede_ecb_cipher - BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, -- EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1, -- des_ede3_init_key, NULL, NULL, NULL, des3_ctrl) -+ EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_FIPS | -+ EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL, NULL, -+ des3_ctrl) - - BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1, -- EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1, -- des_ede3_init_key, NULL, NULL, NULL, des3_ctrl) -+ EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_FIPS | -+ EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL, -+ NULL, des3_ctrl) - - BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8, -- EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1, -- des_ede3_init_key, NULL, NULL, NULL, des3_ctrl) -+ EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_FIPS | -+ EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL, -+ NULL, des3_ctrl) - - static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -@@ -231,7 +276,7 @@ static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - dat->stream.cbc = NULL; - # if defined(SPARC_DES_CAPABLE) - if (SPARC_DES_CAPABLE) { -- int mode = EVP_CIPHER_CTX_mode(ctx); -+ int mode = ctx->cipher->flags & EVP_CIPH_MODE; - - if (mode == EVP_CIPH_CBC_MODE) { - des_t4_key_expand(&deskey[0], &dat->ks1); -@@ -243,8 +288,14 @@ static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - } - } - # endif -+# ifdef EVP_CHECK_DES_KEY -+ if (DES_set_key_checked(&deskey[0], &dat->ks1) -+ || DES_set_key_checked(&deskey[1], &dat->ks2)) -+ return 0; -+# else - DES_set_key_unchecked(&deskey[0], &dat->ks1); - DES_set_key_unchecked(&deskey[1], &dat->ks2); -+# endif - memcpy(&dat->ks3, &dat->ks1, sizeof(dat->ks1)); - return 1; - } -@@ -255,10 +306,27 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - DES_cblock *deskey = (DES_cblock *)key; - DES_EDE_KEY *dat = data(ctx); - -+# ifdef KSSL_DEBUG -+ { -+ int i; -+ fprintf(stderr, "des_ede3_init_key(ctx=%p)\n", ctx); -+ fprintf(stderr, "\tKEY= "); -+ for (i = 0; i < 24; i++) -+ fprintf(stderr, "%02X", key[i]); -+ fprintf(stderr, "\n"); -+ if (iv) { -+ fprintf(stderr, "\t IV= "); -+ for (i = 0; i < 8; i++) -+ fprintf(stderr, "%02X", iv[i]); -+ fprintf(stderr, "\n"); -+ } -+ } -+# endif /* KSSL_DEBUG */ -+ - dat->stream.cbc = NULL; - # if defined(SPARC_DES_CAPABLE) - if (SPARC_DES_CAPABLE) { -- int mode = EVP_CIPHER_CTX_mode(ctx); -+ int mode = ctx->cipher->flags & EVP_CIPH_MODE; - - if (mode == EVP_CIPH_CBC_MODE) { - des_t4_key_expand(&deskey[0], &dat->ks1); -@@ -270,25 +338,32 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - } - } - # endif -+# ifdef EVP_CHECK_DES_KEY -+ if (DES_set_key_checked(&deskey[0], &dat->ks1) -+ || DES_set_key_checked(&deskey[1], &dat->ks2) -+ || DES_set_key_checked(&deskey[2], &dat->ks3)) -+ return 0; -+# else - DES_set_key_unchecked(&deskey[0], &dat->ks1); - DES_set_key_unchecked(&deskey[1], &dat->ks2); - DES_set_key_unchecked(&deskey[2], &dat->ks3); -+# endif - return 1; - } - --static int des3_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) -+static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) - { - - DES_cblock *deskey = ptr; - - switch (type) { - case EVP_CTRL_RAND_KEY: -- if (RAND_bytes(ptr, EVP_CIPHER_CTX_key_length(ctx)) <= 0) -+ if (RAND_bytes(ptr, c->key_len) <= 0) - return 0; - DES_set_odd_parity(deskey); -- if (EVP_CIPHER_CTX_key_length(ctx) >= 16) -+ if (c->key_len >= 16) - DES_set_odd_parity(deskey + 1); -- if (EVP_CIPHER_CTX_key_length(ctx) >= 24) -+ if (c->key_len >= 24) - DES_set_odd_parity(deskey + 2); - return 1; - -@@ -307,8 +382,9 @@ const EVP_CIPHER *EVP_des_ede3(void) - return &des_ede3_ecb; - } - -+# ifndef OPENSSL_NO_SHA - --# include -+# include - - static const unsigned char wrap_iv[8] = - { 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05 }; -@@ -322,7 +398,7 @@ static int des_ede3_unwrap(EVP_CIPHER_CTX *ctx, unsigned char *out, - return -1; - if (out == NULL) - return inl - 16; -- memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), wrap_iv, 8); -+ memcpy(ctx->iv, wrap_iv, 8); - /* Decrypt first block which will end up as icv */ - des_ede_cbc_cipher(ctx, icv, in, 8); - /* Decrypt central blocks */ -@@ -340,7 +416,7 @@ static int des_ede3_unwrap(EVP_CIPHER_CTX *ctx, unsigned char *out, - /* Reverse order of everything */ - BUF_reverse(icv, NULL, 8); - BUF_reverse(out, NULL, inl - 16); -- BUF_reverse(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 8); -+ BUF_reverse(ctx->iv, iv, 8); - /* Decrypt again using new IV */ - des_ede_cbc_cipher(ctx, out, out, inl - 16); - des_ede_cbc_cipher(ctx, icv, icv, 8); -@@ -352,7 +428,7 @@ static int des_ede3_unwrap(EVP_CIPHER_CTX *ctx, unsigned char *out, - OPENSSL_cleanse(icv, 8); - OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH); - OPENSSL_cleanse(iv, 8); -- OPENSSL_cleanse(EVP_CIPHER_CTX_iv_noconst(ctx), 8); -+ OPENSSL_cleanse(ctx->iv, 8); - if (rv == -1) - OPENSSL_cleanse(out, inl - 16); - -@@ -372,13 +448,13 @@ static int des_ede3_wrap(EVP_CIPHER_CTX *ctx, unsigned char *out, - memcpy(out + inl + 8, sha1tmp, 8); - OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH); - /* Generate random IV */ -- if (RAND_bytes(EVP_CIPHER_CTX_iv_noconst(ctx), 8) <= 0) -+ if (RAND_bytes(ctx->iv, 8) <= 0) - return -1; -- memcpy(out, EVP_CIPHER_CTX_iv_noconst(ctx), 8); -+ memcpy(out, ctx->iv, 8); - /* Encrypt everything after IV in place */ - des_ede_cbc_cipher(ctx, out + 8, out + 8, inl + 8); - BUF_reverse(out, NULL, inl + 16); -- memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), wrap_iv, 8); -+ memcpy(ctx->iv, wrap_iv, 8); - des_ede_cbc_cipher(ctx, out, out, inl + 16); - return inl + 16; - } -@@ -393,13 +469,7 @@ static int des_ede3_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - */ - if (inl >= EVP_MAXCHUNK || inl % 8) - return -1; -- -- if (is_partially_overlapping(out, in, inl)) { -- EVPerr(EVP_F_DES_EDE3_WRAP_CIPHER, EVP_R_PARTIALLY_OVERLAPPING); -- return 0; -- } -- -- if (EVP_CIPHER_CTX_encrypting(ctx)) -+ if (ctx->encrypt) - return des_ede3_wrap(ctx, out, in, inl); - else - return des_ede3_unwrap(ctx, out, in, inl); -@@ -421,4 +491,5 @@ const EVP_CIPHER *EVP_des_ede3_wrap(void) - return &des3_wrap; - } - -+# endif - #endif -diff --git a/Cryptlib/OpenSSL/crypto/evp/e_idea.c b/Cryptlib/OpenSSL/crypto/evp/e_idea.c -index 93f6a41..cac72b3 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/e_idea.c -+++ b/Cryptlib/OpenSSL/crypto/evp/e_idea.c -@@ -1,32 +1,75 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/evp/e_idea.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - - #ifndef OPENSSL_NO_IDEA - # include - # include --# include "internal/evp_int.h" -+# include "evp_locl.h" - # include - --/* Can't use IMPLEMENT_BLOCK_CIPHER because IDEA_ecb_encrypt is different */ -- --typedef struct { -- IDEA_KEY_SCHEDULE ks; --} EVP_IDEA_KEY; -- - static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); - - /* -- * NB IDEA_ecb_encrypt doesn't take an 'encrypt' argument so we treat it as a -+ * NB idea_ecb_encrypt doesn't take an 'encrypt' argument so we treat it as a - * special case - */ - -@@ -34,15 +77,21 @@ static int idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) - { - BLOCK_CIPHER_ecb_loop() -- IDEA_ecb_encrypt(in + i, out + i, &EVP_C_DATA(EVP_IDEA_KEY,ctx)->ks); -+ idea_ecb_encrypt(in + i, out + i, ctx->cipher_data); - return 1; - } - --BLOCK_CIPHER_func_cbc(idea, IDEA, EVP_IDEA_KEY, ks) --BLOCK_CIPHER_func_ofb(idea, IDEA, 64, EVP_IDEA_KEY, ks) --BLOCK_CIPHER_func_cfb(idea, IDEA, 64, EVP_IDEA_KEY, ks) -+/* Can't use IMPLEMENT_BLOCK_CIPHER because idea_ecb_encrypt is different */ -+ -+typedef struct { -+ IDEA_KEY_SCHEDULE ks; -+} EVP_IDEA_KEY; -+ -+BLOCK_CIPHER_func_cbc(idea, idea, EVP_IDEA_KEY, ks) -+ BLOCK_CIPHER_func_ofb(idea, idea, 64, EVP_IDEA_KEY, ks) -+ BLOCK_CIPHER_func_cfb(idea, idea, 64, EVP_IDEA_KEY, ks) - --BLOCK_CIPHER_defs(idea, IDEA_KEY_SCHEDULE, NID_idea, 8, 16, 8, 64, -+ BLOCK_CIPHER_defs(idea, IDEA_KEY_SCHEDULE, NID_idea, 8, 16, 8, 64, - 0, idea_init_key, NULL, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) - -@@ -56,12 +105,12 @@ static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - enc = 1; - } - if (enc) -- IDEA_set_encrypt_key(key, &EVP_C_DATA(EVP_IDEA_KEY,ctx)->ks); -+ idea_set_encrypt_key(key, ctx->cipher_data); - else { - IDEA_KEY_SCHEDULE tmp; - -- IDEA_set_encrypt_key(key, &tmp); -- IDEA_set_decrypt_key(&tmp, &EVP_C_DATA(EVP_IDEA_KEY,ctx)->ks); -+ idea_set_encrypt_key(key, &tmp); -+ idea_set_decrypt_key(&tmp, ctx->cipher_data); - OPENSSL_cleanse((unsigned char *)&tmp, sizeof(IDEA_KEY_SCHEDULE)); - } - return 1; -diff --git a/Cryptlib/OpenSSL/crypto/evp/e_null.c b/Cryptlib/OpenSSL/crypto/evp/e_null.c -index 0dfc48a..599fcb8 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/e_null.c -+++ b/Cryptlib/OpenSSL/crypto/evp/e_null.c -@@ -1,17 +1,65 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/evp/e_null.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include --#include "internal/evp_int.h" - - static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); -@@ -19,7 +67,8 @@ static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl); - static const EVP_CIPHER n_cipher = { - NID_undef, -- 1, 0, 0, 0, -+ 1, 0, 0, -+ 0, - null_init_key, - null_cipher, - NULL, -@@ -38,6 +87,7 @@ const EVP_CIPHER *EVP_enc_null(void) - static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) - { -+ /* memset(&(ctx->c),0,sizeof(ctx->c)); */ - return 1; - } - -@@ -45,6 +95,6 @@ static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) - { - if (in != out) -- memcpy(out, in, inl); -+ memcpy((char *)out, (const char *)in, inl); - return 1; - } -diff --git a/Cryptlib/OpenSSL/crypto/evp/e_old.c b/Cryptlib/OpenSSL/crypto/evp/e_old.c -index 927908f..a23d143 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/e_old.c -+++ b/Cryptlib/OpenSSL/crypto/evp/e_old.c -@@ -1,15 +1,64 @@ -+/* crypto/evp/e_old.c */ - /* -- * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project -+ * 2004. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - --#include --#if OPENSSL_API_COMPAT >= 0x00908000L --NON_EMPTY_TRANSLATION_UNIT -+#ifdef OPENSSL_NO_DEPRECATED -+static void *dummy = &dummy; - #else - - # include -@@ -89,25 +138,27 @@ const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void) - } - # endif - --# undef EVP_aes_128_cfb -+# ifndef OPENSSL_NO_AES -+# undef EVP_aes_128_cfb - const EVP_CIPHER *EVP_aes_128_cfb(void); - const EVP_CIPHER *EVP_aes_128_cfb(void) - { - return EVP_aes_128_cfb128(); - } - --# undef EVP_aes_192_cfb -+# undef EVP_aes_192_cfb - const EVP_CIPHER *EVP_aes_192_cfb(void); - const EVP_CIPHER *EVP_aes_192_cfb(void) - { - return EVP_aes_192_cfb128(); - } - --# undef EVP_aes_256_cfb -+# undef EVP_aes_256_cfb - const EVP_CIPHER *EVP_aes_256_cfb(void); - const EVP_CIPHER *EVP_aes_256_cfb(void) - { - return EVP_aes_256_cfb128(); - } -+# endif - - #endif -diff --git a/Cryptlib/OpenSSL/crypto/evp/e_rc2.c b/Cryptlib/OpenSSL/crypto/evp/e_rc2.c -index ed10bb3..718cc86 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/e_rc2.c -+++ b/Cryptlib/OpenSSL/crypto/evp/e_rc2.c -@@ -1,20 +1,69 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/evp/e_rc2.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - - #ifndef OPENSSL_NO_RC2 - - # include - # include --# include "internal/evp_int.h" -+# include "evp_locl.h" - # include - - static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -@@ -30,7 +79,7 @@ typedef struct { - RC2_KEY ks; /* key schedule */ - } EVP_RC2_KEY; - --# define data(ctx) EVP_C_DATA(EVP_RC2_KEY,ctx) -+# define data(ctx) ((EVP_RC2_KEY *)(ctx)->cipher_data) - - IMPLEMENT_BLOCK_CIPHER(rc2, ks, RC2, EVP_RC2_KEY, NID_rc2, - 8, -@@ -130,17 +179,16 @@ static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) - OPENSSL_assert(l <= sizeof(iv)); - i = ASN1_TYPE_get_int_octetstring(type, &num, iv, l); - if (i != (int)l) -- return -1; -+ return (-1); - key_bits = rc2_magic_to_meth((int)num); - if (!key_bits) -- return -1; -+ return (-1); - if (i > 0 && !EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1)) - return -1; - EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL); -- if (EVP_CIPHER_CTX_set_key_length(c, key_bits / 8) <= 0) -- return -1; -+ EVP_CIPHER_CTX_set_key_length(c, key_bits / 8); - } -- return i; -+ return (i); - } - - static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) -@@ -151,9 +199,7 @@ static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) - if (type != NULL) { - num = rc2_meth_to_magic(c); - j = EVP_CIPHER_CTX_iv_length(c); -- i = ASN1_TYPE_set_int_octetstring(type, num, -- (unsigned char *)EVP_CIPHER_CTX_original_iv(c), -- j); -+ i = ASN1_TYPE_set_int_octetstring(type, num, c->oiv, j); - } - return (i); - } -diff --git a/Cryptlib/OpenSSL/crypto/evp/e_rc4.c b/Cryptlib/OpenSSL/crypto/evp/e_rc4.c -index ea95dea..08e48f3 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/e_rc4.c -+++ b/Cryptlib/OpenSSL/crypto/evp/e_rc4.c -@@ -1,28 +1,79 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/evp/e_rc4.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - - #ifndef OPENSSL_NO_RC4 - - # include -+# include "evp_locl.h" - # include - # include - --# include "internal/evp_int.h" -+/* FIXME: surely this is available elsewhere? */ -+# define EVP_RC4_KEY_SIZE 16 - - typedef struct { - RC4_KEY ks; /* working key */ - } EVP_RC4_KEY; - --# define data(ctx) ((EVP_RC4_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx)) -+# define data(ctx) ((EVP_RC4_KEY *)(ctx)->cipher_data) - - static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); -diff --git a/Cryptlib/OpenSSL/crypto/evp/e_rc4_hmac_md5.c b/Cryptlib/OpenSSL/crypto/evp/e_rc4_hmac_md5.c -index 8ab18c1..93cfe3f 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/e_rc4_hmac_md5.c -+++ b/Cryptlib/OpenSSL/crypto/evp/e_rc4_hmac_md5.c -@@ -1,10 +1,50 @@ --/* -- * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* ==================================================================== -+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== - */ - - #include -@@ -19,7 +59,15 @@ - # include - # include - # include --# include "internal/evp_int.h" -+ -+# ifndef EVP_CIPH_FLAG_AEAD_CIPHER -+# define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 -+# define EVP_CTRL_AEAD_TLS1_AAD 0x16 -+# define EVP_CTRL_AEAD_SET_MAC_KEY 0x17 -+# endif -+ -+/* FIXME: surely this is available elsewhere? */ -+# define EVP_RC4_KEY_SIZE 16 - - typedef struct { - RC4_KEY ks; -@@ -32,7 +80,7 @@ typedef struct { - void rc4_md5_enc(RC4_KEY *key, const void *in0, void *out, - MD5_CTX *ctx, const void *inp, size_t blocks); - --# define data(ctx) ((EVP_RC4_HMAC_MD5 *)EVP_CIPHER_CTX_get_cipher_data(ctx)) -+# define data(ctx) ((EVP_RC4_HMAC_MD5 *)(ctx)->cipher_data) - - static int rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx, - const unsigned char *inkey, -@@ -53,7 +101,9 @@ static int rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx, - - # if defined(RC4_ASM) && defined(MD5_ASM) && ( \ - defined(__x86_64) || defined(__x86_64__) || \ -- defined(_M_AMD64) || defined(_M_X64) ) -+ defined(_M_AMD64) || defined(_M_X64) || \ -+ defined(__INTEL__) ) && \ -+ !(defined(__APPLE__) && defined(__MACH__)) - # define STITCHED_CALL - # endif - -@@ -78,7 +128,7 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - if (plen != NO_PAYLOAD_LENGTH && len != (plen + MD5_DIGEST_LENGTH)) - return 0; - -- if (EVP_CIPHER_CTX_encrypting(ctx)) { -+ if (ctx->encrypt) { - if (plen == NO_PAYLOAD_LENGTH) - plen = len; - # if defined(STITCHED_CALL) -@@ -218,7 +268,7 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, - - len = p[arg - 2] << 8 | p[arg - 1]; - -- if (!EVP_CIPHER_CTX_encrypting(ctx)) { -+ if (!ctx->encrypt) { - if (len < MD5_DIGEST_LENGTH) - return -1; - len -= MD5_DIGEST_LENGTH; -diff --git a/Cryptlib/OpenSSL/crypto/evp/e_rc5.c b/Cryptlib/OpenSSL/crypto/evp/e_rc5.c -index f69ba5b..f17e99d 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/e_rc5.c -+++ b/Cryptlib/OpenSSL/crypto/evp/e_rc5.c -@@ -1,19 +1,67 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/evp/e_rc5.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - - #ifndef OPENSSL_NO_RC5 - - # include --# include - # include - # include "evp_locl.h" - # include -@@ -54,7 +102,7 @@ static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) - return 1; - - default: -- EVPerr(EVP_F_RC5_CTRL, EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS); -+ EVPerr(EVP_F_RC5_CTRL, EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS); - return 0; - } - -diff --git a/Cryptlib/OpenSSL/crypto/evp/e_seed.c b/Cryptlib/OpenSSL/crypto/evp/e_seed.c -index 40aec5f..3d01eac 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/e_seed.c -+++ b/Cryptlib/OpenSSL/crypto/evp/e_seed.c -@@ -1,22 +1,66 @@ --/* -- * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/evp/e_seed.c */ -+/* ==================================================================== -+ * Copyright (c) 2007 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#ifdef OPENSSL_NO_SEED --NON_EMPTY_TRANSLATION_UNIT --#else -+#ifndef OPENSSL_NO_SEED - # include - # include - # include - # include - # include --# include "internal/evp_int.h" -+# include "evp_locl.h" - - static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); -@@ -32,7 +76,7 @@ IMPLEMENT_BLOCK_CIPHER(seed, ks, SEED, EVP_SEED_KEY, NID_seed, - static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) - { -- SEED_set_key(key, &EVP_C_DATA(EVP_SEED_KEY,ctx)->ks); -+ SEED_set_key(key, ctx->cipher_data); - return 1; - } - -diff --git a/Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c b/Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c -index effaf5c..3430df9 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c -+++ b/Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c -@@ -1,20 +1,69 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/evp/e_xcbc_d.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - - #ifndef OPENSSL_NO_DES - - # include - # include --# include "internal/evp_int.h" -+# include "evp_locl.h" - # include - - static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -@@ -28,7 +77,7 @@ typedef struct { - DES_cblock outw; - } DESX_CBC_KEY; - --# define data(ctx) EVP_C_DATA(DESX_CBC_KEY,ctx) -+# define data(ctx) ((DESX_CBC_KEY *)(ctx)->cipher_data) - - static const EVP_CIPHER d_xcbc_cipher = { - NID_desx_cbc, -@@ -66,18 +115,16 @@ static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - { - while (inl >= EVP_MAXCHUNK) { - DES_xcbc_encrypt(in, out, (long)EVP_MAXCHUNK, &data(ctx)->ks, -- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), -- &data(ctx)->inw, &data(ctx)->outw, -- EVP_CIPHER_CTX_encrypting(ctx)); -+ (DES_cblock *)&(ctx->iv[0]), -+ &data(ctx)->inw, &data(ctx)->outw, ctx->encrypt); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; - } - if (inl) - DES_xcbc_encrypt(in, out, (long)inl, &data(ctx)->ks, -- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), -- &data(ctx)->inw, &data(ctx)->outw, -- EVP_CIPHER_CTX_encrypting(ctx)); -+ (DES_cblock *)&(ctx->iv[0]), -+ &data(ctx)->inw, &data(ctx)->outw, ctx->encrypt); - return 1; - } - #endif -diff --git a/Cryptlib/OpenSSL/crypto/evp/encode.c b/Cryptlib/OpenSSL/crypto/evp/encode.c -index abb1044..c6c775e 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/encode.c -+++ b/Cryptlib/OpenSSL/crypto/evp/encode.c -@@ -1,17 +1,65 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/evp/encode.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include --#include "evp_locl.h" - - static unsigned char conv_ascii2bin(unsigned char a); - #ifndef CHARSET_EBCDIC -@@ -55,7 +103,7 @@ abcdefghijklmnopqrstuvwxyz0123456789+/"; - #define B64_WS 0xE0 - #define B64_ERROR 0xFF - #define B64_NOT_BASE64(a) (((a)|0x13) == 0xF3) --#define B64_BASE64(a) (!B64_NOT_BASE64(a)) -+#define B64_BASE64(a) !B64_NOT_BASE64(a) - - static const unsigned char data_ascii2bin[128] = { - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -@@ -93,28 +141,6 @@ static unsigned char conv_ascii2bin(unsigned char a) - } - #endif - --EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void) --{ -- return OPENSSL_zalloc(sizeof(EVP_ENCODE_CTX)); --} -- --void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx) --{ -- OPENSSL_free(ctx); --} -- --int EVP_ENCODE_CTX_copy(EVP_ENCODE_CTX *dctx, EVP_ENCODE_CTX *sctx) --{ -- memcpy(dctx, sctx, sizeof(EVP_ENCODE_CTX)); -- -- return 1; --} -- --int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx) --{ -- return ctx->num; --} -- - void EVP_EncodeInit(EVP_ENCODE_CTX *ctx) - { - ctx->length = 48; -@@ -122,7 +148,7 @@ void EVP_EncodeInit(EVP_ENCODE_CTX *ctx) - ctx->line_num = 0; - } - --int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, -+void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, - const unsigned char *in, int inl) - { - int i, j; -@@ -130,12 +156,12 @@ int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, - - *outl = 0; - if (inl <= 0) -- return 0; -+ return; - OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data)); - if (ctx->length - ctx->num > inl) { - memcpy(&(ctx->enc_data[ctx->num]), in, inl); - ctx->num += inl; -- return 1; -+ return; - } - if (ctx->num != 0) { - i = ctx->length - ctx->num; -@@ -161,14 +187,12 @@ int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, - if (total > INT_MAX) { - /* Too much output data! */ - *outl = 0; -- return 0; -+ return; - } - if (inl != 0) - memcpy(&(ctx->enc_data[0]), in, inl); - ctx->num = inl; - *outl = total; -- -- return 1; - } - - void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl) -@@ -402,3 +426,35 @@ int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl) - } else - return (1); - } -+ -+#ifdef undef -+int EVP_DecodeValid(unsigned char *buf, int len) -+{ -+ int i, num = 0, bad = 0; -+ -+ if (len == 0) -+ return (-1); -+ while (conv_ascii2bin(*buf) == B64_WS) { -+ buf++; -+ len--; -+ if (len == 0) -+ return (-1); -+ } -+ -+ for (i = len; i >= 4; i -= 4) { -+ if ((conv_ascii2bin(buf[0]) >= 0x40) || -+ (conv_ascii2bin(buf[1]) >= 0x40) || -+ (conv_ascii2bin(buf[2]) >= 0x40) || -+ (conv_ascii2bin(buf[3]) >= 0x40)) -+ return (-1); -+ buf += 4; -+ num += 1 + (buf[2] != '=') + (buf[3] != '='); -+ } -+ if ((i == 1) && (conv_ascii2bin(buf[0]) == B64_EOLN)) -+ return (num); -+ if ((i == 2) && (conv_ascii2bin(buf[0]) == B64_EOLN) && -+ (conv_ascii2bin(buf[0]) == B64_EOLN)) -+ return (num); -+ return (1); -+} -+#endif -diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_acnf.c b/Cryptlib/OpenSSL/crypto/evp/evp_acnf.c -new file mode 100644 -index 0000000..9703116 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/evp/evp_acnf.c -@@ -0,0 +1,73 @@ -+/* evp_acnf.c */ -+/* -+ * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project -+ * 2001. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+#include "cryptlib.h" -+#include -+#include -+ -+/* -+ * Load all algorithms and configure OpenSSL. This function is called -+ * automatically when OPENSSL_LOAD_CONF is set. -+ */ -+ -+void OPENSSL_add_all_algorithms_conf(void) -+{ -+ OPENSSL_add_all_algorithms_noconf(); -+ OPENSSL_config(NULL); -+} -diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_cnf.c b/Cryptlib/OpenSSL/crypto/evp/evp_cnf.c -index 71d13b8..6fd3a6d 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/evp_cnf.c -+++ b/Cryptlib/OpenSSL/crypto/evp/evp_cnf.c -@@ -1,19 +1,73 @@ -+/* evp_cnf.c */ - /* -- * Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project -+ * 2007. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2007 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include - #include - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include -+#include - #include - #include -+#ifdef OPENSSL_FIPS -+# include -+#endif - - /* Algorithm configuration module. */ - -@@ -23,15 +77,14 @@ static int alg_module_init(CONF_IMODULE *md, const CONF *cnf) - const char *oid_section; - STACK_OF(CONF_VALUE) *sktmp; - CONF_VALUE *oval; -- - oid_section = CONF_imodule_get_value(md); -- if ((sktmp = NCONF_get_section(cnf, oid_section)) == NULL) { -+ if (!(sktmp = NCONF_get_section(cnf, oid_section))) { - EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_ERROR_LOADING_SECTION); - return 0; - } - for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) { - oval = sk_CONF_VALUE_value(sktmp, i); -- if (strcmp(oval->name, "fips_mode") == 0) { -+ if (!strcmp(oval->name, "fips_mode")) { - int m; - if (!X509V3_get_value_bool(oval, &m)) { - EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_INVALID_FIPS_MODE); -diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_enc.c b/Cryptlib/OpenSSL/crypto/evp/evp_enc.c -index f829e8d..0e40f09 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/evp_enc.c -+++ b/Cryptlib/OpenSSL/crypto/evp/evp_enc.c -@@ -1,56 +1,101 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/evp/evp_enc.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include --#include --#include "internal/evp_int.h" -+#ifndef OPENSSL_NO_ENGINE -+# include -+#endif -+#ifdef OPENSSL_FIPS -+# include -+#endif - #include "evp_locl.h" - --int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c) --{ -- if (c == NULL) -- return 1; -- if (c->cipher != NULL) { -- if (c->cipher->cleanup && !c->cipher->cleanup(c)) -- return 0; -- /* Cleanse cipher context data */ -- if (c->cipher_data && c->cipher->ctx_size) -- OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size); -- } -- OPENSSL_free(c->cipher_data); --#ifndef OPENSSL_NO_ENGINE -- ENGINE_finish(c->engine); -+#ifdef OPENSSL_FIPS -+# define M_do_cipher(ctx, out, in, inl) FIPS_cipher(ctx, out, in, inl) -+#else -+# define M_do_cipher(ctx, out, in, inl) ctx->cipher->do_cipher(ctx, out, in, inl) - #endif -- memset(c, 0, sizeof(*c)); -- return 1; --} - --EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) -+const char EVP_version[] = "EVP" OPENSSL_VERSION_PTEXT; -+ -+void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) - { -- return OPENSSL_zalloc(sizeof(EVP_CIPHER_CTX)); -+ memset(ctx, 0, sizeof(EVP_CIPHER_CTX)); -+ /* ctx->cipher=NULL; */ - } - --void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) -+EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) - { -- EVP_CIPHER_CTX_reset(ctx); -- OPENSSL_free(ctx); -+ EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof *ctx); -+ if (ctx) -+ EVP_CIPHER_CTX_init(ctx); -+ return ctx; - } - - int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - const unsigned char *key, const unsigned char *iv, int enc) - { -- EVP_CIPHER_CTX_reset(ctx); -+ if (cipher) -+ EVP_CIPHER_CTX_init(ctx); - return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc); - } - -@@ -70,10 +115,12 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so - * this context may already have an ENGINE! Try to avoid releasing the - * previous handle, re-querying for an ENGINE, and having a -- * reinitialisation, when it may all be unnecessary. -+ * reinitialisation, when it may all be unecessary. - */ -- if (ctx->engine && ctx->cipher -- && (cipher == NULL || cipher->nid == ctx->cipher->nid)) -+ if (ctx->engine && ctx->cipher && (!cipher || -+ (cipher -+ && (cipher->nid == -+ ctx->cipher->nid)))) - goto skip_to_init; - #endif - if (cipher) { -@@ -84,7 +131,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - */ - if (ctx->cipher) { - unsigned long flags = ctx->flags; -- EVP_CIPHER_CTX_reset(ctx); -+ EVP_CIPHER_CTX_cleanup(ctx); - /* Restore encrypt and flags */ - ctx->encrypt = enc; - ctx->flags = flags; -@@ -105,7 +152,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - /* - * One positive side-effect of US's export control history, - * is that we should at least be able to avoid using US -- * misspellings of "initialisation"? -+ * mispellings of "initialisation"? - */ - EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); - return 0; -@@ -121,11 +168,20 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - ctx->engine = NULL; - #endif - -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode()) { -+ const EVP_CIPHER *fcipher = NULL; -+ if (cipher) -+ fcipher = evp_get_fips_cipher(cipher); -+ if (fcipher) -+ cipher = fcipher; -+ return FIPS_cipherinit(ctx, cipher, key, iv, enc); -+ } -+#endif - ctx->cipher = cipher; - if (ctx->cipher->ctx_size) { -- ctx->cipher_data = OPENSSL_zalloc(ctx->cipher->ctx_size); -- if (ctx->cipher_data == NULL) { -- ctx->cipher = NULL; -+ ctx->cipher_data = OPENSSL_malloc(ctx->cipher->ctx_size); -+ if (!ctx->cipher_data) { - EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE); - return 0; - } -@@ -137,7 +193,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW; - if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) { - if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) { -- ctx->cipher = NULL; - EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); - return 0; - } -@@ -148,6 +203,10 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - } - #ifndef OPENSSL_NO_ENGINE - skip_to_init: -+#endif -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode()) -+ return FIPS_cipherinit(ctx, cipher, key, iv, enc); - #endif - /* we assume block size is a power of 2 in *cryptUpdate */ - OPENSSL_assert(ctx->cipher->block_size == 1 -@@ -160,7 +219,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - return 0; - } - -- if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_CUSTOM_IV)) { -+ if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) { - switch (EVP_CIPHER_CTX_mode(ctx)) { - - case EVP_CIPH_STREAM_CIPHER: -@@ -191,6 +250,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - - default: - return 0; -+ break; - } - } - -@@ -255,61 +315,13 @@ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0); - } - --/* -- * According to the letter of standard difference between pointers -- * is specified to be valid only within same object. This makes -- * it formally challenging to determine if input and output buffers -- * are not partially overlapping with standard pointer arithmetic. -- */ --#ifdef PTRDIFF_T --# undef PTRDIFF_T --#endif --#if defined(OPENSSL_SYS_VMS) && __INITIAL_POINTER_SIZE==64 --/* -- * Then we have VMS that distinguishes itself by adhering to -- * sizeof(size_t)==4 even in 64-bit builds, which means that -- * difference between two pointers might be truncated to 32 bits. -- * In the context one can even wonder how comparison for -- * equality is implemented. To be on the safe side we adhere to -- * PTRDIFF_T even for comparison for equality. -- */ --# define PTRDIFF_T uint64_t --#else --# define PTRDIFF_T size_t --#endif -- --int is_partially_overlapping(const void *ptr1, const void *ptr2, int len) --{ -- PTRDIFF_T diff = (PTRDIFF_T)ptr1-(PTRDIFF_T)ptr2; -- /* -- * Check for partially overlapping buffers. [Binary logical -- * operations are used instead of boolean to minimize number -- * of conditional branches.] -- */ -- int overlapped = (len > 0) & (diff != 0) & ((diff < (PTRDIFF_T)len) | -- (diff > (0 - (PTRDIFF_T)len))); -- -- return overlapped; --} -- - int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, - const unsigned char *in, int inl) - { -- int i, j, bl, cmpl = inl; -- -- if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) -- cmpl = (cmpl + 7) / 8; -- -- bl = ctx->cipher->block_size; -+ int i, j, bl; - - if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { -- /* If block size > 1 then the cipher will have to do this check */ -- if (bl == 1 && is_partially_overlapping(out, in, cmpl)) { -- EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING); -- return 0; -- } -- -- i = ctx->cipher->do_cipher(ctx, out, in, inl); -+ i = M_do_cipher(ctx, out, in, inl); - if (i < 0) - return 0; - else -@@ -321,13 +333,9 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, - *outl = 0; - return inl == 0; - } -- if (is_partially_overlapping(out + ctx->buf_len, in, cmpl)) { -- EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING); -- return 0; -- } - - if (ctx->buf_len == 0 && (inl & (ctx->block_mask)) == 0) { -- if (ctx->cipher->do_cipher(ctx, out, in, inl)) { -+ if (M_do_cipher(ctx, out, in, inl)) { - *outl = inl; - return 1; - } else { -@@ -336,6 +344,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, - } - } - i = ctx->buf_len; -+ bl = ctx->cipher->block_size; - OPENSSL_assert(bl <= (int)sizeof(ctx->buf)); - if (i != 0) { - if (bl - i > inl) { -@@ -346,10 +355,10 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, - } else { - j = bl - i; - memcpy(&(ctx->buf[i]), in, j); -+ if (!M_do_cipher(ctx, out, ctx->buf, bl)) -+ return 0; - inl -= j; - in += j; -- if (!ctx->cipher->do_cipher(ctx, out, ctx->buf, bl)) -- return 0; - out += bl; - *outl = bl; - } -@@ -358,7 +367,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, - i = inl & (bl - 1); - inl -= i; - if (inl > 0) { -- if (!ctx->cipher->do_cipher(ctx, out, in, inl)) -+ if (!M_do_cipher(ctx, out, in, inl)) - return 0; - *outl += inl; - } -@@ -382,7 +391,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) - unsigned int i, b, bl; - - if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { -- ret = ctx->cipher->do_cipher(ctx, out, NULL, 0); -+ ret = M_do_cipher(ctx, out, NULL, 0); - if (ret < 0) - return 0; - else -@@ -410,7 +419,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) - n = b - bl; - for (i = bl; i < b; i++) - ctx->buf[i] = n; -- ret = ctx->cipher->do_cipher(ctx, out, ctx->buf, b); -+ ret = M_do_cipher(ctx, out, ctx->buf, b); - - if (ret) - *outl = b; -@@ -421,21 +430,11 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) - int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, - const unsigned char *in, int inl) - { -- int fix_len, cmpl = inl; -+ int fix_len; - unsigned int b; - -- b = ctx->cipher->block_size; -- -- if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) -- cmpl = (cmpl + 7) / 8; -- - if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { -- if (b == 1 && is_partially_overlapping(out, in, cmpl)) { -- EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING); -- return 0; -- } -- -- fix_len = ctx->cipher->do_cipher(ctx, out, in, inl); -+ fix_len = M_do_cipher(ctx, out, in, inl); - if (fix_len < 0) { - *outl = 0; - return 0; -@@ -452,15 +451,10 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, - if (ctx->flags & EVP_CIPH_NO_PADDING) - return EVP_EncryptUpdate(ctx, out, outl, in, inl); - -+ b = ctx->cipher->block_size; - OPENSSL_assert(b <= sizeof ctx->final); - - if (ctx->final_used) { -- /* see comment about PTRDIFF_T comparison above */ -- if (((PTRDIFF_T)out == (PTRDIFF_T)in) -- || is_partially_overlapping(out, in, b)) { -- EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING); -- return 0; -- } - memcpy(out, ctx->final, b); - out += b; - fix_len = 1; -@@ -501,7 +495,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) - *outl = 0; - - if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { -- i = ctx->cipher->do_cipher(ctx, out, NULL, 0); -+ i = M_do_cipher(ctx, out, NULL, 0); - if (i < 0) - return 0; - else -@@ -550,6 +544,42 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) - return (1); - } - -+void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) -+{ -+ if (ctx) { -+ EVP_CIPHER_CTX_cleanup(ctx); -+ OPENSSL_free(ctx); -+ } -+} -+ -+int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) -+{ -+#ifndef OPENSSL_FIPS -+ if (c->cipher != NULL) { -+ if (c->cipher->cleanup && !c->cipher->cleanup(c)) -+ return 0; -+ /* Cleanse cipher context data */ -+ if (c->cipher_data) -+ OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size); -+ } -+ if (c->cipher_data) -+ OPENSSL_free(c->cipher_data); -+#endif -+#ifndef OPENSSL_NO_ENGINE -+ if (c->engine) -+ /* -+ * The EVP_CIPHER we used belongs to an ENGINE, release the -+ * functional reference we held for this reason. -+ */ -+ ENGINE_finish(c->engine); -+#endif -+#ifdef OPENSSL_FIPS -+ FIPS_cipher_ctx_cleanup(c); -+#endif -+ memset(c, 0, sizeof(EVP_CIPHER_CTX)); -+ return 1; -+} -+ - int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen) - { - if (c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH) -@@ -618,13 +648,12 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) - } - #endif - -- EVP_CIPHER_CTX_reset(out); -- memcpy(out, in, sizeof(*out)); -+ EVP_CIPHER_CTX_cleanup(out); -+ memcpy(out, in, sizeof *out); - - if (in->cipher_data && in->cipher->ctx_size) { - out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size); -- if (out->cipher_data == NULL) { -- out->cipher = NULL; -+ if (!out->cipher_data) { - EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_MALLOC_FAILURE); - return 0; - } -@@ -632,10 +661,6 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) - } - - if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY) -- if (!in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out)) { -- out->cipher = NULL; -- EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, EVP_R_INITIALIZATION_ERROR); -- return 0; -- } -+ return in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out); - return 1; - } -diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_err.c b/Cryptlib/OpenSSL/crypto/evp/evp_err.c -index e32a1c0..bcd841e 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/evp_err.c -+++ b/Cryptlib/OpenSSL/crypto/evp/evp_err.c -@@ -1,11 +1,62 @@ --/* -- * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/evp/evp_err.c */ -+/* ==================================================================== -+ * Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+/* -+ * NOTE: this file was auto generated by the mkerr.pl script: any changes -+ * made to it will be overwritten when the script next updates this file, -+ * only reason strings will be preserved. - */ - - #include -@@ -19,36 +70,39 @@ - # define ERR_REASON(reason) ERR_PACK(ERR_LIB_EVP,0,reason) - - static ERR_STRING_DATA EVP_str_functs[] = { -- {ERR_FUNC(EVP_F_AESNI_INIT_KEY), "aesni_init_key"}, -- {ERR_FUNC(EVP_F_AES_INIT_KEY), "aes_init_key"}, -- {ERR_FUNC(EVP_F_AES_OCB_CIPHER), "aes_ocb_cipher"}, -- {ERR_FUNC(EVP_F_AES_T4_INIT_KEY), "aes_t4_init_key"}, -- {ERR_FUNC(EVP_F_AES_WRAP_CIPHER), "aes_wrap_cipher"}, -- {ERR_FUNC(EVP_F_ALG_MODULE_INIT), "alg_module_init"}, -- {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "camellia_init_key"}, -- {ERR_FUNC(EVP_F_CHACHA20_POLY1305_CTRL), "chacha20_poly1305_ctrl"}, -- {ERR_FUNC(EVP_F_CMLL_T4_INIT_KEY), "cmll_t4_init_key"}, -- {ERR_FUNC(EVP_F_DES_EDE3_WRAP_CIPHER), "des_ede3_wrap_cipher"}, -- {ERR_FUNC(EVP_F_DO_SIGVER_INIT), "do_sigver_init"}, -+ {ERR_FUNC(EVP_F_AESNI_INIT_KEY), "AESNI_INIT_KEY"}, -+ {ERR_FUNC(EVP_F_AESNI_XTS_CIPHER), "AESNI_XTS_CIPHER"}, -+ {ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"}, -+ {ERR_FUNC(EVP_F_AES_T4_INIT_KEY), "AES_T4_INIT_KEY"}, -+ {ERR_FUNC(EVP_F_AES_XTS), "AES_XTS"}, -+ {ERR_FUNC(EVP_F_AES_XTS_CIPHER), "AES_XTS_CIPHER"}, -+ {ERR_FUNC(EVP_F_ALG_MODULE_INIT), "ALG_MODULE_INIT"}, -+ {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "CAMELLIA_INIT_KEY"}, -+ {ERR_FUNC(EVP_F_CMAC_INIT), "CMAC_INIT"}, -+ {ERR_FUNC(EVP_F_CMLL_T4_INIT_KEY), "CMLL_T4_INIT_KEY"}, -+ {ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"}, -+ {ERR_FUNC(EVP_F_DO_SIGVER_INIT), "DO_SIGVER_INIT"}, -+ {ERR_FUNC(EVP_F_DSAPKEY2PKCS8), "DSAPKEY2PKCS8"}, -+ {ERR_FUNC(EVP_F_DSA_PKEY2PKCS8), "DSA_PKEY2PKCS8"}, -+ {ERR_FUNC(EVP_F_ECDSA_PKEY2PKCS8), "ECDSA_PKEY2PKCS8"}, -+ {ERR_FUNC(EVP_F_ECKEY_PKEY2PKCS8), "ECKEY_PKEY2PKCS8"}, - {ERR_FUNC(EVP_F_EVP_CIPHERINIT_EX), "EVP_CipherInit_ex"}, - {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_COPY), "EVP_CIPHER_CTX_copy"}, - {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL), "EVP_CIPHER_CTX_ctrl"}, - {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH), - "EVP_CIPHER_CTX_set_key_length"}, - {ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX), "EVP_DecryptFinal_ex"}, -- {ERR_FUNC(EVP_F_EVP_DECRYPTUPDATE), "EVP_DecryptUpdate"}, - {ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"}, - {ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"}, -- {ERR_FUNC(EVP_F_EVP_ENCRYPTUPDATE), "EVP_EncryptUpdate"}, - {ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"}, - {ERR_FUNC(EVP_F_EVP_MD_SIZE), "EVP_MD_size"}, - {ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"}, - {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"}, - {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD_TYPE), "EVP_PBE_alg_add_type"}, - {ERR_FUNC(EVP_F_EVP_PBE_CIPHERINIT), "EVP_PBE_CipherInit"}, -- {ERR_FUNC(EVP_F_EVP_PBE_SCRYPT), "EVP_PBE_scrypt"}, - {ERR_FUNC(EVP_F_EVP_PKCS82PKEY), "EVP_PKCS82PKEY"}, -- {ERR_FUNC(EVP_F_EVP_PKEY2PKCS8), "EVP_PKEY2PKCS8"}, -+ {ERR_FUNC(EVP_F_EVP_PKCS82PKEY_BROKEN), "EVP_PKCS82PKEY_BROKEN"}, -+ {ERR_FUNC(EVP_F_EVP_PKEY2PKCS8_BROKEN), "EVP_PKEY2PKCS8_broken"}, - {ERR_FUNC(EVP_F_EVP_PKEY_COPY_PARAMETERS), "EVP_PKEY_copy_parameters"}, - {ERR_FUNC(EVP_F_EVP_PKEY_CTX_CTRL), "EVP_PKEY_CTX_ctrl"}, - {ERR_FUNC(EVP_F_EVP_PKEY_CTX_CTRL_STR), "EVP_PKEY_CTX_ctrl_str"}, -@@ -62,11 +116,11 @@ static ERR_STRING_DATA EVP_str_functs[] = { - {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT), "EVP_PKEY_encrypt"}, - {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_INIT), "EVP_PKEY_encrypt_init"}, - {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_OLD), "EVP_PKEY_encrypt_old"}, -- {ERR_FUNC(EVP_F_EVP_PKEY_GET0_DH), "EVP_PKEY_get0_DH"}, -- {ERR_FUNC(EVP_F_EVP_PKEY_GET0_DSA), "EVP_PKEY_get0_DSA"}, -- {ERR_FUNC(EVP_F_EVP_PKEY_GET0_EC_KEY), "EVP_PKEY_get0_EC_KEY"}, -- {ERR_FUNC(EVP_F_EVP_PKEY_GET0_HMAC), "EVP_PKEY_get0_hmac"}, -- {ERR_FUNC(EVP_F_EVP_PKEY_GET0_RSA), "EVP_PKEY_get0_RSA"}, -+ {ERR_FUNC(EVP_F_EVP_PKEY_GET1_DH), "EVP_PKEY_get1_DH"}, -+ {ERR_FUNC(EVP_F_EVP_PKEY_GET1_DSA), "EVP_PKEY_get1_DSA"}, -+ {ERR_FUNC(EVP_F_EVP_PKEY_GET1_ECDSA), "EVP_PKEY_GET1_ECDSA"}, -+ {ERR_FUNC(EVP_F_EVP_PKEY_GET1_EC_KEY), "EVP_PKEY_get1_EC_KEY"}, -+ {ERR_FUNC(EVP_F_EVP_PKEY_GET1_RSA), "EVP_PKEY_get1_RSA"}, - {ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN), "EVP_PKEY_keygen"}, - {ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN_INIT), "EVP_PKEY_keygen_init"}, - {ERR_FUNC(EVP_F_EVP_PKEY_NEW), "EVP_PKEY_new"}, -@@ -79,28 +133,42 @@ static ERR_STRING_DATA EVP_str_functs[] = { - {ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_RECOVER), "EVP_PKEY_verify_recover"}, - {ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT), - "EVP_PKEY_verify_recover_init"}, -+ {ERR_FUNC(EVP_F_EVP_RIJNDAEL), "EVP_RIJNDAEL"}, - {ERR_FUNC(EVP_F_EVP_SIGNFINAL), "EVP_SignFinal"}, - {ERR_FUNC(EVP_F_EVP_VERIFYFINAL), "EVP_VerifyFinal"}, -- {ERR_FUNC(EVP_F_INT_CTX_NEW), "int_ctx_new"}, -+ {ERR_FUNC(EVP_F_FIPS_CIPHERINIT), "FIPS_CIPHERINIT"}, -+ {ERR_FUNC(EVP_F_FIPS_CIPHER_CTX_COPY), "FIPS_CIPHER_CTX_COPY"}, -+ {ERR_FUNC(EVP_F_FIPS_CIPHER_CTX_CTRL), "FIPS_CIPHER_CTX_CTRL"}, -+ {ERR_FUNC(EVP_F_FIPS_CIPHER_CTX_SET_KEY_LENGTH), -+ "FIPS_CIPHER_CTX_SET_KEY_LENGTH"}, -+ {ERR_FUNC(EVP_F_FIPS_DIGESTINIT), "FIPS_DIGESTINIT"}, -+ {ERR_FUNC(EVP_F_FIPS_MD_CTX_COPY), "FIPS_MD_CTX_COPY"}, -+ {ERR_FUNC(EVP_F_HMAC_INIT_EX), "HMAC_Init_ex"}, -+ {ERR_FUNC(EVP_F_INT_CTX_NEW), "INT_CTX_NEW"}, - {ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN), "PKCS5_PBE_keyivgen"}, - {ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"}, -- {ERR_FUNC(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN), "PKCS5_v2_PBKDF2_keyivgen"}, -- {ERR_FUNC(EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN), "PKCS5_v2_scrypt_keyivgen"}, -- {ERR_FUNC(EVP_F_PKEY_SET_TYPE), "pkey_set_type"}, -- {ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "rc2_magic_to_meth"}, -- {ERR_FUNC(EVP_F_RC5_CTRL), "rc5_ctrl"}, -+ {ERR_FUNC(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN), "PKCS5_V2_PBKDF2_KEYIVGEN"}, -+ {ERR_FUNC(EVP_F_PKCS8_SET_BROKEN), "PKCS8_set_broken"}, -+ {ERR_FUNC(EVP_F_PKEY_SET_TYPE), "PKEY_SET_TYPE"}, -+ {ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "RC2_MAGIC_TO_METH"}, -+ {ERR_FUNC(EVP_F_RC5_CTRL), "RC5_CTRL"}, - {0, NULL} - }; - - static ERR_STRING_DATA EVP_str_reasons[] = { -+ {ERR_REASON(EVP_R_AES_IV_SETUP_FAILED), "aes iv setup failed"}, - {ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED), "aes key setup failed"}, -+ {ERR_REASON(EVP_R_ASN1_LIB), "asn1 lib"}, -+ {ERR_REASON(EVP_R_BAD_BLOCK_LENGTH), "bad block length"}, - {ERR_REASON(EVP_R_BAD_DECRYPT), "bad decrypt"}, -+ {ERR_REASON(EVP_R_BAD_KEY_LENGTH), "bad key length"}, -+ {ERR_REASON(EVP_R_BN_DECODE_ERROR), "bn decode error"}, -+ {ERR_REASON(EVP_R_BN_PUBKEY_ERROR), "bn pubkey error"}, - {ERR_REASON(EVP_R_BUFFER_TOO_SMALL), "buffer too small"}, - {ERR_REASON(EVP_R_CAMELLIA_KEY_SETUP_FAILED), - "camellia key setup failed"}, - {ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR), "cipher parameter error"}, - {ERR_REASON(EVP_R_COMMAND_NOT_SUPPORTED), "command not supported"}, -- {ERR_REASON(EVP_R_COPY_ERROR), "copy error"}, - {ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED), "ctrl not implemented"}, - {ERR_REASON(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED), - "ctrl operation not implemented"}, -@@ -109,16 +177,17 @@ static ERR_STRING_DATA EVP_str_reasons[] = { - {ERR_REASON(EVP_R_DECODE_ERROR), "decode error"}, - {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES), "different key types"}, - {ERR_REASON(EVP_R_DIFFERENT_PARAMETERS), "different parameters"}, -+ {ERR_REASON(EVP_R_DISABLED_FOR_FIPS), "disabled for fips"}, -+ {ERR_REASON(EVP_R_ENCODE_ERROR), "encode error"}, - {ERR_REASON(EVP_R_ERROR_LOADING_SECTION), "error loading section"}, - {ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE), "error setting fips mode"}, -- {ERR_REASON(EVP_R_EXPECTING_AN_HMAC_KEY), "expecting an hmac key"}, -+ {ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR), "evp pbe cipherinit error"}, - {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY), "expecting an rsa key"}, - {ERR_REASON(EVP_R_EXPECTING_A_DH_KEY), "expecting a dh key"}, - {ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY), "expecting a dsa key"}, -+ {ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY), "expecting a ecdsa key"}, - {ERR_REASON(EVP_R_EXPECTING_A_EC_KEY), "expecting a ec key"}, - {ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED), "fips mode not supported"}, -- {ERR_REASON(EVP_R_ILLEGAL_SCRYPT_PARAMETERS), -- "illegal scrypt parameters"}, - {ERR_REASON(EVP_R_INITIALIZATION_ERROR), "initialization error"}, - {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED), "input not initialized"}, - {ERR_REASON(EVP_R_INVALID_DIGEST), "invalid digest"}, -@@ -126,48 +195,55 @@ static ERR_STRING_DATA EVP_str_reasons[] = { - {ERR_REASON(EVP_R_INVALID_KEY), "invalid key"}, - {ERR_REASON(EVP_R_INVALID_KEY_LENGTH), "invalid key length"}, - {ERR_REASON(EVP_R_INVALID_OPERATION), "invalid operation"}, -+ {ERR_REASON(EVP_R_IV_TOO_LARGE), "iv too large"}, - {ERR_REASON(EVP_R_KEYGEN_FAILURE), "keygen failure"}, -- {ERR_REASON(EVP_R_MEMORY_LIMIT_EXCEEDED), "memory limit exceeded"}, - {ERR_REASON(EVP_R_MESSAGE_DIGEST_IS_NULL), "message digest is null"}, - {ERR_REASON(EVP_R_METHOD_NOT_SUPPORTED), "method not supported"}, - {ERR_REASON(EVP_R_MISSING_PARAMETERS), "missing parameters"}, - {ERR_REASON(EVP_R_NO_CIPHER_SET), "no cipher set"}, - {ERR_REASON(EVP_R_NO_DEFAULT_DIGEST), "no default digest"}, - {ERR_REASON(EVP_R_NO_DIGEST_SET), "no digest set"}, -+ {ERR_REASON(EVP_R_NO_DSA_PARAMETERS), "no dsa parameters"}, - {ERR_REASON(EVP_R_NO_KEY_SET), "no key set"}, - {ERR_REASON(EVP_R_NO_OPERATION_SET), "no operation set"}, -+ {ERR_REASON(EVP_R_NO_SIGN_FUNCTION_CONFIGURED), -+ "no sign function configured"}, -+ {ERR_REASON(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED), -+ "no verify function configured"}, - {ERR_REASON(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), - "operation not supported for this keytype"}, - {ERR_REASON(EVP_R_OPERATON_NOT_INITIALIZED), "operaton not initialized"}, -- {ERR_REASON(EVP_R_PARTIALLY_OVERLAPPING), -- "partially overlapping buffers"}, -+ {ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE), -+ "pkcs8 unknown broken type"}, - {ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR), "private key decode error"}, - {ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR), "private key encode error"}, - {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"}, -+ {ERR_REASON(EVP_R_TOO_LARGE), "too large"}, - {ERR_REASON(EVP_R_UNKNOWN_CIPHER), "unknown cipher"}, - {ERR_REASON(EVP_R_UNKNOWN_DIGEST), "unknown digest"}, - {ERR_REASON(EVP_R_UNKNOWN_OPTION), "unknown option"}, - {ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM), "unknown pbe algorithm"}, -+ {ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS), -+ "unsuported number of rounds"}, - {ERR_REASON(EVP_R_UNSUPPORTED_ALGORITHM), "unsupported algorithm"}, - {ERR_REASON(EVP_R_UNSUPPORTED_CIPHER), "unsupported cipher"}, - {ERR_REASON(EVP_R_UNSUPPORTED_KEYLENGTH), "unsupported keylength"}, - {ERR_REASON(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION), - "unsupported key derivation function"}, - {ERR_REASON(EVP_R_UNSUPPORTED_KEY_SIZE), "unsupported key size"}, -- {ERR_REASON(EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS), -- "unsupported number of rounds"}, - {ERR_REASON(EVP_R_UNSUPPORTED_PRF), "unsupported prf"}, - {ERR_REASON(EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM), - "unsupported private key algorithm"}, - {ERR_REASON(EVP_R_UNSUPPORTED_SALT_TYPE), "unsupported salt type"}, - {ERR_REASON(EVP_R_WRAP_MODE_NOT_ALLOWED), "wrap mode not allowed"}, - {ERR_REASON(EVP_R_WRONG_FINAL_BLOCK_LENGTH), "wrong final block length"}, -+ {ERR_REASON(EVP_R_WRONG_PUBLIC_KEY_TYPE), "wrong public key type"}, - {0, NULL} - }; - - #endif - --int ERR_load_EVP_strings(void) -+void ERR_load_EVP_strings(void) - { - #ifndef OPENSSL_NO_ERR - -@@ -176,5 +252,4 @@ int ERR_load_EVP_strings(void) - ERR_load_strings(0, EVP_str_reasons); - } - #endif -- return 1; - } -diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_key.c b/Cryptlib/OpenSSL/crypto/evp/evp_key.c -index 8a4297c..63c8866 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/evp_key.c -+++ b/Cryptlib/OpenSSL/crypto/evp/evp_key.c -@@ -1,14 +1,63 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/evp/evp_key.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include -@@ -76,42 +125,40 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, - int datal, int count, unsigned char *key, - unsigned char *iv) - { -- EVP_MD_CTX *c; -+ EVP_MD_CTX c; - unsigned char md_buf[EVP_MAX_MD_SIZE]; - int niv, nkey, addmd = 0; - unsigned int mds = 0, i; - int rv = 0; -- nkey = EVP_CIPHER_key_length(type); -- niv = EVP_CIPHER_iv_length(type); -+ nkey = type->key_len; -+ niv = type->iv_len; - OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH); - OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH); - - if (data == NULL) - return (nkey); - -- c = EVP_MD_CTX_new(); -- if (c == NULL) -- goto err; -+ EVP_MD_CTX_init(&c); - for (;;) { -- if (!EVP_DigestInit_ex(c, md, NULL)) -+ if (!EVP_DigestInit_ex(&c, md, NULL)) - goto err; - if (addmd++) -- if (!EVP_DigestUpdate(c, &(md_buf[0]), mds)) -+ if (!EVP_DigestUpdate(&c, &(md_buf[0]), mds)) - goto err; -- if (!EVP_DigestUpdate(c, data, datal)) -+ if (!EVP_DigestUpdate(&c, data, datal)) - goto err; - if (salt != NULL) -- if (!EVP_DigestUpdate(c, salt, PKCS5_SALT_LEN)) -+ if (!EVP_DigestUpdate(&c, salt, PKCS5_SALT_LEN)) - goto err; -- if (!EVP_DigestFinal_ex(c, &(md_buf[0]), &mds)) -+ if (!EVP_DigestFinal_ex(&c, &(md_buf[0]), &mds)) - goto err; - - for (i = 1; i < (unsigned int)count; i++) { -- if (!EVP_DigestInit_ex(c, md, NULL)) -+ if (!EVP_DigestInit_ex(&c, md, NULL)) - goto err; -- if (!EVP_DigestUpdate(c, &(md_buf[0]), mds)) -+ if (!EVP_DigestUpdate(&c, &(md_buf[0]), mds)) - goto err; -- if (!EVP_DigestFinal_ex(c, &(md_buf[0]), &mds)) -+ if (!EVP_DigestFinal_ex(&c, &(md_buf[0]), &mds)) - goto err; - } - i = 0; -@@ -142,9 +189,9 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, - if ((nkey == 0) && (niv == 0)) - break; - } -- rv = EVP_CIPHER_key_length(type); -+ rv = type->key_len; - err: -- EVP_MD_CTX_free(c); -+ EVP_MD_CTX_cleanup(&c); - OPENSSL_cleanse(md_buf, sizeof(md_buf)); - return rv; - } -diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_lib.c b/Cryptlib/OpenSSL/crypto/evp/evp_lib.c -index 0c76db5..7e0bab9 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/evp_lib.c -+++ b/Cryptlib/OpenSSL/crypto/evp/evp_lib.c -@@ -1,18 +1,69 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/evp/evp_lib.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include --#include "internal/evp_int.h" --#include "evp_locl.h" -+#ifdef OPENSSL_FIPS -+# include -+# include "evp_locl.h" -+#endif - - int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) - { -@@ -31,7 +82,6 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) - case EVP_CIPH_GCM_MODE: - case EVP_CIPH_CCM_MODE: - case EVP_CIPH_XTS_MODE: -- case EVP_CIPH_OCB_MODE: - ret = -1; - break; - -@@ -59,7 +109,6 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type) - case EVP_CIPH_GCM_MODE: - case EVP_CIPH_CCM_MODE: - case EVP_CIPH_XTS_MODE: -- case EVP_CIPH_OCB_MODE: - ret = -1; - break; - -@@ -155,7 +204,7 @@ int EVP_CIPHER_type(const EVP_CIPHER *ctx) - default: - /* Check it has an OID and it is valid */ - otmp = OBJ_nid2obj(nid); -- if (OBJ_get0_data(otmp) == NULL) -+ if (!otmp || !otmp->data) - nid = NID_undef; - ASN1_OBJECT_free(otmp); - return nid; -@@ -172,11 +221,6 @@ int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx) - return ctx->cipher->block_size; - } - --int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *e) --{ -- return e->ctx_size; --} -- - int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl) - { -@@ -188,14 +232,24 @@ const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx) - return ctx->cipher; - } - --int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx) -+unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher) - { -- return ctx->encrypt; -+#ifdef OPENSSL_FIPS -+ const EVP_CIPHER *fcipher; -+ fcipher = evp_get_fips_cipher(cipher); -+ if (fcipher && fcipher->flags & EVP_CIPH_FLAG_FIPS) -+ return cipher->flags | EVP_CIPH_FLAG_FIPS; -+#endif -+ return cipher->flags; - } - --unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher) -+unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx) - { -- return cipher->flags; -+#ifdef OPENSSL_FIPS -+ return EVP_CIPHER_flags(ctx->cipher); -+#else -+ return ctx->cipher->flags; -+#endif - } - - void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx) -@@ -208,21 +262,6 @@ void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data) - ctx->app_data = data; - } - --void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx) --{ -- return ctx->cipher_data; --} -- --void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data) --{ -- void *old_cipher_data; -- -- old_cipher_data = ctx->cipher_data; -- ctx->cipher_data = cipher_data; -- -- return old_cipher_data; --} -- - int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher) - { - return cipher->iv_len; -@@ -233,36 +272,6 @@ int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) - return ctx->cipher->iv_len; - } - --const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx) --{ -- return ctx->oiv; --} -- --const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx) --{ -- return ctx->iv; --} -- --unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx) --{ -- return ctx->iv; --} -- --unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx) --{ -- return ctx->buf; --} -- --int EVP_CIPHER_CTX_num(const EVP_CIPHER_CTX *ctx) --{ -- return ctx->num; --} -- --void EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num) --{ -- ctx->num = num; --} -- - int EVP_CIPHER_key_length(const EVP_CIPHER *cipher) - { - return cipher->key_len; -@@ -307,134 +316,42 @@ int EVP_MD_size(const EVP_MD *md) - return md->md_size; - } - --unsigned long EVP_MD_flags(const EVP_MD *md) --{ -- return md->flags; --} -+#ifdef OPENSSL_FIPS - --EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type) -+const EVP_MD *evp_get_fips_md(const EVP_MD *md) - { -- EVP_MD *md = OPENSSL_zalloc(sizeof(*md)); -- -- if (md != NULL) { -- md->type = md_type; -- md->pkey_type = pkey_type; -- } -- return md; -+ int nid = EVP_MD_type(md); -+ if (nid == NID_dsa) -+ return FIPS_evp_dss1(); -+ else if (nid == NID_dsaWithSHA) -+ return FIPS_evp_dss(); -+ else if (nid == NID_ecdsa_with_SHA1) -+ return FIPS_evp_ecdsa(); -+ else -+ return FIPS_get_digestbynid(nid); - } --EVP_MD *EVP_MD_meth_dup(const EVP_MD *md) --{ -- EVP_MD *to = EVP_MD_meth_new(md->type, md->pkey_type); - -- if (to != NULL) -- memcpy(to, md, sizeof(*to)); -- return to; --} --void EVP_MD_meth_free(EVP_MD *md) --{ -- OPENSSL_free(md); --} --int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize) --{ -- md->block_size = blocksize; -- return 1; --} --int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize) -+const EVP_CIPHER *evp_get_fips_cipher(const EVP_CIPHER *cipher) - { -- md->md_size = resultsize; -- return 1; --} --int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize) --{ -- md->ctx_size = datasize; -- return 1; --} --int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags) --{ -- md->flags = flags; -- return 1; --} --int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx)) --{ -- md->init = init; -- return 1; --} --int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx, -- const void *data, -- size_t count)) --{ -- md->update = update; -- return 1; --} --int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx, -- unsigned char *md)) --{ -- md->final = final; -- return 1; --} --int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to, -- const EVP_MD_CTX *from)) --{ -- md->copy = copy; -- return 1; --} --int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx)) --{ -- md->cleanup = cleanup; -- return 1; --} --int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd, -- int p1, void *p2)) --{ -- md->md_ctrl = ctrl; -- return 1; -+ int nid = cipher->nid; -+ if (nid == NID_undef) -+ return FIPS_evp_enc_null(); -+ else -+ return FIPS_get_cipherbynid(nid); - } - --int EVP_MD_meth_get_input_blocksize(const EVP_MD *md) --{ -- return md->block_size; --} --int EVP_MD_meth_get_result_size(const EVP_MD *md) --{ -- return md->md_size; --} --int EVP_MD_meth_get_app_datasize(const EVP_MD *md) --{ -- return md->ctx_size; --} --unsigned long EVP_MD_meth_get_flags(const EVP_MD *md) -+#endif -+ -+unsigned long EVP_MD_flags(const EVP_MD *md) - { -+#ifdef OPENSSL_FIPS -+ const EVP_MD *fmd; -+ fmd = evp_get_fips_md(md); -+ if (fmd && fmd->flags & EVP_MD_FLAG_FIPS) -+ return md->flags | EVP_MD_FLAG_FIPS; -+#endif - return md->flags; - } --int (*EVP_MD_meth_get_init(const EVP_MD *md))(EVP_MD_CTX *ctx) --{ -- return md->init; --} --int (*EVP_MD_meth_get_update(const EVP_MD *md))(EVP_MD_CTX *ctx, -- const void *data, -- size_t count) --{ -- return md->update; --} --int (*EVP_MD_meth_get_final(const EVP_MD *md))(EVP_MD_CTX *ctx, -- unsigned char *md) --{ -- return md->final; --} --int (*EVP_MD_meth_get_copy(const EVP_MD *md))(EVP_MD_CTX *to, -- const EVP_MD_CTX *from) --{ -- return md->copy; --} --int (*EVP_MD_meth_get_cleanup(const EVP_MD *md))(EVP_MD_CTX *ctx) --{ -- return md->cleanup; --} --int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, -- int p1, void *p2) --{ -- return md->md_ctrl; --} - - const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx) - { -@@ -443,29 +360,6 @@ const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx) - return ctx->digest; - } - --EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx) --{ -- return ctx->pctx; --} -- --void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx) --{ -- return ctx->md_data; --} -- --int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx, -- const void *data, size_t count) --{ -- return ctx->update; --} -- --void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx, -- int (*update) (EVP_MD_CTX *ctx, -- const void *data, size_t count)) --{ -- ctx->update = update; --} -- - void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags) - { - ctx->flags |= flags; -diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_locl.h b/Cryptlib/OpenSSL/crypto/evp/evp_locl.h -index 209577b..2bb709a 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/evp_locl.h -+++ b/Cryptlib/OpenSSL/crypto/evp/evp_locl.h -@@ -1,68 +1,373 @@ -+/* evp_locl.h */ - /* -- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2000. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - --/* EVP_MD_CTX related stuff */ -- --struct evp_md_ctx_st { -- const EVP_MD *digest; -- ENGINE *engine; /* functional reference if 'digest' is -- * ENGINE-provided */ -- unsigned long flags; -- void *md_data; -- /* Public key context for sign/verify */ -- EVP_PKEY_CTX *pctx; -- /* Update function: usually copied from EVP_MD */ -- int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count); --} /* EVP_MD_CTX */ ; -- --struct evp_cipher_ctx_st { -- const EVP_CIPHER *cipher; -- ENGINE *engine; /* functional reference if 'cipher' is -- * ENGINE-provided */ -- int encrypt; /* encrypt or decrypt */ -- int buf_len; /* number we have left */ -- unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */ -- unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */ -- unsigned char buf[EVP_MAX_BLOCK_LENGTH]; /* saved partial block */ -- int num; /* used by cfb/ofb/ctr mode */ -- /* FIXME: Should this even exist? It appears unused */ -- void *app_data; /* application stuff */ -- int key_len; /* May change for variable length cipher */ -- unsigned long flags; /* Various flags */ -- void *cipher_data; /* per EVP data */ -- int final_used; -- int block_mask; -- unsigned char final[EVP_MAX_BLOCK_LENGTH]; /* possible final block */ --} /* EVP_CIPHER_CTX */ ; -+/* Macros to code block cipher wrappers */ -+ -+/* Wrapper functions for each cipher mode */ -+ -+#define BLOCK_CIPHER_ecb_loop() \ -+ size_t i, bl; \ -+ bl = ctx->cipher->block_size;\ -+ if(inl < bl) return 1;\ -+ inl -= bl; \ -+ for(i=0; i <= inl; i+=bl) -+ -+#define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ -+static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ -+{\ -+ BLOCK_CIPHER_ecb_loop() \ -+ cprefix##_ecb_encrypt(in + i, out + i, &((kstruct *)ctx->cipher_data)->ksched, ctx->encrypt);\ -+ return 1;\ -+} -+ -+#define EVP_MAXCHUNK ((size_t)1<<(sizeof(long)*8-2)) -+ -+#define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \ -+static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ -+{\ -+ while(inl>=EVP_MAXCHUNK)\ -+ {\ -+ cprefix##_ofb##cbits##_encrypt(in, out, (long)EVP_MAXCHUNK, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num);\ -+ inl-=EVP_MAXCHUNK;\ -+ in +=EVP_MAXCHUNK;\ -+ out+=EVP_MAXCHUNK;\ -+ }\ -+ if (inl)\ -+ cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num);\ -+ return 1;\ -+} -+ -+#define BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \ -+static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ -+{\ -+ while(inl>=EVP_MAXCHUNK) \ -+ {\ -+ cprefix##_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, ctx->encrypt);\ -+ inl-=EVP_MAXCHUNK;\ -+ in +=EVP_MAXCHUNK;\ -+ out+=EVP_MAXCHUNK;\ -+ }\ -+ if (inl)\ -+ cprefix##_cbc_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, ctx->encrypt);\ -+ return 1;\ -+} -+ -+#define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ -+static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ -+{\ -+ size_t chunk=EVP_MAXCHUNK;\ -+ if (cbits==1) chunk>>=3;\ -+ if (inl=chunk)\ -+ {\ -+ cprefix##_cfb##cbits##_encrypt(in, out, (long)((cbits==1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ -+ inl-=chunk;\ -+ in +=chunk;\ -+ out+=chunk;\ -+ if(inlc))+\ -+ sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ -+ set_asn1, get_asn1,\ -+ ctrl, \ -+ NULL \ -+};\ -+const EVP_CIPHER *EVP_##cname##_cbc(void) { return &cname##_cbc; }\ -+static const EVP_CIPHER cname##_cfb = {\ -+ nid##_cfb64, 1, key_len, iv_len, \ -+ flags | EVP_CIPH_CFB_MODE,\ -+ init_key,\ -+ cname##_cfb_cipher,\ -+ cleanup,\ -+ sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ -+ sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ -+ set_asn1, get_asn1,\ -+ ctrl,\ -+ NULL \ -+};\ -+const EVP_CIPHER *EVP_##cname##_cfb(void) { return &cname##_cfb; }\ -+static const EVP_CIPHER cname##_ofb = {\ -+ nid##_ofb64, 1, key_len, iv_len, \ -+ flags | EVP_CIPH_OFB_MODE,\ -+ init_key,\ -+ cname##_ofb_cipher,\ -+ cleanup,\ -+ sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ -+ sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ -+ set_asn1, get_asn1,\ -+ ctrl,\ -+ NULL \ -+};\ -+const EVP_CIPHER *EVP_##cname##_ofb(void) { return &cname##_ofb; }\ -+static const EVP_CIPHER cname##_ecb = {\ -+ nid##_ecb, block_size, key_len, iv_len, \ -+ flags | EVP_CIPH_ECB_MODE,\ -+ init_key,\ -+ cname##_ecb_cipher,\ -+ cleanup,\ -+ sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ -+ sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ -+ set_asn1, get_asn1,\ -+ ctrl,\ -+ NULL \ -+};\ -+const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; } -+*/ -+ -+#define IMPLEMENT_BLOCK_CIPHER(cname, ksched, cprefix, kstruct, nid, \ -+ block_size, key_len, iv_len, cbits, \ -+ flags, init_key, \ -+ cleanup, set_asn1, get_asn1, ctrl) \ -+ BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \ -+ BLOCK_CIPHER_defs(cname, kstruct, nid, block_size, key_len, iv_len, \ -+ cbits, flags, init_key, cleanup, set_asn1, \ -+ get_asn1, ctrl) -+ -+#define EVP_C_DATA(kstruct, ctx) ((kstruct *)(ctx)->cipher_data) -+ -+#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len) \ -+ BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \ -+ BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \ -+ NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \ -+ 0, cipher##_init_key, NULL, \ -+ EVP_CIPHER_set_asn1_iv, \ -+ EVP_CIPHER_get_asn1_iv, \ -+ NULL) -+ -+struct evp_pkey_ctx_st { -+ /* Method associated with this operation */ -+ const EVP_PKEY_METHOD *pmeth; -+ /* Engine that implements this method or NULL if builtin */ -+ ENGINE *engine; -+ /* Key: may be NULL */ -+ EVP_PKEY *pkey; -+ /* Peer key for key agreement, may be NULL */ -+ EVP_PKEY *peerkey; -+ /* Actual operation */ -+ int operation; -+ /* Algorithm specific data */ -+ void *data; -+ /* Application specific data */ -+ void *app_data; -+ /* Keygen callback */ -+ EVP_PKEY_gen_cb *pkey_gencb; -+ /* implementation specific keygen data */ -+ int *keygen_info; -+ int keygen_info_count; -+} /* EVP_PKEY_CTX */ ; -+ -+#define EVP_PKEY_FLAG_DYNAMIC 1 -+ -+struct evp_pkey_method_st { -+ int pkey_id; -+ int flags; -+ int (*init) (EVP_PKEY_CTX *ctx); -+ int (*copy) (EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src); -+ void (*cleanup) (EVP_PKEY_CTX *ctx); -+ int (*paramgen_init) (EVP_PKEY_CTX *ctx); -+ int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); -+ int (*keygen_init) (EVP_PKEY_CTX *ctx); -+ int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); -+ int (*sign_init) (EVP_PKEY_CTX *ctx); -+ int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, -+ const unsigned char *tbs, size_t tbslen); -+ int (*verify_init) (EVP_PKEY_CTX *ctx); -+ int (*verify) (EVP_PKEY_CTX *ctx, -+ const unsigned char *sig, size_t siglen, -+ const unsigned char *tbs, size_t tbslen); -+ int (*verify_recover_init) (EVP_PKEY_CTX *ctx); -+ int (*verify_recover) (EVP_PKEY_CTX *ctx, -+ unsigned char *rout, size_t *routlen, -+ const unsigned char *sig, size_t siglen); -+ int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); -+ int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, -+ EVP_MD_CTX *mctx); -+ int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); -+ int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen, -+ EVP_MD_CTX *mctx); -+ int (*encrypt_init) (EVP_PKEY_CTX *ctx); -+ int (*encrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, -+ const unsigned char *in, size_t inlen); -+ int (*decrypt_init) (EVP_PKEY_CTX *ctx); -+ int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, -+ const unsigned char *in, size_t inlen); -+ int (*derive_init) (EVP_PKEY_CTX *ctx); -+ int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); -+ int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2); -+ int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value); -+} /* EVP_PKEY_METHOD */ ; -+ -+void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx); - - int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, - int passlen, ASN1_TYPE *param, - const EVP_CIPHER *c, const EVP_MD *md, - int en_de); - --struct evp_Encode_Ctx_st { -- /* number saved in a partial encode/decode */ -- int num; -- /* -- * The length is either the output line length (in input bytes) or the -- * shortest input line length that is ok. Once decoding begins, the -- * length is adjusted up each time a longer line is decoded -- */ -- int length; -- /* data to encode */ -- unsigned char enc_data[80]; -- /* number read on current line */ -- int line_num; -- int expect_nl; --}; -- --typedef struct evp_pbe_st EVP_PBE_CTL; --DEFINE_STACK_OF(EVP_PBE_CTL) -- --int is_partially_overlapping(const void *ptr1, const void *ptr2, int len); -+const EVP_MD *evp_get_fips_md(const EVP_MD *md); -+const EVP_CIPHER *evp_get_fips_cipher(const EVP_CIPHER *cipher); -+ -+#ifdef OPENSSL_FIPS -+ -+# ifdef OPENSSL_DOING_MAKEDEPEND -+# undef SHA1_Init -+# undef SHA1_Update -+# undef SHA224_Init -+# undef SHA256_Init -+# undef SHA384_Init -+# undef SHA512_Init -+# undef DES_set_key_unchecked -+# endif -+ -+# define RIPEMD160_Init private_RIPEMD160_Init -+# define WHIRLPOOL_Init private_WHIRLPOOL_Init -+# define MD5_Init private_MD5_Init -+# define MD4_Init private_MD4_Init -+# define MD2_Init private_MD2_Init -+# define MDC2_Init private_MDC2_Init -+# define SHA_Init private_SHA_Init -+# define SHA1_Init private_SHA1_Init -+# define SHA224_Init private_SHA224_Init -+# define SHA256_Init private_SHA256_Init -+# define SHA384_Init private_SHA384_Init -+# define SHA512_Init private_SHA512_Init -+ -+# define BF_set_key private_BF_set_key -+# define CAST_set_key private_CAST_set_key -+# define idea_set_encrypt_key private_idea_set_encrypt_key -+# define SEED_set_key private_SEED_set_key -+# define RC2_set_key private_RC2_set_key -+# define RC4_set_key private_RC4_set_key -+# define DES_set_key_unchecked private_DES_set_key_unchecked -+# define Camellia_set_key private_Camellia_set_key -+ -+#endif -diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_pbe.c b/Cryptlib/OpenSSL/crypto/evp/evp_pbe.c -index ce7aa2c..7934c95 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/evp_pbe.c -+++ b/Cryptlib/OpenSSL/crypto/evp/evp_pbe.c -@@ -1,14 +1,64 @@ -+/* evp_pbe.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include -@@ -16,17 +66,18 @@ - - /* Password based encryption (PBE) functions */ - -+DECLARE_STACK_OF(EVP_PBE_CTL) -+static STACK_OF(EVP_PBE_CTL) *pbe_algs; -+ - /* Setup a cipher context from a PBE algorithm */ - --struct evp_pbe_st { -+typedef struct { - int pbe_type; - int pbe_nid; - int cipher_nid; - int md_nid; - EVP_PBE_KEYGEN *keygen; --}; -- --static STACK_OF(EVP_PBE_CTL) *pbe_algs; -+} EVP_PBE_CTL; - - static const EVP_PBE_CTL builtin_pbe[] = { - {EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndDES_CBC, -@@ -36,7 +87,9 @@ static const EVP_PBE_CTL builtin_pbe[] = { - {EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndRC2_CBC, - NID_rc2_64_cbc, NID_sha1, PKCS5_PBE_keyivgen}, - -+#ifndef OPENSSL_NO_HMAC - {EVP_PBE_TYPE_OUTER, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen}, -+#endif - - {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC4, - NID_rc4, NID_sha1, PKCS12_PBE_keyivgen}, -@@ -51,8 +104,9 @@ static const EVP_PBE_CTL builtin_pbe[] = { - {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC2_CBC, - NID_rc2_40_cbc, NID_sha1, PKCS12_PBE_keyivgen}, - -+#ifndef OPENSSL_NO_HMAC - {EVP_PBE_TYPE_OUTER, NID_pbes2, -1, -1, PKCS5_v2_PBE_keyivgen}, -- -+#endif - {EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndRC2_CBC, - NID_rc2_64_cbc, NID_md2, PKCS5_PBE_keyivgen}, - {EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndRC2_CBC, -@@ -67,16 +121,33 @@ static const EVP_PBE_CTL builtin_pbe[] = { - {EVP_PBE_TYPE_PRF, NID_hmacWithSHA384, -1, NID_sha384, 0}, - {EVP_PBE_TYPE_PRF, NID_hmacWithSHA512, -1, NID_sha512, 0}, - {EVP_PBE_TYPE_PRF, NID_id_HMACGostR3411_94, -1, NID_id_GostR3411_94, 0}, -- {EVP_PBE_TYPE_PRF, NID_id_tc26_hmac_gost_3411_2012_256, -1, -- NID_id_GostR3411_2012_256, 0}, -- {EVP_PBE_TYPE_PRF, NID_id_tc26_hmac_gost_3411_2012_512, -1, -- NID_id_GostR3411_2012_512, 0}, -- {EVP_PBE_TYPE_KDF, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen}, --#ifndef OPENSSL_NO_SCRYPT -- {EVP_PBE_TYPE_KDF, NID_id_scrypt, -1, -1, PKCS5_v2_scrypt_keyivgen} --#endif - }; - -+#ifdef TEST -+int main(int argc, char **argv) -+{ -+ int i, nid_md, nid_cipher; -+ EVP_PBE_CTL *tpbe, *tpbe2; -+ /* -+ * OpenSSL_add_all_algorithms(); -+ */ -+ -+ for (i = 0; i < sizeof(builtin_pbe) / sizeof(EVP_PBE_CTL); i++) { -+ tpbe = builtin_pbe + i; -+ fprintf(stderr, "%d %d %s ", tpbe->pbe_type, tpbe->pbe_nid, -+ OBJ_nid2sn(tpbe->pbe_nid)); -+ if (EVP_PBE_find(tpbe->pbe_type, tpbe->pbe_nid, -+ &nid_cipher, &nid_md, 0)) -+ fprintf(stderr, "Found %s %s\n", -+ OBJ_nid2sn(nid_cipher), OBJ_nid2sn(nid_md)); -+ else -+ fprintf(stderr, "Find ERROR!!\n"); -+ } -+ -+ return 0; -+} -+#endif -+ - int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, - ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de) - { -@@ -90,7 +161,7 @@ int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, - char obj_tmp[80]; - EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_UNKNOWN_PBE_ALGORITHM); - if (!pbe_obj) -- OPENSSL_strlcpy(obj_tmp, "NULL", sizeof obj_tmp); -+ BUF_strlcpy(obj_tmp, "NULL", sizeof obj_tmp); - else - i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj); - ERR_add_error_data(2, "TYPE=", obj_tmp); -@@ -173,10 +244,7 @@ int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, - pbe_tmp->md_nid = md_nid; - pbe_tmp->keygen = keygen; - -- if (!sk_EVP_PBE_CTL_push(pbe_algs, pbe_tmp)) { -- OPENSSL_free(pbe_tmp); -- goto err; -- } -+ sk_EVP_PBE_CTL_push(pbe_algs, pbe_tmp); - return 1; - - err: -@@ -188,7 +256,6 @@ int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, - EVP_PBE_KEYGEN *keygen) - { - int cipher_nid, md_nid; -- - if (cipher) - cipher_nid = EVP_CIPHER_nid(cipher); - else -@@ -219,7 +286,8 @@ int EVP_PBE_find(int type, int pbe_nid, - pbetmp = sk_EVP_PBE_CTL_value(pbe_algs, i); - } - if (pbetmp == NULL) { -- pbetmp = OBJ_bsearch_pbe2(&pbelu, builtin_pbe, OSSL_NELEM(builtin_pbe)); -+ pbetmp = OBJ_bsearch_pbe2(&pbelu, builtin_pbe, -+ sizeof(builtin_pbe) / sizeof(EVP_PBE_CTL)); - } - if (pbetmp == NULL) - return 0; -@@ -234,7 +302,7 @@ int EVP_PBE_find(int type, int pbe_nid, - - static void free_evp_pbe_ctl(EVP_PBE_CTL *pbe) - { -- OPENSSL_free(pbe); -+ OPENSSL_freeFunc(pbe); - } - - void EVP_PBE_cleanup(void) -@@ -242,18 +310,3 @@ void EVP_PBE_cleanup(void) - sk_EVP_PBE_CTL_pop_free(pbe_algs, free_evp_pbe_ctl); - pbe_algs = NULL; - } -- --int EVP_PBE_get(int *ptype, int *ppbe_nid, size_t num) --{ -- const EVP_PBE_CTL *tpbe; -- -- if (num >= OSSL_NELEM(builtin_pbe)) -- return 0; -- -- tpbe = builtin_pbe + num; -- if (ptype) -- *ptype = tpbe->pbe_type; -- if (ppbe_nid) -- *ppbe_nid = tpbe->pbe_nid; -- return 1; --} -diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_pkey.c b/Cryptlib/OpenSSL/crypto/evp/evp_pkey.c -index 81bffa6..6a45629 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/evp_pkey.c -+++ b/Cryptlib/OpenSSL/crypto/evp/evp_pkey.c -@@ -1,33 +1,81 @@ -+/* evp_pkey.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include --#include "internal/asn1_int.h" --#include "internal/evp_int.h" --#include "internal/x509_int.h" -+#include "asn1_locl.h" - - /* Extract a private key from a PKCS8 structure */ - --EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8) -+EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8) - { - EVP_PKEY *pkey = NULL; -- const ASN1_OBJECT *algoid; -+ ASN1_OBJECT *algoid; - char obj_tmp[80]; - - if (!PKCS8_pkey_get0(&algoid, NULL, NULL, NULL, p8)) - return NULL; - -- if ((pkey = EVP_PKEY_new()) == NULL) { -+ if (!(pkey = EVP_PKEY_new())) { - EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_MALLOC_FAILURE); - return NULL; - } -@@ -56,37 +104,68 @@ EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8) - return NULL; - } - -+PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey) -+{ -+ return EVP_PKEY2PKCS8_broken(pkey, PKCS8_OK); -+} -+ - /* Turn a private key into a PKCS8 structure */ - --PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey) -+PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken) - { -- PKCS8_PRIV_KEY_INFO *p8 = PKCS8_PRIV_KEY_INFO_new(); -- if (p8 == NULL) { -- EVPerr(EVP_F_EVP_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); -+ PKCS8_PRIV_KEY_INFO *p8; -+ -+ if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) { -+ EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, ERR_R_MALLOC_FAILURE); - return NULL; - } -+ p8->broken = broken; - - if (pkey->ameth) { - if (pkey->ameth->priv_encode) { - if (!pkey->ameth->priv_encode(p8, pkey)) { -- EVPerr(EVP_F_EVP_PKEY2PKCS8, EVP_R_PRIVATE_KEY_ENCODE_ERROR); -+ EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, -+ EVP_R_PRIVATE_KEY_ENCODE_ERROR); - goto error; - } - } else { -- EVPerr(EVP_F_EVP_PKEY2PKCS8, EVP_R_METHOD_NOT_SUPPORTED); -+ EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, EVP_R_METHOD_NOT_SUPPORTED); - goto error; - } - } else { -- EVPerr(EVP_F_EVP_PKEY2PKCS8, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); -+ EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, -+ EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); - goto error; - } -- RAND_add(p8->pkey->data, p8->pkey->length, 0.0); -+ RAND_add(p8->pkey->value.octet_string->data, -+ p8->pkey->value.octet_string->length, 0.0); - return p8; - error: - PKCS8_PRIV_KEY_INFO_free(p8); - return NULL; - } - -+PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken) -+{ -+ switch (broken) { -+ -+ case PKCS8_OK: -+ p8->broken = PKCS8_OK; -+ return p8; -+ break; -+ -+ case PKCS8_NO_OCTET: -+ p8->broken = PKCS8_NO_OCTET; -+ p8->pkey->type = V_ASN1_SEQUENCE; -+ return p8; -+ break; -+ -+ default: -+ EVPerr(EVP_F_PKCS8_SET_BROKEN, EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE); -+ return NULL; -+ } -+} -+ - /* EVP_PKEY attribute functions */ - - int EVP_PKEY_get_attr_count(const EVP_PKEY *key) -@@ -99,7 +178,7 @@ int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos) - return X509at_get_attr_by_NID(key->attributes, nid, lastpos); - } - --int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, const ASN1_OBJECT *obj, -+int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj, - int lastpos) - { - return X509at_get_attr_by_OBJ(key->attributes, obj, lastpos); -diff --git a/Cryptlib/OpenSSL/crypto/evp/m_dss.c b/Cryptlib/OpenSSL/crypto/evp/m_dss.c -new file mode 100644 -index 0000000..1478448 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/evp/m_dss.c -@@ -0,0 +1,104 @@ -+/* crypto/evp/m_dss.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#include -+#include "cryptlib.h" -+#include -+#include -+#include -+#ifndef OPENSSL_NO_DSA -+# include -+#endif -+ -+#ifndef OPENSSL_NO_SHA -+ -+static int init(EVP_MD_CTX *ctx) -+{ -+ return SHA1_Init(ctx->md_data); -+} -+ -+static int update(EVP_MD_CTX *ctx, const void *data, size_t count) -+{ -+ return SHA1_Update(ctx->md_data, data, count); -+} -+ -+static int final(EVP_MD_CTX *ctx, unsigned char *md) -+{ -+ return SHA1_Final(md, ctx->md_data); -+} -+ -+static const EVP_MD dsa_md = { -+ NID_dsaWithSHA, -+ NID_dsaWithSHA, -+ SHA_DIGEST_LENGTH, -+ EVP_MD_FLAG_PKEY_DIGEST, -+ init, -+ update, -+ final, -+ NULL, -+ NULL, -+ EVP_PKEY_DSA_method, -+ SHA_CBLOCK, -+ sizeof(EVP_MD *) + sizeof(SHA_CTX), -+}; -+ -+const EVP_MD *EVP_dss(void) -+{ -+ return (&dsa_md); -+} -+#endif -diff --git a/Cryptlib/OpenSSL/crypto/evp/m_dss1.c b/Cryptlib/OpenSSL/crypto/evp/m_dss1.c -new file mode 100644 -index 0000000..e36fabf ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/evp/m_dss1.c -@@ -0,0 +1,105 @@ -+/* crypto/evp/m_dss1.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#include -+#include "cryptlib.h" -+ -+#ifndef OPENSSL_NO_SHA -+ -+# include -+# include -+# include -+# ifndef OPENSSL_NO_DSA -+# include -+# endif -+ -+static int init(EVP_MD_CTX *ctx) -+{ -+ return SHA1_Init(ctx->md_data); -+} -+ -+static int update(EVP_MD_CTX *ctx, const void *data, size_t count) -+{ -+ return SHA1_Update(ctx->md_data, data, count); -+} -+ -+static int final(EVP_MD_CTX *ctx, unsigned char *md) -+{ -+ return SHA1_Final(md, ctx->md_data); -+} -+ -+static const EVP_MD dss1_md = { -+ NID_dsa, -+ NID_dsaWithSHA1, -+ SHA_DIGEST_LENGTH, -+ EVP_MD_FLAG_PKEY_DIGEST, -+ init, -+ update, -+ final, -+ NULL, -+ NULL, -+ EVP_PKEY_DSA_method, -+ SHA_CBLOCK, -+ sizeof(EVP_MD *) + sizeof(SHA_CTX), -+}; -+ -+const EVP_MD *EVP_dss1(void) -+{ -+ return (&dss1_md); -+} -+#endif -diff --git a/Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c b/Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c -new file mode 100644 -index 0000000..803d314 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c -@@ -0,0 +1,154 @@ -+/* crypto/evp/m_ecdsa.c */ -+/* ==================================================================== -+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#include -+#include "cryptlib.h" -+#include -+#include -+#include -+ -+#ifndef OPENSSL_NO_SHA -+ -+static int init(EVP_MD_CTX *ctx) -+{ -+ return SHA1_Init(ctx->md_data); -+} -+ -+static int update(EVP_MD_CTX *ctx, const void *data, size_t count) -+{ -+ return SHA1_Update(ctx->md_data, data, count); -+} -+ -+static int final(EVP_MD_CTX *ctx, unsigned char *md) -+{ -+ return SHA1_Final(md, ctx->md_data); -+} -+ -+static const EVP_MD ecdsa_md = { -+ NID_ecdsa_with_SHA1, -+ NID_ecdsa_with_SHA1, -+ SHA_DIGEST_LENGTH, -+ EVP_MD_FLAG_PKEY_DIGEST, -+ init, -+ update, -+ final, -+ NULL, -+ NULL, -+ EVP_PKEY_ECDSA_method, -+ SHA_CBLOCK, -+ sizeof(EVP_MD *) + sizeof(SHA_CTX), -+}; -+ -+const EVP_MD *EVP_ecdsa(void) -+{ -+ return (&ecdsa_md); -+} -+#endif -diff --git a/Cryptlib/OpenSSL/crypto/evp/m_md2.c b/Cryptlib/OpenSSL/crypto/evp/m_md2.c -index c4e28ae..3c4cd7b 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/m_md2.c -+++ b/Cryptlib/OpenSSL/crypto/evp/m_md2.c -@@ -1,14 +1,63 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/evp/m_md2.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - - #ifndef OPENSSL_NO_MD2 - -@@ -16,23 +65,23 @@ - # include - # include - # include --# include -- --#include "internal/evp_int.h" -+# ifndef OPENSSL_NO_RSA -+# include -+# endif - - static int init(EVP_MD_CTX *ctx) - { -- return MD2_Init(EVP_MD_CTX_md_data(ctx)); -+ return MD2_Init(ctx->md_data); - } - - static int update(EVP_MD_CTX *ctx, const void *data, size_t count) - { -- return MD2_Update(EVP_MD_CTX_md_data(ctx), data, count); -+ return MD2_Update(ctx->md_data, data, count); - } - - static int final(EVP_MD_CTX *ctx, unsigned char *md) - { -- return MD2_Final(md, EVP_MD_CTX_md_data(ctx)); -+ return MD2_Final(md, ctx->md_data); - } - - static const EVP_MD md2_md = { -@@ -45,12 +94,13 @@ static const EVP_MD md2_md = { - final, - NULL, - NULL, -+ EVP_PKEY_RSA_method, - MD2_BLOCK, - sizeof(EVP_MD *) + sizeof(MD2_CTX), - }; - - const EVP_MD *EVP_md2(void) - { -- return &md2_md; -+ return (&md2_md); - } - #endif -diff --git a/Cryptlib/OpenSSL/crypto/evp/m_md4.c b/Cryptlib/OpenSSL/crypto/evp/m_md4.c -index f3decaa..851de69 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/m_md4.c -+++ b/Cryptlib/OpenSSL/crypto/evp/m_md4.c -@@ -1,14 +1,63 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/evp/m_md4.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - - #ifndef OPENSSL_NO_MD4 - -@@ -16,22 +65,25 @@ - # include - # include - # include --# include --# include "internal/evp_int.h" -+# ifndef OPENSSL_NO_RSA -+# include -+# endif -+ -+# include "evp_locl.h" - - static int init(EVP_MD_CTX *ctx) - { -- return MD4_Init(EVP_MD_CTX_md_data(ctx)); -+ return MD4_Init(ctx->md_data); - } - - static int update(EVP_MD_CTX *ctx, const void *data, size_t count) - { -- return MD4_Update(EVP_MD_CTX_md_data(ctx), data, count); -+ return MD4_Update(ctx->md_data, data, count); - } - - static int final(EVP_MD_CTX *ctx, unsigned char *md) - { -- return MD4_Final(md, EVP_MD_CTX_md_data(ctx)); -+ return MD4_Final(md, ctx->md_data); - } - - static const EVP_MD md4_md = { -@@ -44,6 +96,7 @@ static const EVP_MD md4_md = { - final, - NULL, - NULL, -+ EVP_PKEY_RSA_method, - MD4_CBLOCK, - sizeof(EVP_MD *) + sizeof(MD4_CTX), - }; -diff --git a/Cryptlib/OpenSSL/crypto/evp/m_md5.c b/Cryptlib/OpenSSL/crypto/evp/m_md5.c -index f4dc0c4..e5d5f71 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/m_md5.c -+++ b/Cryptlib/OpenSSL/crypto/evp/m_md5.c -@@ -1,14 +1,63 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/evp/m_md5.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - - #ifndef OPENSSL_NO_MD5 - -@@ -16,22 +65,24 @@ - # include - # include - # include --# include --# include "internal/evp_int.h" -+# ifndef OPENSSL_NO_RSA -+# include -+# endif -+# include "evp_locl.h" - - static int init(EVP_MD_CTX *ctx) - { -- return MD5_Init(EVP_MD_CTX_md_data(ctx)); -+ return MD5_Init(ctx->md_data); - } - - static int update(EVP_MD_CTX *ctx, const void *data, size_t count) - { -- return MD5_Update(EVP_MD_CTX_md_data(ctx), data, count); -+ return MD5_Update(ctx->md_data, data, count); - } - - static int final(EVP_MD_CTX *ctx, unsigned char *md) - { -- return MD5_Final(md, EVP_MD_CTX_md_data(ctx)); -+ return MD5_Final(md, ctx->md_data); - } - - static const EVP_MD md5_md = { -@@ -44,6 +95,7 @@ static const EVP_MD md5_md = { - final, - NULL, - NULL, -+ EVP_PKEY_RSA_method, - MD5_CBLOCK, - sizeof(EVP_MD *) + sizeof(MD5_CTX), - }; -diff --git a/Cryptlib/OpenSSL/crypto/evp/m_md5_sha1.c b/Cryptlib/OpenSSL/crypto/evp/m_md5_sha1.c -deleted file mode 100644 -index 2d98886..0000000 ---- a/Cryptlib/OpenSSL/crypto/evp/m_md5_sha1.c -+++ /dev/null -@@ -1,142 +0,0 @@ --/* -- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#if !defined(OPENSSL_NO_MD5) -- --# include --# include --# include --# include --# include --# include "internal/cryptlib.h" --# include "internal/evp_int.h" --# include -- --struct md5_sha1_ctx { -- MD5_CTX md5; -- SHA_CTX sha1; --}; -- --static int init(EVP_MD_CTX *ctx) --{ -- struct md5_sha1_ctx *mctx = EVP_MD_CTX_md_data(ctx); -- if (!MD5_Init(&mctx->md5)) -- return 0; -- return SHA1_Init(&mctx->sha1); --} -- --static int update(EVP_MD_CTX *ctx, const void *data, size_t count) --{ -- struct md5_sha1_ctx *mctx = EVP_MD_CTX_md_data(ctx); -- if (!MD5_Update(&mctx->md5, data, count)) -- return 0; -- return SHA1_Update(&mctx->sha1, data, count); --} -- --static int final(EVP_MD_CTX *ctx, unsigned char *md) --{ -- struct md5_sha1_ctx *mctx = EVP_MD_CTX_md_data(ctx); -- if (!MD5_Final(md, &mctx->md5)) -- return 0; -- return SHA1_Final(md + MD5_DIGEST_LENGTH, &mctx->sha1); --} -- --static int ctrl(EVP_MD_CTX *ctx, int cmd, int mslen, void *ms) --{ -- unsigned char padtmp[48]; -- unsigned char md5tmp[MD5_DIGEST_LENGTH]; -- unsigned char sha1tmp[SHA_DIGEST_LENGTH]; -- struct md5_sha1_ctx *mctx; -- -- if (cmd != EVP_CTRL_SSL3_MASTER_SECRET) -- return -2; -- -- if (ctx == NULL) -- return 0; -- -- mctx = EVP_MD_CTX_md_data(ctx); -- -- /* SSLv3 client auth handling: see RFC-6101 5.6.8 */ -- if (mslen != 48) -- return 0; -- -- /* At this point hash contains all handshake messages, update -- * with master secret and pad_1. -- */ -- -- if (update(ctx, ms, mslen) <= 0) -- return 0; -- -- /* Set padtmp to pad_1 value */ -- memset(padtmp, 0x36, sizeof(padtmp)); -- -- if (!MD5_Update(&mctx->md5, padtmp, sizeof(padtmp))) -- return 0; -- -- if (!MD5_Final(md5tmp, &mctx->md5)) -- return 0; -- -- if (!SHA1_Update(&mctx->sha1, padtmp, 40)) -- return 0; -- -- if (!SHA1_Final(sha1tmp, &mctx->sha1)) -- return 0; -- -- /* Reinitialise context */ -- -- if (!init(ctx)) -- return 0; -- -- if (update(ctx, ms, mslen) <= 0) -- return 0; -- -- /* Set padtmp to pad_2 value */ -- memset(padtmp, 0x5c, sizeof(padtmp)); -- -- if (!MD5_Update(&mctx->md5, padtmp, sizeof(padtmp))) -- return 0; -- -- if (!MD5_Update(&mctx->md5, md5tmp, sizeof(md5tmp))) -- return 0; -- -- if (!SHA1_Update(&mctx->sha1, padtmp, 40)) -- return 0; -- -- if (!SHA1_Update(&mctx->sha1, sha1tmp, sizeof(sha1tmp))) -- return 0; -- -- /* Now when ctx is finalised it will return the SSL v3 hash value */ -- -- OPENSSL_cleanse(md5tmp, sizeof(md5tmp)); -- OPENSSL_cleanse(sha1tmp, sizeof(sha1tmp)); -- -- return 1; -- --} -- --static const EVP_MD md5_sha1_md = { -- NID_md5_sha1, -- NID_md5_sha1, -- MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, -- 0, -- init, -- update, -- final, -- NULL, -- NULL, -- MD5_CBLOCK, -- sizeof(EVP_MD *) + sizeof(struct md5_sha1_ctx), -- ctrl --}; -- --const EVP_MD *EVP_md5_sha1(void) --{ -- return &md5_sha1_md; --} --#endif -diff --git a/Cryptlib/OpenSSL/crypto/evp/m_mdc2.c b/Cryptlib/OpenSSL/crypto/evp/m_mdc2.c -index b7f0fd8..94e12a6 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/m_mdc2.c -+++ b/Cryptlib/OpenSSL/crypto/evp/m_mdc2.c -@@ -1,14 +1,63 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/evp/m_mdc2.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - - #ifndef OPENSSL_NO_MDC2 - -@@ -16,22 +65,25 @@ - # include - # include - # include --# include --# include "internal/evp_int.h" -+# ifndef OPENSSL_NO_RSA -+# include -+# endif -+ -+# include "evp_locl.h" - - static int init(EVP_MD_CTX *ctx) - { -- return MDC2_Init(EVP_MD_CTX_md_data(ctx)); -+ return MDC2_Init(ctx->md_data); - } - - static int update(EVP_MD_CTX *ctx, const void *data, size_t count) - { -- return MDC2_Update(EVP_MD_CTX_md_data(ctx), data, count); -+ return MDC2_Update(ctx->md_data, data, count); - } - - static int final(EVP_MD_CTX *ctx, unsigned char *md) - { -- return MDC2_Final(md, EVP_MD_CTX_md_data(ctx)); -+ return MDC2_Final(md, ctx->md_data); - } - - static const EVP_MD mdc2_md = { -@@ -44,6 +96,7 @@ static const EVP_MD mdc2_md = { - final, - NULL, - NULL, -+ EVP_PKEY_RSA_ASN1_OCTET_STRING_method, - MDC2_BLOCK, - sizeof(EVP_MD *) + sizeof(MDC2_CTX), - }; -diff --git a/Cryptlib/OpenSSL/crypto/evp/m_null.c b/Cryptlib/OpenSSL/crypto/evp/m_null.c -index 6c4daf5..017e1fe 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/m_null.c -+++ b/Cryptlib/OpenSSL/crypto/evp/m_null.c -@@ -1,18 +1,66 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/evp/m_null.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include --#include "internal/evp_int.h" - - static int init(EVP_MD_CTX *ctx) - { -@@ -39,6 +87,7 @@ static const EVP_MD null_md = { - final, - NULL, - NULL, -+ EVP_PKEY_NULL_method, - 0, - sizeof(EVP_MD *), - }; -diff --git a/Cryptlib/OpenSSL/crypto/evp/m_ripemd.c b/Cryptlib/OpenSSL/crypto/evp/m_ripemd.c -index 07b46bd..81de0ef 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/m_ripemd.c -+++ b/Cryptlib/OpenSSL/crypto/evp/m_ripemd.c -@@ -1,37 +1,88 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/evp/m_ripemd.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - --#ifndef OPENSSL_NO_RMD160 -+#ifndef OPENSSL_NO_RIPEMD - - # include - # include - # include - # include --# include --# include "internal/evp_int.h" -+# ifndef OPENSSL_NO_RSA -+# include -+# endif -+# include "evp_locl.h" - - static int init(EVP_MD_CTX *ctx) - { -- return RIPEMD160_Init(EVP_MD_CTX_md_data(ctx)); -+ return RIPEMD160_Init(ctx->md_data); - } - - static int update(EVP_MD_CTX *ctx, const void *data, size_t count) - { -- return RIPEMD160_Update(EVP_MD_CTX_md_data(ctx), data, count); -+ return RIPEMD160_Update(ctx->md_data, data, count); - } - - static int final(EVP_MD_CTX *ctx, unsigned char *md) - { -- return RIPEMD160_Final(md, EVP_MD_CTX_md_data(ctx)); -+ return RIPEMD160_Final(md, ctx->md_data); - } - - static const EVP_MD ripemd160_md = { -@@ -44,6 +95,7 @@ static const EVP_MD ripemd160_md = { - final, - NULL, - NULL, -+ EVP_PKEY_RSA_method, - RIPEMD160_CBLOCK, - sizeof(EVP_MD *) + sizeof(RIPEMD160_CTX), - }; -diff --git a/Cryptlib/OpenSSL/crypto/evp/m_sha.c b/Cryptlib/OpenSSL/crypto/evp/m_sha.c -new file mode 100644 -index 0000000..e1e22e0 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/evp/m_sha.c -@@ -0,0 +1,106 @@ -+/* crypto/evp/m_sha.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#include -+#include "cryptlib.h" -+ -+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0) -+ -+# include -+# include -+# include -+# ifndef OPENSSL_NO_RSA -+# include -+# endif -+# include "evp_locl.h" -+ -+static int init(EVP_MD_CTX *ctx) -+{ -+ return SHA_Init(ctx->md_data); -+} -+ -+static int update(EVP_MD_CTX *ctx, const void *data, size_t count) -+{ -+ return SHA_Update(ctx->md_data, data, count); -+} -+ -+static int final(EVP_MD_CTX *ctx, unsigned char *md) -+{ -+ return SHA_Final(md, ctx->md_data); -+} -+ -+static const EVP_MD sha_md = { -+ NID_sha, -+ NID_shaWithRSAEncryption, -+ SHA_DIGEST_LENGTH, -+ 0, -+ init, -+ update, -+ final, -+ NULL, -+ NULL, -+ EVP_PKEY_RSA_method, -+ SHA_CBLOCK, -+ sizeof(EVP_MD *) + sizeof(SHA_CTX), -+}; -+ -+const EVP_MD *EVP_sha(void) -+{ -+ return (&sha_md); -+} -+#endif -diff --git a/Cryptlib/OpenSSL/crypto/evp/m_sha1.c b/Cryptlib/OpenSSL/crypto/evp/m_sha1.c -index 8f30077..a74e6b7 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/m_sha1.c -+++ b/Cryptlib/OpenSSL/crypto/evp/m_sha1.c -@@ -1,123 +1,118 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/evp/m_sha1.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - --#include --#include --#include --#include --#include "internal/evp_int.h" -+#ifndef OPENSSL_NO_SHA -+ -+# include -+# include -+# include -+# ifndef OPENSSL_NO_RSA -+# include -+# endif - - static int init(EVP_MD_CTX *ctx) - { -- return SHA1_Init(EVP_MD_CTX_md_data(ctx)); -+ return SHA1_Init(ctx->md_data); - } - - static int update(EVP_MD_CTX *ctx, const void *data, size_t count) - { -- return SHA1_Update(EVP_MD_CTX_md_data(ctx), data, count); -+ return SHA1_Update(ctx->md_data, data, count); - } - - static int final(EVP_MD_CTX *ctx, unsigned char *md) - { -- return SHA1_Final(md, EVP_MD_CTX_md_data(ctx)); --} -- --static int ctrl(EVP_MD_CTX *ctx, int cmd, int mslen, void *ms) --{ -- unsigned char padtmp[40]; -- unsigned char sha1tmp[SHA_DIGEST_LENGTH]; -- -- SHA_CTX *sha1; -- -- if (cmd != EVP_CTRL_SSL3_MASTER_SECRET) -- return -2; -- -- if (ctx == NULL) -- return 0; -- -- sha1 = EVP_MD_CTX_md_data(ctx); -- -- /* SSLv3 client auth handling: see RFC-6101 5.6.8 */ -- if (mslen != 48) -- return 0; -- -- /* At this point hash contains all handshake messages, update -- * with master secret and pad_1. -- */ -- -- if (SHA1_Update(sha1, ms, mslen) <= 0) -- return 0; -- -- /* Set padtmp to pad_1 value */ -- memset(padtmp, 0x36, sizeof(padtmp)); -- -- if (!SHA1_Update(sha1, padtmp, sizeof(padtmp))) -- return 0; -- -- if (!SHA1_Final(sha1tmp, sha1)) -- return 0; -- -- /* Reinitialise context */ -- -- if (!SHA1_Init(sha1)) -- return 0; -- -- if (SHA1_Update(sha1, ms, mslen) <= 0) -- return 0; -- -- /* Set padtmp to pad_2 value */ -- memset(padtmp, 0x5c, sizeof(padtmp)); -- -- if (!SHA1_Update(sha1, padtmp, sizeof(padtmp))) -- return 0; -- -- if (!SHA1_Update(sha1, sha1tmp, sizeof(sha1tmp))) -- return 0; -- -- /* Now when ctx is finalised it will return the SSL v3 hash value */ -- OPENSSL_cleanse(sha1tmp, sizeof(sha1tmp)); -- -- return 1; -- -+ return SHA1_Final(md, ctx->md_data); - } - - static const EVP_MD sha1_md = { - NID_sha1, - NID_sha1WithRSAEncryption, - SHA_DIGEST_LENGTH, -- EVP_MD_FLAG_DIGALGID_ABSENT, -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, - init, - update, - final, - NULL, - NULL, -+ EVP_PKEY_RSA_method, - SHA_CBLOCK, - sizeof(EVP_MD *) + sizeof(SHA_CTX), -- ctrl - }; - - const EVP_MD *EVP_sha1(void) - { - return (&sha1_md); - } -+#endif - -+#ifndef OPENSSL_NO_SHA256 - static int init224(EVP_MD_CTX *ctx) - { -- return SHA224_Init(EVP_MD_CTX_md_data(ctx)); -+ return SHA224_Init(ctx->md_data); - } - - static int init256(EVP_MD_CTX *ctx) - { -- return SHA256_Init(EVP_MD_CTX_md_data(ctx)); -+ return SHA256_Init(ctx->md_data); - } - - /* -@@ -127,24 +122,25 @@ static int init256(EVP_MD_CTX *ctx) - */ - static int update256(EVP_MD_CTX *ctx, const void *data, size_t count) - { -- return SHA256_Update(EVP_MD_CTX_md_data(ctx), data, count); -+ return SHA256_Update(ctx->md_data, data, count); - } - - static int final256(EVP_MD_CTX *ctx, unsigned char *md) - { -- return SHA256_Final(md, EVP_MD_CTX_md_data(ctx)); -+ return SHA256_Final(md, ctx->md_data); - } - - static const EVP_MD sha224_md = { - NID_sha224, - NID_sha224WithRSAEncryption, - SHA224_DIGEST_LENGTH, -- EVP_MD_FLAG_DIGALGID_ABSENT, -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, - init224, - update256, - final256, - NULL, - NULL, -+ EVP_PKEY_RSA_method, - SHA256_CBLOCK, - sizeof(EVP_MD *) + sizeof(SHA256_CTX), - }; -@@ -158,12 +154,13 @@ static const EVP_MD sha256_md = { - NID_sha256, - NID_sha256WithRSAEncryption, - SHA256_DIGEST_LENGTH, -- EVP_MD_FLAG_DIGALGID_ABSENT, -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, - init256, - update256, - final256, - NULL, - NULL, -+ EVP_PKEY_RSA_method, - SHA256_CBLOCK, - sizeof(EVP_MD *) + sizeof(SHA256_CTX), - }; -@@ -172,38 +169,41 @@ const EVP_MD *EVP_sha256(void) - { - return (&sha256_md); - } -+#endif /* ifndef OPENSSL_NO_SHA256 */ - -+#ifndef OPENSSL_NO_SHA512 - static int init384(EVP_MD_CTX *ctx) - { -- return SHA384_Init(EVP_MD_CTX_md_data(ctx)); -+ return SHA384_Init(ctx->md_data); - } - - static int init512(EVP_MD_CTX *ctx) - { -- return SHA512_Init(EVP_MD_CTX_md_data(ctx)); -+ return SHA512_Init(ctx->md_data); - } - - /* See comment in SHA224/256 section */ - static int update512(EVP_MD_CTX *ctx, const void *data, size_t count) - { -- return SHA512_Update(EVP_MD_CTX_md_data(ctx), data, count); -+ return SHA512_Update(ctx->md_data, data, count); - } - - static int final512(EVP_MD_CTX *ctx, unsigned char *md) - { -- return SHA512_Final(md, EVP_MD_CTX_md_data(ctx)); -+ return SHA512_Final(md, ctx->md_data); - } - - static const EVP_MD sha384_md = { - NID_sha384, - NID_sha384WithRSAEncryption, - SHA384_DIGEST_LENGTH, -- EVP_MD_FLAG_DIGALGID_ABSENT, -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, - init384, - update512, - final512, - NULL, - NULL, -+ EVP_PKEY_RSA_method, - SHA512_CBLOCK, - sizeof(EVP_MD *) + sizeof(SHA512_CTX), - }; -@@ -217,12 +217,13 @@ static const EVP_MD sha512_md = { - NID_sha512, - NID_sha512WithRSAEncryption, - SHA512_DIGEST_LENGTH, -- EVP_MD_FLAG_DIGALGID_ABSENT, -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, - init512, - update512, - final512, - NULL, - NULL, -+ EVP_PKEY_RSA_method, - SHA512_CBLOCK, - sizeof(EVP_MD *) + sizeof(SHA512_CTX), - }; -@@ -231,3 +232,4 @@ const EVP_MD *EVP_sha512(void) - { - return (&sha512_md); - } -+#endif /* ifndef OPENSSL_NO_SHA512 */ -diff --git a/Cryptlib/OpenSSL/crypto/evp/m_sigver.c b/Cryptlib/OpenSSL/crypto/evp/m_sigver.c -index 3b74f72..4492d20 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/m_sigver.c -+++ b/Cryptlib/OpenSSL/crypto/evp/m_sigver.c -@@ -1,18 +1,67 @@ -+/* m_sigver.c */ - /* -- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2006. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2006,2007 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include --#include "internal/evp_int.h" - #include "evp_locl.h" - - static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, -@@ -79,20 +128,17 @@ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, - size_t *siglen) - { -- int sctx = 0, r = 0; -+ int sctx, r = 0; - EVP_PKEY_CTX *pctx = ctx->pctx; - if (pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM) { -+ EVP_PKEY_CTX *dctx; - if (!sigret) - return pctx->pmeth->signctx(pctx, sigret, siglen, ctx); -- if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) -- r = pctx->pmeth->signctx(pctx, sigret, siglen, ctx); -- else { -- EVP_PKEY_CTX *dctx = EVP_PKEY_CTX_dup(ctx->pctx); -- if (!dctx) -- return 0; -- r = dctx->pmeth->signctx(dctx, sigret, siglen, ctx); -- EVP_PKEY_CTX_free(dctx); -- } -+ dctx = EVP_PKEY_CTX_dup(ctx->pctx); -+ if (!dctx) -+ return 0; -+ r = dctx->pmeth->signctx(dctx, sigret, siglen, ctx); -+ EVP_PKEY_CTX_free(dctx); - return r; - } - if (pctx->pmeth->signctx) -@@ -100,24 +146,18 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, - else - sctx = 0; - if (sigret) { -+ EVP_MD_CTX tmp_ctx; - unsigned char md[EVP_MAX_MD_SIZE]; -- unsigned int mdlen = 0; -- if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) { -- if (sctx) -- r = ctx->pctx->pmeth->signctx(ctx->pctx, sigret, siglen, ctx); -- else -- r = EVP_DigestFinal_ex(ctx, md, &mdlen); -- } else { -- EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new(); -- if (tmp_ctx == NULL || !EVP_MD_CTX_copy_ex(tmp_ctx, ctx)) -- return 0; -- if (sctx) -- r = tmp_ctx->pctx->pmeth->signctx(tmp_ctx->pctx, -- sigret, siglen, tmp_ctx); -- else -- r = EVP_DigestFinal_ex(tmp_ctx, md, &mdlen); -- EVP_MD_CTX_free(tmp_ctx); -- } -+ unsigned int mdlen; -+ EVP_MD_CTX_init(&tmp_ctx); -+ if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx)) -+ return 0; -+ if (sctx) -+ r = tmp_ctx.pctx->pmeth->signctx(tmp_ctx.pctx, -+ sigret, siglen, &tmp_ctx); -+ else -+ r = EVP_DigestFinal_ex(&tmp_ctx, md, &mdlen); -+ EVP_MD_CTX_cleanup(&tmp_ctx); - if (sctx || !r) - return r; - if (EVP_PKEY_sign(ctx->pctx, sigret, siglen, md, mdlen) <= 0) -@@ -138,31 +178,25 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, - int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, - size_t siglen) - { -+ EVP_MD_CTX tmp_ctx; - unsigned char md[EVP_MAX_MD_SIZE]; -- int r = 0; -- unsigned int mdlen = 0; -- int vctx = 0; -+ int r; -+ unsigned int mdlen; -+ int vctx; - - if (ctx->pctx->pmeth->verifyctx) - vctx = 1; - else - vctx = 0; -- if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) { -- if (vctx) { -- r = ctx->pctx->pmeth->verifyctx(ctx->pctx, sig, siglen, ctx); -- } else -- r = EVP_DigestFinal_ex(ctx, md, &mdlen); -- } else { -- EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new(); -- if (tmp_ctx == NULL || !EVP_MD_CTX_copy_ex(tmp_ctx, ctx)) -- return -1; -- if (vctx) { -- r = tmp_ctx->pctx->pmeth->verifyctx(tmp_ctx->pctx, -- sig, siglen, tmp_ctx); -- } else -- r = EVP_DigestFinal_ex(tmp_ctx, md, &mdlen); -- EVP_MD_CTX_free(tmp_ctx); -- } -+ EVP_MD_CTX_init(&tmp_ctx); -+ if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx)) -+ return -1; -+ if (vctx) { -+ r = tmp_ctx.pctx->pmeth->verifyctx(tmp_ctx.pctx, -+ sig, siglen, &tmp_ctx); -+ } else -+ r = EVP_DigestFinal_ex(&tmp_ctx, md, &mdlen); -+ EVP_MD_CTX_cleanup(&tmp_ctx); - if (vctx || !r) - return r; - return EVP_PKEY_verify(ctx->pctx, sig, siglen, md, mdlen); -diff --git a/Cryptlib/OpenSSL/crypto/evp/m_wp.c b/Cryptlib/OpenSSL/crypto/evp/m_wp.c -index 94fac22..a890939 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/m_wp.c -+++ b/Cryptlib/OpenSSL/crypto/evp/m_wp.c -@@ -1,14 +1,7 @@ --/* -- * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -+/* crypto/evp/m_wp.c */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - - #ifndef OPENSSL_NO_WHIRLPOOL - -@@ -16,21 +9,21 @@ - # include - # include - # include --# include "internal/evp_int.h" -+# include "evp_locl.h" - - static int init(EVP_MD_CTX *ctx) - { -- return WHIRLPOOL_Init(EVP_MD_CTX_md_data(ctx)); -+ return WHIRLPOOL_Init(ctx->md_data); - } - - static int update(EVP_MD_CTX *ctx, const void *data, size_t count) - { -- return WHIRLPOOL_Update(EVP_MD_CTX_md_data(ctx), data, count); -+ return WHIRLPOOL_Update(ctx->md_data, data, count); - } - - static int final(EVP_MD_CTX *ctx, unsigned char *md) - { -- return WHIRLPOOL_Final(md, EVP_MD_CTX_md_data(ctx)); -+ return WHIRLPOOL_Final(md, ctx->md_data); - } - - static const EVP_MD whirlpool_md = { -@@ -43,6 +36,7 @@ static const EVP_MD whirlpool_md = { - final, - NULL, - NULL, -+ EVP_PKEY_NULL_method, - WHIRLPOOL_BBLOCK / 8, - sizeof(EVP_MD *) + sizeof(WHIRLPOOL_CTX), - }; -diff --git a/Cryptlib/OpenSSL/crypto/evp/names.c b/Cryptlib/OpenSSL/crypto/evp/names.c -index a92be1f..ff115a3 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/names.c -+++ b/Cryptlib/OpenSSL/crypto/evp/names.c -@@ -1,18 +1,66 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/evp/names.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include --#include -+#include - #include --#include "internal/evp_int.h" - - int EVP_add_cipher(const EVP_CIPHER *c) - { -@@ -21,10 +69,13 @@ int EVP_add_cipher(const EVP_CIPHER *c) - if (c == NULL) - return 0; - -+ OPENSSL_init(); -+ - r = OBJ_NAME_add(OBJ_nid2sn(c->nid), OBJ_NAME_TYPE_CIPHER_METH, - (const char *)c); - if (r == 0) - return (0); -+ check_defer(c->nid); - r = OBJ_NAME_add(OBJ_nid2ln(c->nid), OBJ_NAME_TYPE_CIPHER_METH, - (const char *)c); - return (r); -@@ -34,11 +85,13 @@ int EVP_add_digest(const EVP_MD *md) - { - int r; - const char *name; -+ OPENSSL_init(); - - name = OBJ_nid2sn(md->type); - r = OBJ_NAME_add(name, OBJ_NAME_TYPE_MD_METH, (const char *)md); - if (r == 0) - return (0); -+ check_defer(md->type); - r = OBJ_NAME_add(OBJ_nid2ln(md->type), OBJ_NAME_TYPE_MD_METH, - (const char *)md); - if (r == 0) -@@ -49,6 +102,7 @@ int EVP_add_digest(const EVP_MD *md) - OBJ_NAME_TYPE_MD_METH | OBJ_NAME_ALIAS, name); - if (r == 0) - return (0); -+ check_defer(md->pkey_type); - r = OBJ_NAME_add(OBJ_nid2ln(md->pkey_type), - OBJ_NAME_TYPE_MD_METH | OBJ_NAME_ALIAS, name); - } -@@ -59,9 +113,6 @@ const EVP_CIPHER *EVP_get_cipherbyname(const char *name) - { - const EVP_CIPHER *cp; - -- if (!OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL)) -- return NULL; -- - cp = (const EVP_CIPHER *)OBJ_NAME_get(name, OBJ_NAME_TYPE_CIPHER_METH); - return (cp); - } -@@ -70,14 +121,11 @@ const EVP_MD *EVP_get_digestbyname(const char *name) - { - const EVP_MD *cp; - -- if (!OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL)) -- return NULL; -- - cp = (const EVP_MD *)OBJ_NAME_get(name, OBJ_NAME_TYPE_MD_METH); - return (cp); - } - --void evp_cleanup_int(void) -+void EVP_cleanup(void) - { - OBJ_NAME_cleanup(OBJ_NAME_TYPE_CIPHER_METH); - OBJ_NAME_cleanup(OBJ_NAME_TYPE_MD_METH); -@@ -89,6 +137,10 @@ void evp_cleanup_int(void) - OBJ_NAME_cleanup(-1); - - EVP_PBE_cleanup(); -+ if (obj_cleanup_defer == 2) { -+ obj_cleanup_defer = 0; -+ OBJ_cleanup(); -+ } - OBJ_sigid_free(); - } - -@@ -112,10 +164,6 @@ void EVP_CIPHER_do_all(void (*fn) (const EVP_CIPHER *ciph, - void *arg) - { - struct doall_cipher dc; -- -- /* Ignore errors */ -- OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL); -- - dc.fn = fn; - dc.arg = arg; - OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH, do_all_cipher_fn, &dc); -@@ -126,10 +174,6 @@ void EVP_CIPHER_do_all_sorted(void (*fn) (const EVP_CIPHER *ciph, - void *x), void *arg) - { - struct doall_cipher dc; -- -- /* Ignore errors */ -- OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL); -- - dc.fn = fn; - dc.arg = arg; - OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, do_all_cipher_fn, &dc); -@@ -155,10 +199,6 @@ void EVP_MD_do_all(void (*fn) (const EVP_MD *md, - void *arg) - { - struct doall_md dc; -- -- /* Ignore errors */ -- OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL); -- - dc.fn = fn; - dc.arg = arg; - OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, do_all_md_fn, &dc); -@@ -169,9 +209,6 @@ void EVP_MD_do_all_sorted(void (*fn) (const EVP_MD *md, - void *x), void *arg) - { - struct doall_md dc; -- -- OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL); -- - dc.fn = fn; - dc.arg = arg; - OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_MD_METH, do_all_md_fn, &dc); -diff --git a/Cryptlib/OpenSSL/crypto/evp/p5_crpt.c b/Cryptlib/OpenSSL/crypto/evp/p5_crpt.c -index 7e55d0b..d06ab90 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/p5_crpt.c -+++ b/Cryptlib/OpenSSL/crypto/evp/p5_crpt.c -@@ -1,15 +1,65 @@ -+/* p5_crpt.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - -@@ -25,15 +75,17 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *cipher, - const EVP_MD *md, int en_de) - { -- EVP_MD_CTX *ctx; -+ EVP_MD_CTX ctx; - unsigned char md_tmp[EVP_MAX_MD_SIZE]; - unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; - int i; - PBEPARAM *pbe; - int saltlen, iter; - unsigned char *salt; -+ const unsigned char *pbuf; - int mdsize; - int rv = 0; -+ EVP_MD_CTX_init(&ctx); - - /* Extract useful info from parameter */ - if (param == NULL || param->type != V_ASN1_SEQUENCE || -@@ -42,8 +94,8 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, - return 0; - } - -- pbe = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBEPARAM), param); -- if (pbe == NULL) { -+ pbuf = param->value.sequence->data; -+ if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) { - EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_DECODE_ERROR); - return 0; - } -@@ -60,30 +112,24 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, - else if (passlen == -1) - passlen = strlen(pass); - -- ctx = EVP_MD_CTX_new(); -- if (ctx == NULL) { -- EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- if (!EVP_DigestInit_ex(ctx, md, NULL)) -+ if (!EVP_DigestInit_ex(&ctx, md, NULL)) - goto err; -- if (!EVP_DigestUpdate(ctx, pass, passlen)) -+ if (!EVP_DigestUpdate(&ctx, pass, passlen)) - goto err; -- if (!EVP_DigestUpdate(ctx, salt, saltlen)) -+ if (!EVP_DigestUpdate(&ctx, salt, saltlen)) - goto err; - PBEPARAM_free(pbe); -- if (!EVP_DigestFinal_ex(ctx, md_tmp, NULL)) -+ if (!EVP_DigestFinal_ex(&ctx, md_tmp, NULL)) - goto err; - mdsize = EVP_MD_size(md); - if (mdsize < 0) - return 0; - for (i = 1; i < iter; i++) { -- if (!EVP_DigestInit_ex(ctx, md, NULL)) -+ if (!EVP_DigestInit_ex(&ctx, md, NULL)) - goto err; -- if (!EVP_DigestUpdate(ctx, md_tmp, mdsize)) -+ if (!EVP_DigestUpdate(&ctx, md_tmp, mdsize)) - goto err; -- if (!EVP_DigestFinal_ex(ctx, md_tmp, NULL)) -+ if (!EVP_DigestFinal_ex(&ctx, md_tmp, NULL)) - goto err; - } - OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)); -@@ -98,6 +144,6 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, - OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); - rv = 1; - err: -- EVP_MD_CTX_free(ctx); -+ EVP_MD_CTX_cleanup(&ctx); - return rv; - } -diff --git a/Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c b/Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c -index 2e45aa3..f2ae1e5 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c -+++ b/Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c -@@ -1,24 +1,74 @@ -+/* p5_crpt2.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ -- - #include - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" -+#if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA) - # include - # include - # include - # include "evp_locl.h" - - /* set this to print out info about the keygen algorithm */ --/* #define OPENSSL_DEBUG_PKCS5V2 */ -+/* #define DEBUG_PKCS5V2 */ - --# ifdef OPENSSL_DEBUG_PKCS5V2 -+# ifdef DEBUG_PKCS5V2 - static void h__dump(const unsigned char *p, int len); - # endif - -@@ -36,28 +86,21 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, - unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4]; - int cplen, j, k, tkeylen, mdlen; - unsigned long i = 1; -- HMAC_CTX *hctx_tpl = NULL, *hctx = NULL; -+ HMAC_CTX hctx_tpl, hctx; - - mdlen = EVP_MD_size(digest); - if (mdlen < 0) - return 0; - -- hctx_tpl = HMAC_CTX_new(); -- if (hctx_tpl == NULL) -- return 0; -+ HMAC_CTX_init(&hctx_tpl); - p = out; - tkeylen = keylen; - if (!pass) - passlen = 0; - else if (passlen == -1) - passlen = strlen(pass); -- if (!HMAC_Init_ex(hctx_tpl, pass, passlen, digest, NULL)) { -- HMAC_CTX_free(hctx_tpl); -- return 0; -- } -- hctx = HMAC_CTX_new(); -- if (hctx == NULL) { -- HMAC_CTX_free(hctx_tpl); -+ if (!HMAC_Init_ex(&hctx_tpl, pass, passlen, digest, NULL)) { -+ HMAC_CTX_cleanup(&hctx_tpl); - return 0; - } - while (tkeylen) { -@@ -73,33 +116,31 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, - itmp[1] = (unsigned char)((i >> 16) & 0xff); - itmp[2] = (unsigned char)((i >> 8) & 0xff); - itmp[3] = (unsigned char)(i & 0xff); -- if (!HMAC_CTX_copy(hctx, hctx_tpl)) { -- HMAC_CTX_free(hctx); -- HMAC_CTX_free(hctx_tpl); -+ if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) { -+ HMAC_CTX_cleanup(&hctx_tpl); - return 0; - } -- if (!HMAC_Update(hctx, salt, saltlen) -- || !HMAC_Update(hctx, itmp, 4) -- || !HMAC_Final(hctx, digtmp, NULL)) { -- HMAC_CTX_free(hctx); -- HMAC_CTX_free(hctx_tpl); -+ if (!HMAC_Update(&hctx, salt, saltlen) -+ || !HMAC_Update(&hctx, itmp, 4) -+ || !HMAC_Final(&hctx, digtmp, NULL)) { -+ HMAC_CTX_cleanup(&hctx_tpl); -+ HMAC_CTX_cleanup(&hctx); - return 0; - } -- HMAC_CTX_reset(hctx); -+ HMAC_CTX_cleanup(&hctx); - memcpy(p, digtmp, cplen); - for (j = 1; j < iter; j++) { -- if (!HMAC_CTX_copy(hctx, hctx_tpl)) { -- HMAC_CTX_free(hctx); -- HMAC_CTX_free(hctx_tpl); -+ if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) { -+ HMAC_CTX_cleanup(&hctx_tpl); - return 0; - } -- if (!HMAC_Update(hctx, digtmp, mdlen) -- || !HMAC_Final(hctx, digtmp, NULL)) { -- HMAC_CTX_free(hctx); -- HMAC_CTX_free(hctx_tpl); -+ if (!HMAC_Update(&hctx, digtmp, mdlen) -+ || !HMAC_Final(&hctx, digtmp, NULL)) { -+ HMAC_CTX_cleanup(&hctx_tpl); -+ HMAC_CTX_cleanup(&hctx); - return 0; - } -- HMAC_CTX_reset(hctx); -+ HMAC_CTX_cleanup(&hctx); - for (k = 0; k < cplen; k++) - p[k] ^= digtmp[k]; - } -@@ -107,9 +148,8 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, - i++; - p += cplen; - } -- HMAC_CTX_free(hctx); -- HMAC_CTX_free(hctx_tpl); --# ifdef OPENSSL_DEBUG_PKCS5V2 -+ HMAC_CTX_cleanup(&hctx_tpl); -+# ifdef DEBUG_PKCS5V2 - fprintf(stderr, "Password:\n"); - h__dump(pass, passlen); - fprintf(stderr, "Salt:\n"); -@@ -151,21 +191,29 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *c, - const EVP_MD *md, int en_de) - { -+ const unsigned char *pbuf; -+ int plen; - PBE2PARAM *pbe2 = NULL; - const EVP_CIPHER *cipher; -- EVP_PBE_KEYGEN *kdf; - - int rv = 0; - -- pbe2 = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBE2PARAM), param); -- if (pbe2 == NULL) { -+ if (param == NULL || param->type != V_ASN1_SEQUENCE || -+ param->value.sequence == NULL) { -+ EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_DECODE_ERROR); -+ goto err; -+ } -+ -+ pbuf = param->value.sequence->data; -+ plen = param->value.sequence->length; -+ if (!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) { - EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_DECODE_ERROR); - goto err; - } - - /* See if we recognise the key derivation function */ -- if (!EVP_PBE_find(EVP_PBE_TYPE_KDF, OBJ_obj2nid(pbe2->keyfunc->algorithm), -- NULL, NULL, &kdf)) { -+ -+ if (OBJ_obj2nid(pbe2->keyfunc->algorithm) != NID_id_pbkdf2) { - EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, - EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION); - goto err; -@@ -189,7 +237,8 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_CIPHER_PARAMETER_ERROR); - goto err; - } -- rv = kdf(ctx, pass, passlen, pbe2->keyfunc->parameter, NULL, NULL, en_de); -+ rv = PKCS5_v2_PBKDF2_keyivgen(ctx, pass, passlen, -+ pbe2->keyfunc->parameter, c, md, en_de); - err: - PBE2PARAM_free(pbe2); - return rv; -@@ -200,7 +249,8 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, - const EVP_CIPHER *c, const EVP_MD *md, int en_de) - { - unsigned char *salt, key[EVP_MAX_KEY_LENGTH]; -- int saltlen, iter; -+ const unsigned char *pbuf; -+ int saltlen, iter, plen; - int rv = 0; - unsigned int keylen = 0; - int prf_nid, hmac_md_nid; -@@ -216,9 +266,15 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, - - /* Decode parameter */ - -- kdf = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBKDF2PARAM), param); -+ if (!param || (param->type != V_ASN1_SEQUENCE)) { -+ EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_DECODE_ERROR); -+ goto err; -+ } -+ -+ pbuf = param->value.sequence->data; -+ plen = param->value.sequence->length; - -- if (kdf == NULL) { -+ if (!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen))) { - EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_DECODE_ERROR); - goto err; - } -@@ -267,7 +323,7 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, - return rv; - } - --# ifdef OPENSSL_DEBUG_PKCS5V2 -+# ifdef DEBUG_PKCS5V2 - static void h__dump(const unsigned char *p, int len) - { - for (; len--; p++) -@@ -275,3 +331,4 @@ static void h__dump(const unsigned char *p, int len) - fprintf(stderr, "\n"); - } - # endif -+#endif -diff --git a/Cryptlib/OpenSSL/crypto/evp/p_dec.c b/Cryptlib/OpenSSL/crypto/evp/p_dec.c -index 6bec406..225b8b4 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/p_dec.c -+++ b/Cryptlib/OpenSSL/crypto/evp/p_dec.c -@@ -1,15 +1,67 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/evp/p_dec.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" --#include -+#include "cryptlib.h" -+#include -+#ifndef OPENSSL_NO_RSA -+# include -+#endif - #include - #include - #include -@@ -20,7 +72,7 @@ int EVP_PKEY_decrypt_old(unsigned char *key, const unsigned char *ek, int ekl, - int ret = -1; - - #ifndef OPENSSL_NO_RSA -- if (EVP_PKEY_id(priv) != EVP_PKEY_RSA) { -+ if (priv->type != EVP_PKEY_RSA) { - #endif - EVPerr(EVP_F_EVP_PKEY_DECRYPT_OLD, EVP_R_PUBLIC_KEY_NOT_RSA); - #ifndef OPENSSL_NO_RSA -@@ -28,8 +80,7 @@ int EVP_PKEY_decrypt_old(unsigned char *key, const unsigned char *ek, int ekl, - } - - ret = -- RSA_private_decrypt(ekl, ek, key, EVP_PKEY_get0_RSA(priv), -- RSA_PKCS1_PADDING); -+ RSA_private_decrypt(ekl, ek, key, priv->pkey.rsa, RSA_PKCS1_PADDING); - err: - #endif - return (ret); -diff --git a/Cryptlib/OpenSSL/crypto/evp/p_enc.c b/Cryptlib/OpenSSL/crypto/evp/p_enc.c -index 3277fbb..f565f33 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/p_enc.c -+++ b/Cryptlib/OpenSSL/crypto/evp/p_enc.c -@@ -1,15 +1,67 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/evp/p_enc.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" --#include -+#include "cryptlib.h" -+#include -+#ifndef OPENSSL_NO_RSA -+# include -+#endif - #include - #include - #include -@@ -20,14 +72,14 @@ int EVP_PKEY_encrypt_old(unsigned char *ek, const unsigned char *key, - int ret = 0; - - #ifndef OPENSSL_NO_RSA -- if (EVP_PKEY_id(pubk) != EVP_PKEY_RSA) { -+ if (pubk->type != EVP_PKEY_RSA) { - #endif - EVPerr(EVP_F_EVP_PKEY_ENCRYPT_OLD, EVP_R_PUBLIC_KEY_NOT_RSA); - #ifndef OPENSSL_NO_RSA - goto err; - } - ret = -- RSA_public_encrypt(key_len, key, ek, EVP_PKEY_get0_RSA(pubk), -+ RSA_public_encrypt(key_len, key, ek, pubk->pkey.rsa, - RSA_PKCS1_PADDING); - err: - #endif -diff --git a/Cryptlib/OpenSSL/crypto/evp/p_lib.c b/Cryptlib/OpenSSL/crypto/evp/p_lib.c -index 9828620..545d04f 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/p_lib.c -+++ b/Cryptlib/OpenSSL/crypto/evp/p_lib.c -@@ -1,45 +1,94 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/evp/p_lib.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include - #include -+#include - #include --#include --#include --#include --#include -+#ifndef OPENSSL_NO_RSA -+# include -+#endif -+#ifndef OPENSSL_NO_DSA -+# include -+#endif -+#ifndef OPENSSL_NO_DH -+# include -+#endif - --#include "internal/asn1_int.h" --#include "internal/evp_int.h" -+#ifndef OPENSSL_NO_ENGINE -+# include -+#endif -+ -+#include "asn1_locl.h" - - static void EVP_PKEY_free_it(EVP_PKEY *x); - --int EVP_PKEY_bits(const EVP_PKEY *pkey) -+int EVP_PKEY_bits(EVP_PKEY *pkey) - { - if (pkey && pkey->ameth && pkey->ameth->pkey_bits) - return pkey->ameth->pkey_bits(pkey); - return 0; - } - --int EVP_PKEY_security_bits(const EVP_PKEY *pkey) --{ -- if (pkey == NULL) -- return 0; -- if (!pkey->ameth || !pkey->ameth->pkey_security_bits) -- return -2; -- return pkey->ameth->pkey_security_bits(pkey); --} -- - int EVP_PKEY_size(EVP_PKEY *pkey) - { - if (pkey && pkey->ameth && pkey->ameth->pkey_size) -@@ -72,10 +121,7 @@ int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode) - - int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) - { -- if (to->type == EVP_PKEY_NONE) { -- if (EVP_PKEY_set_type(to, from->type) == 0) -- return 0; -- } else if (to->type != from->type) { -+ if (to->type != from->type) { - EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_DIFFERENT_KEY_TYPES); - goto err; - } -@@ -137,35 +183,22 @@ int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b) - - EVP_PKEY *EVP_PKEY_new(void) - { -- EVP_PKEY *ret = OPENSSL_zalloc(sizeof(*ret)); -+ EVP_PKEY *ret; - -+ ret = (EVP_PKEY *)OPENSSL_malloc(sizeof(EVP_PKEY)); - if (ret == NULL) { - EVPerr(EVP_F_EVP_PKEY_NEW, ERR_R_MALLOC_FAILURE); -- return NULL; -+ return (NULL); - } - ret->type = EVP_PKEY_NONE; - ret->save_type = EVP_PKEY_NONE; - ret->references = 1; -+ ret->ameth = NULL; -+ ret->engine = NULL; -+ ret->pkey.ptr = NULL; -+ ret->attributes = NULL; - ret->save_parameters = 1; -- ret->lock = CRYPTO_THREAD_lock_new(); -- if (ret->lock == NULL) { -- EVPerr(EVP_F_EVP_PKEY_NEW, ERR_R_MALLOC_FAILURE); -- OPENSSL_free(ret); -- return NULL; -- } -- return ret; --} -- --int EVP_PKEY_up_ref(EVP_PKEY *pkey) --{ -- int i; -- -- if (CRYPTO_atomic_add(&pkey->references, 1, &i, pkey->lock) <= 0) -- return 0; -- -- REF_PRINT_COUNT("EVP_PKEY", pkey); -- REF_ASSERT_ISNT(i < 2); -- return ((i > 1) ? 1 : 0); -+ return (ret); - } - - /* -@@ -188,8 +221,10 @@ static int pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len) - return 1; - #ifndef OPENSSL_NO_ENGINE - /* If we have an ENGINE release it */ -- ENGINE_finish(pkey->engine); -- pkey->engine = NULL; -+ if (pkey->engine) { -+ ENGINE_finish(pkey->engine); -+ pkey->engine = NULL; -+ } - #endif - } - if (str) -@@ -197,10 +232,10 @@ static int pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len) - else - ameth = EVP_PKEY_asn1_find(&e, type); - #ifndef OPENSSL_NO_ENGINE -- if (pkey == NULL) -+ if (!pkey && e) - ENGINE_finish(e); - #endif -- if (ameth == NULL) { -+ if (!ameth) { - EVPerr(EVP_F_PKEY_SET_TYPE, EVP_R_UNSUPPORTED_ALGORITHM); - return 0; - } -@@ -232,23 +267,11 @@ int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key) - return (key != NULL); - } - --void *EVP_PKEY_get0(const EVP_PKEY *pkey) -+void *EVP_PKEY_get0(EVP_PKEY *pkey) - { - return pkey->pkey.ptr; - } - --const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len) --{ -- ASN1_OCTET_STRING *os = NULL; -- if (pkey->type != EVP_PKEY_HMAC) { -- EVPerr(EVP_F_EVP_PKEY_GET0_HMAC, EVP_R_EXPECTING_AN_HMAC_KEY); -- return NULL; -- } -- os = EVP_PKEY_get0(pkey); -- *len = os->length; -- return os->data; --} -- - #ifndef OPENSSL_NO_RSA - int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key) - { -@@ -258,22 +281,15 @@ int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key) - return ret; - } - --RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey) -+RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey) - { - if (pkey->type != EVP_PKEY_RSA) { -- EVPerr(EVP_F_EVP_PKEY_GET0_RSA, EVP_R_EXPECTING_AN_RSA_KEY); -+ EVPerr(EVP_F_EVP_PKEY_GET1_RSA, EVP_R_EXPECTING_AN_RSA_KEY); - return NULL; - } -+ RSA_up_ref(pkey->pkey.rsa); - return pkey->pkey.rsa; - } -- --RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey) --{ -- RSA *ret = EVP_PKEY_get0_RSA(pkey); -- if (ret != NULL) -- RSA_up_ref(ret); -- return ret; --} - #endif - - #ifndef OPENSSL_NO_DSA -@@ -285,22 +301,15 @@ int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key) - return ret; - } - --DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey) -+DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey) - { - if (pkey->type != EVP_PKEY_DSA) { -- EVPerr(EVP_F_EVP_PKEY_GET0_DSA, EVP_R_EXPECTING_A_DSA_KEY); -+ EVPerr(EVP_F_EVP_PKEY_GET1_DSA, EVP_R_EXPECTING_A_DSA_KEY); - return NULL; - } -+ DSA_up_ref(pkey->pkey.dsa); - return pkey->pkey.dsa; - } -- --DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey) --{ -- DSA *ret = EVP_PKEY_get0_DSA(pkey); -- if (ret != NULL) -- DSA_up_ref(ret); -- return ret; --} - #endif - - #ifndef OPENSSL_NO_EC -@@ -313,22 +322,15 @@ int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key) - return ret; - } - --EC_KEY *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey) -+EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey) - { - if (pkey->type != EVP_PKEY_EC) { -- EVPerr(EVP_F_EVP_PKEY_GET0_EC_KEY, EVP_R_EXPECTING_A_EC_KEY); -+ EVPerr(EVP_F_EVP_PKEY_GET1_EC_KEY, EVP_R_EXPECTING_A_EC_KEY); - return NULL; - } -+ EC_KEY_up_ref(pkey->pkey.ec); - return pkey->pkey.ec; - } -- --EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey) --{ -- EC_KEY *ret = EVP_PKEY_get0_EC_KEY(pkey); -- if (ret != NULL) -- EC_KEY_up_ref(ret); -- return ret; --} - #endif - - #ifndef OPENSSL_NO_DH -@@ -341,22 +343,15 @@ int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key) - return ret; - } - --DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey) -+DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey) - { - if (pkey->type != EVP_PKEY_DH && pkey->type != EVP_PKEY_DHX) { -- EVPerr(EVP_F_EVP_PKEY_GET0_DH, EVP_R_EXPECTING_A_DH_KEY); -+ EVPerr(EVP_F_EVP_PKEY_GET1_DH, EVP_R_EXPECTING_A_DH_KEY); - return NULL; - } -+ DH_up_ref(pkey->pkey.dh); - return pkey->pkey.dh; - } -- --DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey) --{ -- DH *ret = EVP_PKEY_get0_DH(pkey); -- if (ret != NULL) -- DH_up_ref(ret); -- return ret; --} - #endif - - int EVP_PKEY_type(int type) -@@ -370,7 +365,8 @@ int EVP_PKEY_type(int type) - else - ret = NID_undef; - #ifndef OPENSSL_NO_ENGINE -- ENGINE_finish(e); -+ if (e) -+ ENGINE_finish(e); - #endif - return ret; - } -@@ -392,27 +388,35 @@ void EVP_PKEY_free(EVP_PKEY *x) - if (x == NULL) - return; - -- CRYPTO_atomic_add(&x->references, -1, &i, x->lock); -- REF_PRINT_COUNT("EVP_PKEY", x); -+ i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_EVP_PKEY); -+#ifdef REF_PRINT -+ REF_PRINT("EVP_PKEY", x); -+#endif - if (i > 0) - return; -- REF_ASSERT_ISNT(i < 0); -+#ifdef REF_CHECK -+ if (i < 0) { -+ fprintf(stderr, "EVP_PKEY_free, bad reference count\n"); -+ abort(); -+ } -+#endif - EVP_PKEY_free_it(x); -- CRYPTO_THREAD_lock_free(x->lock); -- sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free); -+ if (x->attributes) -+ sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free); - OPENSSL_free(x); - } - - static void EVP_PKEY_free_it(EVP_PKEY *x) - { -- /* internal function; x is never NULL */ - if (x->ameth && x->ameth->pkey_free) { - x->ameth->pkey_free(x); - x->pkey.ptr = NULL; - } - #ifndef OPENSSL_NO_ENGINE -- ENGINE_finish(x->engine); -- x->engine = NULL; -+ if (x->engine) { -+ ENGINE_finish(x->engine); -+ x->engine = NULL; -+ } - #endif - } - -@@ -451,34 +455,10 @@ int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, - return unsup_alg(out, pkey, indent, "Parameters"); - } - --static int evp_pkey_asn1_ctrl(EVP_PKEY *pkey, int op, int arg1, void *arg2) --{ -- if (pkey->ameth == NULL || pkey->ameth->pkey_ctrl == NULL) -- return -2; -- return pkey->ameth->pkey_ctrl(pkey, op, arg1, arg2); --} -- - int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid) - { -- return evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_DEFAULT_MD_NID, 0, pnid); --} -- --int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *pkey, -- const unsigned char *pt, size_t ptlen) --{ -- if (ptlen > INT_MAX) -- return 0; -- if (evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_SET1_TLS_ENCPT, ptlen, -- (void *)pt) <= 0) -- return 0; -- return 1; --} -- --size_t EVP_PKEY_get1_tls_encodedpoint(EVP_PKEY *pkey, unsigned char **ppt) --{ -- int rv; -- rv = evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_GET1_TLS_ENCPT, 0, ppt); -- if (rv <= 0) -- return 0; -- return rv; -+ if (!pkey->ameth || !pkey->ameth->pkey_ctrl) -+ return -2; -+ return pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_DEFAULT_MD_NID, -+ 0, pnid); - } -diff --git a/Cryptlib/OpenSSL/crypto/evp/p_open.c b/Cryptlib/OpenSSL/crypto/evp/p_open.c -index b65bc74..229eb64 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/p_open.c -+++ b/Cryptlib/OpenSSL/crypto/evp/p_open.c -@@ -1,18 +1,66 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/evp/p_open.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - --#include "internal/cryptlib.h" --#ifdef OPENSSL_NO_RSA --NON_EMPTY_TRANSLATION_UNIT --#else -+#include -+#include "cryptlib.h" -+ -+#ifndef OPENSSL_NO_RSA - --# include - # include - # include - # include -@@ -26,7 +74,7 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - int i, size = 0, ret = 0; - - if (type) { -- EVP_CIPHER_CTX_reset(ctx); -+ EVP_CIPHER_CTX_init(ctx); - if (!EVP_DecryptInit_ex(ctx, type, NULL, NULL, NULL)) - return 0; - } -@@ -34,13 +82,13 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - if (!priv) - return 1; - -- if (EVP_PKEY_id(priv) != EVP_PKEY_RSA) { -+ if (priv->type != EVP_PKEY_RSA) { - EVPerr(EVP_F_EVP_OPENINIT, EVP_R_PUBLIC_KEY_NOT_RSA); - goto err; - } - -- size = EVP_PKEY_size(priv); -- key = OPENSSL_malloc(size + 2); -+ size = RSA_size(priv->pkey.rsa); -+ key = (unsigned char *)OPENSSL_malloc(size + 2); - if (key == NULL) { - /* ERROR */ - EVPerr(EVP_F_EVP_OPENINIT, ERR_R_MALLOC_FAILURE); -@@ -57,7 +105,9 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - - ret = 1; - err: -- OPENSSL_clear_free(key, size); -+ if (key != NULL) -+ OPENSSL_cleanse(key, size); -+ OPENSSL_free(key); - return (ret); - } - -@@ -70,4 +120,10 @@ int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) - i = EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL); - return (i); - } -+#else /* !OPENSSL_NO_RSA */ -+ -+# ifdef PEDANTIC -+static void *dummy = &dummy; -+# endif -+ - #endif -diff --git a/Cryptlib/OpenSSL/crypto/evp/p_seal.c b/Cryptlib/OpenSSL/crypto/evp/p_seal.c -index faa2464..ba9dfff 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/p_seal.c -+++ b/Cryptlib/OpenSSL/crypto/evp/p_seal.c -@@ -1,16 +1,67 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/evp/p_seal.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include --#include -+#ifndef OPENSSL_NO_RSA -+# include -+#endif - #include - #include - #include -@@ -23,7 +74,7 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - int i; - - if (type) { -- EVP_CIPHER_CTX_reset(ctx); -+ EVP_CIPHER_CTX_init(ctx); - if (!EVP_EncryptInit_ex(ctx, type, NULL, NULL, NULL)) - return 0; - } -diff --git a/Cryptlib/OpenSSL/crypto/evp/p_sign.c b/Cryptlib/OpenSSL/crypto/evp/p_sign.c -index 6cb442e..1b9ba06 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/p_sign.c -+++ b/Cryptlib/OpenSSL/crypto/evp/p_sign.c -@@ -1,61 +1,133 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/evp/p_sign.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include --#include "internal/evp_int.h" -+ -+#ifdef undef -+void EVP_SignInit(EVP_MD_CTX *ctx, EVP_MD *type) -+{ -+ EVP_DigestInit_ex(ctx, type); -+} -+ -+void EVP_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data, unsigned int count) -+{ -+ EVP_DigestUpdate(ctx, data, count); -+} -+#endif - - int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, - unsigned int *siglen, EVP_PKEY *pkey) - { - unsigned char m[EVP_MAX_MD_SIZE]; -- unsigned int m_len = 0; -- int i = 0; -- size_t sltmp; -+ unsigned int m_len; -+ int i = 0, ok = 0, v; -+ EVP_MD_CTX tmp_ctx; - EVP_PKEY_CTX *pkctx = NULL; - - *siglen = 0; -- if (EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_FINALISE)) { -- if (!EVP_DigestFinal_ex(ctx, m, &m_len)) -+ EVP_MD_CTX_init(&tmp_ctx); -+ if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx)) -+ goto err; -+ if (!EVP_DigestFinal_ex(&tmp_ctx, &(m[0]), &m_len)) -+ goto err; -+ EVP_MD_CTX_cleanup(&tmp_ctx); -+ -+ if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) { -+ size_t sltmp = (size_t)EVP_PKEY_size(pkey); -+ i = 0; -+ pkctx = EVP_PKEY_CTX_new(pkey, NULL); -+ if (!pkctx) - goto err; -- } else { -- int rv = 0; -- EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new(); -- if (tmp_ctx == NULL) { -- EVPerr(EVP_F_EVP_SIGNFINAL, ERR_R_MALLOC_FAILURE); -- return 0; -+ if (EVP_PKEY_sign_init(pkctx) <= 0) -+ goto err; -+ if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0) -+ goto err; -+ if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) -+ goto err; -+ *siglen = sltmp; -+ i = 1; -+ err: -+ EVP_PKEY_CTX_free(pkctx); -+ return i; -+ } -+ -+ for (i = 0; i < 4; i++) { -+ v = ctx->digest->required_pkey_type[i]; -+ if (v == 0) -+ break; -+ if (pkey->type == v) { -+ ok = 1; -+ break; - } -- rv = EVP_MD_CTX_copy_ex(tmp_ctx, ctx); -- if (rv) -- rv = EVP_DigestFinal_ex(tmp_ctx, m, &m_len); -- EVP_MD_CTX_free(tmp_ctx); -- if (!rv) -- return 0; -+ } -+ if (!ok) { -+ EVPerr(EVP_F_EVP_SIGNFINAL, EVP_R_WRONG_PUBLIC_KEY_TYPE); -+ return (0); - } - -- sltmp = (size_t)EVP_PKEY_size(pkey); -- i = 0; -- pkctx = EVP_PKEY_CTX_new(pkey, NULL); -- if (pkctx == NULL) -- goto err; -- if (EVP_PKEY_sign_init(pkctx) <= 0) -- goto err; -- if (EVP_PKEY_CTX_set_signature_md(pkctx, EVP_MD_CTX_md(ctx)) <= 0) -- goto err; -- if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) -- goto err; -- *siglen = sltmp; -- i = 1; -- err: -- EVP_PKEY_CTX_free(pkctx); -- return i; -+ if (ctx->digest->sign == NULL) { -+ EVPerr(EVP_F_EVP_SIGNFINAL, EVP_R_NO_SIGN_FUNCTION_CONFIGURED); -+ return (0); -+ } -+ return (ctx->digest->sign(ctx->digest->type, m, m_len, sigret, siglen, -+ pkey->pkey.ptr)); - } -diff --git a/Cryptlib/OpenSSL/crypto/evp/p_verify.c b/Cryptlib/OpenSSL/crypto/evp/p_verify.c -index 6e8c565..65e1e21 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/p_verify.c -+++ b/Cryptlib/OpenSSL/crypto/evp/p_verify.c -@@ -1,55 +1,116 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/evp/p_verify.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include --#include "internal/evp_int.h" - - int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, - unsigned int siglen, EVP_PKEY *pkey) - { - unsigned char m[EVP_MAX_MD_SIZE]; -- unsigned int m_len = 0; -- int i = 0; -+ unsigned int m_len; -+ int i = 0, ok = 0, v; -+ EVP_MD_CTX tmp_ctx; - EVP_PKEY_CTX *pkctx = NULL; - -- if (EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_FINALISE)) { -- if (!EVP_DigestFinal_ex(ctx, m, &m_len)) -+ EVP_MD_CTX_init(&tmp_ctx); -+ if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx)) -+ goto err; -+ if (!EVP_DigestFinal_ex(&tmp_ctx, &(m[0]), &m_len)) -+ goto err; -+ EVP_MD_CTX_cleanup(&tmp_ctx); -+ -+ if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) { -+ i = -1; -+ pkctx = EVP_PKEY_CTX_new(pkey, NULL); -+ if (!pkctx) -+ goto err; -+ if (EVP_PKEY_verify_init(pkctx) <= 0) -+ goto err; -+ if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0) - goto err; -- } else { -- int rv = 0; -- EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new(); -- if (tmp_ctx == NULL) { -- EVPerr(EVP_F_EVP_VERIFYFINAL, ERR_R_MALLOC_FAILURE); -- return 0; -+ i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); -+ err: -+ EVP_PKEY_CTX_free(pkctx); -+ return i; -+ } -+ -+ for (i = 0; i < 4; i++) { -+ v = ctx->digest->required_pkey_type[i]; -+ if (v == 0) -+ break; -+ if (pkey->type == v) { -+ ok = 1; -+ break; - } -- rv = EVP_MD_CTX_copy_ex(tmp_ctx, ctx); -- if (rv) -- rv = EVP_DigestFinal_ex(tmp_ctx, m, &m_len); -- EVP_MD_CTX_free(tmp_ctx); -- if (!rv) -- return 0; -+ } -+ if (!ok) { -+ EVPerr(EVP_F_EVP_VERIFYFINAL, EVP_R_WRONG_PUBLIC_KEY_TYPE); -+ return (-1); -+ } -+ if (ctx->digest->verify == NULL) { -+ EVPerr(EVP_F_EVP_VERIFYFINAL, EVP_R_NO_VERIFY_FUNCTION_CONFIGURED); -+ return (0); - } - -- i = -1; -- pkctx = EVP_PKEY_CTX_new(pkey, NULL); -- if (pkctx == NULL) -- goto err; -- if (EVP_PKEY_verify_init(pkctx) <= 0) -- goto err; -- if (EVP_PKEY_CTX_set_signature_md(pkctx, EVP_MD_CTX_md(ctx)) <= 0) -- goto err; -- i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); -- err: -- EVP_PKEY_CTX_free(pkctx); -- return i; -+ return (ctx->digest->verify(ctx->digest->type, m, m_len, -+ sigbuf, siglen, pkey->pkey.ptr)); - } -diff --git a/Cryptlib/OpenSSL/crypto/evp/pmeth_fn.c b/Cryptlib/OpenSSL/crypto/evp/pmeth_fn.c -index eb63801..727869e 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/pmeth_fn.c -+++ b/Cryptlib/OpenSSL/crypto/evp/pmeth_fn.c -@@ -1,18 +1,68 @@ -+/* pmeth_fn.c */ - /* -- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2006. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include --#include "internal/evp_int.h" -+#include "evp_locl.h" - - #define M_check_autoarg(ctx, arg, arglen, err) \ - if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) { \ -@@ -267,7 +317,8 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer) - return -1; - } - -- EVP_PKEY_free(ctx->peerkey); -+ if (ctx->peerkey) -+ EVP_PKEY_free(ctx->peerkey); - ctx->peerkey = peer; - - ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 1, peer); -@@ -277,7 +328,7 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer) - return ret; - } - -- EVP_PKEY_up_ref(peer); -+ CRYPTO_add(&peer->references, 1, CRYPTO_LOCK_EVP_PKEY); - return 1; - } - -diff --git a/Cryptlib/OpenSSL/crypto/evp/pmeth_gn.c b/Cryptlib/OpenSSL/crypto/evp/pmeth_gn.c -index 6adc3a9..6a4d357 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/pmeth_gn.c -+++ b/Cryptlib/OpenSSL/crypto/evp/pmeth_gn.c -@@ -1,19 +1,69 @@ -+/* pmeth_gn.c */ - /* -- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2006. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include --#include "internal/bn_int.h" --#include "internal/evp_int.h" -+#include -+#include "evp_locl.h" - - int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx) - { -@@ -96,7 +146,7 @@ int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) - return -1; - } - -- if (ppkey == NULL) -+ if (!ppkey) - return -1; - - if (*ppkey == NULL) -@@ -129,7 +179,7 @@ EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx) - - static int trans_cb(int a, int b, BN_GENCB *gcb) - { -- EVP_PKEY_CTX *ctx = BN_GENCB_get_arg(gcb); -+ EVP_PKEY_CTX *ctx = gcb->arg; - ctx->keygen_info[0] = a; - ctx->keygen_info[1] = b; - return ctx->pkey_gencb(ctx); -@@ -137,7 +187,7 @@ static int trans_cb(int a, int b, BN_GENCB *gcb) - - void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx) - { -- BN_GENCB_set(cb, trans_cb, ctx); -+ BN_GENCB_set(cb, trans_cb, ctx) - } - - int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx) -@@ -159,11 +209,14 @@ EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, - return NULL; - if (EVP_PKEY_keygen_init(mac_ctx) <= 0) - goto merr; -- if (EVP_PKEY_CTX_set_mac_key(mac_ctx, key, keylen) <= 0) -+ if (EVP_PKEY_CTX_ctrl(mac_ctx, -1, EVP_PKEY_OP_KEYGEN, -+ EVP_PKEY_CTRL_SET_MAC_KEY, -+ keylen, (void *)key) <= 0) - goto merr; - if (EVP_PKEY_keygen(mac_ctx, &mac_key) <= 0) - goto merr; - merr: -- EVP_PKEY_CTX_free(mac_ctx); -+ if (mac_ctx) -+ EVP_PKEY_CTX_free(mac_ctx); - return mac_key; - } -diff --git a/Cryptlib/OpenSSL/crypto/evp/pmeth_lib.c b/Cryptlib/OpenSSL/crypto/evp/pmeth_lib.c -index b7f06be..d066862 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/pmeth_lib.c -+++ b/Cryptlib/OpenSSL/crypto/evp/pmeth_lib.c -@@ -1,25 +1,81 @@ -+/* pmeth_lib.c */ - /* -- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2006. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include - #include --#include "internal/cryptlib.h" --#include -+#include "cryptlib.h" -+#include - #include --#include --#include "internal/asn1_int.h" --#include "internal/evp_int.h" --#include "internal/numbers.h" -+#ifndef OPENSSL_NO_ENGINE -+# include -+#endif -+#include "asn1_locl.h" -+#include "evp_locl.h" - - typedef int sk_cmp_fn_type(const char *const *a, const char *const *b); - --static STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL; -+DECLARE_STACK_OF(EVP_PKEY_METHOD) -+STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL; -+ -+extern const EVP_PKEY_METHOD rsa_pkey_meth, dh_pkey_meth, dsa_pkey_meth; -+extern const EVP_PKEY_METHOD ec_pkey_meth, hmac_pkey_meth, cmac_pkey_meth; -+extern const EVP_PKEY_METHOD dhx_pkey_meth; - - static const EVP_PKEY_METHOD *standard_methods[] = { - #ifndef OPENSSL_NO_RSA -@@ -39,13 +95,8 @@ static const EVP_PKEY_METHOD *standard_methods[] = { - &cmac_pkey_meth, - #endif - #ifndef OPENSSL_NO_DH -- &dhx_pkey_meth, -+ &dhx_pkey_meth - #endif -- &tls1_prf_pkey_meth, --#ifndef OPENSSL_NO_EC -- &ecx25519_pkey_meth, --#endif -- &hkdf_pkey_meth - }; - - DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *, -@@ -101,7 +152,7 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) - e = ENGINE_get_pkey_meth_engine(id); - - /* -- * If an ENGINE handled this method look it up. Otherwise use internal -+ * If an ENGINE handled this method look it up. Othewise use internal - * tables. - */ - -@@ -116,10 +167,11 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) - return NULL; - } - -- ret = OPENSSL_zalloc(sizeof(*ret)); -- if (ret == NULL) { -+ ret = OPENSSL_malloc(sizeof(EVP_PKEY_CTX)); -+ if (!ret) { - #ifndef OPENSSL_NO_ENGINE -- ENGINE_finish(e); -+ if (e) -+ ENGINE_finish(e); - #endif - EVPerr(EVP_F_INT_CTX_NEW, ERR_R_MALLOC_FAILURE); - return NULL; -@@ -128,12 +180,14 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) - ret->pmeth = pmeth; - ret->operation = EVP_PKEY_OP_UNDEFINED; - ret->pkey = pkey; -+ ret->peerkey = NULL; -+ ret->pkey_gencb = 0; - if (pkey) -- EVP_PKEY_up_ref(pkey); -+ CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); -+ ret->data = NULL; - - if (pmeth->init) { - if (pmeth->init(ret) <= 0) { -- ret->pmeth = NULL; - EVP_PKEY_CTX_free(ret); - return NULL; - } -@@ -146,10 +200,12 @@ EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags) - { - EVP_PKEY_METHOD *pmeth; - -- pmeth = OPENSSL_zalloc(sizeof(*pmeth)); -- if (pmeth == NULL) -+ pmeth = OPENSSL_malloc(sizeof(EVP_PKEY_METHOD)); -+ if (!pmeth) - return NULL; - -+ memset(pmeth, 0, sizeof(EVP_PKEY_METHOD)); -+ - pmeth->pkey_id = id; - pmeth->flags = flags | EVP_PKEY_FLAG_DYNAMIC; - return pmeth; -@@ -233,8 +289,8 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx) - return 0; - } - #endif -- rctx = OPENSSL_malloc(sizeof(*rctx)); -- if (rctx == NULL) -+ rctx = OPENSSL_malloc(sizeof(EVP_PKEY_CTX)); -+ if (!rctx) - return NULL; - - rctx->pmeth = pctx->pmeth; -@@ -243,12 +299,12 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx) - #endif - - if (pctx->pkey) -- EVP_PKEY_up_ref(pctx->pkey); -+ CRYPTO_add(&pctx->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); - - rctx->pkey = pctx->pkey; - - if (pctx->peerkey) -- EVP_PKEY_up_ref(pctx->peerkey); -+ CRYPTO_add(&pctx->peerkey->references, 1, CRYPTO_LOCK_EVP_PKEY); - - rctx->peerkey = pctx->peerkey; - -@@ -259,7 +315,6 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx) - if (pctx->pmeth->copy(rctx, pctx) > 0) - return rctx; - -- rctx->pmeth = NULL; - EVP_PKEY_CTX_free(rctx); - return NULL; - -@@ -269,7 +324,7 @@ int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth) - { - if (app_pkey_methods == NULL) { - app_pkey_methods = sk_EVP_PKEY_METHOD_new(pmeth_cmp); -- if (app_pkey_methods == NULL) -+ if (!app_pkey_methods) - return 0; - } - if (!sk_EVP_PKEY_METHOD_push(app_pkey_methods, pmeth)) -@@ -284,10 +339,17 @@ void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx) - return; - if (ctx->pmeth && ctx->pmeth->cleanup) - ctx->pmeth->cleanup(ctx); -- EVP_PKEY_free(ctx->pkey); -- EVP_PKEY_free(ctx->peerkey); -+ if (ctx->pkey) -+ EVP_PKEY_free(ctx->pkey); -+ if (ctx->peerkey) -+ EVP_PKEY_free(ctx->peerkey); - #ifndef OPENSSL_NO_ENGINE -- ENGINE_finish(ctx->engine); -+ if (ctx->engine) -+ /* -+ * The EVP_PKEY_CTX we used belongs to an ENGINE, release the -+ * functional reference we held for this reason. -+ */ -+ ENGINE_finish(ctx->engine); - #endif - OPENSSL_free(ctx); - } -@@ -329,9 +391,9 @@ int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, - EVPerr(EVP_F_EVP_PKEY_CTX_CTRL_STR, EVP_R_COMMAND_NOT_SUPPORTED); - return -2; - } -- if (strcmp(name, "digest") == 0) { -+ if (!strcmp(name, "digest")) { - const EVP_MD *md; -- if (value == NULL || (md = EVP_get_digestbyname(value)) == NULL) { -+ if (!value || !(md = EVP_get_digestbyname(value))) { - EVPerr(EVP_F_EVP_PKEY_CTX_CTRL_STR, EVP_R_INVALID_DIGEST); - return 0; - } -@@ -340,33 +402,6 @@ int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, - return ctx->pmeth->ctrl_str(ctx, name, value); - } - --/* Utility functions to send a string of hex string to a ctrl */ -- --int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *str) --{ -- size_t len; -- -- len = strlen(str); -- if (len > INT_MAX) -- return -1; -- return ctx->pmeth->ctrl(ctx, cmd, len, (void *)str); --} -- --int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hex) --{ -- unsigned char *bin; -- long binlen; -- int rv = -1; -- -- bin = OPENSSL_hexstr2buf(hex, &binlen); -- if (bin == NULL) -- return 0; -- if (binlen <= INT_MAX) -- rv = ctx->pmeth->ctrl(ctx, cmd, binlen, bin); -- OPENSSL_free(bin); -- return rv; --} -- - int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx) - { - return ctx->operation; -@@ -552,170 +587,3 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, - pmeth->ctrl = ctrl; - pmeth->ctrl_str = ctrl_str; - } -- --void EVP_PKEY_meth_get_init(EVP_PKEY_METHOD *pmeth, -- int (**pinit) (EVP_PKEY_CTX *ctx)) --{ -- *pinit = pmeth->init; --} -- --void EVP_PKEY_meth_get_copy(EVP_PKEY_METHOD *pmeth, -- int (**pcopy) (EVP_PKEY_CTX *dst, -- EVP_PKEY_CTX *src)) --{ -- *pcopy = pmeth->copy; --} -- --void EVP_PKEY_meth_get_cleanup(EVP_PKEY_METHOD *pmeth, -- void (**pcleanup) (EVP_PKEY_CTX *ctx)) --{ -- *pcleanup = pmeth->cleanup; --} -- --void EVP_PKEY_meth_get_paramgen(EVP_PKEY_METHOD *pmeth, -- int (**pparamgen_init) (EVP_PKEY_CTX *ctx), -- int (**pparamgen) (EVP_PKEY_CTX *ctx, -- EVP_PKEY *pkey)) --{ -- if (pparamgen_init) -- *pparamgen_init = pmeth->paramgen_init; -- if (pparamgen) -- *pparamgen = pmeth->paramgen; --} -- --void EVP_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth, -- int (**pkeygen_init) (EVP_PKEY_CTX *ctx), -- int (**pkeygen) (EVP_PKEY_CTX *ctx, -- EVP_PKEY *pkey)) --{ -- if (pkeygen_init) -- *pkeygen_init = pmeth->keygen_init; -- if (pkeygen) -- *pkeygen = pmeth->keygen; --} -- --void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth, -- int (**psign_init) (EVP_PKEY_CTX *ctx), -- int (**psign) (EVP_PKEY_CTX *ctx, -- unsigned char *sig, size_t *siglen, -- const unsigned char *tbs, -- size_t tbslen)) --{ -- if (psign_init) -- *psign_init = pmeth->sign_init; -- if (psign) -- *psign = pmeth->sign; --} -- --void EVP_PKEY_meth_get_verify(EVP_PKEY_METHOD *pmeth, -- int (**pverify_init) (EVP_PKEY_CTX *ctx), -- int (**pverify) (EVP_PKEY_CTX *ctx, -- const unsigned char *sig, -- size_t siglen, -- const unsigned char *tbs, -- size_t tbslen)) --{ -- if (pverify_init) -- *pverify_init = pmeth->verify_init; -- if (pverify) -- *pverify = pmeth->verify; --} -- --void EVP_PKEY_meth_get_verify_recover(EVP_PKEY_METHOD *pmeth, -- int (**pverify_recover_init) (EVP_PKEY_CTX -- *ctx), -- int (**pverify_recover) (EVP_PKEY_CTX -- *ctx, -- unsigned char -- *sig, -- size_t *siglen, -- const unsigned -- char *tbs, -- size_t tbslen)) --{ -- if (pverify_recover_init) -- *pverify_recover_init = pmeth->verify_recover_init; -- if (pverify_recover) -- *pverify_recover = pmeth->verify_recover; --} -- --void EVP_PKEY_meth_get_signctx(EVP_PKEY_METHOD *pmeth, -- int (**psignctx_init) (EVP_PKEY_CTX *ctx, -- EVP_MD_CTX *mctx), -- int (**psignctx) (EVP_PKEY_CTX *ctx, -- unsigned char *sig, -- size_t *siglen, -- EVP_MD_CTX *mctx)) --{ -- if (psignctx_init) -- *psignctx_init = pmeth->signctx_init; -- if (psignctx) -- *psignctx = pmeth->signctx; --} -- --void EVP_PKEY_meth_get_verifyctx(EVP_PKEY_METHOD *pmeth, -- int (**pverifyctx_init) (EVP_PKEY_CTX *ctx, -- EVP_MD_CTX *mctx), -- int (**pverifyctx) (EVP_PKEY_CTX *ctx, -- const unsigned char *sig, -- int siglen, -- EVP_MD_CTX *mctx)) --{ -- if (pverifyctx_init) -- *pverifyctx_init = pmeth->verifyctx_init; -- if (pverifyctx) -- *pverifyctx = pmeth->verifyctx; --} -- --void EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *pmeth, -- int (**pencrypt_init) (EVP_PKEY_CTX *ctx), -- int (**pencryptfn) (EVP_PKEY_CTX *ctx, -- unsigned char *out, -- size_t *outlen, -- const unsigned char *in, -- size_t inlen)) --{ -- if (pencrypt_init) -- *pencrypt_init = pmeth->encrypt_init; -- if (pencryptfn) -- *pencryptfn = pmeth->encrypt; --} -- --void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth, -- int (**pdecrypt_init) (EVP_PKEY_CTX *ctx), -- int (**pdecrypt) (EVP_PKEY_CTX *ctx, -- unsigned char *out, -- size_t *outlen, -- const unsigned char *in, -- size_t inlen)) --{ -- if (pdecrypt_init) -- *pdecrypt_init = pmeth->decrypt_init; -- if (pdecrypt) -- *pdecrypt = pmeth->decrypt; --} -- --void EVP_PKEY_meth_get_derive(EVP_PKEY_METHOD *pmeth, -- int (**pderive_init) (EVP_PKEY_CTX *ctx), -- int (**pderive) (EVP_PKEY_CTX *ctx, -- unsigned char *key, -- size_t *keylen)) --{ -- if (pderive_init) -- *pderive_init = pmeth->derive_init; -- if (pderive) -- *pderive = pmeth->derive; --} -- --void EVP_PKEY_meth_get_ctrl(EVP_PKEY_METHOD *pmeth, -- int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1, -- void *p2), -- int (**pctrl_str) (EVP_PKEY_CTX *ctx, -- const char *type, -- const char *value)) --{ -- if (pctrl) -- *pctrl = pmeth->ctrl; -- if (pctrl_str) -- *pctrl_str = pmeth->ctrl_str; --} -diff --git a/Cryptlib/OpenSSL/crypto/evp/scrypt.c b/Cryptlib/OpenSSL/crypto/evp/scrypt.c -deleted file mode 100644 -index 101bb1e..0000000 ---- a/Cryptlib/OpenSSL/crypto/evp/scrypt.c -+++ /dev/null -@@ -1,248 +0,0 @@ --/* -- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include --#include --#include --#include --#include --#include -- --#ifndef OPENSSL_NO_SCRYPT -- --#define R(a,b) (((a) << (b)) | ((a) >> (32 - (b)))) --static void salsa208_word_specification(uint32_t inout[16]) --{ -- int i; -- uint32_t x[16]; -- memcpy(x, inout, sizeof(x)); -- for (i = 8; i > 0; i -= 2) { -- x[4] ^= R(x[0] + x[12], 7); -- x[8] ^= R(x[4] + x[0], 9); -- x[12] ^= R(x[8] + x[4], 13); -- x[0] ^= R(x[12] + x[8], 18); -- x[9] ^= R(x[5] + x[1], 7); -- x[13] ^= R(x[9] + x[5], 9); -- x[1] ^= R(x[13] + x[9], 13); -- x[5] ^= R(x[1] + x[13], 18); -- x[14] ^= R(x[10] + x[6], 7); -- x[2] ^= R(x[14] + x[10], 9); -- x[6] ^= R(x[2] + x[14], 13); -- x[10] ^= R(x[6] + x[2], 18); -- x[3] ^= R(x[15] + x[11], 7); -- x[7] ^= R(x[3] + x[15], 9); -- x[11] ^= R(x[7] + x[3], 13); -- x[15] ^= R(x[11] + x[7], 18); -- x[1] ^= R(x[0] + x[3], 7); -- x[2] ^= R(x[1] + x[0], 9); -- x[3] ^= R(x[2] + x[1], 13); -- x[0] ^= R(x[3] + x[2], 18); -- x[6] ^= R(x[5] + x[4], 7); -- x[7] ^= R(x[6] + x[5], 9); -- x[4] ^= R(x[7] + x[6], 13); -- x[5] ^= R(x[4] + x[7], 18); -- x[11] ^= R(x[10] + x[9], 7); -- x[8] ^= R(x[11] + x[10], 9); -- x[9] ^= R(x[8] + x[11], 13); -- x[10] ^= R(x[9] + x[8], 18); -- x[12] ^= R(x[15] + x[14], 7); -- x[13] ^= R(x[12] + x[15], 9); -- x[14] ^= R(x[13] + x[12], 13); -- x[15] ^= R(x[14] + x[13], 18); -- } -- for (i = 0; i < 16; ++i) -- inout[i] += x[i]; -- OPENSSL_cleanse(x, sizeof(x)); --} -- --static void scryptBlockMix(uint32_t *B_, uint32_t *B, uint64_t r) --{ -- uint64_t i, j; -- uint32_t X[16], *pB; -- -- memcpy(X, B + (r * 2 - 1) * 16, sizeof(X)); -- pB = B; -- for (i = 0; i < r * 2; i++) { -- for (j = 0; j < 16; j++) -- X[j] ^= *pB++; -- salsa208_word_specification(X); -- memcpy(B_ + (i / 2 + (i & 1) * r) * 16, X, sizeof(X)); -- } -- OPENSSL_cleanse(X, sizeof(X)); --} -- --static void scryptROMix(unsigned char *B, uint64_t r, uint64_t N, -- uint32_t *X, uint32_t *T, uint32_t *V) --{ -- unsigned char *pB; -- uint32_t *pV; -- uint64_t i, k; -- -- /* Convert from little endian input */ -- for (pV = V, i = 0, pB = B; i < 32 * r; i++, pV++) { -- *pV = *pB++; -- *pV |= *pB++ << 8; -- *pV |= *pB++ << 16; -- *pV |= (uint32_t)*pB++ << 24; -- } -- -- for (i = 1; i < N; i++, pV += 32 * r) -- scryptBlockMix(pV, pV - 32 * r, r); -- -- scryptBlockMix(X, V + (N - 1) * 32 * r, r); -- -- for (i = 0; i < N; i++) { -- uint32_t j; -- j = X[16 * (2 * r - 1)] % N; -- pV = V + 32 * r * j; -- for (k = 0; k < 32 * r; k++) -- T[k] = X[k] ^ *pV++; -- scryptBlockMix(X, T, r); -- } -- /* Convert output to little endian */ -- for (i = 0, pB = B; i < 32 * r; i++) { -- uint32_t xtmp = X[i]; -- *pB++ = xtmp & 0xff; -- *pB++ = (xtmp >> 8) & 0xff; -- *pB++ = (xtmp >> 16) & 0xff; -- *pB++ = (xtmp >> 24) & 0xff; -- } --} -- --#ifndef SIZE_MAX --# define SIZE_MAX ((size_t)-1) --#endif -- --/* -- * Maximum power of two that will fit in uint64_t: this should work on -- * most (all?) platforms. -- */ -- --#define LOG2_UINT64_MAX (sizeof(uint64_t) * 8 - 1) -- --/* -- * Maximum value of p * r: -- * p <= ((2^32-1) * hLen) / MFLen => -- * p <= ((2^32-1) * 32) / (128 * r) => -- * p * r <= (2^30-1) -- * -- */ -- --#define SCRYPT_PR_MAX ((1 << 30) - 1) -- --/* -- * Maximum permitted memory allow this to be overridden with Configuration -- * option: e.g. -DSCRYPT_MAX_MEM=0 for maximum possible. -- */ -- --#ifdef SCRYPT_MAX_MEM --# if SCRYPT_MAX_MEM == 0 --# undef SCRYPT_MAX_MEM --/* -- * Although we could theoretically allocate SIZE_MAX memory that would leave -- * no memory available for anything else so set limit as half that. -- */ --# define SCRYPT_MAX_MEM (SIZE_MAX/2) --# endif --#else --/* Default memory limit: 32 MB */ --# define SCRYPT_MAX_MEM (1024 * 1024 * 32) --#endif -- --int EVP_PBE_scrypt(const char *pass, size_t passlen, -- const unsigned char *salt, size_t saltlen, -- uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, -- unsigned char *key, size_t keylen) --{ -- int rv = 0; -- unsigned char *B; -- uint32_t *X, *V, *T; -- uint64_t i, Blen, Vlen; -- size_t allocsize; -- -- /* Sanity check parameters */ -- /* initial check, r,p must be non zero, N >= 2 and a power of 2 */ -- if (r == 0 || p == 0 || N < 2 || (N & (N - 1))) -- return 0; -- /* Check p * r < SCRYPT_PR_MAX avoiding overflow */ -- if (p > SCRYPT_PR_MAX / r) -- return 0; -- -- /* -- * Need to check N: if 2^(128 * r / 8) overflows limit this is -- * automatically satisfied since N <= UINT64_MAX. -- */ -- -- if (16 * r <= LOG2_UINT64_MAX) { -- if (N >= (((uint64_t)1) << (16 * r))) -- return 0; -- } -- -- /* Memory checks: check total allocated buffer size fits in uint64_t */ -- -- /* -- * B size in section 5 step 1.S -- * Note: we know p * 128 * r < UINT64_MAX because we already checked -- * p * r < SCRYPT_PR_MAX -- */ -- Blen = p * 128 * r; -- -- /* -- * Check 32 * r * (N + 2) * sizeof(uint32_t) fits in -- * uint64_t and also size_t (their sizes are unrelated). -- * This is combined size V, X and T (section 4) -- */ -- i = UINT64_MAX / (32 * sizeof(uint32_t)); -- if (N + 2 > i / r) -- return 0; -- Vlen = 32 * r * (N + 2) * sizeof(uint32_t); -- -- /* check total allocated size fits in uint64_t */ -- if (Blen > UINT64_MAX - Vlen) -- return 0; -- /* check total allocated size fits in size_t */ -- if (Blen > SIZE_MAX - Vlen) -- return 0; -- -- allocsize = (size_t)(Blen + Vlen); -- -- if (maxmem == 0) -- maxmem = SCRYPT_MAX_MEM; -- -- if (allocsize > maxmem) { -- EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED); -- return 0; -- } -- -- /* If no key return to indicate parameters are OK */ -- if (key == NULL) -- return 1; -- -- B = OPENSSL_malloc(allocsize); -- if (B == NULL) -- return 0; -- X = (uint32_t *)(B + Blen); -- T = X + 32 * r; -- V = T + 32 * r; -- if (PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, 1, EVP_sha256(), -- Blen, B) == 0) -- goto err; -- -- for (i = 0; i < p; i++) -- scryptROMix(B + 128 * r * i, r, N, X, T, V); -- -- if (PKCS5_PBKDF2_HMAC(pass, passlen, B, Blen, 1, EVP_sha256(), -- keylen, key) == 0) -- goto err; -- rv = 1; -- err: -- OPENSSL_clear_free(B, allocsize); -- return rv; --} --#endif -diff --git a/Cryptlib/OpenSSL/crypto/ex_data.c b/Cryptlib/OpenSSL/crypto/ex_data.c -index 84b6555..f96a517 100644 ---- a/Cryptlib/OpenSSL/crypto/ex_data.c -+++ b/Cryptlib/OpenSSL/crypto/ex_data.c -@@ -1,237 +1,441 @@ -+/* crypto/ex_data.c */ -+ - /* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Overhaul notes; -+ * -+ * This code is now *mostly* thread-safe. It is now easier to understand in what -+ * ways it is safe and in what ways it is not, which is an improvement. Firstly, -+ * all per-class stacks and index-counters for ex_data are stored in the same -+ * global LHASH table (keyed by class). This hash table uses locking for all -+ * access with the exception of CRYPTO_cleanup_all_ex_data(), which must only be -+ * called when no other threads can possibly race against it (even if it was -+ * locked, the race would mean it's possible the hash table might have been -+ * recreated after the cleanup). As classes can only be added to the hash table, -+ * and within each class, the stack of methods can only be incremented, the -+ * locking mechanics are simpler than they would otherwise be. For example, the -+ * new/dup/free ex_data functions will lock the hash table, copy the method -+ * pointers it needs from the relevant class, then unlock the hash table before -+ * actually applying those method pointers to the task of the new/dup/free -+ * operations. As they can't be removed from the method-stack, only -+ * supplemented, there's no race conditions associated with using them outside -+ * the lock. The get/set_ex_data functions are not locked because they do not -+ * involve this global state at all - they operate directly with a previously -+ * obtained per-class method index and a particular "ex_data" variable. These -+ * variables are usually instantiated per-context (eg. each RSA structure has -+ * one) so locking on read/write access to that variable can be locked locally -+ * if required (eg. using the "RSA" lock to synchronise access to a -+ * per-RSA-structure ex_data variable if required). -+ * [Geoff] -+ */ -+ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+/* ==================================================================== -+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - --#include "internal/cryptlib_int.h" --#include "internal/thread_once.h" -+#include "cryptlib.h" - #include - -+/* What an "implementation of ex_data functionality" looks like */ -+struct st_CRYPTO_EX_DATA_IMPL { -+ /*********************/ -+ /* GLOBAL OPERATIONS */ -+ /* Return a new class index */ -+ int (*cb_new_class) (void); -+ /* Cleanup all state used by the implementation */ -+ void (*cb_cleanup) (void); -+ /************************/ -+ /* PER-CLASS OPERATIONS */ -+ /* Get a new method index within a class */ -+ int (*cb_get_new_index) (int class_index, long argl, void *argp, -+ CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, -+ CRYPTO_EX_free *free_func); -+ /* Initialise a new CRYPTO_EX_DATA of a given class */ -+ int (*cb_new_ex_data) (int class_index, void *obj, CRYPTO_EX_DATA *ad); -+ /* Duplicate a CRYPTO_EX_DATA of a given class onto a copy */ -+ int (*cb_dup_ex_data) (int class_index, CRYPTO_EX_DATA *to, -+ CRYPTO_EX_DATA *from); -+ /* Cleanup a CRYPTO_EX_DATA of a given class */ -+ void (*cb_free_ex_data) (int class_index, void *obj, CRYPTO_EX_DATA *ad); -+}; -+ -+/* The implementation we use at run-time */ -+static const CRYPTO_EX_DATA_IMPL *impl = NULL; -+ - /* -- * Each structure type (sometimes called a class), that supports -- * exdata has a stack of callbacks for each instance. -+ * To call "impl" functions, use this macro rather than referring to 'impl' -+ * directly, eg. EX_IMPL(get_new_index)(...); - */ --struct ex_callback_st { -- long argl; /* Arbitrary long */ -- void *argp; /* Arbitrary void * */ -- CRYPTO_EX_new *new_func; -- CRYPTO_EX_free *free_func; -- CRYPTO_EX_dup *dup_func; -+#define EX_IMPL(a) impl->cb_##a -+ -+/* Predeclare the "default" ex_data implementation */ -+static int int_new_class(void); -+static void int_cleanup(void); -+static int int_get_new_index(int class_index, long argl, void *argp, -+ CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, -+ CRYPTO_EX_free *free_func); -+static int int_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); -+static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, -+ CRYPTO_EX_DATA *from); -+static void int_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); -+static CRYPTO_EX_DATA_IMPL impl_default = { -+ int_new_class, -+ int_cleanup, -+ int_get_new_index, -+ int_new_ex_data, -+ int_dup_ex_data, -+ int_free_ex_data - }; - - /* -- * The state for each class. This could just be a typedef, but -- * a structure allows future changes. -+ * Internal function that checks whether "impl" is set and if not, sets it to -+ * the default. - */ --typedef struct ex_callbacks_st { -- STACK_OF(EX_CALLBACK) *meth; --} EX_CALLBACKS; -+static void impl_check(void) -+{ -+ CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); -+ if (!impl) -+ impl = &impl_default; -+ CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); -+} - --static EX_CALLBACKS ex_data[CRYPTO_EX_INDEX__COUNT]; -+/* -+ * A macro wrapper for impl_check that first uses a non-locked test before -+ * invoking the function (which checks again inside a lock). -+ */ -+#define IMPL_CHECK if(!impl) impl_check(); - --static CRYPTO_RWLOCK *ex_data_lock = NULL; --static CRYPTO_ONCE ex_data_init = CRYPTO_ONCE_STATIC_INIT; -+/* API functions to get/set the "ex_data" implementation */ -+const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void) -+{ -+ IMPL_CHECK return impl; -+} - --DEFINE_RUN_ONCE_STATIC(do_ex_data_init) -+int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i) - { -- OPENSSL_init_crypto(0, NULL); -- ex_data_lock = CRYPTO_THREAD_lock_new(); -- return ex_data_lock != NULL; -+ int toret = 0; -+ CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); -+ if (!impl) { -+ impl = i; -+ toret = 1; -+ } -+ CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); -+ return toret; - } - -+/****************************************************************************/ - /* -- * Return the EX_CALLBACKS from the |ex_data| array that corresponds to -- * a given class. On success, *holds the lock.* -+ * Interal (default) implementation of "ex_data" support. API functions are -+ * further down. - */ --static EX_CALLBACKS *get_and_lock(int class_index) --{ -- EX_CALLBACKS *ip; - -- if (class_index < 0 || class_index >= CRYPTO_EX_INDEX__COUNT) { -- CRYPTOerr(CRYPTO_F_GET_AND_LOCK, ERR_R_PASSED_INVALID_ARGUMENT); -- return NULL; -- } -+/* -+ * The type that represents what each "class" used to implement locally. A -+ * STACK of CRYPTO_EX_DATA_FUNCS plus a index-counter. The 'class_index' is -+ * the global value representing the class that is used to distinguish these -+ * items. -+ */ -+typedef struct st_ex_class_item { -+ int class_index; -+ STACK_OF(CRYPTO_EX_DATA_FUNCS) *meth; -+ int meth_num; -+} EX_CLASS_ITEM; - -- if (!RUN_ONCE(&ex_data_init, do_ex_data_init)) { -- CRYPTOerr(CRYPTO_F_GET_AND_LOCK, ERR_R_MALLOC_FAILURE); -- return NULL; -- } -+/* When assigning new class indexes, this is our counter */ -+static int ex_class = CRYPTO_EX_INDEX_USER; - -- if (ex_data_lock == NULL) { -- /* -- * This can happen in normal operation when using CRYPTO_mem_leaks(). -- * The CRYPTO_mem_leaks() function calls OPENSSL_cleanup() which cleans -- * up the locks. Subsequently the BIO that CRYPTO_mem_leaks() uses gets -- * freed, which also attempts to free the ex_data. However -- * CRYPTO_mem_leaks() ensures that the ex_data is freed early (i.e. -- * before OPENSSL_cleanup() is called), so if we get here we can safely -- * ignore this operation. We just treat it as an error. -- */ -- return NULL; -- } -+/* The global hash table of EX_CLASS_ITEM items */ -+DECLARE_LHASH_OF(EX_CLASS_ITEM); -+static LHASH_OF(EX_CLASS_ITEM) *ex_data = NULL; - -- ip = &ex_data[class_index]; -- CRYPTO_THREAD_write_lock(ex_data_lock); -- return ip; -+/* The callbacks required in the "ex_data" hash table */ -+static unsigned long ex_class_item_hash(const EX_CLASS_ITEM *a) -+{ -+ return a->class_index; - } - --static void cleanup_cb(EX_CALLBACK *funcs) -+static IMPLEMENT_LHASH_HASH_FN(ex_class_item, EX_CLASS_ITEM) -+ -+static int ex_class_item_cmp(const EX_CLASS_ITEM *a, const EX_CLASS_ITEM *b) - { -- OPENSSL_free(funcs); -+ return a->class_index - b->class_index; - } - -+static IMPLEMENT_LHASH_COMP_FN(ex_class_item, EX_CLASS_ITEM) -+ - /* -- * Release all "ex_data" state to prevent memory leaks. This can't be made -- * thread-safe without overhauling a lot of stuff, and shouldn't really be -- * called under potential race-conditions anyway (it's for program shutdown -- * after all). -+ * Internal functions used by the "impl_default" implementation to access the -+ * state - */ --void crypto_cleanup_all_ex_data_int(void) -+static int ex_data_check(void) - { -- int i; -- -- for (i = 0; i < CRYPTO_EX_INDEX__COUNT; ++i) { -- EX_CALLBACKS *ip = &ex_data[i]; -- -- sk_EX_CALLBACK_pop_free(ip->meth, cleanup_cb); -- ip->meth = NULL; -- } -- -- CRYPTO_THREAD_lock_free(ex_data_lock); -- ex_data_lock = NULL; -+ int toret = 1; -+ CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); -+ if (!ex_data && (ex_data = lh_EX_CLASS_ITEM_new()) == NULL) -+ toret = 0; -+ CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); -+ return toret; - } - -- - /* -- * Unregister a new index by replacing the callbacks with no-ops. -- * Any in-use instances are leaked. -+ * This macros helps reduce the locking from repeated checks because the -+ * ex_data_check() function checks ex_data again inside a lock. - */ --static void dummy_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, -- long argl, void *argp) --{ --} -+#define EX_DATA_CHECK(iffail) if(!ex_data && !ex_data_check()) {iffail} - --static void dummy_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, -- long argl, void *argp) -+/* This "inner" callback is used by the callback function that follows it */ -+static void def_cleanup_util_cb(CRYPTO_EX_DATA_FUNCS *funcs) - { -+ OPENSSL_free(funcs); - } - --static int dummy_dup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, -- void *from_d, int idx, -- long argl, void *argp) -+/* -+ * This callback is used in lh_doall to destroy all EX_CLASS_ITEM values from -+ * "ex_data" prior to the ex_data hash table being itself destroyed. Doesn't -+ * do any locking. -+ */ -+static void def_cleanup_cb(void *a_void) - { -- return 0; -+ EX_CLASS_ITEM *item = (EX_CLASS_ITEM *)a_void; -+ sk_CRYPTO_EX_DATA_FUNCS_pop_free(item->meth, def_cleanup_util_cb); -+ OPENSSL_free(item); - } - --int CRYPTO_free_ex_index(int class_index, int idx) -+/* -+ * Return the EX_CLASS_ITEM from the "ex_data" hash table that corresponds to -+ * a given class. Handles locking. -+ */ -+static EX_CLASS_ITEM *def_get_class(int class_index) - { -- EX_CALLBACKS *ip = get_and_lock(class_index); -- EX_CALLBACK *a; -- int toret = 0; -- -- if (ip == NULL) -- return 0; -- if (idx < 0 || idx >= sk_EX_CALLBACK_num(ip->meth)) -- goto err; -- a = sk_EX_CALLBACK_value(ip->meth, idx); -- if (a == NULL) -- goto err; -- a->new_func = dummy_new; -- a->dup_func = dummy_dup; -- a->free_func = dummy_free; -- toret = 1; --err: -- CRYPTO_THREAD_unlock(ex_data_lock); -- return toret; -+ EX_CLASS_ITEM d, *p, *gen; -+ EX_DATA_CHECK(return NULL;) -+ d.class_index = class_index; -+ CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); -+ p = lh_EX_CLASS_ITEM_retrieve(ex_data, &d); -+ if (!p) { -+ gen = OPENSSL_malloc(sizeof(EX_CLASS_ITEM)); -+ if (gen) { -+ gen->class_index = class_index; -+ gen->meth_num = 0; -+ gen->meth = sk_CRYPTO_EX_DATA_FUNCS_new_null(); -+ if (!gen->meth) -+ OPENSSL_free(gen); -+ else { -+ /* -+ * Because we're inside the ex_data lock, the return value -+ * from the insert will be NULL -+ */ -+ (void)lh_EX_CLASS_ITEM_insert(ex_data, gen); -+ p = gen; -+ } -+ } -+ } -+ CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); -+ if (!p) -+ CRYPTOerr(CRYPTO_F_DEF_GET_CLASS, ERR_R_MALLOC_FAILURE); -+ return p; - } - - /* -- * Register a new index. -+ * Add a new method to the given EX_CLASS_ITEM and return the corresponding -+ * index (or -1 for error). Handles locking. - */ --int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, -- CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, -- CRYPTO_EX_free *free_func) -+static int def_add_index(EX_CLASS_ITEM *item, long argl, void *argp, -+ CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, -+ CRYPTO_EX_free *free_func) - { - int toret = -1; -- EX_CALLBACK *a; -- EX_CALLBACKS *ip = get_and_lock(class_index); -- -- if (ip == NULL) -+ CRYPTO_EX_DATA_FUNCS *a = -+ (CRYPTO_EX_DATA_FUNCS *)OPENSSL_malloc(sizeof(CRYPTO_EX_DATA_FUNCS)); -+ if (!a) { -+ CRYPTOerr(CRYPTO_F_DEF_ADD_INDEX, ERR_R_MALLOC_FAILURE); - return -1; -- -- if (ip->meth == NULL) { -- ip->meth = sk_EX_CALLBACK_new_null(); -- /* We push an initial value on the stack because the SSL -- * "app_data" routines use ex_data index zero. See RT 3710. */ -- if (ip->meth == NULL -- || !sk_EX_CALLBACK_push(ip->meth, NULL)) { -- CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- } -- -- a = (EX_CALLBACK *)OPENSSL_malloc(sizeof(*a)); -- if (a == NULL) { -- CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX, ERR_R_MALLOC_FAILURE); -- goto err; - } - a->argl = argl; - a->argp = argp; - a->new_func = new_func; - a->dup_func = dup_func; - a->free_func = free_func; -- -- if (!sk_EX_CALLBACK_push(ip->meth, NULL)) { -- CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX, ERR_R_MALLOC_FAILURE); -- OPENSSL_free(a); -- goto err; -+ CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); -+ while (sk_CRYPTO_EX_DATA_FUNCS_num(item->meth) <= item->meth_num) { -+ if (!sk_CRYPTO_EX_DATA_FUNCS_push(item->meth, NULL)) { -+ CRYPTOerr(CRYPTO_F_DEF_ADD_INDEX, ERR_R_MALLOC_FAILURE); -+ OPENSSL_free(a); -+ goto err; -+ } - } -- toret = sk_EX_CALLBACK_num(ip->meth) - 1; -- (void)sk_EX_CALLBACK_set(ip->meth, toret, a); -- -+ toret = item->meth_num++; -+ (void)sk_CRYPTO_EX_DATA_FUNCS_set(item->meth, toret, a); - err: -- CRYPTO_THREAD_unlock(ex_data_lock); -+ CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); -+ return toret; -+} -+ -+/**************************************************************/ -+/* The functions in the default CRYPTO_EX_DATA_IMPL structure */ -+ -+static int int_new_class(void) -+{ -+ int toret; -+ CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); -+ toret = ex_class++; -+ CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); - return toret; - } - -+static void int_cleanup(void) -+{ -+ EX_DATA_CHECK(return;) -+ lh_EX_CLASS_ITEM_doall(ex_data, def_cleanup_cb); -+ lh_EX_CLASS_ITEM_free(ex_data); -+ ex_data = NULL; -+ impl = NULL; -+} -+ -+static int int_get_new_index(int class_index, long argl, void *argp, -+ CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, -+ CRYPTO_EX_free *free_func) -+{ -+ EX_CLASS_ITEM *item = def_get_class(class_index); -+ if (!item) -+ return -1; -+ return def_add_index(item, argl, argp, new_func, dup_func, free_func); -+} -+ - /* -- * Initialise a new CRYPTO_EX_DATA for use in a particular class - including -- * calling new() callbacks for each index in the class used by this variable -- * Thread-safe by copying a class's array of "EX_CALLBACK" entries -- * in the lock, then using them outside the lock. Note this only applies -- * to the global "ex_data" state (ie. class definitions), not 'ad' itself. -+ * Thread-safe by copying a class's array of "CRYPTO_EX_DATA_FUNCS" entries -+ * in the lock, then using them outside the lock. NB: Thread-safety only -+ * applies to the global "ex_data" state (ie. class definitions), not -+ * thread-safe on 'ad' itself. - */ --int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) -+static int int_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) - { - int mx, i; - void *ptr; -- EX_CALLBACK **storage = NULL; -- EX_CALLBACK *stack[10]; -- EX_CALLBACKS *ip = get_and_lock(class_index); -- -- if (ip == NULL) -+ CRYPTO_EX_DATA_FUNCS **storage = NULL; -+ EX_CLASS_ITEM *item = def_get_class(class_index); -+ if (!item) -+ /* error is already set */ - return 0; -- - ad->sk = NULL; -- -- mx = sk_EX_CALLBACK_num(ip->meth); -+ CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA); -+ mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth); - if (mx > 0) { -- if (mx < (int)OSSL_NELEM(stack)) -- storage = stack; -- else -- storage = OPENSSL_malloc(sizeof(*storage) * mx); -- if (storage != NULL) -- for (i = 0; i < mx; i++) -- storage[i] = sk_EX_CALLBACK_value(ip->meth, i); -+ storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS *)); -+ if (!storage) -+ goto skip; -+ for (i = 0; i < mx; i++) -+ storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth, i); - } -- CRYPTO_THREAD_unlock(ex_data_lock); -- -- if (mx > 0 && storage == NULL) { -- CRYPTOerr(CRYPTO_F_CRYPTO_NEW_EX_DATA, ERR_R_MALLOC_FAILURE); -+ skip: -+ CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA); -+ if ((mx > 0) && !storage) { -+ CRYPTOerr(CRYPTO_F_INT_NEW_EX_DATA, ERR_R_MALLOC_FAILURE); - return 0; - } - for (i = 0; i < mx; i++) { -@@ -241,50 +445,42 @@ int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) - storage[i]->argl, storage[i]->argp); - } - } -- if (storage != stack) -+ if (storage) - OPENSSL_free(storage); - return 1; - } - --/* -- * Duplicate a CRYPTO_EX_DATA variable - including calling dup() callbacks -- * for each index in the class used by this variable -- */ --int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, -- const CRYPTO_EX_DATA *from) -+/* Same thread-safety notes as for "int_new_ex_data" */ -+static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, -+ CRYPTO_EX_DATA *from) - { - int mx, j, i; - char *ptr; -- EX_CALLBACK *stack[10]; -- EX_CALLBACK **storage = NULL; -- EX_CALLBACKS *ip; -- -- if (from->sk == NULL) -- /* Nothing to copy over */ -+ CRYPTO_EX_DATA_FUNCS **storage = NULL; -+ EX_CLASS_ITEM *item; -+ if (!from->sk) -+ /* 'to' should be "blank" which *is* just like 'from' */ - return 1; -- if ((ip = get_and_lock(class_index)) == NULL) -+ if ((item = def_get_class(class_index)) == NULL) - return 0; -- -- mx = sk_EX_CALLBACK_num(ip->meth); -+ CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA); -+ mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth); - j = sk_void_num(from->sk); - if (j < mx) - mx = j; - if (mx > 0) { -- if (mx < (int)OSSL_NELEM(stack)) -- storage = stack; -- else -- storage = OPENSSL_malloc(sizeof(*storage) * mx); -- if (storage != NULL) -- for (i = 0; i < mx; i++) -- storage[i] = sk_EX_CALLBACK_value(ip->meth, i); -+ storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS *)); -+ if (!storage) -+ goto skip; -+ for (i = 0; i < mx; i++) -+ storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth, i); - } -- CRYPTO_THREAD_unlock(ex_data_lock); -- -- if (mx > 0 && storage == NULL) { -- CRYPTOerr(CRYPTO_F_CRYPTO_DUP_EX_DATA, ERR_R_MALLOC_FAILURE); -+ skip: -+ CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA); -+ if ((mx > 0) && !storage) { -+ CRYPTOerr(CRYPTO_F_INT_DUP_EX_DATA, ERR_R_MALLOC_FAILURE); - return 0; - } -- - for (i = 0; i < mx; i++) { - ptr = CRYPTO_get_ex_data(from, i); - if (storage[i] && storage[i]->dup_func) -@@ -292,59 +488,118 @@ int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, - storage[i]->argl, storage[i]->argp); - CRYPTO_set_ex_data(to, i, ptr); - } -- if (storage != stack) -+ if (storage) - OPENSSL_free(storage); - return 1; - } - -- --/* -- * Cleanup a CRYPTO_EX_DATA variable - including calling free() callbacks for -- * each index in the class used by this variable -- */ --void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) -+/* Same thread-safety notes as for "int_new_ex_data" */ -+static void int_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) - { - int mx, i; -- EX_CALLBACKS *ip; -+ EX_CLASS_ITEM *item; - void *ptr; -- EX_CALLBACK *f; -- EX_CALLBACK *stack[10]; -- EX_CALLBACK **storage = NULL; -- -- if ((ip = get_and_lock(class_index)) == NULL) -- goto err; -- -- mx = sk_EX_CALLBACK_num(ip->meth); -+ CRYPTO_EX_DATA_FUNCS **storage = NULL; -+ if (ex_data == NULL) -+ return; -+ if ((item = def_get_class(class_index)) == NULL) -+ return; -+ CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA); -+ mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth); - if (mx > 0) { -- if (mx < (int)OSSL_NELEM(stack)) -- storage = stack; -- else -- storage = OPENSSL_malloc(sizeof(*storage) * mx); -- if (storage != NULL) -- for (i = 0; i < mx; i++) -- storage[i] = sk_EX_CALLBACK_value(ip->meth, i); -+ storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS *)); -+ if (!storage) -+ goto skip; -+ for (i = 0; i < mx; i++) -+ storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth, i); -+ } -+ skip: -+ CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA); -+ if ((mx > 0) && !storage) { -+ CRYPTOerr(CRYPTO_F_INT_FREE_EX_DATA, ERR_R_MALLOC_FAILURE); -+ return; - } -- CRYPTO_THREAD_unlock(ex_data_lock); -- - for (i = 0; i < mx; i++) { -- if (storage != NULL) -- f = storage[i]; -- else { -- CRYPTO_THREAD_write_lock(ex_data_lock); -- f = sk_EX_CALLBACK_value(ip->meth, i); -- CRYPTO_THREAD_unlock(ex_data_lock); -- } -- if (f != NULL && f->free_func != NULL) { -+ if (storage[i] && storage[i]->free_func) { - ptr = CRYPTO_get_ex_data(ad, i); -- f->free_func(obj, ptr, ad, i, f->argl, f->argp); -+ storage[i]->free_func(obj, ptr, ad, i, -+ storage[i]->argl, storage[i]->argp); - } - } -- -- if (storage != stack) -+ if (storage) - OPENSSL_free(storage); -- err: -- sk_void_free(ad->sk); -- ad->sk = NULL; -+ if (ad->sk) { -+ sk_void_free(ad->sk); -+ ad->sk = NULL; -+ } -+} -+ -+/********************************************************************/ -+/* -+ * API functions that defer all "state" operations to the "ex_data" -+ * implementation we have set. -+ */ -+ -+/* -+ * Obtain an index for a new class (not the same as getting a new index -+ * within an existing class - this is actually getting a new *class*) -+ */ -+int CRYPTO_ex_data_new_class(void) -+{ -+ IMPL_CHECK return EX_IMPL(new_class) (); -+} -+ -+/* -+ * Release all "ex_data" state to prevent memory leaks. This can't be made -+ * thread-safe without overhauling a lot of stuff, and shouldn't really be -+ * called under potential race-conditions anyway (it's for program shutdown -+ * after all). -+ */ -+void CRYPTO_cleanup_all_ex_data(void) -+{ -+ IMPL_CHECK EX_IMPL(cleanup) (); -+} -+ -+/* Inside an existing class, get/register a new index. */ -+int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, -+ CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, -+ CRYPTO_EX_free *free_func) -+{ -+ int ret = -1; -+ -+ IMPL_CHECK -+ ret = EX_IMPL(get_new_index) (class_index, -+ argl, argp, new_func, dup_func, -+ free_func); -+ return ret; -+} -+ -+/* -+ * Initialise a new CRYPTO_EX_DATA for use in a particular class - including -+ * calling new() callbacks for each index in the class used by this variable -+ */ -+int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) -+{ -+ IMPL_CHECK return EX_IMPL(new_ex_data) (class_index, obj, ad); -+} -+ -+/* -+ * Duplicate a CRYPTO_EX_DATA variable - including calling dup() callbacks -+ * for each index in the class used by this variable -+ */ -+int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, -+ CRYPTO_EX_DATA *from) -+{ -+ IMPL_CHECK return EX_IMPL(dup_ex_data) (class_index, to, from); -+} -+ -+/* -+ * Cleanup a CRYPTO_EX_DATA variable - including calling free() callbacks for -+ * each index in the class used by this variable -+ */ -+void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) -+{ -+ IMPL_CHECK EX_IMPL(free_ex_data) (class_index, obj, ad); - } - - /* -@@ -358,18 +613,20 @@ int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val) - if (ad->sk == NULL) { - if ((ad->sk = sk_void_new_null()) == NULL) { - CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA, ERR_R_MALLOC_FAILURE); -- return 0; -+ return (0); - } - } -+ i = sk_void_num(ad->sk); - -- for (i = sk_void_num(ad->sk); i <= idx; ++i) { -+ while (i <= idx) { - if (!sk_void_push(ad->sk, NULL)) { - CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA, ERR_R_MALLOC_FAILURE); -- return 0; -+ return (0); - } -+ i++; - } - sk_void_set(ad->sk, idx, val); -- return 1; -+ return (1); - } - - /* -@@ -378,7 +635,12 @@ int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val) - */ - void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx) - { -- if (ad->sk == NULL || idx >= sk_void_num(ad->sk)) -- return NULL; -- return sk_void_value(ad->sk, idx); -+ if (ad->sk == NULL) -+ return (0); -+ else if (idx >= sk_void_num(ad->sk)) -+ return (0); -+ else -+ return (sk_void_value(ad->sk, idx)); - } -+ -+IMPLEMENT_STACK_OF(CRYPTO_EX_DATA_FUNCS) -diff --git a/Cryptlib/OpenSSL/crypto/fips_ers.c b/Cryptlib/OpenSSL/crypto/fips_ers.c -new file mode 100644 -index 0000000..1788ed2 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/fips_ers.c -@@ -0,0 +1,7 @@ -+#include -+ -+#ifdef OPENSSL_FIPS -+# include "fips_err.h" -+#else -+static void *dummy = &dummy; -+#endif -diff --git a/Cryptlib/OpenSSL/crypto/hmac/hm_ameth.c b/Cryptlib/OpenSSL/crypto/hmac/hm_ameth.c -index 78ae0ea..944c6c8 100644 ---- a/Cryptlib/OpenSSL/crypto/hmac/hm_ameth.c -+++ b/Cryptlib/OpenSSL/crypto/hmac/hm_ameth.c -@@ -1,16 +1,65 @@ - /* -- * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2007. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2007 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include --#include "internal/asn1_int.h" -+#include "asn1_locl.h" - - #define HMAC_TEST_PRIVATE_KEY_FORMAT - -@@ -26,7 +75,7 @@ static int hmac_size(const EVP_PKEY *pkey) - - static void hmac_key_free(EVP_PKEY *pkey) - { -- ASN1_OCTET_STRING *os = EVP_PKEY_get0(pkey); -+ ASN1_OCTET_STRING *os = (ASN1_OCTET_STRING *)pkey->pkey.ptr; - if (os) { - if (os->data) - OPENSSL_cleanse(os->data, os->length); -@@ -46,11 +95,6 @@ static int hmac_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) - } - } - --static int hmac_pkey_public_cmp(const EVP_PKEY *a, const EVP_PKEY *b) --{ -- return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b)); --} -- - #ifdef HMAC_TEST_PRIVATE_KEY_FORMAT - /* - * A bogus private key format for test purposes. This is simply the HMAC key -@@ -63,7 +107,7 @@ static int old_hmac_decode(EVP_PKEY *pkey, - { - ASN1_OCTET_STRING *os; - os = ASN1_OCTET_STRING_new(); -- if (os == NULL || !ASN1_OCTET_STRING_set(os, *pder, derlen)) -+ if (!os || !ASN1_OCTET_STRING_set(os, *pder, derlen)) - goto err; - if (!EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, os)) - goto err; -@@ -77,12 +121,10 @@ static int old_hmac_decode(EVP_PKEY *pkey, - static int old_hmac_encode(const EVP_PKEY *pkey, unsigned char **pder) - { - int inc; -- ASN1_OCTET_STRING *os = EVP_PKEY_get0(pkey); -+ ASN1_OCTET_STRING *os = (ASN1_OCTET_STRING *)pkey->pkey.ptr; - if (pder) { - if (!*pder) { - *pder = OPENSSL_malloc(os->length); -- if (*pder == NULL) -- return -1; - inc = 0; - } else - inc = 1; -@@ -106,12 +148,12 @@ const EVP_PKEY_ASN1_METHOD hmac_asn1_meth = { - "HMAC", - "OpenSSL HMAC method", - -- 0, 0, hmac_pkey_public_cmp, 0, -+ 0, 0, 0, 0, - - 0, 0, 0, - - hmac_size, -- 0, 0, -+ 0, - 0, 0, 0, 0, 0, 0, 0, - - hmac_key_free, -diff --git a/Cryptlib/OpenSSL/crypto/hmac/hm_pmeth.c b/Cryptlib/OpenSSL/crypto/hmac/hm_pmeth.c -index 5b98477..0ffff79 100644 ---- a/Cryptlib/OpenSSL/crypto/hmac/hm_pmeth.c -+++ b/Cryptlib/OpenSSL/crypto/hmac/hm_pmeth.c -@@ -1,41 +1,89 @@ - /* -- * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2007. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2007 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include - #include --#include "internal/evp_int.h" -+#include "evp_locl.h" - - /* HMAC pkey context structure */ - - typedef struct { - const EVP_MD *md; /* MD for HMAC use */ - ASN1_OCTET_STRING ktmp; /* Temp storage for key */ -- HMAC_CTX *ctx; -+ HMAC_CTX ctx; - } HMAC_PKEY_CTX; - - static int pkey_hmac_init(EVP_PKEY_CTX *ctx) - { - HMAC_PKEY_CTX *hctx; -- -- hctx = OPENSSL_zalloc(sizeof(*hctx)); -- if (hctx == NULL) -+ hctx = OPENSSL_malloc(sizeof(HMAC_PKEY_CTX)); -+ if (!hctx) - return 0; -+ hctx->md = NULL; -+ hctx->ktmp.data = NULL; -+ hctx->ktmp.length = 0; -+ hctx->ktmp.flags = 0; - hctx->ktmp.type = V_ASN1_OCTET_STRING; -- hctx->ctx = HMAC_CTX_new(); -- if (hctx->ctx == NULL) { -- OPENSSL_free(hctx); -- return 0; -- } -+ HMAC_CTX_init(&hctx->ctx); - - ctx->data = hctx; - ctx->keygen_info_count = 0; -@@ -43,42 +91,36 @@ static int pkey_hmac_init(EVP_PKEY_CTX *ctx) - return 1; - } - --static void pkey_hmac_cleanup(EVP_PKEY_CTX *ctx); -- - static int pkey_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) - { - HMAC_PKEY_CTX *sctx, *dctx; -- -- /* allocate memory for dst->data and a new HMAC_CTX in dst->data->ctx */ - if (!pkey_hmac_init(dst)) - return 0; -- sctx = EVP_PKEY_CTX_get_data(src); -- dctx = EVP_PKEY_CTX_get_data(dst); -+ sctx = src->data; -+ dctx = dst->data; - dctx->md = sctx->md; -- if (!HMAC_CTX_copy(dctx->ctx, sctx->ctx)) -- goto err; -+ HMAC_CTX_init(&dctx->ctx); -+ if (!HMAC_CTX_copy(&dctx->ctx, &sctx->ctx)) -+ return 0; - if (sctx->ktmp.data) { - if (!ASN1_OCTET_STRING_set(&dctx->ktmp, - sctx->ktmp.data, sctx->ktmp.length)) -- goto err; -+ return 0; - } - return 1; --err: -- /* release HMAC_CTX in dst->data->ctx and memory allocated for dst->data */ -- pkey_hmac_cleanup (dst); -- return 0; - } - - static void pkey_hmac_cleanup(EVP_PKEY_CTX *ctx) - { -- HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx); -- -- if (hctx != NULL) { -- HMAC_CTX_free(hctx->ctx); -- OPENSSL_clear_free(hctx->ktmp.data, hctx->ktmp.length); -- OPENSSL_free(hctx); -- EVP_PKEY_CTX_set_data(ctx, NULL); -+ HMAC_PKEY_CTX *hctx = ctx->data; -+ HMAC_CTX_cleanup(&hctx->ctx); -+ if (hctx->ktmp.data) { -+ if (hctx->ktmp.length) -+ OPENSSL_cleanse(hctx->ktmp.data, hctx->ktmp.length); -+ OPENSSL_free(hctx->ktmp.data); -+ hctx->ktmp.data = NULL; - } -+ OPENSSL_free(hctx); - } - - static int pkey_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) -@@ -97,8 +139,8 @@ static int pkey_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) - - static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count) - { -- HMAC_PKEY_CTX *hctx = EVP_MD_CTX_pkey_ctx(ctx)->data; -- if (!HMAC_Update(hctx->ctx, data, count)) -+ HMAC_PKEY_CTX *hctx = ctx->pctx->data; -+ if (!HMAC_Update(&hctx->ctx, data, count)) - return 0; - return 1; - } -@@ -106,10 +148,9 @@ static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count) - static int hmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) - { - HMAC_PKEY_CTX *hctx = ctx->data; -- HMAC_CTX_set_flags(hctx->ctx, -- EVP_MD_CTX_test_flags(mctx, ~EVP_MD_CTX_FLAG_NO_INIT)); -+ HMAC_CTX_set_flags(&hctx->ctx, mctx->flags & ~EVP_MD_CTX_FLAG_NO_INIT); - EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT); -- EVP_MD_CTX_set_update_fn(mctx, int_update); -+ mctx->update = int_update; - return 1; - } - -@@ -126,7 +167,7 @@ static int hmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, - if (!sig) - return 1; - -- if (!HMAC_Final(hctx->ctx, sig, &hlen)) -+ if (!HMAC_Final(&hctx->ctx, sig, &hlen)) - return 0; - *siglen = (size_t)hlen; - return 1; -@@ -151,7 +192,7 @@ static int pkey_hmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) - - case EVP_PKEY_CTRL_DIGESTINIT: - key = (ASN1_OCTET_STRING *)ctx->pkey->pkey.ptr; -- if (!HMAC_Init_ex(hctx->ctx, key->data, key->length, hctx->md, -+ if (!HMAC_Init_ex(&hctx->ctx, key->data, key->length, hctx->md, - ctx->engine)) - return 0; - break; -@@ -169,10 +210,21 @@ static int pkey_hmac_ctrl_str(EVP_PKEY_CTX *ctx, - if (!value) { - return 0; - } -- if (strcmp(type, "key") == 0) -- return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value); -- if (strcmp(type, "hexkey") == 0) -- return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value); -+ if (!strcmp(type, "key")) { -+ void *p = (void *)value; -+ return pkey_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, -1, p); -+ } -+ if (!strcmp(type, "hexkey")) { -+ unsigned char *key; -+ int r; -+ long keylen; -+ key = string_to_hex(value, &keylen); -+ if (!key) -+ return 0; -+ r = pkey_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key); -+ OPENSSL_free(key); -+ return r; -+ } - return -2; - } - -diff --git a/Cryptlib/OpenSSL/crypto/hmac/hmac.c b/Cryptlib/OpenSSL/crypto/hmac/hmac.c -index 3374105..213504e 100644 ---- a/Cryptlib/OpenSSL/crypto/hmac/hmac.c -+++ b/Cryptlib/OpenSSL/crypto/hmac/hmac.c -@@ -1,19 +1,69 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/hmac/hmac.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ -- - #include - #include - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include --#include --#include "hmac_lcl.h" -+ -+#ifdef OPENSSL_FIPS -+# include -+#endif - - int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, - const EVP_MD *md, ENGINE *impl) -@@ -21,6 +71,32 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, - int i, j, reset = 0; - unsigned char pad[HMAC_MAX_MD_CBLOCK]; - -+#ifdef OPENSSL_FIPS -+ /* If FIPS mode switch to approved implementation if possible */ -+ if (FIPS_mode()) { -+ const EVP_MD *fipsmd; -+ if (md) { -+ fipsmd = FIPS_get_digestbynid(EVP_MD_type(md)); -+ if (fipsmd) -+ md = fipsmd; -+ } -+ } -+ -+ if (FIPS_mode()) { -+ /* If we have an ENGINE need to allow non FIPS */ -+ if ((impl || ctx->i_ctx.engine) -+ && !(ctx->i_ctx.flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)) { -+ EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_DISABLED_FOR_FIPS); -+ return 0; -+ } -+ /* -+ * Other algorithm blocking will be done in FIPS_cmac_init, via -+ * FIPS_hmac_init_ex(). -+ */ -+ if (!impl && !ctx->i_ctx.engine) -+ return FIPS_hmac_init_ex(ctx, key, len, md, NULL); -+ } -+#endif - /* If we are changing MD then we must have a key */ - if (md != NULL && md != ctx->md && (key == NULL || len < 0)) - return 0; -@@ -39,11 +115,11 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, - j = EVP_MD_block_size(md); - OPENSSL_assert(j <= (int)sizeof(ctx->key)); - if (j < len) { -- if (!EVP_DigestInit_ex(ctx->md_ctx, md, impl)) -+ if (!EVP_DigestInit_ex(&ctx->md_ctx, md, impl)) - goto err; -- if (!EVP_DigestUpdate(ctx->md_ctx, key, len)) -+ if (!EVP_DigestUpdate(&ctx->md_ctx, key, len)) - goto err; -- if (!EVP_DigestFinal_ex(ctx->md_ctx, ctx->key, -+ if (!EVP_DigestFinal_ex(&(ctx->md_ctx), ctx->key, - &ctx->key_length)) - goto err; - } else { -@@ -60,181 +136,133 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, - if (reset) { - for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++) - pad[i] = 0x36 ^ ctx->key[i]; -- if (!EVP_DigestInit_ex(ctx->i_ctx, md, impl)) -+ if (!EVP_DigestInit_ex(&ctx->i_ctx, md, impl)) - goto err; -- if (!EVP_DigestUpdate(ctx->i_ctx, pad, EVP_MD_block_size(md))) -+ if (!EVP_DigestUpdate(&ctx->i_ctx, pad, EVP_MD_block_size(md))) - goto err; - - for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++) - pad[i] = 0x5c ^ ctx->key[i]; -- if (!EVP_DigestInit_ex(ctx->o_ctx, md, impl)) -+ if (!EVP_DigestInit_ex(&ctx->o_ctx, md, impl)) - goto err; -- if (!EVP_DigestUpdate(ctx->o_ctx, pad, EVP_MD_block_size(md))) -+ if (!EVP_DigestUpdate(&ctx->o_ctx, pad, EVP_MD_block_size(md))) - goto err; - } -- if (!EVP_MD_CTX_copy_ex(ctx->md_ctx, ctx->i_ctx)) -+ if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->i_ctx)) - goto err; - return 1; - err: - return 0; - } - --#if OPENSSL_API_COMPAT < 0x10100000L - int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md) - { - if (key && md) -- HMAC_CTX_reset(ctx); -+ HMAC_CTX_init(ctx); - return HMAC_Init_ex(ctx, key, len, md, NULL); - } --#endif - - int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len) - { -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode() && !ctx->i_ctx.engine) -+ return FIPS_hmac_update(ctx, data, len); -+#endif - if (!ctx->md) - return 0; -- return EVP_DigestUpdate(ctx->md_ctx, data, len); -+ -+ return EVP_DigestUpdate(&ctx->md_ctx, data, len); - } - - int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) - { - unsigned int i; - unsigned char buf[EVP_MAX_MD_SIZE]; -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode() && !ctx->i_ctx.engine) -+ return FIPS_hmac_final(ctx, md, len); -+#endif - - if (!ctx->md) - goto err; - -- if (!EVP_DigestFinal_ex(ctx->md_ctx, buf, &i)) -+ if (!EVP_DigestFinal_ex(&ctx->md_ctx, buf, &i)) - goto err; -- if (!EVP_MD_CTX_copy_ex(ctx->md_ctx, ctx->o_ctx)) -+ if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->o_ctx)) - goto err; -- if (!EVP_DigestUpdate(ctx->md_ctx, buf, i)) -+ if (!EVP_DigestUpdate(&ctx->md_ctx, buf, i)) - goto err; -- if (!EVP_DigestFinal_ex(ctx->md_ctx, md, len)) -+ if (!EVP_DigestFinal_ex(&ctx->md_ctx, md, len)) - goto err; - return 1; - err: - return 0; - } - --size_t HMAC_size(const HMAC_CTX *ctx) --{ -- return EVP_MD_size((ctx)->md); --} -- --HMAC_CTX *HMAC_CTX_new(void) --{ -- HMAC_CTX *ctx = OPENSSL_zalloc(sizeof(HMAC_CTX)); -- -- if (ctx != NULL) { -- if (!HMAC_CTX_reset(ctx)) { -- HMAC_CTX_free(ctx); -- return NULL; -- } -- } -- return ctx; --} -- --static void hmac_ctx_cleanup(HMAC_CTX *ctx) -+void HMAC_CTX_init(HMAC_CTX *ctx) - { -- EVP_MD_CTX_reset(ctx->i_ctx); -- EVP_MD_CTX_reset(ctx->o_ctx); -- EVP_MD_CTX_reset(ctx->md_ctx); -+ EVP_MD_CTX_init(&ctx->i_ctx); -+ EVP_MD_CTX_init(&ctx->o_ctx); -+ EVP_MD_CTX_init(&ctx->md_ctx); - ctx->md = NULL; -- ctx->key_length = 0; -- OPENSSL_cleanse(ctx->key, sizeof(ctx->key)); --} -- --void HMAC_CTX_free(HMAC_CTX *ctx) --{ -- if (ctx != NULL) { -- hmac_ctx_cleanup(ctx); -- EVP_MD_CTX_free(ctx->i_ctx); -- EVP_MD_CTX_free(ctx->o_ctx); -- EVP_MD_CTX_free(ctx->md_ctx); -- OPENSSL_free(ctx); -- } --} -- --int HMAC_CTX_reset(HMAC_CTX *ctx) --{ -- hmac_ctx_cleanup(ctx); -- if (ctx->i_ctx == NULL) -- ctx->i_ctx = EVP_MD_CTX_new(); -- if (ctx->i_ctx == NULL) -- goto err; -- if (ctx->o_ctx == NULL) -- ctx->o_ctx = EVP_MD_CTX_new(); -- if (ctx->o_ctx == NULL) -- goto err; -- if (ctx->md_ctx == NULL) -- ctx->md_ctx = EVP_MD_CTX_new(); -- if (ctx->md_ctx == NULL) -- goto err; -- ctx->md = NULL; -- return 1; -- err: -- hmac_ctx_cleanup(ctx); -- return 0; - } - - int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx) - { -- if (!HMAC_CTX_reset(dctx)) -+ if (!EVP_MD_CTX_copy(&dctx->i_ctx, &sctx->i_ctx)) - goto err; -- if (!EVP_MD_CTX_copy_ex(dctx->i_ctx, sctx->i_ctx)) -+ if (!EVP_MD_CTX_copy(&dctx->o_ctx, &sctx->o_ctx)) - goto err; -- if (!EVP_MD_CTX_copy_ex(dctx->o_ctx, sctx->o_ctx)) -- goto err; -- if (!EVP_MD_CTX_copy_ex(dctx->md_ctx, sctx->md_ctx)) -+ if (!EVP_MD_CTX_copy(&dctx->md_ctx, &sctx->md_ctx)) - goto err; - memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK); - dctx->key_length = sctx->key_length; - dctx->md = sctx->md; - return 1; - err: -- hmac_ctx_cleanup(dctx); - return 0; - } - -+void HMAC_CTX_cleanup(HMAC_CTX *ctx) -+{ -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode() && !ctx->i_ctx.engine) { -+ FIPS_hmac_ctx_cleanup(ctx); -+ return; -+ } -+#endif -+ EVP_MD_CTX_cleanup(&ctx->i_ctx); -+ EVP_MD_CTX_cleanup(&ctx->o_ctx); -+ EVP_MD_CTX_cleanup(&ctx->md_ctx); -+ OPENSSL_cleanse(ctx, sizeof *ctx); -+} -+ - unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, - const unsigned char *d, size_t n, unsigned char *md, - unsigned int *md_len) - { -- HMAC_CTX *c = NULL; -+ HMAC_CTX c; - static unsigned char m[EVP_MAX_MD_SIZE]; -- static const unsigned char dummy_key[1] = {'\0'}; - - if (md == NULL) - md = m; -- if ((c = HMAC_CTX_new()) == NULL) -+ HMAC_CTX_init(&c); -+ if (!HMAC_Init(&c, key, key_len, evp_md)) - goto err; -- -- /* For HMAC_Init_ex, NULL key signals reuse. */ -- if (key == NULL && key_len == 0) { -- key = dummy_key; -- } -- -- if (!HMAC_Init_ex(c, key, key_len, evp_md, NULL)) -- goto err; -- if (!HMAC_Update(c, d, n)) -+ if (!HMAC_Update(&c, d, n)) - goto err; -- if (!HMAC_Final(c, md, md_len)) -+ if (!HMAC_Final(&c, md, md_len)) - goto err; -- HMAC_CTX_free(c); -+ HMAC_CTX_cleanup(&c); - return md; - err: -- HMAC_CTX_free(c); -+ HMAC_CTX_cleanup(&c); - return NULL; - } - - void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags) - { -- EVP_MD_CTX_set_flags(ctx->i_ctx, flags); -- EVP_MD_CTX_set_flags(ctx->o_ctx, flags); -- EVP_MD_CTX_set_flags(ctx->md_ctx, flags); --} -- --const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx) --{ -- return ctx->md; -+ EVP_MD_CTX_set_flags(&ctx->i_ctx, flags); -+ EVP_MD_CTX_set_flags(&ctx->o_ctx, flags); -+ EVP_MD_CTX_set_flags(&ctx->md_ctx, flags); - } -diff --git a/Cryptlib/OpenSSL/crypto/hmac/hmac_lcl.h b/Cryptlib/OpenSSL/crypto/hmac/hmac_lcl.h -deleted file mode 100644 -index 4c156dc..0000000 ---- a/Cryptlib/OpenSSL/crypto/hmac/hmac_lcl.h -+++ /dev/null -@@ -1,33 +0,0 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#ifndef HEADER_HMAC_LCL_H --# define HEADER_HMAC_LCL_H -- --#ifdef __cplusplus --extern "C" { --#endif --#if 0 /* emacs indentation fix */ --} --#endif -- --struct hmac_ctx_st { -- const EVP_MD *md; -- EVP_MD_CTX *md_ctx; -- EVP_MD_CTX *i_ctx; -- EVP_MD_CTX *o_ctx; -- unsigned int key_length; -- unsigned char key[HMAC_MAX_MD_CBLOCK]; --}; -- --#ifdef __cplusplus --} /* extern "C" */ --#endif -- --#endif -diff --git a/Cryptlib/OpenSSL/crypto/include/internal/asn1_int.h b/Cryptlib/OpenSSL/crypto/include/internal/asn1_int.h -deleted file mode 100644 -index f70e3b4..0000000 ---- a/Cryptlib/OpenSSL/crypto/include/internal/asn1_int.h -+++ /dev/null -@@ -1,94 +0,0 @@ --/* -- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --/* Internal ASN1 structures and functions: not for application use */ -- --/* ASN1 public key method structure */ -- --struct evp_pkey_asn1_method_st { -- int pkey_id; -- int pkey_base_id; -- unsigned long pkey_flags; -- char *pem_str; -- char *info; -- int (*pub_decode) (EVP_PKEY *pk, X509_PUBKEY *pub); -- int (*pub_encode) (X509_PUBKEY *pub, const EVP_PKEY *pk); -- int (*pub_cmp) (const EVP_PKEY *a, const EVP_PKEY *b); -- int (*pub_print) (BIO *out, const EVP_PKEY *pkey, int indent, -- ASN1_PCTX *pctx); -- int (*priv_decode) (EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf); -- int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk); -- int (*priv_print) (BIO *out, const EVP_PKEY *pkey, int indent, -- ASN1_PCTX *pctx); -- int (*pkey_size) (const EVP_PKEY *pk); -- int (*pkey_bits) (const EVP_PKEY *pk); -- int (*pkey_security_bits) (const EVP_PKEY *pk); -- int (*param_decode) (EVP_PKEY *pkey, -- const unsigned char **pder, int derlen); -- int (*param_encode) (const EVP_PKEY *pkey, unsigned char **pder); -- int (*param_missing) (const EVP_PKEY *pk); -- int (*param_copy) (EVP_PKEY *to, const EVP_PKEY *from); -- int (*param_cmp) (const EVP_PKEY *a, const EVP_PKEY *b); -- int (*param_print) (BIO *out, const EVP_PKEY *pkey, int indent, -- ASN1_PCTX *pctx); -- int (*sig_print) (BIO *out, -- const X509_ALGOR *sigalg, const ASN1_STRING *sig, -- int indent, ASN1_PCTX *pctx); -- void (*pkey_free) (EVP_PKEY *pkey); -- int (*pkey_ctrl) (EVP_PKEY *pkey, int op, long arg1, void *arg2); -- /* Legacy functions for old PEM */ -- int (*old_priv_decode) (EVP_PKEY *pkey, -- const unsigned char **pder, int derlen); -- int (*old_priv_encode) (const EVP_PKEY *pkey, unsigned char **pder); -- /* Custom ASN1 signature verification */ -- int (*item_verify) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, -- X509_ALGOR *a, ASN1_BIT_STRING *sig, EVP_PKEY *pkey); -- int (*item_sign) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, -- X509_ALGOR *alg1, X509_ALGOR *alg2, -- ASN1_BIT_STRING *sig); --} /* EVP_PKEY_ASN1_METHOD */ ; -- --DEFINE_STACK_OF_CONST(EVP_PKEY_ASN1_METHOD) -- --extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth; --extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth; --extern const EVP_PKEY_ASN1_METHOD dhx_asn1_meth; --extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[5]; --extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth; --extern const EVP_PKEY_ASN1_METHOD ecx25519_asn1_meth; --extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth; --extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[2]; -- --/* -- * These are used internally in the ASN1_OBJECT to keep track of whether the -- * names and data need to be free()ed -- */ --# define ASN1_OBJECT_FLAG_DYNAMIC 0x01/* internal use */ --# define ASN1_OBJECT_FLAG_CRITICAL 0x02/* critical x509v3 object id */ --# define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04/* internal use */ --# define ASN1_OBJECT_FLAG_DYNAMIC_DATA 0x08/* internal use */ --struct asn1_object_st { -- const char *sn, *ln; -- int nid; -- int length; -- const unsigned char *data; /* data remains const after init */ -- int flags; /* Should we free this one */ --}; -- --/* ASN1 print context structure */ -- --struct asn1_pctx_st { -- unsigned long flags; -- unsigned long nm_flags; -- unsigned long cert_flags; -- unsigned long oid_flags; -- unsigned long str_flags; --} /* ASN1_PCTX */ ; -- --int asn1_valid_host(const ASN1_STRING *host); -diff --git a/Cryptlib/OpenSSL/crypto/include/internal/async.h b/Cryptlib/OpenSSL/crypto/include/internal/async.h -deleted file mode 100644 -index db56258..0000000 ---- a/Cryptlib/OpenSSL/crypto/include/internal/async.h -+++ /dev/null -@@ -1,14 +0,0 @@ --/* -- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include -- --int async_init(void); --void async_deinit(void); -- -diff --git a/Cryptlib/OpenSSL/crypto/include/internal/bn_dh.h b/Cryptlib/OpenSSL/crypto/include/internal/bn_dh.h -deleted file mode 100644 -index b4bca40..0000000 ---- a/Cryptlib/OpenSSL/crypto/include/internal/bn_dh.h -+++ /dev/null -@@ -1,17 +0,0 @@ --/* -- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#define declare_dh_bn(x) \ -- const extern BIGNUM _bignum_dh##x##_p; \ -- const extern BIGNUM _bignum_dh##x##_g; \ -- const extern BIGNUM _bignum_dh##x##_q; -- --declare_dh_bn(1024_160) --declare_dh_bn(2048_224) --declare_dh_bn(2048_256) -diff --git a/Cryptlib/OpenSSL/crypto/include/internal/bn_int.h b/Cryptlib/OpenSSL/crypto/include/internal/bn_int.h -deleted file mode 100644 -index 9c984ba..0000000 ---- a/Cryptlib/OpenSSL/crypto/include/internal/bn_int.h -+++ /dev/null -@@ -1,82 +0,0 @@ --/* -- * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#ifndef HEADER_BN_INT_H --# define HEADER_BN_INT_H -- --# include --# include -- --#ifdef __cplusplus --extern "C" { --#endif -- --BIGNUM *bn_wexpand(BIGNUM *a, int words); --BIGNUM *bn_expand2(BIGNUM *a, int words); -- --void bn_correct_top(BIGNUM *a); -- --/* -- * Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'. -- * This is an array r[] of values that are either zero or odd with an -- * absolute value less than 2^w satisfying scalar = \sum_j r[j]*2^j where at -- * most one of any w+1 consecutive digits is non-zero with the exception that -- * the most significant digit may be only w-1 zeros away from that next -- * non-zero digit. -- */ --signed char *bn_compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len); -- --int bn_get_top(const BIGNUM *a); -- --void bn_set_top(BIGNUM *a, int top); -- --int bn_get_dmax(const BIGNUM *a); -- --/* Set all words to zero */ --void bn_set_all_zero(BIGNUM *a); -- --/* -- * Copy the internal BIGNUM words into out which holds size elements (and size -- * must be bigger than top) -- */ --int bn_copy_words(BN_ULONG *out, const BIGNUM *in, int size); -- --BN_ULONG *bn_get_words(const BIGNUM *a); -- --/* -- * Set the internal data words in a to point to words which contains size -- * elements. The BN_FLG_STATIC_DATA flag is set -- */ --void bn_set_static_words(BIGNUM *a, BN_ULONG *words, int size); -- --/* -- * Copy words into the BIGNUM |a|, reallocating space as necessary. -- * The negative flag of |a| is not modified. -- * Returns 1 on success and 0 on failure. -- */ --/* -- * |num_words| is int because bn_expand2 takes an int. This is an internal -- * function so we simply trust callers not to pass negative values. -- */ --int bn_set_words(BIGNUM *a, BN_ULONG *words, int num_words); -- --size_t bn_sizeof_BIGNUM(void); -- --/* -- * Return element el from an array of BIGNUMs starting at base (required -- * because callers do not know the size of BIGNUM at compilation time) -- */ --BIGNUM *bn_array_el(BIGNUM *base, int el); -- -- --#ifdef __cplusplus --} --#endif -- --#endif -diff --git a/Cryptlib/OpenSSL/crypto/include/internal/bn_srp.h b/Cryptlib/OpenSSL/crypto/include/internal/bn_srp.h -deleted file mode 100644 -index d4b282a..0000000 ---- a/Cryptlib/OpenSSL/crypto/include/internal/bn_srp.h -+++ /dev/null -@@ -1,32 +0,0 @@ --/* -- * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#ifndef OPENSSL_NO_SRP -- --extern const BIGNUM bn_group_1024; -- --extern const BIGNUM bn_group_1536; -- --extern const BIGNUM bn_group_2048; -- --extern const BIGNUM bn_group_3072; -- --extern const BIGNUM bn_group_4096; -- --extern const BIGNUM bn_group_6144; -- --extern const BIGNUM bn_group_8192; -- --extern const BIGNUM bn_generator_19; -- --extern const BIGNUM bn_generator_5; -- --extern const BIGNUM bn_generator_2; -- --#endif -diff --git a/Cryptlib/OpenSSL/crypto/include/internal/chacha.h b/Cryptlib/OpenSSL/crypto/include/internal/chacha.h -deleted file mode 100644 -index 7d4366e..0000000 ---- a/Cryptlib/OpenSSL/crypto/include/internal/chacha.h -+++ /dev/null -@@ -1,49 +0,0 @@ --/* -- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#ifndef HEADER_CHACHA_H --#define HEADER_CHACHA_H -- --#include -- --#ifdef __cplusplus --extern "C" { --#endif -- --/* -- * ChaCha20_ctr32 encrypts |len| bytes from |inp| with the given key and -- * nonce and writes the result to |out|, which may be equal to |inp|. -- * The |key| is not 32 bytes of verbatim key material though, but the -- * said material collected into 8 32-bit elements array in host byte -- * order. Same approach applies to nonce: the |counter| argument is -- * pointer to concatenated nonce and counter values collected into 4 -- * 32-bit elements. This, passing crypto material collected into 32-bit -- * elements as opposite to passing verbatim byte vectors, is chosen for -- * efficiency in multi-call scenarios. -- */ --void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp, -- size_t len, const unsigned int key[8], -- const unsigned int counter[4]); --/* -- * You can notice that there is no key setup procedure. Because it's -- * as trivial as collecting bytes into 32-bit elements, it's reckoned -- * that below macro is sufficient. -- */ --#define CHACHA_U8TOU32(p) ( \ -- ((unsigned int)(p)[0]) | ((unsigned int)(p)[1]<<8) | \ -- ((unsigned int)(p)[2]<<16) | ((unsigned int)(p)[3]<<24) ) -- --#define CHACHA_KEY_SIZE 32 --#define CHACHA_CTR_SIZE 16 --#define CHACHA_BLK_SIZE 64 -- --#ifdef __cplusplus --} --#endif --#endif -diff --git a/Cryptlib/OpenSSL/crypto/include/internal/cryptlib.h b/Cryptlib/OpenSSL/crypto/include/internal/cryptlib.h -deleted file mode 100644 -index f3ec9b6..0000000 ---- a/Cryptlib/OpenSSL/crypto/include/internal/cryptlib.h -+++ /dev/null -@@ -1,81 +0,0 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#ifndef HEADER_CRYPTLIB_H --# define HEADER_CRYPTLIB_H -- --# include --# include -- --# include "e_os.h" -- --# ifdef OPENSSL_USE_APPLINK --# undef BIO_FLAGS_UPLINK --# define BIO_FLAGS_UPLINK 0x8000 --# include "ms/uplink.h" --# endif -- --# include --# include --# include --# include -- --#ifdef __cplusplus --extern "C" { --#endif -- --typedef struct ex_callback_st EX_CALLBACK; -- --DEFINE_STACK_OF(EX_CALLBACK) -- --typedef struct app_mem_info_st APP_INFO; -- --typedef struct mem_st MEM; --DEFINE_LHASH_OF(MEM); -- --# ifndef OPENSSL_SYS_VMS --# define X509_CERT_AREA OPENSSLDIR --# define X509_CERT_DIR OPENSSLDIR "/certs" --# define X509_CERT_FILE OPENSSLDIR "/cert.pem" --# define X509_PRIVATE_DIR OPENSSLDIR "/private" --# define CTLOG_FILE OPENSSLDIR "/ct_log_list.cnf" --# else --# define X509_CERT_AREA "OSSL$DATAROOT:[000000]" --# define X509_CERT_DIR "OSSL$DATAROOT:[CERTS]" --# define X509_CERT_FILE "OSSL$DATAROOT:[000000]cert.pem" --# define X509_PRIVATE_DIR "OSSL$DATAROOT:[PRIVATE]" --# define CTLOG_FILE "OSSL$DATAROOT:[000000]ct_log_list.cnf" --# endif -- --# define X509_CERT_DIR_EVP "SSL_CERT_DIR" --# define X509_CERT_FILE_EVP "SSL_CERT_FILE" --# define CTLOG_FILE_EVP "CTLOG_FILE" -- --/* size of string representations */ --# define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1) --# define HEX_SIZE(type) (sizeof(type)*2) -- --void OPENSSL_cpuid_setup(void); --extern unsigned int OPENSSL_ia32cap_P[]; --void OPENSSL_showfatal(const char *fmta, ...); --extern int OPENSSL_NONPIC_relocated; --void crypto_cleanup_all_ex_data_int(void); -- --int openssl_strerror_r(int errnum, char *buf, size_t buflen); --# if !defined(OPENSSL_NO_STDIO) --FILE *openssl_fopen(const char *filename, const char *mode); --# else --void *openssl_fopen(const char *filename, const char *mode); --# endif -- --#ifdef __cplusplus --} --#endif -- --#endif -diff --git a/Cryptlib/OpenSSL/crypto/include/internal/cryptlib_int.h b/Cryptlib/OpenSSL/crypto/include/internal/cryptlib_int.h -deleted file mode 100644 -index 8e2a719..0000000 ---- a/Cryptlib/OpenSSL/crypto/include/internal/cryptlib_int.h -+++ /dev/null -@@ -1,31 +0,0 @@ --/* -- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include -- --/* This file is not scanned by mkdef.pl, whereas cryptlib.h is */ -- --struct thread_local_inits_st { -- int async; -- int err_state; --}; -- --int ossl_init_thread_start(uint64_t opts); -- --/* -- * OPENSSL_INIT flags. The primary list of these is in crypto.h. Flags below -- * are those omitted from crypto.h because they are "reserved for internal -- * use". -- */ --# define OPENSSL_INIT_ZLIB 0x00010000L -- --/* OPENSSL_INIT_THREAD flags */ --# define OPENSSL_INIT_THREAD_ASYNC 0x01 --# define OPENSSL_INIT_THREAD_ERR_STATE 0x02 -- -diff --git a/Cryptlib/OpenSSL/crypto/include/internal/engine.h b/Cryptlib/OpenSSL/crypto/include/internal/engine.h -deleted file mode 100644 -index 977cf06..0000000 ---- a/Cryptlib/OpenSSL/crypto/include/internal/engine.h -+++ /dev/null -@@ -1,20 +0,0 @@ --/* -- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include -- --void engine_load_openssl_int(void); --void engine_load_cryptodev_int(void); --void engine_load_rdrand_int(void); --void engine_load_dynamic_int(void); --void engine_load_padlock_int(void); --void engine_load_capi_int(void); --void engine_load_dasync_int(void); --void engine_load_afalg_int(void); --void engine_cleanup_int(void); -diff --git a/Cryptlib/OpenSSL/crypto/include/internal/err_int.h b/Cryptlib/OpenSSL/crypto/include/internal/err_int.h -deleted file mode 100644 -index 7fec3ed..0000000 ---- a/Cryptlib/OpenSSL/crypto/include/internal/err_int.h -+++ /dev/null -@@ -1,17 +0,0 @@ --/* -- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#ifndef INTERNAL_ERR_INT_H --# define INTERNAL_ERR_INT_H -- --int err_load_crypto_strings_int(void); --void err_cleanup(void); --void err_delete_thread_state(void); -- --#endif -diff --git a/Cryptlib/OpenSSL/crypto/include/internal/evp_int.h b/Cryptlib/OpenSSL/crypto/include/internal/evp_int.h -deleted file mode 100644 -index c9ef582..0000000 ---- a/Cryptlib/OpenSSL/crypto/include/internal/evp_int.h -+++ /dev/null -@@ -1,389 +0,0 @@ --/* -- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --struct evp_pkey_ctx_st { -- /* Method associated with this operation */ -- const EVP_PKEY_METHOD *pmeth; -- /* Engine that implements this method or NULL if builtin */ -- ENGINE *engine; -- /* Key: may be NULL */ -- EVP_PKEY *pkey; -- /* Peer key for key agreement, may be NULL */ -- EVP_PKEY *peerkey; -- /* Actual operation */ -- int operation; -- /* Algorithm specific data */ -- void *data; -- /* Application specific data */ -- void *app_data; -- /* Keygen callback */ -- EVP_PKEY_gen_cb *pkey_gencb; -- /* implementation specific keygen data */ -- int *keygen_info; -- int keygen_info_count; --} /* EVP_PKEY_CTX */ ; -- --#define EVP_PKEY_FLAG_DYNAMIC 1 -- --struct evp_pkey_method_st { -- int pkey_id; -- int flags; -- int (*init) (EVP_PKEY_CTX *ctx); -- int (*copy) (EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src); -- void (*cleanup) (EVP_PKEY_CTX *ctx); -- int (*paramgen_init) (EVP_PKEY_CTX *ctx); -- int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); -- int (*keygen_init) (EVP_PKEY_CTX *ctx); -- int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); -- int (*sign_init) (EVP_PKEY_CTX *ctx); -- int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, -- const unsigned char *tbs, size_t tbslen); -- int (*verify_init) (EVP_PKEY_CTX *ctx); -- int (*verify) (EVP_PKEY_CTX *ctx, -- const unsigned char *sig, size_t siglen, -- const unsigned char *tbs, size_t tbslen); -- int (*verify_recover_init) (EVP_PKEY_CTX *ctx); -- int (*verify_recover) (EVP_PKEY_CTX *ctx, -- unsigned char *rout, size_t *routlen, -- const unsigned char *sig, size_t siglen); -- int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); -- int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, -- EVP_MD_CTX *mctx); -- int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); -- int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen, -- EVP_MD_CTX *mctx); -- int (*encrypt_init) (EVP_PKEY_CTX *ctx); -- int (*encrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, -- const unsigned char *in, size_t inlen); -- int (*decrypt_init) (EVP_PKEY_CTX *ctx); -- int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, -- const unsigned char *in, size_t inlen); -- int (*derive_init) (EVP_PKEY_CTX *ctx); -- int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); -- int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2); -- int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value); --} /* EVP_PKEY_METHOD */ ; -- --DEFINE_STACK_OF_CONST(EVP_PKEY_METHOD) -- --void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx); -- --extern const EVP_PKEY_METHOD cmac_pkey_meth; --extern const EVP_PKEY_METHOD dh_pkey_meth; --extern const EVP_PKEY_METHOD dhx_pkey_meth; --extern const EVP_PKEY_METHOD dsa_pkey_meth; --extern const EVP_PKEY_METHOD ec_pkey_meth; --extern const EVP_PKEY_METHOD ecx25519_pkey_meth; --extern const EVP_PKEY_METHOD hmac_pkey_meth; --extern const EVP_PKEY_METHOD rsa_pkey_meth; --extern const EVP_PKEY_METHOD tls1_prf_pkey_meth; --extern const EVP_PKEY_METHOD hkdf_pkey_meth; -- --struct evp_md_st { -- int type; -- int pkey_type; -- int md_size; -- unsigned long flags; -- int (*init) (EVP_MD_CTX *ctx); -- int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count); -- int (*final) (EVP_MD_CTX *ctx, unsigned char *md); -- int (*copy) (EVP_MD_CTX *to, const EVP_MD_CTX *from); -- int (*cleanup) (EVP_MD_CTX *ctx); -- int block_size; -- int ctx_size; /* how big does the ctx->md_data need to be */ -- /* control function */ -- int (*md_ctrl) (EVP_MD_CTX *ctx, int cmd, int p1, void *p2); --} /* EVP_MD */ ; -- --struct evp_cipher_st { -- int nid; -- int block_size; -- /* Default value for variable length ciphers */ -- int key_len; -- int iv_len; -- /* Various flags */ -- unsigned long flags; -- /* init key */ -- int (*init) (EVP_CIPHER_CTX *ctx, const unsigned char *key, -- const unsigned char *iv, int enc); -- /* encrypt/decrypt data */ -- int (*do_cipher) (EVP_CIPHER_CTX *ctx, unsigned char *out, -- const unsigned char *in, size_t inl); -- /* cleanup ctx */ -- int (*cleanup) (EVP_CIPHER_CTX *); -- /* how big ctx->cipher_data needs to be */ -- int ctx_size; -- /* Populate a ASN1_TYPE with parameters */ -- int (*set_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *); -- /* Get parameters from a ASN1_TYPE */ -- int (*get_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *); -- /* Miscellaneous operations */ -- int (*ctrl) (EVP_CIPHER_CTX *, int type, int arg, void *ptr); -- /* Application data */ -- void *app_data; --} /* EVP_CIPHER */ ; -- --/* Macros to code block cipher wrappers */ -- --/* Wrapper functions for each cipher mode */ -- --#define EVP_C_DATA(kstruct, ctx) \ -- ((kstruct *)EVP_CIPHER_CTX_get_cipher_data(ctx)) -- --#define BLOCK_CIPHER_ecb_loop() \ -- size_t i, bl; \ -- bl = EVP_CIPHER_CTX_cipher(ctx)->block_size; \ -- if (inl < bl) return 1;\ -- inl -= bl; \ -- for (i=0; i <= inl; i+=bl) -- --#define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ --static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ --{\ -- BLOCK_CIPHER_ecb_loop() \ -- cprefix##_ecb_encrypt(in + i, out + i, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_encrypting(ctx)); \ -- return 1;\ --} -- --#define EVP_MAXCHUNK ((size_t)1<<(sizeof(long)*8-2)) -- --#define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \ -- static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ --{\ -- while(inl>=EVP_MAXCHUNK) {\ -- int num = EVP_CIPHER_CTX_num(ctx);\ -- cprefix##_ofb##cbits##_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), &num); \ -- EVP_CIPHER_CTX_set_num(ctx, num);\ -- inl-=EVP_MAXCHUNK;\ -- in +=EVP_MAXCHUNK;\ -- out+=EVP_MAXCHUNK;\ -- }\ -- if (inl) {\ -- int num = EVP_CIPHER_CTX_num(ctx);\ -- cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), &num); \ -- EVP_CIPHER_CTX_set_num(ctx, num);\ -- }\ -- return 1;\ --} -- --#define BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \ --static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ --{\ -- while(inl>=EVP_MAXCHUNK) \ -- {\ -- cprefix##_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), EVP_CIPHER_CTX_encrypting(ctx));\ -- inl-=EVP_MAXCHUNK;\ -- in +=EVP_MAXCHUNK;\ -- out+=EVP_MAXCHUNK;\ -- }\ -- if (inl)\ -- cprefix##_cbc_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), EVP_CIPHER_CTX_encrypting(ctx));\ -- return 1;\ --} -- --#define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ --static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ --{\ -- size_t chunk = EVP_MAXCHUNK;\ -- if (cbits == 1) chunk >>= 3;\ -- if (inl < chunk) chunk = inl;\ -- while (inl && inl >= chunk)\ -- {\ -- int num = EVP_CIPHER_CTX_num(ctx);\ -- cprefix##_cfb##cbits##_encrypt(in, out, (long) \ -- ((cbits == 1) \ -- && !EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS) \ -- ? inl*8 : inl), \ -- &EVP_C_DATA(kstruct, ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx),\ -- &num, EVP_CIPHER_CTX_encrypting(ctx));\ -- EVP_CIPHER_CTX_set_num(ctx, num);\ -- inl -= chunk;\ -- in += chunk;\ -- out += chunk;\ -- if (inl < chunk) chunk = inl;\ -- }\ -- return 1;\ --} -- --#define BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \ -- BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \ -- BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ -- BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ -- BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) -- --#define BLOCK_CIPHER_def1(cname, nmode, mode, MODE, kstruct, nid, block_size, \ -- key_len, iv_len, flags, init_key, cleanup, \ -- set_asn1, get_asn1, ctrl) \ --static const EVP_CIPHER cname##_##mode = { \ -- nid##_##nmode, block_size, key_len, iv_len, \ -- flags | EVP_CIPH_##MODE##_MODE, \ -- init_key, \ -- cname##_##mode##_cipher, \ -- cleanup, \ -- sizeof(kstruct), \ -- set_asn1, get_asn1,\ -- ctrl, \ -- NULL \ --}; \ --const EVP_CIPHER *EVP_##cname##_##mode(void) { return &cname##_##mode; } -- --#define BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, \ -- iv_len, flags, init_key, cleanup, set_asn1, \ -- get_asn1, ctrl) \ --BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \ -- iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl) -- --#define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \ -- iv_len, cbits, flags, init_key, cleanup, \ -- set_asn1, get_asn1, ctrl) \ --BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, 1, \ -- key_len, iv_len, flags, init_key, cleanup, set_asn1, \ -- get_asn1, ctrl) -- --#define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, \ -- iv_len, cbits, flags, init_key, cleanup, \ -- set_asn1, get_asn1, ctrl) \ --BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, 1, \ -- key_len, iv_len, flags, init_key, cleanup, set_asn1, \ -- get_asn1, ctrl) -- --#define BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, \ -- flags, init_key, cleanup, set_asn1, \ -- get_asn1, ctrl) \ --BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \ -- 0, flags, init_key, cleanup, set_asn1, get_asn1, ctrl) -- --#define BLOCK_CIPHER_defs(cname, kstruct, \ -- nid, block_size, key_len, iv_len, cbits, flags, \ -- init_key, cleanup, set_asn1, get_asn1, ctrl) \ --BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \ -- init_key, cleanup, set_asn1, get_asn1, ctrl) \ --BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits, \ -- flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ --BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits, \ -- flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ --BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, flags, \ -- init_key, cleanup, set_asn1, get_asn1, ctrl) -- --/*- --#define BLOCK_CIPHER_defs(cname, kstruct, \ -- nid, block_size, key_len, iv_len, flags,\ -- init_key, cleanup, set_asn1, get_asn1, ctrl)\ --static const EVP_CIPHER cname##_cbc = {\ -- nid##_cbc, block_size, key_len, iv_len, \ -- flags | EVP_CIPH_CBC_MODE,\ -- init_key,\ -- cname##_cbc_cipher,\ -- cleanup,\ -- sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ -- sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ -- set_asn1, get_asn1,\ -- ctrl, \ -- NULL \ --};\ --const EVP_CIPHER *EVP_##cname##_cbc(void) { return &cname##_cbc; }\ --static const EVP_CIPHER cname##_cfb = {\ -- nid##_cfb64, 1, key_len, iv_len, \ -- flags | EVP_CIPH_CFB_MODE,\ -- init_key,\ -- cname##_cfb_cipher,\ -- cleanup,\ -- sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ -- sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ -- set_asn1, get_asn1,\ -- ctrl,\ -- NULL \ --};\ --const EVP_CIPHER *EVP_##cname##_cfb(void) { return &cname##_cfb; }\ --static const EVP_CIPHER cname##_ofb = {\ -- nid##_ofb64, 1, key_len, iv_len, \ -- flags | EVP_CIPH_OFB_MODE,\ -- init_key,\ -- cname##_ofb_cipher,\ -- cleanup,\ -- sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ -- sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ -- set_asn1, get_asn1,\ -- ctrl,\ -- NULL \ --};\ --const EVP_CIPHER *EVP_##cname##_ofb(void) { return &cname##_ofb; }\ --static const EVP_CIPHER cname##_ecb = {\ -- nid##_ecb, block_size, key_len, iv_len, \ -- flags | EVP_CIPH_ECB_MODE,\ -- init_key,\ -- cname##_ecb_cipher,\ -- cleanup,\ -- sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ -- sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ -- set_asn1, get_asn1,\ -- ctrl,\ -- NULL \ --};\ --const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; } --*/ -- --#define IMPLEMENT_BLOCK_CIPHER(cname, ksched, cprefix, kstruct, nid, \ -- block_size, key_len, iv_len, cbits, \ -- flags, init_key, \ -- cleanup, set_asn1, get_asn1, ctrl) \ -- BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \ -- BLOCK_CIPHER_defs(cname, kstruct, nid, block_size, key_len, iv_len, \ -- cbits, flags, init_key, cleanup, set_asn1, \ -- get_asn1, ctrl) -- --#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len,fl) \ -- BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \ -- BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \ -- NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \ -- (fl)|EVP_CIPH_FLAG_DEFAULT_ASN1, \ -- cipher##_init_key, NULL, NULL, NULL, NULL) -- -- --/* -- * Type needs to be a bit field Sub-type needs to be for variations on the -- * method, as in, can it do arbitrary encryption.... -- */ --struct evp_pkey_st { -- int type; -- int save_type; -- int references; -- const EVP_PKEY_ASN1_METHOD *ameth; -- ENGINE *engine; -- union { -- void *ptr; --# ifndef OPENSSL_NO_RSA -- struct rsa_st *rsa; /* RSA */ --# endif --# ifndef OPENSSL_NO_DSA -- struct dsa_st *dsa; /* DSA */ --# endif --# ifndef OPENSSL_NO_DH -- struct dh_st *dh; /* DH */ --# endif --# ifndef OPENSSL_NO_EC -- struct ec_key_st *ec; /* ECC */ --# endif -- } pkey; -- int save_parameters; -- STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ -- CRYPTO_RWLOCK *lock; --} /* EVP_PKEY */ ; -- -- --void openssl_add_all_ciphers_int(void); --void openssl_add_all_digests_int(void); --void evp_cleanup_int(void); -- --/* Pulling defines out of C soure files */ -- --#define EVP_RC4_KEY_SIZE 16 --#ifndef TLS1_1_VERSION --# define TLS1_1_VERSION 0x0302 --#endif -diff --git a/Cryptlib/OpenSSL/crypto/include/internal/md32_common.h b/Cryptlib/OpenSSL/crypto/include/internal/md32_common.h -deleted file mode 100644 -index 6e4ce14..0000000 ---- a/Cryptlib/OpenSSL/crypto/include/internal/md32_common.h -+++ /dev/null -@@ -1,383 +0,0 @@ --/* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --/*- -- * This is a generic 32 bit "collector" for message digest algorithms. -- * Whenever needed it collects input character stream into chunks of -- * 32 bit values and invokes a block function that performs actual hash -- * calculations. -- * -- * Porting guide. -- * -- * Obligatory macros: -- * -- * DATA_ORDER_IS_BIG_ENDIAN or DATA_ORDER_IS_LITTLE_ENDIAN -- * this macro defines byte order of input stream. -- * HASH_CBLOCK -- * size of a unit chunk HASH_BLOCK operates on. -- * HASH_LONG -- * has to be at lest 32 bit wide. -- * HASH_CTX -- * context structure that at least contains following -- * members: -- * typedef struct { -- * ... -- * HASH_LONG Nl,Nh; -- * either { -- * HASH_LONG data[HASH_LBLOCK]; -- * unsigned char data[HASH_CBLOCK]; -- * }; -- * unsigned int num; -- * ... -- * } HASH_CTX; -- * data[] vector is expected to be zeroed upon first call to -- * HASH_UPDATE. -- * HASH_UPDATE -- * name of "Update" function, implemented here. -- * HASH_TRANSFORM -- * name of "Transform" function, implemented here. -- * HASH_FINAL -- * name of "Final" function, implemented here. -- * HASH_BLOCK_DATA_ORDER -- * name of "block" function capable of treating *unaligned* input -- * message in original (data) byte order, implemented externally. -- * HASH_MAKE_STRING -- * macro convering context variables to an ASCII hash string. -- * -- * MD5 example: -- * -- * #define DATA_ORDER_IS_LITTLE_ENDIAN -- * -- * #define HASH_LONG MD5_LONG -- * #define HASH_CTX MD5_CTX -- * #define HASH_CBLOCK MD5_CBLOCK -- * #define HASH_UPDATE MD5_Update -- * #define HASH_TRANSFORM MD5_Transform -- * #define HASH_FINAL MD5_Final -- * #define HASH_BLOCK_DATA_ORDER md5_block_data_order -- * -- * -- */ -- --#include -- --#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN) --# error "DATA_ORDER must be defined!" --#endif -- --#ifndef HASH_CBLOCK --# error "HASH_CBLOCK must be defined!" --#endif --#ifndef HASH_LONG --# error "HASH_LONG must be defined!" --#endif --#ifndef HASH_CTX --# error "HASH_CTX must be defined!" --#endif -- --#ifndef HASH_UPDATE --# error "HASH_UPDATE must be defined!" --#endif --#ifndef HASH_TRANSFORM --# error "HASH_TRANSFORM must be defined!" --#endif --#ifndef HASH_FINAL --# error "HASH_FINAL must be defined!" --#endif -- --#ifndef HASH_BLOCK_DATA_ORDER --# error "HASH_BLOCK_DATA_ORDER must be defined!" --#endif -- --/* -- * Engage compiler specific rotate intrinsic function if available. -- */ --#undef ROTATE --#ifndef PEDANTIC --# if defined(_MSC_VER) --# define ROTATE(a,n) _lrotl(a,n) --# elif defined(__ICC) --# define ROTATE(a,n) _rotl(a,n) --# elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) -- /* -- * Some GNU C inline assembler templates. Note that these are -- * rotates by *constant* number of bits! But that's exactly -- * what we need here... -- * -- */ --# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) --# define ROTATE(a,n) ({ register unsigned int ret; \ -- asm ( \ -- "roll %1,%0" \ -- : "=r"(ret) \ -- : "I"(n), "0"((unsigned int)(a)) \ -- : "cc"); \ -- ret; \ -- }) --# elif defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \ -- defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__) --# define ROTATE(a,n) ({ register unsigned int ret; \ -- asm ( \ -- "rlwinm %0,%1,%2,0,31" \ -- : "=r"(ret) \ -- : "r"(a), "I"(n)); \ -- ret; \ -- }) --# elif defined(__s390x__) --# define ROTATE(a,n) ({ register unsigned int ret; \ -- asm ("rll %0,%1,%2" \ -- : "=r"(ret) \ -- : "r"(a), "I"(n)); \ -- ret; \ -- }) --# endif --# endif --#endif /* PEDANTIC */ -- --#ifndef ROTATE --# define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n)))) --#endif -- --#if defined(DATA_ORDER_IS_BIG_ENDIAN) -- --# ifndef PEDANTIC --# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) --# if ((defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)) || \ -- (defined(__x86_64) || defined(__x86_64__)) --# if !defined(B_ENDIAN) -- /* -- * This gives ~30-40% performance improvement in SHA-256 compiled -- * with gcc [on P4]. Well, first macro to be frank. We can pull -- * this trick on x86* platforms only, because these CPUs can fetch -- * unaligned data without raising an exception. -- */ --# define HOST_c2l(c,l) ({ unsigned int r=*((const unsigned int *)(c)); \ -- asm ("bswapl %0":"=r"(r):"0"(r)); \ -- (c)+=4; (l)=r; }) --# define HOST_l2c(l,c) ({ unsigned int r=(l); \ -- asm ("bswapl %0":"=r"(r):"0"(r)); \ -- *((unsigned int *)(c))=r; (c)+=4; r; }) --# endif --# elif defined(__aarch64__) --# if defined(__BYTE_ORDER__) --# if defined(__ORDER_LITTLE_ENDIAN__) && __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__ --# define HOST_c2l(c,l) ({ unsigned int r; \ -- asm ("rev %w0,%w1" \ -- :"=r"(r) \ -- :"r"(*((const unsigned int *)(c))));\ -- (c)+=4; (l)=r; }) --# define HOST_l2c(l,c) ({ unsigned int r; \ -- asm ("rev %w0,%w1" \ -- :"=r"(r) \ -- :"r"((unsigned int)(l)));\ -- *((unsigned int *)(c))=r; (c)+=4; r; }) --# elif defined(__ORDER_BIG_ENDIAN__) && __BYTE_ORDER__==__ORDER_BIG_ENDIAN__ --# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l)) --# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l)) --# endif --# endif --# endif --# endif --# if defined(__s390__) || defined(__s390x__) --# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l)) --# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l)) --# endif --# endif -- --# ifndef HOST_c2l --# define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \ -- l|=(((unsigned long)(*((c)++)))<<16), \ -- l|=(((unsigned long)(*((c)++)))<< 8), \ -- l|=(((unsigned long)(*((c)++))) ) ) --# endif --# ifndef HOST_l2c --# define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ -- *((c)++)=(unsigned char)(((l)>>16)&0xff), \ -- *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ -- *((c)++)=(unsigned char)(((l) )&0xff), \ -- l) --# endif -- --#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) -- --# ifndef PEDANTIC --# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) --# if defined(__s390x__) --# define HOST_c2l(c,l) ({ asm ("lrv %0,%1" \ -- :"=d"(l) :"m"(*(const unsigned int *)(c)));\ -- (c)+=4; (l); }) --# define HOST_l2c(l,c) ({ asm ("strv %1,%0" \ -- :"=m"(*(unsigned int *)(c)) :"d"(l));\ -- (c)+=4; (l); }) --# endif --# endif --# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) --# ifndef B_ENDIAN -- /* See comment in DATA_ORDER_IS_BIG_ENDIAN section. */ --# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, l) --# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, l) --# endif --# endif --# endif -- --# ifndef HOST_c2l --# define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \ -- l|=(((unsigned long)(*((c)++)))<< 8), \ -- l|=(((unsigned long)(*((c)++)))<<16), \ -- l|=(((unsigned long)(*((c)++)))<<24) ) --# endif --# ifndef HOST_l2c --# define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ -- *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ -- *((c)++)=(unsigned char)(((l)>>16)&0xff), \ -- *((c)++)=(unsigned char)(((l)>>24)&0xff), \ -- l) --# endif -- --#endif -- --/* -- * Time for some action:-) -- */ -- --int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len) --{ -- const unsigned char *data = data_; -- unsigned char *p; -- HASH_LONG l; -- size_t n; -- -- if (len == 0) -- return 1; -- -- l = (c->Nl + (((HASH_LONG) len) << 3)) & 0xffffffffUL; -- /* -- * 95-05-24 eay Fixed a bug with the overflow handling, thanks to Wei Dai -- * for pointing it out. -- */ -- if (l < c->Nl) /* overflow */ -- c->Nh++; -- c->Nh += (HASH_LONG) (len >> 29); /* might cause compiler warning on -- * 16-bit */ -- c->Nl = l; -- -- n = c->num; -- if (n != 0) { -- p = (unsigned char *)c->data; -- -- if (len >= HASH_CBLOCK || len + n >= HASH_CBLOCK) { -- memcpy(p + n, data, HASH_CBLOCK - n); -- HASH_BLOCK_DATA_ORDER(c, p, 1); -- n = HASH_CBLOCK - n; -- data += n; -- len -= n; -- c->num = 0; -- /* -- * We use memset rather than OPENSSL_cleanse() here deliberately. -- * Using OPENSSL_cleanse() here could be a performance issue. It -- * will get properly cleansed on finalisation so this isn't a -- * security problem. -- */ -- memset(p, 0, HASH_CBLOCK); /* keep it zeroed */ -- } else { -- memcpy(p + n, data, len); -- c->num += (unsigned int)len; -- return 1; -- } -- } -- -- n = len / HASH_CBLOCK; -- if (n > 0) { -- HASH_BLOCK_DATA_ORDER(c, data, n); -- n *= HASH_CBLOCK; -- data += n; -- len -= n; -- } -- -- if (len != 0) { -- p = (unsigned char *)c->data; -- c->num = (unsigned int)len; -- memcpy(p, data, len); -- } -- return 1; --} -- --void HASH_TRANSFORM(HASH_CTX *c, const unsigned char *data) --{ -- HASH_BLOCK_DATA_ORDER(c, data, 1); --} -- --int HASH_FINAL(unsigned char *md, HASH_CTX *c) --{ -- unsigned char *p = (unsigned char *)c->data; -- size_t n = c->num; -- -- p[n] = 0x80; /* there is always room for one */ -- n++; -- -- if (n > (HASH_CBLOCK - 8)) { -- memset(p + n, 0, HASH_CBLOCK - n); -- n = 0; -- HASH_BLOCK_DATA_ORDER(c, p, 1); -- } -- memset(p + n, 0, HASH_CBLOCK - 8 - n); -- -- p += HASH_CBLOCK - 8; --#if defined(DATA_ORDER_IS_BIG_ENDIAN) -- (void)HOST_l2c(c->Nh, p); -- (void)HOST_l2c(c->Nl, p); --#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) -- (void)HOST_l2c(c->Nl, p); -- (void)HOST_l2c(c->Nh, p); --#endif -- p -= HASH_CBLOCK; -- HASH_BLOCK_DATA_ORDER(c, p, 1); -- c->num = 0; -- OPENSSL_cleanse(p, HASH_CBLOCK); -- --#ifndef HASH_MAKE_STRING --# error "HASH_MAKE_STRING must be defined!" --#else -- HASH_MAKE_STRING(c, md); --#endif -- -- return 1; --} -- --#ifndef MD32_REG_T --# if defined(__alpha) || defined(__sparcv9) || defined(__mips) --# define MD32_REG_T long --/* -- * This comment was originally written for MD5, which is why it -- * discusses A-D. But it basically applies to all 32-bit digests, -- * which is why it was moved to common header file. -- * -- * In case you wonder why A-D are declared as long and not -- * as MD5_LONG. Doing so results in slight performance -- * boost on LP64 architectures. The catch is we don't -- * really care if 32 MSBs of a 64-bit register get polluted -- * with eventual overflows as we *save* only 32 LSBs in -- * *either* case. Now declaring 'em long excuses the compiler -- * from keeping 32 MSBs zeroed resulting in 13% performance -- * improvement under SPARC Solaris7/64 and 5% under AlphaLinux. -- * Well, to be honest it should say that this *prevents* -- * performance degradation. -- * -- */ --# else --/* -- * Above is not absolute and there are LP64 compilers that -- * generate better code if MD32_REG_T is defined int. The above -- * pre-processor condition reflects the circumstances under which -- * the conclusion was made and is subject to further extension. -- * -- */ --# define MD32_REG_T int --# endif --#endif -diff --git a/Cryptlib/OpenSSL/crypto/include/internal/objects.h b/Cryptlib/OpenSSL/crypto/include/internal/objects.h -deleted file mode 100644 -index 76e1b4d..0000000 ---- a/Cryptlib/OpenSSL/crypto/include/internal/objects.h -+++ /dev/null -@@ -1,12 +0,0 @@ --/* -- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include -- --void obj_cleanup_int(void); -diff --git a/Cryptlib/OpenSSL/crypto/include/internal/poly1305.h b/Cryptlib/OpenSSL/crypto/include/internal/poly1305.h -deleted file mode 100644 -index 1bc8716..0000000 ---- a/Cryptlib/OpenSSL/crypto/include/internal/poly1305.h -+++ /dev/null -@@ -1,19 +0,0 @@ --/* -- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include -- --#define POLY1305_BLOCK_SIZE 16 -- --typedef struct poly1305_context POLY1305; -- --size_t Poly1305_ctx_size(void); --void Poly1305_Init(POLY1305 *ctx, const unsigned char key[32]); --void Poly1305_Update(POLY1305 *ctx, const unsigned char *inp, size_t len); --void Poly1305_Final(POLY1305 *ctx, unsigned char mac[16]); -diff --git a/Cryptlib/OpenSSL/crypto/include/internal/rand.h b/Cryptlib/OpenSSL/crypto/include/internal/rand.h -deleted file mode 100644 -index 30887c4..0000000 ---- a/Cryptlib/OpenSSL/crypto/include/internal/rand.h -+++ /dev/null -@@ -1,20 +0,0 @@ --/* -- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --/* -- * Licensed under the OpenSSL licenses, (the "License"); -- * you may not use this file except in compliance with the License. -- * You may obtain a copy of the License at -- * https://www.openssl.org/source/license.html -- * or in the file LICENSE in the source distribution. -- */ -- --#include -- --void rand_cleanup_int(void); -diff --git a/Cryptlib/OpenSSL/crypto/include/internal/x509_int.h b/Cryptlib/OpenSSL/crypto/include/internal/x509_int.h -deleted file mode 100644 -index 2845026..0000000 ---- a/Cryptlib/OpenSSL/crypto/include/internal/x509_int.h -+++ /dev/null -@@ -1,267 +0,0 @@ --/* -- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --/* Internal X509 structures and functions: not for application use */ -- --/* Note: unless otherwise stated a field pointer is mandatory and should -- * never be set to NULL: the ASN.1 code and accessors rely on mandatory -- * fields never being NULL. -- */ -- --/* -- * name entry structure, equivalent to AttributeTypeAndValue defined -- * in RFC5280 et al. -- */ --struct X509_name_entry_st { -- ASN1_OBJECT *object; /* AttributeType */ -- ASN1_STRING *value; /* AttributeValue */ -- int set; /* index of RDNSequence for this entry */ -- int size; /* temp variable */ --}; -- --/* Name from RFC 5280. */ --struct X509_name_st { -- STACK_OF(X509_NAME_ENTRY) *entries; /* DN components */ -- int modified; /* true if 'bytes' needs to be built */ -- BUF_MEM *bytes; /* cached encoding: cannot be NULL */ -- /* canonical encoding used for rapid Name comparison */ -- unsigned char *canon_enc; -- int canon_enclen; --} /* X509_NAME */ ; -- --/* PKCS#10 certificate request */ -- --struct X509_req_info_st { -- ASN1_ENCODING enc; /* cached encoding of signed part */ -- ASN1_INTEGER *version; /* version, defaults to v1(0) so can be NULL */ -- X509_NAME *subject; /* certificate request DN */ -- X509_PUBKEY *pubkey; /* public key of request */ -- /* -- * Zero or more attributes. -- * NB: although attributes is a mandatory field some broken -- * encodings omit it so this may be NULL in that case. -- */ -- STACK_OF(X509_ATTRIBUTE) *attributes; --}; -- --struct X509_req_st { -- X509_REQ_INFO req_info; /* signed certificate request data */ -- X509_ALGOR sig_alg; /* signature algorithm */ -- ASN1_BIT_STRING *signature; /* signature */ -- int references; -- CRYPTO_RWLOCK *lock; --}; -- --struct X509_crl_info_st { -- ASN1_INTEGER *version; /* version: defaults to v1(0) so may be NULL */ -- X509_ALGOR sig_alg; /* signature algorithm */ -- X509_NAME *issuer; /* CRL issuer name */ -- ASN1_TIME *lastUpdate; /* lastUpdate field */ -- ASN1_TIME *nextUpdate; /* nextUpdate field: optional */ -- STACK_OF(X509_REVOKED) *revoked; /* revoked entries: optional */ -- STACK_OF(X509_EXTENSION) *extensions; /* extensions: optional */ -- ASN1_ENCODING enc; /* encoding of signed portion of CRL */ --}; -- --struct X509_crl_st { -- X509_CRL_INFO crl; /* signed CRL data */ -- X509_ALGOR sig_alg; /* CRL signature algorithm */ -- ASN1_BIT_STRING signature; /* CRL signature */ -- int references; -- int flags; -- /* -- * Cached copies of decoded extension values, since extensions -- * are optional any of these can be NULL. -- */ -- AUTHORITY_KEYID *akid; -- ISSUING_DIST_POINT *idp; -- /* Convenient breakdown of IDP */ -- int idp_flags; -- int idp_reasons; -- /* CRL and base CRL numbers for delta processing */ -- ASN1_INTEGER *crl_number; -- ASN1_INTEGER *base_crl_number; -- STACK_OF(GENERAL_NAMES) *issuers; -- /* hash of CRL */ -- unsigned char sha1_hash[SHA_DIGEST_LENGTH]; -- /* alternative method to handle this CRL */ -- const X509_CRL_METHOD *meth; -- void *meth_data; -- CRYPTO_RWLOCK *lock; --}; -- --struct x509_revoked_st { -- ASN1_INTEGER serialNumber; /* revoked entry serial number */ -- ASN1_TIME *revocationDate; /* revocation date */ -- STACK_OF(X509_EXTENSION) *extensions; /* CRL entry extensions: optional */ -- /* decoded value of CRLissuer extension: set if indirect CRL */ -- STACK_OF(GENERAL_NAME) *issuer; -- /* revocation reason: set to CRL_REASON_NONE if reason extension absent */ -- int reason; -- /* -- * CRL entries are reordered for faster lookup of serial numbers. This -- * field contains the original load sequence for this entry. -- */ -- int sequence; --}; -- --/* -- * This stuff is certificate "auxiliary info": it contains details which are -- * useful in certificate stores and databases. When used this is tagged onto -- * the end of the certificate itself. OpenSSL specific structure not defined -- * in any RFC. -- */ -- --struct x509_cert_aux_st { -- STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */ -- STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */ -- ASN1_UTF8STRING *alias; /* "friendly name" */ -- ASN1_OCTET_STRING *keyid; /* key id of private key */ -- STACK_OF(X509_ALGOR) *other; /* other unspecified info */ --}; -- --struct x509_cinf_st { -- ASN1_INTEGER *version; /* [ 0 ] default of v1 */ -- ASN1_INTEGER serialNumber; -- X509_ALGOR signature; -- X509_NAME *issuer; -- X509_VAL validity; -- X509_NAME *subject; -- X509_PUBKEY *key; -- ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */ -- ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */ -- STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */ -- ASN1_ENCODING enc; --}; -- --struct x509_st { -- X509_CINF cert_info; -- X509_ALGOR sig_alg; -- ASN1_BIT_STRING signature; -- int references; -- CRYPTO_EX_DATA ex_data; -- /* These contain copies of various extension values */ -- long ex_pathlen; -- long ex_pcpathlen; -- uint32_t ex_flags; -- uint32_t ex_kusage; -- uint32_t ex_xkusage; -- uint32_t ex_nscert; -- ASN1_OCTET_STRING *skid; -- AUTHORITY_KEYID *akid; -- X509_POLICY_CACHE *policy_cache; -- STACK_OF(DIST_POINT) *crldp; -- STACK_OF(GENERAL_NAME) *altname; -- NAME_CONSTRAINTS *nc; --#ifndef OPENSSL_NO_RFC3779 -- STACK_OF(IPAddressFamily) *rfc3779_addr; -- struct ASIdentifiers_st *rfc3779_asid; --# endif -- unsigned char sha1_hash[SHA_DIGEST_LENGTH]; -- X509_CERT_AUX *aux; -- CRYPTO_RWLOCK *lock; --} /* X509 */ ; -- --/* -- * This is a used when verifying cert chains. Since the gathering of the -- * cert chain can take some time (and have to be 'retried', this needs to be -- * kept and passed around. -- */ --struct x509_store_ctx_st { /* X509_STORE_CTX */ -- X509_STORE *ctx; -- /* The following are set by the caller */ -- /* The cert to check */ -- X509 *cert; -- /* chain of X509s - untrusted - passed in */ -- STACK_OF(X509) *untrusted; -- /* set of CRLs passed in */ -- STACK_OF(X509_CRL) *crls; -- X509_VERIFY_PARAM *param; -- /* Other info for use with get_issuer() */ -- void *other_ctx; -- /* Callbacks for various operations */ -- /* called to verify a certificate */ -- int (*verify) (X509_STORE_CTX *ctx); -- /* error callback */ -- int (*verify_cb) (int ok, X509_STORE_CTX *ctx); -- /* get issuers cert from ctx */ -- int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x); -- /* check issued */ -- int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer); -- /* Check revocation status of chain */ -- int (*check_revocation) (X509_STORE_CTX *ctx); -- /* retrieve CRL */ -- int (*get_crl) (X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); -- /* Check CRL validity */ -- int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl); -- /* Check certificate against CRL */ -- int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); -- /* Check policy status of the chain */ -- int (*check_policy) (X509_STORE_CTX *ctx); -- STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm); -- STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm); -- int (*cleanup) (X509_STORE_CTX *ctx); -- /* The following is built up */ -- /* if 0, rebuild chain */ -- int valid; -- /* number of untrusted certs */ -- int num_untrusted; -- /* chain of X509s - built up and trusted */ -- STACK_OF(X509) *chain; -- /* Valid policy tree */ -- X509_POLICY_TREE *tree; -- /* Require explicit policy value */ -- int explicit_policy; -- /* When something goes wrong, this is why */ -- int error_depth; -- int error; -- X509 *current_cert; -- /* cert currently being tested as valid issuer */ -- X509 *current_issuer; -- /* current CRL */ -- X509_CRL *current_crl; -- /* score of current CRL */ -- int current_crl_score; -- /* Reason mask */ -- unsigned int current_reasons; -- /* For CRL path validation: parent context */ -- X509_STORE_CTX *parent; -- CRYPTO_EX_DATA ex_data; -- SSL_DANE *dane; -- /* signed via bare TA public key, rather than CA certificate */ -- int bare_ta_signed; --}; -- --/* PKCS#8 private key info structure */ -- --struct pkcs8_priv_key_info_st { -- ASN1_INTEGER *version; -- X509_ALGOR *pkeyalg; -- ASN1_OCTET_STRING *pkey; -- STACK_OF(X509_ATTRIBUTE) *attributes; --}; -- --struct X509_sig_st { -- X509_ALGOR *algor; -- ASN1_OCTET_STRING *digest; --}; -- --struct x509_object_st { -- /* one of the above types */ -- X509_LOOKUP_TYPE type; -- union { -- char *ptr; -- X509 *x509; -- X509_CRL *crl; -- EVP_PKEY *pkey; -- } data; --}; -- --int a2i_ipadd(unsigned char *ipout, const char *ipasc); --int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm); -diff --git a/Cryptlib/OpenSSL/crypto/init.c b/Cryptlib/OpenSSL/crypto/init.c -deleted file mode 100644 -index c730e38..0000000 ---- a/Cryptlib/OpenSSL/crypto/init.c -+++ /dev/null -@@ -1,664 +0,0 @@ --/* -- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include --#include --#include --#include --#include --#include --#include --#include --#include --#include --#include --#include --#include --#include --#include --#include --#include -- --static int stopped = 0; -- --static void ossl_init_thread_stop(struct thread_local_inits_st *locals); -- --static CRYPTO_THREAD_LOCAL threadstopkey; -- --static void ossl_init_thread_stop_wrap(void *local) --{ -- ossl_init_thread_stop((struct thread_local_inits_st *)local); --} -- --static struct thread_local_inits_st *ossl_init_get_thread_local(int alloc) --{ -- struct thread_local_inits_st *local = -- CRYPTO_THREAD_get_local(&threadstopkey); -- -- if (local == NULL && alloc) { -- local = OPENSSL_zalloc(sizeof *local); -- CRYPTO_THREAD_set_local(&threadstopkey, local); -- } -- if (!alloc) { -- CRYPTO_THREAD_set_local(&threadstopkey, NULL); -- } -- -- return local; --} -- --typedef struct ossl_init_stop_st OPENSSL_INIT_STOP; --struct ossl_init_stop_st { -- void (*handler)(void); -- OPENSSL_INIT_STOP *next; --}; -- --static OPENSSL_INIT_STOP *stop_handlers = NULL; --static CRYPTO_RWLOCK *init_lock = NULL; -- --static CRYPTO_ONCE base = CRYPTO_ONCE_STATIC_INIT; --static int base_inited = 0; --DEFINE_RUN_ONCE_STATIC(ossl_init_base) --{ --#ifdef OPENSSL_INIT_DEBUG -- fprintf(stderr, "OPENSSL_INIT: ossl_init_base: Setting up stop handlers\n"); --#endif -- /* -- * We use a dummy thread local key here. We use the destructor to detect -- * when the thread is going to stop (where that feature is available) -- */ -- CRYPTO_THREAD_init_local(&threadstopkey, ossl_init_thread_stop_wrap); --#ifndef OPENSSL_SYS_UEFI -- atexit(OPENSSL_cleanup); --#endif -- if ((init_lock = CRYPTO_THREAD_lock_new()) == NULL) -- return 0; -- OPENSSL_cpuid_setup(); -- -- /* -- * BIG FAT WARNING! -- * Everything needed to be initialized in this function before threads -- * come along MUST happen before base_inited is set to 1, or we will -- * see race conditions. -- */ -- base_inited = 1; -- --#if !defined(OPENSSL_NO_DSO) && !defined(OPENSSL_USE_NODELETE) --# ifdef DSO_WIN32 -- { -- HMODULE handle = NULL; -- BOOL ret; -- -- /* We don't use the DSO route for WIN32 because there is a better way */ -- ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS -- | GET_MODULE_HANDLE_EX_FLAG_PIN, -- (void *)&base_inited, &handle); -- -- return (ret == TRUE) ? 1 : 0; -- } --# else -- /* -- * Deliberately leak a reference to ourselves. This will force the library -- * to remain loaded until the atexit() handler is run a process exit. -- */ -- { -- DSO *dso = NULL; -- -- dso = DSO_dsobyaddr(&base_inited, DSO_FLAG_NO_UNLOAD_ON_FREE); -- DSO_free(dso); -- } --# endif --#endif -- -- return 1; --} -- --static CRYPTO_ONCE load_crypto_strings = CRYPTO_ONCE_STATIC_INIT; --static int load_crypto_strings_inited = 0; --DEFINE_RUN_ONCE_STATIC(ossl_init_no_load_crypto_strings) --{ -- /* Do nothing in this case */ -- return 1; --} -- --DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_strings) --{ -- int ret = 1; -- /* -- * OPENSSL_NO_AUTOERRINIT is provided here to prevent at compile time -- * pulling in all the error strings during static linking -- */ --#if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT) --# ifdef OPENSSL_INIT_DEBUG -- fprintf(stderr, "OPENSSL_INIT: ossl_init_load_crypto_strings: " -- "err_load_crypto_strings_int()\n"); --# endif -- ret = err_load_crypto_strings_int(); -- load_crypto_strings_inited = 1; --#endif -- return ret; --} -- --static CRYPTO_ONCE add_all_ciphers = CRYPTO_ONCE_STATIC_INIT; --DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_ciphers) --{ -- /* -- * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time -- * pulling in all the ciphers during static linking -- */ --#ifndef OPENSSL_NO_AUTOALGINIT --# ifdef OPENSSL_INIT_DEBUG -- fprintf(stderr, "OPENSSL_INIT: ossl_init_add_all_ciphers: " -- "openssl_add_all_ciphers_int()\n"); --# endif -- openssl_add_all_ciphers_int(); --#endif -- return 1; --} -- --static CRYPTO_ONCE add_all_digests = CRYPTO_ONCE_STATIC_INIT; --DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_digests) --{ -- /* -- * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time -- * pulling in all the ciphers during static linking -- */ --#ifndef OPENSSL_NO_AUTOALGINIT --# ifdef OPENSSL_INIT_DEBUG -- fprintf(stderr, "OPENSSL_INIT: ossl_init_add_all_digests: " -- "openssl_add_all_digests()\n"); --# endif -- openssl_add_all_digests_int(); --#endif -- return 1; --} -- --DEFINE_RUN_ONCE_STATIC(ossl_init_no_add_algs) --{ -- /* Do nothing */ -- return 1; --} -- --static CRYPTO_ONCE config = CRYPTO_ONCE_STATIC_INIT; --static int config_inited = 0; --static const char *appname; --DEFINE_RUN_ONCE_STATIC(ossl_init_config) --{ --#ifdef OPENSSL_INIT_DEBUG -- fprintf(stderr, -- "OPENSSL_INIT: ossl_init_config: openssl_config(%s)\n", -- appname == NULL ? "NULL" : appname); --#endif -- openssl_config_int(appname); -- config_inited = 1; -- return 1; --} --DEFINE_RUN_ONCE_STATIC(ossl_init_no_config) --{ --#ifdef OPENSSL_INIT_DEBUG -- fprintf(stderr, -- "OPENSSL_INIT: ossl_init_config: openssl_no_config_int()\n"); --#endif -- openssl_no_config_int(); -- config_inited = 1; -- return 1; --} -- --static CRYPTO_ONCE async = CRYPTO_ONCE_STATIC_INIT; --static int async_inited = 0; --DEFINE_RUN_ONCE_STATIC(ossl_init_async) --{ --#ifdef OPENSSL_INIT_DEBUG -- fprintf(stderr, "OPENSSL_INIT: ossl_init_async: async_init()\n"); --#endif -- if (!async_init()) -- return 0; -- async_inited = 1; -- return 1; --} -- --#ifndef OPENSSL_NO_ENGINE --static CRYPTO_ONCE engine_openssl = CRYPTO_ONCE_STATIC_INIT; --DEFINE_RUN_ONCE_STATIC(ossl_init_engine_openssl) --{ --# ifdef OPENSSL_INIT_DEBUG -- fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_openssl: " -- "engine_load_openssl_int()\n"); --# endif -- engine_load_openssl_int(); -- return 1; --} --# if !defined(OPENSSL_NO_HW) && \ -- (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)) --static CRYPTO_ONCE engine_cryptodev = CRYPTO_ONCE_STATIC_INIT; --DEFINE_RUN_ONCE_STATIC(ossl_init_engine_cryptodev) --{ --# ifdef OPENSSL_INIT_DEBUG -- fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_cryptodev: " -- "engine_load_cryptodev_int()\n"); --# endif -- engine_load_cryptodev_int(); -- return 1; --} --# endif -- --# ifndef OPENSSL_NO_RDRAND --static CRYPTO_ONCE engine_rdrand = CRYPTO_ONCE_STATIC_INIT; --DEFINE_RUN_ONCE_STATIC(ossl_init_engine_rdrand) --{ --# ifdef OPENSSL_INIT_DEBUG -- fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_rdrand: " -- "engine_load_rdrand_int()\n"); --# endif -- engine_load_rdrand_int(); -- return 1; --} --# endif --static CRYPTO_ONCE engine_dynamic = CRYPTO_ONCE_STATIC_INIT; --DEFINE_RUN_ONCE_STATIC(ossl_init_engine_dynamic) --{ --# ifdef OPENSSL_INIT_DEBUG -- fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_dynamic: " -- "engine_load_dynamic_int()\n"); --# endif -- engine_load_dynamic_int(); -- return 1; --} --# ifndef OPENSSL_NO_STATIC_ENGINE --# if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK) --static CRYPTO_ONCE engine_padlock = CRYPTO_ONCE_STATIC_INIT; --DEFINE_RUN_ONCE_STATIC(ossl_init_engine_padlock) --{ --# ifdef OPENSSL_INIT_DEBUG -- fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_padlock: " -- "engine_load_padlock_int()\n"); --# endif -- engine_load_padlock_int(); -- return 1; --} --# endif --# if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG) --static CRYPTO_ONCE engine_capi = CRYPTO_ONCE_STATIC_INIT; --DEFINE_RUN_ONCE_STATIC(ossl_init_engine_capi) --{ --# ifdef OPENSSL_INIT_DEBUG -- fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_capi: " -- "engine_load_capi_int()\n"); --# endif -- engine_load_capi_int(); -- return 1; --} --# endif --# if !defined(OPENSSL_NO_AFALGENG) --static CRYPTO_ONCE engine_afalg = CRYPTO_ONCE_STATIC_INIT; --DEFINE_RUN_ONCE_STATIC(ossl_init_engine_afalg) --{ --# ifdef OPENSSL_INIT_DEBUG -- fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_afalg: " -- "engine_load_afalg_int()\n"); --# endif -- engine_load_afalg_int(); -- return 1; --} --# endif --# endif --#endif -- --#ifndef OPENSSL_NO_COMP --static CRYPTO_ONCE zlib = CRYPTO_ONCE_STATIC_INIT; -- --static int zlib_inited = 0; --DEFINE_RUN_ONCE_STATIC(ossl_init_zlib) --{ -- /* Do nothing - we need to know about this for the later cleanup */ -- zlib_inited = 1; -- return 1; --} --#endif -- --static void ossl_init_thread_stop(struct thread_local_inits_st *locals) --{ -- /* Can't do much about this */ -- if (locals == NULL) -- return; -- -- if (locals->async) { --#ifdef OPENSSL_INIT_DEBUG -- fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: " -- "ASYNC_cleanup_thread()\n"); --#endif -- ASYNC_cleanup_thread(); -- } -- -- if (locals->err_state) { --#ifdef OPENSSL_INIT_DEBUG -- fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: " -- "err_delete_thread_state()\n"); --#endif -- err_delete_thread_state(); -- } -- -- OPENSSL_free(locals); --} -- --void OPENSSL_thread_stop(void) --{ -- ossl_init_thread_stop( -- (struct thread_local_inits_st *)ossl_init_get_thread_local(0)); --} -- --int ossl_init_thread_start(uint64_t opts) --{ -- struct thread_local_inits_st *locals = ossl_init_get_thread_local(1); -- -- if (locals == NULL) -- return 0; -- -- if (opts & OPENSSL_INIT_THREAD_ASYNC) { --#ifdef OPENSSL_INIT_DEBUG -- fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_start: " -- "marking thread for async\n"); --#endif -- locals->async = 1; -- } -- -- if (opts & OPENSSL_INIT_THREAD_ERR_STATE) { --#ifdef OPENSSL_INIT_DEBUG -- fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_start: " -- "marking thread for err_state\n"); --#endif -- locals->err_state = 1; -- } -- -- return 1; --} -- --void OPENSSL_cleanup(void) --{ -- OPENSSL_INIT_STOP *currhandler, *lasthandler; -- -- /* If we've not been inited then no need to deinit */ -- if (!base_inited) -- return; -- -- /* Might be explicitly called and also by atexit */ -- if (stopped) -- return; -- stopped = 1; -- -- /* -- * Thread stop may not get automatically called by the thread library for -- * the very last thread in some situations, so call it directly. -- */ -- ossl_init_thread_stop(ossl_init_get_thread_local(0)); -- -- currhandler = stop_handlers; -- while (currhandler != NULL) { -- currhandler->handler(); -- lasthandler = currhandler; -- currhandler = currhandler->next; -- OPENSSL_free(lasthandler); -- } -- stop_handlers = NULL; -- -- CRYPTO_THREAD_lock_free(init_lock); -- -- /* -- * We assume we are single-threaded for this function, i.e. no race -- * conditions for the various "*_inited" vars below. -- */ -- --#ifndef OPENSSL_NO_COMP -- if (zlib_inited) { --#ifdef OPENSSL_INIT_DEBUG -- fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " -- "comp_zlib_cleanup_int()\n"); --#endif -- comp_zlib_cleanup_int(); -- } --#endif -- -- if (async_inited) { --# ifdef OPENSSL_INIT_DEBUG -- fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " -- "async_deinit()\n"); --# endif -- async_deinit(); -- } -- -- if (load_crypto_strings_inited) { --#ifdef OPENSSL_INIT_DEBUG -- fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " -- "err_free_strings_int()\n"); --#endif -- err_free_strings_int(); -- } -- -- CRYPTO_THREAD_cleanup_local(&threadstopkey); -- --#ifdef OPENSSL_INIT_DEBUG -- fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " -- "rand_cleanup_int()\n"); -- fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " -- "conf_modules_free_int()\n"); --#ifndef OPENSSL_NO_ENGINE -- fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " -- "engine_cleanup_int()\n"); --#endif -- fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " -- "crypto_cleanup_all_ex_data_int()\n"); -- fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " -- "bio_sock_cleanup_int()\n"); -- fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " -- "bio_cleanup()\n"); -- fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " -- "evp_cleanup_int()\n"); -- fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " -- "obj_cleanup_int()\n"); -- fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " -- "err_cleanup()\n"); --#endif -- /* -- * Note that cleanup order is important: -- * - rand_cleanup_int could call an ENGINE's RAND cleanup function so -- * must be called before engine_cleanup_int() -- * - ENGINEs use CRYPTO_EX_DATA and therefore, must be cleaned up -- * before the ex data handlers are wiped in CRYPTO_cleanup_all_ex_data(). -- * - conf_modules_free_int() can end up in ENGINE code so must be called -- * before engine_cleanup_int() -- * - ENGINEs and additional EVP algorithms might use added OIDs names so -- * obj_cleanup_int() must be called last -- */ -- rand_cleanup_int(); -- conf_modules_free_int(); --#ifndef OPENSSL_NO_ENGINE -- engine_cleanup_int(); --#endif -- crypto_cleanup_all_ex_data_int(); -- bio_cleanup(); -- evp_cleanup_int(); -- obj_cleanup_int(); -- err_cleanup(); -- -- base_inited = 0; --} -- --/* -- * If this function is called with a non NULL settings value then it must be -- * called prior to any threads making calls to any OpenSSL functions, -- * i.e. passing a non-null settings value is assumed to be single-threaded. -- */ --int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) --{ -- static int stoperrset = 0; -- -- if (stopped) { -- if (!stoperrset) { -- /* -- * We only ever set this once to avoid getting into an infinite -- * loop where the error system keeps trying to init and fails so -- * sets an error etc -- */ -- stoperrset = 1; -- CRYPTOerr(CRYPTO_F_OPENSSL_INIT_CRYPTO, ERR_R_INIT_FAIL); -- } -- return 0; -- } -- -- if (!base_inited && !RUN_ONCE(&base, ossl_init_base)) -- return 0; -- -- if ((opts & OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS) -- && !RUN_ONCE(&load_crypto_strings, -- ossl_init_no_load_crypto_strings)) -- return 0; -- -- if ((opts & OPENSSL_INIT_LOAD_CRYPTO_STRINGS) -- && !RUN_ONCE(&load_crypto_strings, ossl_init_load_crypto_strings)) -- return 0; -- -- if ((opts & OPENSSL_INIT_NO_ADD_ALL_CIPHERS) -- && !RUN_ONCE(&add_all_ciphers, ossl_init_no_add_algs)) -- return 0; -- -- if ((opts & OPENSSL_INIT_ADD_ALL_CIPHERS) -- && !RUN_ONCE(&add_all_ciphers, ossl_init_add_all_ciphers)) -- return 0; -- -- if ((opts & OPENSSL_INIT_NO_ADD_ALL_DIGESTS) -- && !RUN_ONCE(&add_all_digests, ossl_init_no_add_algs)) -- return 0; -- -- if ((opts & OPENSSL_INIT_ADD_ALL_DIGESTS) -- && !RUN_ONCE(&add_all_digests, ossl_init_add_all_digests)) -- return 0; -- -- if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG) -- && !RUN_ONCE(&config, ossl_init_no_config)) -- return 0; -- -- if (opts & OPENSSL_INIT_LOAD_CONFIG) { -- int ret; -- CRYPTO_THREAD_write_lock(init_lock); -- appname = (settings == NULL) ? NULL : settings->appname; -- ret = RUN_ONCE(&config, ossl_init_config); -- CRYPTO_THREAD_unlock(init_lock); -- if (!ret) -- return 0; -- } -- -- if ((opts & OPENSSL_INIT_ASYNC) -- && !RUN_ONCE(&async, ossl_init_async)) -- return 0; -- --#ifndef OPENSSL_NO_ENGINE -- if ((opts & OPENSSL_INIT_ENGINE_OPENSSL) -- && !RUN_ONCE(&engine_openssl, ossl_init_engine_openssl)) -- return 0; --# if !defined(OPENSSL_NO_HW) && \ -- (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)) -- if ((opts & OPENSSL_INIT_ENGINE_CRYPTODEV) -- && !RUN_ONCE(&engine_cryptodev, ossl_init_engine_cryptodev)) -- return 0; --# endif --# ifndef OPENSSL_NO_RDRAND -- if ((opts & OPENSSL_INIT_ENGINE_RDRAND) -- && !RUN_ONCE(&engine_rdrand, ossl_init_engine_rdrand)) -- return 0; --# endif -- if ((opts & OPENSSL_INIT_ENGINE_DYNAMIC) -- && !RUN_ONCE(&engine_dynamic, ossl_init_engine_dynamic)) -- return 0; --# ifndef OPENSSL_NO_STATIC_ENGINE --# if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK) -- if ((opts & OPENSSL_INIT_ENGINE_PADLOCK) -- && !RUN_ONCE(&engine_padlock, ossl_init_engine_padlock)) -- return 0; --# endif --# if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG) -- if ((opts & OPENSSL_INIT_ENGINE_CAPI) -- && !RUN_ONCE(&engine_capi, ossl_init_engine_capi)) -- return 0; --# endif --# if !defined(OPENSSL_NO_AFALGENG) -- if ((opts & OPENSSL_INIT_ENGINE_AFALG) -- && !RUN_ONCE(&engine_afalg, ossl_init_engine_afalg)) -- return 0; --# endif --# endif -- if (opts & (OPENSSL_INIT_ENGINE_ALL_BUILTIN -- | OPENSSL_INIT_ENGINE_OPENSSL -- | OPENSSL_INIT_ENGINE_AFALG)) { -- ENGINE_register_all_complete(); -- } --#endif -- --#ifndef OPENSSL_NO_COMP -- if ((opts & OPENSSL_INIT_ZLIB) -- && !RUN_ONCE(&zlib, ossl_init_zlib)) -- return 0; --#endif -- -- return 1; --} -- --int OPENSSL_atexit(void (*handler)(void)) --{ -- OPENSSL_INIT_STOP *newhand; -- --#if !defined(OPENSSL_NO_DSO) && !defined(OPENSSL_USE_NODELETE) -- { -- union { -- void *sym; -- void (*func)(void); -- } handlersym; -- -- handlersym.func = handler; --# ifdef DSO_WIN32 -- { -- HMODULE handle = NULL; -- BOOL ret; -- -- /* -- * We don't use the DSO route for WIN32 because there is a better -- * way -- */ -- ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS -- | GET_MODULE_HANDLE_EX_FLAG_PIN, -- handlersym.sym, &handle); -- -- if (!ret) -- return 0; -- } --# else -- /* -- * Deliberately leak a reference to the handler. This will force the -- * library/code containing the handler to remain loaded until we run the -- * atexit handler. If -znodelete has been used then this is -- * unneccessary. -- */ -- { -- DSO *dso = NULL; -- -- dso = DSO_dsobyaddr(handlersym.sym, DSO_FLAG_NO_UNLOAD_ON_FREE); -- DSO_free(dso); -- } --# endif -- } --#endif -- -- newhand = OPENSSL_malloc(sizeof(*newhand)); -- if (newhand == NULL) -- return 0; -- -- newhand->handler = handler; -- newhand->next = stop_handlers; -- stop_handlers = newhand; -- -- return 1; --} -diff --git a/Cryptlib/OpenSSL/crypto/kdf/hkdf.c b/Cryptlib/OpenSSL/crypto/kdf/hkdf.c -deleted file mode 100644 -index 00b95b5..0000000 ---- a/Cryptlib/OpenSSL/crypto/kdf/hkdf.c -+++ /dev/null -@@ -1,293 +0,0 @@ --/* -- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include --#include --#include --#include --#include --#include "internal/cryptlib.h" --#include "internal/evp_int.h" -- --#define HKDF_MAXBUF 1024 -- --static unsigned char *HKDF(const EVP_MD *evp_md, -- const unsigned char *salt, size_t salt_len, -- const unsigned char *key, size_t key_len, -- const unsigned char *info, size_t info_len, -- unsigned char *okm, size_t okm_len); -- --static unsigned char *HKDF_Extract(const EVP_MD *evp_md, -- const unsigned char *salt, size_t salt_len, -- const unsigned char *key, size_t key_len, -- unsigned char *prk, size_t *prk_len); -- --static unsigned char *HKDF_Expand(const EVP_MD *evp_md, -- const unsigned char *prk, size_t prk_len, -- const unsigned char *info, size_t info_len, -- unsigned char *okm, size_t okm_len); -- --typedef struct { -- const EVP_MD *md; -- unsigned char *salt; -- size_t salt_len; -- unsigned char *key; -- size_t key_len; -- unsigned char info[HKDF_MAXBUF]; -- size_t info_len; --} HKDF_PKEY_CTX; -- --static int pkey_hkdf_init(EVP_PKEY_CTX *ctx) --{ -- HKDF_PKEY_CTX *kctx; -- -- kctx = OPENSSL_zalloc(sizeof(*kctx)); -- if (kctx == NULL) -- return 0; -- -- ctx->data = kctx; -- -- return 1; --} -- --static void pkey_hkdf_cleanup(EVP_PKEY_CTX *ctx) --{ -- HKDF_PKEY_CTX *kctx = ctx->data; -- OPENSSL_clear_free(kctx->salt, kctx->salt_len); -- OPENSSL_clear_free(kctx->key, kctx->key_len); -- OPENSSL_cleanse(kctx->info, kctx->info_len); -- OPENSSL_free(kctx); --} -- --static int pkey_hkdf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) --{ -- HKDF_PKEY_CTX *kctx = ctx->data; -- -- switch (type) { -- case EVP_PKEY_CTRL_HKDF_MD: -- if (p2 == NULL) -- return 0; -- -- kctx->md = p2; -- return 1; -- -- case EVP_PKEY_CTRL_HKDF_SALT: -- if (p1 == 0 || p2 == NULL) -- return 1; -- -- if (p1 < 0) -- return 0; -- -- if (kctx->salt != NULL) -- OPENSSL_clear_free(kctx->salt, kctx->salt_len); -- -- kctx->salt = OPENSSL_memdup(p2, p1); -- if (kctx->salt == NULL) -- return 0; -- -- kctx->salt_len = p1; -- return 1; -- -- case EVP_PKEY_CTRL_HKDF_KEY: -- if (p1 < 0) -- return 0; -- -- if (kctx->key != NULL) -- OPENSSL_clear_free(kctx->key, kctx->key_len); -- -- kctx->key = OPENSSL_memdup(p2, p1); -- if (kctx->key == NULL) -- return 0; -- -- kctx->key_len = p1; -- return 1; -- -- case EVP_PKEY_CTRL_HKDF_INFO: -- if (p1 == 0 || p2 == NULL) -- return 1; -- -- if (p1 < 0 || p1 > (int)(HKDF_MAXBUF - kctx->info_len)) -- return 0; -- -- memcpy(kctx->info + kctx->info_len, p2, p1); -- kctx->info_len += p1; -- return 1; -- -- default: -- return -2; -- -- } --} -- --static int pkey_hkdf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, -- const char *value) --{ -- if (strcmp(type, "md") == 0) -- return EVP_PKEY_CTX_set_hkdf_md(ctx, EVP_get_digestbyname(value)); -- -- if (strcmp(type, "salt") == 0) -- return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_HKDF_SALT, value); -- -- if (strcmp(type, "hexsalt") == 0) -- return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_HKDF_SALT, value); -- -- if (strcmp(type, "key") == 0) -- return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_HKDF_KEY, value); -- -- if (strcmp(type, "hexkey") == 0) -- return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_HKDF_KEY, value); -- -- if (strcmp(type, "info") == 0) -- return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_HKDF_INFO, value); -- -- if (strcmp(type, "hexinfo") == 0) -- return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_HKDF_INFO, value); -- -- return -2; --} -- --static int pkey_hkdf_derive(EVP_PKEY_CTX *ctx, unsigned char *key, -- size_t *keylen) --{ -- HKDF_PKEY_CTX *kctx = ctx->data; -- -- if (kctx->md == NULL || kctx->key == NULL) -- return 0; -- -- if (HKDF(kctx->md, kctx->salt, kctx->salt_len, kctx->key, kctx->key_len, -- kctx->info, kctx->info_len, key, *keylen) == NULL) -- { -- return 0; -- } -- -- return 1; --} -- --const EVP_PKEY_METHOD hkdf_pkey_meth = { -- EVP_PKEY_HKDF, -- 0, -- pkey_hkdf_init, -- 0, -- pkey_hkdf_cleanup, -- -- 0, 0, -- 0, 0, -- -- 0, -- 0, -- -- 0, -- 0, -- -- 0, 0, -- -- 0, 0, 0, 0, -- -- 0, 0, -- -- 0, 0, -- -- 0, -- pkey_hkdf_derive, -- pkey_hkdf_ctrl, -- pkey_hkdf_ctrl_str --}; -- --static unsigned char *HKDF(const EVP_MD *evp_md, -- const unsigned char *salt, size_t salt_len, -- const unsigned char *key, size_t key_len, -- const unsigned char *info, size_t info_len, -- unsigned char *okm, size_t okm_len) --{ -- unsigned char prk[EVP_MAX_MD_SIZE]; -- size_t prk_len; -- -- if (!HKDF_Extract(evp_md, salt, salt_len, key, key_len, prk, &prk_len)) -- return NULL; -- -- return HKDF_Expand(evp_md, prk, prk_len, info, info_len, okm, okm_len); --} -- --static unsigned char *HKDF_Extract(const EVP_MD *evp_md, -- const unsigned char *salt, size_t salt_len, -- const unsigned char *key, size_t key_len, -- unsigned char *prk, size_t *prk_len) --{ -- unsigned int tmp_len; -- -- if (!HMAC(evp_md, salt, salt_len, key, key_len, prk, &tmp_len)) -- return NULL; -- -- *prk_len = tmp_len; -- return prk; --} -- --static unsigned char *HKDF_Expand(const EVP_MD *evp_md, -- const unsigned char *prk, size_t prk_len, -- const unsigned char *info, size_t info_len, -- unsigned char *okm, size_t okm_len) --{ -- HMAC_CTX *hmac; -- -- unsigned int i; -- -- unsigned char prev[EVP_MAX_MD_SIZE]; -- -- size_t done_len = 0, dig_len = EVP_MD_size(evp_md); -- -- size_t n = okm_len / dig_len; -- if (okm_len % dig_len) -- n++; -- -- if (n > 255) -- return NULL; -- -- if ((hmac = HMAC_CTX_new()) == NULL) -- return NULL; -- -- if (!HMAC_Init_ex(hmac, prk, prk_len, evp_md, NULL)) -- goto err; -- -- for (i = 1; i <= n; i++) { -- size_t copy_len; -- const unsigned char ctr = i; -- -- if (i > 1) { -- if (!HMAC_Init_ex(hmac, NULL, 0, NULL, NULL)) -- goto err; -- -- if (!HMAC_Update(hmac, prev, dig_len)) -- goto err; -- } -- -- if (!HMAC_Update(hmac, info, info_len)) -- goto err; -- -- if (!HMAC_Update(hmac, &ctr, 1)) -- goto err; -- -- if (!HMAC_Final(hmac, prev, NULL)) -- goto err; -- -- copy_len = (done_len + dig_len > okm_len) ? -- okm_len - done_len : -- dig_len; -- -- memcpy(okm + done_len, prev, copy_len); -- -- done_len += copy_len; -- } -- -- HMAC_CTX_free(hmac); -- return okm; -- -- err: -- HMAC_CTX_free(hmac); -- return NULL; --} -diff --git a/Cryptlib/OpenSSL/crypto/kdf/kdf_err.c b/Cryptlib/OpenSSL/crypto/kdf/kdf_err.c -deleted file mode 100644 -index d7d71b3..0000000 ---- a/Cryptlib/OpenSSL/crypto/kdf/kdf_err.c -+++ /dev/null -@@ -1,46 +0,0 @@ --/* -- * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include --#include --#include -- --/* BEGIN ERROR CODES */ --#ifndef OPENSSL_NO_ERR -- --# define ERR_FUNC(func) ERR_PACK(ERR_LIB_KDF,func,0) --# define ERR_REASON(reason) ERR_PACK(ERR_LIB_KDF,0,reason) -- --static ERR_STRING_DATA KDF_str_functs[] = { -- {ERR_FUNC(KDF_F_PKEY_TLS1_PRF_CTRL_STR), "pkey_tls1_prf_ctrl_str"}, -- {ERR_FUNC(KDF_F_PKEY_TLS1_PRF_DERIVE), "pkey_tls1_prf_derive"}, -- {0, NULL} --}; -- --static ERR_STRING_DATA KDF_str_reasons[] = { -- {ERR_REASON(KDF_R_INVALID_DIGEST), "invalid digest"}, -- {ERR_REASON(KDF_R_MISSING_PARAMETER), "missing parameter"}, -- {ERR_REASON(KDF_R_VALUE_MISSING), "value missing"}, -- {0, NULL} --}; -- --#endif -- --int ERR_load_KDF_strings(void) --{ --#ifndef OPENSSL_NO_ERR -- -- if (ERR_func_error_string(KDF_str_functs[0].error) == NULL) { -- ERR_load_strings(0, KDF_str_functs); -- ERR_load_strings(0, KDF_str_reasons); -- } --#endif -- return 1; --} -diff --git a/Cryptlib/OpenSSL/crypto/kdf/tls1_prf.c b/Cryptlib/OpenSSL/crypto/kdf/tls1_prf.c -deleted file mode 100644 -index fa13732..0000000 ---- a/Cryptlib/OpenSSL/crypto/kdf/tls1_prf.c -+++ /dev/null -@@ -1,265 +0,0 @@ --/* -- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include --#include "internal/cryptlib.h" --#include --#include --#include "internal/evp_int.h" -- --static int tls1_prf_alg(const EVP_MD *md, -- const unsigned char *sec, size_t slen, -- const unsigned char *seed, size_t seed_len, -- unsigned char *out, size_t olen); -- --#define TLS1_PRF_MAXBUF 1024 -- --/* TLS KDF pkey context structure */ -- --typedef struct { -- /* Digest to use for PRF */ -- const EVP_MD *md; -- /* Secret value to use for PRF */ -- unsigned char *sec; -- size_t seclen; -- /* Buffer of concatenated seed data */ -- unsigned char seed[TLS1_PRF_MAXBUF]; -- size_t seedlen; --} TLS1_PRF_PKEY_CTX; -- --static int pkey_tls1_prf_init(EVP_PKEY_CTX *ctx) --{ -- TLS1_PRF_PKEY_CTX *kctx; -- -- kctx = OPENSSL_zalloc(sizeof(*kctx)); -- if (kctx == NULL) -- return 0; -- ctx->data = kctx; -- -- return 1; --} -- --static void pkey_tls1_prf_cleanup(EVP_PKEY_CTX *ctx) --{ -- TLS1_PRF_PKEY_CTX *kctx = ctx->data; -- OPENSSL_clear_free(kctx->sec, kctx->seclen); -- OPENSSL_cleanse(kctx->seed, kctx->seedlen); -- OPENSSL_free(kctx); --} -- --static int pkey_tls1_prf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) --{ -- TLS1_PRF_PKEY_CTX *kctx = ctx->data; -- switch (type) { -- case EVP_PKEY_CTRL_TLS_MD: -- kctx->md = p2; -- return 1; -- -- case EVP_PKEY_CTRL_TLS_SECRET: -- if (p1 < 0) -- return 0; -- if (kctx->sec != NULL) -- OPENSSL_clear_free(kctx->sec, kctx->seclen); -- OPENSSL_cleanse(kctx->seed, kctx->seedlen); -- kctx->seedlen = 0; -- kctx->sec = OPENSSL_memdup(p2, p1); -- if (kctx->sec == NULL) -- return 0; -- kctx->seclen = p1; -- return 1; -- -- case EVP_PKEY_CTRL_TLS_SEED: -- if (p1 == 0 || p2 == NULL) -- return 1; -- if (p1 < 0 || p1 > (int)(TLS1_PRF_MAXBUF - kctx->seedlen)) -- return 0; -- memcpy(kctx->seed + kctx->seedlen, p2, p1); -- kctx->seedlen += p1; -- return 1; -- -- default: -- return -2; -- -- } --} -- --static int pkey_tls1_prf_ctrl_str(EVP_PKEY_CTX *ctx, -- const char *type, const char *value) --{ -- if (value == NULL) { -- KDFerr(KDF_F_PKEY_TLS1_PRF_CTRL_STR, KDF_R_VALUE_MISSING); -- return 0; -- } -- if (strcmp(type, "md") == 0) { -- TLS1_PRF_PKEY_CTX *kctx = ctx->data; -- -- const EVP_MD *md = EVP_get_digestbyname(value); -- if (md == NULL) { -- KDFerr(KDF_F_PKEY_TLS1_PRF_CTRL_STR, KDF_R_INVALID_DIGEST); -- return 0; -- } -- kctx->md = md; -- return 1; -- } -- if (strcmp(type, "secret") == 0) -- return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_TLS_SECRET, value); -- if (strcmp(type, "hexsecret") == 0) -- return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_TLS_SECRET, value); -- if (strcmp(type, "seed") == 0) -- return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_TLS_SEED, value); -- if (strcmp(type, "hexseed") == 0) -- return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_TLS_SEED, value); -- return -2; --} -- --static int pkey_tls1_prf_derive(EVP_PKEY_CTX *ctx, unsigned char *key, -- size_t *keylen) --{ -- TLS1_PRF_PKEY_CTX *kctx = ctx->data; -- if (kctx->md == NULL || kctx->sec == NULL || kctx->seedlen == 0) { -- KDFerr(KDF_F_PKEY_TLS1_PRF_DERIVE, KDF_R_MISSING_PARAMETER); -- return 0; -- } -- return tls1_prf_alg(kctx->md, kctx->sec, kctx->seclen, -- kctx->seed, kctx->seedlen, -- key, *keylen); --} -- --const EVP_PKEY_METHOD tls1_prf_pkey_meth = { -- EVP_PKEY_TLS1_PRF, -- 0, -- pkey_tls1_prf_init, -- 0, -- pkey_tls1_prf_cleanup, -- -- 0, 0, -- 0, 0, -- -- 0, -- 0, -- -- 0, -- 0, -- -- 0, 0, -- -- 0, 0, 0, 0, -- -- 0, 0, -- -- 0, 0, -- -- 0, -- pkey_tls1_prf_derive, -- pkey_tls1_prf_ctrl, -- pkey_tls1_prf_ctrl_str --}; -- --static int tls1_prf_P_hash(const EVP_MD *md, -- const unsigned char *sec, size_t sec_len, -- const unsigned char *seed, size_t seed_len, -- unsigned char *out, size_t olen) --{ -- int chunk; -- EVP_MD_CTX *ctx = NULL, *ctx_tmp = NULL, *ctx_init = NULL; -- EVP_PKEY *mac_key = NULL; -- unsigned char A1[EVP_MAX_MD_SIZE]; -- size_t A1_len; -- int ret = 0; -- -- chunk = EVP_MD_size(md); -- OPENSSL_assert(chunk >= 0); -- -- ctx = EVP_MD_CTX_new(); -- ctx_tmp = EVP_MD_CTX_new(); -- ctx_init = EVP_MD_CTX_new(); -- if (ctx == NULL || ctx_tmp == NULL || ctx_init == NULL) -- goto err; -- EVP_MD_CTX_set_flags(ctx_init, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); -- mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len); -- if (mac_key == NULL) -- goto err; -- if (!EVP_DigestSignInit(ctx_init, NULL, md, NULL, mac_key)) -- goto err; -- if (!EVP_MD_CTX_copy_ex(ctx, ctx_init)) -- goto err; -- if (seed != NULL && !EVP_DigestSignUpdate(ctx, seed, seed_len)) -- goto err; -- if (!EVP_DigestSignFinal(ctx, A1, &A1_len)) -- goto err; -- -- for (;;) { -- /* Reinit mac contexts */ -- if (!EVP_MD_CTX_copy_ex(ctx, ctx_init)) -- goto err; -- if (!EVP_DigestSignUpdate(ctx, A1, A1_len)) -- goto err; -- if (olen > (size_t)chunk && !EVP_MD_CTX_copy_ex(ctx_tmp, ctx)) -- goto err; -- if (seed && !EVP_DigestSignUpdate(ctx, seed, seed_len)) -- goto err; -- -- if (olen > (size_t)chunk) { -- size_t mac_len; -- if (!EVP_DigestSignFinal(ctx, out, &mac_len)) -- goto err; -- out += mac_len; -- olen -= mac_len; -- /* calc the next A1 value */ -- if (!EVP_DigestSignFinal(ctx_tmp, A1, &A1_len)) -- goto err; -- } else { /* last one */ -- -- if (!EVP_DigestSignFinal(ctx, A1, &A1_len)) -- goto err; -- memcpy(out, A1, olen); -- break; -- } -- } -- ret = 1; -- err: -- EVP_PKEY_free(mac_key); -- EVP_MD_CTX_free(ctx); -- EVP_MD_CTX_free(ctx_tmp); -- EVP_MD_CTX_free(ctx_init); -- OPENSSL_cleanse(A1, sizeof(A1)); -- return ret; --} -- --static int tls1_prf_alg(const EVP_MD *md, -- const unsigned char *sec, size_t slen, -- const unsigned char *seed, size_t seed_len, -- unsigned char *out, size_t olen) --{ -- -- if (EVP_MD_type(md) == NID_md5_sha1) { -- size_t i; -- unsigned char *tmp; -- if (!tls1_prf_P_hash(EVP_md5(), sec, slen/2 + (slen & 1), -- seed, seed_len, out, olen)) -- return 0; -- -- tmp = OPENSSL_malloc(olen); -- if (tmp == NULL) -- return 0; -- if (!tls1_prf_P_hash(EVP_sha1(), sec + slen/2, slen/2 + (slen & 1), -- seed, seed_len, tmp, olen)) { -- OPENSSL_clear_free(tmp, olen); -- return 0; -- } -- for (i = 0; i < olen; i++) -- out[i] ^= tmp[i]; -- OPENSSL_clear_free(tmp, olen); -- return 1; -- } -- if (!tls1_prf_P_hash(md, sec, slen, seed, seed_len, out, olen)) -- return 0; -- -- return 1; --} -diff --git a/Cryptlib/OpenSSL/crypto/krb5/krb5_asn.c b/Cryptlib/OpenSSL/crypto/krb5/krb5_asn.c -new file mode 100644 -index 0000000..d9851e9 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/krb5/krb5_asn.c -@@ -0,0 +1,162 @@ -+/* krb5_asn.c */ -+/* -+ * Written by Vern Staats for the OpenSSL project, ** -+ * using ocsp/{*.h,*asn*.c} as a starting point -+ */ -+/* ==================================================================== -+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+#include -+#include -+#include -+ -+ -+ASN1_SEQUENCE(KRB5_ENCDATA) = { -+ ASN1_EXP(KRB5_ENCDATA, etype, ASN1_INTEGER, 0), -+ ASN1_EXP_OPT(KRB5_ENCDATA, kvno, ASN1_INTEGER, 1), -+ ASN1_EXP(KRB5_ENCDATA, cipher, ASN1_OCTET_STRING,2) -+} ASN1_SEQUENCE_END(KRB5_ENCDATA) -+ -+IMPLEMENT_ASN1_FUNCTIONS(KRB5_ENCDATA) -+ -+ -+ASN1_SEQUENCE(KRB5_PRINCNAME) = { -+ ASN1_EXP(KRB5_PRINCNAME, nametype, ASN1_INTEGER, 0), -+ ASN1_EXP_SEQUENCE_OF(KRB5_PRINCNAME, namestring, ASN1_GENERALSTRING, 1) -+} ASN1_SEQUENCE_END(KRB5_PRINCNAME) -+ -+IMPLEMENT_ASN1_FUNCTIONS(KRB5_PRINCNAME) -+ -+/* [APPLICATION 1] = 0x61 */ -+ASN1_SEQUENCE(KRB5_TKTBODY) = { -+ ASN1_EXP(KRB5_TKTBODY, tktvno, ASN1_INTEGER, 0), -+ ASN1_EXP(KRB5_TKTBODY, realm, ASN1_GENERALSTRING, 1), -+ ASN1_EXP(KRB5_TKTBODY, sname, KRB5_PRINCNAME, 2), -+ ASN1_EXP(KRB5_TKTBODY, encdata, KRB5_ENCDATA, 3) -+} ASN1_SEQUENCE_END(KRB5_TKTBODY) -+ -+IMPLEMENT_ASN1_FUNCTIONS(KRB5_TKTBODY) -+ -+ -+ASN1_ITEM_TEMPLATE(KRB5_TICKET) = -+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 1, -+ KRB5_TICKET, KRB5_TKTBODY) -+ASN1_ITEM_TEMPLATE_END(KRB5_TICKET) -+ -+IMPLEMENT_ASN1_FUNCTIONS(KRB5_TICKET) -+ -+/* [APPLICATION 14] = 0x6e */ -+ASN1_SEQUENCE(KRB5_APREQBODY) = { -+ ASN1_EXP(KRB5_APREQBODY, pvno, ASN1_INTEGER, 0), -+ ASN1_EXP(KRB5_APREQBODY, msgtype, ASN1_INTEGER, 1), -+ ASN1_EXP(KRB5_APREQBODY, apoptions, ASN1_BIT_STRING, 2), -+ ASN1_EXP(KRB5_APREQBODY, ticket, KRB5_TICKET, 3), -+ ASN1_EXP(KRB5_APREQBODY, authenticator, KRB5_ENCDATA, 4), -+} ASN1_SEQUENCE_END(KRB5_APREQBODY) -+ -+IMPLEMENT_ASN1_FUNCTIONS(KRB5_APREQBODY) -+ -+ASN1_ITEM_TEMPLATE(KRB5_APREQ) = -+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 14, -+ KRB5_APREQ, KRB5_APREQBODY) -+ASN1_ITEM_TEMPLATE_END(KRB5_APREQ) -+ -+IMPLEMENT_ASN1_FUNCTIONS(KRB5_APREQ) -+ -+/* Authenticator stuff */ -+ -+ASN1_SEQUENCE(KRB5_CHECKSUM) = { -+ ASN1_EXP(KRB5_CHECKSUM, ctype, ASN1_INTEGER, 0), -+ ASN1_EXP(KRB5_CHECKSUM, checksum, ASN1_OCTET_STRING,1) -+} ASN1_SEQUENCE_END(KRB5_CHECKSUM) -+ -+IMPLEMENT_ASN1_FUNCTIONS(KRB5_CHECKSUM) -+ -+ -+ASN1_SEQUENCE(KRB5_ENCKEY) = { -+ ASN1_EXP(KRB5_ENCKEY, ktype, ASN1_INTEGER, 0), -+ ASN1_EXP(KRB5_ENCKEY, keyvalue, ASN1_OCTET_STRING,1) -+} ASN1_SEQUENCE_END(KRB5_ENCKEY) -+ -+IMPLEMENT_ASN1_FUNCTIONS(KRB5_ENCKEY) -+ -+/* SEQ OF SEQ; see ASN1_EXP_SEQUENCE_OF_OPT() below */ -+ASN1_SEQUENCE(KRB5_AUTHDATA) = { -+ ASN1_EXP(KRB5_AUTHDATA, adtype, ASN1_INTEGER, 0), -+ ASN1_EXP(KRB5_AUTHDATA, addata, ASN1_OCTET_STRING,1) -+} ASN1_SEQUENCE_END(KRB5_AUTHDATA) -+ -+IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHDATA) -+ -+/* [APPLICATION 2] = 0x62 */ -+ASN1_SEQUENCE(KRB5_AUTHENTBODY) = { -+ ASN1_EXP(KRB5_AUTHENTBODY, avno, ASN1_INTEGER, 0), -+ ASN1_EXP(KRB5_AUTHENTBODY, crealm, ASN1_GENERALSTRING, 1), -+ ASN1_EXP(KRB5_AUTHENTBODY, cname, KRB5_PRINCNAME, 2), -+ ASN1_EXP_OPT(KRB5_AUTHENTBODY, cksum, KRB5_CHECKSUM, 3), -+ ASN1_EXP(KRB5_AUTHENTBODY, cusec, ASN1_INTEGER, 4), -+ ASN1_EXP(KRB5_AUTHENTBODY, ctime, ASN1_GENERALIZEDTIME, 5), -+ ASN1_EXP_OPT(KRB5_AUTHENTBODY, subkey, KRB5_ENCKEY, 6), -+ ASN1_EXP_OPT(KRB5_AUTHENTBODY, seqnum, ASN1_INTEGER, 7), -+ ASN1_EXP_SEQUENCE_OF_OPT -+ (KRB5_AUTHENTBODY, authorization, KRB5_AUTHDATA, 8), -+} ASN1_SEQUENCE_END(KRB5_AUTHENTBODY) -+ -+IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHENTBODY) -+ -+ASN1_ITEM_TEMPLATE(KRB5_AUTHENT) = -+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 2, -+ KRB5_AUTHENT, KRB5_AUTHENTBODY) -+ASN1_ITEM_TEMPLATE_END(KRB5_AUTHENT) -+ -+IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHENT) -diff --git a/Cryptlib/OpenSSL/crypto/lhash/lh_stats.c b/Cryptlib/OpenSSL/crypto/lhash/lh_stats.c -index 7337832..0bfec23 100644 ---- a/Cryptlib/OpenSSL/crypto/lhash/lh_stats.c -+++ b/Cryptlib/OpenSSL/crypto/lhash/lh_stats.c -@@ -1,65 +1,185 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/lhash/lh_stats.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include - #include - #include - /* -- * If you wish to build this outside of OpenSSL, remove the following lines -+ * If you wish to build this outside of SSLeay, remove the following lines - * and things should work as expected - */ --#include "internal/cryptlib.h" -+#include "cryptlib.h" - --#include -+#ifndef OPENSSL_NO_BIO -+# include -+#endif - #include --#include "lhash_lcl.h" - --# ifndef OPENSSL_NO_STDIO --void OPENSSL_LH_stats(const OPENSSL_LHASH *lh, FILE *fp) -+#ifdef OPENSSL_NO_BIO -+ -+void lh_stats(LHASH *lh, FILE *out) -+{ -+ fprintf(out, "num_items = %lu\n", lh->num_items); -+ fprintf(out, "num_nodes = %u\n", lh->num_nodes); -+ fprintf(out, "num_alloc_nodes = %u\n", lh->num_alloc_nodes); -+ fprintf(out, "num_expands = %lu\n", lh->num_expands); -+ fprintf(out, "num_expand_reallocs = %lu\n", lh->num_expand_reallocs); -+ fprintf(out, "num_contracts = %lu\n", lh->num_contracts); -+ fprintf(out, "num_contract_reallocs = %lu\n", lh->num_contract_reallocs); -+ fprintf(out, "num_hash_calls = %lu\n", lh->num_hash_calls); -+ fprintf(out, "num_comp_calls = %lu\n", lh->num_comp_calls); -+ fprintf(out, "num_insert = %lu\n", lh->num_insert); -+ fprintf(out, "num_replace = %lu\n", lh->num_replace); -+ fprintf(out, "num_delete = %lu\n", lh->num_delete); -+ fprintf(out, "num_no_delete = %lu\n", lh->num_no_delete); -+ fprintf(out, "num_retrieve = %lu\n", lh->num_retrieve); -+ fprintf(out, "num_retrieve_miss = %lu\n", lh->num_retrieve_miss); -+ fprintf(out, "num_hash_comps = %lu\n", lh->num_hash_comps); -+# if 0 -+ fprintf(out, "p = %u\n", lh->p); -+ fprintf(out, "pmax = %u\n", lh->pmax); -+ fprintf(out, "up_load = %lu\n", lh->up_load); -+ fprintf(out, "down_load = %lu\n", lh->down_load); -+# endif -+} -+ -+void lh_node_stats(LHASH *lh, FILE *out) -+{ -+ LHASH_NODE *n; -+ unsigned int i, num; -+ -+ for (i = 0; i < lh->num_nodes; i++) { -+ for (n = lh->b[i], num = 0; n != NULL; n = n->next) -+ num++; -+ fprintf(out, "node %6u -> %3u\n", i, num); -+ } -+} -+ -+void lh_node_usage_stats(LHASH *lh, FILE *out) -+{ -+ LHASH_NODE *n; -+ unsigned long num; -+ unsigned int i; -+ unsigned long total = 0, n_used = 0; -+ -+ for (i = 0; i < lh->num_nodes; i++) { -+ for (n = lh->b[i], num = 0; n != NULL; n = n->next) -+ num++; -+ if (num != 0) { -+ n_used++; -+ total += num; -+ } -+ } -+ fprintf(out, "%lu nodes used out of %u\n", n_used, lh->num_nodes); -+ fprintf(out, "%lu items\n", total); -+ if (n_used == 0) -+ return; -+ fprintf(out, "load %d.%02d actual load %d.%02d\n", -+ (int)(total / lh->num_nodes), -+ (int)((total % lh->num_nodes) * 100 / lh->num_nodes), -+ (int)(total / n_used), (int)((total % n_used) * 100 / n_used)); -+} -+ -+#else -+ -+# ifndef OPENSSL_NO_FP_API -+void lh_stats(const _LHASH *lh, FILE *fp) - { - BIO *bp; - - bp = BIO_new(BIO_s_file()); - if (bp == NULL) -- return; -+ goto end; - BIO_set_fp(bp, fp, BIO_NOCLOSE); -- OPENSSL_LH_stats_bio(lh, bp); -+ lh_stats_bio(lh, bp); - BIO_free(bp); -+ end:; - } - --void OPENSSL_LH_node_stats(const OPENSSL_LHASH *lh, FILE *fp) -+void lh_node_stats(const _LHASH *lh, FILE *fp) - { - BIO *bp; - - bp = BIO_new(BIO_s_file()); - if (bp == NULL) -- return; -+ goto end; - BIO_set_fp(bp, fp, BIO_NOCLOSE); -- OPENSSL_LH_node_stats_bio(lh, bp); -+ lh_node_stats_bio(lh, bp); - BIO_free(bp); -+ end:; - } - --void OPENSSL_LH_node_usage_stats(const OPENSSL_LHASH *lh, FILE *fp) -+void lh_node_usage_stats(const _LHASH *lh, FILE *fp) - { - BIO *bp; - - bp = BIO_new(BIO_s_file()); - if (bp == NULL) -- return; -+ goto end; - BIO_set_fp(bp, fp, BIO_NOCLOSE); -- OPENSSL_LH_node_usage_stats_bio(lh, bp); -+ lh_node_usage_stats_bio(lh, bp); - BIO_free(bp); -+ end:; - } - - # endif - --void OPENSSL_LH_stats_bio(const OPENSSL_LHASH *lh, BIO *out) -+void lh_stats_bio(const _LHASH *lh, BIO *out) - { - BIO_printf(out, "num_items = %lu\n", lh->num_items); - BIO_printf(out, "num_nodes = %u\n", lh->num_nodes); -@@ -78,11 +198,17 @@ void OPENSSL_LH_stats_bio(const OPENSSL_LHASH *lh, BIO *out) - BIO_printf(out, "num_retrieve = %lu\n", lh->num_retrieve); - BIO_printf(out, "num_retrieve_miss = %lu\n", lh->num_retrieve_miss); - BIO_printf(out, "num_hash_comps = %lu\n", lh->num_hash_comps); -+# if 0 -+ BIO_printf(out, "p = %u\n", lh->p); -+ BIO_printf(out, "pmax = %u\n", lh->pmax); -+ BIO_printf(out, "up_load = %lu\n", lh->up_load); -+ BIO_printf(out, "down_load = %lu\n", lh->down_load); -+# endif - } - --void OPENSSL_LH_node_stats_bio(const OPENSSL_LHASH *lh, BIO *out) -+void lh_node_stats_bio(const _LHASH *lh, BIO *out) - { -- OPENSSL_LH_NODE *n; -+ LHASH_NODE *n; - unsigned int i, num; - - for (i = 0; i < lh->num_nodes; i++) { -@@ -92,9 +218,9 @@ void OPENSSL_LH_node_stats_bio(const OPENSSL_LHASH *lh, BIO *out) - } - } - --void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out) -+void lh_node_usage_stats_bio(const _LHASH *lh, BIO *out) - { -- OPENSSL_LH_NODE *n; -+ LHASH_NODE *n; - unsigned long num; - unsigned int i; - unsigned long total = 0, n_used = 0; -@@ -116,3 +242,5 @@ void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out) - (int)((total % lh->num_nodes) * 100 / lh->num_nodes), - (int)(total / n_used), (int)((total % n_used) * 100 / n_used)); - } -+ -+#endif -diff --git a/Cryptlib/OpenSSL/crypto/lhash/lhash.c b/Cryptlib/OpenSSL/crypto/lhash/lhash.c -index adde832..f20353a 100644 ---- a/Cryptlib/OpenSSL/crypto/lhash/lhash.c -+++ b/Cryptlib/OpenSSL/crypto/lhash/lhash.c -@@ -1,56 +1,164 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/lhash/lhash.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - -+/*- -+ * Code for dynamic hash table routines -+ * Author - Eric Young v 2.0 -+ * -+ * 2.2 eay - added #include "crypto.h" so the memory leak checking code is -+ * present. eay 18-Jun-98 -+ * -+ * 2.1 eay - Added an 'error in last operation' flag. eay 6-May-98 -+ * -+ * 2.0 eay - Fixed a bug that occurred when using lh_delete -+ * from inside lh_doall(). As entries were deleted, -+ * the 'table' was 'contract()ed', making some entries -+ * jump from the end of the table to the start, there by -+ * skipping the lh_doall() processing. eay - 4/12/95 -+ * -+ * 1.9 eay - Fixed a memory leak in lh_free, the LHASH_NODEs -+ * were not being free()ed. 21/11/95 -+ * -+ * 1.8 eay - Put the stats routines into a separate file, lh_stats.c -+ * 19/09/95 -+ * -+ * 1.7 eay - Removed the fputs() for realloc failures - the code -+ * should silently tolerate them. I have also fixed things -+ * lint complained about 04/05/95 -+ * -+ * 1.6 eay - Fixed an invalid pointers in contract/expand 27/07/92 -+ * -+ * 1.5 eay - Fixed a misuse of realloc in expand 02/03/1992 -+ * -+ * 1.4 eay - Fixed lh_doall so the function can call lh_delete 28/05/91 -+ * -+ * 1.3 eay - Fixed a few lint problems 19/3/1991 -+ * -+ * 1.2 eay - Fixed lh_doall problem 13/3/1991 -+ * -+ * 1.1 eay - Added lh_doall -+ * -+ * 1.0 eay - First version -+ */ - #include - #include - #include - #include - #include --#include "lhash_lcl.h" - -+const char lh_version[] = "lhash" OPENSSL_VERSION_PTEXT; - - #undef MIN_NODES - #define MIN_NODES 16 - #define UP_LOAD (2*LH_LOAD_MULT) /* load times 256 (default 2) */ - #define DOWN_LOAD (LH_LOAD_MULT) /* load times 256 (default 1) */ - --static int expand(OPENSSL_LHASH *lh); --static void contract(OPENSSL_LHASH *lh); --static OPENSSL_LH_NODE **getrn(OPENSSL_LHASH *lh, const void *data, unsigned long *rhash); -+static void expand(_LHASH *lh); -+static void contract(_LHASH *lh); -+static LHASH_NODE **getrn(_LHASH *lh, const void *data, unsigned long *rhash); - --OPENSSL_LHASH *OPENSSL_LH_new(OPENSSL_LH_HASHFUNC h, OPENSSL_LH_COMPFUNC c) -+_LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c) - { -- OPENSSL_LHASH *ret; -+ _LHASH *ret; -+ int i; - -- if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) -+ if ((ret = OPENSSL_malloc(sizeof(_LHASH))) == NULL) - goto err0; -- if ((ret->b = OPENSSL_zalloc(sizeof(*ret->b) * MIN_NODES)) == NULL) -+ if ((ret->b = OPENSSL_malloc(sizeof(LHASH_NODE *) * MIN_NODES)) == NULL) - goto err1; -- ret->comp = ((c == NULL) ? (OPENSSL_LH_COMPFUNC)strcmp : c); -- ret->hash = ((h == NULL) ? (OPENSSL_LH_HASHFUNC)OPENSSL_LH_strhash : h); -+ for (i = 0; i < MIN_NODES; i++) -+ ret->b[i] = NULL; -+ ret->comp = ((c == NULL) ? (LHASH_COMP_FN_TYPE)strcmp : c); -+ ret->hash = ((h == NULL) ? (LHASH_HASH_FN_TYPE)lh_strhash : h); - ret->num_nodes = MIN_NODES / 2; - ret->num_alloc_nodes = MIN_NODES; -+ ret->p = 0; - ret->pmax = MIN_NODES / 2; - ret->up_load = UP_LOAD; - ret->down_load = DOWN_LOAD; -+ ret->num_items = 0; -+ -+ ret->num_expands = 0; -+ ret->num_expand_reallocs = 0; -+ ret->num_contracts = 0; -+ ret->num_contract_reallocs = 0; -+ ret->num_hash_calls = 0; -+ ret->num_comp_calls = 0; -+ ret->num_insert = 0; -+ ret->num_replace = 0; -+ ret->num_delete = 0; -+ ret->num_no_delete = 0; -+ ret->num_retrieve = 0; -+ ret->num_retrieve_miss = 0; -+ ret->num_hash_comps = 0; -+ -+ ret->error = 0; - return (ret); -- - err1: - OPENSSL_free(ret); - err0: - return (NULL); - } - --void OPENSSL_LH_free(OPENSSL_LHASH *lh) -+void lh_free(_LHASH *lh) - { - unsigned int i; -- OPENSSL_LH_NODE *n, *nn; -+ LHASH_NODE *n, *nn; - - if (lh == NULL) - return; -@@ -67,26 +175,28 @@ void OPENSSL_LH_free(OPENSSL_LHASH *lh) - OPENSSL_free(lh); - } - --void *OPENSSL_LH_insert(OPENSSL_LHASH *lh, void *data) -+void *lh_insert(_LHASH *lh, void *data) - { - unsigned long hash; -- OPENSSL_LH_NODE *nn, **rn; -+ LHASH_NODE *nn, **rn; - void *ret; - - lh->error = 0; -- if ((lh->up_load <= (lh->num_items * LH_LOAD_MULT / lh->num_nodes)) && !expand(lh)) -- return NULL; /* 'lh->error++' already done in 'expand' */ -+ if (lh->up_load <= (lh->num_items * LH_LOAD_MULT / lh->num_nodes)) -+ expand(lh); - - rn = getrn(lh, data, &hash); - - if (*rn == NULL) { -- if ((nn = OPENSSL_malloc(sizeof(*nn))) == NULL) { -+ if ((nn = (LHASH_NODE *)OPENSSL_malloc(sizeof(LHASH_NODE))) == NULL) { - lh->error++; - return (NULL); - } - nn->data = data; - nn->next = NULL; -+#ifndef OPENSSL_NO_HASH_COMP - nn->hash = hash; -+#endif - *rn = nn; - ret = NULL; - lh->num_insert++; -@@ -100,10 +210,10 @@ void *OPENSSL_LH_insert(OPENSSL_LHASH *lh, void *data) - return (ret); - } - --void *OPENSSL_LH_delete(OPENSSL_LHASH *lh, const void *data) -+void *lh_delete(_LHASH *lh, const void *data) - { - unsigned long hash; -- OPENSSL_LH_NODE *nn, **rn; -+ LHASH_NODE *nn, **rn; - void *ret; - - lh->error = 0; -@@ -128,10 +238,10 @@ void *OPENSSL_LH_delete(OPENSSL_LHASH *lh, const void *data) - return (ret); - } - --void *OPENSSL_LH_retrieve(OPENSSL_LHASH *lh, const void *data) -+void *lh_retrieve(_LHASH *lh, const void *data) - { - unsigned long hash; -- OPENSSL_LH_NODE **rn; -+ LHASH_NODE **rn; - void *ret; - - lh->error = 0; -@@ -147,12 +257,11 @@ void *OPENSSL_LH_retrieve(OPENSSL_LHASH *lh, const void *data) - return (ret); - } - --static void doall_util_fn(OPENSSL_LHASH *lh, int use_arg, -- OPENSSL_LH_DOALL_FUNC func, -- OPENSSL_LH_DOALL_FUNCARG func_arg, void *arg) -+static void doall_util_fn(_LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func, -+ LHASH_DOALL_ARG_FN_TYPE func_arg, void *arg) - { - int i; -- OPENSSL_LH_NODE *a, *n; -+ LHASH_NODE *a, *n; - - if (lh == NULL) - return; -@@ -164,6 +273,13 @@ static void doall_util_fn(OPENSSL_LHASH *lh, int use_arg, - for (i = lh->num_nodes - 1; i >= 0; i--) { - a = lh->b[i]; - while (a != NULL) { -+ /* -+ * 28/05/91 - eay - n added so items can be deleted via lh_doall -+ */ -+ /* -+ * 22/05/08 - ben - eh? since a is not passed, this should not be -+ * needed -+ */ - n = a->next; - if (use_arg) - func_arg(a->data, arg); -@@ -174,19 +290,19 @@ static void doall_util_fn(OPENSSL_LHASH *lh, int use_arg, - } - } - --void OPENSSL_LH_doall(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNC func) -+void lh_doall(_LHASH *lh, LHASH_DOALL_FN_TYPE func) - { -- doall_util_fn(lh, 0, func, (OPENSSL_LH_DOALL_FUNCARG)0, NULL); -+ doall_util_fn(lh, 0, func, (LHASH_DOALL_ARG_FN_TYPE)0, NULL); - } - --void OPENSSL_LH_doall_arg(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNCARG func, void *arg) -+void lh_doall_arg(_LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg) - { -- doall_util_fn(lh, 1, (OPENSSL_LH_DOALL_FUNC)0, func, arg); -+ doall_util_fn(lh, 1, (LHASH_DOALL_FN_TYPE)0, func, arg); - } - --static int expand(OPENSSL_LHASH *lh) -+static void expand(_LHASH *lh) - { -- OPENSSL_LH_NODE **n, **n1, **n2, *np; -+ LHASH_NODE **n, **n1, **n2, *np; - unsigned int p, i, j; - unsigned long hash, nni; - -@@ -195,11 +311,16 @@ static int expand(OPENSSL_LHASH *lh) - p = (int)lh->p++; - n1 = &(lh->b[p]); - n2 = &(lh->b[p + (int)lh->pmax]); -- *n2 = NULL; -+ *n2 = NULL; /* 27/07/92 - eay - undefined pointer bug */ - nni = lh->num_alloc_nodes; - - for (np = *n1; np != NULL;) { -+#ifndef OPENSSL_NO_HASH_COMP - hash = np->hash; -+#else -+ hash = lh->hash(np->data); -+ lh->num_hash_calls++; -+#endif - if ((hash % nni) != p) { /* move it */ - *n1 = (*n1)->next; - np->next = *n2; -@@ -211,13 +332,15 @@ static int expand(OPENSSL_LHASH *lh) - - if ((lh->p) >= lh->pmax) { - j = (int)lh->num_alloc_nodes * 2; -- n = OPENSSL_realloc(lh->b, (int)(sizeof(OPENSSL_LH_NODE *) * j)); -+ n = (LHASH_NODE **)OPENSSL_realloc(lh->b, -+ (int)(sizeof(LHASH_NODE *) * j)); - if (n == NULL) { - lh->error++; - lh->num_nodes--; - lh->p = 0; -- return 0; -+ return; - } -+ /* else */ - for (i = (int)lh->num_alloc_nodes; i < j; i++) /* 26/02/92 eay */ - n[i] = NULL; /* 02/03/92 eay */ - lh->pmax = lh->num_alloc_nodes; -@@ -226,20 +349,20 @@ static int expand(OPENSSL_LHASH *lh) - lh->p = 0; - lh->b = n; - } -- return 1; - } - --static void contract(OPENSSL_LHASH *lh) -+static void contract(_LHASH *lh) - { -- OPENSSL_LH_NODE **n, *n1, *np; -+ LHASH_NODE **n, *n1, *np; - - np = lh->b[lh->p + lh->pmax - 1]; - lh->b[lh->p + lh->pmax - 1] = NULL; /* 24/07-92 - eay - weird but :-( */ - if (lh->p == 0) { -- n = OPENSSL_realloc(lh->b, -- (unsigned int)(sizeof(OPENSSL_LH_NODE *) * lh->pmax)); -+ n = (LHASH_NODE **)OPENSSL_realloc(lh->b, -+ (unsigned int)(sizeof(LHASH_NODE *) -+ * lh->pmax)); - if (n == NULL) { -- /* fputs("realloc error in lhash",stderr); */ -+/* fputs("realloc error in lhash",stderr); */ - lh->error++; - return; - } -@@ -264,12 +387,11 @@ static void contract(OPENSSL_LHASH *lh) - } - } - --static OPENSSL_LH_NODE **getrn(OPENSSL_LHASH *lh, -- const void *data, unsigned long *rhash) -+static LHASH_NODE **getrn(_LHASH *lh, const void *data, unsigned long *rhash) - { -- OPENSSL_LH_NODE **ret, *n1; -+ LHASH_NODE **ret, *n1; - unsigned long hash, nn; -- OPENSSL_LH_COMPFUNC cf; -+ LHASH_COMP_FN_TYPE cf; - - hash = (*(lh->hash)) (data); - lh->num_hash_calls++; -@@ -282,11 +404,13 @@ static OPENSSL_LH_NODE **getrn(OPENSSL_LHASH *lh, - cf = lh->comp; - ret = &(lh->b[(int)nn]); - for (n1 = *ret; n1 != NULL; n1 = n1->next) { -+#ifndef OPENSSL_NO_HASH_COMP - lh->num_hash_comps++; - if (n1->hash != hash) { - ret = &(n1->next); - continue; - } -+#endif - lh->num_comp_calls++; - if (cf(n1->data, data) == 0) - break; -@@ -300,7 +424,7 @@ static OPENSSL_LH_NODE **getrn(OPENSSL_LHASH *lh, - * collisions on /usr/dict/words and it distributes on %2^n quite well, not - * as good as MD5, but still good. - */ --unsigned long OPENSSL_LH_strhash(const char *c) -+unsigned long lh_strhash(const char *c) - { - unsigned long ret = 0; - long n; -@@ -328,22 +452,7 @@ unsigned long OPENSSL_LH_strhash(const char *c) - return ((ret >> 16) ^ ret); - } - --unsigned long OPENSSL_LH_num_items(const OPENSSL_LHASH *lh) -+unsigned long lh_num_items(const _LHASH *lh) - { - return lh ? lh->num_items : 0; - } -- --unsigned long OPENSSL_LH_get_down_load(const OPENSSL_LHASH *lh) --{ -- return lh->down_load; --} -- --void OPENSSL_LH_set_down_load(OPENSSL_LHASH *lh, unsigned long down_load) --{ -- lh->down_load = down_load; --} -- --int OPENSSL_LH_error(OPENSSL_LHASH *lh) --{ -- return lh->error; --} -diff --git a/Cryptlib/OpenSSL/crypto/lhash/lhash_lcl.h b/Cryptlib/OpenSSL/crypto/lhash/lhash_lcl.h -deleted file mode 100644 -index eb4a1a3..0000000 ---- a/Cryptlib/OpenSSL/crypto/lhash/lhash_lcl.h -+++ /dev/null -@@ -1,42 +0,0 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- -- --struct lhash_node_st { -- void *data; -- struct lhash_node_st *next; -- unsigned long hash; --}; -- --struct lhash_st { -- OPENSSL_LH_NODE **b; -- OPENSSL_LH_COMPFUNC comp; -- OPENSSL_LH_HASHFUNC hash; -- unsigned int num_nodes; -- unsigned int num_alloc_nodes; -- unsigned int p; -- unsigned int pmax; -- unsigned long up_load; /* load times 256 */ -- unsigned long down_load; /* load times 256 */ -- unsigned long num_items; -- unsigned long num_expands; -- unsigned long num_expand_reallocs; -- unsigned long num_contracts; -- unsigned long num_contract_reallocs; -- unsigned long num_hash_calls; -- unsigned long num_comp_calls; -- unsigned long num_insert; -- unsigned long num_replace; -- unsigned long num_delete; -- unsigned long num_no_delete; -- unsigned long num_retrieve; -- unsigned long num_retrieve_miss; -- unsigned long num_hash_comps; -- int error; --}; -diff --git a/Cryptlib/OpenSSL/crypto/md32_common.h b/Cryptlib/OpenSSL/crypto/md32_common.h -new file mode 100644 -index 0000000..b5a04bf ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/md32_common.h -@@ -0,0 +1,436 @@ -+/* crypto/md32_common.h */ -+/* ==================================================================== -+ * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ */ -+ -+/*- -+ * This is a generic 32 bit "collector" for message digest algorithms. -+ * Whenever needed it collects input character stream into chunks of -+ * 32 bit values and invokes a block function that performs actual hash -+ * calculations. -+ * -+ * Porting guide. -+ * -+ * Obligatory macros: -+ * -+ * DATA_ORDER_IS_BIG_ENDIAN or DATA_ORDER_IS_LITTLE_ENDIAN -+ * this macro defines byte order of input stream. -+ * HASH_CBLOCK -+ * size of a unit chunk HASH_BLOCK operates on. -+ * HASH_LONG -+ * has to be at lest 32 bit wide, if it's wider, then -+ * HASH_LONG_LOG2 *has to* be defined along -+ * HASH_CTX -+ * context structure that at least contains following -+ * members: -+ * typedef struct { -+ * ... -+ * HASH_LONG Nl,Nh; -+ * either { -+ * HASH_LONG data[HASH_LBLOCK]; -+ * unsigned char data[HASH_CBLOCK]; -+ * }; -+ * unsigned int num; -+ * ... -+ * } HASH_CTX; -+ * data[] vector is expected to be zeroed upon first call to -+ * HASH_UPDATE. -+ * HASH_UPDATE -+ * name of "Update" function, implemented here. -+ * HASH_TRANSFORM -+ * name of "Transform" function, implemented here. -+ * HASH_FINAL -+ * name of "Final" function, implemented here. -+ * HASH_BLOCK_DATA_ORDER -+ * name of "block" function capable of treating *unaligned* input -+ * message in original (data) byte order, implemented externally. -+ * HASH_MAKE_STRING -+ * macro convering context variables to an ASCII hash string. -+ * -+ * MD5 example: -+ * -+ * #define DATA_ORDER_IS_LITTLE_ENDIAN -+ * -+ * #define HASH_LONG MD5_LONG -+ * #define HASH_LONG_LOG2 MD5_LONG_LOG2 -+ * #define HASH_CTX MD5_CTX -+ * #define HASH_CBLOCK MD5_CBLOCK -+ * #define HASH_UPDATE MD5_Update -+ * #define HASH_TRANSFORM MD5_Transform -+ * #define HASH_FINAL MD5_Final -+ * #define HASH_BLOCK_DATA_ORDER md5_block_data_order -+ * -+ * -+ */ -+ -+#include -+ -+#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN) -+# error "DATA_ORDER must be defined!" -+#endif -+ -+#ifndef HASH_CBLOCK -+# error "HASH_CBLOCK must be defined!" -+#endif -+#ifndef HASH_LONG -+# error "HASH_LONG must be defined!" -+#endif -+#ifndef HASH_CTX -+# error "HASH_CTX must be defined!" -+#endif -+ -+#ifndef HASH_UPDATE -+# error "HASH_UPDATE must be defined!" -+#endif -+#ifndef HASH_TRANSFORM -+# error "HASH_TRANSFORM must be defined!" -+#endif -+#ifndef HASH_FINAL -+# error "HASH_FINAL must be defined!" -+#endif -+ -+#ifndef HASH_BLOCK_DATA_ORDER -+# error "HASH_BLOCK_DATA_ORDER must be defined!" -+#endif -+ -+/* -+ * Engage compiler specific rotate intrinsic function if available. -+ */ -+#undef ROTATE -+#ifndef PEDANTIC -+# if defined(_MSC_VER) -+# define ROTATE(a,n) _lrotl(a,n) -+# elif defined(__ICC) -+# define ROTATE(a,n) _rotl(a,n) -+# elif defined(__MWERKS__) -+# if defined(__POWERPC__) -+# define ROTATE(a,n) __rlwinm(a,n,0,31) -+# elif defined(__MC68K__) -+ /* Motorola specific tweak. */ -+# define ROTATE(a,n) ( n<24 ? __rol(a,n) : __ror(a,32-n) ) -+# else -+# define ROTATE(a,n) __rol(a,n) -+# endif -+# elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) -+ /* -+ * Some GNU C inline assembler templates. Note that these are -+ * rotates by *constant* number of bits! But that's exactly -+ * what we need here... -+ * -+ */ -+# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) -+# define ROTATE(a,n) ({ register unsigned int ret; \ -+ asm ( \ -+ "roll %1,%0" \ -+ : "=r"(ret) \ -+ : "I"(n), "0"((unsigned int)(a)) \ -+ : "cc"); \ -+ ret; \ -+ }) -+# elif defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \ -+ defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__) -+# define ROTATE(a,n) ({ register unsigned int ret; \ -+ asm ( \ -+ "rlwinm %0,%1,%2,0,31" \ -+ : "=r"(ret) \ -+ : "r"(a), "I"(n)); \ -+ ret; \ -+ }) -+# elif defined(__s390x__) -+# define ROTATE(a,n) ({ register unsigned int ret; \ -+ asm ("rll %0,%1,%2" \ -+ : "=r"(ret) \ -+ : "r"(a), "I"(n)); \ -+ ret; \ -+ }) -+# endif -+# endif -+#endif /* PEDANTIC */ -+ -+#ifndef ROTATE -+# define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n)))) -+#endif -+ -+#if defined(DATA_ORDER_IS_BIG_ENDIAN) -+ -+# ifndef PEDANTIC -+# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) -+# if ((defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)) || \ -+ (defined(__x86_64) || defined(__x86_64__)) -+# if !defined(B_ENDIAN) -+ /* -+ * This gives ~30-40% performance improvement in SHA-256 compiled -+ * with gcc [on P4]. Well, first macro to be frank. We can pull -+ * this trick on x86* platforms only, because these CPUs can fetch -+ * unaligned data without raising an exception. -+ */ -+# define HOST_c2l(c,l) ({ unsigned int r=*((const unsigned int *)(c)); \ -+ asm ("bswapl %0":"=r"(r):"0"(r)); \ -+ (c)+=4; (l)=r; }) -+# define HOST_l2c(l,c) ({ unsigned int r=(l); \ -+ asm ("bswapl %0":"=r"(r):"0"(r)); \ -+ *((unsigned int *)(c))=r; (c)+=4; r; }) -+# endif -+# elif defined(__aarch64__) -+# if defined(__BYTE_ORDER__) -+# if defined(__ORDER_LITTLE_ENDIAN__) && __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__ -+# define HOST_c2l(c,l) ({ unsigned int r; \ -+ asm ("rev %w0,%w1" \ -+ :"=r"(r) \ -+ :"r"(*((const unsigned int *)(c))));\ -+ (c)+=4; (l)=r; }) -+# define HOST_l2c(l,c) ({ unsigned int r; \ -+ asm ("rev %w0,%w1" \ -+ :"=r"(r) \ -+ :"r"((unsigned int)(l)));\ -+ *((unsigned int *)(c))=r; (c)+=4; r; }) -+# elif defined(__ORDER_BIG_ENDIAN__) && __BYTE_ORDER__==__ORDER_BIG_ENDIAN__ -+# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l)) -+# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l)) -+# endif -+# endif -+# endif -+# endif -+# if defined(__s390__) || defined(__s390x__) -+# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l)) -+# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l)) -+# endif -+# endif -+ -+# ifndef HOST_c2l -+# define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \ -+ l|=(((unsigned long)(*((c)++)))<<16), \ -+ l|=(((unsigned long)(*((c)++)))<< 8), \ -+ l|=(((unsigned long)(*((c)++))) ) ) -+# endif -+# ifndef HOST_l2c -+# define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ -+ *((c)++)=(unsigned char)(((l)>>16)&0xff), \ -+ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ -+ *((c)++)=(unsigned char)(((l) )&0xff), \ -+ l) -+# endif -+ -+#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) -+ -+# ifndef PEDANTIC -+# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) -+# if defined(__s390x__) -+# define HOST_c2l(c,l) ({ asm ("lrv %0,%1" \ -+ :"=d"(l) :"m"(*(const unsigned int *)(c)));\ -+ (c)+=4; (l); }) -+# define HOST_l2c(l,c) ({ asm ("strv %1,%0" \ -+ :"=m"(*(unsigned int *)(c)) :"d"(l));\ -+ (c)+=4; (l); }) -+# endif -+# endif -+# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) -+# ifndef B_ENDIAN -+ /* See comment in DATA_ORDER_IS_BIG_ENDIAN section. */ -+# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, l) -+# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, l) -+# endif -+# endif -+# endif -+ -+# ifndef HOST_c2l -+# define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \ -+ l|=(((unsigned long)(*((c)++)))<< 8), \ -+ l|=(((unsigned long)(*((c)++)))<<16), \ -+ l|=(((unsigned long)(*((c)++)))<<24) ) -+# endif -+# ifndef HOST_l2c -+# define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ -+ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ -+ *((c)++)=(unsigned char)(((l)>>16)&0xff), \ -+ *((c)++)=(unsigned char)(((l)>>24)&0xff), \ -+ l) -+# endif -+ -+#endif -+ -+/* -+ * Time for some action:-) -+ */ -+ -+int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len) -+{ -+ const unsigned char *data = data_; -+ unsigned char *p; -+ HASH_LONG l; -+ size_t n; -+ -+ if (len == 0) -+ return 1; -+ -+ l = (c->Nl + (((HASH_LONG) len) << 3)) & 0xffffffffUL; -+ /* -+ * 95-05-24 eay Fixed a bug with the overflow handling, thanks to Wei Dai -+ * for pointing it out. -+ */ -+ if (l < c->Nl) /* overflow */ -+ c->Nh++; -+ c->Nh += (HASH_LONG) (len >> 29); /* might cause compiler warning on -+ * 16-bit */ -+ c->Nl = l; -+ -+ n = c->num; -+ if (n != 0) { -+ p = (unsigned char *)c->data; -+ -+ if (len >= HASH_CBLOCK || len + n >= HASH_CBLOCK) { -+ memcpy(p + n, data, HASH_CBLOCK - n); -+ HASH_BLOCK_DATA_ORDER(c, p, 1); -+ n = HASH_CBLOCK - n; -+ data += n; -+ len -= n; -+ c->num = 0; -+ /* -+ * We use memset rather than OPENSSL_cleanse() here deliberately. -+ * Using OPENSSL_cleanse() here could be a performance issue. It -+ * will get properly cleansed on finalisation so this isn't a -+ * security problem. -+ */ -+ memset(p, 0, HASH_CBLOCK); /* keep it zeroed */ -+ } else { -+ memcpy(p + n, data, len); -+ c->num += (unsigned int)len; -+ return 1; -+ } -+ } -+ -+ n = len / HASH_CBLOCK; -+ if (n > 0) { -+ HASH_BLOCK_DATA_ORDER(c, data, n); -+ n *= HASH_CBLOCK; -+ data += n; -+ len -= n; -+ } -+ -+ if (len != 0) { -+ p = (unsigned char *)c->data; -+ c->num = (unsigned int)len; -+ memcpy(p, data, len); -+ } -+ return 1; -+} -+ -+void HASH_TRANSFORM(HASH_CTX *c, const unsigned char *data) -+{ -+ HASH_BLOCK_DATA_ORDER(c, data, 1); -+} -+ -+int HASH_FINAL(unsigned char *md, HASH_CTX *c) -+{ -+ unsigned char *p = (unsigned char *)c->data; -+ size_t n = c->num; -+ -+ p[n] = 0x80; /* there is always room for one */ -+ n++; -+ -+ if (n > (HASH_CBLOCK - 8)) { -+ memset(p + n, 0, HASH_CBLOCK - n); -+ n = 0; -+ HASH_BLOCK_DATA_ORDER(c, p, 1); -+ } -+ memset(p + n, 0, HASH_CBLOCK - 8 - n); -+ -+ p += HASH_CBLOCK - 8; -+#if defined(DATA_ORDER_IS_BIG_ENDIAN) -+ (void)HOST_l2c(c->Nh, p); -+ (void)HOST_l2c(c->Nl, p); -+#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) -+ (void)HOST_l2c(c->Nl, p); -+ (void)HOST_l2c(c->Nh, p); -+#endif -+ p -= HASH_CBLOCK; -+ HASH_BLOCK_DATA_ORDER(c, p, 1); -+ c->num = 0; -+ OPENSSL_cleanse(p, HASH_CBLOCK); -+ -+#ifndef HASH_MAKE_STRING -+# error "HASH_MAKE_STRING must be defined!" -+#else -+ HASH_MAKE_STRING(c, md); -+#endif -+ -+ return 1; -+} -+ -+#ifndef MD32_REG_T -+# if defined(__alpha) || defined(__sparcv9) || defined(__mips) -+# define MD32_REG_T long -+/* -+ * This comment was originaly written for MD5, which is why it -+ * discusses A-D. But it basically applies to all 32-bit digests, -+ * which is why it was moved to common header file. -+ * -+ * In case you wonder why A-D are declared as long and not -+ * as MD5_LONG. Doing so results in slight performance -+ * boost on LP64 architectures. The catch is we don't -+ * really care if 32 MSBs of a 64-bit register get polluted -+ * with eventual overflows as we *save* only 32 LSBs in -+ * *either* case. Now declaring 'em long excuses the compiler -+ * from keeping 32 MSBs zeroed resulting in 13% performance -+ * improvement under SPARC Solaris7/64 and 5% under AlphaLinux. -+ * Well, to be honest it should say that this *prevents* -+ * performance degradation. -+ * -+ */ -+# else -+/* -+ * Above is not absolute and there are LP64 compilers that -+ * generate better code if MD32_REG_T is defined int. The above -+ * pre-processor condition reflects the circumstances under which -+ * the conclusion was made and is subject to further extension. -+ * -+ */ -+# define MD32_REG_T int -+# endif -+#endif -diff --git a/Cryptlib/OpenSSL/crypto/md4/md4_dgst.c b/Cryptlib/OpenSSL/crypto/md4/md4_dgst.c -new file mode 100644 -index 0000000..614fca0 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/md4/md4_dgst.c -@@ -0,0 +1,199 @@ -+/* crypto/md4/md4_dgst.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#include -+#include -+#include -+#include "md4_locl.h" -+ -+const char MD4_version[] = "MD4" OPENSSL_VERSION_PTEXT; -+ -+/* -+ * Implemented from RFC1186 The MD4 Message-Digest Algorithm -+ */ -+ -+#define INIT_DATA_A (unsigned long)0x67452301L -+#define INIT_DATA_B (unsigned long)0xefcdab89L -+#define INIT_DATA_C (unsigned long)0x98badcfeL -+#define INIT_DATA_D (unsigned long)0x10325476L -+ -+fips_md_init(MD4) -+{ -+ memset(c, 0, sizeof(*c)); -+ c->A = INIT_DATA_A; -+ c->B = INIT_DATA_B; -+ c->C = INIT_DATA_C; -+ c->D = INIT_DATA_D; -+ return 1; -+} -+ -+#ifndef md4_block_data_order -+# ifdef X -+# undef X -+# endif -+void md4_block_data_order(MD4_CTX *c, const void *data_, size_t num) -+{ -+ const unsigned char *data = data_; -+ register unsigned MD32_REG_T A, B, C, D, l; -+# ifndef MD32_XARRAY -+ /* See comment in crypto/sha/sha_locl.h for details. */ -+ unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, -+ XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15; -+# define X(i) XX##i -+# else -+ MD4_LONG XX[MD4_LBLOCK]; -+# define X(i) XX[i] -+# endif -+ -+ A = c->A; -+ B = c->B; -+ C = c->C; -+ D = c->D; -+ -+ for (; num--;) { -+ (void)HOST_c2l(data, l); -+ X(0) = l; -+ (void)HOST_c2l(data, l); -+ X(1) = l; -+ /* Round 0 */ -+ R0(A, B, C, D, X(0), 3, 0); -+ (void)HOST_c2l(data, l); -+ X(2) = l; -+ R0(D, A, B, C, X(1), 7, 0); -+ (void)HOST_c2l(data, l); -+ X(3) = l; -+ R0(C, D, A, B, X(2), 11, 0); -+ (void)HOST_c2l(data, l); -+ X(4) = l; -+ R0(B, C, D, A, X(3), 19, 0); -+ (void)HOST_c2l(data, l); -+ X(5) = l; -+ R0(A, B, C, D, X(4), 3, 0); -+ (void)HOST_c2l(data, l); -+ X(6) = l; -+ R0(D, A, B, C, X(5), 7, 0); -+ (void)HOST_c2l(data, l); -+ X(7) = l; -+ R0(C, D, A, B, X(6), 11, 0); -+ (void)HOST_c2l(data, l); -+ X(8) = l; -+ R0(B, C, D, A, X(7), 19, 0); -+ (void)HOST_c2l(data, l); -+ X(9) = l; -+ R0(A, B, C, D, X(8), 3, 0); -+ (void)HOST_c2l(data, l); -+ X(10) = l; -+ R0(D, A, B, C, X(9), 7, 0); -+ (void)HOST_c2l(data, l); -+ X(11) = l; -+ R0(C, D, A, B, X(10), 11, 0); -+ (void)HOST_c2l(data, l); -+ X(12) = l; -+ R0(B, C, D, A, X(11), 19, 0); -+ (void)HOST_c2l(data, l); -+ X(13) = l; -+ R0(A, B, C, D, X(12), 3, 0); -+ (void)HOST_c2l(data, l); -+ X(14) = l; -+ R0(D, A, B, C, X(13), 7, 0); -+ (void)HOST_c2l(data, l); -+ X(15) = l; -+ R0(C, D, A, B, X(14), 11, 0); -+ R0(B, C, D, A, X(15), 19, 0); -+ /* Round 1 */ -+ R1(A, B, C, D, X(0), 3, 0x5A827999L); -+ R1(D, A, B, C, X(4), 5, 0x5A827999L); -+ R1(C, D, A, B, X(8), 9, 0x5A827999L); -+ R1(B, C, D, A, X(12), 13, 0x5A827999L); -+ R1(A, B, C, D, X(1), 3, 0x5A827999L); -+ R1(D, A, B, C, X(5), 5, 0x5A827999L); -+ R1(C, D, A, B, X(9), 9, 0x5A827999L); -+ R1(B, C, D, A, X(13), 13, 0x5A827999L); -+ R1(A, B, C, D, X(2), 3, 0x5A827999L); -+ R1(D, A, B, C, X(6), 5, 0x5A827999L); -+ R1(C, D, A, B, X(10), 9, 0x5A827999L); -+ R1(B, C, D, A, X(14), 13, 0x5A827999L); -+ R1(A, B, C, D, X(3), 3, 0x5A827999L); -+ R1(D, A, B, C, X(7), 5, 0x5A827999L); -+ R1(C, D, A, B, X(11), 9, 0x5A827999L); -+ R1(B, C, D, A, X(15), 13, 0x5A827999L); -+ /* Round 2 */ -+ R2(A, B, C, D, X(0), 3, 0x6ED9EBA1L); -+ R2(D, A, B, C, X(8), 9, 0x6ED9EBA1L); -+ R2(C, D, A, B, X(4), 11, 0x6ED9EBA1L); -+ R2(B, C, D, A, X(12), 15, 0x6ED9EBA1L); -+ R2(A, B, C, D, X(2), 3, 0x6ED9EBA1L); -+ R2(D, A, B, C, X(10), 9, 0x6ED9EBA1L); -+ R2(C, D, A, B, X(6), 11, 0x6ED9EBA1L); -+ R2(B, C, D, A, X(14), 15, 0x6ED9EBA1L); -+ R2(A, B, C, D, X(1), 3, 0x6ED9EBA1L); -+ R2(D, A, B, C, X(9), 9, 0x6ED9EBA1L); -+ R2(C, D, A, B, X(5), 11, 0x6ED9EBA1L); -+ R2(B, C, D, A, X(13), 15, 0x6ED9EBA1L); -+ R2(A, B, C, D, X(3), 3, 0x6ED9EBA1L); -+ R2(D, A, B, C, X(11), 9, 0x6ED9EBA1L); -+ R2(C, D, A, B, X(7), 11, 0x6ED9EBA1L); -+ R2(B, C, D, A, X(15), 15, 0x6ED9EBA1L); -+ -+ A = c->A += A; -+ B = c->B += B; -+ C = c->C += C; -+ D = c->D += D; -+ } -+} -+#endif -diff --git a/Cryptlib/OpenSSL/crypto/md4/md4_locl.h b/Cryptlib/OpenSSL/crypto/md4/md4_locl.h -new file mode 100644 -index 0000000..dc86a86 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/md4/md4_locl.h -@@ -0,0 +1,113 @@ -+/* crypto/md4/md4_locl.h */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#include -+#include -+#include -+#include -+ -+#ifndef MD4_LONG_LOG2 -+# define MD4_LONG_LOG2 2 /* default to 32 bits */ -+#endif -+ -+void md4_block_data_order(MD4_CTX *c, const void *p, size_t num); -+ -+#define DATA_ORDER_IS_LITTLE_ENDIAN -+ -+#define HASH_LONG MD4_LONG -+#define HASH_CTX MD4_CTX -+#define HASH_CBLOCK MD4_CBLOCK -+#define HASH_UPDATE MD4_Update -+#define HASH_TRANSFORM MD4_Transform -+#define HASH_FINAL MD4_Final -+#define HASH_MAKE_STRING(c,s) do { \ -+ unsigned long ll; \ -+ ll=(c)->A; (void)HOST_l2c(ll,(s)); \ -+ ll=(c)->B; (void)HOST_l2c(ll,(s)); \ -+ ll=(c)->C; (void)HOST_l2c(ll,(s)); \ -+ ll=(c)->D; (void)HOST_l2c(ll,(s)); \ -+ } while (0) -+#define HASH_BLOCK_DATA_ORDER md4_block_data_order -+ -+#include "md32_common.h" -+ -+/*- -+#define F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) -+#define G(x,y,z) (((x) & (y)) | ((x) & ((z))) | ((y) & ((z)))) -+*/ -+ -+/* -+ * As pointed out by Wei Dai , the above can be simplified -+ * to the code below. Wei attributes these optimizations to Peter Gutmann's -+ * SHS code, and he attributes it to Rich Schroeppel. -+ */ -+#define F(b,c,d) ((((c) ^ (d)) & (b)) ^ (d)) -+#define G(b,c,d) (((b) & (c)) | ((b) & (d)) | ((c) & (d))) -+#define H(b,c,d) ((b) ^ (c) ^ (d)) -+ -+#define R0(a,b,c,d,k,s,t) { \ -+ a+=((k)+(t)+F((b),(c),(d))); \ -+ a=ROTATE(a,s); }; -+ -+#define R1(a,b,c,d,k,s,t) { \ -+ a+=((k)+(t)+G((b),(c),(d))); \ -+ a=ROTATE(a,s); };\ -+ -+#define R2(a,b,c,d,k,s,t) { \ -+ a+=((k)+(t)+H((b),(c),(d))); \ -+ a=ROTATE(a,s); }; -diff --git a/Cryptlib/OpenSSL/crypto/md4/md4_one.c b/Cryptlib/OpenSSL/crypto/md4/md4_one.c -new file mode 100644 -index 0000000..32ebd5f ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/md4/md4_one.c -@@ -0,0 +1,96 @@ -+/* crypto/md4/md4_one.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#include -+#include -+#include -+#include -+ -+#ifdef CHARSET_EBCDIC -+# include -+#endif -+ -+unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md) -+{ -+ MD4_CTX c; -+ static unsigned char m[MD4_DIGEST_LENGTH]; -+ -+ if (md == NULL) -+ md = m; -+ if (!MD4_Init(&c)) -+ return NULL; -+#ifndef CHARSET_EBCDIC -+ MD4_Update(&c, d, n); -+#else -+ { -+ char temp[1024]; -+ unsigned long chunk; -+ -+ while (n > 0) { -+ chunk = (n > sizeof(temp)) ? sizeof(temp) : n; -+ ebcdic2ascii(temp, d, chunk); -+ MD4_Update(&c, temp, chunk); -+ n -= chunk; -+ d += chunk; -+ } -+ } -+#endif -+ MD4_Final(md, &c); -+ OPENSSL_cleanse(&c, sizeof(c)); /* security consideration */ -+ return (md); -+} -diff --git a/Cryptlib/OpenSSL/crypto/md5/md5_dgst.c b/Cryptlib/OpenSSL/crypto/md5/md5_dgst.c -index fbede67..2b51946 100644 ---- a/Cryptlib/OpenSSL/crypto/md5/md5_dgst.c -+++ b/Cryptlib/OpenSSL/crypto/md5/md5_dgst.c -@@ -1,15 +1,67 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/md5/md5_dgst.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include - #include "md5_locl.h" - #include -+#include -+ -+const char MD5_version[] = "MD5" OPENSSL_VERSION_PTEXT; - - /* - * Implemented from RFC1321 The MD5 Message-Digest Algorithm -@@ -20,7 +72,7 @@ - #define INIT_DATA_C (unsigned long)0x98badcfeL - #define INIT_DATA_D (unsigned long)0x10325476L - --int MD5_Init(MD5_CTX *c) -+fips_md_init(MD5) - { - memset(c, 0, sizeof(*c)); - c->A = INIT_DATA_A; -@@ -54,52 +106,52 @@ void md5_block_data_order(MD5_CTX *c, const void *data_, size_t num) - D = c->D; - - for (; num--;) { -- (void)HOST_c2l(data, l); -+ HOST_c2l(data, l); - X(0) = l; -- (void)HOST_c2l(data, l); -+ HOST_c2l(data, l); - X(1) = l; - /* Round 0 */ - R0(A, B, C, D, X(0), 7, 0xd76aa478L); -- (void)HOST_c2l(data, l); -+ HOST_c2l(data, l); - X(2) = l; - R0(D, A, B, C, X(1), 12, 0xe8c7b756L); -- (void)HOST_c2l(data, l); -+ HOST_c2l(data, l); - X(3) = l; - R0(C, D, A, B, X(2), 17, 0x242070dbL); -- (void)HOST_c2l(data, l); -+ HOST_c2l(data, l); - X(4) = l; - R0(B, C, D, A, X(3), 22, 0xc1bdceeeL); -- (void)HOST_c2l(data, l); -+ HOST_c2l(data, l); - X(5) = l; - R0(A, B, C, D, X(4), 7, 0xf57c0fafL); -- (void)HOST_c2l(data, l); -+ HOST_c2l(data, l); - X(6) = l; - R0(D, A, B, C, X(5), 12, 0x4787c62aL); -- (void)HOST_c2l(data, l); -+ HOST_c2l(data, l); - X(7) = l; - R0(C, D, A, B, X(6), 17, 0xa8304613L); -- (void)HOST_c2l(data, l); -+ HOST_c2l(data, l); - X(8) = l; - R0(B, C, D, A, X(7), 22, 0xfd469501L); -- (void)HOST_c2l(data, l); -+ HOST_c2l(data, l); - X(9) = l; - R0(A, B, C, D, X(8), 7, 0x698098d8L); -- (void)HOST_c2l(data, l); -+ HOST_c2l(data, l); - X(10) = l; - R0(D, A, B, C, X(9), 12, 0x8b44f7afL); -- (void)HOST_c2l(data, l); -+ HOST_c2l(data, l); - X(11) = l; - R0(C, D, A, B, X(10), 17, 0xffff5bb1L); -- (void)HOST_c2l(data, l); -+ HOST_c2l(data, l); - X(12) = l; - R0(B, C, D, A, X(11), 22, 0x895cd7beL); -- (void)HOST_c2l(data, l); -+ HOST_c2l(data, l); - X(13) = l; - R0(A, B, C, D, X(12), 7, 0x6b901122L); -- (void)HOST_c2l(data, l); -+ HOST_c2l(data, l); - X(14) = l; - R0(D, A, B, C, X(13), 12, 0xfd987193L); -- (void)HOST_c2l(data, l); -+ HOST_c2l(data, l); - X(15) = l; - R0(C, D, A, B, X(14), 17, 0xa679438eL); - R0(B, C, D, A, X(15), 22, 0x49b40821L); -diff --git a/Cryptlib/OpenSSL/crypto/md5/md5_locl.h b/Cryptlib/OpenSSL/crypto/md5/md5_locl.h -index 9c7aade..82e6921 100644 ---- a/Cryptlib/OpenSSL/crypto/md5/md5_locl.h -+++ b/Cryptlib/OpenSSL/crypto/md5/md5_locl.h -@@ -1,10 +1,59 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/md5/md5_locl.h */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include -@@ -12,8 +61,12 @@ - #include - #include - -+#ifndef MD5_LONG_LOG2 -+# define MD5_LONG_LOG2 2 /* default to 32 bits */ -+#endif -+ - #ifdef MD5_ASM --# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ -+# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) || \ - defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64) - # define md5_block_data_order md5_block_asm_data_order - # elif defined(__ia64) || defined(__ia64__) || defined(_M_IA64) -@@ -42,7 +95,7 @@ void md5_block_data_order(MD5_CTX *c, const void *p, size_t num); - } while (0) - #define HASH_BLOCK_DATA_ORDER md5_block_data_order - --#include "internal/md32_common.h" -+#include "md32_common.h" - - /*- - #define F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) -diff --git a/Cryptlib/OpenSSL/crypto/md5/md5_one.c b/Cryptlib/OpenSSL/crypto/md5/md5_one.c -index becd87e..4ac882e 100644 ---- a/Cryptlib/OpenSSL/crypto/md5/md5_one.c -+++ b/Cryptlib/OpenSSL/crypto/md5/md5_one.c -@@ -1,10 +1,59 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/md5/md5_one.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include -diff --git a/Cryptlib/OpenSSL/crypto/mem.c b/Cryptlib/OpenSSL/crypto/mem.c -index 02aa43a..06c3960 100644 ---- a/Cryptlib/OpenSSL/crypto/mem.c -+++ b/Cryptlib/OpenSSL/crypto/mem.c -@@ -1,190 +1,458 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/mem.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include - #include --#include - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" -+ -+static int allow_customize = 1; /* we provide flexible functions for */ -+static int allow_customize_debug = 1; /* exchanging memory-related functions -+ * at run-time, but this must be done -+ * before any blocks are actually -+ * allocated; or we'll run into huge -+ * problems when malloc/free pairs -+ * don't match etc. */ - - /* - * the following pointers may be changed as long as 'allow_customize' is set - */ --static int allow_customize = 1; - --static void *(*malloc_impl)(size_t, const char *, int) -- = CRYPTO_malloc; --static void *(*realloc_impl)(void *, size_t, const char *, int) -- = CRYPTO_realloc; --static void (*free_impl)(void *, const char *, int) -- = CRYPTO_free; -+static void *(*malloc_func) (size_t) = malloc; -+static void *default_malloc_ex(size_t num, const char *file, int line) -+{ -+ return malloc_func(num); -+} -+ -+static void *(*malloc_ex_func) (size_t, const char *file, int line) -+ = default_malloc_ex; -+ -+#ifdef OPENSSL_SYS_VMS -+# if __INITIAL_POINTER_SIZE == 64 -+# define realloc _realloc64 -+# elif __INITIAL_POINTER_SIZE == 32 -+# define realloc _realloc32 -+# endif -+#endif -+ -+static void *(*realloc_func) (void *, size_t) = realloc; -+static void *default_realloc_ex(void *str, size_t num, -+ const char *file, int line) -+{ -+ return realloc_func(str, num); -+} -+ -+static void *(*realloc_ex_func) (void *, size_t, const char *file, int line) -+ = default_realloc_ex; -+ -+#ifdef OPENSSL_SYS_VMS -+ static void (*free_func) (__void_ptr64) = free; -+#else -+ static void (*free_func) (void *) = free; -+#endif -+ -+static void *(*malloc_locked_func) (size_t) = malloc; -+static void *default_malloc_locked_ex(size_t num, const char *file, int line) -+{ -+ return malloc_locked_func(num); -+} -+ -+static void *(*malloc_locked_ex_func) (size_t, const char *file, int line) -+ = default_malloc_locked_ex; - --#ifndef OPENSSL_NO_CRYPTO_MDEBUG --static int call_malloc_debug = 1; -+#ifdef OPENSSL_SYS_VMS -+ static void (*free_locked_func) (__void_ptr64) = free; - #else --static int call_malloc_debug = 0; -+ static void (*free_locked_func) (void *) = free; -+#endif -+ -+/* may be changed as long as 'allow_customize_debug' is set */ -+/* XXX use correct function pointer types */ -+#ifdef CRYPTO_MDEBUG -+/* use default functions from mem_dbg.c */ -+static void (*malloc_debug_func) (void *, int, const char *, int, int) -+ = CRYPTO_dbg_malloc; -+static void (*realloc_debug_func) (void *, void *, int, const char *, int, -+ int) -+ = CRYPTO_dbg_realloc; -+static void (*free_debug_func) (void *, int) = CRYPTO_dbg_free; -+static void (*set_debug_options_func) (long) = CRYPTO_dbg_set_options; -+static long (*get_debug_options_func) (void) = CRYPTO_dbg_get_options; -+#else -+/* -+ * applications can use CRYPTO_malloc_debug_init() to select above case at -+ * run-time -+ */ -+static void (*malloc_debug_func) (void *, int, const char *, int, int) = NULL; -+static void (*realloc_debug_func) (void *, void *, int, const char *, int, -+ int) -+ = NULL; -+static void (*free_debug_func) (void *, int) = NULL; -+static void (*set_debug_options_func) (long) = NULL; -+static long (*get_debug_options_func) (void) = NULL; - #endif - --int CRYPTO_set_mem_functions( -- void *(*m)(size_t, const char *, int), -- void *(*r)(void *, size_t, const char *, int), -- void (*f)(void *, const char *, int)) -+int CRYPTO_set_mem_functions(void *(*m) (size_t), void *(*r) (void *, size_t), -+ void (*f) (void *)) - { -+ /* Dummy call just to ensure OPENSSL_init() gets linked in */ -+ OPENSSL_init(); - if (!allow_customize) - return 0; -- if (m) -- malloc_impl = m; -- if (r) -- realloc_impl = r; -- if (f) -- free_impl = f; -+ if ((m == 0) || (r == 0) || (f == 0)) -+ return 0; -+ malloc_func = m; -+ malloc_ex_func = default_malloc_ex; -+ realloc_func = r; -+ realloc_ex_func = default_realloc_ex; -+ free_func = f; -+ malloc_locked_func = m; -+ malloc_locked_ex_func = default_malloc_locked_ex; -+ free_locked_func = f; -+ return 1; -+} -+ -+int CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int), -+ void *(*r) (void *, size_t, const char *, -+ int), void (*f) (void *)) -+{ -+ if (!allow_customize) -+ return 0; -+ if ((m == 0) || (r == 0) || (f == 0)) -+ return 0; -+ malloc_func = 0; -+ malloc_ex_func = m; -+ realloc_func = 0; -+ realloc_ex_func = r; -+ free_func = f; -+ malloc_locked_func = 0; -+ malloc_locked_ex_func = m; -+ free_locked_func = f; -+ return 1; -+} -+ -+int CRYPTO_set_locked_mem_functions(void *(*m) (size_t), void (*f) (void *)) -+{ -+ if (!allow_customize) -+ return 0; -+ if ((m == NULL) || (f == NULL)) -+ return 0; -+ malloc_locked_func = m; -+ malloc_locked_ex_func = default_malloc_locked_ex; -+ free_locked_func = f; - return 1; - } - --int CRYPTO_set_mem_debug(int flag) -+int CRYPTO_set_locked_mem_ex_functions(void *(*m) (size_t, const char *, int), -+ void (*f) (void *)) - { - if (!allow_customize) - return 0; -- call_malloc_debug = flag; -+ if ((m == NULL) || (f == NULL)) -+ return 0; -+ malloc_locked_func = 0; -+ malloc_locked_ex_func = m; -+ free_func = f; -+ return 1; -+} -+ -+int CRYPTO_set_mem_debug_functions(void (*m) -+ (void *, int, const char *, int, int), -+ void (*r) (void *, void *, int, -+ const char *, int, int), -+ void (*f) (void *, int), void (*so) (long), -+ long (*go) (void)) -+{ -+ if (!allow_customize_debug) -+ return 0; -+ OPENSSL_init(); -+ malloc_debug_func = m; -+ realloc_debug_func = r; -+ free_debug_func = f; -+ set_debug_options_func = so; -+ get_debug_options_func = go; - return 1; - } - --void CRYPTO_get_mem_functions( -- void *(**m)(size_t, const char *, int), -- void *(**r)(void *, size_t, const char *, int), -- void (**f)(void *, const char *, int)) -+void CRYPTO_get_mem_functions(void *(**m) (size_t), -+ void *(**r) (void *, size_t), -+ void (**f) (void *)) -+{ -+ if (m != NULL) -+ *m = (malloc_ex_func == default_malloc_ex) ? malloc_func : 0; -+ if (r != NULL) -+ *r = (realloc_ex_func == default_realloc_ex) ? realloc_func : 0; -+ if (f != NULL) -+ *f = free_func; -+} -+ -+void CRYPTO_get_mem_ex_functions(void *(**m) (size_t, const char *, int), -+ void *(**r) (void *, size_t, const char *, -+ int), void (**f) (void *)) -+{ -+ if (m != NULL) -+ *m = (malloc_ex_func != default_malloc_ex) ? malloc_ex_func : 0; -+ if (r != NULL) -+ *r = (realloc_ex_func != default_realloc_ex) ? realloc_ex_func : 0; -+ if (f != NULL) -+ *f = free_func; -+} -+ -+void CRYPTO_get_locked_mem_functions(void *(**m) (size_t), -+ void (**f) (void *)) -+{ -+ if (m != NULL) -+ *m = (malloc_locked_ex_func == default_malloc_locked_ex) ? -+ malloc_locked_func : 0; -+ if (f != NULL) -+ *f = free_locked_func; -+} -+ -+void CRYPTO_get_locked_mem_ex_functions(void -+ *(**m) (size_t, const char *, int), -+ void (**f) (void *)) -+{ -+ if (m != NULL) -+ *m = (malloc_locked_ex_func != default_malloc_locked_ex) ? -+ malloc_locked_ex_func : 0; -+ if (f != NULL) -+ *f = free_locked_func; -+} -+ -+void CRYPTO_get_mem_debug_functions(void (**m) -+ (void *, int, const char *, int, int), -+ void (**r) (void *, void *, int, -+ const char *, int, int), -+ void (**f) (void *, int), -+ void (**so) (long), long (**go) (void)) - { - if (m != NULL) -- *m = malloc_impl; -+ *m = malloc_debug_func; - if (r != NULL) -- *r = realloc_impl; -+ *r = realloc_debug_func; - if (f != NULL) -- *f = free_impl; -+ *f = free_debug_func; -+ if (so != NULL) -+ *so = set_debug_options_func; -+ if (go != NULL) -+ *go = get_debug_options_func; - } - --void *CRYPTO_malloc(size_t num, const char *file, int line) -+void *CRYPTO_malloc_locked(int num, const char *file, int line) - { - void *ret = NULL; - -- if (malloc_impl != NULL && malloc_impl != CRYPTO_malloc) -- return malloc_impl(num, file, line); -+ if (num <= 0) -+ return NULL; -+ -+ if (allow_customize) -+ allow_customize = 0; -+ if (malloc_debug_func != NULL) { -+ if (allow_customize_debug) -+ allow_customize_debug = 0; -+ malloc_debug_func(NULL, num, file, line, 0); -+ } -+ ret = malloc_locked_ex_func(num, file, line); -+#ifdef LEVITTE_DEBUG_MEM -+ fprintf(stderr, "LEVITTE_DEBUG_MEM: > 0x%p (%d)\n", ret, num); -+#endif -+ if (malloc_debug_func != NULL) -+ malloc_debug_func(ret, num, file, line, 1); -+ -+ return ret; -+} -+ -+void CRYPTO_free_locked(void *str) -+{ -+ if (free_debug_func != NULL) -+ free_debug_func(str, 0); -+#ifdef LEVITTE_DEBUG_MEM -+ fprintf(stderr, "LEVITTE_DEBUG_MEM: < 0x%p\n", str); -+#endif -+ free_locked_func(str); -+ if (free_debug_func != NULL) -+ free_debug_func(NULL, 1); -+} -+ -+void *CRYPTO_malloc(int num, const char *file, int line) -+{ -+ void *ret = NULL; - - if (num <= 0) - return NULL; - -- allow_customize = 0; --#ifndef OPENSSL_NO_CRYPTO_MDEBUG -- if (call_malloc_debug) { -- CRYPTO_mem_debug_malloc(NULL, num, 0, file, line); -- ret = malloc(num); -- CRYPTO_mem_debug_malloc(ret, num, 1, file, line); -- } else { -- ret = malloc(num); -+ if (allow_customize) -+ allow_customize = 0; -+ if (malloc_debug_func != NULL) { -+ if (allow_customize_debug) -+ allow_customize_debug = 0; -+ malloc_debug_func(NULL, num, file, line, 0); - } --#else -- osslargused(file); osslargused(line); -- ret = malloc(num); -+ ret = malloc_ex_func(num, file, line); -+#ifdef LEVITTE_DEBUG_MEM -+ fprintf(stderr, "LEVITTE_DEBUG_MEM: > 0x%p (%d)\n", ret, num); - #endif -+ if (malloc_debug_func != NULL) -+ malloc_debug_func(ret, num, file, line, 1); - - return ret; - } - --void *CRYPTO_zalloc(size_t num, const char *file, int line) -+char *CRYPTO_strdup(const char *str, const char *file, int line) - { -- void *ret = CRYPTO_malloc(num, file, line); -+ char *ret = CRYPTO_malloc(strlen(str) + 1, file, line); - -- if (ret != NULL) -- memset(ret, 0, num); -+ if (ret == NULL) -+ return NULL; -+ -+ strcpy(ret, str); - return ret; - } - --void *CRYPTO_realloc(void *str, size_t num, const char *file, int line) -+void *CRYPTO_realloc(void *str, int num, const char *file, int line) - { -- if (realloc_impl != NULL && realloc_impl != &CRYPTO_realloc) -- return realloc_impl(str, num, file, line); -+ void *ret = NULL; - - if (str == NULL) - return CRYPTO_malloc(num, file, line); - -- if (num == 0) { -- CRYPTO_free(str, file, line); -+ if (num <= 0) - return NULL; -- } - -- allow_customize = 0; --#ifndef OPENSSL_NO_CRYPTO_MDEBUG -- if (call_malloc_debug) { -- void *ret; -- CRYPTO_mem_debug_realloc(str, NULL, num, 0, file, line); -- ret = realloc(str, num); -- CRYPTO_mem_debug_realloc(str, ret, num, 1, file, line); -- return ret; -- } --#else -- osslargused(file); osslargused(line); -+ if (realloc_debug_func != NULL) -+ realloc_debug_func(str, NULL, num, file, line, 0); -+ ret = realloc_ex_func(str, num, file, line); -+#ifdef LEVITTE_DEBUG_MEM -+ fprintf(stderr, "LEVITTE_DEBUG_MEM: | 0x%p -> 0x%p (%d)\n", str, -+ ret, num); - #endif -- return realloc(str, num); -+ if (realloc_debug_func != NULL) -+ realloc_debug_func(str, ret, num, file, line, 1); - -+ return ret; - } - --void *CRYPTO_clear_realloc(void *str, size_t old_len, size_t num, -- const char *file, int line) -+void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file, -+ int line) - { - void *ret = NULL; - - if (str == NULL) - return CRYPTO_malloc(num, file, line); - -- if (num == 0) { -- CRYPTO_clear_free(str, old_len, file, line); -+ if (num <= 0) - return NULL; -- } - -- /* Can't shrink the buffer since memcpy below copies |old_len| bytes. */ -- if (num < old_len) { -- OPENSSL_cleanse((char*)str + num, old_len - num); -- return str; -- } -+ /* -+ * We don't support shrinking the buffer. Note the memcpy that copies -+ * |old_len| bytes to the new buffer, below. -+ */ -+ if (num < old_len) -+ return NULL; - -- ret = CRYPTO_malloc(num, file, line); -- if (ret != NULL) { -+ if (realloc_debug_func != NULL) -+ realloc_debug_func(str, NULL, num, file, line, 0); -+ ret = malloc_ex_func(num, file, line); -+ if (ret) { - memcpy(ret, str, old_len); -- CRYPTO_clear_free(str, old_len, file, line); -+ OPENSSL_cleanse(str, old_len); -+ free_func(str); - } -+#ifdef LEVITTE_DEBUG_MEM -+ fprintf(stderr, -+ "LEVITTE_DEBUG_MEM: | 0x%p -> 0x%p (%d)\n", -+ str, ret, num); -+#endif -+ if (realloc_debug_func != NULL) -+ realloc_debug_func(str, ret, num, file, line, 1); -+ - return ret; - } - --void CRYPTO_free(void *str, const char *file, int line) -+void CRYPTO_free(void *str) - { -- if (free_impl != NULL && free_impl != &CRYPTO_free) { -- free_impl(str, file, line); -- return; -- } -- --#ifndef OPENSSL_NO_CRYPTO_MDEBUG -- if (call_malloc_debug) { -- CRYPTO_mem_debug_free(str, 0, file, line); -- free(str); -- CRYPTO_mem_debug_free(str, 1, file, line); -- } else { -- free(str); -- } --#else -- free(str); -+ if (free_debug_func != NULL) -+ free_debug_func(str, 0); -+#ifdef LEVITTE_DEBUG_MEM -+ fprintf(stderr, "LEVITTE_DEBUG_MEM: < 0x%p\n", str); - #endif -+ free_func(str); -+ if (free_debug_func != NULL) -+ free_debug_func(NULL, 1); - } - --void CRYPTO_clear_free(void *str, size_t num, const char *file, int line) -+void *CRYPTO_remalloc(void *a, int num, const char *file, int line) - { -- if (str == NULL) -- return; -- if (num) -- OPENSSL_cleanse(str, num); -- CRYPTO_free(str, file, line); -+ if (a != NULL) -+ OPENSSL_free(a); -+ a = (char *)OPENSSL_malloc(num); -+ return (a); -+} -+ -+void CRYPTO_set_mem_debug_options(long bits) -+{ -+ if (set_debug_options_func != NULL) -+ set_debug_options_func(bits); -+} -+ -+long CRYPTO_get_mem_debug_options(void) -+{ -+ if (get_debug_options_func != NULL) -+ return get_debug_options_func(); -+ return 0; - } -diff --git a/Cryptlib/OpenSSL/crypto/mem_clr.c b/Cryptlib/OpenSSL/crypto/mem_clr.c -index 35bfb74..579e9d1 100644 ---- a/Cryptlib/OpenSSL/crypto/mem_clr.c -+++ b/Cryptlib/OpenSSL/crypto/mem_clr.c -@@ -1,10 +1,60 @@ -+/* crypto/mem_clr.c */ - /* -- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project -+ * 2002. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include -@@ -15,7 +65,7 @@ - * the pointer and can't assume that it points to any function in - * particular (such as memset, which it then might further "optimize") - */ --typedef void *(*memset_t)(void *, int, size_t); -+typedef void *(*memset_t)(void *,int,size_t); - - static volatile memset_t memset_func = memset; - -diff --git a/Cryptlib/OpenSSL/crypto/mem_dbg.c b/Cryptlib/OpenSSL/crypto/mem_dbg.c -index dc3f8ff..8525ded 100644 ---- a/Cryptlib/OpenSSL/crypto/mem_dbg.c -+++ b/Cryptlib/OpenSSL/crypto/mem_dbg.c -@@ -1,26 +1,124 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/mem_dbg.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+/* ==================================================================== -+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include - #include - #include --#include "internal/cryptlib.h" --#include "internal/thread_once.h" -+#include "cryptlib.h" - #include - #include --#include "internal/bio.h" -+#include - #include - --#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE --# include --#endif -- -+static int mh_mode = CRYPTO_MEM_CHECK_OFF; - /* - * The state changes to CRYPTO_MEM_CHECK_ON | CRYPTO_MEM_CHECK_ENABLE when - * the application asks for it (usually after library initialisation for -@@ -32,183 +130,178 @@ - * checking temporarily. State CRYPTO_MEM_CHECK_ENABLE without ..._ON makes - * no sense whatsoever. - */ --#ifndef OPENSSL_NO_CRYPTO_MDEBUG --static int mh_mode = CRYPTO_MEM_CHECK_OFF; --#endif - --#ifndef OPENSSL_NO_CRYPTO_MDEBUG - static unsigned long order = 0; /* number of memory requests */ - -+DECLARE_LHASH_OF(MEM); -+static LHASH_OF(MEM) *mh = NULL; /* hash-table of memory requests (address as -+ * key); access requires MALLOC2 lock */ -+ -+typedef struct app_mem_info_st - /*- - * For application-defined information (static C-string `info') - * to be displayed in memory leak list. - * Each thread has its own stack. For applications, there is -- * OPENSSL_mem_debug_push("...") to push an entry, -- * OPENSSL_mem_debug_pop() to pop an entry, -+ * CRYPTO_push_info("...") to push an entry, -+ * CRYPTO_pop_info() to pop an entry, -+ * CRYPTO_remove_all_info() to pop all entries. - */ --struct app_mem_info_st { -- CRYPTO_THREAD_ID threadid; -+{ -+ CRYPTO_THREADID threadid; - const char *file; - int line; - const char *info; - struct app_mem_info_st *next; /* tail of thread's stack */ - int references; --}; -+} APP_INFO; - --static CRYPTO_ONCE memdbg_init = CRYPTO_ONCE_STATIC_INIT; --static CRYPTO_RWLOCK *malloc_lock = NULL; --static CRYPTO_RWLOCK *long_malloc_lock = NULL; --static CRYPTO_THREAD_LOCAL appinfokey; -+static void app_info_free(APP_INFO *); - -+DECLARE_LHASH_OF(APP_INFO); -+static LHASH_OF(APP_INFO) *amih = NULL; /* hash-table with those -+ * app_mem_info_st's that are at the -+ * top of their thread's stack (with -+ * `thread' as key); access requires -+ * MALLOC2 lock */ -+ -+typedef struct mem_st - /* memory-block description */ --struct mem_st { -+{ - void *addr; - int num; - const char *file; - int line; -- CRYPTO_THREAD_ID threadid; -+ CRYPTO_THREADID threadid; - unsigned long order; - time_t time; - APP_INFO *app_info; --#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE -- void *array[30]; -- size_t array_siz; --#endif --}; -+} MEM; - --static LHASH_OF(MEM) *mh = NULL; /* hash-table of memory requests (address as -- * key); access requires MALLOC2 lock */ -+static long options = /* extra information to be recorded */ -+#if defined(CRYPTO_MDEBUG_TIME) || defined(CRYPTO_MDEBUG_ALL) -+ V_CRYPTO_MDEBUG_TIME | -+#endif -+#if defined(CRYPTO_MDEBUG_THREAD) || defined(CRYPTO_MDEBUG_ALL) -+ V_CRYPTO_MDEBUG_THREAD | -+#endif -+ 0; - --/* num_disable > 0 iff mh_mode == CRYPTO_MEM_CHECK_ON (w/o ..._ENABLE) */ --static unsigned int num_disable = 0; -+static unsigned int num_disable = 0; /* num_disable > 0 iff mh_mode == -+ * CRYPTO_MEM_CHECK_ON (w/o ..._ENABLE) */ - - /* -- * Valid iff num_disable > 0. long_malloc_lock is locked exactly in this -+ * Valid iff num_disable > 0. CRYPTO_LOCK_MALLOC2 is locked exactly in this - * case (by the thread named in disabling_thread). - */ --static CRYPTO_THREAD_ID disabling_threadid; -- --DEFINE_RUN_ONCE_STATIC(do_memdbg_init) --{ -- malloc_lock = CRYPTO_THREAD_lock_new(); -- long_malloc_lock = CRYPTO_THREAD_lock_new(); -- if (malloc_lock == NULL || long_malloc_lock == NULL -- || !CRYPTO_THREAD_init_local(&appinfokey, NULL)) { -- CRYPTO_THREAD_lock_free(malloc_lock); -- malloc_lock = NULL; -- CRYPTO_THREAD_lock_free(long_malloc_lock); -- long_malloc_lock = NULL; -- return 0; -- } -- return 1; --} -+static CRYPTO_THREADID disabling_threadid; - - static void app_info_free(APP_INFO *inf) - { -- if (!inf) -- return; - if (--(inf->references) <= 0) { -- app_info_free(inf->next); -+ if (inf->next != NULL) { -+ app_info_free(inf->next); -+ } - OPENSSL_free(inf); - } - } --#endif - - int CRYPTO_mem_ctrl(int mode) - { --#ifdef OPENSSL_NO_CRYPTO_MDEBUG -- return mode - mode; --#else - int ret = mh_mode; - -- if (!RUN_ONCE(&memdbg_init, do_memdbg_init)) -- return -1; -- -- CRYPTO_THREAD_write_lock(malloc_lock); -+ CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); - switch (mode) { -- default: -- break; -- -- case CRYPTO_MEM_CHECK_ON: -+ /* -+ * for applications (not to be called while multiple threads use the -+ * library): -+ */ -+ case CRYPTO_MEM_CHECK_ON: /* aka MemCheck_start() */ - mh_mode = CRYPTO_MEM_CHECK_ON | CRYPTO_MEM_CHECK_ENABLE; - num_disable = 0; - break; -- -- case CRYPTO_MEM_CHECK_OFF: -+ case CRYPTO_MEM_CHECK_OFF: /* aka MemCheck_stop() */ - mh_mode = 0; -- num_disable = 0; -+ num_disable = 0; /* should be true *before* MemCheck_stop is -+ * used, or there'll be a lot of confusion */ - break; - -- /* switch off temporarily (for library-internal use): */ -- case CRYPTO_MEM_CHECK_DISABLE: -+ /* switch off temporarily (for library-internal use): */ -+ case CRYPTO_MEM_CHECK_DISABLE: /* aka MemCheck_off() */ - if (mh_mode & CRYPTO_MEM_CHECK_ON) { -- CRYPTO_THREAD_ID cur = CRYPTO_THREAD_get_current_id(); -- /* see if we don't have long_malloc_lock already */ -+ CRYPTO_THREADID cur; -+ CRYPTO_THREADID_current(&cur); -+ /* see if we don't have the MALLOC2 lock already */ - if (!num_disable -- || !CRYPTO_THREAD_compare_id(disabling_threadid, cur)) { -+ || CRYPTO_THREADID_cmp(&disabling_threadid, &cur)) { - /* -- * Long-time lock long_malloc_lock must not be claimed -- * while we're holding malloc_lock, or we'll deadlock -- * if somebody else holds long_malloc_lock (and cannot -+ * Long-time lock CRYPTO_LOCK_MALLOC2 must not be claimed -+ * while we're holding CRYPTO_LOCK_MALLOC, or we'll deadlock -+ * if somebody else holds CRYPTO_LOCK_MALLOC2 (and cannot - * release it because we block entry to this function). Give - * them a chance, first, and then claim the locks in - * appropriate order (long-time lock first). - */ -- CRYPTO_THREAD_unlock(malloc_lock); -+ CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC); - /* -- * Note that after we have waited for long_malloc_lock and -- * malloc_lock, we'll still be in the right "case" and -+ * Note that after we have waited for CRYPTO_LOCK_MALLOC2 and -+ * CRYPTO_LOCK_MALLOC, we'll still be in the right "case" and - * "if" branch because MemCheck_start and MemCheck_stop may - * never be used while there are multiple OpenSSL threads. - */ -- CRYPTO_THREAD_write_lock(long_malloc_lock); -- CRYPTO_THREAD_write_lock(malloc_lock); -+ CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2); -+ CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); - mh_mode &= ~CRYPTO_MEM_CHECK_ENABLE; -- disabling_threadid = cur; -+ CRYPTO_THREADID_cpy(&disabling_threadid, &cur); - } - num_disable++; - } - break; -- -- case CRYPTO_MEM_CHECK_ENABLE: -+ case CRYPTO_MEM_CHECK_ENABLE: /* aka MemCheck_on() */ - if (mh_mode & CRYPTO_MEM_CHECK_ON) { - if (num_disable) { /* always true, or something is going wrong */ - num_disable--; - if (num_disable == 0) { - mh_mode |= CRYPTO_MEM_CHECK_ENABLE; -- CRYPTO_THREAD_unlock(long_malloc_lock); -+ CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2); - } - } - } - break; -+ -+ default: -+ break; - } -- CRYPTO_THREAD_unlock(malloc_lock); -+ CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC); - return (ret); --#endif - } - --#ifndef OPENSSL_NO_CRYPTO_MDEBUG -- --static int mem_check_on(void) -+int CRYPTO_is_mem_check_on(void) - { - int ret = 0; -- CRYPTO_THREAD_ID cur; - - if (mh_mode & CRYPTO_MEM_CHECK_ON) { -- if (!RUN_ONCE(&memdbg_init, do_memdbg_init)) -- return 0; -- -- cur = CRYPTO_THREAD_get_current_id(); -- CRYPTO_THREAD_read_lock(malloc_lock); -+ CRYPTO_THREADID cur; -+ CRYPTO_THREADID_current(&cur); -+ CRYPTO_r_lock(CRYPTO_LOCK_MALLOC); - - ret = (mh_mode & CRYPTO_MEM_CHECK_ENABLE) -- || !CRYPTO_THREAD_compare_id(disabling_threadid, cur); -+ || CRYPTO_THREADID_cmp(&disabling_threadid, &cur); - -- CRYPTO_THREAD_unlock(malloc_lock); -+ CRYPTO_r_unlock(CRYPTO_LOCK_MALLOC); - } - return (ret); - } - -+void CRYPTO_dbg_set_options(long bits) -+{ -+ options = bits; -+} -+ -+long CRYPTO_dbg_get_options(void) -+{ -+ return options; -+} -+ - static int mem_cmp(const MEM *a, const MEM *b) - { - #ifdef _WIN64 -@@ -224,96 +317,157 @@ static int mem_cmp(const MEM *a, const MEM *b) - #endif - } - -+static IMPLEMENT_LHASH_COMP_FN(mem, MEM) -+ - static unsigned long mem_hash(const MEM *a) - { -- size_t ret; -+ unsigned long ret; - -- ret = (size_t)a->addr; -+ ret = (unsigned long)a->addr; - - ret = ret * 17851 + (ret >> 14) * 7 + (ret >> 4) * 251; - return (ret); - } - --/* returns 1 if there was an info to pop, 0 if the stack was empty. */ --static int pop_info(void) -+static IMPLEMENT_LHASH_HASH_FN(mem, MEM) -+ -+/* static int app_info_cmp(APP_INFO *a, APP_INFO *b) */ -+static int app_info_cmp(const void *a_void, const void *b_void) - { -- APP_INFO *current = NULL; -+ return CRYPTO_THREADID_cmp(&((const APP_INFO *)a_void)->threadid, -+ &((const APP_INFO *)b_void)->threadid); -+} - -- if (!RUN_ONCE(&memdbg_init, do_memdbg_init)) -- return 0; -+static IMPLEMENT_LHASH_COMP_FN(app_info, APP_INFO) - -- current = (APP_INFO *)CRYPTO_THREAD_get_local(&appinfokey); -- if (current != NULL) { -- APP_INFO *next = current->next; -+static unsigned long app_info_hash(const APP_INFO *a) -+{ -+ unsigned long ret; - -- if (next != NULL) { -- next->references++; -- CRYPTO_THREAD_set_local(&appinfokey, next); -- } else { -- CRYPTO_THREAD_set_local(&appinfokey, NULL); -- } -- if (--(current->references) <= 0) { -- current->next = NULL; -- if (next != NULL) -- next->references--; -- OPENSSL_free(current); -+ ret = CRYPTO_THREADID_hash(&a->threadid); -+ /* This is left in as a "who am I to question legacy?" measure */ -+ ret = ret * 17851 + (ret >> 14) * 7 + (ret >> 4) * 251; -+ return (ret); -+} -+ -+static IMPLEMENT_LHASH_HASH_FN(app_info, APP_INFO) -+ -+static APP_INFO *pop_info(void) -+{ -+ APP_INFO tmp; -+ APP_INFO *ret = NULL; -+ -+ if (amih != NULL) { -+ CRYPTO_THREADID_current(&tmp.threadid); -+ if ((ret = lh_APP_INFO_delete(amih, &tmp)) != NULL) { -+ APP_INFO *next = ret->next; -+ -+ if (next != NULL) { -+ next->references++; -+ (void)lh_APP_INFO_insert(amih, next); -+ } -+#ifdef LEVITTE_DEBUG_MEM -+ if (CRYPTO_THREADID_cmp(&ret->threadid, &tmp.threadid)) { -+ fprintf(stderr, -+ "pop_info(): deleted info has other thread ID (%lu) than the current thread (%lu)!!!!\n", -+ CRYPTO_THREADID_hash(&ret->threadid), -+ CRYPTO_THREADID_hash(&tmp.threadid)); -+ abort(); -+ } -+#endif -+ if (--(ret->references) <= 0) { -+ ret->next = NULL; -+ if (next != NULL) -+ next->references--; -+ OPENSSL_free(ret); -+ } - } -- return 1; - } -- return 0; -+ return (ret); - } - --int CRYPTO_mem_debug_push(const char *info, const char *file, int line) -+int CRYPTO_push_info_(const char *info, const char *file, int line) - { - APP_INFO *ami, *amim; - int ret = 0; - -- if (mem_check_on()) { -- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); -+ if (is_MemCheck_on()) { -+ MemCheck_off(); /* obtain MALLOC2 lock */ - -- if (!RUN_ONCE(&memdbg_init, do_memdbg_init) -- || (ami = OPENSSL_malloc(sizeof(*ami))) == NULL) -+ if ((ami = (APP_INFO *)OPENSSL_malloc(sizeof(APP_INFO))) == NULL) { -+ ret = 0; - goto err; -+ } -+ if (amih == NULL) { -+ if ((amih = lh_APP_INFO_new()) == NULL) { -+ OPENSSL_free(ami); -+ ret = 0; -+ goto err; -+ } -+ } - -- ami->threadid = CRYPTO_THREAD_get_current_id(); -+ CRYPTO_THREADID_current(&ami->threadid); - ami->file = file; - ami->line = line; - ami->info = info; - ami->references = 1; - ami->next = NULL; - -- amim = (APP_INFO *)CRYPTO_THREAD_get_local(&appinfokey); -- CRYPTO_THREAD_set_local(&appinfokey, ami); -- -- if (amim != NULL) -+ if ((amim = lh_APP_INFO_insert(amih, ami)) != NULL) { -+#ifdef LEVITTE_DEBUG_MEM -+ if (CRYPTO_THREADID_cmp(&ami->threadid, &amim->threadid)) { -+ fprintf(stderr, -+ "CRYPTO_push_info(): previous info has other thread ID (%lu) than the current thread (%lu)!!!!\n", -+ CRYPTO_THREADID_hash(&amim->threadid), -+ CRYPTO_THREADID_hash(&ami->threadid)); -+ abort(); -+ } -+#endif - ami->next = amim; -- ret = 1; -+ } - err: -- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); -+ MemCheck_on(); /* release MALLOC2 lock */ - } - - return (ret); - } - --int CRYPTO_mem_debug_pop(void) -+int CRYPTO_pop_info(void) - { - int ret = 0; - -- if (mem_check_on()) { -- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); -- ret = pop_info(); -- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); -+ if (is_MemCheck_on()) { /* _must_ be true, or something went severely -+ * wrong */ -+ MemCheck_off(); /* obtain MALLOC2 lock */ -+ -+ ret = (pop_info() != NULL); -+ -+ MemCheck_on(); /* release MALLOC2 lock */ - } - return (ret); - } - --static unsigned long break_order_num = 0; -+int CRYPTO_remove_all_info(void) -+{ -+ int ret = 0; -+ -+ if (is_MemCheck_on()) { /* _must_ be true */ -+ MemCheck_off(); /* obtain MALLOC2 lock */ -+ -+ while (pop_info() != NULL) -+ ret++; -+ -+ MemCheck_on(); /* release MALLOC2 lock */ -+ } -+ return (ret); -+} - --void CRYPTO_mem_debug_malloc(void *addr, size_t num, int before_p, -- const char *file, int line) -+static unsigned long break_order_num = 0; -+void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line, -+ int before_p) - { - MEM *m, *mm; -- APP_INFO *amim; -+ APP_INFO tmp, *amim; - - switch (before_p & 127) { - case 0: -@@ -322,17 +476,16 @@ void CRYPTO_mem_debug_malloc(void *addr, size_t num, int before_p, - if (addr == NULL) - break; - -- if (mem_check_on()) { -- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); -- -- if (!RUN_ONCE(&memdbg_init, do_memdbg_init) -- || (m = OPENSSL_malloc(sizeof(*m))) == NULL) { -+ if (is_MemCheck_on()) { -+ MemCheck_off(); /* make sure we hold MALLOC2 lock */ -+ if ((m = (MEM *)OPENSSL_malloc(sizeof(MEM))) == NULL) { - OPENSSL_free(addr); -- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); -+ MemCheck_on(); /* release MALLOC2 lock if num_disabled drops -+ * to 0 */ - return; - } - if (mh == NULL) { -- if ((mh = lh_MEM_new(mem_hash, mem_cmp)) == NULL) { -+ if ((mh = lh_MEM_new()) == NULL) { - OPENSSL_free(addr); - OPENSSL_free(m); - addr = NULL; -@@ -344,22 +497,32 @@ void CRYPTO_mem_debug_malloc(void *addr, size_t num, int before_p, - m->file = file; - m->line = line; - m->num = num; -- m->threadid = CRYPTO_THREAD_get_current_id(); -+ if (options & V_CRYPTO_MDEBUG_THREAD) -+ CRYPTO_THREADID_current(&m->threadid); -+ else -+ memset(&m->threadid, 0, sizeof(m->threadid)); - - if (order == break_order_num) { - /* BREAK HERE */ - m->order = order; - } - m->order = order++; --# ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE -- m->array_siz = backtrace(m->array, OSSL_NELEM(m->array)); --# endif -- m->time = time(NULL); -- -- amim = (APP_INFO *)CRYPTO_THREAD_get_local(&appinfokey); -- m->app_info = amim; -- if (amim != NULL) -+#ifdef LEVITTE_DEBUG_MEM -+ fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5ld] %c 0x%p (%d)\n", -+ m->order, (before_p & 128) ? '*' : '+', m->addr, m->num); -+#endif -+ if (options & V_CRYPTO_MDEBUG_TIME) -+ m->time = time(NULL); -+ else -+ m->time = 0; -+ -+ CRYPTO_THREADID_current(&tmp.threadid); -+ m->app_info = NULL; -+ if (amih != NULL -+ && (amim = lh_APP_INFO_retrieve(amih, &tmp)) != NULL) { -+ m->app_info = amim; - amim->references++; -+ } - - if ((mm = lh_MEM_insert(mh, m)) != NULL) { - /* Not good, but don't sweat it */ -@@ -369,15 +532,15 @@ void CRYPTO_mem_debug_malloc(void *addr, size_t num, int before_p, - OPENSSL_free(mm); - } - err: -- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); -+ MemCheck_on(); /* release MALLOC2 lock if num_disabled drops -+ * to 0 */ - } - break; - } - return; - } - --void CRYPTO_mem_debug_free(void *addr, int before_p, -- const char *file, int line) -+void CRYPTO_dbg_free(void *addr, int before_p) - { - MEM m, *mp; - -@@ -386,17 +549,23 @@ void CRYPTO_mem_debug_free(void *addr, int before_p, - if (addr == NULL) - break; - -- if (mem_check_on() && (mh != NULL)) { -- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); -+ if (is_MemCheck_on() && (mh != NULL)) { -+ MemCheck_off(); /* make sure we hold MALLOC2 lock */ - - m.addr = addr; - mp = lh_MEM_delete(mh, &m); - if (mp != NULL) { -- app_info_free(mp->app_info); -+#ifdef LEVITTE_DEBUG_MEM -+ fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5ld] - 0x%p (%d)\n", -+ mp->order, mp->addr, mp->num); -+#endif -+ if (mp->app_info != NULL) -+ app_info_free(mp->app_info); - OPENSSL_free(mp); - } - -- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); -+ MemCheck_on(); /* release MALLOC2 lock if num_disabled drops -+ * to 0 */ - } - break; - case 1: -@@ -404,11 +573,17 @@ void CRYPTO_mem_debug_free(void *addr, int before_p, - } - } - --void CRYPTO_mem_debug_realloc(void *addr1, void *addr2, size_t num, -- int before_p, const char *file, int line) -+void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num, -+ const char *file, int line, int before_p) - { - MEM m, *mp; - -+#ifdef LEVITTE_DEBUG_MEM -+ fprintf(stderr, -+ "LEVITTE_DEBUG_MEM: --> CRYPTO_dbg_malloc(addr1 = %p, addr2 = %p, num = %d, file = \"%s\", line = %d, before_p = %d)\n", -+ addr1, addr2, num, file, line, before_p); -+#endif -+ - switch (before_p) { - case 0: - break; -@@ -417,25 +592,28 @@ void CRYPTO_mem_debug_realloc(void *addr1, void *addr2, size_t num, - break; - - if (addr1 == NULL) { -- CRYPTO_mem_debug_malloc(addr2, num, 128 | before_p, file, line); -+ CRYPTO_dbg_malloc(addr2, num, file, line, 128 | before_p); - break; - } - -- if (mem_check_on()) { -- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); -+ if (is_MemCheck_on()) { -+ MemCheck_off(); /* make sure we hold MALLOC2 lock */ - - m.addr = addr1; - mp = lh_MEM_delete(mh, &m); - if (mp != NULL) { -+#ifdef LEVITTE_DEBUG_MEM -+ fprintf(stderr, -+ "LEVITTE_DEBUG_MEM: [%5ld] * 0x%p (%d) -> 0x%p (%d)\n", -+ mp->order, mp->addr, mp->num, addr2, num); -+#endif - mp->addr = addr2; - mp->num = num; --#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE -- mp->array_siz = backtrace(mp->array, OSSL_NELEM(mp->array)); --#endif - (void)lh_MEM_insert(mh, mp); - } - -- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); -+ MemCheck_on(); /* release MALLOC2 lock if num_disabled drops -+ * to 0 */ - } - break; - } -@@ -448,42 +626,40 @@ typedef struct mem_leak_st { - long bytes; - } MEM_LEAK; - --static void print_leak(const MEM *m, MEM_LEAK *l) -+static void print_leak_doall_arg(const MEM *m, MEM_LEAK *l) - { - char buf[1024]; - char *bufp = buf; - APP_INFO *amip; - int ami_cnt; - struct tm *lcl = NULL; -- /* -- * Convert between CRYPTO_THREAD_ID (which could be anything at all) and -- * a long. This may not be meaningful depending on what CRYPTO_THREAD_ID is -- * but hopefully should give something sensible on most platforms -- */ -- union { -- CRYPTO_THREAD_ID tid; -- unsigned long ltid; -- } tid; -- CRYPTO_THREAD_ID ti; -+ CRYPTO_THREADID ti; - - #define BUF_REMAIN (sizeof buf - (size_t)(bufp - buf)) - -- lcl = localtime(&m->time); -- BIO_snprintf(bufp, BUF_REMAIN, "[%02d:%02d:%02d] ", -- lcl->tm_hour, lcl->tm_min, lcl->tm_sec); -- bufp += strlen(bufp); -+ if (m->addr == (char *)l->bio) -+ return; -+ -+ if (options & V_CRYPTO_MDEBUG_TIME) { -+ lcl = localtime(&m->time); -+ -+ BIO_snprintf(bufp, BUF_REMAIN, "[%02d:%02d:%02d] ", -+ lcl->tm_hour, lcl->tm_min, lcl->tm_sec); -+ bufp += strlen(bufp); -+ } - - BIO_snprintf(bufp, BUF_REMAIN, "%5lu file=%s, line=%d, ", - m->order, m->file, m->line); - bufp += strlen(bufp); - -- tid.ltid = 0; -- tid.tid = m->threadid; -- BIO_snprintf(bufp, BUF_REMAIN, "thread=%lu, ", tid.ltid); -- bufp += strlen(bufp); -+ if (options & V_CRYPTO_MDEBUG_THREAD) { -+ BIO_snprintf(bufp, BUF_REMAIN, "thread=%lu, ", -+ CRYPTO_THREADID_hash(&m->threadid)); -+ bufp += strlen(bufp); -+ } - -- BIO_snprintf(bufp, BUF_REMAIN, "number=%d, address=%p\n", -- m->num, m->addr); -+ BIO_snprintf(bufp, BUF_REMAIN, "number=%d, address=%08lX\n", -+ m->num, (unsigned long)m->addr); - bufp += strlen(bufp); - - BIO_puts(l->bio, buf); -@@ -493,137 +669,162 @@ static void print_leak(const MEM *m, MEM_LEAK *l) - - amip = m->app_info; - ami_cnt = 0; -- -- if (amip) { -- ti = amip->threadid; -- -- do { -- int buf_len; -- int info_len; -- -- ami_cnt++; -- memset(buf, '>', ami_cnt); -- tid.ltid = 0; -- tid.tid = amip->threadid; -- BIO_snprintf(buf + ami_cnt, sizeof buf - ami_cnt, -- " thread=%lu, file=%s, line=%d, info=\"", -- tid.ltid, amip->file, -- amip->line); -+ if (!amip) -+ return; -+ CRYPTO_THREADID_cpy(&ti, &amip->threadid); -+ -+ do { -+ int buf_len; -+ int info_len; -+ -+ ami_cnt++; -+ memset(buf, '>', ami_cnt); -+ BIO_snprintf(buf + ami_cnt, sizeof buf - ami_cnt, -+ " thread=%lu, file=%s, line=%d, info=\"", -+ CRYPTO_THREADID_hash(&amip->threadid), amip->file, -+ amip->line); -+ buf_len = strlen(buf); -+ info_len = strlen(amip->info); -+ if (128 - buf_len - 3 < info_len) { -+ memcpy(buf + buf_len, amip->info, 128 - buf_len - 3); -+ buf_len = 128 - 3; -+ } else { -+ BUF_strlcpy(buf + buf_len, amip->info, sizeof buf - buf_len); - buf_len = strlen(buf); -- info_len = strlen(amip->info); -- if (128 - buf_len - 3 < info_len) { -- memcpy(buf + buf_len, amip->info, 128 - buf_len - 3); -- buf_len = 128 - 3; -- } else { -- OPENSSL_strlcpy(buf + buf_len, amip->info, sizeof buf - buf_len); -- buf_len = strlen(buf); -- } -- BIO_snprintf(buf + buf_len, sizeof buf - buf_len, "\"\n"); -+ } -+ BIO_snprintf(buf + buf_len, sizeof buf - buf_len, "\"\n"); - -- BIO_puts(l->bio, buf); -+ BIO_puts(l->bio, buf); - -- amip = amip->next; -- } -- while (amip && CRYPTO_THREAD_compare_id(amip->threadid, ti)); -+ amip = amip->next; - } -+ while (amip && !CRYPTO_THREADID_cmp(&amip->threadid, &ti)); - --#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE -- { -- size_t i; -- char **strings = backtrace_symbols(m->array, m->array_siz); -- -- for (i = 0; i < m->array_siz; i++) -- fprintf(stderr, "##> %s\n", strings[i]); -- free(strings); -+#ifdef LEVITTE_DEBUG_MEM -+ if (amip) { -+ fprintf(stderr, "Thread switch detected in backtrace!!!!\n"); -+ abort(); - } - #endif - } - --IMPLEMENT_LHASH_DOALL_ARG_CONST(MEM, MEM_LEAK); -+static IMPLEMENT_LHASH_DOALL_ARG_FN(print_leak, const MEM, MEM_LEAK) - --int CRYPTO_mem_leaks(BIO *b) -+void CRYPTO_mem_leaks(BIO *b) - { - MEM_LEAK ml; - -- /* -- * OPENSSL_cleanup() will free the ex_data locks so we can't have any -- * ex_data hanging around -- */ -- bio_free_ex_data(b); -- -- /* Ensure all resources are released */ -- OPENSSL_cleanup(); -- -- if (!RUN_ONCE(&memdbg_init, do_memdbg_init)) -- return -1; -+ if (mh == NULL && amih == NULL) -+ return; - -- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); -+ MemCheck_off(); /* obtain MALLOC2 lock */ - - ml.bio = b; - ml.bytes = 0; - ml.chunks = 0; - if (mh != NULL) -- lh_MEM_doall_MEM_LEAK(mh, print_leak, &ml); -- -+ lh_MEM_doall_arg(mh, LHASH_DOALL_ARG_FN(print_leak), MEM_LEAK, &ml); - if (ml.chunks != 0) { - BIO_printf(b, "%ld bytes leaked in %d chunks\n", ml.bytes, ml.chunks); -+#ifdef CRYPTO_MDEBUG_ABORT -+ abort(); -+#endif - } else { - /* - * Make sure that, if we found no leaks, memory-leak debugging itself - * does not introduce memory leaks (which might irritate external - * debugging tools). (When someone enables leak checking, but does not -- * call this function, we declare it to be their fault.) -+ * call this function, we declare it to be their fault.) XXX This -+ * should be in CRYPTO_mem_leaks_cb, and CRYPTO_mem_leaks should be -+ * implemented by using CRYPTO_mem_leaks_cb. (Also there should be a -+ * variant of lh_doall_arg that takes a function pointer instead of a -+ * void *; this would obviate the ugly and illegal void_fn_to_char -+ * kludge in CRYPTO_mem_leaks_cb. Otherwise the code police will come -+ * and get us.) - */ - int old_mh_mode; - -- CRYPTO_THREAD_write_lock(malloc_lock); -+ CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); - - /* -- * avoid deadlock when lh_free() uses CRYPTO_mem_debug_free(), which uses -- * mem_check_on -+ * avoid deadlock when lh_free() uses CRYPTO_dbg_free(), which uses -+ * CRYPTO_is_mem_check_on - */ - old_mh_mode = mh_mode; - mh_mode = CRYPTO_MEM_CHECK_OFF; - -- lh_MEM_free(mh); -- mh = NULL; -+ if (mh != NULL) { -+ lh_MEM_free(mh); -+ mh = NULL; -+ } -+ if (amih != NULL) { -+ if (lh_APP_INFO_num_items(amih) == 0) { -+ lh_APP_INFO_free(amih); -+ amih = NULL; -+ } -+ } - - mh_mode = old_mh_mode; -- CRYPTO_THREAD_unlock(malloc_lock); -+ CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC); - } -- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF); -- -- /* Clean up locks etc */ -- CRYPTO_THREAD_cleanup_local(&appinfokey); -- CRYPTO_THREAD_lock_free(malloc_lock); -- CRYPTO_THREAD_lock_free(long_malloc_lock); -- malloc_lock = NULL; -- long_malloc_lock = NULL; -- -- return ml.chunks == 0 ? 1 : 0; -+ MemCheck_on(); /* release MALLOC2 lock */ - } - --# ifndef OPENSSL_NO_STDIO --int CRYPTO_mem_leaks_fp(FILE *fp) -+#ifndef OPENSSL_NO_FP_API -+void CRYPTO_mem_leaks_fp(FILE *fp) - { - BIO *b; -- int ret; - -+ if (mh == NULL) -+ return; - /* - * Need to turn off memory checking when allocated BIOs ... especially as - * we're creating them at a time when we're trying to check we've not - * left anything un-free()'d!! - */ -- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); -+ MemCheck_off(); - b = BIO_new(BIO_s_file()); -- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); -- if (b == NULL) -- return -1; -+ MemCheck_on(); -+ if (!b) -+ return; - BIO_set_fp(b, fp, BIO_NOCLOSE); -- ret = CRYPTO_mem_leaks(b); -+ CRYPTO_mem_leaks(b); - BIO_free(b); -- return ret; - } --# endif -- - #endif -+ -+/* -+ * FIXME: We really don't allow much to the callback. For example, it has no -+ * chance of reaching the info stack for the item it processes. Should it -+ * really be this way? -- Richard Levitte -+ */ -+/* -+ * NB: The prototypes have been typedef'd to CRYPTO_MEM_LEAK_CB inside -+ * crypto.h If this code is restructured, remove the callback type if it is -+ * no longer needed. -- Geoff Thorpe -+ */ -+ -+/* -+ * Can't pass CRYPTO_MEM_LEAK_CB directly to lh_MEM_doall_arg because it is a -+ * function pointer and conversion to void * is prohibited. Instead pass its -+ * address -+ */ -+ -+typedef CRYPTO_MEM_LEAK_CB *PCRYPTO_MEM_LEAK_CB; -+ -+static void cb_leak_doall_arg(const MEM *m, PCRYPTO_MEM_LEAK_CB *cb) -+{ -+ (*cb) (m->order, m->file, m->line, m->num, m->addr); -+} -+ -+static IMPLEMENT_LHASH_DOALL_ARG_FN(cb_leak, const MEM, PCRYPTO_MEM_LEAK_CB) -+ -+void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb) -+{ -+ if (mh == NULL) -+ return; -+ CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2); -+ lh_MEM_doall_arg(mh, LHASH_DOALL_ARG_FN(cb_leak), PCRYPTO_MEM_LEAK_CB, -+ &cb); -+ CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2); -+} -diff --git a/Cryptlib/OpenSSL/crypto/mem_sec.c b/Cryptlib/OpenSSL/crypto/mem_sec.c -deleted file mode 100644 -index 0c79b43..0000000 ---- a/Cryptlib/OpenSSL/crypto/mem_sec.c -+++ /dev/null -@@ -1,585 +0,0 @@ --/* -- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --/* -- * Copyright 2004-2014, Akamai Technologies. All Rights Reserved. -- * This file is distributed under the terms of the OpenSSL license. -- */ -- --/* -- * This file is in two halves. The first half implements the public API -- * to be used by external consumers, and to be used by OpenSSL to store -- * data in a "secure arena." The second half implements the secure arena. -- * For details on that implementation, see below (look for uppercase -- * "SECURE HEAP IMPLEMENTATION"). -- */ --#include --#include -- --#include -- --#if defined(OPENSSL_SYS_LINUX) || defined(OPENSSL_SYS_UNIX) --# define IMPLEMENTED --# include --# include --# include --# include --# include --# include --# include --# include --#endif -- --#define CLEAR(p, s) OPENSSL_cleanse(p, s) --#ifndef PAGE_SIZE --# define PAGE_SIZE 4096 --#endif -- --#ifdef IMPLEMENTED --static size_t secure_mem_used; -- --static int secure_mem_initialized; -- --static CRYPTO_RWLOCK *sec_malloc_lock = NULL; -- --/* -- * These are the functions that must be implemented by a secure heap (sh). -- */ --static int sh_init(size_t size, int minsize); --static char *sh_malloc(size_t size); --static void sh_free(char *ptr); --static void sh_done(void); --static size_t sh_actual_size(char *ptr); --static int sh_allocated(const char *ptr); --#endif -- --int CRYPTO_secure_malloc_init(size_t size, int minsize) --{ --#ifdef IMPLEMENTED -- int ret = 0; -- -- if (!secure_mem_initialized) { -- sec_malloc_lock = CRYPTO_THREAD_lock_new(); -- if (sec_malloc_lock == NULL) -- return 0; -- ret = sh_init(size, minsize); -- secure_mem_initialized = 1; -- } -- -- return ret; --#else -- return 0; --#endif /* IMPLEMENTED */ --} -- --int CRYPTO_secure_malloc_done() --{ --#ifdef IMPLEMENTED -- if (secure_mem_used == 0) { -- sh_done(); -- secure_mem_initialized = 0; -- CRYPTO_THREAD_lock_free(sec_malloc_lock); -- return 1; -- } --#endif /* IMPLEMENTED */ -- return 0; --} -- --int CRYPTO_secure_malloc_initialized() --{ --#ifdef IMPLEMENTED -- return secure_mem_initialized; --#else -- return 0; --#endif /* IMPLEMENTED */ --} -- --void *CRYPTO_secure_malloc(size_t num, const char *file, int line) --{ --#ifdef IMPLEMENTED -- void *ret; -- size_t actual_size; -- -- if (!secure_mem_initialized) { -- return CRYPTO_malloc(num, file, line); -- } -- CRYPTO_THREAD_write_lock(sec_malloc_lock); -- ret = sh_malloc(num); -- actual_size = ret ? sh_actual_size(ret) : 0; -- secure_mem_used += actual_size; -- CRYPTO_THREAD_unlock(sec_malloc_lock); -- return ret; --#else -- return CRYPTO_malloc(num, file, line); --#endif /* IMPLEMENTED */ --} -- --void *CRYPTO_secure_zalloc(size_t num, const char *file, int line) --{ -- void *ret = CRYPTO_secure_malloc(num, file, line); -- -- if (ret != NULL) -- memset(ret, 0, num); -- return ret; --} -- --void CRYPTO_secure_free(void *ptr, const char *file, int line) --{ --#ifdef IMPLEMENTED -- size_t actual_size; -- -- if (ptr == NULL) -- return; -- if (!CRYPTO_secure_allocated(ptr)) { -- CRYPTO_free(ptr, file, line); -- return; -- } -- CRYPTO_THREAD_write_lock(sec_malloc_lock); -- actual_size = sh_actual_size(ptr); -- CLEAR(ptr, actual_size); -- secure_mem_used -= actual_size; -- sh_free(ptr); -- CRYPTO_THREAD_unlock(sec_malloc_lock); --#else -- CRYPTO_free(ptr, file, line); --#endif /* IMPLEMENTED */ --} -- --int CRYPTO_secure_allocated(const void *ptr) --{ --#ifdef IMPLEMENTED -- int ret; -- -- if (!secure_mem_initialized) -- return 0; -- CRYPTO_THREAD_write_lock(sec_malloc_lock); -- ret = sh_allocated(ptr); -- CRYPTO_THREAD_unlock(sec_malloc_lock); -- return ret; --#else -- return 0; --#endif /* IMPLEMENTED */ --} -- --size_t CRYPTO_secure_used() --{ --#ifdef IMPLEMENTED -- return secure_mem_used; --#else -- return 0; --#endif /* IMPLEMENTED */ --} -- --size_t CRYPTO_secure_actual_size(void *ptr) --{ --#ifdef IMPLEMENTED -- size_t actual_size; -- -- CRYPTO_THREAD_write_lock(sec_malloc_lock); -- actual_size = sh_actual_size(ptr); -- CRYPTO_THREAD_unlock(sec_malloc_lock); -- return actual_size; --#else -- return 0; --#endif --} --/* END OF PAGE ... -- -- ... START OF PAGE */ -- --/* -- * SECURE HEAP IMPLEMENTATION -- */ --#ifdef IMPLEMENTED -- -- --/* -- * The implementation provided here uses a fixed-sized mmap() heap, -- * which is locked into memory, not written to core files, and protected -- * on either side by an unmapped page, which will catch pointer overruns -- * (or underruns) and an attempt to read data out of the secure heap. -- * Free'd memory is zero'd or otherwise cleansed. -- * -- * This is a pretty standard buddy allocator. We keep areas in a multiple -- * of "sh.minsize" units. The freelist and bitmaps are kept separately, -- * so all (and only) data is kept in the mmap'd heap. -- * -- * This code assumes eight-bit bytes. The numbers 3 and 7 are all over the -- * place. -- */ -- --#define ONE ((size_t)1) -- --# define TESTBIT(t, b) (t[(b) >> 3] & (ONE << ((b) & 7))) --# define SETBIT(t, b) (t[(b) >> 3] |= (ONE << ((b) & 7))) --# define CLEARBIT(t, b) (t[(b) >> 3] &= (0xFF & ~(ONE << ((b) & 7)))) -- --#define WITHIN_ARENA(p) \ -- ((char*)(p) >= sh.arena && (char*)(p) < &sh.arena[sh.arena_size]) --#define WITHIN_FREELIST(p) \ -- ((char*)(p) >= (char*)sh.freelist && (char*)(p) < (char*)&sh.freelist[sh.freelist_size]) -- -- --typedef struct sh_list_st --{ -- struct sh_list_st *next; -- struct sh_list_st **p_next; --} SH_LIST; -- --typedef struct sh_st --{ -- char* map_result; -- size_t map_size; -- char *arena; -- size_t arena_size; -- char **freelist; -- ossl_ssize_t freelist_size; -- size_t minsize; -- unsigned char *bittable; -- unsigned char *bitmalloc; -- size_t bittable_size; /* size in bits */ --} SH; -- --static SH sh; -- --static size_t sh_getlist(char *ptr) --{ -- ossl_ssize_t list = sh.freelist_size - 1; -- size_t bit = (sh.arena_size + ptr - sh.arena) / sh.minsize; -- -- for (; bit; bit >>= 1, list--) { -- if (TESTBIT(sh.bittable, bit)) -- break; -- OPENSSL_assert((bit & 1) == 0); -- } -- -- return list; --} -- -- --static int sh_testbit(char *ptr, int list, unsigned char *table) --{ -- size_t bit; -- -- OPENSSL_assert(list >= 0 && list < sh.freelist_size); -- OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0); -- bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list)); -- OPENSSL_assert(bit > 0 && bit < sh.bittable_size); -- return TESTBIT(table, bit); --} -- --static void sh_clearbit(char *ptr, int list, unsigned char *table) --{ -- size_t bit; -- -- OPENSSL_assert(list >= 0 && list < sh.freelist_size); -- OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0); -- bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list)); -- OPENSSL_assert(bit > 0 && bit < sh.bittable_size); -- OPENSSL_assert(TESTBIT(table, bit)); -- CLEARBIT(table, bit); --} -- --static void sh_setbit(char *ptr, int list, unsigned char *table) --{ -- size_t bit; -- -- OPENSSL_assert(list >= 0 && list < sh.freelist_size); -- OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0); -- bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list)); -- OPENSSL_assert(bit > 0 && bit < sh.bittable_size); -- OPENSSL_assert(!TESTBIT(table, bit)); -- SETBIT(table, bit); --} -- --static void sh_add_to_list(char **list, char *ptr) --{ -- SH_LIST *temp; -- -- OPENSSL_assert(WITHIN_FREELIST(list)); -- OPENSSL_assert(WITHIN_ARENA(ptr)); -- -- temp = (SH_LIST *)ptr; -- temp->next = *(SH_LIST **)list; -- OPENSSL_assert(temp->next == NULL || WITHIN_ARENA(temp->next)); -- temp->p_next = (SH_LIST **)list; -- -- if (temp->next != NULL) { -- OPENSSL_assert((char **)temp->next->p_next == list); -- temp->next->p_next = &(temp->next); -- } -- -- *list = ptr; --} -- --static void sh_remove_from_list(char *ptr) --{ -- SH_LIST *temp, *temp2; -- -- temp = (SH_LIST *)ptr; -- if (temp->next != NULL) -- temp->next->p_next = temp->p_next; -- *temp->p_next = temp->next; -- if (temp->next == NULL) -- return; -- -- temp2 = temp->next; -- OPENSSL_assert(WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)); --} -- -- --static int sh_init(size_t size, int minsize) --{ -- int i, ret; -- size_t pgsize; -- size_t aligned; -- -- memset(&sh, 0, sizeof sh); -- -- /* make sure size and minsize are powers of 2 */ -- OPENSSL_assert(size > 0); -- OPENSSL_assert((size & (size - 1)) == 0); -- OPENSSL_assert(minsize > 0); -- OPENSSL_assert((minsize & (minsize - 1)) == 0); -- if (size <= 0 || (size & (size - 1)) != 0) -- goto err; -- if (minsize <= 0 || (minsize & (minsize - 1)) != 0) -- goto err; -- -- sh.arena_size = size; -- sh.minsize = minsize; -- sh.bittable_size = (sh.arena_size / sh.minsize) * 2; -- -- /* Prevent allocations of size 0 later on */ -- if (sh.bittable_size >> 3 == 0) -- goto err; -- -- sh.freelist_size = -1; -- for (i = sh.bittable_size; i; i >>= 1) -- sh.freelist_size++; -- -- sh.freelist = OPENSSL_zalloc(sh.freelist_size * sizeof (char *)); -- OPENSSL_assert(sh.freelist != NULL); -- if (sh.freelist == NULL) -- goto err; -- -- sh.bittable = OPENSSL_zalloc(sh.bittable_size >> 3); -- OPENSSL_assert(sh.bittable != NULL); -- if (sh.bittable == NULL) -- goto err; -- -- sh.bitmalloc = OPENSSL_zalloc(sh.bittable_size >> 3); -- OPENSSL_assert(sh.bitmalloc != NULL); -- if (sh.bitmalloc == NULL) -- goto err; -- -- /* Allocate space for heap, and two extra pages as guards */ --#if defined(_SC_PAGE_SIZE) || defined (_SC_PAGESIZE) -- { --# if defined(_SC_PAGE_SIZE) -- long tmppgsize = sysconf(_SC_PAGE_SIZE); --# else -- long tmppgsize = sysconf(_SC_PAGESIZE); --# endif -- if (tmppgsize < 1) -- pgsize = PAGE_SIZE; -- else -- pgsize = (size_t)tmppgsize; -- } --#else -- pgsize = PAGE_SIZE; --#endif -- sh.map_size = pgsize + sh.arena_size + pgsize; -- if (1) { --#ifdef MAP_ANON -- sh.map_result = mmap(NULL, sh.map_size, -- PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE, -1, 0); -- } else { --#endif -- int fd; -- -- sh.map_result = MAP_FAILED; -- if ((fd = open("/dev/zero", O_RDWR)) >= 0) { -- sh.map_result = mmap(NULL, sh.map_size, -- PROT_READ|PROT_WRITE, MAP_PRIVATE, fd, 0); -- close(fd); -- } -- } -- OPENSSL_assert(sh.map_result != MAP_FAILED); -- if (sh.map_result == MAP_FAILED) -- goto err; -- sh.arena = (char *)(sh.map_result + pgsize); -- sh_setbit(sh.arena, 0, sh.bittable); -- sh_add_to_list(&sh.freelist[0], sh.arena); -- -- /* Now try to add guard pages and lock into memory. */ -- ret = 1; -- -- /* Starting guard is already aligned from mmap. */ -- if (mprotect(sh.map_result, pgsize, PROT_NONE) < 0) -- ret = 2; -- -- /* Ending guard page - need to round up to page boundary */ -- aligned = (pgsize + sh.arena_size + (pgsize - 1)) & ~(pgsize - 1); -- if (mprotect(sh.map_result + aligned, pgsize, PROT_NONE) < 0) -- ret = 2; -- -- if (mlock(sh.arena, sh.arena_size) < 0) -- ret = 2; --#ifdef MADV_DONTDUMP -- if (madvise(sh.arena, sh.arena_size, MADV_DONTDUMP) < 0) -- ret = 2; --#endif -- -- return ret; -- -- err: -- sh_done(); -- return 0; --} -- --static void sh_done() --{ -- OPENSSL_free(sh.freelist); -- OPENSSL_free(sh.bittable); -- OPENSSL_free(sh.bitmalloc); -- if (sh.map_result != NULL && sh.map_size) -- munmap(sh.map_result, sh.map_size); -- memset(&sh, 0, sizeof sh); --} -- --static int sh_allocated(const char *ptr) --{ -- return WITHIN_ARENA(ptr) ? 1 : 0; --} -- --static char *sh_find_my_buddy(char *ptr, int list) --{ -- size_t bit; -- char *chunk = NULL; -- -- bit = (ONE << list) + (ptr - sh.arena) / (sh.arena_size >> list); -- bit ^= 1; -- -- if (TESTBIT(sh.bittable, bit) && !TESTBIT(sh.bitmalloc, bit)) -- chunk = sh.arena + ((bit & ((ONE << list) - 1)) * (sh.arena_size >> list)); -- -- return chunk; --} -- --static char *sh_malloc(size_t size) --{ -- ossl_ssize_t list, slist; -- size_t i; -- char *chunk; -- -- list = sh.freelist_size - 1; -- for (i = sh.minsize; i < size; i <<= 1) -- list--; -- if (list < 0) -- return NULL; -- -- /* try to find a larger entry to split */ -- for (slist = list; slist >= 0; slist--) -- if (sh.freelist[slist] != NULL) -- break; -- if (slist < 0) -- return NULL; -- -- /* split larger entry */ -- while (slist != list) { -- char *temp = sh.freelist[slist]; -- -- /* remove from bigger list */ -- OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc)); -- sh_clearbit(temp, slist, sh.bittable); -- sh_remove_from_list(temp); -- OPENSSL_assert(temp != sh.freelist[slist]); -- -- /* done with bigger list */ -- slist++; -- -- /* add to smaller list */ -- OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc)); -- sh_setbit(temp, slist, sh.bittable); -- sh_add_to_list(&sh.freelist[slist], temp); -- OPENSSL_assert(sh.freelist[slist] == temp); -- -- /* split in 2 */ -- temp += sh.arena_size >> slist; -- OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc)); -- sh_setbit(temp, slist, sh.bittable); -- sh_add_to_list(&sh.freelist[slist], temp); -- OPENSSL_assert(sh.freelist[slist] == temp); -- -- OPENSSL_assert(temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)); -- } -- -- /* peel off memory to hand back */ -- chunk = sh.freelist[list]; -- OPENSSL_assert(sh_testbit(chunk, list, sh.bittable)); -- sh_setbit(chunk, list, sh.bitmalloc); -- sh_remove_from_list(chunk); -- -- OPENSSL_assert(WITHIN_ARENA(chunk)); -- -- return chunk; --} -- --static void sh_free(char *ptr) --{ -- size_t list; -- char *buddy; -- -- if (ptr == NULL) -- return; -- OPENSSL_assert(WITHIN_ARENA(ptr)); -- if (!WITHIN_ARENA(ptr)) -- return; -- -- list = sh_getlist(ptr); -- OPENSSL_assert(sh_testbit(ptr, list, sh.bittable)); -- sh_clearbit(ptr, list, sh.bitmalloc); -- sh_add_to_list(&sh.freelist[list], ptr); -- -- /* Try to coalesce two adjacent free areas. */ -- while ((buddy = sh_find_my_buddy(ptr, list)) != NULL) { -- OPENSSL_assert(ptr == sh_find_my_buddy(buddy, list)); -- OPENSSL_assert(ptr != NULL); -- OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc)); -- sh_clearbit(ptr, list, sh.bittable); -- sh_remove_from_list(ptr); -- OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc)); -- sh_clearbit(buddy, list, sh.bittable); -- sh_remove_from_list(buddy); -- -- list--; -- -- if (ptr > buddy) -- ptr = buddy; -- -- OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc)); -- sh_setbit(ptr, list, sh.bittable); -- sh_add_to_list(&sh.freelist[list], ptr); -- OPENSSL_assert(sh.freelist[list] == ptr); -- } --} -- --static size_t sh_actual_size(char *ptr) --{ -- int list; -- -- OPENSSL_assert(WITHIN_ARENA(ptr)); -- if (!WITHIN_ARENA(ptr)) -- return 0; -- list = sh_getlist(ptr); -- OPENSSL_assert(sh_testbit(ptr, list, sh.bittable)); -- return sh.arena_size / (ONE << list); --} --#endif /* IMPLEMENTED */ -diff --git a/Cryptlib/OpenSSL/crypto/modes/cbc128.c b/Cryptlib/OpenSSL/crypto/modes/cbc128.c -index 4c9bc85..c13caea 100644 ---- a/Cryptlib/OpenSSL/crypto/modes/cbc128.c -+++ b/Cryptlib/OpenSSL/crypto/modes/cbc128.c -@@ -1,16 +1,64 @@ --/* -- * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* ==================================================================== -+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include - #include "modes_lcl.h" - #include - -+#ifndef MODES_DEBUG -+# ifndef NDEBUG -+# define NDEBUG -+# endif -+#endif -+#include -+ - #if !defined(STRICT_ALIGNMENT) && !defined(PEDANTIC) - # define STRICT_ALIGNMENT 0 - #endif -@@ -22,6 +70,8 @@ void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out, - size_t n; - const unsigned char *iv = ivec; - -+ assert(in && out && key && ivec); -+ - #if !defined(OPENSSL_SMALL_FOOTPRINT) - if (STRICT_ALIGNMENT && - ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) { -@@ -73,6 +123,8 @@ void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, - unsigned char c[16]; - } tmp; - -+ assert(in && out && key && ivec); -+ - #if !defined(OPENSSL_SMALL_FOOTPRINT) - if (in != out) { - const unsigned char *iv = ivec; -diff --git a/Cryptlib/OpenSSL/crypto/modes/ccm128.c b/Cryptlib/OpenSSL/crypto/modes/ccm128.c -index 85ce84f..c1ded0f 100644 ---- a/Cryptlib/OpenSSL/crypto/modes/ccm128.c -+++ b/Cryptlib/OpenSSL/crypto/modes/ccm128.c -@@ -1,16 +1,63 @@ --/* -- * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* ==================================================================== -+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== - */ - - #include - #include "modes_lcl.h" - #include - -+#ifndef MODES_DEBUG -+# ifndef NDEBUG -+# define NDEBUG -+# endif -+#endif -+#include -+ - /* - * First you setup M and L parameters and pass the key schedule. This is - * called once per session setup... -diff --git a/Cryptlib/OpenSSL/crypto/modes/cfb128.c b/Cryptlib/OpenSSL/crypto/modes/cfb128.c -index e439567..d4ecbd0 100644 ---- a/Cryptlib/OpenSSL/crypto/modes/cfb128.c -+++ b/Cryptlib/OpenSSL/crypto/modes/cfb128.c -@@ -1,16 +1,64 @@ --/* -- * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* ==================================================================== -+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include - #include "modes_lcl.h" - #include - -+#ifndef MODES_DEBUG -+# ifndef NDEBUG -+# define NDEBUG -+# endif -+#endif -+#include -+ - /* - * The input and output encrypted as though 128bit cfb mode is being used. - * The extra state information to record how much of the 128bit block we have -@@ -24,6 +72,8 @@ void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out, - unsigned int n; - size_t l = 0; - -+ assert(in && out && key && ivec && num); -+ - n = *num; - - if (enc) { -@@ -140,7 +190,7 @@ static void cfbr_encrypt_block(const unsigned char *in, unsigned char *out, - block128_f block) - { - int n, rem, num; -- unsigned char ovec[16 * 2 + 1]; /* +1 because we dereference (but don't -+ unsigned char ovec[16 * 2 + 1]; /* +1 because we dererefence (but don't - * use) one byte off the end */ - - if (nbits <= 0 || nbits > 128) -@@ -178,6 +228,9 @@ void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out, - size_t n; - unsigned char c[1], d[1]; - -+ assert(in && out && key && ivec && num); -+ assert(*num == 0); -+ - for (n = 0; n < bits; ++n) { - c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0; - cfbr_encrypt_block(c, d, 1, key, ivec, enc, block); -@@ -193,6 +246,9 @@ void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out, - { - size_t n; - -+ assert(in && out && key && ivec && num); -+ assert(*num == 0); -+ - for (n = 0; n < length; ++n) - cfbr_encrypt_block(&in[n], &out[n], 8, key, ivec, enc, block); - } -diff --git a/Cryptlib/OpenSSL/crypto/modes/ctr128.c b/Cryptlib/OpenSSL/crypto/modes/ctr128.c -index 03920b4..d4b2272 100644 ---- a/Cryptlib/OpenSSL/crypto/modes/ctr128.c -+++ b/Cryptlib/OpenSSL/crypto/modes/ctr128.c -@@ -1,16 +1,64 @@ --/* -- * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* ==================================================================== -+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include - #include "modes_lcl.h" - #include - -+#ifndef MODES_DEBUG -+# ifndef NDEBUG -+# define NDEBUG -+# endif -+#endif -+#include -+ - /* - * NOTE: the IV/counter CTR mode is big-endian. The code itself is - * endian-neutral. -@@ -65,7 +113,7 @@ static void ctr128_inc_aligned(unsigned char *counter) - * before the first call to CRYPTO_ctr128_encrypt(). This algorithm assumes - * that the counter is in the x lower bits of the IV (ivec), and that the - * application has full control over overflow and the rest of the IV. This -- * implementation takes NO responsibility for checking that the counter -+ * implementation takes NO responsability for checking that the counter - * doesn't overflow into the rest of the IV when incremented. - */ - void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out, -@@ -77,6 +125,9 @@ void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out, - unsigned int n; - size_t l = 0; - -+ assert(in && out && key && ecount_buf && num); -+ assert(*num < 16); -+ - n = *num; - - #if !defined(OPENSSL_SMALL_FOOTPRINT) -@@ -152,6 +203,9 @@ void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out, - { - unsigned int n, ctr32; - -+ assert(in && out && key && ecount_buf && num); -+ assert(*num < 16); -+ - n = *num; - - while (n && len) { -@@ -184,7 +238,7 @@ void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out, - (*func) (in, out, blocks, key, ivec); - /* (*ctr) does not update ivec, caller does: */ - PUTU32(ivec + 12, ctr32); -- /* ... overflow was detected, propagate carry. */ -+ /* ... overflow was detected, propogate carry. */ - if (ctr32 == 0) - ctr96_inc(ivec); - blocks *= 16; -diff --git a/Cryptlib/OpenSSL/crypto/modes/cts128.c b/Cryptlib/OpenSSL/crypto/modes/cts128.c -index 77ec994..137be59 100644 ---- a/Cryptlib/OpenSSL/crypto/modes/cts128.c -+++ b/Cryptlib/OpenSSL/crypto/modes/cts128.c -@@ -1,16 +1,21 @@ --/* -- * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* ==================================================================== -+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * Rights for redistribution and usage in source and binary -+ * forms are granted according to the OpenSSL license. - */ - - #include - #include "modes_lcl.h" - #include - -+#ifndef MODES_DEBUG -+# ifndef NDEBUG -+# define NDEBUG -+# endif -+#endif -+#include -+ - /* - * Trouble with Ciphertext Stealing, CTS, mode is that there is no - * common official specification, but couple of cipher/application -@@ -31,6 +36,8 @@ size_t CRYPTO_cts128_encrypt_block(const unsigned char *in, - { - size_t residue, n; - -+ assert(in && out && key && ivec); -+ - if (len <= 16) - return 0; - -@@ -61,6 +68,8 @@ size_t CRYPTO_nistcts128_encrypt_block(const unsigned char *in, - { - size_t residue, n; - -+ assert(in && out && key && ivec); -+ - if (len < 16) - return 0; - -@@ -94,6 +103,8 @@ size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out, - unsigned char c[16]; - } tmp; - -+ assert(in && out && key && ivec); -+ - if (len <= 16) - return 0; - -@@ -130,6 +141,8 @@ size_t CRYPTO_nistcts128_encrypt(const unsigned char *in, unsigned char *out, - unsigned char c[16]; - } tmp; - -+ assert(in && out && key && ivec); -+ - if (len < 16) - return 0; - -@@ -166,6 +179,8 @@ size_t CRYPTO_cts128_decrypt_block(const unsigned char *in, - unsigned char c[32]; - } tmp; - -+ assert(in && out && key && ivec); -+ - if (len <= 16) - return 0; - -@@ -209,6 +224,8 @@ size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in, - unsigned char c[32]; - } tmp; - -+ assert(in && out && key && ivec); -+ - if (len < 16) - return 0; - -@@ -255,6 +272,8 @@ size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out, - unsigned char c[32]; - } tmp; - -+ assert(in && out && key && ivec); -+ - if (len <= 16) - return 0; - -@@ -295,6 +314,8 @@ size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out, - unsigned char c[32]; - } tmp; - -+ assert(in && out && key && ivec); -+ - if (len < 16) - return 0; - -diff --git a/Cryptlib/OpenSSL/crypto/modes/gcm128.c b/Cryptlib/OpenSSL/crypto/modes/gcm128.c -index df9f654..e299131 100644 ---- a/Cryptlib/OpenSSL/crypto/modes/gcm128.c -+++ b/Cryptlib/OpenSSL/crypto/modes/gcm128.c -@@ -1,16 +1,65 @@ --/* -- * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* ==================================================================== -+ * Copyright (c) 2010 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== - */ - -+#define OPENSSL_FIPSAPI -+ - #include - #include "modes_lcl.h" - #include - -+#ifndef MODES_DEBUG -+# ifndef NDEBUG -+# define NDEBUG -+# endif -+#endif -+#include -+ - #if defined(BSWAP4) && defined(STRICT_ALIGNMENT) - /* redefine, because alignment is ensured */ - # undef GETU32 -@@ -101,7 +150,9 @@ static void gcm_gmult_8bit(u64 Xi[2], const u128 Htable[256]) - const union { - long one; - char little; -- } is_endian = { 1 }; -+ } is_endian = { -+ 1 -+ }; - static const size_t rem_8bit[256] = { - PACK(0x0000), PACK(0x01C2), PACK(0x0384), PACK(0x0246), - PACK(0x0708), PACK(0x06CA), PACK(0x048C), PACK(0x054E), -@@ -270,7 +321,9 @@ static void gcm_init_4bit(u128 Htable[16], u64 H[2]) - const union { - long one; - char little; -- } is_endian = { 1 }; -+ } is_endian = { -+ 1 -+ }; - - if (is_endian.little) - for (j = 0; j < 16; ++j) { -@@ -303,7 +356,9 @@ static void gcm_gmult_4bit(u64 Xi[2], const u128 Htable[16]) - const union { - long one; - char little; -- } is_endian = { 1 }; -+ } is_endian = { -+ 1 -+ }; - - nlo = ((const u8 *)Xi)[15]; - nhi = nlo >> 4; -@@ -382,7 +437,9 @@ static void gcm_ghash_4bit(u64 Xi[2], const u128 Htable[16], - const union { - long one; - char little; -- } is_endian = { 1 }; -+ } is_endian = { -+ 1 -+ }; - - # if 1 - do { -@@ -572,7 +629,9 @@ static void gcm_gmult_1bit(u64 Xi[2], const u64 H[2]) - const union { - long one; - char little; -- } is_endian = { 1 }; -+ } is_endian = { -+ 1 -+ }; - - V.hi = H[0]; /* H is in host byte order, no byte swapping */ - V.lo = H[1]; -@@ -715,7 +774,9 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block) - const union { - long one; - char little; -- } is_endian = { 1 }; -+ } is_endian = { -+ 1 -+ }; - - memset(ctx, 0, sizeof(*ctx)); - ctx->block = block; -@@ -740,11 +801,6 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block) - #if TABLE_BITS==8 - gcm_init_8bit(ctx->Htable, ctx->H.u); - #elif TABLE_BITS==4 --# if defined(GHASH) --# define CTX__GHASH(f) (ctx->ghash = (f)) --# else --# define CTX__GHASH(f) (ctx->ghash = NULL) --# endif - # if defined(GHASH_ASM_X86_OR_64) - # if !defined(GHASH_ASM_X86) || defined(OPENSSL_IA32_SSE2) - if (OPENSSL_ia32cap_P[0] & (1 << 24) && /* check FXSR bit */ -@@ -752,11 +808,11 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block) - if (((OPENSSL_ia32cap_P[1] >> 22) & 0x41) == 0x41) { /* AVX+MOVBE */ - gcm_init_avx(ctx->Htable, ctx->H.u); - ctx->gmult = gcm_gmult_avx; -- CTX__GHASH(gcm_ghash_avx); -+ ctx->ghash = gcm_ghash_avx; - } else { - gcm_init_clmul(ctx->Htable, ctx->H.u); - ctx->gmult = gcm_gmult_clmul; -- CTX__GHASH(gcm_ghash_clmul); -+ ctx->ghash = gcm_ghash_clmul; - } - return; - } -@@ -769,59 +825,66 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block) - if (OPENSSL_ia32cap_P[0] & (1 << 23)) { /* check MMX bit */ - # endif - ctx->gmult = gcm_gmult_4bit_mmx; -- CTX__GHASH(gcm_ghash_4bit_mmx); -+ ctx->ghash = gcm_ghash_4bit_mmx; - } else { - ctx->gmult = gcm_gmult_4bit_x86; -- CTX__GHASH(gcm_ghash_4bit_x86); -+ ctx->ghash = gcm_ghash_4bit_x86; - } - # else - ctx->gmult = gcm_gmult_4bit; -- CTX__GHASH(gcm_ghash_4bit); -+ ctx->ghash = gcm_ghash_4bit; - # endif - # elif defined(GHASH_ASM_ARM) - # ifdef PMULL_CAPABLE - if (PMULL_CAPABLE) { - gcm_init_v8(ctx->Htable, ctx->H.u); - ctx->gmult = gcm_gmult_v8; -- CTX__GHASH(gcm_ghash_v8); -+ ctx->ghash = gcm_ghash_v8; - } else - # endif - # ifdef NEON_CAPABLE - if (NEON_CAPABLE) { - gcm_init_neon(ctx->Htable, ctx->H.u); - ctx->gmult = gcm_gmult_neon; -- CTX__GHASH(gcm_ghash_neon); -+ ctx->ghash = gcm_ghash_neon; - } else - # endif - { - gcm_init_4bit(ctx->Htable, ctx->H.u); - ctx->gmult = gcm_gmult_4bit; -- CTX__GHASH(gcm_ghash_4bit); -+# if defined(GHASH) -+ ctx->ghash = gcm_ghash_4bit; -+# else -+ ctx->ghash = NULL; -+# endif - } - # elif defined(GHASH_ASM_SPARC) - if (OPENSSL_sparcv9cap_P[0] & SPARCV9_VIS3) { - gcm_init_vis3(ctx->Htable, ctx->H.u); - ctx->gmult = gcm_gmult_vis3; -- CTX__GHASH(gcm_ghash_vis3); -+ ctx->ghash = gcm_ghash_vis3; - } else { - gcm_init_4bit(ctx->Htable, ctx->H.u); - ctx->gmult = gcm_gmult_4bit; -- CTX__GHASH(gcm_ghash_4bit); -+ ctx->ghash = gcm_ghash_4bit; - } - # elif defined(GHASH_ASM_PPC) - if (OPENSSL_ppccap_P & PPC_CRYPTO207) { - gcm_init_p8(ctx->Htable, ctx->H.u); - ctx->gmult = gcm_gmult_p8; -- CTX__GHASH(gcm_ghash_p8); -+ ctx->ghash = gcm_ghash_p8; - } else { - gcm_init_4bit(ctx->Htable, ctx->H.u); - ctx->gmult = gcm_gmult_4bit; -- CTX__GHASH(gcm_ghash_4bit); -+# if defined(GHASH) -+ ctx->ghash = gcm_ghash_4bit; -+# else -+ ctx->ghash = NULL; -+# endif - } - # else - gcm_init_4bit(ctx->Htable, ctx->H.u); - # endif --# undef CTX__GHASH - #endif - } - -@@ -831,7 +894,9 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv, - const union { - long one; - char little; -- } is_endian = { 1 }; -+ } is_endian = { -+ 1 -+ }; - unsigned int ctr; - #ifdef GCM_FUNCREF_4BIT - void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult; -@@ -975,7 +1040,9 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, - const union { - long one; - char little; -- } is_endian = { 1 }; -+ } is_endian = { -+ 1 -+ }; - unsigned int n, ctr; - size_t i; - u64 mlen = ctx->len.u[1]; -@@ -983,12 +1050,15 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, - void *key = ctx->key; - #ifdef GCM_FUNCREF_4BIT - void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult; --# if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT) -+# ifdef GHASH - void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16], - const u8 *inp, size_t len) = ctx->ghash; - # endif - #endif - -+#if 0 -+ n = (unsigned int)mlen % 16; /* alternative to ctx->mres */ -+#endif - mlen += len; - if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len)) - return -1; -@@ -1030,8 +1100,7 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, - if (((size_t)in | (size_t)out) % sizeof(size_t) != 0) - break; - # endif --# if defined(GHASH) --# if defined(GHASH_CHUNK) -+# if defined(GHASH) && defined(GHASH_CHUNK) - while (len >= GHASH_CHUNK) { - size_t j = GHASH_CHUNK; - -@@ -1042,11 +1111,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, - (*block) (ctx->Yi.c, ctx->EKi.c, key); - ++ctr; - if (is_endian.little) --# ifdef BSWAP4 -+# ifdef BSWAP4 - ctx->Yi.d[3] = BSWAP4(ctr); --# else -+# else - PUTU32(ctx->Yi.c + 12, ctr); --# endif -+# endif - else - ctx->Yi.d[3] = ctr; - for (i = 0; i < 16 / sizeof(size_t); ++i) -@@ -1058,7 +1127,6 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, - GHASH(ctx, out - GHASH_CHUNK, GHASH_CHUNK); - len -= GHASH_CHUNK; - } --# endif - if ((i = (len & (size_t)-16))) { - size_t j = i; - -@@ -1159,7 +1227,9 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, - const union { - long one; - char little; -- } is_endian = { 1 }; -+ } is_endian = { -+ 1 -+ }; - unsigned int n, ctr; - size_t i; - u64 mlen = ctx->len.u[1]; -@@ -1167,7 +1237,7 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, - void *key = ctx->key; - #ifdef GCM_FUNCREF_4BIT - void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult; --# if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT) -+# ifdef GHASH - void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16], - const u8 *inp, size_t len) = ctx->ghash; - # endif -@@ -1216,8 +1286,7 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, - if (((size_t)in | (size_t)out) % sizeof(size_t) != 0) - break; - # endif --# if defined(GHASH) --# if defined(GHASH_CHUNK) -+# if defined(GHASH) && defined(GHASH_CHUNK) - while (len >= GHASH_CHUNK) { - size_t j = GHASH_CHUNK; - -@@ -1229,11 +1298,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, - (*block) (ctx->Yi.c, ctx->EKi.c, key); - ++ctr; - if (is_endian.little) --# ifdef BSWAP4 -+# ifdef BSWAP4 - ctx->Yi.d[3] = BSWAP4(ctr); --# else -+# else - PUTU32(ctx->Yi.c + 12, ctr); --# endif -+# endif - else - ctx->Yi.d[3] = ctr; - for (i = 0; i < 16 / sizeof(size_t); ++i) -@@ -1244,7 +1313,6 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, - } - len -= GHASH_CHUNK; - } --# endif - if ((i = (len & (size_t)-16))) { - GHASH(ctx, in, i); - while (len >= 16) { -@@ -1348,24 +1416,23 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, - const unsigned char *in, unsigned char *out, - size_t len, ctr128_f stream) - { --#if defined(OPENSSL_SMALL_FOOTPRINT) -- return CRYPTO_gcm128_encrypt(ctx, in, out, len); --#else - const union { - long one; - char little; -- } is_endian = { 1 }; -+ } is_endian = { -+ 1 -+ }; - unsigned int n, ctr; - size_t i; - u64 mlen = ctx->len.u[1]; - void *key = ctx->key; --# ifdef GCM_FUNCREF_4BIT -+#ifdef GCM_FUNCREF_4BIT - void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult; --# ifdef GHASH -+# ifdef GHASH - void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16], - const u8 *inp, size_t len) = ctx->ghash; --# endif - # endif -+#endif - - mlen += len; - if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len)) -@@ -1379,11 +1446,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, - } - - if (is_endian.little) --# ifdef BSWAP4 -+#ifdef BSWAP4 - ctr = BSWAP4(ctx->Yi.d[3]); --# else -+#else - ctr = GETU32(ctx->Yi.c + 12); --# endif -+#endif - else - ctr = ctx->Yi.d[3]; - -@@ -1401,16 +1468,16 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, - return 0; - } - } --# if defined(GHASH) && defined(GHASH_CHUNK) -+#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT) - while (len >= GHASH_CHUNK) { - (*stream) (in, out, GHASH_CHUNK / 16, key, ctx->Yi.c); - ctr += GHASH_CHUNK / 16; - if (is_endian.little) --# ifdef BSWAP4 -+# ifdef BSWAP4 - ctx->Yi.d[3] = BSWAP4(ctr); --# else -+# else - PUTU32(ctx->Yi.c + 12, ctr); --# endif -+# endif - else - ctx->Yi.d[3] = ctr; - GHASH(ctx, out, GHASH_CHUNK); -@@ -1418,43 +1485,43 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, - in += GHASH_CHUNK; - len -= GHASH_CHUNK; - } --# endif -+#endif - if ((i = (len & (size_t)-16))) { - size_t j = i / 16; - - (*stream) (in, out, j, key, ctx->Yi.c); - ctr += (unsigned int)j; - if (is_endian.little) --# ifdef BSWAP4 -+#ifdef BSWAP4 - ctx->Yi.d[3] = BSWAP4(ctr); --# else -+#else - PUTU32(ctx->Yi.c + 12, ctr); --# endif -+#endif - else - ctx->Yi.d[3] = ctr; - in += i; - len -= i; --# if defined(GHASH) -+#if defined(GHASH) - GHASH(ctx, out, i); - out += i; --# else -+#else - while (j--) { - for (i = 0; i < 16; ++i) - ctx->Xi.c[i] ^= out[i]; - GCM_MUL(ctx, Xi); - out += 16; - } --# endif -+#endif - } - if (len) { - (*ctx->block) (ctx->Yi.c, ctx->EKi.c, key); - ++ctr; - if (is_endian.little) --# ifdef BSWAP4 -+#ifdef BSWAP4 - ctx->Yi.d[3] = BSWAP4(ctr); --# else -+#else - PUTU32(ctx->Yi.c + 12, ctr); --# endif -+#endif - else - ctx->Yi.d[3] = ctr; - while (len--) { -@@ -1465,31 +1532,29 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, - - ctx->mres = n; - return 0; --#endif - } - - int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, - const unsigned char *in, unsigned char *out, - size_t len, ctr128_f stream) - { --#if defined(OPENSSL_SMALL_FOOTPRINT) -- return CRYPTO_gcm128_decrypt(ctx, in, out, len); --#else - const union { - long one; - char little; -- } is_endian = { 1 }; -+ } is_endian = { -+ 1 -+ }; - unsigned int n, ctr; - size_t i; - u64 mlen = ctx->len.u[1]; - void *key = ctx->key; --# ifdef GCM_FUNCREF_4BIT -+#ifdef GCM_FUNCREF_4BIT - void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult; --# ifdef GHASH -+# ifdef GHASH - void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16], - const u8 *inp, size_t len) = ctx->ghash; --# endif - # endif -+#endif - - mlen += len; - if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len)) -@@ -1503,11 +1568,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, - } - - if (is_endian.little) --# ifdef BSWAP4 -+#ifdef BSWAP4 - ctr = BSWAP4(ctx->Yi.d[3]); --# else -+#else - ctr = GETU32(ctx->Yi.c + 12); --# endif -+#endif - else - ctr = ctx->Yi.d[3]; - -@@ -1527,30 +1592,30 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, - return 0; - } - } --# if defined(GHASH) && defined(GHASH_CHUNK) -+#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT) - while (len >= GHASH_CHUNK) { - GHASH(ctx, in, GHASH_CHUNK); - (*stream) (in, out, GHASH_CHUNK / 16, key, ctx->Yi.c); - ctr += GHASH_CHUNK / 16; - if (is_endian.little) --# ifdef BSWAP4 -+# ifdef BSWAP4 - ctx->Yi.d[3] = BSWAP4(ctr); --# else -+# else - PUTU32(ctx->Yi.c + 12, ctr); --# endif -+# endif - else - ctx->Yi.d[3] = ctr; - out += GHASH_CHUNK; - in += GHASH_CHUNK; - len -= GHASH_CHUNK; - } --# endif -+#endif - if ((i = (len & (size_t)-16))) { - size_t j = i / 16; - --# if defined(GHASH) -+#if defined(GHASH) - GHASH(ctx, in, i); --# else -+#else - while (j--) { - size_t k; - for (k = 0; k < 16; ++k) -@@ -1560,15 +1625,15 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, - } - j = i / 16; - in -= i; --# endif -+#endif - (*stream) (in, out, j, key, ctx->Yi.c); - ctr += (unsigned int)j; - if (is_endian.little) --# ifdef BSWAP4 -+#ifdef BSWAP4 - ctx->Yi.d[3] = BSWAP4(ctr); --# else -+#else - PUTU32(ctx->Yi.c + 12, ctr); --# endif -+#endif - else - ctx->Yi.d[3] = ctr; - out += i; -@@ -1579,11 +1644,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, - (*ctx->block) (ctx->Yi.c, ctx->EKi.c, key); - ++ctr; - if (is_endian.little) --# ifdef BSWAP4 -+#ifdef BSWAP4 - ctx->Yi.d[3] = BSWAP4(ctr); --# else -+#else - PUTU32(ctx->Yi.c + 12, ctr); --# endif -+#endif - else - ctx->Yi.d[3] = ctr; - while (len--) { -@@ -1596,7 +1661,6 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, - - ctx->mres = n; - return 0; --#endif - } - - int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag, -@@ -1605,7 +1669,9 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag, - const union { - long one; - char little; -- } is_endian = { 1 }; -+ } is_endian = { -+ 1 -+ }; - u64 alen = ctx->len.u[0] << 3; - u64 clen = ctx->len.u[1] << 3; - #ifdef GCM_FUNCREF_4BIT -@@ -1654,7 +1720,7 @@ GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block) - { - GCM128_CONTEXT *ret; - -- if ((ret = OPENSSL_malloc(sizeof(*ret))) != NULL) -+ if ((ret = (GCM128_CONTEXT *)OPENSSL_malloc(sizeof(GCM128_CONTEXT)))) - CRYPTO_gcm128_init(ret, key, block); - - return ret; -@@ -1662,7 +1728,10 @@ GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block) - - void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx) - { -- OPENSSL_clear_free(ctx, sizeof(*ctx)); -+ if (ctx) { -+ OPENSSL_cleanse(ctx, sizeof(*ctx)); -+ OPENSSL_free(ctx); -+ } - } - - #if defined(SELFTEST) -diff --git a/Cryptlib/OpenSSL/crypto/modes/modes_lcl.h b/Cryptlib/OpenSSL/crypto/modes/modes_lcl.h -index 7a1603b..fe14ec7 100644 ---- a/Cryptlib/OpenSSL/crypto/modes/modes_lcl.h -+++ b/Cryptlib/OpenSSL/crypto/modes/modes_lcl.h -@@ -1,10 +1,8 @@ --/* -- * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* ==================================================================== -+ * Copyright (c) 2010 The OpenSSL Project. All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * Redistribution and use is governed by OpenSSL license. -+ * ==================================================================== - */ - - #include -@@ -143,43 +141,3 @@ struct ccm128_context { - block128_f block; - void *key; - }; -- --#ifndef OPENSSL_NO_OCB -- --typedef union { -- u64 a[2]; -- unsigned char c[16]; --} OCB_BLOCK; --# define ocb_block16_xor(in1,in2,out) \ -- ( (out)->a[0]=(in1)->a[0]^(in2)->a[0], \ -- (out)->a[1]=(in1)->a[1]^(in2)->a[1] ) --# if STRICT_ALIGNMENT --# define ocb_block16_xor_misaligned(in1,in2,out) \ -- ocb_block_xor((in1)->c,(in2)->c,16,(out)->c) --# else --# define ocb_block16_xor_misaligned ocb_block16_xor --# endif -- --struct ocb128_context { -- /* Need both encrypt and decrypt key schedules for decryption */ -- block128_f encrypt; -- block128_f decrypt; -- void *keyenc; -- void *keydec; -- ocb128_f stream; /* direction dependent */ -- /* Key dependent variables. Can be reused if key remains the same */ -- size_t l_index; -- size_t max_l_index; -- OCB_BLOCK l_star; -- OCB_BLOCK l_dollar; -- OCB_BLOCK *l; -- /* Must be reset for each session */ -- u64 blocks_hashed; -- u64 blocks_processed; -- OCB_BLOCK tag; -- OCB_BLOCK offset_aad; -- OCB_BLOCK sum; -- OCB_BLOCK offset; -- OCB_BLOCK checksum; --}; --#endif /* OPENSSL_NO_OCB */ -diff --git a/Cryptlib/OpenSSL/crypto/modes/ocb128.c b/Cryptlib/OpenSSL/crypto/modes/ocb128.c -deleted file mode 100644 -index c3bd13b..0000000 ---- a/Cryptlib/OpenSSL/crypto/modes/ocb128.c -+++ /dev/null -@@ -1,568 +0,0 @@ --/* -- * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include --#include --#include "modes_lcl.h" -- --#ifndef OPENSSL_NO_OCB -- --/* -- * Calculate the number of binary trailing zero's in any given number -- */ --static u32 ocb_ntz(u64 n) --{ -- u32 cnt = 0; -- -- /* -- * We do a right-to-left simple sequential search. This is surprisingly -- * efficient as the distribution of trailing zeros is not uniform, -- * e.g. the number of possible inputs with no trailing zeros is equal to -- * the number with 1 or more; the number with exactly 1 is equal to the -- * number with 2 or more, etc. Checking the last two bits covers 75% of -- * all numbers. Checking the last three covers 87.5% -- */ -- while (!(n & 1)) { -- n >>= 1; -- cnt++; -- } -- return cnt; --} -- --/* -- * Shift a block of 16 bytes left by shift bits -- */ --static void ocb_block_lshift(const unsigned char *in, size_t shift, -- unsigned char *out) --{ -- unsigned char shift_mask; -- int i; -- unsigned char mask[15]; -- -- shift_mask = 0xff; -- shift_mask <<= (8 - shift); -- for (i = 15; i >= 0; i--) { -- if (i > 0) { -- mask[i - 1] = in[i] & shift_mask; -- mask[i - 1] >>= 8 - shift; -- } -- out[i] = in[i] << shift; -- -- if (i != 15) { -- out[i] ^= mask[i]; -- } -- } --} -- --/* -- * Perform a "double" operation as per OCB spec -- */ --static void ocb_double(OCB_BLOCK *in, OCB_BLOCK *out) --{ -- unsigned char mask; -- -- /* -- * Calculate the mask based on the most significant bit. There are more -- * efficient ways to do this - but this way is constant time -- */ -- mask = in->c[0] & 0x80; -- mask >>= 7; -- mask *= 135; -- -- ocb_block_lshift(in->c, 1, out->c); -- -- out->c[15] ^= mask; --} -- --/* -- * Perform an xor on in1 and in2 - each of len bytes. Store result in out -- */ --static void ocb_block_xor(const unsigned char *in1, -- const unsigned char *in2, size_t len, -- unsigned char *out) --{ -- size_t i; -- for (i = 0; i < len; i++) { -- out[i] = in1[i] ^ in2[i]; -- } --} -- --/* -- * Lookup L_index in our lookup table. If we haven't already got it we need to -- * calculate it -- */ --static OCB_BLOCK *ocb_lookup_l(OCB128_CONTEXT *ctx, size_t idx) --{ -- size_t l_index = ctx->l_index; -- -- if (idx <= l_index) { -- return ctx->l + idx; -- } -- -- /* We don't have it - so calculate it */ -- if (idx >= ctx->max_l_index) { -- void *tmp_ptr; -- /* -- * Each additional entry allows to process almost double as -- * much data, so that in linear world the table will need to -- * be expanded with smaller and smaller increments. Originally -- * it was doubling in size, which was a waste. Growing it -- * linearly is not formally optimal, but is simpler to implement. -- * We grow table by minimally required 4*n that would accommodate -- * the index. -- */ -- ctx->max_l_index += (idx - ctx->max_l_index + 4) & ~3; -- tmp_ptr = -- OPENSSL_realloc(ctx->l, ctx->max_l_index * sizeof(OCB_BLOCK)); -- if (tmp_ptr == NULL) /* prevent ctx->l from being clobbered */ -- return NULL; -- ctx->l = tmp_ptr; -- } -- while (l_index < idx) { -- ocb_double(ctx->l + l_index, ctx->l + l_index + 1); -- l_index++; -- } -- ctx->l_index = l_index; -- -- return ctx->l + idx; --} -- --/* -- * Create a new OCB128_CONTEXT -- */ --OCB128_CONTEXT *CRYPTO_ocb128_new(void *keyenc, void *keydec, -- block128_f encrypt, block128_f decrypt, -- ocb128_f stream) --{ -- OCB128_CONTEXT *octx; -- int ret; -- -- if ((octx = OPENSSL_malloc(sizeof(*octx))) != NULL) { -- ret = CRYPTO_ocb128_init(octx, keyenc, keydec, encrypt, decrypt, -- stream); -- if (ret) -- return octx; -- OPENSSL_free(octx); -- } -- -- return NULL; --} -- --/* -- * Initialise an existing OCB128_CONTEXT -- */ --int CRYPTO_ocb128_init(OCB128_CONTEXT *ctx, void *keyenc, void *keydec, -- block128_f encrypt, block128_f decrypt, -- ocb128_f stream) --{ -- memset(ctx, 0, sizeof(*ctx)); -- ctx->l_index = 0; -- ctx->max_l_index = 5; -- ctx->l = OPENSSL_malloc(ctx->max_l_index * 16); -- if (ctx->l == NULL) -- return 0; -- -- /* -- * We set both the encryption and decryption key schedules - decryption -- * needs both. Don't really need decryption schedule if only doing -- * encryption - but it simplifies things to take it anyway -- */ -- ctx->encrypt = encrypt; -- ctx->decrypt = decrypt; -- ctx->stream = stream; -- ctx->keyenc = keyenc; -- ctx->keydec = keydec; -- -- /* L_* = ENCIPHER(K, zeros(128)) */ -- ctx->encrypt(ctx->l_star.c, ctx->l_star.c, ctx->keyenc); -- -- /* L_$ = double(L_*) */ -- ocb_double(&ctx->l_star, &ctx->l_dollar); -- -- /* L_0 = double(L_$) */ -- ocb_double(&ctx->l_dollar, ctx->l); -- -- /* L_{i} = double(L_{i-1}) */ -- ocb_double(ctx->l, ctx->l+1); -- ocb_double(ctx->l+1, ctx->l+2); -- ocb_double(ctx->l+2, ctx->l+3); -- ocb_double(ctx->l+3, ctx->l+4); -- ctx->l_index = 4; /* enough to process up to 496 bytes */ -- -- return 1; --} -- --/* -- * Copy an OCB128_CONTEXT object -- */ --int CRYPTO_ocb128_copy_ctx(OCB128_CONTEXT *dest, OCB128_CONTEXT *src, -- void *keyenc, void *keydec) --{ -- memcpy(dest, src, sizeof(OCB128_CONTEXT)); -- if (keyenc) -- dest->keyenc = keyenc; -- if (keydec) -- dest->keydec = keydec; -- if (src->l) { -- dest->l = OPENSSL_malloc(src->max_l_index * 16); -- if (dest->l == NULL) -- return 0; -- memcpy(dest->l, src->l, (src->l_index + 1) * 16); -- } -- return 1; --} -- --/* -- * Set the IV to be used for this operation. Must be 1 - 15 bytes. -- */ --int CRYPTO_ocb128_setiv(OCB128_CONTEXT *ctx, const unsigned char *iv, -- size_t len, size_t taglen) --{ -- unsigned char ktop[16], tmp[16], mask; -- unsigned char stretch[24], nonce[16]; -- size_t bottom, shift; -- -- /* -- * Spec says IV is 120 bits or fewer - it allows non byte aligned lengths. -- * We don't support this at this stage -- */ -- if ((len > 15) || (len < 1) || (taglen > 16) || (taglen < 1)) { -- return -1; -- } -- -- /* Nonce = num2str(TAGLEN mod 128,7) || zeros(120-bitlen(N)) || 1 || N */ -- nonce[0] = ((taglen * 8) % 128) << 1; -- memset(nonce + 1, 0, 15); -- memcpy(nonce + 16 - len, iv, len); -- nonce[15 - len] |= 1; -- -- /* Ktop = ENCIPHER(K, Nonce[1..122] || zeros(6)) */ -- memcpy(tmp, nonce, 16); -- tmp[15] &= 0xc0; -- ctx->encrypt(tmp, ktop, ctx->keyenc); -- -- /* Stretch = Ktop || (Ktop[1..64] xor Ktop[9..72]) */ -- memcpy(stretch, ktop, 16); -- ocb_block_xor(ktop, ktop + 1, 8, stretch + 16); -- -- /* bottom = str2num(Nonce[123..128]) */ -- bottom = nonce[15] & 0x3f; -- -- /* Offset_0 = Stretch[1+bottom..128+bottom] */ -- shift = bottom % 8; -- ocb_block_lshift(stretch + (bottom / 8), shift, ctx->offset.c); -- mask = 0xff; -- mask <<= 8 - shift; -- ctx->offset.c[15] |= -- (*(stretch + (bottom / 8) + 16) & mask) >> (8 - shift); -- -- return 1; --} -- --/* -- * Provide any AAD. This can be called multiple times. Only the final time can -- * have a partial block -- */ --int CRYPTO_ocb128_aad(OCB128_CONTEXT *ctx, const unsigned char *aad, -- size_t len) --{ -- u64 i, all_num_blocks; -- size_t num_blocks, last_len; -- OCB_BLOCK tmp1; -- OCB_BLOCK tmp2; -- -- /* Calculate the number of blocks of AAD provided now, and so far */ -- num_blocks = len / 16; -- all_num_blocks = num_blocks + ctx->blocks_hashed; -- -- /* Loop through all full blocks of AAD */ -- for (i = ctx->blocks_hashed + 1; i <= all_num_blocks; i++) { -- OCB_BLOCK *lookup; -- OCB_BLOCK *aad_block; -- -- /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ -- lookup = ocb_lookup_l(ctx, ocb_ntz(i)); -- if (lookup == NULL) -- return 0; -- ocb_block16_xor(&ctx->offset_aad, lookup, &ctx->offset_aad); -- -- /* Sum_i = Sum_{i-1} xor ENCIPHER(K, A_i xor Offset_i) */ -- aad_block = (OCB_BLOCK *)(aad + ((i - ctx->blocks_hashed - 1) * 16)); -- ocb_block16_xor(&ctx->offset_aad, aad_block, &tmp1); -- ctx->encrypt(tmp1.c, tmp2.c, ctx->keyenc); -- ocb_block16_xor(&ctx->sum, &tmp2, &ctx->sum); -- } -- -- /* -- * Check if we have any partial blocks left over. This is only valid in the -- * last call to this function -- */ -- last_len = len % 16; -- -- if (last_len > 0) { -- /* Offset_* = Offset_m xor L_* */ -- ocb_block16_xor(&ctx->offset_aad, &ctx->l_star, &ctx->offset_aad); -- -- /* CipherInput = (A_* || 1 || zeros(127-bitlen(A_*))) xor Offset_* */ -- memset(&tmp1, 0, 16); -- memcpy(&tmp1, aad + (num_blocks * 16), last_len); -- ((unsigned char *)&tmp1)[last_len] = 0x80; -- ocb_block16_xor(&ctx->offset_aad, &tmp1, &tmp2); -- -- /* Sum = Sum_m xor ENCIPHER(K, CipherInput) */ -- ctx->encrypt(tmp2.c, tmp1.c, ctx->keyenc); -- ocb_block16_xor(&ctx->sum, &tmp1, &ctx->sum); -- } -- -- ctx->blocks_hashed = all_num_blocks; -- -- return 1; --} -- --/* -- * Provide any data to be encrypted. This can be called multiple times. Only -- * the final time can have a partial block -- */ --int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx, -- const unsigned char *in, unsigned char *out, -- size_t len) --{ -- u64 i, all_num_blocks; -- size_t num_blocks, last_len; -- OCB_BLOCK tmp1; -- OCB_BLOCK tmp2; -- OCB_BLOCK pad; -- -- /* -- * Calculate the number of blocks of data to be encrypted provided now, and -- * so far -- */ -- num_blocks = len / 16; -- all_num_blocks = num_blocks + ctx->blocks_processed; -- -- if (num_blocks && all_num_blocks == (size_t)all_num_blocks -- && ctx->stream != NULL) { -- size_t max_idx = 0, top = (size_t)all_num_blocks; -- -- /* -- * See how many L_{i} entries we need to process data at hand -- * and pre-compute missing entries in the table [if any]... -- */ -- while (top >>= 1) -- max_idx++; -- if (ocb_lookup_l(ctx, max_idx) == NULL) -- return 0; -- -- ctx->stream(in, out, num_blocks, ctx->keyenc, -- (size_t)ctx->blocks_processed + 1, ctx->offset.c, -- (const unsigned char (*)[16])ctx->l, ctx->checksum.c); -- } else { -- /* Loop through all full blocks to be encrypted */ -- for (i = ctx->blocks_processed + 1; i <= all_num_blocks; i++) { -- OCB_BLOCK *lookup; -- OCB_BLOCK *inblock; -- OCB_BLOCK *outblock; -- -- /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ -- lookup = ocb_lookup_l(ctx, ocb_ntz(i)); -- if (lookup == NULL) -- return 0; -- ocb_block16_xor(&ctx->offset, lookup, &ctx->offset); -- -- /* C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) */ -- inblock = -- (OCB_BLOCK *)(in + ((i - ctx->blocks_processed - 1) * 16)); -- ocb_block16_xor_misaligned(&ctx->offset, inblock, &tmp1); -- /* Checksum_i = Checksum_{i-1} xor P_i */ -- ocb_block16_xor_misaligned(&ctx->checksum, inblock, &ctx->checksum); -- ctx->encrypt(tmp1.c, tmp2.c, ctx->keyenc); -- outblock = -- (OCB_BLOCK *)(out + ((i - ctx->blocks_processed - 1) * 16)); -- ocb_block16_xor_misaligned(&ctx->offset, &tmp2, outblock); -- } -- } -- -- /* -- * Check if we have any partial blocks left over. This is only valid in the -- * last call to this function -- */ -- last_len = len % 16; -- -- if (last_len > 0) { -- /* Offset_* = Offset_m xor L_* */ -- ocb_block16_xor(&ctx->offset, &ctx->l_star, &ctx->offset); -- -- /* Pad = ENCIPHER(K, Offset_*) */ -- ctx->encrypt(ctx->offset.c, pad.c, ctx->keyenc); -- -- /* C_* = P_* xor Pad[1..bitlen(P_*)] */ -- ocb_block_xor(in + (len / 16) * 16, (unsigned char *)&pad, last_len, -- out + (num_blocks * 16)); -- -- /* Checksum_* = Checksum_m xor (P_* || 1 || zeros(127-bitlen(P_*))) */ -- memset(&tmp1, 0, 16); -- memcpy(&tmp1, in + (len / 16) * 16, last_len); -- ((unsigned char *)(&tmp1))[last_len] = 0x80; -- ocb_block16_xor(&ctx->checksum, &tmp1, &ctx->checksum); -- } -- -- ctx->blocks_processed = all_num_blocks; -- -- return 1; --} -- --/* -- * Provide any data to be decrypted. This can be called multiple times. Only -- * the final time can have a partial block -- */ --int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx, -- const unsigned char *in, unsigned char *out, -- size_t len) --{ -- u64 i, all_num_blocks; -- size_t num_blocks, last_len; -- OCB_BLOCK tmp1; -- OCB_BLOCK tmp2; -- OCB_BLOCK pad; -- -- /* -- * Calculate the number of blocks of data to be decrypted provided now, and -- * so far -- */ -- num_blocks = len / 16; -- all_num_blocks = num_blocks + ctx->blocks_processed; -- -- if (num_blocks && all_num_blocks == (size_t)all_num_blocks -- && ctx->stream != NULL) { -- size_t max_idx = 0, top = (size_t)all_num_blocks; -- -- /* -- * See how many L_{i} entries we need to process data at hand -- * and pre-compute missing entries in the table [if any]... -- */ -- while (top >>= 1) -- max_idx++; -- if (ocb_lookup_l(ctx, max_idx) == NULL) -- return 0; -- -- ctx->stream(in, out, num_blocks, ctx->keydec, -- (size_t)ctx->blocks_processed + 1, ctx->offset.c, -- (const unsigned char (*)[16])ctx->l, ctx->checksum.c); -- } else { -- /* Loop through all full blocks to be decrypted */ -- for (i = ctx->blocks_processed + 1; i <= all_num_blocks; i++) { -- OCB_BLOCK *inblock; -- OCB_BLOCK *outblock; -- -- /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ -- OCB_BLOCK *lookup = ocb_lookup_l(ctx, ocb_ntz(i)); -- if (lookup == NULL) -- return 0; -- ocb_block16_xor(&ctx->offset, lookup, &ctx->offset); -- -- /* P_i = Offset_i xor DECIPHER(K, C_i xor Offset_i) */ -- inblock = -- (OCB_BLOCK *)(in + ((i - ctx->blocks_processed - 1) * 16)); -- ocb_block16_xor_misaligned(&ctx->offset, inblock, &tmp1); -- ctx->decrypt(tmp1.c, tmp2.c, ctx->keydec); -- outblock = -- (OCB_BLOCK *)(out + ((i - ctx->blocks_processed - 1) * 16)); -- ocb_block16_xor_misaligned(&ctx->offset, &tmp2, outblock); -- -- /* Checksum_i = Checksum_{i-1} xor P_i */ -- ocb_block16_xor_misaligned(&ctx->checksum, outblock, &ctx->checksum); -- } -- } -- -- /* -- * Check if we have any partial blocks left over. This is only valid in the -- * last call to this function -- */ -- last_len = len % 16; -- -- if (last_len > 0) { -- /* Offset_* = Offset_m xor L_* */ -- ocb_block16_xor(&ctx->offset, &ctx->l_star, &ctx->offset); -- -- /* Pad = ENCIPHER(K, Offset_*) */ -- ctx->encrypt(ctx->offset.c, pad.c, ctx->keyenc); -- -- /* P_* = C_* xor Pad[1..bitlen(C_*)] */ -- ocb_block_xor(in + (len / 16) * 16, (unsigned char *)&pad, last_len, -- out + (num_blocks * 16)); -- -- /* Checksum_* = Checksum_m xor (P_* || 1 || zeros(127-bitlen(P_*))) */ -- memset(&tmp1, 0, 16); -- memcpy(&tmp1, out + (len / 16) * 16, last_len); -- ((unsigned char *)(&tmp1))[last_len] = 0x80; -- ocb_block16_xor(&ctx->checksum, &tmp1, &ctx->checksum); -- } -- -- ctx->blocks_processed = all_num_blocks; -- -- return 1; --} -- --/* -- * Calculate the tag and verify it against the supplied tag -- */ --int CRYPTO_ocb128_finish(OCB128_CONTEXT *ctx, const unsigned char *tag, -- size_t len) --{ -- OCB_BLOCK tmp1, tmp2; -- -- /* -- * Tag = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) xor HASH(K,A) -- */ -- ocb_block16_xor(&ctx->checksum, &ctx->offset, &tmp1); -- ocb_block16_xor(&tmp1, &ctx->l_dollar, &tmp2); -- ctx->encrypt(tmp2.c, tmp1.c, ctx->keyenc); -- ocb_block16_xor(&tmp1, &ctx->sum, &ctx->tag); -- -- if (len > 16 || len < 1) { -- return -1; -- } -- -- /* Compare the tag if we've been given one */ -- if (tag) -- return CRYPTO_memcmp(&ctx->tag, tag, len); -- else -- return -1; --} -- --/* -- * Retrieve the calculated tag -- */ --int CRYPTO_ocb128_tag(OCB128_CONTEXT *ctx, unsigned char *tag, size_t len) --{ -- if (len > 16 || len < 1) { -- return -1; -- } -- -- /* Calculate the tag */ -- CRYPTO_ocb128_finish(ctx, NULL, 0); -- -- /* Copy the tag into the supplied buffer */ -- memcpy(tag, &ctx->tag, len); -- -- return 1; --} -- --/* -- * Release all resources -- */ --void CRYPTO_ocb128_cleanup(OCB128_CONTEXT *ctx) --{ -- if (ctx) { -- OPENSSL_clear_free(ctx->l, ctx->max_l_index * 16); -- OPENSSL_cleanse(ctx, sizeof(*ctx)); -- } --} -- --#endif /* OPENSSL_NO_OCB */ -diff --git a/Cryptlib/OpenSSL/crypto/modes/ofb128.c b/Cryptlib/OpenSSL/crypto/modes/ofb128.c -index 8309256..4dbaccd 100644 ---- a/Cryptlib/OpenSSL/crypto/modes/ofb128.c -+++ b/Cryptlib/OpenSSL/crypto/modes/ofb128.c -@@ -1,16 +1,64 @@ --/* -- * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* ==================================================================== -+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include - #include "modes_lcl.h" - #include - -+#ifndef MODES_DEBUG -+# ifndef NDEBUG -+# define NDEBUG -+# endif -+#endif -+#include -+ - /* - * The input and output encrypted as though 128bit ofb mode is being used. - * The extra state information to record how much of the 128bit block we have -@@ -23,6 +71,8 @@ void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out, - unsigned int n; - size_t l = 0; - -+ assert(in && out && key && ivec && num); -+ - n = *num; - - #if !defined(OPENSSL_SMALL_FOOTPRINT) -diff --git a/Cryptlib/OpenSSL/crypto/modes/wrap128.c b/Cryptlib/OpenSSL/crypto/modes/wrap128.c -index 46809a0..3849783 100644 ---- a/Cryptlib/OpenSSL/crypto/modes/wrap128.c -+++ b/Cryptlib/OpenSSL/crypto/modes/wrap128.c -@@ -1,50 +1,70 @@ -+/* crypto/modes/wrap128.c */ - /* -- * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -+ * project. - */ -- --/** Beware! -+/* ==================================================================== -+ * Copyright (c) 2013 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. - * -- * Following wrapping modes were designed for AES but this implementation -- * allows you to use them for any 128 bit block cipher. -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== - */ - --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - --/** RFC 3394 section 2.2.3.1 Default Initial Value */ - static const unsigned char default_iv[] = { - 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, - }; - --/** RFC 5649 section 3 Alternative Initial Value 32-bit constant */ --static const unsigned char default_aiv[] = { -- 0xA6, 0x59, 0x59, 0xA6 --}; -- --/** Input size limit: lower than maximum of standards but far larger than -- * anything that will be used in practice. -+/* -+ * Input size limit: lower than maximum of standards but far larger than -+ * anything that will be used in practice. - */ - #define CRYPTO128_WRAP_MAX (1UL << 31) - --/** Wrapping according to RFC 3394 section 2.2.1. -- * -- * @param[in] key Key value. -- * @param[in] iv IV value. Length = 8 bytes. NULL = use default_iv. -- * @param[in] in Plaintext as n 64-bit blocks, n >= 2. -- * @param[in] inlen Length of in. -- * @param[out] out Ciphertext. Minimal buffer length = (inlen + 8) bytes. -- * Input and output buffers can overlap if block function -- * supports that. -- * @param[in] block Block processing function. -- * @return 0 if inlen does not consist of n 64-bit blocks, n >= 2. -- * or if inlen > CRYPTO128_WRAP_MAX. -- * Output length if wrapping succeeded. -- */ - size_t CRYPTO_128_wrap(void *key, const unsigned char *iv, - unsigned char *out, - const unsigned char *in, size_t inlen, -@@ -52,7 +72,7 @@ size_t CRYPTO_128_wrap(void *key, const unsigned char *iv, - { - unsigned char *A, B[16], *R; - size_t i, j, t; -- if ((inlen & 0x7) || (inlen < 16) || (inlen > CRYPTO128_WRAP_MAX)) -+ if ((inlen & 0x7) || (inlen < 8) || (inlen > CRYPTO128_WRAP_MAX)) - return 0; - A = B; - t = 1; -@@ -80,26 +100,10 @@ size_t CRYPTO_128_wrap(void *key, const unsigned char *iv, - return inlen + 8; - } - --/** Unwrapping according to RFC 3394 section 2.2.2 steps 1-2. -- * The IV check (step 3) is responsibility of the caller. -- * -- * @param[in] key Key value. -- * @param[out] iv Unchecked IV value. Minimal buffer length = 8 bytes. -- * @param[out] out Plaintext without IV. -- * Minimal buffer length = (inlen - 8) bytes. -- * Input and output buffers can overlap if block function -- * supports that. -- * @param[in] in Ciphertext as n 64-bit blocks. -- * @param[in] inlen Length of in. -- * @param[in] block Block processing function. -- * @return 0 if inlen is out of range [24, CRYPTO128_WRAP_MAX] -- * or if inlen is not a multiple of 8. -- * Output length otherwise. -- */ --static size_t crypto_128_unwrap_raw(void *key, unsigned char *iv, -- unsigned char *out, -- const unsigned char *in, size_t inlen, -- block128_f block) -+size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv, -+ unsigned char *out, -+ const unsigned char *in, size_t inlen, -+ block128_f block) - { - unsigned char *A, B[16], *R; - size_t i, j, t; -@@ -124,206 +128,11 @@ static size_t crypto_128_unwrap_raw(void *key, unsigned char *iv, - memcpy(R, B + 8, 8); - } - } -- memcpy(iv, A, 8); -- return inlen; --} -- --/** Unwrapping according to RFC 3394 section 2.2.2, including the IV check. -- * The first block of plaintext has to match the supplied IV, otherwise an -- * error is returned. -- * -- * @param[in] key Key value. -- * @param[out] iv IV value to match against. Length = 8 bytes. -- * NULL = use default_iv. -- * @param[out] out Plaintext without IV. -- * Minimal buffer length = (inlen - 8) bytes. -- * Input and output buffers can overlap if block function -- * supports that. -- * @param[in] in Ciphertext as n 64-bit blocks. -- * @param[in] inlen Length of in. -- * @param[in] block Block processing function. -- * @return 0 if inlen is out of range [24, CRYPTO128_WRAP_MAX] -- * or if inlen is not a multiple of 8 -- * or if IV doesn't match expected value. -- * Output length otherwise. -- */ --size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv, -- unsigned char *out, const unsigned char *in, -- size_t inlen, block128_f block) --{ -- size_t ret; -- unsigned char got_iv[8]; -- -- ret = crypto_128_unwrap_raw(key, got_iv, out, in, inlen, block); -- if (ret == 0) -- return 0; -- - if (!iv) - iv = default_iv; -- if (CRYPTO_memcmp(got_iv, iv, 8)) { -- OPENSSL_cleanse(out, ret); -- return 0; -- } -- return ret; --} -- --/** Wrapping according to RFC 5649 section 4.1. -- * -- * @param[in] key Key value. -- * @param[in] icv (Non-standard) IV, 4 bytes. NULL = use default_aiv. -- * @param[out] out Ciphertext. Minimal buffer length = (inlen + 15) bytes. -- * Input and output buffers can overlap if block function -- * supports that. -- * @param[in] in Plaintext as n 64-bit blocks, n >= 2. -- * @param[in] inlen Length of in. -- * @param[in] block Block processing function. -- * @return 0 if inlen is out of range [1, CRYPTO128_WRAP_MAX]. -- * Output length if wrapping succeeded. -- */ --size_t CRYPTO_128_wrap_pad(void *key, const unsigned char *icv, -- unsigned char *out, -- const unsigned char *in, size_t inlen, -- block128_f block) --{ -- /* n: number of 64-bit blocks in the padded key data -- * -- * If length of plain text is not a multiple of 8, pad the plain text octet -- * string on the right with octets of zeros, where final length is the -- * smallest multiple of 8 that is greater than length of plain text. -- * If length of plain text is a multiple of 8, then there is no padding. */ -- const size_t blocks_padded = (inlen + 7) / 8; /* CEILING(m/8) */ -- const size_t padded_len = blocks_padded * 8; -- const size_t padding_len = padded_len - inlen; -- /* RFC 5649 section 3: Alternative Initial Value */ -- unsigned char aiv[8]; -- int ret; -- -- /* Section 1: use 32-bit fixed field for plaintext octet length */ -- if (inlen == 0 || inlen >= CRYPTO128_WRAP_MAX) -- return 0; -- -- /* Section 3: Alternative Initial Value */ -- if (!icv) -- memcpy(aiv, default_aiv, 4); -- else -- memcpy(aiv, icv, 4); /* Standard doesn't mention this. */ -- -- aiv[4] = (inlen >> 24) & 0xFF; -- aiv[5] = (inlen >> 16) & 0xFF; -- aiv[6] = (inlen >> 8) & 0xFF; -- aiv[7] = inlen & 0xFF; -- -- if (padded_len == 8) { -- /* -- * Section 4.1 - special case in step 2: If the padded plaintext -- * contains exactly eight octets, then prepend the AIV and encrypt -- * the resulting 128-bit block using AES in ECB mode. -- */ -- memmove(out + 8, in, inlen); -- memcpy(out, aiv, 8); -- memset(out + 8 + inlen, 0, padding_len); -- block(out, out, key); -- ret = 16; /* AIV + padded input */ -- } else { -- memmove(out, in, inlen); -- memset(out + inlen, 0, padding_len); /* Section 4.1 step 1 */ -- ret = CRYPTO_128_wrap(key, aiv, out, out, padded_len, block); -- } -- -- return ret; --} -- --/** Unwrapping according to RFC 5649 section 4.2. -- * -- * @param[in] key Key value. -- * @param[in] icv (Non-standard) IV, 4 bytes. NULL = use default_aiv. -- * @param[out] out Plaintext. Minimal buffer length = inlen bytes. -- * Input and output buffers can overlap if block function -- * supports that. -- * @param[in] in Ciphertext as n 64-bit blocks. -- * @param[in] inlen Length of in. -- * @param[in] block Block processing function. -- * @return 0 if inlen is out of range [16, CRYPTO128_WRAP_MAX], -- * or if inlen is not a multiple of 8 -- * or if IV and message length indicator doesn't match. -- * Output length if unwrapping succeeded and IV matches. -- */ --size_t CRYPTO_128_unwrap_pad(void *key, const unsigned char *icv, -- unsigned char *out, -- const unsigned char *in, size_t inlen, -- block128_f block) --{ -- /* n: number of 64-bit blocks in the padded key data */ -- size_t n = inlen / 8 - 1; -- size_t padded_len; -- size_t padding_len; -- size_t ptext_len; -- /* RFC 5649 section 3: Alternative Initial Value */ -- unsigned char aiv[8]; -- static unsigned char zeros[8] = { 0x0 }; -- size_t ret; -- -- /* Section 4.2: Ciphertext length has to be (n+1) 64-bit blocks. */ -- if ((inlen & 0x7) != 0 || inlen < 16 || inlen >= CRYPTO128_WRAP_MAX) -- return 0; -- -- memmove(out, in, inlen); -- if (inlen == 16) { -- /* -- * Section 4.2 - special case in step 1: When n=1, the ciphertext -- * contains exactly two 64-bit blocks and they are decrypted as a -- * single AES block using AES in ECB mode: AIV | P[1] = DEC(K, C[0] | -- * C[1]) -- */ -- block(out, out, key); -- memcpy(aiv, out, 8); -- /* Remove AIV */ -- memmove(out, out + 8, 8); -- padded_len = 8; -- } else { -- padded_len = inlen - 8; -- ret = crypto_128_unwrap_raw(key, aiv, out, out, inlen, block); -- if (padded_len != ret) { -- OPENSSL_cleanse(out, inlen); -- return 0; -- } -- } -- -- /* -- * Section 3: AIV checks: Check that MSB(32,A) = A65959A6. Optionally a -- * user-supplied value can be used (even if standard doesn't mention -- * this). -- */ -- if ((!icv && CRYPTO_memcmp(aiv, default_aiv, 4)) -- || (icv && CRYPTO_memcmp(aiv, icv, 4))) { -- OPENSSL_cleanse(out, inlen); -- return 0; -- } -- -- /* -- * Check that 8*(n-1) < LSB(32,AIV) <= 8*n. If so, let ptext_len = -- * LSB(32,AIV). -- */ -- -- ptext_len = ((unsigned int)aiv[4] << 24) -- | ((unsigned int)aiv[5] << 16) -- | ((unsigned int)aiv[6] << 8) -- | (unsigned int)aiv[7]; -- if (8 * (n - 1) >= ptext_len || ptext_len > 8 * n) { -- OPENSSL_cleanse(out, inlen); -- return 0; -- } -- -- /* -- * Check that the rightmost padding_len octets of the output data are -- * zero. -- */ -- padding_len = padded_len - ptext_len; -- if (CRYPTO_memcmp(out + ptext_len, zeros, padding_len) != 0) { -+ if (memcmp(A, iv, 8)) { - OPENSSL_cleanse(out, inlen); - return 0; - } -- -- /* Section 4.2 step 3: Remove padding */ -- return ptext_len; -+ return inlen; - } -diff --git a/Cryptlib/OpenSSL/crypto/modes/xts128.c b/Cryptlib/OpenSSL/crypto/modes/xts128.c -index 81b1eac..8f2af58 100644 ---- a/Cryptlib/OpenSSL/crypto/modes/xts128.c -+++ b/Cryptlib/OpenSSL/crypto/modes/xts128.c -@@ -1,16 +1,63 @@ --/* -- * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* ==================================================================== -+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== - */ - - #include - #include "modes_lcl.h" - #include - -+#ifndef MODES_DEBUG -+# ifndef NDEBUG -+# define NDEBUG -+# endif -+#endif -+#include -+ - int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, - const unsigned char iv[16], - const unsigned char *inp, unsigned char *out, -diff --git a/Cryptlib/OpenSSL/crypto/o_dir.c b/Cryptlib/OpenSSL/crypto/o_dir.c -index 89c8c5c..f9dbed8 100644 ---- a/Cryptlib/OpenSSL/crypto/o_dir.c -+++ b/Cryptlib/OpenSSL/crypto/o_dir.c -@@ -1,10 +1,60 @@ -+/* crypto/o_dir.c */ - /* -- * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project -+ * 2004. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include -@@ -20,7 +70,7 @@ - #define LP_find_file OPENSSL_DIR_read - #define LP_find_file_end OPENSSL_DIR_end - --#include "internal/o_dir.h" -+#include "o_dir.h" - - #define LPDIR_H - #if defined OPENSSL_SYS_UNIX || defined DJGPP -diff --git a/Cryptlib/OpenSSL/crypto/o_dir.h b/Cryptlib/OpenSSL/crypto/o_dir.h -new file mode 100644 -index 0000000..bf45a14 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/o_dir.h -@@ -0,0 +1,55 @@ -+/* crypto/o_dir.h */ -+/* -+ * Copied from Richard Levitte's (richard@levitte.org) LP library. All -+ * symbol names have been changed, with permission from the author. -+ */ -+ -+/* $LP: LPlib/source/LPdir.h,v 1.1 2004/06/14 08:56:04 _cvs_levitte Exp $ */ -+/* -+ * Copyright (c) 2004, Richard Levitte -+ * All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ */ -+ -+#ifndef O_DIR_H -+# define O_DIR_H -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+typedef struct OPENSSL_dir_context_st OPENSSL_DIR_CTX; -+ -+ /* -+ * returns NULL on error or end-of-directory. If it is end-of-directory, -+ * errno will be zero -+ */ -+const char *OPENSSL_DIR_read(OPENSSL_DIR_CTX **ctx, const char *directory); -+ /* returns 1 on success, 0 on error */ -+int OPENSSL_DIR_end(OPENSSL_DIR_CTX **ctx); -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* LPDIR_H */ -diff --git a/Cryptlib/OpenSSL/crypto/o_fips.c b/Cryptlib/OpenSSL/crypto/o_fips.c -index bf6db65..f56d5bb 100644 ---- a/Cryptlib/OpenSSL/crypto/o_fips.c -+++ b/Cryptlib/OpenSSL/crypto/o_fips.c -@@ -1,19 +1,71 @@ - /* -- * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Stephen henson (steve@openssl.org) for the OpenSSL project -+ * 2011. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #ifdef OPENSSL_FIPS - # include -+# include -+# include - #endif - - int FIPS_mode(void) - { -+ OPENSSL_init(); - #ifdef OPENSSL_FIPS - return FIPS_module_mode(); - #else -@@ -23,8 +75,18 @@ int FIPS_mode(void) - - int FIPS_mode_set(int r) - { -+ OPENSSL_init(); - #ifdef OPENSSL_FIPS -- return FIPS_module_mode_set(r); -+# ifndef FIPS_AUTH_USER_PASS -+# define FIPS_AUTH_USER_PASS "Default FIPS Crypto User Password" -+# endif -+ if (!FIPS_module_mode_set(r, FIPS_AUTH_USER_PASS)) -+ return 0; -+ if (r) -+ RAND_set_rand_method(FIPS_rand_get_method()); -+ else -+ RAND_set_rand_method(NULL); -+ return 1; - #else - if (r == 0) - return 1; -diff --git a/Cryptlib/OpenSSL/crypto/o_fopen.c b/Cryptlib/OpenSSL/crypto/o_fopen.c -deleted file mode 100644 -index a3a0065..0000000 ---- a/Cryptlib/OpenSSL/crypto/o_fopen.c -+++ /dev/null -@@ -1,103 +0,0 @@ --/* -- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include "internal/cryptlib.h" -- --#if !defined(OPENSSL_NO_STDIO) -- --# include -- --FILE *openssl_fopen(const char *filename, const char *mode) --{ -- FILE *file = NULL; --# if defined(_WIN32) && defined(CP_UTF8) -- int sz, len_0 = (int)strlen(filename) + 1; -- DWORD flags; -- -- /* -- * Basically there are three cases to cover: a) filename is -- * pure ASCII string; b) actual UTF-8 encoded string and -- * c) locale-ized string, i.e. one containing 8-bit -- * characters that are meaningful in current system locale. -- * If filename is pure ASCII or real UTF-8 encoded string, -- * MultiByteToWideChar succeeds and _wfopen works. If -- * filename is locale-ized string, chances are that -- * MultiByteToWideChar fails reporting -- * ERROR_NO_UNICODE_TRANSLATION, in which case we fall -- * back to fopen... -- */ -- if ((sz = MultiByteToWideChar(CP_UTF8, (flags = MB_ERR_INVALID_CHARS), -- filename, len_0, NULL, 0)) > 0 || -- (GetLastError() == ERROR_INVALID_FLAGS && -- (sz = MultiByteToWideChar(CP_UTF8, (flags = 0), -- filename, len_0, NULL, 0)) > 0) -- ) { -- WCHAR wmode[8]; -- WCHAR *wfilename = _alloca(sz * sizeof(WCHAR)); -- -- if (MultiByteToWideChar(CP_UTF8, flags, -- filename, len_0, wfilename, sz) && -- MultiByteToWideChar(CP_UTF8, 0, mode, strlen(mode) + 1, -- wmode, OSSL_NELEM(wmode)) && -- (file = _wfopen(wfilename, wmode)) == NULL && -- (errno == ENOENT || errno == EBADF) -- ) { -- /* -- * UTF-8 decode succeeded, but no file, filename -- * could still have been locale-ized... -- */ -- file = fopen(filename, mode); -- } -- } else if (GetLastError() == ERROR_NO_UNICODE_TRANSLATION) { -- file = fopen(filename, mode); -- } --# elif defined(__DJGPP__) -- { -- char *newname = NULL; -- -- if (!HAS_LFN_SUPPORT(filename)) { -- char *iterator; -- char lastchar; -- -- newname = OPENSSL_malloc(strlen(filename) + 1); -- if (newname == NULL) -- return NULL; -- -- for (iterator = newname, lastchar = '\0'; -- *filename; filename++, iterator++) { -- if (lastchar == '/' && filename[0] == '.' -- && filename[1] != '.' && filename[1] != '/') { -- /* Leading dots are not permitted in plain DOS. */ -- *iterator = '_'; -- } else { -- *iterator = *filename; -- } -- lastchar = *filename; -- } -- *iterator = '\0'; -- filename = newname; -- } -- file = fopen(filename, mode); -- -- OPENSSL_free(newname); -- } --# else -- file = fopen(filename, mode); --# endif -- return file; --} -- --#else -- --void *openssl_fopen(const char *filename, const char *mode) --{ -- return NULL; --} -- --#endif -diff --git a/Cryptlib/OpenSSL/crypto/o_init.c b/Cryptlib/OpenSSL/crypto/o_init.c -index 2e0c126..185841e 100644 ---- a/Cryptlib/OpenSSL/crypto/o_init.c -+++ b/Cryptlib/OpenSSL/crypto/o_init.c -@@ -1,10 +1,56 @@ -+/* o_init.c */ - /* -- * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -+ * project. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include -@@ -27,8 +73,14 @@ void OPENSSL_init(void) - done = 1; - #ifdef OPENSSL_FIPS - FIPS_set_locking_callbacks(CRYPTO_lock, CRYPTO_add_lock); -+# ifndef OPENSSL_NO_DEPRECATED -+ FIPS_crypto_set_id_callback(CRYPTO_thread_id); -+# endif - FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata); - FIPS_set_malloc_callbacks(CRYPTO_malloc, CRYPTO_free); - RAND_init_fips(); - #endif -+#if 0 -+ fprintf(stderr, "Called OPENSSL_init\n"); -+#endif - } -diff --git a/Cryptlib/OpenSSL/crypto/o_str.c b/Cryptlib/OpenSSL/crypto/o_str.c -index beabec0..7e61cde 100644 ---- a/Cryptlib/OpenSSL/crypto/o_str.c -+++ b/Cryptlib/OpenSSL/crypto/o_str.c -@@ -1,250 +1,116 @@ -+/* crypto/o_str.c */ - /* -- * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project -+ * 2003. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include - #include --#include --#include "internal/cryptlib.h" --#include "internal/o_str.h" -- --int OPENSSL_memcmp(const void *v1, const void *v2, size_t n) --{ -- const unsigned char *c1 = v1, *c2 = v2; -- int ret = 0; -- -- while (n && (ret = *c1 - *c2) == 0) -- n--, c1++, c2++; -- -- return ret; --} -- --char *CRYPTO_strdup(const char *str, const char* file, int line) --{ -- char *ret; -- size_t size; -- -- if (str == NULL) -- return NULL; -- size = strlen(str) + 1; -- ret = CRYPTO_malloc(size, file, line); -- if (ret != NULL) -- memcpy(ret, str, size); -- return ret; --} -- --char *CRYPTO_strndup(const char *str, size_t s, const char* file, int line) --{ -- size_t maxlen; -- char *ret; -- -- if (str == NULL) -- return NULL; -- -- maxlen = OPENSSL_strnlen(str, s); -- -- ret = CRYPTO_malloc(maxlen + 1, file, line); -- if (ret) { -- memcpy(ret, str, maxlen); -- ret[maxlen] = '\0'; -- } -- return ret; --} -- --void *CRYPTO_memdup(const void *data, size_t siz, const char* file, int line) --{ -- void *ret; -+#include "o_str.h" - -- if (data == NULL || siz >= INT_MAX) -- return NULL; -- -- ret = CRYPTO_malloc(siz, file, line); -- if (ret == NULL) { -- CRYPTOerr(CRYPTO_F_CRYPTO_MEMDUP, ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- return memcpy(ret, data, siz); --} -- --size_t OPENSSL_strnlen(const char *str, size_t maxlen) --{ -- const char *p; -- -- for (p = str; maxlen-- != 0 && *p != '\0'; ++p) ; -- -- return p - str; --} -+#if !defined(OPENSSL_IMPLEMENTS_strncasecmp) && \ -+ !defined(OPENSSL_SYSNAME_WIN32) && !defined(OPENSSL_SYSNAME_WINCE) && \ -+ !defined(NETWARE_CLIB) -+# include -+#endif - --size_t OPENSSL_strlcpy(char *dst, const char *src, size_t size) -+int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n) - { -- size_t l = 0; -- for (; size > 1 && *src; size--) { -- *dst++ = *src++; -- l++; -+#if defined(OPENSSL_IMPLEMENTS_strncasecmp) -+ while (*str1 && *str2 && n) { -+ int res = toupper(*str1) - toupper(*str2); -+ if (res) -+ return res < 0 ? -1 : 1; -+ str1++; -+ str2++; -+ n--; - } -- if (size) -- *dst = '\0'; -- return l + strlen(src); --} -- --size_t OPENSSL_strlcat(char *dst, const char *src, size_t size) --{ -- size_t l = 0; -- for (; size > 0 && *dst; size--, dst++) -- l++; -- return l + OPENSSL_strlcpy(dst, src, size); --} -- --int OPENSSL_hexchar2int(unsigned char c) --{ --#ifdef CHARSET_EBCDIC -- c = os_toebcdic[c]; --#endif -- -- switch (c) { -- case '0': -+ if (n == 0) - return 0; -- case '1': -+ if (*str1) - return 1; -- case '2': -- return 2; -- case '3': -- return 3; -- case '4': -- return 4; -- case '5': -- return 5; -- case '6': -- return 6; -- case '7': -- return 7; -- case '8': -- return 8; -- case '9': -- return 9; -- case 'a': case 'A': -- return 0x0A; -- case 'b': case 'B': -- return 0x0B; -- case 'c': case 'C': -- return 0x0C; -- case 'd': case 'D': -- return 0x0D; -- case 'e': case 'E': -- return 0x0E; -- case 'f': case 'F': -- return 0x0F; -- } -- return -1; -+ if (*str2) -+ return -1; -+ return 0; -+#else -+ /* -+ * Recursion hazard warning! Whenever strncasecmp is #defined as -+ * OPENSSL_strncasecmp, OPENSSL_IMPLEMENTS_strncasecmp must be defined as -+ * well. -+ */ -+ return strncasecmp(str1, str2, n); -+#endif - } - --/* -- * Give a string of hex digits convert to a buffer -- */ --unsigned char *OPENSSL_hexstr2buf(const char *str, long *len) -+int OPENSSL_strcasecmp(const char *str1, const char *str2) - { -- unsigned char *hexbuf, *q; -- unsigned char ch, cl; -- int chi, cli; -- const unsigned char *p; -- size_t s; -- -- s = strlen(str); -- if ((hexbuf = OPENSSL_malloc(s >> 1)) == NULL) { -- CRYPTOerr(CRYPTO_F_OPENSSL_HEXSTR2BUF, ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- for (p = (const unsigned char *)str, q = hexbuf; *p; ) { -- ch = *p++; -- if (ch == ':') -- continue; -- cl = *p++; -- if (!cl) { -- CRYPTOerr(CRYPTO_F_OPENSSL_HEXSTR2BUF, -- CRYPTO_R_ODD_NUMBER_OF_DIGITS); -- OPENSSL_free(hexbuf); -- return NULL; -- } -- cli = OPENSSL_hexchar2int(cl); -- chi = OPENSSL_hexchar2int(ch); -- if (cli < 0 || chi < 0) { -- OPENSSL_free(hexbuf); -- CRYPTOerr(CRYPTO_F_OPENSSL_HEXSTR2BUF, CRYPTO_R_ILLEGAL_HEX_DIGIT); -- return NULL; -- } -- *q++ = (unsigned char)((chi << 4) | cli); -- } -- -- if (len) -- *len = q - hexbuf; -- return hexbuf; -+#if defined(OPENSSL_IMPLEMENTS_strncasecmp) -+ return OPENSSL_strncasecmp(str1, str2, (size_t)-1); -+#else -+ return strcasecmp(str1, str2); -+#endif - } - --/* -- * Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its -- * hex representation @@@ (Contents of buffer are always kept in ASCII, also -- * on EBCDIC machines) -- */ --char *OPENSSL_buf2hexstr(const unsigned char *buffer, long len) -+int OPENSSL_memcmp(const void *v1, const void *v2, size_t n) - { -- const static char hexdig[] = "0123456789ABCDEF"; -- char *tmp, *q; -- const unsigned char *p; -- int i; -- -- if (len == 0) -- { -- return OPENSSL_zalloc(1); -- } -- -- if ((tmp = OPENSSL_malloc(len * 3)) == NULL) { -- CRYPTOerr(CRYPTO_F_OPENSSL_BUF2HEXSTR, ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- q = tmp; -- for (i = 0, p = buffer; i < len; i++, p++) { -- *q++ = hexdig[(*p >> 4) & 0xf]; -- *q++ = hexdig[*p & 0xf]; -- *q++ = ':'; -- } -- q[-1] = 0; --#ifdef CHARSET_EBCDIC -- ebcdic2ascii(tmp, tmp, q - tmp - 1); --#endif -+ const unsigned char *c1 = v1, *c2 = v2; -+ int ret = 0; - -- return tmp; --} -+ while (n && (ret = *c1 - *c2) == 0) -+ n--, c1++, c2++; - --int openssl_strerror_r(int errnum, char *buf, size_t buflen) --{ --#if defined(_MSC_VER) && _MSC_VER>=1400 -- return !strerror_s(buf, buflen, errnum); --#elif defined(_GNU_SOURCE) -- return strerror_r(errnum, buf, buflen) != NULL; --#elif (_POSIX_C_SOURCE >= 200112L || _XOPEN_SOURCE >= 600) -- /* -- * We can use "real" strerror_r. The OpenSSL version differs in that it -- * gives 1 on success and 0 on failure for consistency with other OpenSSL -- * functions. Real strerror_r does it the other way around -- */ -- return !strerror_r(errnum, buf, buflen); --#else -- char *err; -- /* Fall back to non-thread safe strerror()...its all we can do */ -- if (buflen < 2) -- return 0; -- err = strerror(errnum); -- /* Can this ever happen? */ -- if (err == NULL) -- return 0; -- strncpy(buf, err, buflen - 1); -- buf[buflen - 1] = '\0'; -- return 1; --#endif -+ return ret; - } -diff --git a/Cryptlib/OpenSSL/crypto/o_str.h b/Cryptlib/OpenSSL/crypto/o_str.h -new file mode 100644 -index 0000000..fa512eb ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/o_str.h -@@ -0,0 +1,69 @@ -+/* crypto/o_str.h */ -+/* -+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project -+ * 2003. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+#ifndef HEADER_O_STR_H -+# define HEADER_O_STR_H -+ -+# include /* to get size_t */ -+ -+int OPENSSL_strcasecmp(const char *str1, const char *str2); -+int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n); -+int OPENSSL_memcmp(const void *p1, const void *p2, size_t n); -+ -+#endif -diff --git a/Cryptlib/OpenSSL/crypto/o_time.c b/Cryptlib/OpenSSL/crypto/o_time.c -index 4b902e0..b99e599 100644 ---- a/Cryptlib/OpenSSL/crypto/o_time.c -+++ b/Cryptlib/OpenSSL/crypto/o_time.c -@@ -1,15 +1,69 @@ -+/* crypto/o_time.c */ - /* -- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project -+ * 2001. -+ */ -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2008. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include - #include --#include -+#include "o_time.h" - - #ifdef OPENSSL_SYS_VMS - # if __CRTL_VER >= 70000000 && \ -@@ -51,9 +105,12 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) - { - struct tm *ts = NULL; - --#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX) -- if (gmtime_r(timer, result) == NULL) -- return NULL; -+#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX) && !defined(OPENSSL_SYS_SUNOS) -+ /* -+ * should return &data, but doesn't on some systems, so we don't even -+ * look at the return value -+ */ -+ gmtime_r(timer, result); - ts = result; - #elif !defined(OPENSSL_SYS_VMS) || defined(VMS_GMTIME_OK) - ts = gmtime(timer); -@@ -142,7 +199,7 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) - /*- - * The VMS epoch is the astronomical Smithsonian date, - if I remember correctly, which is November 17, 1858. -- Furthermore, time is measure in tenths of microseconds -+ Furthermore, time is measure in thenths of microseconds - and stored in quadwords (64 bit integers). unix_epoch - below is January 1st 1970 expressed as a VMS time. The - following code was used to get this number: -@@ -234,7 +291,7 @@ int OPENSSL_gmtime_adj(struct tm *tm, int off_day, long offset_sec) - int time_sec, time_year, time_month, time_day; - long time_jd; - -- /* Convert time and offset into Julian day and seconds */ -+ /* Convert time and offset into julian day and seconds */ - if (!julian_adj(tm, off_day, offset_sec, &time_jd, &time_sec)) - return 0; - -@@ -358,3 +415,63 @@ static void julian_to_date(long jd, int *y, int *m, int *d) - *m = j + 2 - (12 * L); - *y = 100 * (n - 49) + i + L; - } -+ -+#ifdef OPENSSL_TIME_TEST -+ -+# include -+ -+/* -+ * Time checking test code. Check times are identical for a wide range of -+ * offsets. This should be run on a machine with 64 bit time_t or it will -+ * trigger the very errors the routines fix. -+ */ -+ -+int main(int argc, char **argv) -+{ -+ long offset; -+ for (offset = 0; offset < 1000000; offset++) { -+ check_time(offset); -+ check_time(-offset); -+ check_time(offset * 1000); -+ check_time(-offset * 1000); -+ } -+} -+ -+int check_time(long offset) -+{ -+ struct tm tm1, tm2, o1; -+ int off_day, off_sec; -+ long toffset; -+ time_t t1, t2; -+ time(&t1); -+ t2 = t1 + offset; -+ OPENSSL_gmtime(&t2, &tm2); -+ OPENSSL_gmtime(&t1, &tm1); -+ o1 = tm1; -+ OPENSSL_gmtime_adj(&tm1, 0, offset); -+ if ((tm1.tm_year != tm2.tm_year) || -+ (tm1.tm_mon != tm2.tm_mon) || -+ (tm1.tm_mday != tm2.tm_mday) || -+ (tm1.tm_hour != tm2.tm_hour) || -+ (tm1.tm_min != tm2.tm_min) || (tm1.tm_sec != tm2.tm_sec)) { -+ fprintf(stderr, "TIME ERROR!!\n"); -+ fprintf(stderr, "Time1: %d/%d/%d, %d:%02d:%02d\n", -+ tm2.tm_mday, tm2.tm_mon + 1, tm2.tm_year + 1900, -+ tm2.tm_hour, tm2.tm_min, tm2.tm_sec); -+ fprintf(stderr, "Time2: %d/%d/%d, %d:%02d:%02d\n", -+ tm1.tm_mday, tm1.tm_mon + 1, tm1.tm_year + 1900, -+ tm1.tm_hour, tm1.tm_min, tm1.tm_sec); -+ return 0; -+ } -+ OPENSSL_gmtime_diff(&o1, &tm1, &off_day, &off_sec); -+ toffset = (long)off_day *SECS_PER_DAY + off_sec; -+ if (offset != toffset) { -+ fprintf(stderr, "TIME OFFSET ERROR!!\n"); -+ fprintf(stderr, "Expected %ld, Got %ld (%d:%d)\n", -+ offset, toffset, off_day, off_sec); -+ return 0; -+ } -+ return 1; -+} -+ -+#endif -diff --git a/Cryptlib/OpenSSL/crypto/o_time.h b/Cryptlib/OpenSSL/crypto/o_time.h -new file mode 100644 -index 0000000..f192c6d ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/o_time.h -@@ -0,0 +1,70 @@ -+/* crypto/o_time.h */ -+/* -+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project -+ * 2001. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+#ifndef HEADER_O_TIME_H -+# define HEADER_O_TIME_H -+ -+# include -+ -+struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result); -+int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec); -+int OPENSSL_gmtime_diff(int *pday, int *psec, -+ const struct tm *from, const struct tm *to); -+ -+#endif -diff --git a/Cryptlib/OpenSSL/crypto/objects/o_names.c b/Cryptlib/OpenSSL/crypto/objects/o_names.c -index ed98df8..f106905 100644 ---- a/Cryptlib/OpenSSL/crypto/objects/o_names.c -+++ b/Cryptlib/OpenSSL/crypto/objects/o_names.c -@@ -1,12 +1,3 @@ --/* -- * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- - #include - #include - #include -@@ -16,40 +7,35 @@ - #include - #include - #include --#include "obj_lcl.h" - - /* -- * We define this wrapper for two reasons. Firstly, later versions of -- * DEC C add linkage information to certain functions, which makes it -- * tricky to use them as values to regular function pointers. -- * Secondly, in the EDK2 build environment, the strcmp function is -- * actually an external function (AsciiStrCmp) with the Microsoft ABI, -- * so we can't transparently assign function pointers to it. -- * Arguably the latter is a stupidity of the UEFI environment, but -- * since the wrapper solves the DEC C issue too, let's just use the -- * same solution. -+ * Later versions of DEC C has started to add lnkage information to certain -+ * functions, which makes it tricky to use them as values to regular function -+ * pointers. One way is to define a macro that takes care of casting them -+ * correctly. - */ --#if defined(OPENSSL_SYS_VMS_DECC) || defined(OPENSSL_SYS_UEFI) --static int obj_strcmp(const char *a, const char *b) --{ -- return strcmp(a, b); --} -+#ifdef OPENSSL_SYS_VMS_DECC -+# define OPENSSL_strcmp (int (*)(const char *,const char *))strcmp - #else --#define obj_strcmp strcmp -+# define OPENSSL_strcmp strcmp - #endif - - /* - * I use the ex_data stuff to manage the identifiers for the obj_name_types - * that applications may define. I only really use the free function field. - */ -+DECLARE_LHASH_OF(OBJ_NAME); - static LHASH_OF(OBJ_NAME) *names_lh = NULL; - static int names_type_num = OBJ_NAME_TYPE_NUM; - --struct name_funcs_st { -+typedef struct name_funcs_st { - unsigned long (*hash_func) (const char *name); - int (*cmp_func) (const char *a, const char *b); - void (*free_func) (const char *, int, const char *); --}; -+} NAME_FUNCS; -+ -+DECLARE_STACK_OF(NAME_FUNCS) -+IMPLEMENT_STACK_OF(NAME_FUNCS) - - static STACK_OF(NAME_FUNCS) *name_funcs_stack; - -@@ -59,16 +45,21 @@ static STACK_OF(NAME_FUNCS) *name_funcs_stack; - * casting without the need for macro-generated wrapper functions. - */ - --static unsigned long obj_name_hash(const OBJ_NAME *a); --static int obj_name_cmp(const OBJ_NAME *a, const OBJ_NAME *b); -+/* static unsigned long obj_name_hash(OBJ_NAME *a); */ -+static unsigned long obj_name_hash(const void *a_void); -+/* static int obj_name_cmp(OBJ_NAME *a,OBJ_NAME *b); */ -+static int obj_name_cmp(const void *a_void, const void *b_void); -+ -+static IMPLEMENT_LHASH_HASH_FN(obj_name, OBJ_NAME) -+static IMPLEMENT_LHASH_COMP_FN(obj_name, OBJ_NAME) - - int OBJ_NAME_init(void) - { - if (names_lh != NULL) - return (1); -- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); -- names_lh = lh_OBJ_NAME_new(obj_name_hash, obj_name_cmp); -- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); -+ MemCheck_off(); -+ names_lh = lh_OBJ_NAME_new(); -+ MemCheck_on(); - return (names_lh != NULL); - } - -@@ -76,13 +67,14 @@ int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *), - int (*cmp_func) (const char *, const char *), - void (*free_func) (const char *, int, const char *)) - { -- int ret, i, push; -+ int ret; -+ int i; - NAME_FUNCS *name_funcs; - - if (name_funcs_stack == NULL) { -- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); -+ MemCheck_off(); - name_funcs_stack = sk_NAME_FUNCS_new_null(); -- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); -+ MemCheck_on(); - } - if (name_funcs_stack == NULL) { - /* ERROR */ -@@ -91,25 +83,22 @@ int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *), - ret = names_type_num; - names_type_num++; - for (i = sk_NAME_FUNCS_num(name_funcs_stack); i < names_type_num; i++) { -- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); -- name_funcs = OPENSSL_zalloc(sizeof(*name_funcs)); -- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); -- if (name_funcs == NULL) { -+ MemCheck_off(); -+ name_funcs = OPENSSL_malloc(sizeof(NAME_FUNCS)); -+ MemCheck_on(); -+ if (!name_funcs) { - OBJerr(OBJ_F_OBJ_NAME_NEW_INDEX, ERR_R_MALLOC_FAILURE); - return (0); - } -- name_funcs->hash_func = OPENSSL_LH_strhash; -- name_funcs->cmp_func = obj_strcmp; -- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); -- -- push = sk_NAME_FUNCS_push(name_funcs_stack, name_funcs); -- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); -- -- if (!push) { -- OBJerr(OBJ_F_OBJ_NAME_NEW_INDEX, ERR_R_MALLOC_FAILURE); -- OPENSSL_free(name_funcs); -- return 0; -- } -+ name_funcs->hash_func = lh_strhash; -+ name_funcs->cmp_func = OPENSSL_strcmp; -+ name_funcs->free_func = 0; /* NULL is often declared to * ((void -+ * *)0), which according * to Compaq C is -+ * not really * compatible with a function -+ * * pointer. -- Richard Levitte */ -+ MemCheck_off(); -+ sk_NAME_FUNCS_push(name_funcs_stack, name_funcs); -+ MemCheck_on(); - } - name_funcs = sk_NAME_FUNCS_value(name_funcs_stack, ret); - if (hash_func != NULL) -@@ -121,9 +110,12 @@ int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *), - return (ret); - } - --static int obj_name_cmp(const OBJ_NAME *a, const OBJ_NAME *b) -+/* static int obj_name_cmp(OBJ_NAME *a, OBJ_NAME *b) */ -+static int obj_name_cmp(const void *a_void, const void *b_void) - { - int ret; -+ const OBJ_NAME *a = (const OBJ_NAME *)a_void; -+ const OBJ_NAME *b = (const OBJ_NAME *)b_void; - - ret = a->type - b->type; - if (ret == 0) { -@@ -137,9 +129,11 @@ static int obj_name_cmp(const OBJ_NAME *a, const OBJ_NAME *b) - return (ret); - } - --static unsigned long obj_name_hash(const OBJ_NAME *a) -+/* static unsigned long obj_name_hash(OBJ_NAME *a) */ -+static unsigned long obj_name_hash(const void *a_void) - { - unsigned long ret; -+ const OBJ_NAME *a = (const OBJ_NAME *)a_void; - - if ((name_funcs_stack != NULL) - && (sk_NAME_FUNCS_num(name_funcs_stack) > a->type)) { -@@ -147,7 +141,7 @@ static unsigned long obj_name_hash(const OBJ_NAME *a) - sk_NAME_FUNCS_value(name_funcs_stack, - a->type)->hash_func(a->name); - } else { -- ret = OPENSSL_LH_strhash(a->name); -+ ret = lh_strhash(a->name); - } - ret ^= a->type; - return (ret); -@@ -194,7 +188,7 @@ int OBJ_NAME_add(const char *name, int type, const char *data) - alias = type & OBJ_NAME_ALIAS; - type &= ~OBJ_NAME_ALIAS; - -- onp = OPENSSL_malloc(sizeof(*onp)); -+ onp = (OBJ_NAME *)OPENSSL_malloc(sizeof(OBJ_NAME)); - if (onp == NULL) { - /* ERROR */ - return 0; -@@ -258,30 +252,31 @@ int OBJ_NAME_remove(const char *name, int type) - return (0); - } - --typedef struct { -+struct doall { - int type; - void (*fn) (const OBJ_NAME *, void *arg); - void *arg; --} OBJ_DOALL; -+}; - --static void do_all_fn(const OBJ_NAME *name, OBJ_DOALL *d) -+static void do_all_fn_doall_arg(const OBJ_NAME *name, struct doall *d) - { - if (name->type == d->type) - d->fn(name, d->arg); - } - --IMPLEMENT_LHASH_DOALL_ARG_CONST(OBJ_NAME, OBJ_DOALL); -+static IMPLEMENT_LHASH_DOALL_ARG_FN(do_all_fn, const OBJ_NAME, struct doall) - - void OBJ_NAME_do_all(int type, void (*fn) (const OBJ_NAME *, void *arg), - void *arg) - { -- OBJ_DOALL d; -+ struct doall d; - - d.type = type; - d.fn = fn; - d.arg = arg; - -- lh_OBJ_NAME_doall_OBJ_DOALL(names_lh, do_all_fn, &d); -+ lh_OBJ_NAME_doall_arg(names_lh, LHASH_DOALL_ARG_FN(do_all_fn), -+ struct doall, &d); - } - - struct doall_sorted { -@@ -317,13 +312,13 @@ void OBJ_NAME_do_all_sorted(int type, - - d.type = type; - d.names = -- OPENSSL_malloc(sizeof(*d.names) * lh_OBJ_NAME_num_items(names_lh)); -+ OPENSSL_malloc(lh_OBJ_NAME_num_items(names_lh) * sizeof *d.names); - /* Really should return an error if !d.names...but its a void function! */ -- if (d.names != NULL) { -+ if (d.names) { - d.n = 0; - OBJ_NAME_do_all(type, do_all_sorted_fn, &d); - -- qsort((void *)d.names, d.n, sizeof(*d.names), do_all_sorted_cmp); -+ qsort((void *)d.names, d.n, sizeof *d.names, do_all_sorted_cmp); - - for (n = 0; n < d.n; ++n) - fn(d.names[n], arg); -@@ -343,6 +338,8 @@ static void names_lh_free_doall(OBJ_NAME *onp) - OBJ_NAME_remove(onp->name, onp->type); - } - -+static IMPLEMENT_LHASH_DOALL_FN(names_lh_free, OBJ_NAME) -+ - static void name_funcs_free(NAME_FUNCS *ptr) - { - OPENSSL_free(ptr); -@@ -356,15 +353,15 @@ void OBJ_NAME_cleanup(int type) - return; - - free_type = type; -- down_load = lh_OBJ_NAME_get_down_load(names_lh); -- lh_OBJ_NAME_set_down_load(names_lh, 0); -+ down_load = lh_OBJ_NAME_down_load(names_lh); -+ lh_OBJ_NAME_down_load(names_lh) = 0; - -- lh_OBJ_NAME_doall(names_lh, names_lh_free_doall); -+ lh_OBJ_NAME_doall(names_lh, LHASH_DOALL_FN(names_lh_free)); - if (type < 0) { - lh_OBJ_NAME_free(names_lh); - sk_NAME_FUNCS_pop_free(name_funcs_stack, name_funcs_free); - names_lh = NULL; - name_funcs_stack = NULL; - } else -- lh_OBJ_NAME_set_down_load(names_lh, down_load); -+ lh_OBJ_NAME_down_load(names_lh) = down_load; - } -diff --git a/Cryptlib/OpenSSL/crypto/objects/obj_dat.c b/Cryptlib/OpenSSL/crypto/objects/obj_dat.c -index 259851b..aca382a 100644 ---- a/Cryptlib/OpenSSL/crypto/objects/obj_dat.c -+++ b/Cryptlib/OpenSSL/crypto/objects/obj_dat.c -@@ -1,25 +1,85 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/objects/obj_dat.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include - #include - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include --#include "internal/objects.h" -+#include - #include --#include "internal/asn1_int.h" --#include "obj_lcl.h" - - /* obj_dat.h is generated from objects.h by obj_dat.pl */ --#include "obj_dat.h" -+#ifndef OPENSSL_NO_OBJECT -+# include "obj_dat.h" -+#else -+/* You will have to load all the objects needed manually in the application */ -+# define NUM_NID 0 -+# define NUM_SN 0 -+# define NUM_LN 0 -+# define NUM_OBJ 0 -+static const unsigned char lvalues[1]; -+static const ASN1_OBJECT nid_objs[1]; -+static const unsigned int sn_objs[1]; -+static const unsigned int ln_objs[1]; -+static const unsigned int obj_objs[1]; -+#endif - - DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, sn); - DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, ln); -@@ -30,10 +90,11 @@ DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, obj); - #define ADDED_LNAME 2 - #define ADDED_NID 3 - --struct added_obj_st { -+typedef struct added_obj_st { - int type; - ASN1_OBJECT *obj; --}; -+} ADDED_OBJ; -+DECLARE_LHASH_OF(ADDED_OBJ); - - static int new_nid = NUM_NID; - static LHASH_OF(ADDED_OBJ) *added = NULL; -@@ -68,10 +129,10 @@ static unsigned long added_obj_hash(const ADDED_OBJ *ca) - ret ^= p[i] << ((i * 3) % 24); - break; - case ADDED_SNAME: -- ret = OPENSSL_LH_strhash(a->sn); -+ ret = lh_strhash(a->sn); - break; - case ADDED_LNAME: -- ret = OPENSSL_LH_strhash(a->ln); -+ ret = lh_strhash(a->ln); - break; - case ADDED_NID: - ret = a->nid; -@@ -85,6 +146,8 @@ static unsigned long added_obj_hash(const ADDED_OBJ *ca) - return (ret); - } - -+static IMPLEMENT_LHASH_HASH_FN(added_obj, ADDED_OBJ) -+ - static int added_obj_cmp(const ADDED_OBJ *ca, const ADDED_OBJ *cb) - { - ASN1_OBJECT *a, *b; -@@ -123,11 +186,13 @@ static int added_obj_cmp(const ADDED_OBJ *ca, const ADDED_OBJ *cb) - } - } - -+static IMPLEMENT_LHASH_COMP_FN(added_obj, ADDED_OBJ) -+ - static int init_added(void) - { - if (added != NULL) - return (1); -- added = lh_ADDED_OBJ_new(added_obj_hash, added_obj_cmp); -+ added = lh_ADDED_OBJ_new(); - return (added != NULL); - } - -@@ -150,14 +215,34 @@ static void cleanup3_doall(ADDED_OBJ *a) - OPENSSL_free(a); - } - --void obj_cleanup_int(void) -+static IMPLEMENT_LHASH_DOALL_FN(cleanup1, ADDED_OBJ) -+static IMPLEMENT_LHASH_DOALL_FN(cleanup2, ADDED_OBJ) -+static IMPLEMENT_LHASH_DOALL_FN(cleanup3, ADDED_OBJ) -+ -+/* -+ * The purpose of obj_cleanup_defer is to avoid EVP_cleanup() attempting to -+ * use freed up OIDs. If neccessary the actual freeing up of OIDs is delayed. -+ */ -+int obj_cleanup_defer = 0; -+ -+void check_defer(int nid) -+{ -+ if (!obj_cleanup_defer && nid >= NUM_NID) -+ obj_cleanup_defer = 1; -+} -+ -+void OBJ_cleanup(void) - { -+ if (obj_cleanup_defer) { -+ obj_cleanup_defer = 2; -+ return; -+ } - if (added == NULL) - return; -- lh_ADDED_OBJ_set_down_load(added, 0); -- lh_ADDED_OBJ_doall(added, cleanup1_doall); /* zero counters */ -- lh_ADDED_OBJ_doall(added, cleanup2_doall); /* set counters */ -- lh_ADDED_OBJ_doall(added, cleanup3_doall); /* free objects */ -+ lh_ADDED_OBJ_down_load(added) = 0; -+ lh_ADDED_OBJ_doall(added, LHASH_DOALL_FN(cleanup1)); /* zero counters */ -+ lh_ADDED_OBJ_doall(added, LHASH_DOALL_FN(cleanup2)); /* set counters */ -+ lh_ADDED_OBJ_doall(added, LHASH_DOALL_FN(cleanup3)); /* free objects */ - lh_ADDED_OBJ_free(added); - added = NULL; - } -@@ -182,16 +267,21 @@ int OBJ_add_object(const ASN1_OBJECT *obj) - return (0); - if ((o = OBJ_dup(obj)) == NULL) - goto err; -- if ((ao[ADDED_NID] = OPENSSL_malloc(sizeof(*ao[0]))) == NULL) -+ if (!(ao[ADDED_NID] = (ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) - goto err2; - if ((o->length != 0) && (obj->data != NULL)) -- if ((ao[ADDED_DATA] = OPENSSL_malloc(sizeof(*ao[0]))) == NULL) -+ if (! -+ (ao[ADDED_DATA] = (ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) - goto err2; - if (o->sn != NULL) -- if ((ao[ADDED_SNAME] = OPENSSL_malloc(sizeof(*ao[0]))) == NULL) -+ if (! -+ (ao[ADDED_SNAME] = -+ (ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) - goto err2; - if (o->ln != NULL) -- if ((ao[ADDED_LNAME] = OPENSSL_malloc(sizeof(*ao[0]))) == NULL) -+ if (! -+ (ao[ADDED_LNAME] = -+ (ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) - goto err2; - - for (i = ADDED_DATA; i <= ADDED_NID; i++) { -@@ -199,8 +289,9 @@ int OBJ_add_object(const ASN1_OBJECT *obj) - ao[i]->type = i; - ao[i]->obj = o; - aop = lh_ADDED_OBJ_insert(added, ao[i]); -- /* memory leak, but should not normally matter */ -- OPENSSL_free(aop); -+ /* memory leak, buit should not normally matter */ -+ if (aop != NULL) -+ OPENSSL_free(aop); - } - } - o->flags &= -@@ -212,8 +303,10 @@ int OBJ_add_object(const ASN1_OBJECT *obj) - OBJerr(OBJ_F_OBJ_ADD_OBJECT, ERR_R_MALLOC_FAILURE); - err: - for (i = ADDED_DATA; i <= ADDED_NID; i++) -- OPENSSL_free(ao[i]); -- OPENSSL_free(o); -+ if (ao[i] != NULL) -+ OPENSSL_free(ao[i]); -+ if (o != NULL) -+ OPENSSL_free(o); - return (NID_undef); - } - -@@ -373,10 +466,8 @@ ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name) - } - /* Work out total size */ - j = ASN1_object_size(0, i, V_ASN1_OBJECT); -- if (j < 0) -- return NULL; - -- if ((buf = OPENSSL_malloc(j)) == NULL) -+ if ((buf = (unsigned char *)OPENSSL_malloc(j)) == NULL) - return NULL; - - p = buf; -@@ -413,7 +504,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) - s = OBJ_nid2sn(nid); - if (s) { - if (buf) -- OPENSSL_strlcpy(buf, s, buf_len); -+ BUF_strlcpy(buf, s, buf_len); - n = strlen(s); - return n; - } -@@ -441,7 +532,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) - if (!(c & 0x80)) - break; - if (!use_bn && (l > (ULONG_MAX >> 7L))) { -- if (bl == NULL && (bl = BN_new()) == NULL) -+ if (!bl && !(bl = BN_new())) - goto err; - if (!BN_set_word(bl, l)) - goto err; -@@ -487,7 +578,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) - *buf = '\0'; - buf_len--; - } -- OPENSSL_strlcpy(buf, bndec, buf_len); -+ BUF_strlcpy(buf, bndec, buf_len); - if (i > buf_len) { - buf += buf_len; - buf_len = 0; -@@ -503,7 +594,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) - BIO_snprintf(tbuf, sizeof tbuf, ".%lu", l); - i = strlen(tbuf); - if (buf && (buf_len > 0)) { -- OPENSSL_strlcpy(buf, tbuf, buf_len); -+ BUF_strlcpy(buf, tbuf, buf_len); - if (i > buf_len) { - buf += buf_len; - buf_len = 0; -@@ -517,11 +608,13 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) - } - } - -- BN_free(bl); -+ if (bl) -+ BN_free(bl); - return n; - - err: -- BN_free(bl); -+ if (bl) -+ BN_free(bl); - return -1; - } - -@@ -634,7 +727,7 @@ const void *OBJ_bsearch_ex_(const void *key, const void *base_, int num, - - int OBJ_create_objects(BIO *in) - { -- char buf[512]; -+ MS_STATIC char buf[512]; - int i, num = 0; - char *o, *s, *l = NULL; - -@@ -681,48 +774,28 @@ int OBJ_create_objects(BIO *in) - - int OBJ_create(const char *oid, const char *sn, const char *ln) - { -- ASN1_OBJECT *tmpoid = NULL; - int ok = 0; -+ ASN1_OBJECT *op = NULL; -+ unsigned char *buf; -+ int i; - -- /* Check to see if short or long name already present */ -- if (OBJ_sn2nid(sn) != NID_undef || OBJ_ln2nid(ln) != NID_undef) { -- OBJerr(OBJ_F_OBJ_CREATE, OBJ_R_OID_EXISTS); -- return 0; -- } -- -- /* Convert numerical OID string to an ASN1_OBJECT structure */ -- tmpoid = OBJ_txt2obj(oid, 1); -+ i = a2d_ASN1_OBJECT(NULL, 0, oid, -1); -+ if (i <= 0) -+ return (0); - -- /* If NID is not NID_undef then object already exists */ -- if (OBJ_obj2nid(tmpoid) != NID_undef) { -- OBJerr(OBJ_F_OBJ_CREATE, OBJ_R_OID_EXISTS); -- goto err; -+ if ((buf = (unsigned char *)OPENSSL_malloc(i)) == NULL) { -+ OBJerr(OBJ_F_OBJ_CREATE, ERR_R_MALLOC_FAILURE); -+ return (0); - } -- -- tmpoid->nid = OBJ_new_nid(1); -- tmpoid->sn = (char *)sn; -- tmpoid->ln = (char *)ln; -- -- ok = OBJ_add_object(tmpoid); -- -- tmpoid->sn = NULL; -- tmpoid->ln = NULL; -- -+ i = a2d_ASN1_OBJECT(buf, i, oid, -1); -+ if (i == 0) -+ goto err; -+ op = (ASN1_OBJECT *)ASN1_OBJECT_create(OBJ_new_nid(1), buf, i, sn, ln); -+ if (op == NULL) -+ goto err; -+ ok = OBJ_add_object(op); - err: -- ASN1_OBJECT_free(tmpoid); -- return ok; --} -- --size_t OBJ_length(const ASN1_OBJECT *obj) --{ -- if (obj == NULL) -- return 0; -- return obj->length; --} -- --const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj) --{ -- if (obj == NULL) -- return NULL; -- return obj->data; -+ ASN1_OBJECT_free(op); -+ OPENSSL_free(buf); -+ return (ok); - } -diff --git a/Cryptlib/OpenSSL/crypto/objects/obj_dat.h b/Cryptlib/OpenSSL/crypto/objects/obj_dat.h -index e1fc64f..b7e3cf2 100644 ---- a/Cryptlib/OpenSSL/crypto/objects/obj_dat.h -+++ b/Cryptlib/OpenSSL/crypto/objects/obj_dat.h -@@ -1,5101 +1,5319 @@ --/* -- * WARNING: do not edit! -- * Generated by crypto/objects/obj_dat.pl -+/* crypto/objects/obj_dat.h */ -+ -+/* THIS FILE IS GENERATED FROM objects.h by obj_dat.pl via the -+ * following command: -+ * perl obj_dat.pl obj_mac.h obj_dat.h -+ */ -+ -+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - --/* Serialized OID's */ --static const unsigned char so[6765] = { -- 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x05, /* [ 21] OBJ_md5 */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x04, /* [ 29] OBJ_rc4 */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01, /* [ 37] OBJ_rsaEncryption */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x02, /* [ 46] OBJ_md2WithRSAEncryption */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x04, /* [ 55] OBJ_md5WithRSAEncryption */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x01, /* [ 64] OBJ_pbeWithMD2AndDES_CBC */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x03, /* [ 73] OBJ_pbeWithMD5AndDES_CBC */ -- 0x55, /* [ 82] OBJ_X500 */ -- 0x55,0x04, /* [ 83] OBJ_X509 */ -- 0x55,0x04,0x03, /* [ 85] OBJ_commonName */ -- 0x55,0x04,0x06, /* [ 88] OBJ_countryName */ -- 0x55,0x04,0x07, /* [ 91] OBJ_localityName */ -- 0x55,0x04,0x08, /* [ 94] OBJ_stateOrProvinceName */ -- 0x55,0x04,0x0A, /* [ 97] OBJ_organizationName */ -- 0x55,0x04,0x0B, /* [ 100] OBJ_organizationalUnitName */ -- 0x55,0x08,0x01,0x01, /* [ 103] OBJ_rsa */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07, /* [ 107] OBJ_pkcs7 */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x01, /* [ 115] OBJ_pkcs7_data */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x02, /* [ 124] OBJ_pkcs7_signed */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x03, /* [ 133] OBJ_pkcs7_enveloped */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x04, /* [ 142] OBJ_pkcs7_signedAndEnveloped */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x05, /* [ 151] OBJ_pkcs7_digest */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x06, /* [ 160] OBJ_pkcs7_encrypted */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03, /* [ 169] OBJ_pkcs3 */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03,0x01, /* [ 177] OBJ_dhKeyAgreement */ -- 0x2B,0x0E,0x03,0x02,0x06, /* [ 186] OBJ_des_ecb */ -- 0x2B,0x0E,0x03,0x02,0x09, /* [ 191] OBJ_des_cfb64 */ -- 0x2B,0x0E,0x03,0x02,0x07, /* [ 196] OBJ_des_cbc */ -- 0x2B,0x0E,0x03,0x02,0x11, /* [ 201] OBJ_des_ede_ecb */ -- 0x2B,0x06,0x01,0x04,0x01,0x81,0x3C,0x07,0x01,0x01,0x02, /* [ 206] OBJ_idea_cbc */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x02, /* [ 217] OBJ_rc2_cbc */ -- 0x2B,0x0E,0x03,0x02,0x12, /* [ 225] OBJ_sha */ -- 0x2B,0x0E,0x03,0x02,0x0F, /* [ 230] OBJ_shaWithRSAEncryption */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x07, /* [ 235] OBJ_des_ede3_cbc */ -- 0x2B,0x0E,0x03,0x02,0x08, /* [ 243] OBJ_des_ofb64 */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09, /* [ 248] OBJ_pkcs9 */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x01, /* [ 256] OBJ_pkcs9_emailAddress */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x02, /* [ 265] OBJ_pkcs9_unstructuredName */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x03, /* [ 274] OBJ_pkcs9_contentType */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x04, /* [ 283] OBJ_pkcs9_messageDigest */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x05, /* [ 292] OBJ_pkcs9_signingTime */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x06, /* [ 301] OBJ_pkcs9_countersignature */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x07, /* [ 310] OBJ_pkcs9_challengePassword */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x08, /* [ 319] OBJ_pkcs9_unstructuredAddress */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x09, /* [ 328] OBJ_pkcs9_extCertAttributes */ -- 0x60,0x86,0x48,0x01,0x86,0xF8,0x42, /* [ 337] OBJ_netscape */ -- 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01, /* [ 344] OBJ_netscape_cert_extension */ -- 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02, /* [ 352] OBJ_netscape_data_type */ -- 0x2B,0x0E,0x03,0x02,0x1A, /* [ 360] OBJ_sha1 */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05, /* [ 365] OBJ_sha1WithRSAEncryption */ -- 0x2B,0x0E,0x03,0x02,0x0D, /* [ 374] OBJ_dsaWithSHA */ -- 0x2B,0x0E,0x03,0x02,0x0C, /* [ 379] OBJ_dsa_2 */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0B, /* [ 384] OBJ_pbeWithSHA1AndRC2_CBC */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0C, /* [ 393] OBJ_id_pbkdf2 */ -- 0x2B,0x0E,0x03,0x02,0x1B, /* [ 402] OBJ_dsaWithSHA1_2 */ -- 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x01, /* [ 407] OBJ_netscape_cert_type */ -- 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x02, /* [ 416] OBJ_netscape_base_url */ -- 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x03, /* [ 425] OBJ_netscape_revocation_url */ -- 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x04, /* [ 434] OBJ_netscape_ca_revocation_url */ -- 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x07, /* [ 443] OBJ_netscape_renewal_url */ -- 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x08, /* [ 452] OBJ_netscape_ca_policy_url */ -- 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0C, /* [ 461] OBJ_netscape_ssl_server_name */ -- 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0D, /* [ 470] OBJ_netscape_comment */ -- 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02,0x05, /* [ 479] OBJ_netscape_cert_sequence */ -- 0x55,0x1D, /* [ 488] OBJ_id_ce */ -- 0x55,0x1D,0x0E, /* [ 490] OBJ_subject_key_identifier */ -- 0x55,0x1D,0x0F, /* [ 493] OBJ_key_usage */ -- 0x55,0x1D,0x10, /* [ 496] OBJ_private_key_usage_period */ -- 0x55,0x1D,0x11, /* [ 499] OBJ_subject_alt_name */ -- 0x55,0x1D,0x12, /* [ 502] OBJ_issuer_alt_name */ -- 0x55,0x1D,0x13, /* [ 505] OBJ_basic_constraints */ -- 0x55,0x1D,0x14, /* [ 508] OBJ_crl_number */ -- 0x55,0x1D,0x20, /* [ 511] OBJ_certificate_policies */ -- 0x55,0x1D,0x23, /* [ 514] OBJ_authority_key_identifier */ -- 0x2B,0x06,0x01,0x04,0x01,0x97,0x55,0x01,0x02, /* [ 517] OBJ_bf_cbc */ -- 0x55,0x08,0x03,0x65, /* [ 526] OBJ_mdc2 */ -- 0x55,0x08,0x03,0x64, /* [ 530] OBJ_mdc2WithRSA */ -- 0x55,0x04,0x2A, /* [ 534] OBJ_givenName */ -- 0x55,0x04,0x04, /* [ 537] OBJ_surname */ -- 0x55,0x04,0x2B, /* [ 540] OBJ_initials */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2C, /* [ 543] OBJ_uniqueIdentifier */ -- 0x55,0x1D,0x1F, /* [ 553] OBJ_crl_distribution_points */ -- 0x2B,0x0E,0x03,0x02,0x03, /* [ 556] OBJ_md5WithRSA */ -- 0x55,0x04,0x05, /* [ 561] OBJ_serialNumber */ -- 0x55,0x04,0x0C, /* [ 564] OBJ_title */ -- 0x55,0x04,0x0D, /* [ 567] OBJ_description */ -- 0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0A, /* [ 570] OBJ_cast5_cbc */ -- 0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0C, /* [ 579] OBJ_pbeWithMD5AndCast5_CBC */ -- 0x2A,0x86,0x48,0xCE,0x38,0x04,0x03, /* [ 588] OBJ_dsaWithSHA1 */ -- 0x2B,0x0E,0x03,0x02,0x1D, /* [ 595] OBJ_sha1WithRSA */ -- 0x2A,0x86,0x48,0xCE,0x38,0x04,0x01, /* [ 600] OBJ_dsa */ -- 0x2B,0x24,0x03,0x02,0x01, /* [ 607] OBJ_ripemd160 */ -- 0x2B,0x24,0x03,0x03,0x01,0x02, /* [ 612] OBJ_ripemd160WithRSA */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x08, /* [ 618] OBJ_rc5_cbc */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x08, /* [ 626] OBJ_zlib_compression */ -- 0x55,0x1D,0x25, /* [ 637] OBJ_ext_key_usage */ -- 0x2B,0x06,0x01,0x05,0x05,0x07, /* [ 640] OBJ_id_pkix */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x03, /* [ 646] OBJ_id_kp */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01, /* [ 653] OBJ_server_auth */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02, /* [ 661] OBJ_client_auth */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03, /* [ 669] OBJ_code_sign */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04, /* [ 677] OBJ_email_protect */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x08, /* [ 685] OBJ_time_stamp */ -- 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x15, /* [ 693] OBJ_ms_code_ind */ -- 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x16, /* [ 703] OBJ_ms_code_com */ -- 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x01, /* [ 713] OBJ_ms_ctl_sign */ -- 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03, /* [ 723] OBJ_ms_sgc */ -- 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04, /* [ 733] OBJ_ms_efs */ -- 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01, /* [ 743] OBJ_ns_sgc */ -- 0x55,0x1D,0x1B, /* [ 752] OBJ_delta_crl */ -- 0x55,0x1D,0x15, /* [ 755] OBJ_crl_reason */ -- 0x55,0x1D,0x18, /* [ 758] OBJ_invalidity_date */ -- 0x2B,0x65,0x01,0x04,0x01, /* [ 761] OBJ_sxnet */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x01, /* [ 766] OBJ_pbe_WithSHA1And128BitRC4 */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x02, /* [ 776] OBJ_pbe_WithSHA1And40BitRC4 */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x03, /* [ 786] OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x04, /* [ 796] OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x05, /* [ 806] OBJ_pbe_WithSHA1And128BitRC2_CBC */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x06, /* [ 816] OBJ_pbe_WithSHA1And40BitRC2_CBC */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x01, /* [ 826] OBJ_keyBag */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x02, /* [ 837] OBJ_pkcs8ShroudedKeyBag */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x03, /* [ 848] OBJ_certBag */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x04, /* [ 859] OBJ_crlBag */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x05, /* [ 870] OBJ_secretBag */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x06, /* [ 881] OBJ_safeContentsBag */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x14, /* [ 892] OBJ_friendlyName */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x15, /* [ 901] OBJ_localKeyID */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x01, /* [ 910] OBJ_x509Certificate */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x02, /* [ 920] OBJ_sdsiCertificate */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x17,0x01, /* [ 930] OBJ_x509Crl */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0D, /* [ 940] OBJ_pbes2 */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0E, /* [ 949] OBJ_pbmac1 */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x07, /* [ 958] OBJ_hmacWithSHA1 */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01, /* [ 966] OBJ_id_qt_cps */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02, /* [ 974] OBJ_id_qt_unotice */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0F, /* [ 982] OBJ_SMIMECapabilities */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x04, /* [ 991] OBJ_pbeWithMD2AndRC2_CBC */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x06, /* [ 1000] OBJ_pbeWithMD5AndRC2_CBC */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0A, /* [ 1009] OBJ_pbeWithSHA1AndDES_CBC */ -- 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x0E, /* [ 1018] OBJ_ms_ext_req */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0E, /* [ 1028] OBJ_ext_req */ -- 0x55,0x04,0x29, /* [ 1037] OBJ_name */ -- 0x55,0x04,0x2E, /* [ 1040] OBJ_dnQualifier */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x01, /* [ 1043] OBJ_id_pe */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x30, /* [ 1050] OBJ_id_ad */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01, /* [ 1057] OBJ_info_access */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01, /* [ 1065] OBJ_ad_OCSP */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02, /* [ 1073] OBJ_ad_ca_issuers */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09, /* [ 1081] OBJ_OCSP_sign */ -- 0x2A, /* [ 1089] OBJ_member_body */ -- 0x2A,0x86,0x48, /* [ 1090] OBJ_ISO_US */ -- 0x2A,0x86,0x48,0xCE,0x38, /* [ 1093] OBJ_X9_57 */ -- 0x2A,0x86,0x48,0xCE,0x38,0x04, /* [ 1098] OBJ_X9cm */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01, /* [ 1104] OBJ_pkcs1 */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05, /* [ 1112] OBJ_pkcs5 */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10, /* [ 1120] OBJ_SMIME */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00, /* [ 1129] OBJ_id_smime_mod */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01, /* [ 1139] OBJ_id_smime_ct */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02, /* [ 1149] OBJ_id_smime_aa */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03, /* [ 1159] OBJ_id_smime_alg */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04, /* [ 1169] OBJ_id_smime_cd */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05, /* [ 1179] OBJ_id_smime_spq */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06, /* [ 1189] OBJ_id_smime_cti */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x01, /* [ 1199] OBJ_id_smime_mod_cms */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x02, /* [ 1210] OBJ_id_smime_mod_ess */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x03, /* [ 1221] OBJ_id_smime_mod_oid */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x04, /* [ 1232] OBJ_id_smime_mod_msg_v3 */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x05, /* [ 1243] OBJ_id_smime_mod_ets_eSignature_88 */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x06, /* [ 1254] OBJ_id_smime_mod_ets_eSignature_97 */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x07, /* [ 1265] OBJ_id_smime_mod_ets_eSigPolicy_88 */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x08, /* [ 1276] OBJ_id_smime_mod_ets_eSigPolicy_97 */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x01, /* [ 1287] OBJ_id_smime_ct_receipt */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x02, /* [ 1298] OBJ_id_smime_ct_authData */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x03, /* [ 1309] OBJ_id_smime_ct_publishCert */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x04, /* [ 1320] OBJ_id_smime_ct_TSTInfo */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x05, /* [ 1331] OBJ_id_smime_ct_TDTInfo */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x06, /* [ 1342] OBJ_id_smime_ct_contentInfo */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x07, /* [ 1353] OBJ_id_smime_ct_DVCSRequestData */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x08, /* [ 1364] OBJ_id_smime_ct_DVCSResponseData */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x01, /* [ 1375] OBJ_id_smime_aa_receiptRequest */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x02, /* [ 1386] OBJ_id_smime_aa_securityLabel */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x03, /* [ 1397] OBJ_id_smime_aa_mlExpandHistory */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x04, /* [ 1408] OBJ_id_smime_aa_contentHint */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x05, /* [ 1419] OBJ_id_smime_aa_msgSigDigest */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x06, /* [ 1430] OBJ_id_smime_aa_encapContentType */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x07, /* [ 1441] OBJ_id_smime_aa_contentIdentifier */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x08, /* [ 1452] OBJ_id_smime_aa_macValue */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x09, /* [ 1463] OBJ_id_smime_aa_equivalentLabels */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0A, /* [ 1474] OBJ_id_smime_aa_contentReference */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0B, /* [ 1485] OBJ_id_smime_aa_encrypKeyPref */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0C, /* [ 1496] OBJ_id_smime_aa_signingCertificate */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0D, /* [ 1507] OBJ_id_smime_aa_smimeEncryptCerts */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0E, /* [ 1518] OBJ_id_smime_aa_timeStampToken */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0F, /* [ 1529] OBJ_id_smime_aa_ets_sigPolicyId */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x10, /* [ 1540] OBJ_id_smime_aa_ets_commitmentType */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x11, /* [ 1551] OBJ_id_smime_aa_ets_signerLocation */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x12, /* [ 1562] OBJ_id_smime_aa_ets_signerAttr */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x13, /* [ 1573] OBJ_id_smime_aa_ets_otherSigCert */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x14, /* [ 1584] OBJ_id_smime_aa_ets_contentTimestamp */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x15, /* [ 1595] OBJ_id_smime_aa_ets_CertificateRefs */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x16, /* [ 1606] OBJ_id_smime_aa_ets_RevocationRefs */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x17, /* [ 1617] OBJ_id_smime_aa_ets_certValues */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x18, /* [ 1628] OBJ_id_smime_aa_ets_revocationValues */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x19, /* [ 1639] OBJ_id_smime_aa_ets_escTimeStamp */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1A, /* [ 1650] OBJ_id_smime_aa_ets_certCRLTimestamp */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1B, /* [ 1661] OBJ_id_smime_aa_ets_archiveTimeStamp */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1C, /* [ 1672] OBJ_id_smime_aa_signatureType */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1D, /* [ 1683] OBJ_id_smime_aa_dvcs_dvc */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x01, /* [ 1694] OBJ_id_smime_alg_ESDHwith3DES */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x02, /* [ 1705] OBJ_id_smime_alg_ESDHwithRC2 */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x03, /* [ 1716] OBJ_id_smime_alg_3DESwrap */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x04, /* [ 1727] OBJ_id_smime_alg_RC2wrap */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x05, /* [ 1738] OBJ_id_smime_alg_ESDH */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x06, /* [ 1749] OBJ_id_smime_alg_CMS3DESwrap */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x07, /* [ 1760] OBJ_id_smime_alg_CMSRC2wrap */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,0x01, /* [ 1771] OBJ_id_smime_cd_ldap */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x01, /* [ 1782] OBJ_id_smime_spq_ets_sqt_uri */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x02, /* [ 1793] OBJ_id_smime_spq_ets_sqt_unotice */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x01, /* [ 1804] OBJ_id_smime_cti_ets_proofOfOrigin */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x02, /* [ 1815] OBJ_id_smime_cti_ets_proofOfReceipt */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x03, /* [ 1826] OBJ_id_smime_cti_ets_proofOfDelivery */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x04, /* [ 1837] OBJ_id_smime_cti_ets_proofOfSender */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x05, /* [ 1848] OBJ_id_smime_cti_ets_proofOfApproval */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x06, /* [ 1859] OBJ_id_smime_cti_ets_proofOfCreation */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x04, /* [ 1870] OBJ_md4 */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x00, /* [ 1878] OBJ_id_pkix_mod */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x02, /* [ 1885] OBJ_id_qt */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x04, /* [ 1892] OBJ_id_it */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x05, /* [ 1899] OBJ_id_pkip */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x06, /* [ 1906] OBJ_id_alg */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x07, /* [ 1913] OBJ_id_cmc */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x08, /* [ 1920] OBJ_id_on */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x09, /* [ 1927] OBJ_id_pda */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x0A, /* [ 1934] OBJ_id_aca */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x0B, /* [ 1941] OBJ_id_qcs */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x0C, /* [ 1948] OBJ_id_cct */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x01, /* [ 1955] OBJ_id_pkix1_explicit_88 */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x02, /* [ 1963] OBJ_id_pkix1_implicit_88 */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x03, /* [ 1971] OBJ_id_pkix1_explicit_93 */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x04, /* [ 1979] OBJ_id_pkix1_implicit_93 */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x05, /* [ 1987] OBJ_id_mod_crmf */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x06, /* [ 1995] OBJ_id_mod_cmc */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x07, /* [ 2003] OBJ_id_mod_kea_profile_88 */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x08, /* [ 2011] OBJ_id_mod_kea_profile_93 */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x09, /* [ 2019] OBJ_id_mod_cmp */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0A, /* [ 2027] OBJ_id_mod_qualified_cert_88 */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0B, /* [ 2035] OBJ_id_mod_qualified_cert_93 */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0C, /* [ 2043] OBJ_id_mod_attribute_cert */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0D, /* [ 2051] OBJ_id_mod_timestamp_protocol */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0E, /* [ 2059] OBJ_id_mod_ocsp */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0F, /* [ 2067] OBJ_id_mod_dvcs */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x10, /* [ 2075] OBJ_id_mod_cmp2000 */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x02, /* [ 2083] OBJ_biometricInfo */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x03, /* [ 2091] OBJ_qcStatements */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x04, /* [ 2099] OBJ_ac_auditEntity */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x05, /* [ 2107] OBJ_ac_targeting */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x06, /* [ 2115] OBJ_aaControls */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07, /* [ 2123] OBJ_sbgp_ipAddrBlock */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08, /* [ 2131] OBJ_sbgp_autonomousSysNum */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09, /* [ 2139] OBJ_sbgp_routerIdentifier */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x03, /* [ 2147] OBJ_textNotice */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x05, /* [ 2155] OBJ_ipsecEndSystem */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x06, /* [ 2163] OBJ_ipsecTunnel */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x07, /* [ 2171] OBJ_ipsecUser */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x0A, /* [ 2179] OBJ_dvcs */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x01, /* [ 2187] OBJ_id_it_caProtEncCert */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x02, /* [ 2195] OBJ_id_it_signKeyPairTypes */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x03, /* [ 2203] OBJ_id_it_encKeyPairTypes */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x04, /* [ 2211] OBJ_id_it_preferredSymmAlg */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x05, /* [ 2219] OBJ_id_it_caKeyUpdateInfo */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x06, /* [ 2227] OBJ_id_it_currentCRL */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x07, /* [ 2235] OBJ_id_it_unsupportedOIDs */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x08, /* [ 2243] OBJ_id_it_subscriptionRequest */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x09, /* [ 2251] OBJ_id_it_subscriptionResponse */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0A, /* [ 2259] OBJ_id_it_keyPairParamReq */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0B, /* [ 2267] OBJ_id_it_keyPairParamRep */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0C, /* [ 2275] OBJ_id_it_revPassphrase */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0D, /* [ 2283] OBJ_id_it_implicitConfirm */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0E, /* [ 2291] OBJ_id_it_confirmWaitTime */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0F, /* [ 2299] OBJ_id_it_origPKIMessage */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01, /* [ 2307] OBJ_id_regCtrl */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02, /* [ 2315] OBJ_id_regInfo */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x01, /* [ 2323] OBJ_id_regCtrl_regToken */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x02, /* [ 2332] OBJ_id_regCtrl_authenticator */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x03, /* [ 2341] OBJ_id_regCtrl_pkiPublicationInfo */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x04, /* [ 2350] OBJ_id_regCtrl_pkiArchiveOptions */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x05, /* [ 2359] OBJ_id_regCtrl_oldCertID */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x06, /* [ 2368] OBJ_id_regCtrl_protocolEncrKey */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x01, /* [ 2377] OBJ_id_regInfo_utf8Pairs */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x02, /* [ 2386] OBJ_id_regInfo_certReq */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x01, /* [ 2395] OBJ_id_alg_des40 */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x02, /* [ 2403] OBJ_id_alg_noSignature */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x03, /* [ 2411] OBJ_id_alg_dh_sig_hmac_sha1 */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x04, /* [ 2419] OBJ_id_alg_dh_pop */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x01, /* [ 2427] OBJ_id_cmc_statusInfo */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x02, /* [ 2435] OBJ_id_cmc_identification */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x03, /* [ 2443] OBJ_id_cmc_identityProof */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x04, /* [ 2451] OBJ_id_cmc_dataReturn */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x05, /* [ 2459] OBJ_id_cmc_transactionId */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x06, /* [ 2467] OBJ_id_cmc_senderNonce */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x07, /* [ 2475] OBJ_id_cmc_recipientNonce */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x08, /* [ 2483] OBJ_id_cmc_addExtensions */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x09, /* [ 2491] OBJ_id_cmc_encryptedPOP */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0A, /* [ 2499] OBJ_id_cmc_decryptedPOP */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0B, /* [ 2507] OBJ_id_cmc_lraPOPWitness */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0F, /* [ 2515] OBJ_id_cmc_getCert */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x10, /* [ 2523] OBJ_id_cmc_getCRL */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x11, /* [ 2531] OBJ_id_cmc_revokeRequest */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x12, /* [ 2539] OBJ_id_cmc_regInfo */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x13, /* [ 2547] OBJ_id_cmc_responseInfo */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x15, /* [ 2555] OBJ_id_cmc_queryPending */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x16, /* [ 2563] OBJ_id_cmc_popLinkRandom */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x17, /* [ 2571] OBJ_id_cmc_popLinkWitness */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x18, /* [ 2579] OBJ_id_cmc_confirmCertAcceptance */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x01, /* [ 2587] OBJ_id_on_personalData */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x01, /* [ 2595] OBJ_id_pda_dateOfBirth */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x02, /* [ 2603] OBJ_id_pda_placeOfBirth */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03, /* [ 2611] OBJ_id_pda_gender */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04, /* [ 2619] OBJ_id_pda_countryOfCitizenship */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05, /* [ 2627] OBJ_id_pda_countryOfResidence */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01, /* [ 2635] OBJ_id_aca_authenticationInfo */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02, /* [ 2643] OBJ_id_aca_accessIdentity */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03, /* [ 2651] OBJ_id_aca_chargingIdentity */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04, /* [ 2659] OBJ_id_aca_group */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05, /* [ 2667] OBJ_id_aca_role */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01, /* [ 2675] OBJ_id_qcs_pkixQCSyntax_v1 */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01, /* [ 2683] OBJ_id_cct_crs */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02, /* [ 2691] OBJ_id_cct_PKIData */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03, /* [ 2699] OBJ_id_cct_PKIResponse */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03, /* [ 2707] OBJ_ad_timeStamping */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04, /* [ 2715] OBJ_ad_dvcs */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01, /* [ 2723] OBJ_id_pkix_OCSP_basic */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02, /* [ 2732] OBJ_id_pkix_OCSP_Nonce */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03, /* [ 2741] OBJ_id_pkix_OCSP_CrlID */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04, /* [ 2750] OBJ_id_pkix_OCSP_acceptableResponses */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05, /* [ 2759] OBJ_id_pkix_OCSP_noCheck */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06, /* [ 2768] OBJ_id_pkix_OCSP_archiveCutoff */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07, /* [ 2777] OBJ_id_pkix_OCSP_serviceLocator */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08, /* [ 2786] OBJ_id_pkix_OCSP_extendedStatus */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09, /* [ 2795] OBJ_id_pkix_OCSP_valid */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A, /* [ 2804] OBJ_id_pkix_OCSP_path */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B, /* [ 2813] OBJ_id_pkix_OCSP_trustRoot */ -- 0x2B,0x0E,0x03,0x02, /* [ 2822] OBJ_algorithm */ -- 0x2B,0x0E,0x03,0x02,0x0B, /* [ 2826] OBJ_rsaSignature */ -- 0x55,0x08, /* [ 2831] OBJ_X500algorithms */ -- 0x2B, /* [ 2833] OBJ_org */ -- 0x2B,0x06, /* [ 2834] OBJ_dod */ -- 0x2B,0x06,0x01, /* [ 2836] OBJ_iana */ -- 0x2B,0x06,0x01,0x01, /* [ 2839] OBJ_Directory */ -- 0x2B,0x06,0x01,0x02, /* [ 2843] OBJ_Management */ -- 0x2B,0x06,0x01,0x03, /* [ 2847] OBJ_Experimental */ -- 0x2B,0x06,0x01,0x04, /* [ 2851] OBJ_Private */ -- 0x2B,0x06,0x01,0x05, /* [ 2855] OBJ_Security */ -- 0x2B,0x06,0x01,0x06, /* [ 2859] OBJ_SNMPv2 */ -- 0x2B,0x06,0x01,0x07, /* [ 2863] OBJ_Mail */ -- 0x2B,0x06,0x01,0x04,0x01, /* [ 2867] OBJ_Enterprises */ -- 0x2B,0x06,0x01,0x04,0x01,0x8B,0x3A,0x82,0x58, /* [ 2872] OBJ_dcObject */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19, /* [ 2881] OBJ_domainComponent */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D, /* [ 2891] OBJ_Domain */ -- 0x55,0x01,0x05, /* [ 2901] OBJ_selected_attribute_types */ -- 0x55,0x01,0x05,0x37, /* [ 2904] OBJ_clearance */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03, /* [ 2908] OBJ_md4WithRSAEncryption */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A, /* [ 2917] OBJ_ac_proxying */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B, /* [ 2925] OBJ_sinfo_access */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06, /* [ 2933] OBJ_id_aca_encAttrs */ -- 0x55,0x04,0x48, /* [ 2941] OBJ_role */ -- 0x55,0x1D,0x24, /* [ 2944] OBJ_policy_constraints */ -- 0x55,0x1D,0x37, /* [ 2947] OBJ_target_information */ -- 0x55,0x1D,0x38, /* [ 2950] OBJ_no_rev_avail */ -- 0x2A,0x86,0x48,0xCE,0x3D, /* [ 2953] OBJ_ansi_X9_62 */ -- 0x2A,0x86,0x48,0xCE,0x3D,0x01,0x01, /* [ 2958] OBJ_X9_62_prime_field */ -- 0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02, /* [ 2965] OBJ_X9_62_characteristic_two_field */ -- 0x2A,0x86,0x48,0xCE,0x3D,0x02,0x01, /* [ 2972] OBJ_X9_62_id_ecPublicKey */ -- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x01, /* [ 2979] OBJ_X9_62_prime192v1 */ -- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x02, /* [ 2987] OBJ_X9_62_prime192v2 */ -- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x03, /* [ 2995] OBJ_X9_62_prime192v3 */ -- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x04, /* [ 3003] OBJ_X9_62_prime239v1 */ -- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x05, /* [ 3011] OBJ_X9_62_prime239v2 */ -- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x06, /* [ 3019] OBJ_X9_62_prime239v3 */ -- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07, /* [ 3027] OBJ_X9_62_prime256v1 */ -- 0x2A,0x86,0x48,0xCE,0x3D,0x04,0x01, /* [ 3035] OBJ_ecdsa_with_SHA1 */ -- 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x01, /* [ 3042] OBJ_ms_csp_name */ -- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x01, /* [ 3051] OBJ_aes_128_ecb */ -- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x02, /* [ 3060] OBJ_aes_128_cbc */ -- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x03, /* [ 3069] OBJ_aes_128_ofb128 */ -- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x04, /* [ 3078] OBJ_aes_128_cfb128 */ -- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x15, /* [ 3087] OBJ_aes_192_ecb */ -- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x16, /* [ 3096] OBJ_aes_192_cbc */ -- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x17, /* [ 3105] OBJ_aes_192_ofb128 */ -- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x18, /* [ 3114] OBJ_aes_192_cfb128 */ -- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x29, /* [ 3123] OBJ_aes_256_ecb */ -- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2A, /* [ 3132] OBJ_aes_256_cbc */ -- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2B, /* [ 3141] OBJ_aes_256_ofb128 */ -- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2C, /* [ 3150] OBJ_aes_256_cfb128 */ -- 0x55,0x1D,0x17, /* [ 3159] OBJ_hold_instruction_code */ -- 0x2A,0x86,0x48,0xCE,0x38,0x02,0x01, /* [ 3162] OBJ_hold_instruction_none */ -- 0x2A,0x86,0x48,0xCE,0x38,0x02,0x02, /* [ 3169] OBJ_hold_instruction_call_issuer */ -- 0x2A,0x86,0x48,0xCE,0x38,0x02,0x03, /* [ 3176] OBJ_hold_instruction_reject */ -- 0x09, /* [ 3183] OBJ_data */ -- 0x09,0x92,0x26, /* [ 3184] OBJ_pss */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C, /* [ 3187] OBJ_ucl */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64, /* [ 3194] OBJ_pilot */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01, /* [ 3202] OBJ_pilotAttributeType */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03, /* [ 3211] OBJ_pilotAttributeSyntax */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04, /* [ 3220] OBJ_pilotObjectClass */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x0A, /* [ 3229] OBJ_pilotGroups */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x04, /* [ 3238] OBJ_iA5StringSyntax */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x05, /* [ 3248] OBJ_caseIgnoreIA5StringSyntax */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x03, /* [ 3258] OBJ_pilotObject */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x04, /* [ 3268] OBJ_pilotPerson */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x05, /* [ 3278] OBJ_account */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x06, /* [ 3288] OBJ_document */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x07, /* [ 3298] OBJ_room */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x09, /* [ 3308] OBJ_documentSeries */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0E, /* [ 3318] OBJ_rFC822localPart */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0F, /* [ 3328] OBJ_dNSDomain */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x11, /* [ 3338] OBJ_domainRelatedObject */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x12, /* [ 3348] OBJ_friendlyCountry */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x13, /* [ 3358] OBJ_simpleSecurityObject */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x14, /* [ 3368] OBJ_pilotOrganization */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x15, /* [ 3378] OBJ_pilotDSA */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x16, /* [ 3388] OBJ_qualityLabelledData */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x01, /* [ 3398] OBJ_userId */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x02, /* [ 3408] OBJ_textEncodedORAddress */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x03, /* [ 3418] OBJ_rfc822Mailbox */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x04, /* [ 3428] OBJ_info */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x05, /* [ 3438] OBJ_favouriteDrink */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x06, /* [ 3448] OBJ_roomNumber */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x07, /* [ 3458] OBJ_photo */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x08, /* [ 3468] OBJ_userClass */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x09, /* [ 3478] OBJ_host */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0A, /* [ 3488] OBJ_manager */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0B, /* [ 3498] OBJ_documentIdentifier */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0C, /* [ 3508] OBJ_documentTitle */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0D, /* [ 3518] OBJ_documentVersion */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0E, /* [ 3528] OBJ_documentAuthor */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0F, /* [ 3538] OBJ_documentLocation */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x14, /* [ 3548] OBJ_homeTelephoneNumber */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x15, /* [ 3558] OBJ_secretary */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x16, /* [ 3568] OBJ_otherMailbox */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x17, /* [ 3578] OBJ_lastModifiedTime */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x18, /* [ 3588] OBJ_lastModifiedBy */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1A, /* [ 3598] OBJ_aRecord */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1B, /* [ 3608] OBJ_pilotAttributeType27 */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1C, /* [ 3618] OBJ_mXRecord */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1D, /* [ 3628] OBJ_nSRecord */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1E, /* [ 3638] OBJ_sOARecord */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1F, /* [ 3648] OBJ_cNAMERecord */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x25, /* [ 3658] OBJ_associatedDomain */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x26, /* [ 3668] OBJ_associatedName */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x27, /* [ 3678] OBJ_homePostalAddress */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x28, /* [ 3688] OBJ_personalTitle */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x29, /* [ 3698] OBJ_mobileTelephoneNumber */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2A, /* [ 3708] OBJ_pagerTelephoneNumber */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2B, /* [ 3718] OBJ_friendlyCountryName */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2D, /* [ 3728] OBJ_organizationalStatus */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2E, /* [ 3738] OBJ_janetMailbox */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2F, /* [ 3748] OBJ_mailPreferenceOption */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x30, /* [ 3758] OBJ_buildingName */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x31, /* [ 3768] OBJ_dSAQuality */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x32, /* [ 3778] OBJ_singleLevelQuality */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x33, /* [ 3788] OBJ_subtreeMinimumQuality */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x34, /* [ 3798] OBJ_subtreeMaximumQuality */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x35, /* [ 3808] OBJ_personalSignature */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x36, /* [ 3818] OBJ_dITRedirect */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x37, /* [ 3828] OBJ_audio */ -- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x38, /* [ 3838] OBJ_documentPublisher */ -- 0x55,0x04,0x2D, /* [ 3848] OBJ_x500UniqueIdentifier */ -- 0x2B,0x06,0x01,0x07,0x01, /* [ 3851] OBJ_mime_mhs */ -- 0x2B,0x06,0x01,0x07,0x01,0x01, /* [ 3856] OBJ_mime_mhs_headings */ -- 0x2B,0x06,0x01,0x07,0x01,0x02, /* [ 3862] OBJ_mime_mhs_bodies */ -- 0x2B,0x06,0x01,0x07,0x01,0x01,0x01, /* [ 3868] OBJ_id_hex_partial_message */ -- 0x2B,0x06,0x01,0x07,0x01,0x01,0x02, /* [ 3875] OBJ_id_hex_multipart_message */ -- 0x55,0x04,0x2C, /* [ 3882] OBJ_generationQualifier */ -- 0x55,0x04,0x41, /* [ 3885] OBJ_pseudonym */ -- 0x67,0x2A, /* [ 3888] OBJ_id_set */ -- 0x67,0x2A,0x00, /* [ 3890] OBJ_set_ctype */ -- 0x67,0x2A,0x01, /* [ 3893] OBJ_set_msgExt */ -- 0x67,0x2A,0x03, /* [ 3896] OBJ_set_attr */ -- 0x67,0x2A,0x05, /* [ 3899] OBJ_set_policy */ -- 0x67,0x2A,0x07, /* [ 3902] OBJ_set_certExt */ -- 0x67,0x2A,0x08, /* [ 3905] OBJ_set_brand */ -- 0x67,0x2A,0x00,0x00, /* [ 3908] OBJ_setct_PANData */ -- 0x67,0x2A,0x00,0x01, /* [ 3912] OBJ_setct_PANToken */ -- 0x67,0x2A,0x00,0x02, /* [ 3916] OBJ_setct_PANOnly */ -- 0x67,0x2A,0x00,0x03, /* [ 3920] OBJ_setct_OIData */ -- 0x67,0x2A,0x00,0x04, /* [ 3924] OBJ_setct_PI */ -- 0x67,0x2A,0x00,0x05, /* [ 3928] OBJ_setct_PIData */ -- 0x67,0x2A,0x00,0x06, /* [ 3932] OBJ_setct_PIDataUnsigned */ -- 0x67,0x2A,0x00,0x07, /* [ 3936] OBJ_setct_HODInput */ -- 0x67,0x2A,0x00,0x08, /* [ 3940] OBJ_setct_AuthResBaggage */ -- 0x67,0x2A,0x00,0x09, /* [ 3944] OBJ_setct_AuthRevReqBaggage */ -- 0x67,0x2A,0x00,0x0A, /* [ 3948] OBJ_setct_AuthRevResBaggage */ -- 0x67,0x2A,0x00,0x0B, /* [ 3952] OBJ_setct_CapTokenSeq */ -- 0x67,0x2A,0x00,0x0C, /* [ 3956] OBJ_setct_PInitResData */ -- 0x67,0x2A,0x00,0x0D, /* [ 3960] OBJ_setct_PI_TBS */ -- 0x67,0x2A,0x00,0x0E, /* [ 3964] OBJ_setct_PResData */ -- 0x67,0x2A,0x00,0x10, /* [ 3968] OBJ_setct_AuthReqTBS */ -- 0x67,0x2A,0x00,0x11, /* [ 3972] OBJ_setct_AuthResTBS */ -- 0x67,0x2A,0x00,0x12, /* [ 3976] OBJ_setct_AuthResTBSX */ -- 0x67,0x2A,0x00,0x13, /* [ 3980] OBJ_setct_AuthTokenTBS */ -- 0x67,0x2A,0x00,0x14, /* [ 3984] OBJ_setct_CapTokenData */ -- 0x67,0x2A,0x00,0x15, /* [ 3988] OBJ_setct_CapTokenTBS */ -- 0x67,0x2A,0x00,0x16, /* [ 3992] OBJ_setct_AcqCardCodeMsg */ -- 0x67,0x2A,0x00,0x17, /* [ 3996] OBJ_setct_AuthRevReqTBS */ -- 0x67,0x2A,0x00,0x18, /* [ 4000] OBJ_setct_AuthRevResData */ -- 0x67,0x2A,0x00,0x19, /* [ 4004] OBJ_setct_AuthRevResTBS */ -- 0x67,0x2A,0x00,0x1A, /* [ 4008] OBJ_setct_CapReqTBS */ -- 0x67,0x2A,0x00,0x1B, /* [ 4012] OBJ_setct_CapReqTBSX */ -- 0x67,0x2A,0x00,0x1C, /* [ 4016] OBJ_setct_CapResData */ -- 0x67,0x2A,0x00,0x1D, /* [ 4020] OBJ_setct_CapRevReqTBS */ -- 0x67,0x2A,0x00,0x1E, /* [ 4024] OBJ_setct_CapRevReqTBSX */ -- 0x67,0x2A,0x00,0x1F, /* [ 4028] OBJ_setct_CapRevResData */ -- 0x67,0x2A,0x00,0x20, /* [ 4032] OBJ_setct_CredReqTBS */ -- 0x67,0x2A,0x00,0x21, /* [ 4036] OBJ_setct_CredReqTBSX */ -- 0x67,0x2A,0x00,0x22, /* [ 4040] OBJ_setct_CredResData */ -- 0x67,0x2A,0x00,0x23, /* [ 4044] OBJ_setct_CredRevReqTBS */ -- 0x67,0x2A,0x00,0x24, /* [ 4048] OBJ_setct_CredRevReqTBSX */ -- 0x67,0x2A,0x00,0x25, /* [ 4052] OBJ_setct_CredRevResData */ -- 0x67,0x2A,0x00,0x26, /* [ 4056] OBJ_setct_PCertReqData */ -- 0x67,0x2A,0x00,0x27, /* [ 4060] OBJ_setct_PCertResTBS */ -- 0x67,0x2A,0x00,0x28, /* [ 4064] OBJ_setct_BatchAdminReqData */ -- 0x67,0x2A,0x00,0x29, /* [ 4068] OBJ_setct_BatchAdminResData */ -- 0x67,0x2A,0x00,0x2A, /* [ 4072] OBJ_setct_CardCInitResTBS */ -- 0x67,0x2A,0x00,0x2B, /* [ 4076] OBJ_setct_MeAqCInitResTBS */ -- 0x67,0x2A,0x00,0x2C, /* [ 4080] OBJ_setct_RegFormResTBS */ -- 0x67,0x2A,0x00,0x2D, /* [ 4084] OBJ_setct_CertReqData */ -- 0x67,0x2A,0x00,0x2E, /* [ 4088] OBJ_setct_CertReqTBS */ -- 0x67,0x2A,0x00,0x2F, /* [ 4092] OBJ_setct_CertResData */ -- 0x67,0x2A,0x00,0x30, /* [ 4096] OBJ_setct_CertInqReqTBS */ -- 0x67,0x2A,0x00,0x31, /* [ 4100] OBJ_setct_ErrorTBS */ -- 0x67,0x2A,0x00,0x32, /* [ 4104] OBJ_setct_PIDualSignedTBE */ -- 0x67,0x2A,0x00,0x33, /* [ 4108] OBJ_setct_PIUnsignedTBE */ -- 0x67,0x2A,0x00,0x34, /* [ 4112] OBJ_setct_AuthReqTBE */ -- 0x67,0x2A,0x00,0x35, /* [ 4116] OBJ_setct_AuthResTBE */ -- 0x67,0x2A,0x00,0x36, /* [ 4120] OBJ_setct_AuthResTBEX */ -- 0x67,0x2A,0x00,0x37, /* [ 4124] OBJ_setct_AuthTokenTBE */ -- 0x67,0x2A,0x00,0x38, /* [ 4128] OBJ_setct_CapTokenTBE */ -- 0x67,0x2A,0x00,0x39, /* [ 4132] OBJ_setct_CapTokenTBEX */ -- 0x67,0x2A,0x00,0x3A, /* [ 4136] OBJ_setct_AcqCardCodeMsgTBE */ -- 0x67,0x2A,0x00,0x3B, /* [ 4140] OBJ_setct_AuthRevReqTBE */ -- 0x67,0x2A,0x00,0x3C, /* [ 4144] OBJ_setct_AuthRevResTBE */ -- 0x67,0x2A,0x00,0x3D, /* [ 4148] OBJ_setct_AuthRevResTBEB */ -- 0x67,0x2A,0x00,0x3E, /* [ 4152] OBJ_setct_CapReqTBE */ -- 0x67,0x2A,0x00,0x3F, /* [ 4156] OBJ_setct_CapReqTBEX */ -- 0x67,0x2A,0x00,0x40, /* [ 4160] OBJ_setct_CapResTBE */ -- 0x67,0x2A,0x00,0x41, /* [ 4164] OBJ_setct_CapRevReqTBE */ -- 0x67,0x2A,0x00,0x42, /* [ 4168] OBJ_setct_CapRevReqTBEX */ -- 0x67,0x2A,0x00,0x43, /* [ 4172] OBJ_setct_CapRevResTBE */ -- 0x67,0x2A,0x00,0x44, /* [ 4176] OBJ_setct_CredReqTBE */ -- 0x67,0x2A,0x00,0x45, /* [ 4180] OBJ_setct_CredReqTBEX */ -- 0x67,0x2A,0x00,0x46, /* [ 4184] OBJ_setct_CredResTBE */ -- 0x67,0x2A,0x00,0x47, /* [ 4188] OBJ_setct_CredRevReqTBE */ -- 0x67,0x2A,0x00,0x48, /* [ 4192] OBJ_setct_CredRevReqTBEX */ -- 0x67,0x2A,0x00,0x49, /* [ 4196] OBJ_setct_CredRevResTBE */ -- 0x67,0x2A,0x00,0x4A, /* [ 4200] OBJ_setct_BatchAdminReqTBE */ -- 0x67,0x2A,0x00,0x4B, /* [ 4204] OBJ_setct_BatchAdminResTBE */ -- 0x67,0x2A,0x00,0x4C, /* [ 4208] OBJ_setct_RegFormReqTBE */ -- 0x67,0x2A,0x00,0x4D, /* [ 4212] OBJ_setct_CertReqTBE */ -- 0x67,0x2A,0x00,0x4E, /* [ 4216] OBJ_setct_CertReqTBEX */ -- 0x67,0x2A,0x00,0x4F, /* [ 4220] OBJ_setct_CertResTBE */ -- 0x67,0x2A,0x00,0x50, /* [ 4224] OBJ_setct_CRLNotificationTBS */ -- 0x67,0x2A,0x00,0x51, /* [ 4228] OBJ_setct_CRLNotificationResTBS */ -- 0x67,0x2A,0x00,0x52, /* [ 4232] OBJ_setct_BCIDistributionTBS */ -- 0x67,0x2A,0x01,0x01, /* [ 4236] OBJ_setext_genCrypt */ -- 0x67,0x2A,0x01,0x03, /* [ 4240] OBJ_setext_miAuth */ -- 0x67,0x2A,0x01,0x04, /* [ 4244] OBJ_setext_pinSecure */ -- 0x67,0x2A,0x01,0x05, /* [ 4248] OBJ_setext_pinAny */ -- 0x67,0x2A,0x01,0x07, /* [ 4252] OBJ_setext_track2 */ -- 0x67,0x2A,0x01,0x08, /* [ 4256] OBJ_setext_cv */ -- 0x67,0x2A,0x05,0x00, /* [ 4260] OBJ_set_policy_root */ -- 0x67,0x2A,0x07,0x00, /* [ 4264] OBJ_setCext_hashedRoot */ -- 0x67,0x2A,0x07,0x01, /* [ 4268] OBJ_setCext_certType */ -- 0x67,0x2A,0x07,0x02, /* [ 4272] OBJ_setCext_merchData */ -- 0x67,0x2A,0x07,0x03, /* [ 4276] OBJ_setCext_cCertRequired */ -- 0x67,0x2A,0x07,0x04, /* [ 4280] OBJ_setCext_tunneling */ -- 0x67,0x2A,0x07,0x05, /* [ 4284] OBJ_setCext_setExt */ -- 0x67,0x2A,0x07,0x06, /* [ 4288] OBJ_setCext_setQualf */ -- 0x67,0x2A,0x07,0x07, /* [ 4292] OBJ_setCext_PGWYcapabilities */ -- 0x67,0x2A,0x07,0x08, /* [ 4296] OBJ_setCext_TokenIdentifier */ -- 0x67,0x2A,0x07,0x09, /* [ 4300] OBJ_setCext_Track2Data */ -- 0x67,0x2A,0x07,0x0A, /* [ 4304] OBJ_setCext_TokenType */ -- 0x67,0x2A,0x07,0x0B, /* [ 4308] OBJ_setCext_IssuerCapabilities */ -- 0x67,0x2A,0x03,0x00, /* [ 4312] OBJ_setAttr_Cert */ -- 0x67,0x2A,0x03,0x01, /* [ 4316] OBJ_setAttr_PGWYcap */ -- 0x67,0x2A,0x03,0x02, /* [ 4320] OBJ_setAttr_TokenType */ -- 0x67,0x2A,0x03,0x03, /* [ 4324] OBJ_setAttr_IssCap */ -- 0x67,0x2A,0x03,0x00,0x00, /* [ 4328] OBJ_set_rootKeyThumb */ -- 0x67,0x2A,0x03,0x00,0x01, /* [ 4333] OBJ_set_addPolicy */ -- 0x67,0x2A,0x03,0x02,0x01, /* [ 4338] OBJ_setAttr_Token_EMV */ -- 0x67,0x2A,0x03,0x02,0x02, /* [ 4343] OBJ_setAttr_Token_B0Prime */ -- 0x67,0x2A,0x03,0x03,0x03, /* [ 4348] OBJ_setAttr_IssCap_CVM */ -- 0x67,0x2A,0x03,0x03,0x04, /* [ 4353] OBJ_setAttr_IssCap_T2 */ -- 0x67,0x2A,0x03,0x03,0x05, /* [ 4358] OBJ_setAttr_IssCap_Sig */ -- 0x67,0x2A,0x03,0x03,0x03,0x01, /* [ 4363] OBJ_setAttr_GenCryptgrm */ -- 0x67,0x2A,0x03,0x03,0x04,0x01, /* [ 4369] OBJ_setAttr_T2Enc */ -- 0x67,0x2A,0x03,0x03,0x04,0x02, /* [ 4375] OBJ_setAttr_T2cleartxt */ -- 0x67,0x2A,0x03,0x03,0x05,0x01, /* [ 4381] OBJ_setAttr_TokICCsig */ -- 0x67,0x2A,0x03,0x03,0x05,0x02, /* [ 4387] OBJ_setAttr_SecDevSig */ -- 0x67,0x2A,0x08,0x01, /* [ 4393] OBJ_set_brand_IATA_ATA */ -- 0x67,0x2A,0x08,0x1E, /* [ 4397] OBJ_set_brand_Diners */ -- 0x67,0x2A,0x08,0x22, /* [ 4401] OBJ_set_brand_AmericanExpress */ -- 0x67,0x2A,0x08,0x23, /* [ 4405] OBJ_set_brand_JCB */ -- 0x67,0x2A,0x08,0x04, /* [ 4409] OBJ_set_brand_Visa */ -- 0x67,0x2A,0x08,0x05, /* [ 4413] OBJ_set_brand_MasterCard */ -- 0x67,0x2A,0x08,0xAE,0x7B, /* [ 4417] OBJ_set_brand_Novus */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x0A, /* [ 4422] OBJ_des_cdmf */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x06, /* [ 4430] OBJ_rsaOAEPEncryptionSET */ -- 0x67, /* [ 4439] OBJ_international_organizations */ -- 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02, /* [ 4440] OBJ_ms_smartcard_login */ -- 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03, /* [ 4450] OBJ_ms_upn */ -- 0x55,0x04,0x09, /* [ 4460] OBJ_streetAddress */ -- 0x55,0x04,0x11, /* [ 4463] OBJ_postalCode */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x15, /* [ 4466] OBJ_id_ppl */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0E, /* [ 4473] OBJ_proxyCertInfo */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x00, /* [ 4481] OBJ_id_ppl_anyLanguage */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x01, /* [ 4489] OBJ_id_ppl_inheritAll */ -- 0x55,0x1D,0x1E, /* [ 4497] OBJ_name_constraints */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x02, /* [ 4500] OBJ_Independent */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B, /* [ 4508] OBJ_sha256WithRSAEncryption */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0C, /* [ 4517] OBJ_sha384WithRSAEncryption */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0D, /* [ 4526] OBJ_sha512WithRSAEncryption */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0E, /* [ 4535] OBJ_sha224WithRSAEncryption */ -- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01, /* [ 4544] OBJ_sha256 */ -- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02, /* [ 4553] OBJ_sha384 */ -- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03, /* [ 4562] OBJ_sha512 */ -- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04, /* [ 4571] OBJ_sha224 */ -- 0x2B, /* [ 4580] OBJ_identified_organization */ -- 0x2B,0x81,0x04, /* [ 4581] OBJ_certicom_arc */ -- 0x67,0x2B, /* [ 4584] OBJ_wap */ -- 0x67,0x2B,0x01, /* [ 4586] OBJ_wap_wsg */ -- 0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03, /* [ 4589] OBJ_X9_62_id_characteristic_two_basis */ -- 0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x01, /* [ 4597] OBJ_X9_62_onBasis */ -- 0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x02, /* [ 4606] OBJ_X9_62_tpBasis */ -- 0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x03, /* [ 4615] OBJ_X9_62_ppBasis */ -- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x01, /* [ 4624] OBJ_X9_62_c2pnb163v1 */ -- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x02, /* [ 4632] OBJ_X9_62_c2pnb163v2 */ -- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x03, /* [ 4640] OBJ_X9_62_c2pnb163v3 */ -- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x04, /* [ 4648] OBJ_X9_62_c2pnb176v1 */ -- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x05, /* [ 4656] OBJ_X9_62_c2tnb191v1 */ -- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x06, /* [ 4664] OBJ_X9_62_c2tnb191v2 */ -- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x07, /* [ 4672] OBJ_X9_62_c2tnb191v3 */ -- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x08, /* [ 4680] OBJ_X9_62_c2onb191v4 */ -- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x09, /* [ 4688] OBJ_X9_62_c2onb191v5 */ -- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0A, /* [ 4696] OBJ_X9_62_c2pnb208w1 */ -- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0B, /* [ 4704] OBJ_X9_62_c2tnb239v1 */ -- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0C, /* [ 4712] OBJ_X9_62_c2tnb239v2 */ -- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0D, /* [ 4720] OBJ_X9_62_c2tnb239v3 */ -- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0E, /* [ 4728] OBJ_X9_62_c2onb239v4 */ -- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0F, /* [ 4736] OBJ_X9_62_c2onb239v5 */ -- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x10, /* [ 4744] OBJ_X9_62_c2pnb272w1 */ -- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x11, /* [ 4752] OBJ_X9_62_c2pnb304w1 */ -- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x12, /* [ 4760] OBJ_X9_62_c2tnb359v1 */ -- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x13, /* [ 4768] OBJ_X9_62_c2pnb368w1 */ -- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x14, /* [ 4776] OBJ_X9_62_c2tnb431r1 */ -- 0x2B,0x81,0x04,0x00,0x06, /* [ 4784] OBJ_secp112r1 */ -- 0x2B,0x81,0x04,0x00,0x07, /* [ 4789] OBJ_secp112r2 */ -- 0x2B,0x81,0x04,0x00,0x1C, /* [ 4794] OBJ_secp128r1 */ -- 0x2B,0x81,0x04,0x00,0x1D, /* [ 4799] OBJ_secp128r2 */ -- 0x2B,0x81,0x04,0x00,0x09, /* [ 4804] OBJ_secp160k1 */ -- 0x2B,0x81,0x04,0x00,0x08, /* [ 4809] OBJ_secp160r1 */ -- 0x2B,0x81,0x04,0x00,0x1E, /* [ 4814] OBJ_secp160r2 */ -- 0x2B,0x81,0x04,0x00,0x1F, /* [ 4819] OBJ_secp192k1 */ -- 0x2B,0x81,0x04,0x00,0x20, /* [ 4824] OBJ_secp224k1 */ -- 0x2B,0x81,0x04,0x00,0x21, /* [ 4829] OBJ_secp224r1 */ -- 0x2B,0x81,0x04,0x00,0x0A, /* [ 4834] OBJ_secp256k1 */ -- 0x2B,0x81,0x04,0x00,0x22, /* [ 4839] OBJ_secp384r1 */ -- 0x2B,0x81,0x04,0x00,0x23, /* [ 4844] OBJ_secp521r1 */ -- 0x2B,0x81,0x04,0x00,0x04, /* [ 4849] OBJ_sect113r1 */ -- 0x2B,0x81,0x04,0x00,0x05, /* [ 4854] OBJ_sect113r2 */ -- 0x2B,0x81,0x04,0x00,0x16, /* [ 4859] OBJ_sect131r1 */ -- 0x2B,0x81,0x04,0x00,0x17, /* [ 4864] OBJ_sect131r2 */ -- 0x2B,0x81,0x04,0x00,0x01, /* [ 4869] OBJ_sect163k1 */ -- 0x2B,0x81,0x04,0x00,0x02, /* [ 4874] OBJ_sect163r1 */ -- 0x2B,0x81,0x04,0x00,0x0F, /* [ 4879] OBJ_sect163r2 */ -- 0x2B,0x81,0x04,0x00,0x18, /* [ 4884] OBJ_sect193r1 */ -- 0x2B,0x81,0x04,0x00,0x19, /* [ 4889] OBJ_sect193r2 */ -- 0x2B,0x81,0x04,0x00,0x1A, /* [ 4894] OBJ_sect233k1 */ -- 0x2B,0x81,0x04,0x00,0x1B, /* [ 4899] OBJ_sect233r1 */ -- 0x2B,0x81,0x04,0x00,0x03, /* [ 4904] OBJ_sect239k1 */ -- 0x2B,0x81,0x04,0x00,0x10, /* [ 4909] OBJ_sect283k1 */ -- 0x2B,0x81,0x04,0x00,0x11, /* [ 4914] OBJ_sect283r1 */ -- 0x2B,0x81,0x04,0x00,0x24, /* [ 4919] OBJ_sect409k1 */ -- 0x2B,0x81,0x04,0x00,0x25, /* [ 4924] OBJ_sect409r1 */ -- 0x2B,0x81,0x04,0x00,0x26, /* [ 4929] OBJ_sect571k1 */ -- 0x2B,0x81,0x04,0x00,0x27, /* [ 4934] OBJ_sect571r1 */ -- 0x67,0x2B,0x01,0x04,0x01, /* [ 4939] OBJ_wap_wsg_idm_ecid_wtls1 */ -- 0x67,0x2B,0x01,0x04,0x03, /* [ 4944] OBJ_wap_wsg_idm_ecid_wtls3 */ -- 0x67,0x2B,0x01,0x04,0x04, /* [ 4949] OBJ_wap_wsg_idm_ecid_wtls4 */ -- 0x67,0x2B,0x01,0x04,0x05, /* [ 4954] OBJ_wap_wsg_idm_ecid_wtls5 */ -- 0x67,0x2B,0x01,0x04,0x06, /* [ 4959] OBJ_wap_wsg_idm_ecid_wtls6 */ -- 0x67,0x2B,0x01,0x04,0x07, /* [ 4964] OBJ_wap_wsg_idm_ecid_wtls7 */ -- 0x67,0x2B,0x01,0x04,0x08, /* [ 4969] OBJ_wap_wsg_idm_ecid_wtls8 */ -- 0x67,0x2B,0x01,0x04,0x09, /* [ 4974] OBJ_wap_wsg_idm_ecid_wtls9 */ -- 0x67,0x2B,0x01,0x04,0x0A, /* [ 4979] OBJ_wap_wsg_idm_ecid_wtls10 */ -- 0x67,0x2B,0x01,0x04,0x0B, /* [ 4984] OBJ_wap_wsg_idm_ecid_wtls11 */ -- 0x67,0x2B,0x01,0x04,0x0C, /* [ 4989] OBJ_wap_wsg_idm_ecid_wtls12 */ -- 0x55,0x1D,0x20,0x00, /* [ 4994] OBJ_any_policy */ -- 0x55,0x1D,0x21, /* [ 4998] OBJ_policy_mappings */ -- 0x55,0x1D,0x36, /* [ 5001] OBJ_inhibit_any_policy */ -- 0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x02, /* [ 5004] OBJ_camellia_128_cbc */ -- 0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x03, /* [ 5015] OBJ_camellia_192_cbc */ -- 0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x04, /* [ 5026] OBJ_camellia_256_cbc */ -- 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x01, /* [ 5037] OBJ_camellia_128_ecb */ -- 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x15, /* [ 5045] OBJ_camellia_192_ecb */ -- 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x29, /* [ 5053] OBJ_camellia_256_ecb */ -- 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x04, /* [ 5061] OBJ_camellia_128_cfb128 */ -- 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x18, /* [ 5069] OBJ_camellia_192_cfb128 */ -- 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2C, /* [ 5077] OBJ_camellia_256_cfb128 */ -- 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x03, /* [ 5085] OBJ_camellia_128_ofb128 */ -- 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x17, /* [ 5093] OBJ_camellia_192_ofb128 */ -- 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2B, /* [ 5101] OBJ_camellia_256_ofb128 */ -- 0x55,0x1D,0x09, /* [ 5109] OBJ_subject_directory_attributes */ -- 0x55,0x1D,0x1C, /* [ 5112] OBJ_issuing_distribution_point */ -- 0x55,0x1D,0x1D, /* [ 5115] OBJ_certificate_issuer */ -- 0x2A,0x83,0x1A,0x8C,0x9A,0x44, /* [ 5118] OBJ_kisa */ -- 0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x03, /* [ 5124] OBJ_seed_ecb */ -- 0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x04, /* [ 5132] OBJ_seed_cbc */ -- 0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x06, /* [ 5140] OBJ_seed_ofb128 */ -- 0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x05, /* [ 5148] OBJ_seed_cfb128 */ -- 0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x01, /* [ 5156] OBJ_hmac_md5 */ -- 0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x02, /* [ 5164] OBJ_hmac_sha1 */ -- 0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0D, /* [ 5172] OBJ_id_PasswordBasedMAC */ -- 0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x1E, /* [ 5181] OBJ_id_DHBasedMac */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x10, /* [ 5190] OBJ_id_it_suppLangTags */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x05, /* [ 5198] OBJ_caRepository */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x09, /* [ 5206] OBJ_id_smime_ct_compressedData */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1B, /* [ 5217] OBJ_id_ct_asciiTextWithCRLF */ -- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x05, /* [ 5228] OBJ_id_aes128_wrap */ -- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x19, /* [ 5237] OBJ_id_aes192_wrap */ -- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2D, /* [ 5246] OBJ_id_aes256_wrap */ -- 0x2A,0x86,0x48,0xCE,0x3D,0x04,0x02, /* [ 5255] OBJ_ecdsa_with_Recommended */ -- 0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03, /* [ 5262] OBJ_ecdsa_with_Specified */ -- 0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x01, /* [ 5269] OBJ_ecdsa_with_SHA224 */ -- 0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x02, /* [ 5277] OBJ_ecdsa_with_SHA256 */ -- 0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x03, /* [ 5285] OBJ_ecdsa_with_SHA384 */ -- 0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x04, /* [ 5293] OBJ_ecdsa_with_SHA512 */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x06, /* [ 5301] OBJ_hmacWithMD5 */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x08, /* [ 5309] OBJ_hmacWithSHA224 */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x09, /* [ 5317] OBJ_hmacWithSHA256 */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0A, /* [ 5325] OBJ_hmacWithSHA384 */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0B, /* [ 5333] OBJ_hmacWithSHA512 */ -- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x01, /* [ 5341] OBJ_dsa_with_SHA224 */ -- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x02, /* [ 5350] OBJ_dsa_with_SHA256 */ -- 0x28,0xCF,0x06,0x03,0x00,0x37, /* [ 5359] OBJ_whirlpool */ -- 0x2A,0x85,0x03,0x02,0x02, /* [ 5365] OBJ_cryptopro */ -- 0x2A,0x85,0x03,0x02,0x09, /* [ 5370] OBJ_cryptocom */ -- 0x2A,0x85,0x03,0x02,0x02,0x03, /* [ 5375] OBJ_id_GostR3411_94_with_GostR3410_2001 */ -- 0x2A,0x85,0x03,0x02,0x02,0x04, /* [ 5381] OBJ_id_GostR3411_94_with_GostR3410_94 */ -- 0x2A,0x85,0x03,0x02,0x02,0x09, /* [ 5387] OBJ_id_GostR3411_94 */ -- 0x2A,0x85,0x03,0x02,0x02,0x0A, /* [ 5393] OBJ_id_HMACGostR3411_94 */ -- 0x2A,0x85,0x03,0x02,0x02,0x13, /* [ 5399] OBJ_id_GostR3410_2001 */ -- 0x2A,0x85,0x03,0x02,0x02,0x14, /* [ 5405] OBJ_id_GostR3410_94 */ -- 0x2A,0x85,0x03,0x02,0x02,0x15, /* [ 5411] OBJ_id_Gost28147_89 */ -- 0x2A,0x85,0x03,0x02,0x02,0x16, /* [ 5417] OBJ_id_Gost28147_89_MAC */ -- 0x2A,0x85,0x03,0x02,0x02,0x17, /* [ 5423] OBJ_id_GostR3411_94_prf */ -- 0x2A,0x85,0x03,0x02,0x02,0x62, /* [ 5429] OBJ_id_GostR3410_2001DH */ -- 0x2A,0x85,0x03,0x02,0x02,0x63, /* [ 5435] OBJ_id_GostR3410_94DH */ -- 0x2A,0x85,0x03,0x02,0x02,0x0E,0x01, /* [ 5441] OBJ_id_Gost28147_89_CryptoPro_KeyMeshing */ -- 0x2A,0x85,0x03,0x02,0x02,0x0E,0x00, /* [ 5448] OBJ_id_Gost28147_89_None_KeyMeshing */ -- 0x2A,0x85,0x03,0x02,0x02,0x1E,0x00, /* [ 5455] OBJ_id_GostR3411_94_TestParamSet */ -- 0x2A,0x85,0x03,0x02,0x02,0x1E,0x01, /* [ 5462] OBJ_id_GostR3411_94_CryptoProParamSet */ -- 0x2A,0x85,0x03,0x02,0x02,0x1F,0x00, /* [ 5469] OBJ_id_Gost28147_89_TestParamSet */ -- 0x2A,0x85,0x03,0x02,0x02,0x1F,0x01, /* [ 5476] OBJ_id_Gost28147_89_CryptoPro_A_ParamSet */ -- 0x2A,0x85,0x03,0x02,0x02,0x1F,0x02, /* [ 5483] OBJ_id_Gost28147_89_CryptoPro_B_ParamSet */ -- 0x2A,0x85,0x03,0x02,0x02,0x1F,0x03, /* [ 5490] OBJ_id_Gost28147_89_CryptoPro_C_ParamSet */ -- 0x2A,0x85,0x03,0x02,0x02,0x1F,0x04, /* [ 5497] OBJ_id_Gost28147_89_CryptoPro_D_ParamSet */ -- 0x2A,0x85,0x03,0x02,0x02,0x1F,0x05, /* [ 5504] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet */ -- 0x2A,0x85,0x03,0x02,0x02,0x1F,0x06, /* [ 5511] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet */ -- 0x2A,0x85,0x03,0x02,0x02,0x1F,0x07, /* [ 5518] OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet */ -- 0x2A,0x85,0x03,0x02,0x02,0x20,0x00, /* [ 5525] OBJ_id_GostR3410_94_TestParamSet */ -- 0x2A,0x85,0x03,0x02,0x02,0x20,0x02, /* [ 5532] OBJ_id_GostR3410_94_CryptoPro_A_ParamSet */ -- 0x2A,0x85,0x03,0x02,0x02,0x20,0x03, /* [ 5539] OBJ_id_GostR3410_94_CryptoPro_B_ParamSet */ -- 0x2A,0x85,0x03,0x02,0x02,0x20,0x04, /* [ 5546] OBJ_id_GostR3410_94_CryptoPro_C_ParamSet */ -- 0x2A,0x85,0x03,0x02,0x02,0x20,0x05, /* [ 5553] OBJ_id_GostR3410_94_CryptoPro_D_ParamSet */ -- 0x2A,0x85,0x03,0x02,0x02,0x21,0x01, /* [ 5560] OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet */ -- 0x2A,0x85,0x03,0x02,0x02,0x21,0x02, /* [ 5567] OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet */ -- 0x2A,0x85,0x03,0x02,0x02,0x21,0x03, /* [ 5574] OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet */ -- 0x2A,0x85,0x03,0x02,0x02,0x23,0x00, /* [ 5581] OBJ_id_GostR3410_2001_TestParamSet */ -- 0x2A,0x85,0x03,0x02,0x02,0x23,0x01, /* [ 5588] OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet */ -- 0x2A,0x85,0x03,0x02,0x02,0x23,0x02, /* [ 5595] OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet */ -- 0x2A,0x85,0x03,0x02,0x02,0x23,0x03, /* [ 5602] OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet */ -- 0x2A,0x85,0x03,0x02,0x02,0x24,0x00, /* [ 5609] OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet */ -- 0x2A,0x85,0x03,0x02,0x02,0x24,0x01, /* [ 5616] OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet */ -- 0x2A,0x85,0x03,0x02,0x02,0x14,0x01, /* [ 5623] OBJ_id_GostR3410_94_a */ -- 0x2A,0x85,0x03,0x02,0x02,0x14,0x02, /* [ 5630] OBJ_id_GostR3410_94_aBis */ -- 0x2A,0x85,0x03,0x02,0x02,0x14,0x03, /* [ 5637] OBJ_id_GostR3410_94_b */ -- 0x2A,0x85,0x03,0x02,0x02,0x14,0x04, /* [ 5644] OBJ_id_GostR3410_94_bBis */ -- 0x2A,0x85,0x03,0x02,0x09,0x01,0x06,0x01, /* [ 5651] OBJ_id_Gost28147_89_cc */ -- 0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x03, /* [ 5659] OBJ_id_GostR3410_94_cc */ -- 0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x04, /* [ 5667] OBJ_id_GostR3410_2001_cc */ -- 0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x03, /* [ 5675] OBJ_id_GostR3411_94_with_GostR3410_94_cc */ -- 0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x04, /* [ 5683] OBJ_id_GostR3411_94_with_GostR3410_2001_cc */ -- 0x2A,0x85,0x03,0x02,0x09,0x01,0x08,0x01, /* [ 5691] OBJ_id_GostR3410_2001_ParamSet_cc */ -- 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x02, /* [ 5699] OBJ_LocalKeySet */ -- 0x55,0x1D,0x2E, /* [ 5708] OBJ_freshest_crl */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x03, /* [ 5711] OBJ_id_on_permanentIdentifier */ -- 0x55,0x04,0x0E, /* [ 5719] OBJ_searchGuide */ -- 0x55,0x04,0x0F, /* [ 5722] OBJ_businessCategory */ -- 0x55,0x04,0x10, /* [ 5725] OBJ_postalAddress */ -- 0x55,0x04,0x12, /* [ 5728] OBJ_postOfficeBox */ -- 0x55,0x04,0x13, /* [ 5731] OBJ_physicalDeliveryOfficeName */ -- 0x55,0x04,0x14, /* [ 5734] OBJ_telephoneNumber */ -- 0x55,0x04,0x15, /* [ 5737] OBJ_telexNumber */ -- 0x55,0x04,0x16, /* [ 5740] OBJ_teletexTerminalIdentifier */ -- 0x55,0x04,0x17, /* [ 5743] OBJ_facsimileTelephoneNumber */ -- 0x55,0x04,0x18, /* [ 5746] OBJ_x121Address */ -- 0x55,0x04,0x19, /* [ 5749] OBJ_internationaliSDNNumber */ -- 0x55,0x04,0x1A, /* [ 5752] OBJ_registeredAddress */ -- 0x55,0x04,0x1B, /* [ 5755] OBJ_destinationIndicator */ -- 0x55,0x04,0x1C, /* [ 5758] OBJ_preferredDeliveryMethod */ -- 0x55,0x04,0x1D, /* [ 5761] OBJ_presentationAddress */ -- 0x55,0x04,0x1E, /* [ 5764] OBJ_supportedApplicationContext */ -- 0x55,0x04,0x1F, /* [ 5767] OBJ_member */ -- 0x55,0x04,0x20, /* [ 5770] OBJ_owner */ -- 0x55,0x04,0x21, /* [ 5773] OBJ_roleOccupant */ -- 0x55,0x04,0x22, /* [ 5776] OBJ_seeAlso */ -- 0x55,0x04,0x23, /* [ 5779] OBJ_userPassword */ -- 0x55,0x04,0x24, /* [ 5782] OBJ_userCertificate */ -- 0x55,0x04,0x25, /* [ 5785] OBJ_cACertificate */ -- 0x55,0x04,0x26, /* [ 5788] OBJ_authorityRevocationList */ -- 0x55,0x04,0x27, /* [ 5791] OBJ_certificateRevocationList */ -- 0x55,0x04,0x28, /* [ 5794] OBJ_crossCertificatePair */ -- 0x55,0x04,0x2F, /* [ 5797] OBJ_enhancedSearchGuide */ -- 0x55,0x04,0x30, /* [ 5800] OBJ_protocolInformation */ -- 0x55,0x04,0x31, /* [ 5803] OBJ_distinguishedName */ -- 0x55,0x04,0x32, /* [ 5806] OBJ_uniqueMember */ -- 0x55,0x04,0x33, /* [ 5809] OBJ_houseIdentifier */ -- 0x55,0x04,0x34, /* [ 5812] OBJ_supportedAlgorithms */ -- 0x55,0x04,0x35, /* [ 5815] OBJ_deltaRevocationList */ -- 0x55,0x04,0x36, /* [ 5818] OBJ_dmdName */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x09, /* [ 5821] OBJ_id_alg_PWRI_KEK */ -- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x06, /* [ 5832] OBJ_aes_128_gcm */ -- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x07, /* [ 5841] OBJ_aes_128_ccm */ -- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x08, /* [ 5850] OBJ_id_aes128_wrap_pad */ -- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1A, /* [ 5859] OBJ_aes_192_gcm */ -- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1B, /* [ 5868] OBJ_aes_192_ccm */ -- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1C, /* [ 5877] OBJ_id_aes192_wrap_pad */ -- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2E, /* [ 5886] OBJ_aes_256_gcm */ -- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2F, /* [ 5895] OBJ_aes_256_ccm */ -- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x30, /* [ 5904] OBJ_id_aes256_wrap_pad */ -- 0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x02, /* [ 5913] OBJ_id_camellia128_wrap */ -- 0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x03, /* [ 5924] OBJ_id_camellia192_wrap */ -- 0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x04, /* [ 5935] OBJ_id_camellia256_wrap */ -- 0x55,0x1D,0x25,0x00, /* [ 5946] OBJ_anyExtendedKeyUsage */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x08, /* [ 5950] OBJ_mgf1 */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0A, /* [ 5959] OBJ_rsassaPss */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x07, /* [ 5968] OBJ_rsaesOaep */ -- 0x2A,0x86,0x48,0xCE,0x3E,0x02,0x01, /* [ 5977] OBJ_dhpublicnumber */ -- 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x01, /* [ 5984] OBJ_brainpoolP160r1 */ -- 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x02, /* [ 5993] OBJ_brainpoolP160t1 */ -- 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x03, /* [ 6002] OBJ_brainpoolP192r1 */ -- 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x04, /* [ 6011] OBJ_brainpoolP192t1 */ -- 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x05, /* [ 6020] OBJ_brainpoolP224r1 */ -- 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x06, /* [ 6029] OBJ_brainpoolP224t1 */ -- 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07, /* [ 6038] OBJ_brainpoolP256r1 */ -- 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x08, /* [ 6047] OBJ_brainpoolP256t1 */ -- 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x09, /* [ 6056] OBJ_brainpoolP320r1 */ -- 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0A, /* [ 6065] OBJ_brainpoolP320t1 */ -- 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0B, /* [ 6074] OBJ_brainpoolP384r1 */ -- 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0C, /* [ 6083] OBJ_brainpoolP384t1 */ -- 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0D, /* [ 6092] OBJ_brainpoolP512r1 */ -- 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0E, /* [ 6101] OBJ_brainpoolP512t1 */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x09, /* [ 6110] OBJ_pSpecified */ -- 0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x02, /* [ 6119] OBJ_dhSinglePass_stdDH_sha1kdf_scheme */ -- 0x2B,0x81,0x04,0x01,0x0B,0x00, /* [ 6128] OBJ_dhSinglePass_stdDH_sha224kdf_scheme */ -- 0x2B,0x81,0x04,0x01,0x0B,0x01, /* [ 6134] OBJ_dhSinglePass_stdDH_sha256kdf_scheme */ -- 0x2B,0x81,0x04,0x01,0x0B,0x02, /* [ 6140] OBJ_dhSinglePass_stdDH_sha384kdf_scheme */ -- 0x2B,0x81,0x04,0x01,0x0B,0x03, /* [ 6146] OBJ_dhSinglePass_stdDH_sha512kdf_scheme */ -- 0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x03, /* [ 6152] OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme */ -- 0x2B,0x81,0x04,0x01,0x0E,0x00, /* [ 6161] OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme */ -- 0x2B,0x81,0x04,0x01,0x0E,0x01, /* [ 6167] OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme */ -- 0x2B,0x81,0x04,0x01,0x0E,0x02, /* [ 6173] OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme */ -- 0x2B,0x81,0x04,0x01,0x0E,0x03, /* [ 6179] OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme */ -- 0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x02, /* [ 6185] OBJ_ct_precert_scts */ -- 0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x03, /* [ 6195] OBJ_ct_precert_poison */ -- 0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x04, /* [ 6205] OBJ_ct_precert_signer */ -- 0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x05, /* [ 6215] OBJ_ct_cert_scts */ -- 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x01, /* [ 6225] OBJ_jurisdictionLocalityName */ -- 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x02, /* [ 6236] OBJ_jurisdictionStateOrProvinceName */ -- 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x03, /* [ 6247] OBJ_jurisdictionCountryName */ -- 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x06, /* [ 6258] OBJ_camellia_128_gcm */ -- 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x07, /* [ 6266] OBJ_camellia_128_ccm */ -- 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x09, /* [ 6274] OBJ_camellia_128_ctr */ -- 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x0A, /* [ 6282] OBJ_camellia_128_cmac */ -- 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1A, /* [ 6290] OBJ_camellia_192_gcm */ -- 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1B, /* [ 6298] OBJ_camellia_192_ccm */ -- 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1D, /* [ 6306] OBJ_camellia_192_ctr */ -- 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1E, /* [ 6314] OBJ_camellia_192_cmac */ -- 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2E, /* [ 6322] OBJ_camellia_256_gcm */ -- 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2F, /* [ 6330] OBJ_camellia_256_ccm */ -- 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x31, /* [ 6338] OBJ_camellia_256_ctr */ -- 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x32, /* [ 6346] OBJ_camellia_256_cmac */ -- 0x2B,0x06,0x01,0x04,0x01,0xDA,0x47,0x04,0x0B, /* [ 6354] OBJ_id_scrypt */ -- 0x2A,0x85,0x03,0x07,0x01, /* [ 6363] OBJ_id_tc26 */ -- 0x2A,0x85,0x03,0x07,0x01,0x01, /* [ 6368] OBJ_id_tc26_algorithms */ -- 0x2A,0x85,0x03,0x07,0x01,0x01,0x01, /* [ 6374] OBJ_id_tc26_sign */ -- 0x2A,0x85,0x03,0x07,0x01,0x01,0x01,0x01, /* [ 6381] OBJ_id_GostR3410_2012_256 */ -- 0x2A,0x85,0x03,0x07,0x01,0x01,0x01,0x02, /* [ 6389] OBJ_id_GostR3410_2012_512 */ -- 0x2A,0x85,0x03,0x07,0x01,0x01,0x02, /* [ 6397] OBJ_id_tc26_digest */ -- 0x2A,0x85,0x03,0x07,0x01,0x01,0x02,0x02, /* [ 6404] OBJ_id_GostR3411_2012_256 */ -- 0x2A,0x85,0x03,0x07,0x01,0x01,0x02,0x03, /* [ 6412] OBJ_id_GostR3411_2012_512 */ -- 0x2A,0x85,0x03,0x07,0x01,0x01,0x03, /* [ 6420] OBJ_id_tc26_signwithdigest */ -- 0x2A,0x85,0x03,0x07,0x01,0x01,0x03,0x02, /* [ 6427] OBJ_id_tc26_signwithdigest_gost3410_2012_256 */ -- 0x2A,0x85,0x03,0x07,0x01,0x01,0x03,0x03, /* [ 6435] OBJ_id_tc26_signwithdigest_gost3410_2012_512 */ -- 0x2A,0x85,0x03,0x07,0x01,0x01,0x04, /* [ 6443] OBJ_id_tc26_mac */ -- 0x2A,0x85,0x03,0x07,0x01,0x01,0x04,0x01, /* [ 6450] OBJ_id_tc26_hmac_gost_3411_2012_256 */ -- 0x2A,0x85,0x03,0x07,0x01,0x01,0x04,0x02, /* [ 6458] OBJ_id_tc26_hmac_gost_3411_2012_512 */ -- 0x2A,0x85,0x03,0x07,0x01,0x01,0x05, /* [ 6466] OBJ_id_tc26_cipher */ -- 0x2A,0x85,0x03,0x07,0x01,0x01,0x06, /* [ 6473] OBJ_id_tc26_agreement */ -- 0x2A,0x85,0x03,0x07,0x01,0x01,0x06,0x01, /* [ 6480] OBJ_id_tc26_agreement_gost_3410_2012_256 */ -- 0x2A,0x85,0x03,0x07,0x01,0x01,0x06,0x02, /* [ 6488] OBJ_id_tc26_agreement_gost_3410_2012_512 */ -- 0x2A,0x85,0x03,0x07,0x01,0x02, /* [ 6496] OBJ_id_tc26_constants */ -- 0x2A,0x85,0x03,0x07,0x01,0x02,0x01, /* [ 6502] OBJ_id_tc26_sign_constants */ -- 0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02, /* [ 6509] OBJ_id_tc26_gost_3410_2012_512_constants */ -- 0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x00, /* [ 6517] OBJ_id_tc26_gost_3410_2012_512_paramSetTest */ -- 0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x01, /* [ 6526] OBJ_id_tc26_gost_3410_2012_512_paramSetA */ -- 0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x02, /* [ 6535] OBJ_id_tc26_gost_3410_2012_512_paramSetB */ -- 0x2A,0x85,0x03,0x07,0x01,0x02,0x02, /* [ 6544] OBJ_id_tc26_digest_constants */ -- 0x2A,0x85,0x03,0x07,0x01,0x02,0x05, /* [ 6551] OBJ_id_tc26_cipher_constants */ -- 0x2A,0x85,0x03,0x07,0x01,0x02,0x05,0x01, /* [ 6558] OBJ_id_tc26_gost_28147_constants */ -- 0x2A,0x85,0x03,0x07,0x01,0x02,0x05,0x01,0x01, /* [ 6566] OBJ_id_tc26_gost_28147_param_Z */ -- 0x2A,0x85,0x03,0x03,0x81,0x03,0x01,0x01, /* [ 6575] OBJ_INN */ -- 0x2A,0x85,0x03,0x64,0x01, /* [ 6583] OBJ_OGRN */ -- 0x2A,0x85,0x03,0x64,0x03, /* [ 6588] OBJ_SNILS */ -- 0x2A,0x85,0x03,0x64,0x6F, /* [ 6593] OBJ_subjectSignTool */ -- 0x2A,0x85,0x03,0x64,0x70, /* [ 6598] OBJ_issuerSignTool */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x18, /* [ 6603] OBJ_tlsfeature */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x11, /* [ 6611] OBJ_ipsec_IKE */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x12, /* [ 6619] OBJ_capwapAC */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x13, /* [ 6627] OBJ_capwapWTP */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x15, /* [ 6635] OBJ_sshClient */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x16, /* [ 6643] OBJ_sshServer */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x17, /* [ 6651] OBJ_sendRouter */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x18, /* [ 6659] OBJ_sendProxiedRouter */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x19, /* [ 6667] OBJ_sendOwner */ -- 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x1A, /* [ 6675] OBJ_sendProxiedOwner */ -- 0x2B,0x06,0x01,0x05,0x02,0x03, /* [ 6683] OBJ_id_pkinit */ -- 0x2B,0x06,0x01,0x05,0x02,0x03,0x04, /* [ 6689] OBJ_pkInitClientAuth */ -- 0x2B,0x06,0x01,0x05,0x02,0x03,0x05, /* [ 6696] OBJ_pkInitKDC */ -- 0x2B,0x65,0x6E, /* [ 6703] OBJ_X25519 */ -- 0x2B,0x65,0x6F, /* [ 6706] OBJ_X448 */ -- 0x2B,0x06,0x01,0x04,0x01,0x8D,0x3A,0x0C,0x02,0x01,0x10, /* [ 6709] OBJ_blake2b512 */ -- 0x2B,0x06,0x01,0x04,0x01,0x8D,0x3A,0x0C,0x02,0x02,0x08, /* [ 6720] OBJ_blake2s256 */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x13, /* [ 6731] OBJ_id_smime_ct_contentCollection */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x17, /* [ 6742] OBJ_id_smime_ct_authEnvelopedData */ -- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1C, /* [ 6753] OBJ_id_ct_xml */ -+#define NUM_NID 958 -+#define NUM_SN 951 -+#define NUM_LN 951 -+#define NUM_OBJ 890 -+ -+static const unsigned char lvalues[6255]={ -+0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x05, /* [ 21] OBJ_md5 */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x04, /* [ 29] OBJ_rc4 */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,/* [ 37] OBJ_rsaEncryption */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x02,/* [ 46] OBJ_md2WithRSAEncryption */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x04,/* [ 55] OBJ_md5WithRSAEncryption */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x01,/* [ 64] OBJ_pbeWithMD2AndDES_CBC */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x03,/* [ 73] OBJ_pbeWithMD5AndDES_CBC */ -+0x55, /* [ 82] OBJ_X500 */ -+0x55,0x04, /* [ 83] OBJ_X509 */ -+0x55,0x04,0x03, /* [ 85] OBJ_commonName */ -+0x55,0x04,0x06, /* [ 88] OBJ_countryName */ -+0x55,0x04,0x07, /* [ 91] OBJ_localityName */ -+0x55,0x04,0x08, /* [ 94] OBJ_stateOrProvinceName */ -+0x55,0x04,0x0A, /* [ 97] OBJ_organizationName */ -+0x55,0x04,0x0B, /* [100] OBJ_organizationalUnitName */ -+0x55,0x08,0x01,0x01, /* [103] OBJ_rsa */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07, /* [107] OBJ_pkcs7 */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x01,/* [115] OBJ_pkcs7_data */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x02,/* [124] OBJ_pkcs7_signed */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x03,/* [133] OBJ_pkcs7_enveloped */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x04,/* [142] OBJ_pkcs7_signedAndEnveloped */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x05,/* [151] OBJ_pkcs7_digest */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x06,/* [160] OBJ_pkcs7_encrypted */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03, /* [169] OBJ_pkcs3 */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03,0x01,/* [177] OBJ_dhKeyAgreement */ -+0x2B,0x0E,0x03,0x02,0x06, /* [186] OBJ_des_ecb */ -+0x2B,0x0E,0x03,0x02,0x09, /* [191] OBJ_des_cfb64 */ -+0x2B,0x0E,0x03,0x02,0x07, /* [196] OBJ_des_cbc */ -+0x2B,0x0E,0x03,0x02,0x11, /* [201] OBJ_des_ede_ecb */ -+0x2B,0x06,0x01,0x04,0x01,0x81,0x3C,0x07,0x01,0x01,0x02,/* [206] OBJ_idea_cbc */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x02, /* [217] OBJ_rc2_cbc */ -+0x2B,0x0E,0x03,0x02,0x12, /* [225] OBJ_sha */ -+0x2B,0x0E,0x03,0x02,0x0F, /* [230] OBJ_shaWithRSAEncryption */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x07, /* [235] OBJ_des_ede3_cbc */ -+0x2B,0x0E,0x03,0x02,0x08, /* [243] OBJ_des_ofb64 */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09, /* [248] OBJ_pkcs9 */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x01,/* [256] OBJ_pkcs9_emailAddress */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x02,/* [265] OBJ_pkcs9_unstructuredName */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x03,/* [274] OBJ_pkcs9_contentType */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x04,/* [283] OBJ_pkcs9_messageDigest */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x05,/* [292] OBJ_pkcs9_signingTime */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x06,/* [301] OBJ_pkcs9_countersignature */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x07,/* [310] OBJ_pkcs9_challengePassword */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x08,/* [319] OBJ_pkcs9_unstructuredAddress */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x09,/* [328] OBJ_pkcs9_extCertAttributes */ -+0x60,0x86,0x48,0x01,0x86,0xF8,0x42, /* [337] OBJ_netscape */ -+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01, /* [344] OBJ_netscape_cert_extension */ -+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02, /* [352] OBJ_netscape_data_type */ -+0x2B,0x0E,0x03,0x02,0x1A, /* [360] OBJ_sha1 */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,/* [365] OBJ_sha1WithRSAEncryption */ -+0x2B,0x0E,0x03,0x02,0x0D, /* [374] OBJ_dsaWithSHA */ -+0x2B,0x0E,0x03,0x02,0x0C, /* [379] OBJ_dsa_2 */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0B,/* [384] OBJ_pbeWithSHA1AndRC2_CBC */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0C,/* [393] OBJ_id_pbkdf2 */ -+0x2B,0x0E,0x03,0x02,0x1B, /* [402] OBJ_dsaWithSHA1_2 */ -+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x01,/* [407] OBJ_netscape_cert_type */ -+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x02,/* [416] OBJ_netscape_base_url */ -+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x03,/* [425] OBJ_netscape_revocation_url */ -+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x04,/* [434] OBJ_netscape_ca_revocation_url */ -+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x07,/* [443] OBJ_netscape_renewal_url */ -+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x08,/* [452] OBJ_netscape_ca_policy_url */ -+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0C,/* [461] OBJ_netscape_ssl_server_name */ -+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0D,/* [470] OBJ_netscape_comment */ -+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02,0x05,/* [479] OBJ_netscape_cert_sequence */ -+0x55,0x1D, /* [488] OBJ_id_ce */ -+0x55,0x1D,0x0E, /* [490] OBJ_subject_key_identifier */ -+0x55,0x1D,0x0F, /* [493] OBJ_key_usage */ -+0x55,0x1D,0x10, /* [496] OBJ_private_key_usage_period */ -+0x55,0x1D,0x11, /* [499] OBJ_subject_alt_name */ -+0x55,0x1D,0x12, /* [502] OBJ_issuer_alt_name */ -+0x55,0x1D,0x13, /* [505] OBJ_basic_constraints */ -+0x55,0x1D,0x14, /* [508] OBJ_crl_number */ -+0x55,0x1D,0x20, /* [511] OBJ_certificate_policies */ -+0x55,0x1D,0x23, /* [514] OBJ_authority_key_identifier */ -+0x2B,0x06,0x01,0x04,0x01,0x97,0x55,0x01,0x02,/* [517] OBJ_bf_cbc */ -+0x55,0x08,0x03,0x65, /* [526] OBJ_mdc2 */ -+0x55,0x08,0x03,0x64, /* [530] OBJ_mdc2WithRSA */ -+0x55,0x04,0x2A, /* [534] OBJ_givenName */ -+0x55,0x04,0x04, /* [537] OBJ_surname */ -+0x55,0x04,0x2B, /* [540] OBJ_initials */ -+0x55,0x1D,0x1F, /* [543] OBJ_crl_distribution_points */ -+0x2B,0x0E,0x03,0x02,0x03, /* [546] OBJ_md5WithRSA */ -+0x55,0x04,0x05, /* [551] OBJ_serialNumber */ -+0x55,0x04,0x0C, /* [554] OBJ_title */ -+0x55,0x04,0x0D, /* [557] OBJ_description */ -+0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0A,/* [560] OBJ_cast5_cbc */ -+0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0C,/* [569] OBJ_pbeWithMD5AndCast5_CBC */ -+0x2A,0x86,0x48,0xCE,0x38,0x04,0x03, /* [578] OBJ_dsaWithSHA1 */ -+0x2B,0x0E,0x03,0x02,0x1D, /* [585] OBJ_sha1WithRSA */ -+0x2A,0x86,0x48,0xCE,0x38,0x04,0x01, /* [590] OBJ_dsa */ -+0x2B,0x24,0x03,0x02,0x01, /* [597] OBJ_ripemd160 */ -+0x2B,0x24,0x03,0x03,0x01,0x02, /* [602] OBJ_ripemd160WithRSA */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x08, /* [608] OBJ_rc5_cbc */ -+0x29,0x01,0x01,0x85,0x1A,0x01, /* [616] OBJ_rle_compression */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x08,/* [622] OBJ_zlib_compression */ -+0x55,0x1D,0x25, /* [633] OBJ_ext_key_usage */ -+0x2B,0x06,0x01,0x05,0x05,0x07, /* [636] OBJ_id_pkix */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x03, /* [642] OBJ_id_kp */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01, /* [649] OBJ_server_auth */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02, /* [657] OBJ_client_auth */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03, /* [665] OBJ_code_sign */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04, /* [673] OBJ_email_protect */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x08, /* [681] OBJ_time_stamp */ -+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x15,/* [689] OBJ_ms_code_ind */ -+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x16,/* [699] OBJ_ms_code_com */ -+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x01,/* [709] OBJ_ms_ctl_sign */ -+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03,/* [719] OBJ_ms_sgc */ -+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,/* [729] OBJ_ms_efs */ -+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,/* [739] OBJ_ns_sgc */ -+0x55,0x1D,0x1B, /* [748] OBJ_delta_crl */ -+0x55,0x1D,0x15, /* [751] OBJ_crl_reason */ -+0x55,0x1D,0x18, /* [754] OBJ_invalidity_date */ -+0x2B,0x65,0x01,0x04,0x01, /* [757] OBJ_sxnet */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x01,/* [762] OBJ_pbe_WithSHA1And128BitRC4 */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x02,/* [772] OBJ_pbe_WithSHA1And40BitRC4 */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x03,/* [782] OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x04,/* [792] OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x05,/* [802] OBJ_pbe_WithSHA1And128BitRC2_CBC */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x06,/* [812] OBJ_pbe_WithSHA1And40BitRC2_CBC */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x01,/* [822] OBJ_keyBag */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x02,/* [833] OBJ_pkcs8ShroudedKeyBag */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x03,/* [844] OBJ_certBag */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x04,/* [855] OBJ_crlBag */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x05,/* [866] OBJ_secretBag */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x06,/* [877] OBJ_safeContentsBag */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x14,/* [888] OBJ_friendlyName */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x15,/* [897] OBJ_localKeyID */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x01,/* [906] OBJ_x509Certificate */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x02,/* [916] OBJ_sdsiCertificate */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x17,0x01,/* [926] OBJ_x509Crl */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0D,/* [936] OBJ_pbes2 */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0E,/* [945] OBJ_pbmac1 */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x07, /* [954] OBJ_hmacWithSHA1 */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01, /* [962] OBJ_id_qt_cps */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02, /* [970] OBJ_id_qt_unotice */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0F,/* [978] OBJ_SMIMECapabilities */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x04,/* [987] OBJ_pbeWithMD2AndRC2_CBC */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x06,/* [996] OBJ_pbeWithMD5AndRC2_CBC */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0A,/* [1005] OBJ_pbeWithSHA1AndDES_CBC */ -+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x0E,/* [1014] OBJ_ms_ext_req */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0E,/* [1024] OBJ_ext_req */ -+0x55,0x04,0x29, /* [1033] OBJ_name */ -+0x55,0x04,0x2E, /* [1036] OBJ_dnQualifier */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x01, /* [1039] OBJ_id_pe */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x30, /* [1046] OBJ_id_ad */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01, /* [1053] OBJ_info_access */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01, /* [1061] OBJ_ad_OCSP */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02, /* [1069] OBJ_ad_ca_issuers */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09, /* [1077] OBJ_OCSP_sign */ -+0x2A, /* [1085] OBJ_member_body */ -+0x2A,0x86,0x48, /* [1086] OBJ_ISO_US */ -+0x2A,0x86,0x48,0xCE,0x38, /* [1089] OBJ_X9_57 */ -+0x2A,0x86,0x48,0xCE,0x38,0x04, /* [1094] OBJ_X9cm */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01, /* [1100] OBJ_pkcs1 */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05, /* [1108] OBJ_pkcs5 */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,/* [1116] OBJ_SMIME */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,/* [1125] OBJ_id_smime_mod */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,/* [1135] OBJ_id_smime_ct */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,/* [1145] OBJ_id_smime_aa */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,/* [1155] OBJ_id_smime_alg */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,/* [1165] OBJ_id_smime_cd */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,/* [1175] OBJ_id_smime_spq */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,/* [1185] OBJ_id_smime_cti */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x01,/* [1195] OBJ_id_smime_mod_cms */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x02,/* [1206] OBJ_id_smime_mod_ess */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x03,/* [1217] OBJ_id_smime_mod_oid */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x04,/* [1228] OBJ_id_smime_mod_msg_v3 */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x05,/* [1239] OBJ_id_smime_mod_ets_eSignature_88 */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x06,/* [1250] OBJ_id_smime_mod_ets_eSignature_97 */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x07,/* [1261] OBJ_id_smime_mod_ets_eSigPolicy_88 */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x08,/* [1272] OBJ_id_smime_mod_ets_eSigPolicy_97 */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x01,/* [1283] OBJ_id_smime_ct_receipt */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x02,/* [1294] OBJ_id_smime_ct_authData */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x03,/* [1305] OBJ_id_smime_ct_publishCert */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x04,/* [1316] OBJ_id_smime_ct_TSTInfo */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x05,/* [1327] OBJ_id_smime_ct_TDTInfo */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x06,/* [1338] OBJ_id_smime_ct_contentInfo */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x07,/* [1349] OBJ_id_smime_ct_DVCSRequestData */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x08,/* [1360] OBJ_id_smime_ct_DVCSResponseData */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x01,/* [1371] OBJ_id_smime_aa_receiptRequest */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x02,/* [1382] OBJ_id_smime_aa_securityLabel */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x03,/* [1393] OBJ_id_smime_aa_mlExpandHistory */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x04,/* [1404] OBJ_id_smime_aa_contentHint */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x05,/* [1415] OBJ_id_smime_aa_msgSigDigest */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x06,/* [1426] OBJ_id_smime_aa_encapContentType */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x07,/* [1437] OBJ_id_smime_aa_contentIdentifier */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x08,/* [1448] OBJ_id_smime_aa_macValue */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x09,/* [1459] OBJ_id_smime_aa_equivalentLabels */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0A,/* [1470] OBJ_id_smime_aa_contentReference */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0B,/* [1481] OBJ_id_smime_aa_encrypKeyPref */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0C,/* [1492] OBJ_id_smime_aa_signingCertificate */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0D,/* [1503] OBJ_id_smime_aa_smimeEncryptCerts */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0E,/* [1514] OBJ_id_smime_aa_timeStampToken */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0F,/* [1525] OBJ_id_smime_aa_ets_sigPolicyId */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x10,/* [1536] OBJ_id_smime_aa_ets_commitmentType */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x11,/* [1547] OBJ_id_smime_aa_ets_signerLocation */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x12,/* [1558] OBJ_id_smime_aa_ets_signerAttr */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x13,/* [1569] OBJ_id_smime_aa_ets_otherSigCert */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x14,/* [1580] OBJ_id_smime_aa_ets_contentTimestamp */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x15,/* [1591] OBJ_id_smime_aa_ets_CertificateRefs */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x16,/* [1602] OBJ_id_smime_aa_ets_RevocationRefs */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x17,/* [1613] OBJ_id_smime_aa_ets_certValues */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x18,/* [1624] OBJ_id_smime_aa_ets_revocationValues */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x19,/* [1635] OBJ_id_smime_aa_ets_escTimeStamp */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1A,/* [1646] OBJ_id_smime_aa_ets_certCRLTimestamp */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1B,/* [1657] OBJ_id_smime_aa_ets_archiveTimeStamp */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1C,/* [1668] OBJ_id_smime_aa_signatureType */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1D,/* [1679] OBJ_id_smime_aa_dvcs_dvc */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x01,/* [1690] OBJ_id_smime_alg_ESDHwith3DES */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x02,/* [1701] OBJ_id_smime_alg_ESDHwithRC2 */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x03,/* [1712] OBJ_id_smime_alg_3DESwrap */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x04,/* [1723] OBJ_id_smime_alg_RC2wrap */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x05,/* [1734] OBJ_id_smime_alg_ESDH */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x06,/* [1745] OBJ_id_smime_alg_CMS3DESwrap */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x07,/* [1756] OBJ_id_smime_alg_CMSRC2wrap */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,0x01,/* [1767] OBJ_id_smime_cd_ldap */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x01,/* [1778] OBJ_id_smime_spq_ets_sqt_uri */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x02,/* [1789] OBJ_id_smime_spq_ets_sqt_unotice */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x01,/* [1800] OBJ_id_smime_cti_ets_proofOfOrigin */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x02,/* [1811] OBJ_id_smime_cti_ets_proofOfReceipt */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x03,/* [1822] OBJ_id_smime_cti_ets_proofOfDelivery */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x04,/* [1833] OBJ_id_smime_cti_ets_proofOfSender */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x05,/* [1844] OBJ_id_smime_cti_ets_proofOfApproval */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x06,/* [1855] OBJ_id_smime_cti_ets_proofOfCreation */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x04, /* [1866] OBJ_md4 */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x00, /* [1874] OBJ_id_pkix_mod */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x02, /* [1881] OBJ_id_qt */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x04, /* [1888] OBJ_id_it */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x05, /* [1895] OBJ_id_pkip */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x06, /* [1902] OBJ_id_alg */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x07, /* [1909] OBJ_id_cmc */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x08, /* [1916] OBJ_id_on */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x09, /* [1923] OBJ_id_pda */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A, /* [1930] OBJ_id_aca */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x0B, /* [1937] OBJ_id_qcs */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x0C, /* [1944] OBJ_id_cct */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x01, /* [1951] OBJ_id_pkix1_explicit_88 */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x02, /* [1959] OBJ_id_pkix1_implicit_88 */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x03, /* [1967] OBJ_id_pkix1_explicit_93 */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x04, /* [1975] OBJ_id_pkix1_implicit_93 */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x05, /* [1983] OBJ_id_mod_crmf */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x06, /* [1991] OBJ_id_mod_cmc */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x07, /* [1999] OBJ_id_mod_kea_profile_88 */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x08, /* [2007] OBJ_id_mod_kea_profile_93 */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x09, /* [2015] OBJ_id_mod_cmp */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0A, /* [2023] OBJ_id_mod_qualified_cert_88 */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0B, /* [2031] OBJ_id_mod_qualified_cert_93 */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0C, /* [2039] OBJ_id_mod_attribute_cert */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0D, /* [2047] OBJ_id_mod_timestamp_protocol */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0E, /* [2055] OBJ_id_mod_ocsp */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0F, /* [2063] OBJ_id_mod_dvcs */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x10, /* [2071] OBJ_id_mod_cmp2000 */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x02, /* [2079] OBJ_biometricInfo */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x03, /* [2087] OBJ_qcStatements */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x04, /* [2095] OBJ_ac_auditEntity */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x05, /* [2103] OBJ_ac_targeting */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x06, /* [2111] OBJ_aaControls */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07, /* [2119] OBJ_sbgp_ipAddrBlock */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08, /* [2127] OBJ_sbgp_autonomousSysNum */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09, /* [2135] OBJ_sbgp_routerIdentifier */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x03, /* [2143] OBJ_textNotice */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x05, /* [2151] OBJ_ipsecEndSystem */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x06, /* [2159] OBJ_ipsecTunnel */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x07, /* [2167] OBJ_ipsecUser */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x0A, /* [2175] OBJ_dvcs */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x01, /* [2183] OBJ_id_it_caProtEncCert */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x02, /* [2191] OBJ_id_it_signKeyPairTypes */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x03, /* [2199] OBJ_id_it_encKeyPairTypes */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x04, /* [2207] OBJ_id_it_preferredSymmAlg */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x05, /* [2215] OBJ_id_it_caKeyUpdateInfo */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x06, /* [2223] OBJ_id_it_currentCRL */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x07, /* [2231] OBJ_id_it_unsupportedOIDs */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x08, /* [2239] OBJ_id_it_subscriptionRequest */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x09, /* [2247] OBJ_id_it_subscriptionResponse */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0A, /* [2255] OBJ_id_it_keyPairParamReq */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0B, /* [2263] OBJ_id_it_keyPairParamRep */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0C, /* [2271] OBJ_id_it_revPassphrase */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0D, /* [2279] OBJ_id_it_implicitConfirm */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0E, /* [2287] OBJ_id_it_confirmWaitTime */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0F, /* [2295] OBJ_id_it_origPKIMessage */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01, /* [2303] OBJ_id_regCtrl */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02, /* [2311] OBJ_id_regInfo */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x01,/* [2319] OBJ_id_regCtrl_regToken */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x02,/* [2328] OBJ_id_regCtrl_authenticator */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x03,/* [2337] OBJ_id_regCtrl_pkiPublicationInfo */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x04,/* [2346] OBJ_id_regCtrl_pkiArchiveOptions */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x05,/* [2355] OBJ_id_regCtrl_oldCertID */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x06,/* [2364] OBJ_id_regCtrl_protocolEncrKey */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x01,/* [2373] OBJ_id_regInfo_utf8Pairs */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x02,/* [2382] OBJ_id_regInfo_certReq */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x01, /* [2391] OBJ_id_alg_des40 */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x02, /* [2399] OBJ_id_alg_noSignature */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x03, /* [2407] OBJ_id_alg_dh_sig_hmac_sha1 */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x04, /* [2415] OBJ_id_alg_dh_pop */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x01, /* [2423] OBJ_id_cmc_statusInfo */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x02, /* [2431] OBJ_id_cmc_identification */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x03, /* [2439] OBJ_id_cmc_identityProof */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x04, /* [2447] OBJ_id_cmc_dataReturn */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x05, /* [2455] OBJ_id_cmc_transactionId */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x06, /* [2463] OBJ_id_cmc_senderNonce */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x07, /* [2471] OBJ_id_cmc_recipientNonce */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x08, /* [2479] OBJ_id_cmc_addExtensions */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x09, /* [2487] OBJ_id_cmc_encryptedPOP */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0A, /* [2495] OBJ_id_cmc_decryptedPOP */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0B, /* [2503] OBJ_id_cmc_lraPOPWitness */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0F, /* [2511] OBJ_id_cmc_getCert */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x10, /* [2519] OBJ_id_cmc_getCRL */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x11, /* [2527] OBJ_id_cmc_revokeRequest */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x12, /* [2535] OBJ_id_cmc_regInfo */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x13, /* [2543] OBJ_id_cmc_responseInfo */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x15, /* [2551] OBJ_id_cmc_queryPending */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x16, /* [2559] OBJ_id_cmc_popLinkRandom */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x17, /* [2567] OBJ_id_cmc_popLinkWitness */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x18, /* [2575] OBJ_id_cmc_confirmCertAcceptance */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x01, /* [2583] OBJ_id_on_personalData */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x01, /* [2591] OBJ_id_pda_dateOfBirth */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x02, /* [2599] OBJ_id_pda_placeOfBirth */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03, /* [2607] OBJ_id_pda_gender */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04, /* [2615] OBJ_id_pda_countryOfCitizenship */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05, /* [2623] OBJ_id_pda_countryOfResidence */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01, /* [2631] OBJ_id_aca_authenticationInfo */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02, /* [2639] OBJ_id_aca_accessIdentity */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03, /* [2647] OBJ_id_aca_chargingIdentity */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04, /* [2655] OBJ_id_aca_group */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05, /* [2663] OBJ_id_aca_role */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01, /* [2671] OBJ_id_qcs_pkixQCSyntax_v1 */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01, /* [2679] OBJ_id_cct_crs */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02, /* [2687] OBJ_id_cct_PKIData */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03, /* [2695] OBJ_id_cct_PKIResponse */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03, /* [2703] OBJ_ad_timeStamping */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04, /* [2711] OBJ_ad_dvcs */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01,/* [2719] OBJ_id_pkix_OCSP_basic */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02,/* [2728] OBJ_id_pkix_OCSP_Nonce */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03,/* [2737] OBJ_id_pkix_OCSP_CrlID */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04,/* [2746] OBJ_id_pkix_OCSP_acceptableResponses */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,/* [2755] OBJ_id_pkix_OCSP_noCheck */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06,/* [2764] OBJ_id_pkix_OCSP_archiveCutoff */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07,/* [2773] OBJ_id_pkix_OCSP_serviceLocator */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08,/* [2782] OBJ_id_pkix_OCSP_extendedStatus */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09,/* [2791] OBJ_id_pkix_OCSP_valid */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A,/* [2800] OBJ_id_pkix_OCSP_path */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B,/* [2809] OBJ_id_pkix_OCSP_trustRoot */ -+0x2B,0x0E,0x03,0x02, /* [2818] OBJ_algorithm */ -+0x2B,0x0E,0x03,0x02,0x0B, /* [2822] OBJ_rsaSignature */ -+0x55,0x08, /* [2827] OBJ_X500algorithms */ -+0x2B, /* [2829] OBJ_org */ -+0x2B,0x06, /* [2830] OBJ_dod */ -+0x2B,0x06,0x01, /* [2832] OBJ_iana */ -+0x2B,0x06,0x01,0x01, /* [2835] OBJ_Directory */ -+0x2B,0x06,0x01,0x02, /* [2839] OBJ_Management */ -+0x2B,0x06,0x01,0x03, /* [2843] OBJ_Experimental */ -+0x2B,0x06,0x01,0x04, /* [2847] OBJ_Private */ -+0x2B,0x06,0x01,0x05, /* [2851] OBJ_Security */ -+0x2B,0x06,0x01,0x06, /* [2855] OBJ_SNMPv2 */ -+0x2B,0x06,0x01,0x07, /* [2859] OBJ_Mail */ -+0x2B,0x06,0x01,0x04,0x01, /* [2863] OBJ_Enterprises */ -+0x2B,0x06,0x01,0x04,0x01,0x8B,0x3A,0x82,0x58,/* [2868] OBJ_dcObject */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2877] OBJ_domainComponent */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2887] OBJ_Domain */ -+0x55,0x01,0x05, /* [2897] OBJ_selected_attribute_types */ -+0x55,0x01,0x05,0x37, /* [2900] OBJ_clearance */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,/* [2904] OBJ_md4WithRSAEncryption */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A, /* [2913] OBJ_ac_proxying */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B, /* [2921] OBJ_sinfo_access */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06, /* [2929] OBJ_id_aca_encAttrs */ -+0x55,0x04,0x48, /* [2937] OBJ_role */ -+0x55,0x1D,0x24, /* [2940] OBJ_policy_constraints */ -+0x55,0x1D,0x37, /* [2943] OBJ_target_information */ -+0x55,0x1D,0x38, /* [2946] OBJ_no_rev_avail */ -+0x2A,0x86,0x48,0xCE,0x3D, /* [2949] OBJ_ansi_X9_62 */ -+0x2A,0x86,0x48,0xCE,0x3D,0x01,0x01, /* [2954] OBJ_X9_62_prime_field */ -+0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02, /* [2961] OBJ_X9_62_characteristic_two_field */ -+0x2A,0x86,0x48,0xCE,0x3D,0x02,0x01, /* [2968] OBJ_X9_62_id_ecPublicKey */ -+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x01, /* [2975] OBJ_X9_62_prime192v1 */ -+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x02, /* [2983] OBJ_X9_62_prime192v2 */ -+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x03, /* [2991] OBJ_X9_62_prime192v3 */ -+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x04, /* [2999] OBJ_X9_62_prime239v1 */ -+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x05, /* [3007] OBJ_X9_62_prime239v2 */ -+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x06, /* [3015] OBJ_X9_62_prime239v3 */ -+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07, /* [3023] OBJ_X9_62_prime256v1 */ -+0x2A,0x86,0x48,0xCE,0x3D,0x04,0x01, /* [3031] OBJ_ecdsa_with_SHA1 */ -+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x01,/* [3038] OBJ_ms_csp_name */ -+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x01,/* [3047] OBJ_aes_128_ecb */ -+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x02,/* [3056] OBJ_aes_128_cbc */ -+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x03,/* [3065] OBJ_aes_128_ofb128 */ -+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x04,/* [3074] OBJ_aes_128_cfb128 */ -+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x15,/* [3083] OBJ_aes_192_ecb */ -+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x16,/* [3092] OBJ_aes_192_cbc */ -+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x17,/* [3101] OBJ_aes_192_ofb128 */ -+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x18,/* [3110] OBJ_aes_192_cfb128 */ -+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x29,/* [3119] OBJ_aes_256_ecb */ -+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2A,/* [3128] OBJ_aes_256_cbc */ -+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2B,/* [3137] OBJ_aes_256_ofb128 */ -+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2C,/* [3146] OBJ_aes_256_cfb128 */ -+0x55,0x1D,0x17, /* [3155] OBJ_hold_instruction_code */ -+0x2A,0x86,0x48,0xCE,0x38,0x02,0x01, /* [3158] OBJ_hold_instruction_none */ -+0x2A,0x86,0x48,0xCE,0x38,0x02,0x02, /* [3165] OBJ_hold_instruction_call_issuer */ -+0x2A,0x86,0x48,0xCE,0x38,0x02,0x03, /* [3172] OBJ_hold_instruction_reject */ -+0x09, /* [3179] OBJ_data */ -+0x09,0x92,0x26, /* [3180] OBJ_pss */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C, /* [3183] OBJ_ucl */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64, /* [3190] OBJ_pilot */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,/* [3198] OBJ_pilotAttributeType */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,/* [3207] OBJ_pilotAttributeSyntax */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,/* [3216] OBJ_pilotObjectClass */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x0A,/* [3225] OBJ_pilotGroups */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x04,/* [3234] OBJ_iA5StringSyntax */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x05,/* [3244] OBJ_caseIgnoreIA5StringSyntax */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x03,/* [3254] OBJ_pilotObject */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x04,/* [3264] OBJ_pilotPerson */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x05,/* [3274] OBJ_account */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x06,/* [3284] OBJ_document */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x07,/* [3294] OBJ_room */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x09,/* [3304] OBJ_documentSeries */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0E,/* [3314] OBJ_rFC822localPart */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0F,/* [3324] OBJ_dNSDomain */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x11,/* [3334] OBJ_domainRelatedObject */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x12,/* [3344] OBJ_friendlyCountry */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x13,/* [3354] OBJ_simpleSecurityObject */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x14,/* [3364] OBJ_pilotOrganization */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x15,/* [3374] OBJ_pilotDSA */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x16,/* [3384] OBJ_qualityLabelledData */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x01,/* [3394] OBJ_userId */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x02,/* [3404] OBJ_textEncodedORAddress */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x03,/* [3414] OBJ_rfc822Mailbox */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x04,/* [3424] OBJ_info */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x05,/* [3434] OBJ_favouriteDrink */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x06,/* [3444] OBJ_roomNumber */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x07,/* [3454] OBJ_photo */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x08,/* [3464] OBJ_userClass */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x09,/* [3474] OBJ_host */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0A,/* [3484] OBJ_manager */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0B,/* [3494] OBJ_documentIdentifier */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0C,/* [3504] OBJ_documentTitle */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0D,/* [3514] OBJ_documentVersion */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0E,/* [3524] OBJ_documentAuthor */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0F,/* [3534] OBJ_documentLocation */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x14,/* [3544] OBJ_homeTelephoneNumber */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x15,/* [3554] OBJ_secretary */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x16,/* [3564] OBJ_otherMailbox */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x17,/* [3574] OBJ_lastModifiedTime */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x18,/* [3584] OBJ_lastModifiedBy */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1A,/* [3594] OBJ_aRecord */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1B,/* [3604] OBJ_pilotAttributeType27 */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1C,/* [3614] OBJ_mXRecord */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1D,/* [3624] OBJ_nSRecord */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1E,/* [3634] OBJ_sOARecord */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1F,/* [3644] OBJ_cNAMERecord */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x25,/* [3654] OBJ_associatedDomain */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x26,/* [3664] OBJ_associatedName */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x27,/* [3674] OBJ_homePostalAddress */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x28,/* [3684] OBJ_personalTitle */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x29,/* [3694] OBJ_mobileTelephoneNumber */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2A,/* [3704] OBJ_pagerTelephoneNumber */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2B,/* [3714] OBJ_friendlyCountryName */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2D,/* [3724] OBJ_organizationalStatus */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2E,/* [3734] OBJ_janetMailbox */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2F,/* [3744] OBJ_mailPreferenceOption */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x30,/* [3754] OBJ_buildingName */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x31,/* [3764] OBJ_dSAQuality */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x32,/* [3774] OBJ_singleLevelQuality */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x33,/* [3784] OBJ_subtreeMinimumQuality */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x34,/* [3794] OBJ_subtreeMaximumQuality */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x35,/* [3804] OBJ_personalSignature */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x36,/* [3814] OBJ_dITRedirect */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x37,/* [3824] OBJ_audio */ -+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x38,/* [3834] OBJ_documentPublisher */ -+0x55,0x04,0x2D, /* [3844] OBJ_x500UniqueIdentifier */ -+0x2B,0x06,0x01,0x07,0x01, /* [3847] OBJ_mime_mhs */ -+0x2B,0x06,0x01,0x07,0x01,0x01, /* [3852] OBJ_mime_mhs_headings */ -+0x2B,0x06,0x01,0x07,0x01,0x02, /* [3858] OBJ_mime_mhs_bodies */ -+0x2B,0x06,0x01,0x07,0x01,0x01,0x01, /* [3864] OBJ_id_hex_partial_message */ -+0x2B,0x06,0x01,0x07,0x01,0x01,0x02, /* [3871] OBJ_id_hex_multipart_message */ -+0x55,0x04,0x2C, /* [3878] OBJ_generationQualifier */ -+0x55,0x04,0x41, /* [3881] OBJ_pseudonym */ -+0x67,0x2A, /* [3884] OBJ_id_set */ -+0x67,0x2A,0x00, /* [3886] OBJ_set_ctype */ -+0x67,0x2A,0x01, /* [3889] OBJ_set_msgExt */ -+0x67,0x2A,0x03, /* [3892] OBJ_set_attr */ -+0x67,0x2A,0x05, /* [3895] OBJ_set_policy */ -+0x67,0x2A,0x07, /* [3898] OBJ_set_certExt */ -+0x67,0x2A,0x08, /* [3901] OBJ_set_brand */ -+0x67,0x2A,0x00,0x00, /* [3904] OBJ_setct_PANData */ -+0x67,0x2A,0x00,0x01, /* [3908] OBJ_setct_PANToken */ -+0x67,0x2A,0x00,0x02, /* [3912] OBJ_setct_PANOnly */ -+0x67,0x2A,0x00,0x03, /* [3916] OBJ_setct_OIData */ -+0x67,0x2A,0x00,0x04, /* [3920] OBJ_setct_PI */ -+0x67,0x2A,0x00,0x05, /* [3924] OBJ_setct_PIData */ -+0x67,0x2A,0x00,0x06, /* [3928] OBJ_setct_PIDataUnsigned */ -+0x67,0x2A,0x00,0x07, /* [3932] OBJ_setct_HODInput */ -+0x67,0x2A,0x00,0x08, /* [3936] OBJ_setct_AuthResBaggage */ -+0x67,0x2A,0x00,0x09, /* [3940] OBJ_setct_AuthRevReqBaggage */ -+0x67,0x2A,0x00,0x0A, /* [3944] OBJ_setct_AuthRevResBaggage */ -+0x67,0x2A,0x00,0x0B, /* [3948] OBJ_setct_CapTokenSeq */ -+0x67,0x2A,0x00,0x0C, /* [3952] OBJ_setct_PInitResData */ -+0x67,0x2A,0x00,0x0D, /* [3956] OBJ_setct_PI_TBS */ -+0x67,0x2A,0x00,0x0E, /* [3960] OBJ_setct_PResData */ -+0x67,0x2A,0x00,0x10, /* [3964] OBJ_setct_AuthReqTBS */ -+0x67,0x2A,0x00,0x11, /* [3968] OBJ_setct_AuthResTBS */ -+0x67,0x2A,0x00,0x12, /* [3972] OBJ_setct_AuthResTBSX */ -+0x67,0x2A,0x00,0x13, /* [3976] OBJ_setct_AuthTokenTBS */ -+0x67,0x2A,0x00,0x14, /* [3980] OBJ_setct_CapTokenData */ -+0x67,0x2A,0x00,0x15, /* [3984] OBJ_setct_CapTokenTBS */ -+0x67,0x2A,0x00,0x16, /* [3988] OBJ_setct_AcqCardCodeMsg */ -+0x67,0x2A,0x00,0x17, /* [3992] OBJ_setct_AuthRevReqTBS */ -+0x67,0x2A,0x00,0x18, /* [3996] OBJ_setct_AuthRevResData */ -+0x67,0x2A,0x00,0x19, /* [4000] OBJ_setct_AuthRevResTBS */ -+0x67,0x2A,0x00,0x1A, /* [4004] OBJ_setct_CapReqTBS */ -+0x67,0x2A,0x00,0x1B, /* [4008] OBJ_setct_CapReqTBSX */ -+0x67,0x2A,0x00,0x1C, /* [4012] OBJ_setct_CapResData */ -+0x67,0x2A,0x00,0x1D, /* [4016] OBJ_setct_CapRevReqTBS */ -+0x67,0x2A,0x00,0x1E, /* [4020] OBJ_setct_CapRevReqTBSX */ -+0x67,0x2A,0x00,0x1F, /* [4024] OBJ_setct_CapRevResData */ -+0x67,0x2A,0x00,0x20, /* [4028] OBJ_setct_CredReqTBS */ -+0x67,0x2A,0x00,0x21, /* [4032] OBJ_setct_CredReqTBSX */ -+0x67,0x2A,0x00,0x22, /* [4036] OBJ_setct_CredResData */ -+0x67,0x2A,0x00,0x23, /* [4040] OBJ_setct_CredRevReqTBS */ -+0x67,0x2A,0x00,0x24, /* [4044] OBJ_setct_CredRevReqTBSX */ -+0x67,0x2A,0x00,0x25, /* [4048] OBJ_setct_CredRevResData */ -+0x67,0x2A,0x00,0x26, /* [4052] OBJ_setct_PCertReqData */ -+0x67,0x2A,0x00,0x27, /* [4056] OBJ_setct_PCertResTBS */ -+0x67,0x2A,0x00,0x28, /* [4060] OBJ_setct_BatchAdminReqData */ -+0x67,0x2A,0x00,0x29, /* [4064] OBJ_setct_BatchAdminResData */ -+0x67,0x2A,0x00,0x2A, /* [4068] OBJ_setct_CardCInitResTBS */ -+0x67,0x2A,0x00,0x2B, /* [4072] OBJ_setct_MeAqCInitResTBS */ -+0x67,0x2A,0x00,0x2C, /* [4076] OBJ_setct_RegFormResTBS */ -+0x67,0x2A,0x00,0x2D, /* [4080] OBJ_setct_CertReqData */ -+0x67,0x2A,0x00,0x2E, /* [4084] OBJ_setct_CertReqTBS */ -+0x67,0x2A,0x00,0x2F, /* [4088] OBJ_setct_CertResData */ -+0x67,0x2A,0x00,0x30, /* [4092] OBJ_setct_CertInqReqTBS */ -+0x67,0x2A,0x00,0x31, /* [4096] OBJ_setct_ErrorTBS */ -+0x67,0x2A,0x00,0x32, /* [4100] OBJ_setct_PIDualSignedTBE */ -+0x67,0x2A,0x00,0x33, /* [4104] OBJ_setct_PIUnsignedTBE */ -+0x67,0x2A,0x00,0x34, /* [4108] OBJ_setct_AuthReqTBE */ -+0x67,0x2A,0x00,0x35, /* [4112] OBJ_setct_AuthResTBE */ -+0x67,0x2A,0x00,0x36, /* [4116] OBJ_setct_AuthResTBEX */ -+0x67,0x2A,0x00,0x37, /* [4120] OBJ_setct_AuthTokenTBE */ -+0x67,0x2A,0x00,0x38, /* [4124] OBJ_setct_CapTokenTBE */ -+0x67,0x2A,0x00,0x39, /* [4128] OBJ_setct_CapTokenTBEX */ -+0x67,0x2A,0x00,0x3A, /* [4132] OBJ_setct_AcqCardCodeMsgTBE */ -+0x67,0x2A,0x00,0x3B, /* [4136] OBJ_setct_AuthRevReqTBE */ -+0x67,0x2A,0x00,0x3C, /* [4140] OBJ_setct_AuthRevResTBE */ -+0x67,0x2A,0x00,0x3D, /* [4144] OBJ_setct_AuthRevResTBEB */ -+0x67,0x2A,0x00,0x3E, /* [4148] OBJ_setct_CapReqTBE */ -+0x67,0x2A,0x00,0x3F, /* [4152] OBJ_setct_CapReqTBEX */ -+0x67,0x2A,0x00,0x40, /* [4156] OBJ_setct_CapResTBE */ -+0x67,0x2A,0x00,0x41, /* [4160] OBJ_setct_CapRevReqTBE */ -+0x67,0x2A,0x00,0x42, /* [4164] OBJ_setct_CapRevReqTBEX */ -+0x67,0x2A,0x00,0x43, /* [4168] OBJ_setct_CapRevResTBE */ -+0x67,0x2A,0x00,0x44, /* [4172] OBJ_setct_CredReqTBE */ -+0x67,0x2A,0x00,0x45, /* [4176] OBJ_setct_CredReqTBEX */ -+0x67,0x2A,0x00,0x46, /* [4180] OBJ_setct_CredResTBE */ -+0x67,0x2A,0x00,0x47, /* [4184] OBJ_setct_CredRevReqTBE */ -+0x67,0x2A,0x00,0x48, /* [4188] OBJ_setct_CredRevReqTBEX */ -+0x67,0x2A,0x00,0x49, /* [4192] OBJ_setct_CredRevResTBE */ -+0x67,0x2A,0x00,0x4A, /* [4196] OBJ_setct_BatchAdminReqTBE */ -+0x67,0x2A,0x00,0x4B, /* [4200] OBJ_setct_BatchAdminResTBE */ -+0x67,0x2A,0x00,0x4C, /* [4204] OBJ_setct_RegFormReqTBE */ -+0x67,0x2A,0x00,0x4D, /* [4208] OBJ_setct_CertReqTBE */ -+0x67,0x2A,0x00,0x4E, /* [4212] OBJ_setct_CertReqTBEX */ -+0x67,0x2A,0x00,0x4F, /* [4216] OBJ_setct_CertResTBE */ -+0x67,0x2A,0x00,0x50, /* [4220] OBJ_setct_CRLNotificationTBS */ -+0x67,0x2A,0x00,0x51, /* [4224] OBJ_setct_CRLNotificationResTBS */ -+0x67,0x2A,0x00,0x52, /* [4228] OBJ_setct_BCIDistributionTBS */ -+0x67,0x2A,0x01,0x01, /* [4232] OBJ_setext_genCrypt */ -+0x67,0x2A,0x01,0x03, /* [4236] OBJ_setext_miAuth */ -+0x67,0x2A,0x01,0x04, /* [4240] OBJ_setext_pinSecure */ -+0x67,0x2A,0x01,0x05, /* [4244] OBJ_setext_pinAny */ -+0x67,0x2A,0x01,0x07, /* [4248] OBJ_setext_track2 */ -+0x67,0x2A,0x01,0x08, /* [4252] OBJ_setext_cv */ -+0x67,0x2A,0x05,0x00, /* [4256] OBJ_set_policy_root */ -+0x67,0x2A,0x07,0x00, /* [4260] OBJ_setCext_hashedRoot */ -+0x67,0x2A,0x07,0x01, /* [4264] OBJ_setCext_certType */ -+0x67,0x2A,0x07,0x02, /* [4268] OBJ_setCext_merchData */ -+0x67,0x2A,0x07,0x03, /* [4272] OBJ_setCext_cCertRequired */ -+0x67,0x2A,0x07,0x04, /* [4276] OBJ_setCext_tunneling */ -+0x67,0x2A,0x07,0x05, /* [4280] OBJ_setCext_setExt */ -+0x67,0x2A,0x07,0x06, /* [4284] OBJ_setCext_setQualf */ -+0x67,0x2A,0x07,0x07, /* [4288] OBJ_setCext_PGWYcapabilities */ -+0x67,0x2A,0x07,0x08, /* [4292] OBJ_setCext_TokenIdentifier */ -+0x67,0x2A,0x07,0x09, /* [4296] OBJ_setCext_Track2Data */ -+0x67,0x2A,0x07,0x0A, /* [4300] OBJ_setCext_TokenType */ -+0x67,0x2A,0x07,0x0B, /* [4304] OBJ_setCext_IssuerCapabilities */ -+0x67,0x2A,0x03,0x00, /* [4308] OBJ_setAttr_Cert */ -+0x67,0x2A,0x03,0x01, /* [4312] OBJ_setAttr_PGWYcap */ -+0x67,0x2A,0x03,0x02, /* [4316] OBJ_setAttr_TokenType */ -+0x67,0x2A,0x03,0x03, /* [4320] OBJ_setAttr_IssCap */ -+0x67,0x2A,0x03,0x00,0x00, /* [4324] OBJ_set_rootKeyThumb */ -+0x67,0x2A,0x03,0x00,0x01, /* [4329] OBJ_set_addPolicy */ -+0x67,0x2A,0x03,0x02,0x01, /* [4334] OBJ_setAttr_Token_EMV */ -+0x67,0x2A,0x03,0x02,0x02, /* [4339] OBJ_setAttr_Token_B0Prime */ -+0x67,0x2A,0x03,0x03,0x03, /* [4344] OBJ_setAttr_IssCap_CVM */ -+0x67,0x2A,0x03,0x03,0x04, /* [4349] OBJ_setAttr_IssCap_T2 */ -+0x67,0x2A,0x03,0x03,0x05, /* [4354] OBJ_setAttr_IssCap_Sig */ -+0x67,0x2A,0x03,0x03,0x03,0x01, /* [4359] OBJ_setAttr_GenCryptgrm */ -+0x67,0x2A,0x03,0x03,0x04,0x01, /* [4365] OBJ_setAttr_T2Enc */ -+0x67,0x2A,0x03,0x03,0x04,0x02, /* [4371] OBJ_setAttr_T2cleartxt */ -+0x67,0x2A,0x03,0x03,0x05,0x01, /* [4377] OBJ_setAttr_TokICCsig */ -+0x67,0x2A,0x03,0x03,0x05,0x02, /* [4383] OBJ_setAttr_SecDevSig */ -+0x67,0x2A,0x08,0x01, /* [4389] OBJ_set_brand_IATA_ATA */ -+0x67,0x2A,0x08,0x1E, /* [4393] OBJ_set_brand_Diners */ -+0x67,0x2A,0x08,0x22, /* [4397] OBJ_set_brand_AmericanExpress */ -+0x67,0x2A,0x08,0x23, /* [4401] OBJ_set_brand_JCB */ -+0x67,0x2A,0x08,0x04, /* [4405] OBJ_set_brand_Visa */ -+0x67,0x2A,0x08,0x05, /* [4409] OBJ_set_brand_MasterCard */ -+0x67,0x2A,0x08,0xAE,0x7B, /* [4413] OBJ_set_brand_Novus */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x0A, /* [4418] OBJ_des_cdmf */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x06,/* [4426] OBJ_rsaOAEPEncryptionSET */ -+0x67, /* [4435] OBJ_international_organizations */ -+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,/* [4436] OBJ_ms_smartcard_login */ -+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,/* [4446] OBJ_ms_upn */ -+0x55,0x04,0x09, /* [4456] OBJ_streetAddress */ -+0x55,0x04,0x11, /* [4459] OBJ_postalCode */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x15, /* [4462] OBJ_id_ppl */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0E, /* [4469] OBJ_proxyCertInfo */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x00, /* [4477] OBJ_id_ppl_anyLanguage */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x01, /* [4485] OBJ_id_ppl_inheritAll */ -+0x55,0x1D,0x1E, /* [4493] OBJ_name_constraints */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x02, /* [4496] OBJ_Independent */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,/* [4504] OBJ_sha256WithRSAEncryption */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0C,/* [4513] OBJ_sha384WithRSAEncryption */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0D,/* [4522] OBJ_sha512WithRSAEncryption */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0E,/* [4531] OBJ_sha224WithRSAEncryption */ -+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,/* [4540] OBJ_sha256 */ -+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,/* [4549] OBJ_sha384 */ -+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,/* [4558] OBJ_sha512 */ -+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04,/* [4567] OBJ_sha224 */ -+0x2B, /* [4576] OBJ_identified_organization */ -+0x2B,0x81,0x04, /* [4577] OBJ_certicom_arc */ -+0x67,0x2B, /* [4580] OBJ_wap */ -+0x67,0x2B,0x01, /* [4582] OBJ_wap_wsg */ -+0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03, /* [4585] OBJ_X9_62_id_characteristic_two_basis */ -+0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x01,/* [4593] OBJ_X9_62_onBasis */ -+0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x02,/* [4602] OBJ_X9_62_tpBasis */ -+0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x03,/* [4611] OBJ_X9_62_ppBasis */ -+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x01, /* [4620] OBJ_X9_62_c2pnb163v1 */ -+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x02, /* [4628] OBJ_X9_62_c2pnb163v2 */ -+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x03, /* [4636] OBJ_X9_62_c2pnb163v3 */ -+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x04, /* [4644] OBJ_X9_62_c2pnb176v1 */ -+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x05, /* [4652] OBJ_X9_62_c2tnb191v1 */ -+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x06, /* [4660] OBJ_X9_62_c2tnb191v2 */ -+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x07, /* [4668] OBJ_X9_62_c2tnb191v3 */ -+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x08, /* [4676] OBJ_X9_62_c2onb191v4 */ -+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x09, /* [4684] OBJ_X9_62_c2onb191v5 */ -+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0A, /* [4692] OBJ_X9_62_c2pnb208w1 */ -+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0B, /* [4700] OBJ_X9_62_c2tnb239v1 */ -+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0C, /* [4708] OBJ_X9_62_c2tnb239v2 */ -+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0D, /* [4716] OBJ_X9_62_c2tnb239v3 */ -+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0E, /* [4724] OBJ_X9_62_c2onb239v4 */ -+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0F, /* [4732] OBJ_X9_62_c2onb239v5 */ -+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x10, /* [4740] OBJ_X9_62_c2pnb272w1 */ -+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x11, /* [4748] OBJ_X9_62_c2pnb304w1 */ -+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x12, /* [4756] OBJ_X9_62_c2tnb359v1 */ -+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x13, /* [4764] OBJ_X9_62_c2pnb368w1 */ -+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x14, /* [4772] OBJ_X9_62_c2tnb431r1 */ -+0x2B,0x81,0x04,0x00,0x06, /* [4780] OBJ_secp112r1 */ -+0x2B,0x81,0x04,0x00,0x07, /* [4785] OBJ_secp112r2 */ -+0x2B,0x81,0x04,0x00,0x1C, /* [4790] OBJ_secp128r1 */ -+0x2B,0x81,0x04,0x00,0x1D, /* [4795] OBJ_secp128r2 */ -+0x2B,0x81,0x04,0x00,0x09, /* [4800] OBJ_secp160k1 */ -+0x2B,0x81,0x04,0x00,0x08, /* [4805] OBJ_secp160r1 */ -+0x2B,0x81,0x04,0x00,0x1E, /* [4810] OBJ_secp160r2 */ -+0x2B,0x81,0x04,0x00,0x1F, /* [4815] OBJ_secp192k1 */ -+0x2B,0x81,0x04,0x00,0x20, /* [4820] OBJ_secp224k1 */ -+0x2B,0x81,0x04,0x00,0x21, /* [4825] OBJ_secp224r1 */ -+0x2B,0x81,0x04,0x00,0x0A, /* [4830] OBJ_secp256k1 */ -+0x2B,0x81,0x04,0x00,0x22, /* [4835] OBJ_secp384r1 */ -+0x2B,0x81,0x04,0x00,0x23, /* [4840] OBJ_secp521r1 */ -+0x2B,0x81,0x04,0x00,0x04, /* [4845] OBJ_sect113r1 */ -+0x2B,0x81,0x04,0x00,0x05, /* [4850] OBJ_sect113r2 */ -+0x2B,0x81,0x04,0x00,0x16, /* [4855] OBJ_sect131r1 */ -+0x2B,0x81,0x04,0x00,0x17, /* [4860] OBJ_sect131r2 */ -+0x2B,0x81,0x04,0x00,0x01, /* [4865] OBJ_sect163k1 */ -+0x2B,0x81,0x04,0x00,0x02, /* [4870] OBJ_sect163r1 */ -+0x2B,0x81,0x04,0x00,0x0F, /* [4875] OBJ_sect163r2 */ -+0x2B,0x81,0x04,0x00,0x18, /* [4880] OBJ_sect193r1 */ -+0x2B,0x81,0x04,0x00,0x19, /* [4885] OBJ_sect193r2 */ -+0x2B,0x81,0x04,0x00,0x1A, /* [4890] OBJ_sect233k1 */ -+0x2B,0x81,0x04,0x00,0x1B, /* [4895] OBJ_sect233r1 */ -+0x2B,0x81,0x04,0x00,0x03, /* [4900] OBJ_sect239k1 */ -+0x2B,0x81,0x04,0x00,0x10, /* [4905] OBJ_sect283k1 */ -+0x2B,0x81,0x04,0x00,0x11, /* [4910] OBJ_sect283r1 */ -+0x2B,0x81,0x04,0x00,0x24, /* [4915] OBJ_sect409k1 */ -+0x2B,0x81,0x04,0x00,0x25, /* [4920] OBJ_sect409r1 */ -+0x2B,0x81,0x04,0x00,0x26, /* [4925] OBJ_sect571k1 */ -+0x2B,0x81,0x04,0x00,0x27, /* [4930] OBJ_sect571r1 */ -+0x67,0x2B,0x01,0x04,0x01, /* [4935] OBJ_wap_wsg_idm_ecid_wtls1 */ -+0x67,0x2B,0x01,0x04,0x03, /* [4940] OBJ_wap_wsg_idm_ecid_wtls3 */ -+0x67,0x2B,0x01,0x04,0x04, /* [4945] OBJ_wap_wsg_idm_ecid_wtls4 */ -+0x67,0x2B,0x01,0x04,0x05, /* [4950] OBJ_wap_wsg_idm_ecid_wtls5 */ -+0x67,0x2B,0x01,0x04,0x06, /* [4955] OBJ_wap_wsg_idm_ecid_wtls6 */ -+0x67,0x2B,0x01,0x04,0x07, /* [4960] OBJ_wap_wsg_idm_ecid_wtls7 */ -+0x67,0x2B,0x01,0x04,0x08, /* [4965] OBJ_wap_wsg_idm_ecid_wtls8 */ -+0x67,0x2B,0x01,0x04,0x09, /* [4970] OBJ_wap_wsg_idm_ecid_wtls9 */ -+0x67,0x2B,0x01,0x04,0x0A, /* [4975] OBJ_wap_wsg_idm_ecid_wtls10 */ -+0x67,0x2B,0x01,0x04,0x0B, /* [4980] OBJ_wap_wsg_idm_ecid_wtls11 */ -+0x67,0x2B,0x01,0x04,0x0C, /* [4985] OBJ_wap_wsg_idm_ecid_wtls12 */ -+0x55,0x1D,0x20,0x00, /* [4990] OBJ_any_policy */ -+0x55,0x1D,0x21, /* [4994] OBJ_policy_mappings */ -+0x55,0x1D,0x36, /* [4997] OBJ_inhibit_any_policy */ -+0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x02,/* [5000] OBJ_camellia_128_cbc */ -+0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x03,/* [5011] OBJ_camellia_192_cbc */ -+0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x04,/* [5022] OBJ_camellia_256_cbc */ -+0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x01, /* [5033] OBJ_camellia_128_ecb */ -+0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x15, /* [5041] OBJ_camellia_192_ecb */ -+0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x29, /* [5049] OBJ_camellia_256_ecb */ -+0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x04, /* [5057] OBJ_camellia_128_cfb128 */ -+0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x18, /* [5065] OBJ_camellia_192_cfb128 */ -+0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2C, /* [5073] OBJ_camellia_256_cfb128 */ -+0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x03, /* [5081] OBJ_camellia_128_ofb128 */ -+0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x17, /* [5089] OBJ_camellia_192_ofb128 */ -+0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2B, /* [5097] OBJ_camellia_256_ofb128 */ -+0x55,0x1D,0x09, /* [5105] OBJ_subject_directory_attributes */ -+0x55,0x1D,0x1C, /* [5108] OBJ_issuing_distribution_point */ -+0x55,0x1D,0x1D, /* [5111] OBJ_certificate_issuer */ -+0x2A,0x83,0x1A,0x8C,0x9A,0x44, /* [5114] OBJ_kisa */ -+0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x03, /* [5120] OBJ_seed_ecb */ -+0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x04, /* [5128] OBJ_seed_cbc */ -+0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x06, /* [5136] OBJ_seed_ofb128 */ -+0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x05, /* [5144] OBJ_seed_cfb128 */ -+0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x01, /* [5152] OBJ_hmac_md5 */ -+0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x02, /* [5160] OBJ_hmac_sha1 */ -+0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0D,/* [5168] OBJ_id_PasswordBasedMAC */ -+0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x1E,/* [5177] OBJ_id_DHBasedMac */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x10, /* [5186] OBJ_id_it_suppLangTags */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x05, /* [5194] OBJ_caRepository */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x09,/* [5202] OBJ_id_smime_ct_compressedData */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1B,/* [5213] OBJ_id_ct_asciiTextWithCRLF */ -+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x05,/* [5224] OBJ_id_aes128_wrap */ -+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x19,/* [5233] OBJ_id_aes192_wrap */ -+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2D,/* [5242] OBJ_id_aes256_wrap */ -+0x2A,0x86,0x48,0xCE,0x3D,0x04,0x02, /* [5251] OBJ_ecdsa_with_Recommended */ -+0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03, /* [5258] OBJ_ecdsa_with_Specified */ -+0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x01, /* [5265] OBJ_ecdsa_with_SHA224 */ -+0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x02, /* [5273] OBJ_ecdsa_with_SHA256 */ -+0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x03, /* [5281] OBJ_ecdsa_with_SHA384 */ -+0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x04, /* [5289] OBJ_ecdsa_with_SHA512 */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x06, /* [5297] OBJ_hmacWithMD5 */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x08, /* [5305] OBJ_hmacWithSHA224 */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x09, /* [5313] OBJ_hmacWithSHA256 */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0A, /* [5321] OBJ_hmacWithSHA384 */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0B, /* [5329] OBJ_hmacWithSHA512 */ -+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x01,/* [5337] OBJ_dsa_with_SHA224 */ -+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x02,/* [5346] OBJ_dsa_with_SHA256 */ -+0x28,0xCF,0x06,0x03,0x00,0x37, /* [5355] OBJ_whirlpool */ -+0x2A,0x85,0x03,0x02,0x02, /* [5361] OBJ_cryptopro */ -+0x2A,0x85,0x03,0x02,0x09, /* [5366] OBJ_cryptocom */ -+0x2A,0x85,0x03,0x02,0x02,0x03, /* [5371] OBJ_id_GostR3411_94_with_GostR3410_2001 */ -+0x2A,0x85,0x03,0x02,0x02,0x04, /* [5377] OBJ_id_GostR3411_94_with_GostR3410_94 */ -+0x2A,0x85,0x03,0x02,0x02,0x09, /* [5383] OBJ_id_GostR3411_94 */ -+0x2A,0x85,0x03,0x02,0x02,0x0A, /* [5389] OBJ_id_HMACGostR3411_94 */ -+0x2A,0x85,0x03,0x02,0x02,0x13, /* [5395] OBJ_id_GostR3410_2001 */ -+0x2A,0x85,0x03,0x02,0x02,0x14, /* [5401] OBJ_id_GostR3410_94 */ -+0x2A,0x85,0x03,0x02,0x02,0x15, /* [5407] OBJ_id_Gost28147_89 */ -+0x2A,0x85,0x03,0x02,0x02,0x16, /* [5413] OBJ_id_Gost28147_89_MAC */ -+0x2A,0x85,0x03,0x02,0x02,0x17, /* [5419] OBJ_id_GostR3411_94_prf */ -+0x2A,0x85,0x03,0x02,0x02,0x62, /* [5425] OBJ_id_GostR3410_2001DH */ -+0x2A,0x85,0x03,0x02,0x02,0x63, /* [5431] OBJ_id_GostR3410_94DH */ -+0x2A,0x85,0x03,0x02,0x02,0x0E,0x01, /* [5437] OBJ_id_Gost28147_89_CryptoPro_KeyMeshing */ -+0x2A,0x85,0x03,0x02,0x02,0x0E,0x00, /* [5444] OBJ_id_Gost28147_89_None_KeyMeshing */ -+0x2A,0x85,0x03,0x02,0x02,0x1E,0x00, /* [5451] OBJ_id_GostR3411_94_TestParamSet */ -+0x2A,0x85,0x03,0x02,0x02,0x1E,0x01, /* [5458] OBJ_id_GostR3411_94_CryptoProParamSet */ -+0x2A,0x85,0x03,0x02,0x02,0x1F,0x00, /* [5465] OBJ_id_Gost28147_89_TestParamSet */ -+0x2A,0x85,0x03,0x02,0x02,0x1F,0x01, /* [5472] OBJ_id_Gost28147_89_CryptoPro_A_ParamSet */ -+0x2A,0x85,0x03,0x02,0x02,0x1F,0x02, /* [5479] OBJ_id_Gost28147_89_CryptoPro_B_ParamSet */ -+0x2A,0x85,0x03,0x02,0x02,0x1F,0x03, /* [5486] OBJ_id_Gost28147_89_CryptoPro_C_ParamSet */ -+0x2A,0x85,0x03,0x02,0x02,0x1F,0x04, /* [5493] OBJ_id_Gost28147_89_CryptoPro_D_ParamSet */ -+0x2A,0x85,0x03,0x02,0x02,0x1F,0x05, /* [5500] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet */ -+0x2A,0x85,0x03,0x02,0x02,0x1F,0x06, /* [5507] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet */ -+0x2A,0x85,0x03,0x02,0x02,0x1F,0x07, /* [5514] OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet */ -+0x2A,0x85,0x03,0x02,0x02,0x20,0x00, /* [5521] OBJ_id_GostR3410_94_TestParamSet */ -+0x2A,0x85,0x03,0x02,0x02,0x20,0x02, /* [5528] OBJ_id_GostR3410_94_CryptoPro_A_ParamSet */ -+0x2A,0x85,0x03,0x02,0x02,0x20,0x03, /* [5535] OBJ_id_GostR3410_94_CryptoPro_B_ParamSet */ -+0x2A,0x85,0x03,0x02,0x02,0x20,0x04, /* [5542] OBJ_id_GostR3410_94_CryptoPro_C_ParamSet */ -+0x2A,0x85,0x03,0x02,0x02,0x20,0x05, /* [5549] OBJ_id_GostR3410_94_CryptoPro_D_ParamSet */ -+0x2A,0x85,0x03,0x02,0x02,0x21,0x01, /* [5556] OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet */ -+0x2A,0x85,0x03,0x02,0x02,0x21,0x02, /* [5563] OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet */ -+0x2A,0x85,0x03,0x02,0x02,0x21,0x03, /* [5570] OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet */ -+0x2A,0x85,0x03,0x02,0x02,0x23,0x00, /* [5577] OBJ_id_GostR3410_2001_TestParamSet */ -+0x2A,0x85,0x03,0x02,0x02,0x23,0x01, /* [5584] OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet */ -+0x2A,0x85,0x03,0x02,0x02,0x23,0x02, /* [5591] OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet */ -+0x2A,0x85,0x03,0x02,0x02,0x23,0x03, /* [5598] OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet */ -+0x2A,0x85,0x03,0x02,0x02,0x24,0x00, /* [5605] OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet */ -+0x2A,0x85,0x03,0x02,0x02,0x24,0x01, /* [5612] OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet */ -+0x2A,0x85,0x03,0x02,0x02,0x14,0x01, /* [5619] OBJ_id_GostR3410_94_a */ -+0x2A,0x85,0x03,0x02,0x02,0x14,0x02, /* [5626] OBJ_id_GostR3410_94_aBis */ -+0x2A,0x85,0x03,0x02,0x02,0x14,0x03, /* [5633] OBJ_id_GostR3410_94_b */ -+0x2A,0x85,0x03,0x02,0x02,0x14,0x04, /* [5640] OBJ_id_GostR3410_94_bBis */ -+0x2A,0x85,0x03,0x02,0x09,0x01,0x06,0x01, /* [5647] OBJ_id_Gost28147_89_cc */ -+0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x03, /* [5655] OBJ_id_GostR3410_94_cc */ -+0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x04, /* [5663] OBJ_id_GostR3410_2001_cc */ -+0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x03, /* [5671] OBJ_id_GostR3411_94_with_GostR3410_94_cc */ -+0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x04, /* [5679] OBJ_id_GostR3411_94_with_GostR3410_2001_cc */ -+0x2A,0x85,0x03,0x02,0x09,0x01,0x08,0x01, /* [5687] OBJ_id_GostR3410_2001_ParamSet_cc */ -+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x02,/* [5695] OBJ_LocalKeySet */ -+0x55,0x1D,0x2E, /* [5704] OBJ_freshest_crl */ -+0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x03, /* [5707] OBJ_id_on_permanentIdentifier */ -+0x55,0x04,0x0E, /* [5715] OBJ_searchGuide */ -+0x55,0x04,0x0F, /* [5718] OBJ_businessCategory */ -+0x55,0x04,0x10, /* [5721] OBJ_postalAddress */ -+0x55,0x04,0x12, /* [5724] OBJ_postOfficeBox */ -+0x55,0x04,0x13, /* [5727] OBJ_physicalDeliveryOfficeName */ -+0x55,0x04,0x14, /* [5730] OBJ_telephoneNumber */ -+0x55,0x04,0x15, /* [5733] OBJ_telexNumber */ -+0x55,0x04,0x16, /* [5736] OBJ_teletexTerminalIdentifier */ -+0x55,0x04,0x17, /* [5739] OBJ_facsimileTelephoneNumber */ -+0x55,0x04,0x18, /* [5742] OBJ_x121Address */ -+0x55,0x04,0x19, /* [5745] OBJ_internationaliSDNNumber */ -+0x55,0x04,0x1A, /* [5748] OBJ_registeredAddress */ -+0x55,0x04,0x1B, /* [5751] OBJ_destinationIndicator */ -+0x55,0x04,0x1C, /* [5754] OBJ_preferredDeliveryMethod */ -+0x55,0x04,0x1D, /* [5757] OBJ_presentationAddress */ -+0x55,0x04,0x1E, /* [5760] OBJ_supportedApplicationContext */ -+0x55,0x04,0x1F, /* [5763] OBJ_member */ -+0x55,0x04,0x20, /* [5766] OBJ_owner */ -+0x55,0x04,0x21, /* [5769] OBJ_roleOccupant */ -+0x55,0x04,0x22, /* [5772] OBJ_seeAlso */ -+0x55,0x04,0x23, /* [5775] OBJ_userPassword */ -+0x55,0x04,0x24, /* [5778] OBJ_userCertificate */ -+0x55,0x04,0x25, /* [5781] OBJ_cACertificate */ -+0x55,0x04,0x26, /* [5784] OBJ_authorityRevocationList */ -+0x55,0x04,0x27, /* [5787] OBJ_certificateRevocationList */ -+0x55,0x04,0x28, /* [5790] OBJ_crossCertificatePair */ -+0x55,0x04,0x2F, /* [5793] OBJ_enhancedSearchGuide */ -+0x55,0x04,0x30, /* [5796] OBJ_protocolInformation */ -+0x55,0x04,0x31, /* [5799] OBJ_distinguishedName */ -+0x55,0x04,0x32, /* [5802] OBJ_uniqueMember */ -+0x55,0x04,0x33, /* [5805] OBJ_houseIdentifier */ -+0x55,0x04,0x34, /* [5808] OBJ_supportedAlgorithms */ -+0x55,0x04,0x35, /* [5811] OBJ_deltaRevocationList */ -+0x55,0x04,0x36, /* [5814] OBJ_dmdName */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x09,/* [5817] OBJ_id_alg_PWRI_KEK */ -+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x06,/* [5828] OBJ_aes_128_gcm */ -+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x07,/* [5837] OBJ_aes_128_ccm */ -+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x08,/* [5846] OBJ_id_aes128_wrap_pad */ -+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1A,/* [5855] OBJ_aes_192_gcm */ -+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1B,/* [5864] OBJ_aes_192_ccm */ -+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1C,/* [5873] OBJ_id_aes192_wrap_pad */ -+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2E,/* [5882] OBJ_aes_256_gcm */ -+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2F,/* [5891] OBJ_aes_256_ccm */ -+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x30,/* [5900] OBJ_id_aes256_wrap_pad */ -+0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x02,/* [5909] OBJ_id_camellia128_wrap */ -+0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x03,/* [5920] OBJ_id_camellia192_wrap */ -+0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x04,/* [5931] OBJ_id_camellia256_wrap */ -+0x55,0x1D,0x25,0x00, /* [5942] OBJ_anyExtendedKeyUsage */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x08,/* [5946] OBJ_mgf1 */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0A,/* [5955] OBJ_rsassaPss */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x07,/* [5964] OBJ_rsaesOaep */ -+0x2A,0x86,0x48,0xCE,0x3E,0x02,0x01, /* [5973] OBJ_dhpublicnumber */ -+0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x01,/* [5980] OBJ_brainpoolP160r1 */ -+0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x02,/* [5989] OBJ_brainpoolP160t1 */ -+0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x03,/* [5998] OBJ_brainpoolP192r1 */ -+0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x04,/* [6007] OBJ_brainpoolP192t1 */ -+0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x05,/* [6016] OBJ_brainpoolP224r1 */ -+0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x06,/* [6025] OBJ_brainpoolP224t1 */ -+0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07,/* [6034] OBJ_brainpoolP256r1 */ -+0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x08,/* [6043] OBJ_brainpoolP256t1 */ -+0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x09,/* [6052] OBJ_brainpoolP320r1 */ -+0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0A,/* [6061] OBJ_brainpoolP320t1 */ -+0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0B,/* [6070] OBJ_brainpoolP384r1 */ -+0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0C,/* [6079] OBJ_brainpoolP384t1 */ -+0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0D,/* [6088] OBJ_brainpoolP512r1 */ -+0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0E,/* [6097] OBJ_brainpoolP512t1 */ -+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x09,/* [6106] OBJ_pSpecified */ -+0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x02,/* [6115] OBJ_dhSinglePass_stdDH_sha1kdf_scheme */ -+0x2B,0x81,0x04,0x01,0x0B,0x00, /* [6124] OBJ_dhSinglePass_stdDH_sha224kdf_scheme */ -+0x2B,0x81,0x04,0x01,0x0B,0x01, /* [6130] OBJ_dhSinglePass_stdDH_sha256kdf_scheme */ -+0x2B,0x81,0x04,0x01,0x0B,0x02, /* [6136] OBJ_dhSinglePass_stdDH_sha384kdf_scheme */ -+0x2B,0x81,0x04,0x01,0x0B,0x03, /* [6142] OBJ_dhSinglePass_stdDH_sha512kdf_scheme */ -+0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x03,/* [6148] OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme */ -+0x2B,0x81,0x04,0x01,0x0E,0x00, /* [6157] OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme */ -+0x2B,0x81,0x04,0x01,0x0E,0x01, /* [6163] OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme */ -+0x2B,0x81,0x04,0x01,0x0E,0x02, /* [6169] OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme */ -+0x2B,0x81,0x04,0x01,0x0E,0x03, /* [6175] OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme */ -+0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x02,/* [6181] OBJ_ct_precert_scts */ -+0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x03,/* [6191] OBJ_ct_precert_poison */ -+0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x04,/* [6201] OBJ_ct_precert_signer */ -+0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x05,/* [6211] OBJ_ct_cert_scts */ -+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x01,/* [6221] OBJ_jurisdictionLocalityName */ -+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x02,/* [6232] OBJ_jurisdictionStateOrProvinceName */ -+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x03,/* [6243] OBJ_jurisdictionCountryName */ - }; - --#define NUM_NID 1061 --static const ASN1_OBJECT nid_objs[NUM_NID] = { -- {"UNDEF", "undefined", NID_undef}, -- {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]}, -- {"pkcs", "RSA Data Security, Inc. PKCS", NID_pkcs, 7, &so[6]}, -- {"MD2", "md2", NID_md2, 8, &so[13]}, -- {"MD5", "md5", NID_md5, 8, &so[21]}, -- {"RC4", "rc4", NID_rc4, 8, &so[29]}, -- {"rsaEncryption", "rsaEncryption", NID_rsaEncryption, 9, &so[37]}, -- {"RSA-MD2", "md2WithRSAEncryption", NID_md2WithRSAEncryption, 9, &so[46]}, -- {"RSA-MD5", "md5WithRSAEncryption", NID_md5WithRSAEncryption, 9, &so[55]}, -- {"PBE-MD2-DES", "pbeWithMD2AndDES-CBC", NID_pbeWithMD2AndDES_CBC, 9, &so[64]}, -- {"PBE-MD5-DES", "pbeWithMD5AndDES-CBC", NID_pbeWithMD5AndDES_CBC, 9, &so[73]}, -- {"X500", "directory services (X.500)", NID_X500, 1, &so[82]}, -- {"X509", "X509", NID_X509, 2, &so[83]}, -- {"CN", "commonName", NID_commonName, 3, &so[85]}, -- {"C", "countryName", NID_countryName, 3, &so[88]}, -- {"L", "localityName", NID_localityName, 3, &so[91]}, -- {"ST", "stateOrProvinceName", NID_stateOrProvinceName, 3, &so[94]}, -- {"O", "organizationName", NID_organizationName, 3, &so[97]}, -- {"OU", "organizationalUnitName", NID_organizationalUnitName, 3, &so[100]}, -- {"RSA", "rsa", NID_rsa, 4, &so[103]}, -- {"pkcs7", "pkcs7", NID_pkcs7, 8, &so[107]}, -- {"pkcs7-data", "pkcs7-data", NID_pkcs7_data, 9, &so[115]}, -- {"pkcs7-signedData", "pkcs7-signedData", NID_pkcs7_signed, 9, &so[124]}, -- {"pkcs7-envelopedData", "pkcs7-envelopedData", NID_pkcs7_enveloped, 9, &so[133]}, -- {"pkcs7-signedAndEnvelopedData", "pkcs7-signedAndEnvelopedData", NID_pkcs7_signedAndEnveloped, 9, &so[142]}, -- {"pkcs7-digestData", "pkcs7-digestData", NID_pkcs7_digest, 9, &so[151]}, -- {"pkcs7-encryptedData", "pkcs7-encryptedData", NID_pkcs7_encrypted, 9, &so[160]}, -- {"pkcs3", "pkcs3", NID_pkcs3, 8, &so[169]}, -- {"dhKeyAgreement", "dhKeyAgreement", NID_dhKeyAgreement, 9, &so[177]}, -- {"DES-ECB", "des-ecb", NID_des_ecb, 5, &so[186]}, -- {"DES-CFB", "des-cfb", NID_des_cfb64, 5, &so[191]}, -- {"DES-CBC", "des-cbc", NID_des_cbc, 5, &so[196]}, -- {"DES-EDE", "des-ede", NID_des_ede_ecb, 5, &so[201]}, -- {"DES-EDE3", "des-ede3", NID_des_ede3_ecb}, -- {"IDEA-CBC", "idea-cbc", NID_idea_cbc, 11, &so[206]}, -- {"IDEA-CFB", "idea-cfb", NID_idea_cfb64}, -- {"IDEA-ECB", "idea-ecb", NID_idea_ecb}, -- {"RC2-CBC", "rc2-cbc", NID_rc2_cbc, 8, &so[217]}, -- {"RC2-ECB", "rc2-ecb", NID_rc2_ecb}, -- {"RC2-CFB", "rc2-cfb", NID_rc2_cfb64}, -- {"RC2-OFB", "rc2-ofb", NID_rc2_ofb64}, -- {"SHA", "sha", NID_sha, 5, &so[225]}, -- {"RSA-SHA", "shaWithRSAEncryption", NID_shaWithRSAEncryption, 5, &so[230]}, -- {"DES-EDE-CBC", "des-ede-cbc", NID_des_ede_cbc}, -- {"DES-EDE3-CBC", "des-ede3-cbc", NID_des_ede3_cbc, 8, &so[235]}, -- {"DES-OFB", "des-ofb", NID_des_ofb64, 5, &so[243]}, -- {"IDEA-OFB", "idea-ofb", NID_idea_ofb64}, -- {"pkcs9", "pkcs9", NID_pkcs9, 8, &so[248]}, -- {"emailAddress", "emailAddress", NID_pkcs9_emailAddress, 9, &so[256]}, -- {"unstructuredName", "unstructuredName", NID_pkcs9_unstructuredName, 9, &so[265]}, -- {"contentType", "contentType", NID_pkcs9_contentType, 9, &so[274]}, -- {"messageDigest", "messageDigest", NID_pkcs9_messageDigest, 9, &so[283]}, -- {"signingTime", "signingTime", NID_pkcs9_signingTime, 9, &so[292]}, -- {"countersignature", "countersignature", NID_pkcs9_countersignature, 9, &so[301]}, -- {"challengePassword", "challengePassword", NID_pkcs9_challengePassword, 9, &so[310]}, -- {"unstructuredAddress", "unstructuredAddress", NID_pkcs9_unstructuredAddress, 9, &so[319]}, -- {"extendedCertificateAttributes", "extendedCertificateAttributes", NID_pkcs9_extCertAttributes, 9, &so[328]}, -- {"Netscape", "Netscape Communications Corp.", NID_netscape, 7, &so[337]}, -- {"nsCertExt", "Netscape Certificate Extension", NID_netscape_cert_extension, 8, &so[344]}, -- {"nsDataType", "Netscape Data Type", NID_netscape_data_type, 8, &so[352]}, -- {"DES-EDE-CFB", "des-ede-cfb", NID_des_ede_cfb64}, -- {"DES-EDE3-CFB", "des-ede3-cfb", NID_des_ede3_cfb64}, -- {"DES-EDE-OFB", "des-ede-ofb", NID_des_ede_ofb64}, -- {"DES-EDE3-OFB", "des-ede3-ofb", NID_des_ede3_ofb64}, -- {"SHA1", "sha1", NID_sha1, 5, &so[360]}, -- {"RSA-SHA1", "sha1WithRSAEncryption", NID_sha1WithRSAEncryption, 9, &so[365]}, -- {"DSA-SHA", "dsaWithSHA", NID_dsaWithSHA, 5, &so[374]}, -- {"DSA-old", "dsaEncryption-old", NID_dsa_2, 5, &so[379]}, -- {"PBE-SHA1-RC2-64", "pbeWithSHA1AndRC2-CBC", NID_pbeWithSHA1AndRC2_CBC, 9, &so[384]}, -- {"PBKDF2", "PBKDF2", NID_id_pbkdf2, 9, &so[393]}, -- {"DSA-SHA1-old", "dsaWithSHA1-old", NID_dsaWithSHA1_2, 5, &so[402]}, -- {"nsCertType", "Netscape Cert Type", NID_netscape_cert_type, 9, &so[407]}, -- {"nsBaseUrl", "Netscape Base Url", NID_netscape_base_url, 9, &so[416]}, -- {"nsRevocationUrl", "Netscape Revocation Url", NID_netscape_revocation_url, 9, &so[425]}, -- {"nsCaRevocationUrl", "Netscape CA Revocation Url", NID_netscape_ca_revocation_url, 9, &so[434]}, -- {"nsRenewalUrl", "Netscape Renewal Url", NID_netscape_renewal_url, 9, &so[443]}, -- {"nsCaPolicyUrl", "Netscape CA Policy Url", NID_netscape_ca_policy_url, 9, &so[452]}, -- {"nsSslServerName", "Netscape SSL Server Name", NID_netscape_ssl_server_name, 9, &so[461]}, -- {"nsComment", "Netscape Comment", NID_netscape_comment, 9, &so[470]}, -- {"nsCertSequence", "Netscape Certificate Sequence", NID_netscape_cert_sequence, 9, &so[479]}, -- {"DESX-CBC", "desx-cbc", NID_desx_cbc}, -- {"id-ce", "id-ce", NID_id_ce, 2, &so[488]}, -- {"subjectKeyIdentifier", "X509v3 Subject Key Identifier", NID_subject_key_identifier, 3, &so[490]}, -- {"keyUsage", "X509v3 Key Usage", NID_key_usage, 3, &so[493]}, -- {"privateKeyUsagePeriod", "X509v3 Private Key Usage Period", NID_private_key_usage_period, 3, &so[496]}, -- {"subjectAltName", "X509v3 Subject Alternative Name", NID_subject_alt_name, 3, &so[499]}, -- {"issuerAltName", "X509v3 Issuer Alternative Name", NID_issuer_alt_name, 3, &so[502]}, -- {"basicConstraints", "X509v3 Basic Constraints", NID_basic_constraints, 3, &so[505]}, -- {"crlNumber", "X509v3 CRL Number", NID_crl_number, 3, &so[508]}, -- {"certificatePolicies", "X509v3 Certificate Policies", NID_certificate_policies, 3, &so[511]}, -- {"authorityKeyIdentifier", "X509v3 Authority Key Identifier", NID_authority_key_identifier, 3, &so[514]}, -- {"BF-CBC", "bf-cbc", NID_bf_cbc, 9, &so[517]}, -- {"BF-ECB", "bf-ecb", NID_bf_ecb}, -- {"BF-CFB", "bf-cfb", NID_bf_cfb64}, -- {"BF-OFB", "bf-ofb", NID_bf_ofb64}, -- {"MDC2", "mdc2", NID_mdc2, 4, &so[526]}, -- {"RSA-MDC2", "mdc2WithRSA", NID_mdc2WithRSA, 4, &so[530]}, -- {"RC4-40", "rc4-40", NID_rc4_40}, -- {"RC2-40-CBC", "rc2-40-cbc", NID_rc2_40_cbc}, -- {"GN", "givenName", NID_givenName, 3, &so[534]}, -- {"SN", "surname", NID_surname, 3, &so[537]}, -- {"initials", "initials", NID_initials, 3, &so[540]}, -- {"uid", "uniqueIdentifier", NID_uniqueIdentifier, 10, &so[543]}, -- {"crlDistributionPoints", "X509v3 CRL Distribution Points", NID_crl_distribution_points, 3, &so[553]}, -- {"RSA-NP-MD5", "md5WithRSA", NID_md5WithRSA, 5, &so[556]}, -- {"serialNumber", "serialNumber", NID_serialNumber, 3, &so[561]}, -- {"title", "title", NID_title, 3, &so[564]}, -- {"description", "description", NID_description, 3, &so[567]}, -- {"CAST5-CBC", "cast5-cbc", NID_cast5_cbc, 9, &so[570]}, -- {"CAST5-ECB", "cast5-ecb", NID_cast5_ecb}, -- {"CAST5-CFB", "cast5-cfb", NID_cast5_cfb64}, -- {"CAST5-OFB", "cast5-ofb", NID_cast5_ofb64}, -- {"pbeWithMD5AndCast5CBC", "pbeWithMD5AndCast5CBC", NID_pbeWithMD5AndCast5_CBC, 9, &so[579]}, -- {"DSA-SHA1", "dsaWithSHA1", NID_dsaWithSHA1, 7, &so[588]}, -- {"MD5-SHA1", "md5-sha1", NID_md5_sha1}, -- {"RSA-SHA1-2", "sha1WithRSA", NID_sha1WithRSA, 5, &so[595]}, -- {"DSA", "dsaEncryption", NID_dsa, 7, &so[600]}, -- {"RIPEMD160", "ripemd160", NID_ripemd160, 5, &so[607]}, -- { NULL, NULL, NID_undef }, -- {"RSA-RIPEMD160", "ripemd160WithRSA", NID_ripemd160WithRSA, 6, &so[612]}, -- {"RC5-CBC", "rc5-cbc", NID_rc5_cbc, 8, &so[618]}, -- {"RC5-ECB", "rc5-ecb", NID_rc5_ecb}, -- {"RC5-CFB", "rc5-cfb", NID_rc5_cfb64}, -- {"RC5-OFB", "rc5-ofb", NID_rc5_ofb64}, -- { NULL, NULL, NID_undef }, -- {"ZLIB", "zlib compression", NID_zlib_compression, 11, &so[626]}, -- {"extendedKeyUsage", "X509v3 Extended Key Usage", NID_ext_key_usage, 3, &so[637]}, -- {"PKIX", "PKIX", NID_id_pkix, 6, &so[640]}, -- {"id-kp", "id-kp", NID_id_kp, 7, &so[646]}, -- {"serverAuth", "TLS Web Server Authentication", NID_server_auth, 8, &so[653]}, -- {"clientAuth", "TLS Web Client Authentication", NID_client_auth, 8, &so[661]}, -- {"codeSigning", "Code Signing", NID_code_sign, 8, &so[669]}, -- {"emailProtection", "E-mail Protection", NID_email_protect, 8, &so[677]}, -- {"timeStamping", "Time Stamping", NID_time_stamp, 8, &so[685]}, -- {"msCodeInd", "Microsoft Individual Code Signing", NID_ms_code_ind, 10, &so[693]}, -- {"msCodeCom", "Microsoft Commercial Code Signing", NID_ms_code_com, 10, &so[703]}, -- {"msCTLSign", "Microsoft Trust List Signing", NID_ms_ctl_sign, 10, &so[713]}, -- {"msSGC", "Microsoft Server Gated Crypto", NID_ms_sgc, 10, &so[723]}, -- {"msEFS", "Microsoft Encrypted File System", NID_ms_efs, 10, &so[733]}, -- {"nsSGC", "Netscape Server Gated Crypto", NID_ns_sgc, 9, &so[743]}, -- {"deltaCRL", "X509v3 Delta CRL Indicator", NID_delta_crl, 3, &so[752]}, -- {"CRLReason", "X509v3 CRL Reason Code", NID_crl_reason, 3, &so[755]}, -- {"invalidityDate", "Invalidity Date", NID_invalidity_date, 3, &so[758]}, -- {"SXNetID", "Strong Extranet ID", NID_sxnet, 5, &so[761]}, -- {"PBE-SHA1-RC4-128", "pbeWithSHA1And128BitRC4", NID_pbe_WithSHA1And128BitRC4, 10, &so[766]}, -- {"PBE-SHA1-RC4-40", "pbeWithSHA1And40BitRC4", NID_pbe_WithSHA1And40BitRC4, 10, &so[776]}, -- {"PBE-SHA1-3DES", "pbeWithSHA1And3-KeyTripleDES-CBC", NID_pbe_WithSHA1And3_Key_TripleDES_CBC, 10, &so[786]}, -- {"PBE-SHA1-2DES", "pbeWithSHA1And2-KeyTripleDES-CBC", NID_pbe_WithSHA1And2_Key_TripleDES_CBC, 10, &so[796]}, -- {"PBE-SHA1-RC2-128", "pbeWithSHA1And128BitRC2-CBC", NID_pbe_WithSHA1And128BitRC2_CBC, 10, &so[806]}, -- {"PBE-SHA1-RC2-40", "pbeWithSHA1And40BitRC2-CBC", NID_pbe_WithSHA1And40BitRC2_CBC, 10, &so[816]}, -- {"keyBag", "keyBag", NID_keyBag, 11, &so[826]}, -- {"pkcs8ShroudedKeyBag", "pkcs8ShroudedKeyBag", NID_pkcs8ShroudedKeyBag, 11, &so[837]}, -- {"certBag", "certBag", NID_certBag, 11, &so[848]}, -- {"crlBag", "crlBag", NID_crlBag, 11, &so[859]}, -- {"secretBag", "secretBag", NID_secretBag, 11, &so[870]}, -- {"safeContentsBag", "safeContentsBag", NID_safeContentsBag, 11, &so[881]}, -- {"friendlyName", "friendlyName", NID_friendlyName, 9, &so[892]}, -- {"localKeyID", "localKeyID", NID_localKeyID, 9, &so[901]}, -- {"x509Certificate", "x509Certificate", NID_x509Certificate, 10, &so[910]}, -- {"sdsiCertificate", "sdsiCertificate", NID_sdsiCertificate, 10, &so[920]}, -- {"x509Crl", "x509Crl", NID_x509Crl, 10, &so[930]}, -- {"PBES2", "PBES2", NID_pbes2, 9, &so[940]}, -- {"PBMAC1", "PBMAC1", NID_pbmac1, 9, &so[949]}, -- {"hmacWithSHA1", "hmacWithSHA1", NID_hmacWithSHA1, 8, &so[958]}, -- {"id-qt-cps", "Policy Qualifier CPS", NID_id_qt_cps, 8, &so[966]}, -- {"id-qt-unotice", "Policy Qualifier User Notice", NID_id_qt_unotice, 8, &so[974]}, -- {"RC2-64-CBC", "rc2-64-cbc", NID_rc2_64_cbc}, -- {"SMIME-CAPS", "S/MIME Capabilities", NID_SMIMECapabilities, 9, &so[982]}, -- {"PBE-MD2-RC2-64", "pbeWithMD2AndRC2-CBC", NID_pbeWithMD2AndRC2_CBC, 9, &so[991]}, -- {"PBE-MD5-RC2-64", "pbeWithMD5AndRC2-CBC", NID_pbeWithMD5AndRC2_CBC, 9, &so[1000]}, -- {"PBE-SHA1-DES", "pbeWithSHA1AndDES-CBC", NID_pbeWithSHA1AndDES_CBC, 9, &so[1009]}, -- {"msExtReq", "Microsoft Extension Request", NID_ms_ext_req, 10, &so[1018]}, -- {"extReq", "Extension Request", NID_ext_req, 9, &so[1028]}, -- {"name", "name", NID_name, 3, &so[1037]}, -- {"dnQualifier", "dnQualifier", NID_dnQualifier, 3, &so[1040]}, -- {"id-pe", "id-pe", NID_id_pe, 7, &so[1043]}, -- {"id-ad", "id-ad", NID_id_ad, 7, &so[1050]}, -- {"authorityInfoAccess", "Authority Information Access", NID_info_access, 8, &so[1057]}, -- {"OCSP", "OCSP", NID_ad_OCSP, 8, &so[1065]}, -- {"caIssuers", "CA Issuers", NID_ad_ca_issuers, 8, &so[1073]}, -- {"OCSPSigning", "OCSP Signing", NID_OCSP_sign, 8, &so[1081]}, -- {"ISO", "iso", NID_iso}, -- {"member-body", "ISO Member Body", NID_member_body, 1, &so[1089]}, -- {"ISO-US", "ISO US Member Body", NID_ISO_US, 3, &so[1090]}, -- {"X9-57", "X9.57", NID_X9_57, 5, &so[1093]}, -- {"X9cm", "X9.57 CM ?", NID_X9cm, 6, &so[1098]}, -- {"pkcs1", "pkcs1", NID_pkcs1, 8, &so[1104]}, -- {"pkcs5", "pkcs5", NID_pkcs5, 8, &so[1112]}, -- {"SMIME", "S/MIME", NID_SMIME, 9, &so[1120]}, -- {"id-smime-mod", "id-smime-mod", NID_id_smime_mod, 10, &so[1129]}, -- {"id-smime-ct", "id-smime-ct", NID_id_smime_ct, 10, &so[1139]}, -- {"id-smime-aa", "id-smime-aa", NID_id_smime_aa, 10, &so[1149]}, -- {"id-smime-alg", "id-smime-alg", NID_id_smime_alg, 10, &so[1159]}, -- {"id-smime-cd", "id-smime-cd", NID_id_smime_cd, 10, &so[1169]}, -- {"id-smime-spq", "id-smime-spq", NID_id_smime_spq, 10, &so[1179]}, -- {"id-smime-cti", "id-smime-cti", NID_id_smime_cti, 10, &so[1189]}, -- {"id-smime-mod-cms", "id-smime-mod-cms", NID_id_smime_mod_cms, 11, &so[1199]}, -- {"id-smime-mod-ess", "id-smime-mod-ess", NID_id_smime_mod_ess, 11, &so[1210]}, -- {"id-smime-mod-oid", "id-smime-mod-oid", NID_id_smime_mod_oid, 11, &so[1221]}, -- {"id-smime-mod-msg-v3", "id-smime-mod-msg-v3", NID_id_smime_mod_msg_v3, 11, &so[1232]}, -- {"id-smime-mod-ets-eSignature-88", "id-smime-mod-ets-eSignature-88", NID_id_smime_mod_ets_eSignature_88, 11, &so[1243]}, -- {"id-smime-mod-ets-eSignature-97", "id-smime-mod-ets-eSignature-97", NID_id_smime_mod_ets_eSignature_97, 11, &so[1254]}, -- {"id-smime-mod-ets-eSigPolicy-88", "id-smime-mod-ets-eSigPolicy-88", NID_id_smime_mod_ets_eSigPolicy_88, 11, &so[1265]}, -- {"id-smime-mod-ets-eSigPolicy-97", "id-smime-mod-ets-eSigPolicy-97", NID_id_smime_mod_ets_eSigPolicy_97, 11, &so[1276]}, -- {"id-smime-ct-receipt", "id-smime-ct-receipt", NID_id_smime_ct_receipt, 11, &so[1287]}, -- {"id-smime-ct-authData", "id-smime-ct-authData", NID_id_smime_ct_authData, 11, &so[1298]}, -- {"id-smime-ct-publishCert", "id-smime-ct-publishCert", NID_id_smime_ct_publishCert, 11, &so[1309]}, -- {"id-smime-ct-TSTInfo", "id-smime-ct-TSTInfo", NID_id_smime_ct_TSTInfo, 11, &so[1320]}, -- {"id-smime-ct-TDTInfo", "id-smime-ct-TDTInfo", NID_id_smime_ct_TDTInfo, 11, &so[1331]}, -- {"id-smime-ct-contentInfo", "id-smime-ct-contentInfo", NID_id_smime_ct_contentInfo, 11, &so[1342]}, -- {"id-smime-ct-DVCSRequestData", "id-smime-ct-DVCSRequestData", NID_id_smime_ct_DVCSRequestData, 11, &so[1353]}, -- {"id-smime-ct-DVCSResponseData", "id-smime-ct-DVCSResponseData", NID_id_smime_ct_DVCSResponseData, 11, &so[1364]}, -- {"id-smime-aa-receiptRequest", "id-smime-aa-receiptRequest", NID_id_smime_aa_receiptRequest, 11, &so[1375]}, -- {"id-smime-aa-securityLabel", "id-smime-aa-securityLabel", NID_id_smime_aa_securityLabel, 11, &so[1386]}, -- {"id-smime-aa-mlExpandHistory", "id-smime-aa-mlExpandHistory", NID_id_smime_aa_mlExpandHistory, 11, &so[1397]}, -- {"id-smime-aa-contentHint", "id-smime-aa-contentHint", NID_id_smime_aa_contentHint, 11, &so[1408]}, -- {"id-smime-aa-msgSigDigest", "id-smime-aa-msgSigDigest", NID_id_smime_aa_msgSigDigest, 11, &so[1419]}, -- {"id-smime-aa-encapContentType", "id-smime-aa-encapContentType", NID_id_smime_aa_encapContentType, 11, &so[1430]}, -- {"id-smime-aa-contentIdentifier", "id-smime-aa-contentIdentifier", NID_id_smime_aa_contentIdentifier, 11, &so[1441]}, -- {"id-smime-aa-macValue", "id-smime-aa-macValue", NID_id_smime_aa_macValue, 11, &so[1452]}, -- {"id-smime-aa-equivalentLabels", "id-smime-aa-equivalentLabels", NID_id_smime_aa_equivalentLabels, 11, &so[1463]}, -- {"id-smime-aa-contentReference", "id-smime-aa-contentReference", NID_id_smime_aa_contentReference, 11, &so[1474]}, -- {"id-smime-aa-encrypKeyPref", "id-smime-aa-encrypKeyPref", NID_id_smime_aa_encrypKeyPref, 11, &so[1485]}, -- {"id-smime-aa-signingCertificate", "id-smime-aa-signingCertificate", NID_id_smime_aa_signingCertificate, 11, &so[1496]}, -- {"id-smime-aa-smimeEncryptCerts", "id-smime-aa-smimeEncryptCerts", NID_id_smime_aa_smimeEncryptCerts, 11, &so[1507]}, -- {"id-smime-aa-timeStampToken", "id-smime-aa-timeStampToken", NID_id_smime_aa_timeStampToken, 11, &so[1518]}, -- {"id-smime-aa-ets-sigPolicyId", "id-smime-aa-ets-sigPolicyId", NID_id_smime_aa_ets_sigPolicyId, 11, &so[1529]}, -- {"id-smime-aa-ets-commitmentType", "id-smime-aa-ets-commitmentType", NID_id_smime_aa_ets_commitmentType, 11, &so[1540]}, -- {"id-smime-aa-ets-signerLocation", "id-smime-aa-ets-signerLocation", NID_id_smime_aa_ets_signerLocation, 11, &so[1551]}, -- {"id-smime-aa-ets-signerAttr", "id-smime-aa-ets-signerAttr", NID_id_smime_aa_ets_signerAttr, 11, &so[1562]}, -- {"id-smime-aa-ets-otherSigCert", "id-smime-aa-ets-otherSigCert", NID_id_smime_aa_ets_otherSigCert, 11, &so[1573]}, -- {"id-smime-aa-ets-contentTimestamp", "id-smime-aa-ets-contentTimestamp", NID_id_smime_aa_ets_contentTimestamp, 11, &so[1584]}, -- {"id-smime-aa-ets-CertificateRefs", "id-smime-aa-ets-CertificateRefs", NID_id_smime_aa_ets_CertificateRefs, 11, &so[1595]}, -- {"id-smime-aa-ets-RevocationRefs", "id-smime-aa-ets-RevocationRefs", NID_id_smime_aa_ets_RevocationRefs, 11, &so[1606]}, -- {"id-smime-aa-ets-certValues", "id-smime-aa-ets-certValues", NID_id_smime_aa_ets_certValues, 11, &so[1617]}, -- {"id-smime-aa-ets-revocationValues", "id-smime-aa-ets-revocationValues", NID_id_smime_aa_ets_revocationValues, 11, &so[1628]}, -- {"id-smime-aa-ets-escTimeStamp", "id-smime-aa-ets-escTimeStamp", NID_id_smime_aa_ets_escTimeStamp, 11, &so[1639]}, -- {"id-smime-aa-ets-certCRLTimestamp", "id-smime-aa-ets-certCRLTimestamp", NID_id_smime_aa_ets_certCRLTimestamp, 11, &so[1650]}, -- {"id-smime-aa-ets-archiveTimeStamp", "id-smime-aa-ets-archiveTimeStamp", NID_id_smime_aa_ets_archiveTimeStamp, 11, &so[1661]}, -- {"id-smime-aa-signatureType", "id-smime-aa-signatureType", NID_id_smime_aa_signatureType, 11, &so[1672]}, -- {"id-smime-aa-dvcs-dvc", "id-smime-aa-dvcs-dvc", NID_id_smime_aa_dvcs_dvc, 11, &so[1683]}, -- {"id-smime-alg-ESDHwith3DES", "id-smime-alg-ESDHwith3DES", NID_id_smime_alg_ESDHwith3DES, 11, &so[1694]}, -- {"id-smime-alg-ESDHwithRC2", "id-smime-alg-ESDHwithRC2", NID_id_smime_alg_ESDHwithRC2, 11, &so[1705]}, -- {"id-smime-alg-3DESwrap", "id-smime-alg-3DESwrap", NID_id_smime_alg_3DESwrap, 11, &so[1716]}, -- {"id-smime-alg-RC2wrap", "id-smime-alg-RC2wrap", NID_id_smime_alg_RC2wrap, 11, &so[1727]}, -- {"id-smime-alg-ESDH", "id-smime-alg-ESDH", NID_id_smime_alg_ESDH, 11, &so[1738]}, -- {"id-smime-alg-CMS3DESwrap", "id-smime-alg-CMS3DESwrap", NID_id_smime_alg_CMS3DESwrap, 11, &so[1749]}, -- {"id-smime-alg-CMSRC2wrap", "id-smime-alg-CMSRC2wrap", NID_id_smime_alg_CMSRC2wrap, 11, &so[1760]}, -- {"id-smime-cd-ldap", "id-smime-cd-ldap", NID_id_smime_cd_ldap, 11, &so[1771]}, -- {"id-smime-spq-ets-sqt-uri", "id-smime-spq-ets-sqt-uri", NID_id_smime_spq_ets_sqt_uri, 11, &so[1782]}, -- {"id-smime-spq-ets-sqt-unotice", "id-smime-spq-ets-sqt-unotice", NID_id_smime_spq_ets_sqt_unotice, 11, &so[1793]}, -- {"id-smime-cti-ets-proofOfOrigin", "id-smime-cti-ets-proofOfOrigin", NID_id_smime_cti_ets_proofOfOrigin, 11, &so[1804]}, -- {"id-smime-cti-ets-proofOfReceipt", "id-smime-cti-ets-proofOfReceipt", NID_id_smime_cti_ets_proofOfReceipt, 11, &so[1815]}, -- {"id-smime-cti-ets-proofOfDelivery", "id-smime-cti-ets-proofOfDelivery", NID_id_smime_cti_ets_proofOfDelivery, 11, &so[1826]}, -- {"id-smime-cti-ets-proofOfSender", "id-smime-cti-ets-proofOfSender", NID_id_smime_cti_ets_proofOfSender, 11, &so[1837]}, -- {"id-smime-cti-ets-proofOfApproval", "id-smime-cti-ets-proofOfApproval", NID_id_smime_cti_ets_proofOfApproval, 11, &so[1848]}, -- {"id-smime-cti-ets-proofOfCreation", "id-smime-cti-ets-proofOfCreation", NID_id_smime_cti_ets_proofOfCreation, 11, &so[1859]}, -- {"MD4", "md4", NID_md4, 8, &so[1870]}, -- {"id-pkix-mod", "id-pkix-mod", NID_id_pkix_mod, 7, &so[1878]}, -- {"id-qt", "id-qt", NID_id_qt, 7, &so[1885]}, -- {"id-it", "id-it", NID_id_it, 7, &so[1892]}, -- {"id-pkip", "id-pkip", NID_id_pkip, 7, &so[1899]}, -- {"id-alg", "id-alg", NID_id_alg, 7, &so[1906]}, -- {"id-cmc", "id-cmc", NID_id_cmc, 7, &so[1913]}, -- {"id-on", "id-on", NID_id_on, 7, &so[1920]}, -- {"id-pda", "id-pda", NID_id_pda, 7, &so[1927]}, -- {"id-aca", "id-aca", NID_id_aca, 7, &so[1934]}, -- {"id-qcs", "id-qcs", NID_id_qcs, 7, &so[1941]}, -- {"id-cct", "id-cct", NID_id_cct, 7, &so[1948]}, -- {"id-pkix1-explicit-88", "id-pkix1-explicit-88", NID_id_pkix1_explicit_88, 8, &so[1955]}, -- {"id-pkix1-implicit-88", "id-pkix1-implicit-88", NID_id_pkix1_implicit_88, 8, &so[1963]}, -- {"id-pkix1-explicit-93", "id-pkix1-explicit-93", NID_id_pkix1_explicit_93, 8, &so[1971]}, -- {"id-pkix1-implicit-93", "id-pkix1-implicit-93", NID_id_pkix1_implicit_93, 8, &so[1979]}, -- {"id-mod-crmf", "id-mod-crmf", NID_id_mod_crmf, 8, &so[1987]}, -- {"id-mod-cmc", "id-mod-cmc", NID_id_mod_cmc, 8, &so[1995]}, -- {"id-mod-kea-profile-88", "id-mod-kea-profile-88", NID_id_mod_kea_profile_88, 8, &so[2003]}, -- {"id-mod-kea-profile-93", "id-mod-kea-profile-93", NID_id_mod_kea_profile_93, 8, &so[2011]}, -- {"id-mod-cmp", "id-mod-cmp", NID_id_mod_cmp, 8, &so[2019]}, -- {"id-mod-qualified-cert-88", "id-mod-qualified-cert-88", NID_id_mod_qualified_cert_88, 8, &so[2027]}, -- {"id-mod-qualified-cert-93", "id-mod-qualified-cert-93", NID_id_mod_qualified_cert_93, 8, &so[2035]}, -- {"id-mod-attribute-cert", "id-mod-attribute-cert", NID_id_mod_attribute_cert, 8, &so[2043]}, -- {"id-mod-timestamp-protocol", "id-mod-timestamp-protocol", NID_id_mod_timestamp_protocol, 8, &so[2051]}, -- {"id-mod-ocsp", "id-mod-ocsp", NID_id_mod_ocsp, 8, &so[2059]}, -- {"id-mod-dvcs", "id-mod-dvcs", NID_id_mod_dvcs, 8, &so[2067]}, -- {"id-mod-cmp2000", "id-mod-cmp2000", NID_id_mod_cmp2000, 8, &so[2075]}, -- {"biometricInfo", "Biometric Info", NID_biometricInfo, 8, &so[2083]}, -- {"qcStatements", "qcStatements", NID_qcStatements, 8, &so[2091]}, -- {"ac-auditEntity", "ac-auditEntity", NID_ac_auditEntity, 8, &so[2099]}, -- {"ac-targeting", "ac-targeting", NID_ac_targeting, 8, &so[2107]}, -- {"aaControls", "aaControls", NID_aaControls, 8, &so[2115]}, -- {"sbgp-ipAddrBlock", "sbgp-ipAddrBlock", NID_sbgp_ipAddrBlock, 8, &so[2123]}, -- {"sbgp-autonomousSysNum", "sbgp-autonomousSysNum", NID_sbgp_autonomousSysNum, 8, &so[2131]}, -- {"sbgp-routerIdentifier", "sbgp-routerIdentifier", NID_sbgp_routerIdentifier, 8, &so[2139]}, -- {"textNotice", "textNotice", NID_textNotice, 8, &so[2147]}, -- {"ipsecEndSystem", "IPSec End System", NID_ipsecEndSystem, 8, &so[2155]}, -- {"ipsecTunnel", "IPSec Tunnel", NID_ipsecTunnel, 8, &so[2163]}, -- {"ipsecUser", "IPSec User", NID_ipsecUser, 8, &so[2171]}, -- {"DVCS", "dvcs", NID_dvcs, 8, &so[2179]}, -- {"id-it-caProtEncCert", "id-it-caProtEncCert", NID_id_it_caProtEncCert, 8, &so[2187]}, -- {"id-it-signKeyPairTypes", "id-it-signKeyPairTypes", NID_id_it_signKeyPairTypes, 8, &so[2195]}, -- {"id-it-encKeyPairTypes", "id-it-encKeyPairTypes", NID_id_it_encKeyPairTypes, 8, &so[2203]}, -- {"id-it-preferredSymmAlg", "id-it-preferredSymmAlg", NID_id_it_preferredSymmAlg, 8, &so[2211]}, -- {"id-it-caKeyUpdateInfo", "id-it-caKeyUpdateInfo", NID_id_it_caKeyUpdateInfo, 8, &so[2219]}, -- {"id-it-currentCRL", "id-it-currentCRL", NID_id_it_currentCRL, 8, &so[2227]}, -- {"id-it-unsupportedOIDs", "id-it-unsupportedOIDs", NID_id_it_unsupportedOIDs, 8, &so[2235]}, -- {"id-it-subscriptionRequest", "id-it-subscriptionRequest", NID_id_it_subscriptionRequest, 8, &so[2243]}, -- {"id-it-subscriptionResponse", "id-it-subscriptionResponse", NID_id_it_subscriptionResponse, 8, &so[2251]}, -- {"id-it-keyPairParamReq", "id-it-keyPairParamReq", NID_id_it_keyPairParamReq, 8, &so[2259]}, -- {"id-it-keyPairParamRep", "id-it-keyPairParamRep", NID_id_it_keyPairParamRep, 8, &so[2267]}, -- {"id-it-revPassphrase", "id-it-revPassphrase", NID_id_it_revPassphrase, 8, &so[2275]}, -- {"id-it-implicitConfirm", "id-it-implicitConfirm", NID_id_it_implicitConfirm, 8, &so[2283]}, -- {"id-it-confirmWaitTime", "id-it-confirmWaitTime", NID_id_it_confirmWaitTime, 8, &so[2291]}, -- {"id-it-origPKIMessage", "id-it-origPKIMessage", NID_id_it_origPKIMessage, 8, &so[2299]}, -- {"id-regCtrl", "id-regCtrl", NID_id_regCtrl, 8, &so[2307]}, -- {"id-regInfo", "id-regInfo", NID_id_regInfo, 8, &so[2315]}, -- {"id-regCtrl-regToken", "id-regCtrl-regToken", NID_id_regCtrl_regToken, 9, &so[2323]}, -- {"id-regCtrl-authenticator", "id-regCtrl-authenticator", NID_id_regCtrl_authenticator, 9, &so[2332]}, -- {"id-regCtrl-pkiPublicationInfo", "id-regCtrl-pkiPublicationInfo", NID_id_regCtrl_pkiPublicationInfo, 9, &so[2341]}, -- {"id-regCtrl-pkiArchiveOptions", "id-regCtrl-pkiArchiveOptions", NID_id_regCtrl_pkiArchiveOptions, 9, &so[2350]}, -- {"id-regCtrl-oldCertID", "id-regCtrl-oldCertID", NID_id_regCtrl_oldCertID, 9, &so[2359]}, -- {"id-regCtrl-protocolEncrKey", "id-regCtrl-protocolEncrKey", NID_id_regCtrl_protocolEncrKey, 9, &so[2368]}, -- {"id-regInfo-utf8Pairs", "id-regInfo-utf8Pairs", NID_id_regInfo_utf8Pairs, 9, &so[2377]}, -- {"id-regInfo-certReq", "id-regInfo-certReq", NID_id_regInfo_certReq, 9, &so[2386]}, -- {"id-alg-des40", "id-alg-des40", NID_id_alg_des40, 8, &so[2395]}, -- {"id-alg-noSignature", "id-alg-noSignature", NID_id_alg_noSignature, 8, &so[2403]}, -- {"id-alg-dh-sig-hmac-sha1", "id-alg-dh-sig-hmac-sha1", NID_id_alg_dh_sig_hmac_sha1, 8, &so[2411]}, -- {"id-alg-dh-pop", "id-alg-dh-pop", NID_id_alg_dh_pop, 8, &so[2419]}, -- {"id-cmc-statusInfo", "id-cmc-statusInfo", NID_id_cmc_statusInfo, 8, &so[2427]}, -- {"id-cmc-identification", "id-cmc-identification", NID_id_cmc_identification, 8, &so[2435]}, -- {"id-cmc-identityProof", "id-cmc-identityProof", NID_id_cmc_identityProof, 8, &so[2443]}, -- {"id-cmc-dataReturn", "id-cmc-dataReturn", NID_id_cmc_dataReturn, 8, &so[2451]}, -- {"id-cmc-transactionId", "id-cmc-transactionId", NID_id_cmc_transactionId, 8, &so[2459]}, -- {"id-cmc-senderNonce", "id-cmc-senderNonce", NID_id_cmc_senderNonce, 8, &so[2467]}, -- {"id-cmc-recipientNonce", "id-cmc-recipientNonce", NID_id_cmc_recipientNonce, 8, &so[2475]}, -- {"id-cmc-addExtensions", "id-cmc-addExtensions", NID_id_cmc_addExtensions, 8, &so[2483]}, -- {"id-cmc-encryptedPOP", "id-cmc-encryptedPOP", NID_id_cmc_encryptedPOP, 8, &so[2491]}, -- {"id-cmc-decryptedPOP", "id-cmc-decryptedPOP", NID_id_cmc_decryptedPOP, 8, &so[2499]}, -- {"id-cmc-lraPOPWitness", "id-cmc-lraPOPWitness", NID_id_cmc_lraPOPWitness, 8, &so[2507]}, -- {"id-cmc-getCert", "id-cmc-getCert", NID_id_cmc_getCert, 8, &so[2515]}, -- {"id-cmc-getCRL", "id-cmc-getCRL", NID_id_cmc_getCRL, 8, &so[2523]}, -- {"id-cmc-revokeRequest", "id-cmc-revokeRequest", NID_id_cmc_revokeRequest, 8, &so[2531]}, -- {"id-cmc-regInfo", "id-cmc-regInfo", NID_id_cmc_regInfo, 8, &so[2539]}, -- {"id-cmc-responseInfo", "id-cmc-responseInfo", NID_id_cmc_responseInfo, 8, &so[2547]}, -- {"id-cmc-queryPending", "id-cmc-queryPending", NID_id_cmc_queryPending, 8, &so[2555]}, -- {"id-cmc-popLinkRandom", "id-cmc-popLinkRandom", NID_id_cmc_popLinkRandom, 8, &so[2563]}, -- {"id-cmc-popLinkWitness", "id-cmc-popLinkWitness", NID_id_cmc_popLinkWitness, 8, &so[2571]}, -- {"id-cmc-confirmCertAcceptance", "id-cmc-confirmCertAcceptance", NID_id_cmc_confirmCertAcceptance, 8, &so[2579]}, -- {"id-on-personalData", "id-on-personalData", NID_id_on_personalData, 8, &so[2587]}, -- {"id-pda-dateOfBirth", "id-pda-dateOfBirth", NID_id_pda_dateOfBirth, 8, &so[2595]}, -- {"id-pda-placeOfBirth", "id-pda-placeOfBirth", NID_id_pda_placeOfBirth, 8, &so[2603]}, -- { NULL, NULL, NID_undef }, -- {"id-pda-gender", "id-pda-gender", NID_id_pda_gender, 8, &so[2611]}, -- {"id-pda-countryOfCitizenship", "id-pda-countryOfCitizenship", NID_id_pda_countryOfCitizenship, 8, &so[2619]}, -- {"id-pda-countryOfResidence", "id-pda-countryOfResidence", NID_id_pda_countryOfResidence, 8, &so[2627]}, -- {"id-aca-authenticationInfo", "id-aca-authenticationInfo", NID_id_aca_authenticationInfo, 8, &so[2635]}, -- {"id-aca-accessIdentity", "id-aca-accessIdentity", NID_id_aca_accessIdentity, 8, &so[2643]}, -- {"id-aca-chargingIdentity", "id-aca-chargingIdentity", NID_id_aca_chargingIdentity, 8, &so[2651]}, -- {"id-aca-group", "id-aca-group", NID_id_aca_group, 8, &so[2659]}, -- {"id-aca-role", "id-aca-role", NID_id_aca_role, 8, &so[2667]}, -- {"id-qcs-pkixQCSyntax-v1", "id-qcs-pkixQCSyntax-v1", NID_id_qcs_pkixQCSyntax_v1, 8, &so[2675]}, -- {"id-cct-crs", "id-cct-crs", NID_id_cct_crs, 8, &so[2683]}, -- {"id-cct-PKIData", "id-cct-PKIData", NID_id_cct_PKIData, 8, &so[2691]}, -- {"id-cct-PKIResponse", "id-cct-PKIResponse", NID_id_cct_PKIResponse, 8, &so[2699]}, -- {"ad_timestamping", "AD Time Stamping", NID_ad_timeStamping, 8, &so[2707]}, -- {"AD_DVCS", "ad dvcs", NID_ad_dvcs, 8, &so[2715]}, -- {"basicOCSPResponse", "Basic OCSP Response", NID_id_pkix_OCSP_basic, 9, &so[2723]}, -- {"Nonce", "OCSP Nonce", NID_id_pkix_OCSP_Nonce, 9, &so[2732]}, -- {"CrlID", "OCSP CRL ID", NID_id_pkix_OCSP_CrlID, 9, &so[2741]}, -- {"acceptableResponses", "Acceptable OCSP Responses", NID_id_pkix_OCSP_acceptableResponses, 9, &so[2750]}, -- {"noCheck", "OCSP No Check", NID_id_pkix_OCSP_noCheck, 9, &so[2759]}, -- {"archiveCutoff", "OCSP Archive Cutoff", NID_id_pkix_OCSP_archiveCutoff, 9, &so[2768]}, -- {"serviceLocator", "OCSP Service Locator", NID_id_pkix_OCSP_serviceLocator, 9, &so[2777]}, -- {"extendedStatus", "Extended OCSP Status", NID_id_pkix_OCSP_extendedStatus, 9, &so[2786]}, -- {"valid", "valid", NID_id_pkix_OCSP_valid, 9, &so[2795]}, -- {"path", "path", NID_id_pkix_OCSP_path, 9, &so[2804]}, -- {"trustRoot", "Trust Root", NID_id_pkix_OCSP_trustRoot, 9, &so[2813]}, -- {"algorithm", "algorithm", NID_algorithm, 4, &so[2822]}, -- {"rsaSignature", "rsaSignature", NID_rsaSignature, 5, &so[2826]}, -- {"X500algorithms", "directory services - algorithms", NID_X500algorithms, 2, &so[2831]}, -- {"ORG", "org", NID_org, 1, &so[2833]}, -- {"DOD", "dod", NID_dod, 2, &so[2834]}, -- {"IANA", "iana", NID_iana, 3, &so[2836]}, -- {"directory", "Directory", NID_Directory, 4, &so[2839]}, -- {"mgmt", "Management", NID_Management, 4, &so[2843]}, -- {"experimental", "Experimental", NID_Experimental, 4, &so[2847]}, -- {"private", "Private", NID_Private, 4, &so[2851]}, -- {"security", "Security", NID_Security, 4, &so[2855]}, -- {"snmpv2", "SNMPv2", NID_SNMPv2, 4, &so[2859]}, -- {"Mail", "Mail", NID_Mail, 4, &so[2863]}, -- {"enterprises", "Enterprises", NID_Enterprises, 5, &so[2867]}, -- {"dcobject", "dcObject", NID_dcObject, 9, &so[2872]}, -- {"DC", "domainComponent", NID_domainComponent, 10, &so[2881]}, -- {"domain", "Domain", NID_Domain, 10, &so[2891]}, -- {"NULL", "NULL", NID_joint_iso_ccitt}, -- {"selected-attribute-types", "Selected Attribute Types", NID_selected_attribute_types, 3, &so[2901]}, -- {"clearance", "clearance", NID_clearance, 4, &so[2904]}, -- {"RSA-MD4", "md4WithRSAEncryption", NID_md4WithRSAEncryption, 9, &so[2908]}, -- {"ac-proxying", "ac-proxying", NID_ac_proxying, 8, &so[2917]}, -- {"subjectInfoAccess", "Subject Information Access", NID_sinfo_access, 8, &so[2925]}, -- {"id-aca-encAttrs", "id-aca-encAttrs", NID_id_aca_encAttrs, 8, &so[2933]}, -- {"role", "role", NID_role, 3, &so[2941]}, -- {"policyConstraints", "X509v3 Policy Constraints", NID_policy_constraints, 3, &so[2944]}, -- {"targetInformation", "X509v3 AC Targeting", NID_target_information, 3, &so[2947]}, -- {"noRevAvail", "X509v3 No Revocation Available", NID_no_rev_avail, 3, &so[2950]}, -- {"NULL", "NULL", NID_ccitt}, -- {"ansi-X9-62", "ANSI X9.62", NID_ansi_X9_62, 5, &so[2953]}, -- {"prime-field", "prime-field", NID_X9_62_prime_field, 7, &so[2958]}, -- {"characteristic-two-field", "characteristic-two-field", NID_X9_62_characteristic_two_field, 7, &so[2965]}, -- {"id-ecPublicKey", "id-ecPublicKey", NID_X9_62_id_ecPublicKey, 7, &so[2972]}, -- {"prime192v1", "prime192v1", NID_X9_62_prime192v1, 8, &so[2979]}, -- {"prime192v2", "prime192v2", NID_X9_62_prime192v2, 8, &so[2987]}, -- {"prime192v3", "prime192v3", NID_X9_62_prime192v3, 8, &so[2995]}, -- {"prime239v1", "prime239v1", NID_X9_62_prime239v1, 8, &so[3003]}, -- {"prime239v2", "prime239v2", NID_X9_62_prime239v2, 8, &so[3011]}, -- {"prime239v3", "prime239v3", NID_X9_62_prime239v3, 8, &so[3019]}, -- {"prime256v1", "prime256v1", NID_X9_62_prime256v1, 8, &so[3027]}, -- {"ecdsa-with-SHA1", "ecdsa-with-SHA1", NID_ecdsa_with_SHA1, 7, &so[3035]}, -- {"CSPName", "Microsoft CSP Name", NID_ms_csp_name, 9, &so[3042]}, -- {"AES-128-ECB", "aes-128-ecb", NID_aes_128_ecb, 9, &so[3051]}, -- {"AES-128-CBC", "aes-128-cbc", NID_aes_128_cbc, 9, &so[3060]}, -- {"AES-128-OFB", "aes-128-ofb", NID_aes_128_ofb128, 9, &so[3069]}, -- {"AES-128-CFB", "aes-128-cfb", NID_aes_128_cfb128, 9, &so[3078]}, -- {"AES-192-ECB", "aes-192-ecb", NID_aes_192_ecb, 9, &so[3087]}, -- {"AES-192-CBC", "aes-192-cbc", NID_aes_192_cbc, 9, &so[3096]}, -- {"AES-192-OFB", "aes-192-ofb", NID_aes_192_ofb128, 9, &so[3105]}, -- {"AES-192-CFB", "aes-192-cfb", NID_aes_192_cfb128, 9, &so[3114]}, -- {"AES-256-ECB", "aes-256-ecb", NID_aes_256_ecb, 9, &so[3123]}, -- {"AES-256-CBC", "aes-256-cbc", NID_aes_256_cbc, 9, &so[3132]}, -- {"AES-256-OFB", "aes-256-ofb", NID_aes_256_ofb128, 9, &so[3141]}, -- {"AES-256-CFB", "aes-256-cfb", NID_aes_256_cfb128, 9, &so[3150]}, -- {"holdInstructionCode", "Hold Instruction Code", NID_hold_instruction_code, 3, &so[3159]}, -- {"holdInstructionNone", "Hold Instruction None", NID_hold_instruction_none, 7, &so[3162]}, -- {"holdInstructionCallIssuer", "Hold Instruction Call Issuer", NID_hold_instruction_call_issuer, 7, &so[3169]}, -- {"holdInstructionReject", "Hold Instruction Reject", NID_hold_instruction_reject, 7, &so[3176]}, -- {"data", "data", NID_data, 1, &so[3183]}, -- {"pss", "pss", NID_pss, 3, &so[3184]}, -- {"ucl", "ucl", NID_ucl, 7, &so[3187]}, -- {"pilot", "pilot", NID_pilot, 8, &so[3194]}, -- {"pilotAttributeType", "pilotAttributeType", NID_pilotAttributeType, 9, &so[3202]}, -- {"pilotAttributeSyntax", "pilotAttributeSyntax", NID_pilotAttributeSyntax, 9, &so[3211]}, -- {"pilotObjectClass", "pilotObjectClass", NID_pilotObjectClass, 9, &so[3220]}, -- {"pilotGroups", "pilotGroups", NID_pilotGroups, 9, &so[3229]}, -- {"iA5StringSyntax", "iA5StringSyntax", NID_iA5StringSyntax, 10, &so[3238]}, -- {"caseIgnoreIA5StringSyntax", "caseIgnoreIA5StringSyntax", NID_caseIgnoreIA5StringSyntax, 10, &so[3248]}, -- {"pilotObject", "pilotObject", NID_pilotObject, 10, &so[3258]}, -- {"pilotPerson", "pilotPerson", NID_pilotPerson, 10, &so[3268]}, -- {"account", "account", NID_account, 10, &so[3278]}, -- {"document", "document", NID_document, 10, &so[3288]}, -- {"room", "room", NID_room, 10, &so[3298]}, -- {"documentSeries", "documentSeries", NID_documentSeries, 10, &so[3308]}, -- {"rFC822localPart", "rFC822localPart", NID_rFC822localPart, 10, &so[3318]}, -- {"dNSDomain", "dNSDomain", NID_dNSDomain, 10, &so[3328]}, -- {"domainRelatedObject", "domainRelatedObject", NID_domainRelatedObject, 10, &so[3338]}, -- {"friendlyCountry", "friendlyCountry", NID_friendlyCountry, 10, &so[3348]}, -- {"simpleSecurityObject", "simpleSecurityObject", NID_simpleSecurityObject, 10, &so[3358]}, -- {"pilotOrganization", "pilotOrganization", NID_pilotOrganization, 10, &so[3368]}, -- {"pilotDSA", "pilotDSA", NID_pilotDSA, 10, &so[3378]}, -- {"qualityLabelledData", "qualityLabelledData", NID_qualityLabelledData, 10, &so[3388]}, -- {"UID", "userId", NID_userId, 10, &so[3398]}, -- {"textEncodedORAddress", "textEncodedORAddress", NID_textEncodedORAddress, 10, &so[3408]}, -- {"mail", "rfc822Mailbox", NID_rfc822Mailbox, 10, &so[3418]}, -- {"info", "info", NID_info, 10, &so[3428]}, -- {"favouriteDrink", "favouriteDrink", NID_favouriteDrink, 10, &so[3438]}, -- {"roomNumber", "roomNumber", NID_roomNumber, 10, &so[3448]}, -- {"photo", "photo", NID_photo, 10, &so[3458]}, -- {"userClass", "userClass", NID_userClass, 10, &so[3468]}, -- {"host", "host", NID_host, 10, &so[3478]}, -- {"manager", "manager", NID_manager, 10, &so[3488]}, -- {"documentIdentifier", "documentIdentifier", NID_documentIdentifier, 10, &so[3498]}, -- {"documentTitle", "documentTitle", NID_documentTitle, 10, &so[3508]}, -- {"documentVersion", "documentVersion", NID_documentVersion, 10, &so[3518]}, -- {"documentAuthor", "documentAuthor", NID_documentAuthor, 10, &so[3528]}, -- {"documentLocation", "documentLocation", NID_documentLocation, 10, &so[3538]}, -- {"homeTelephoneNumber", "homeTelephoneNumber", NID_homeTelephoneNumber, 10, &so[3548]}, -- {"secretary", "secretary", NID_secretary, 10, &so[3558]}, -- {"otherMailbox", "otherMailbox", NID_otherMailbox, 10, &so[3568]}, -- {"lastModifiedTime", "lastModifiedTime", NID_lastModifiedTime, 10, &so[3578]}, -- {"lastModifiedBy", "lastModifiedBy", NID_lastModifiedBy, 10, &so[3588]}, -- {"aRecord", "aRecord", NID_aRecord, 10, &so[3598]}, -- {"pilotAttributeType27", "pilotAttributeType27", NID_pilotAttributeType27, 10, &so[3608]}, -- {"mXRecord", "mXRecord", NID_mXRecord, 10, &so[3618]}, -- {"nSRecord", "nSRecord", NID_nSRecord, 10, &so[3628]}, -- {"sOARecord", "sOARecord", NID_sOARecord, 10, &so[3638]}, -- {"cNAMERecord", "cNAMERecord", NID_cNAMERecord, 10, &so[3648]}, -- {"associatedDomain", "associatedDomain", NID_associatedDomain, 10, &so[3658]}, -- {"associatedName", "associatedName", NID_associatedName, 10, &so[3668]}, -- {"homePostalAddress", "homePostalAddress", NID_homePostalAddress, 10, &so[3678]}, -- {"personalTitle", "personalTitle", NID_personalTitle, 10, &so[3688]}, -- {"mobileTelephoneNumber", "mobileTelephoneNumber", NID_mobileTelephoneNumber, 10, &so[3698]}, -- {"pagerTelephoneNumber", "pagerTelephoneNumber", NID_pagerTelephoneNumber, 10, &so[3708]}, -- {"friendlyCountryName", "friendlyCountryName", NID_friendlyCountryName, 10, &so[3718]}, -- {"organizationalStatus", "organizationalStatus", NID_organizationalStatus, 10, &so[3728]}, -- {"janetMailbox", "janetMailbox", NID_janetMailbox, 10, &so[3738]}, -- {"mailPreferenceOption", "mailPreferenceOption", NID_mailPreferenceOption, 10, &so[3748]}, -- {"buildingName", "buildingName", NID_buildingName, 10, &so[3758]}, -- {"dSAQuality", "dSAQuality", NID_dSAQuality, 10, &so[3768]}, -- {"singleLevelQuality", "singleLevelQuality", NID_singleLevelQuality, 10, &so[3778]}, -- {"subtreeMinimumQuality", "subtreeMinimumQuality", NID_subtreeMinimumQuality, 10, &so[3788]}, -- {"subtreeMaximumQuality", "subtreeMaximumQuality", NID_subtreeMaximumQuality, 10, &so[3798]}, -- {"personalSignature", "personalSignature", NID_personalSignature, 10, &so[3808]}, -- {"dITRedirect", "dITRedirect", NID_dITRedirect, 10, &so[3818]}, -- {"audio", "audio", NID_audio, 10, &so[3828]}, -- {"documentPublisher", "documentPublisher", NID_documentPublisher, 10, &so[3838]}, -- {"x500UniqueIdentifier", "x500UniqueIdentifier", NID_x500UniqueIdentifier, 3, &so[3848]}, -- {"mime-mhs", "MIME MHS", NID_mime_mhs, 5, &so[3851]}, -- {"mime-mhs-headings", "mime-mhs-headings", NID_mime_mhs_headings, 6, &so[3856]}, -- {"mime-mhs-bodies", "mime-mhs-bodies", NID_mime_mhs_bodies, 6, &so[3862]}, -- {"id-hex-partial-message", "id-hex-partial-message", NID_id_hex_partial_message, 7, &so[3868]}, -- {"id-hex-multipart-message", "id-hex-multipart-message", NID_id_hex_multipart_message, 7, &so[3875]}, -- {"generationQualifier", "generationQualifier", NID_generationQualifier, 3, &so[3882]}, -- {"pseudonym", "pseudonym", NID_pseudonym, 3, &so[3885]}, -- { NULL, NULL, NID_undef }, -- {"id-set", "Secure Electronic Transactions", NID_id_set, 2, &so[3888]}, -- {"set-ctype", "content types", NID_set_ctype, 3, &so[3890]}, -- {"set-msgExt", "message extensions", NID_set_msgExt, 3, &so[3893]}, -- {"set-attr", "set-attr", NID_set_attr, 3, &so[3896]}, -- {"set-policy", "set-policy", NID_set_policy, 3, &so[3899]}, -- {"set-certExt", "certificate extensions", NID_set_certExt, 3, &so[3902]}, -- {"set-brand", "set-brand", NID_set_brand, 3, &so[3905]}, -- {"setct-PANData", "setct-PANData", NID_setct_PANData, 4, &so[3908]}, -- {"setct-PANToken", "setct-PANToken", NID_setct_PANToken, 4, &so[3912]}, -- {"setct-PANOnly", "setct-PANOnly", NID_setct_PANOnly, 4, &so[3916]}, -- {"setct-OIData", "setct-OIData", NID_setct_OIData, 4, &so[3920]}, -- {"setct-PI", "setct-PI", NID_setct_PI, 4, &so[3924]}, -- {"setct-PIData", "setct-PIData", NID_setct_PIData, 4, &so[3928]}, -- {"setct-PIDataUnsigned", "setct-PIDataUnsigned", NID_setct_PIDataUnsigned, 4, &so[3932]}, -- {"setct-HODInput", "setct-HODInput", NID_setct_HODInput, 4, &so[3936]}, -- {"setct-AuthResBaggage", "setct-AuthResBaggage", NID_setct_AuthResBaggage, 4, &so[3940]}, -- {"setct-AuthRevReqBaggage", "setct-AuthRevReqBaggage", NID_setct_AuthRevReqBaggage, 4, &so[3944]}, -- {"setct-AuthRevResBaggage", "setct-AuthRevResBaggage", NID_setct_AuthRevResBaggage, 4, &so[3948]}, -- {"setct-CapTokenSeq", "setct-CapTokenSeq", NID_setct_CapTokenSeq, 4, &so[3952]}, -- {"setct-PInitResData", "setct-PInitResData", NID_setct_PInitResData, 4, &so[3956]}, -- {"setct-PI-TBS", "setct-PI-TBS", NID_setct_PI_TBS, 4, &so[3960]}, -- {"setct-PResData", "setct-PResData", NID_setct_PResData, 4, &so[3964]}, -- {"setct-AuthReqTBS", "setct-AuthReqTBS", NID_setct_AuthReqTBS, 4, &so[3968]}, -- {"setct-AuthResTBS", "setct-AuthResTBS", NID_setct_AuthResTBS, 4, &so[3972]}, -- {"setct-AuthResTBSX", "setct-AuthResTBSX", NID_setct_AuthResTBSX, 4, &so[3976]}, -- {"setct-AuthTokenTBS", "setct-AuthTokenTBS", NID_setct_AuthTokenTBS, 4, &so[3980]}, -- {"setct-CapTokenData", "setct-CapTokenData", NID_setct_CapTokenData, 4, &so[3984]}, -- {"setct-CapTokenTBS", "setct-CapTokenTBS", NID_setct_CapTokenTBS, 4, &so[3988]}, -- {"setct-AcqCardCodeMsg", "setct-AcqCardCodeMsg", NID_setct_AcqCardCodeMsg, 4, &so[3992]}, -- {"setct-AuthRevReqTBS", "setct-AuthRevReqTBS", NID_setct_AuthRevReqTBS, 4, &so[3996]}, -- {"setct-AuthRevResData", "setct-AuthRevResData", NID_setct_AuthRevResData, 4, &so[4000]}, -- {"setct-AuthRevResTBS", "setct-AuthRevResTBS", NID_setct_AuthRevResTBS, 4, &so[4004]}, -- {"setct-CapReqTBS", "setct-CapReqTBS", NID_setct_CapReqTBS, 4, &so[4008]}, -- {"setct-CapReqTBSX", "setct-CapReqTBSX", NID_setct_CapReqTBSX, 4, &so[4012]}, -- {"setct-CapResData", "setct-CapResData", NID_setct_CapResData, 4, &so[4016]}, -- {"setct-CapRevReqTBS", "setct-CapRevReqTBS", NID_setct_CapRevReqTBS, 4, &so[4020]}, -- {"setct-CapRevReqTBSX", "setct-CapRevReqTBSX", NID_setct_CapRevReqTBSX, 4, &so[4024]}, -- {"setct-CapRevResData", "setct-CapRevResData", NID_setct_CapRevResData, 4, &so[4028]}, -- {"setct-CredReqTBS", "setct-CredReqTBS", NID_setct_CredReqTBS, 4, &so[4032]}, -- {"setct-CredReqTBSX", "setct-CredReqTBSX", NID_setct_CredReqTBSX, 4, &so[4036]}, -- {"setct-CredResData", "setct-CredResData", NID_setct_CredResData, 4, &so[4040]}, -- {"setct-CredRevReqTBS", "setct-CredRevReqTBS", NID_setct_CredRevReqTBS, 4, &so[4044]}, -- {"setct-CredRevReqTBSX", "setct-CredRevReqTBSX", NID_setct_CredRevReqTBSX, 4, &so[4048]}, -- {"setct-CredRevResData", "setct-CredRevResData", NID_setct_CredRevResData, 4, &so[4052]}, -- {"setct-PCertReqData", "setct-PCertReqData", NID_setct_PCertReqData, 4, &so[4056]}, -- {"setct-PCertResTBS", "setct-PCertResTBS", NID_setct_PCertResTBS, 4, &so[4060]}, -- {"setct-BatchAdminReqData", "setct-BatchAdminReqData", NID_setct_BatchAdminReqData, 4, &so[4064]}, -- {"setct-BatchAdminResData", "setct-BatchAdminResData", NID_setct_BatchAdminResData, 4, &so[4068]}, -- {"setct-CardCInitResTBS", "setct-CardCInitResTBS", NID_setct_CardCInitResTBS, 4, &so[4072]}, -- {"setct-MeAqCInitResTBS", "setct-MeAqCInitResTBS", NID_setct_MeAqCInitResTBS, 4, &so[4076]}, -- {"setct-RegFormResTBS", "setct-RegFormResTBS", NID_setct_RegFormResTBS, 4, &so[4080]}, -- {"setct-CertReqData", "setct-CertReqData", NID_setct_CertReqData, 4, &so[4084]}, -- {"setct-CertReqTBS", "setct-CertReqTBS", NID_setct_CertReqTBS, 4, &so[4088]}, -- {"setct-CertResData", "setct-CertResData", NID_setct_CertResData, 4, &so[4092]}, -- {"setct-CertInqReqTBS", "setct-CertInqReqTBS", NID_setct_CertInqReqTBS, 4, &so[4096]}, -- {"setct-ErrorTBS", "setct-ErrorTBS", NID_setct_ErrorTBS, 4, &so[4100]}, -- {"setct-PIDualSignedTBE", "setct-PIDualSignedTBE", NID_setct_PIDualSignedTBE, 4, &so[4104]}, -- {"setct-PIUnsignedTBE", "setct-PIUnsignedTBE", NID_setct_PIUnsignedTBE, 4, &so[4108]}, -- {"setct-AuthReqTBE", "setct-AuthReqTBE", NID_setct_AuthReqTBE, 4, &so[4112]}, -- {"setct-AuthResTBE", "setct-AuthResTBE", NID_setct_AuthResTBE, 4, &so[4116]}, -- {"setct-AuthResTBEX", "setct-AuthResTBEX", NID_setct_AuthResTBEX, 4, &so[4120]}, -- {"setct-AuthTokenTBE", "setct-AuthTokenTBE", NID_setct_AuthTokenTBE, 4, &so[4124]}, -- {"setct-CapTokenTBE", "setct-CapTokenTBE", NID_setct_CapTokenTBE, 4, &so[4128]}, -- {"setct-CapTokenTBEX", "setct-CapTokenTBEX", NID_setct_CapTokenTBEX, 4, &so[4132]}, -- {"setct-AcqCardCodeMsgTBE", "setct-AcqCardCodeMsgTBE", NID_setct_AcqCardCodeMsgTBE, 4, &so[4136]}, -- {"setct-AuthRevReqTBE", "setct-AuthRevReqTBE", NID_setct_AuthRevReqTBE, 4, &so[4140]}, -- {"setct-AuthRevResTBE", "setct-AuthRevResTBE", NID_setct_AuthRevResTBE, 4, &so[4144]}, -- {"setct-AuthRevResTBEB", "setct-AuthRevResTBEB", NID_setct_AuthRevResTBEB, 4, &so[4148]}, -- {"setct-CapReqTBE", "setct-CapReqTBE", NID_setct_CapReqTBE, 4, &so[4152]}, -- {"setct-CapReqTBEX", "setct-CapReqTBEX", NID_setct_CapReqTBEX, 4, &so[4156]}, -- {"setct-CapResTBE", "setct-CapResTBE", NID_setct_CapResTBE, 4, &so[4160]}, -- {"setct-CapRevReqTBE", "setct-CapRevReqTBE", NID_setct_CapRevReqTBE, 4, &so[4164]}, -- {"setct-CapRevReqTBEX", "setct-CapRevReqTBEX", NID_setct_CapRevReqTBEX, 4, &so[4168]}, -- {"setct-CapRevResTBE", "setct-CapRevResTBE", NID_setct_CapRevResTBE, 4, &so[4172]}, -- {"setct-CredReqTBE", "setct-CredReqTBE", NID_setct_CredReqTBE, 4, &so[4176]}, -- {"setct-CredReqTBEX", "setct-CredReqTBEX", NID_setct_CredReqTBEX, 4, &so[4180]}, -- {"setct-CredResTBE", "setct-CredResTBE", NID_setct_CredResTBE, 4, &so[4184]}, -- {"setct-CredRevReqTBE", "setct-CredRevReqTBE", NID_setct_CredRevReqTBE, 4, &so[4188]}, -- {"setct-CredRevReqTBEX", "setct-CredRevReqTBEX", NID_setct_CredRevReqTBEX, 4, &so[4192]}, -- {"setct-CredRevResTBE", "setct-CredRevResTBE", NID_setct_CredRevResTBE, 4, &so[4196]}, -- {"setct-BatchAdminReqTBE", "setct-BatchAdminReqTBE", NID_setct_BatchAdminReqTBE, 4, &so[4200]}, -- {"setct-BatchAdminResTBE", "setct-BatchAdminResTBE", NID_setct_BatchAdminResTBE, 4, &so[4204]}, -- {"setct-RegFormReqTBE", "setct-RegFormReqTBE", NID_setct_RegFormReqTBE, 4, &so[4208]}, -- {"setct-CertReqTBE", "setct-CertReqTBE", NID_setct_CertReqTBE, 4, &so[4212]}, -- {"setct-CertReqTBEX", "setct-CertReqTBEX", NID_setct_CertReqTBEX, 4, &so[4216]}, -- {"setct-CertResTBE", "setct-CertResTBE", NID_setct_CertResTBE, 4, &so[4220]}, -- {"setct-CRLNotificationTBS", "setct-CRLNotificationTBS", NID_setct_CRLNotificationTBS, 4, &so[4224]}, -- {"setct-CRLNotificationResTBS", "setct-CRLNotificationResTBS", NID_setct_CRLNotificationResTBS, 4, &so[4228]}, -- {"setct-BCIDistributionTBS", "setct-BCIDistributionTBS", NID_setct_BCIDistributionTBS, 4, &so[4232]}, -- {"setext-genCrypt", "generic cryptogram", NID_setext_genCrypt, 4, &so[4236]}, -- {"setext-miAuth", "merchant initiated auth", NID_setext_miAuth, 4, &so[4240]}, -- {"setext-pinSecure", "setext-pinSecure", NID_setext_pinSecure, 4, &so[4244]}, -- {"setext-pinAny", "setext-pinAny", NID_setext_pinAny, 4, &so[4248]}, -- {"setext-track2", "setext-track2", NID_setext_track2, 4, &so[4252]}, -- {"setext-cv", "additional verification", NID_setext_cv, 4, &so[4256]}, -- {"set-policy-root", "set-policy-root", NID_set_policy_root, 4, &so[4260]}, -- {"setCext-hashedRoot", "setCext-hashedRoot", NID_setCext_hashedRoot, 4, &so[4264]}, -- {"setCext-certType", "setCext-certType", NID_setCext_certType, 4, &so[4268]}, -- {"setCext-merchData", "setCext-merchData", NID_setCext_merchData, 4, &so[4272]}, -- {"setCext-cCertRequired", "setCext-cCertRequired", NID_setCext_cCertRequired, 4, &so[4276]}, -- {"setCext-tunneling", "setCext-tunneling", NID_setCext_tunneling, 4, &so[4280]}, -- {"setCext-setExt", "setCext-setExt", NID_setCext_setExt, 4, &so[4284]}, -- {"setCext-setQualf", "setCext-setQualf", NID_setCext_setQualf, 4, &so[4288]}, -- {"setCext-PGWYcapabilities", "setCext-PGWYcapabilities", NID_setCext_PGWYcapabilities, 4, &so[4292]}, -- {"setCext-TokenIdentifier", "setCext-TokenIdentifier", NID_setCext_TokenIdentifier, 4, &so[4296]}, -- {"setCext-Track2Data", "setCext-Track2Data", NID_setCext_Track2Data, 4, &so[4300]}, -- {"setCext-TokenType", "setCext-TokenType", NID_setCext_TokenType, 4, &so[4304]}, -- {"setCext-IssuerCapabilities", "setCext-IssuerCapabilities", NID_setCext_IssuerCapabilities, 4, &so[4308]}, -- {"setAttr-Cert", "setAttr-Cert", NID_setAttr_Cert, 4, &so[4312]}, -- {"setAttr-PGWYcap", "payment gateway capabilities", NID_setAttr_PGWYcap, 4, &so[4316]}, -- {"setAttr-TokenType", "setAttr-TokenType", NID_setAttr_TokenType, 4, &so[4320]}, -- {"setAttr-IssCap", "issuer capabilities", NID_setAttr_IssCap, 4, &so[4324]}, -- {"set-rootKeyThumb", "set-rootKeyThumb", NID_set_rootKeyThumb, 5, &so[4328]}, -- {"set-addPolicy", "set-addPolicy", NID_set_addPolicy, 5, &so[4333]}, -- {"setAttr-Token-EMV", "setAttr-Token-EMV", NID_setAttr_Token_EMV, 5, &so[4338]}, -- {"setAttr-Token-B0Prime", "setAttr-Token-B0Prime", NID_setAttr_Token_B0Prime, 5, &so[4343]}, -- {"setAttr-IssCap-CVM", "setAttr-IssCap-CVM", NID_setAttr_IssCap_CVM, 5, &so[4348]}, -- {"setAttr-IssCap-T2", "setAttr-IssCap-T2", NID_setAttr_IssCap_T2, 5, &so[4353]}, -- {"setAttr-IssCap-Sig", "setAttr-IssCap-Sig", NID_setAttr_IssCap_Sig, 5, &so[4358]}, -- {"setAttr-GenCryptgrm", "generate cryptogram", NID_setAttr_GenCryptgrm, 6, &so[4363]}, -- {"setAttr-T2Enc", "encrypted track 2", NID_setAttr_T2Enc, 6, &so[4369]}, -- {"setAttr-T2cleartxt", "cleartext track 2", NID_setAttr_T2cleartxt, 6, &so[4375]}, -- {"setAttr-TokICCsig", "ICC or token signature", NID_setAttr_TokICCsig, 6, &so[4381]}, -- {"setAttr-SecDevSig", "secure device signature", NID_setAttr_SecDevSig, 6, &so[4387]}, -- {"set-brand-IATA-ATA", "set-brand-IATA-ATA", NID_set_brand_IATA_ATA, 4, &so[4393]}, -- {"set-brand-Diners", "set-brand-Diners", NID_set_brand_Diners, 4, &so[4397]}, -- {"set-brand-AmericanExpress", "set-brand-AmericanExpress", NID_set_brand_AmericanExpress, 4, &so[4401]}, -- {"set-brand-JCB", "set-brand-JCB", NID_set_brand_JCB, 4, &so[4405]}, -- {"set-brand-Visa", "set-brand-Visa", NID_set_brand_Visa, 4, &so[4409]}, -- {"set-brand-MasterCard", "set-brand-MasterCard", NID_set_brand_MasterCard, 4, &so[4413]}, -- {"set-brand-Novus", "set-brand-Novus", NID_set_brand_Novus, 5, &so[4417]}, -- {"DES-CDMF", "des-cdmf", NID_des_cdmf, 8, &so[4422]}, -- {"rsaOAEPEncryptionSET", "rsaOAEPEncryptionSET", NID_rsaOAEPEncryptionSET, 9, &so[4430]}, -- {"ITU-T", "itu-t", NID_itu_t}, -- {"JOINT-ISO-ITU-T", "joint-iso-itu-t", NID_joint_iso_itu_t}, -- {"international-organizations", "International Organizations", NID_international_organizations, 1, &so[4439]}, -- {"msSmartcardLogin", "Microsoft Smartcardlogin", NID_ms_smartcard_login, 10, &so[4440]}, -- {"msUPN", "Microsoft Universal Principal Name", NID_ms_upn, 10, &so[4450]}, -- {"AES-128-CFB1", "aes-128-cfb1", NID_aes_128_cfb1}, -- {"AES-192-CFB1", "aes-192-cfb1", NID_aes_192_cfb1}, -- {"AES-256-CFB1", "aes-256-cfb1", NID_aes_256_cfb1}, -- {"AES-128-CFB8", "aes-128-cfb8", NID_aes_128_cfb8}, -- {"AES-192-CFB8", "aes-192-cfb8", NID_aes_192_cfb8}, -- {"AES-256-CFB8", "aes-256-cfb8", NID_aes_256_cfb8}, -- {"DES-CFB1", "des-cfb1", NID_des_cfb1}, -- {"DES-CFB8", "des-cfb8", NID_des_cfb8}, -- {"DES-EDE3-CFB1", "des-ede3-cfb1", NID_des_ede3_cfb1}, -- {"DES-EDE3-CFB8", "des-ede3-cfb8", NID_des_ede3_cfb8}, -- {"street", "streetAddress", NID_streetAddress, 3, &so[4460]}, -- {"postalCode", "postalCode", NID_postalCode, 3, &so[4463]}, -- {"id-ppl", "id-ppl", NID_id_ppl, 7, &so[4466]}, -- {"proxyCertInfo", "Proxy Certificate Information", NID_proxyCertInfo, 8, &so[4473]}, -- {"id-ppl-anyLanguage", "Any language", NID_id_ppl_anyLanguage, 8, &so[4481]}, -- {"id-ppl-inheritAll", "Inherit all", NID_id_ppl_inheritAll, 8, &so[4489]}, -- {"nameConstraints", "X509v3 Name Constraints", NID_name_constraints, 3, &so[4497]}, -- {"id-ppl-independent", "Independent", NID_Independent, 8, &so[4500]}, -- {"RSA-SHA256", "sha256WithRSAEncryption", NID_sha256WithRSAEncryption, 9, &so[4508]}, -- {"RSA-SHA384", "sha384WithRSAEncryption", NID_sha384WithRSAEncryption, 9, &so[4517]}, -- {"RSA-SHA512", "sha512WithRSAEncryption", NID_sha512WithRSAEncryption, 9, &so[4526]}, -- {"RSA-SHA224", "sha224WithRSAEncryption", NID_sha224WithRSAEncryption, 9, &so[4535]}, -- {"SHA256", "sha256", NID_sha256, 9, &so[4544]}, -- {"SHA384", "sha384", NID_sha384, 9, &so[4553]}, -- {"SHA512", "sha512", NID_sha512, 9, &so[4562]}, -- {"SHA224", "sha224", NID_sha224, 9, &so[4571]}, -- {"identified-organization", "identified-organization", NID_identified_organization, 1, &so[4580]}, -- {"certicom-arc", "certicom-arc", NID_certicom_arc, 3, &so[4581]}, -- {"wap", "wap", NID_wap, 2, &so[4584]}, -- {"wap-wsg", "wap-wsg", NID_wap_wsg, 3, &so[4586]}, -- {"id-characteristic-two-basis", "id-characteristic-two-basis", NID_X9_62_id_characteristic_two_basis, 8, &so[4589]}, -- {"onBasis", "onBasis", NID_X9_62_onBasis, 9, &so[4597]}, -- {"tpBasis", "tpBasis", NID_X9_62_tpBasis, 9, &so[4606]}, -- {"ppBasis", "ppBasis", NID_X9_62_ppBasis, 9, &so[4615]}, -- {"c2pnb163v1", "c2pnb163v1", NID_X9_62_c2pnb163v1, 8, &so[4624]}, -- {"c2pnb163v2", "c2pnb163v2", NID_X9_62_c2pnb163v2, 8, &so[4632]}, -- {"c2pnb163v3", "c2pnb163v3", NID_X9_62_c2pnb163v3, 8, &so[4640]}, -- {"c2pnb176v1", "c2pnb176v1", NID_X9_62_c2pnb176v1, 8, &so[4648]}, -- {"c2tnb191v1", "c2tnb191v1", NID_X9_62_c2tnb191v1, 8, &so[4656]}, -- {"c2tnb191v2", "c2tnb191v2", NID_X9_62_c2tnb191v2, 8, &so[4664]}, -- {"c2tnb191v3", "c2tnb191v3", NID_X9_62_c2tnb191v3, 8, &so[4672]}, -- {"c2onb191v4", "c2onb191v4", NID_X9_62_c2onb191v4, 8, &so[4680]}, -- {"c2onb191v5", "c2onb191v5", NID_X9_62_c2onb191v5, 8, &so[4688]}, -- {"c2pnb208w1", "c2pnb208w1", NID_X9_62_c2pnb208w1, 8, &so[4696]}, -- {"c2tnb239v1", "c2tnb239v1", NID_X9_62_c2tnb239v1, 8, &so[4704]}, -- {"c2tnb239v2", "c2tnb239v2", NID_X9_62_c2tnb239v2, 8, &so[4712]}, -- {"c2tnb239v3", "c2tnb239v3", NID_X9_62_c2tnb239v3, 8, &so[4720]}, -- {"c2onb239v4", "c2onb239v4", NID_X9_62_c2onb239v4, 8, &so[4728]}, -- {"c2onb239v5", "c2onb239v5", NID_X9_62_c2onb239v5, 8, &so[4736]}, -- {"c2pnb272w1", "c2pnb272w1", NID_X9_62_c2pnb272w1, 8, &so[4744]}, -- {"c2pnb304w1", "c2pnb304w1", NID_X9_62_c2pnb304w1, 8, &so[4752]}, -- {"c2tnb359v1", "c2tnb359v1", NID_X9_62_c2tnb359v1, 8, &so[4760]}, -- {"c2pnb368w1", "c2pnb368w1", NID_X9_62_c2pnb368w1, 8, &so[4768]}, -- {"c2tnb431r1", "c2tnb431r1", NID_X9_62_c2tnb431r1, 8, &so[4776]}, -- {"secp112r1", "secp112r1", NID_secp112r1, 5, &so[4784]}, -- {"secp112r2", "secp112r2", NID_secp112r2, 5, &so[4789]}, -- {"secp128r1", "secp128r1", NID_secp128r1, 5, &so[4794]}, -- {"secp128r2", "secp128r2", NID_secp128r2, 5, &so[4799]}, -- {"secp160k1", "secp160k1", NID_secp160k1, 5, &so[4804]}, -- {"secp160r1", "secp160r1", NID_secp160r1, 5, &so[4809]}, -- {"secp160r2", "secp160r2", NID_secp160r2, 5, &so[4814]}, -- {"secp192k1", "secp192k1", NID_secp192k1, 5, &so[4819]}, -- {"secp224k1", "secp224k1", NID_secp224k1, 5, &so[4824]}, -- {"secp224r1", "secp224r1", NID_secp224r1, 5, &so[4829]}, -- {"secp256k1", "secp256k1", NID_secp256k1, 5, &so[4834]}, -- {"secp384r1", "secp384r1", NID_secp384r1, 5, &so[4839]}, -- {"secp521r1", "secp521r1", NID_secp521r1, 5, &so[4844]}, -- {"sect113r1", "sect113r1", NID_sect113r1, 5, &so[4849]}, -- {"sect113r2", "sect113r2", NID_sect113r2, 5, &so[4854]}, -- {"sect131r1", "sect131r1", NID_sect131r1, 5, &so[4859]}, -- {"sect131r2", "sect131r2", NID_sect131r2, 5, &so[4864]}, -- {"sect163k1", "sect163k1", NID_sect163k1, 5, &so[4869]}, -- {"sect163r1", "sect163r1", NID_sect163r1, 5, &so[4874]}, -- {"sect163r2", "sect163r2", NID_sect163r2, 5, &so[4879]}, -- {"sect193r1", "sect193r1", NID_sect193r1, 5, &so[4884]}, -- {"sect193r2", "sect193r2", NID_sect193r2, 5, &so[4889]}, -- {"sect233k1", "sect233k1", NID_sect233k1, 5, &so[4894]}, -- {"sect233r1", "sect233r1", NID_sect233r1, 5, &so[4899]}, -- {"sect239k1", "sect239k1", NID_sect239k1, 5, &so[4904]}, -- {"sect283k1", "sect283k1", NID_sect283k1, 5, &so[4909]}, -- {"sect283r1", "sect283r1", NID_sect283r1, 5, &so[4914]}, -- {"sect409k1", "sect409k1", NID_sect409k1, 5, &so[4919]}, -- {"sect409r1", "sect409r1", NID_sect409r1, 5, &so[4924]}, -- {"sect571k1", "sect571k1", NID_sect571k1, 5, &so[4929]}, -- {"sect571r1", "sect571r1", NID_sect571r1, 5, &so[4934]}, -- {"wap-wsg-idm-ecid-wtls1", "wap-wsg-idm-ecid-wtls1", NID_wap_wsg_idm_ecid_wtls1, 5, &so[4939]}, -- {"wap-wsg-idm-ecid-wtls3", "wap-wsg-idm-ecid-wtls3", NID_wap_wsg_idm_ecid_wtls3, 5, &so[4944]}, -- {"wap-wsg-idm-ecid-wtls4", "wap-wsg-idm-ecid-wtls4", NID_wap_wsg_idm_ecid_wtls4, 5, &so[4949]}, -- {"wap-wsg-idm-ecid-wtls5", "wap-wsg-idm-ecid-wtls5", NID_wap_wsg_idm_ecid_wtls5, 5, &so[4954]}, -- {"wap-wsg-idm-ecid-wtls6", "wap-wsg-idm-ecid-wtls6", NID_wap_wsg_idm_ecid_wtls6, 5, &so[4959]}, -- {"wap-wsg-idm-ecid-wtls7", "wap-wsg-idm-ecid-wtls7", NID_wap_wsg_idm_ecid_wtls7, 5, &so[4964]}, -- {"wap-wsg-idm-ecid-wtls8", "wap-wsg-idm-ecid-wtls8", NID_wap_wsg_idm_ecid_wtls8, 5, &so[4969]}, -- {"wap-wsg-idm-ecid-wtls9", "wap-wsg-idm-ecid-wtls9", NID_wap_wsg_idm_ecid_wtls9, 5, &so[4974]}, -- {"wap-wsg-idm-ecid-wtls10", "wap-wsg-idm-ecid-wtls10", NID_wap_wsg_idm_ecid_wtls10, 5, &so[4979]}, -- {"wap-wsg-idm-ecid-wtls11", "wap-wsg-idm-ecid-wtls11", NID_wap_wsg_idm_ecid_wtls11, 5, &so[4984]}, -- {"wap-wsg-idm-ecid-wtls12", "wap-wsg-idm-ecid-wtls12", NID_wap_wsg_idm_ecid_wtls12, 5, &so[4989]}, -- {"anyPolicy", "X509v3 Any Policy", NID_any_policy, 4, &so[4994]}, -- {"policyMappings", "X509v3 Policy Mappings", NID_policy_mappings, 3, &so[4998]}, -- {"inhibitAnyPolicy", "X509v3 Inhibit Any Policy", NID_inhibit_any_policy, 3, &so[5001]}, -- {"Oakley-EC2N-3", "ipsec3", NID_ipsec3}, -- {"Oakley-EC2N-4", "ipsec4", NID_ipsec4}, -- {"CAMELLIA-128-CBC", "camellia-128-cbc", NID_camellia_128_cbc, 11, &so[5004]}, -- {"CAMELLIA-192-CBC", "camellia-192-cbc", NID_camellia_192_cbc, 11, &so[5015]}, -- {"CAMELLIA-256-CBC", "camellia-256-cbc", NID_camellia_256_cbc, 11, &so[5026]}, -- {"CAMELLIA-128-ECB", "camellia-128-ecb", NID_camellia_128_ecb, 8, &so[5037]}, -- {"CAMELLIA-192-ECB", "camellia-192-ecb", NID_camellia_192_ecb, 8, &so[5045]}, -- {"CAMELLIA-256-ECB", "camellia-256-ecb", NID_camellia_256_ecb, 8, &so[5053]}, -- {"CAMELLIA-128-CFB", "camellia-128-cfb", NID_camellia_128_cfb128, 8, &so[5061]}, -- {"CAMELLIA-192-CFB", "camellia-192-cfb", NID_camellia_192_cfb128, 8, &so[5069]}, -- {"CAMELLIA-256-CFB", "camellia-256-cfb", NID_camellia_256_cfb128, 8, &so[5077]}, -- {"CAMELLIA-128-CFB1", "camellia-128-cfb1", NID_camellia_128_cfb1}, -- {"CAMELLIA-192-CFB1", "camellia-192-cfb1", NID_camellia_192_cfb1}, -- {"CAMELLIA-256-CFB1", "camellia-256-cfb1", NID_camellia_256_cfb1}, -- {"CAMELLIA-128-CFB8", "camellia-128-cfb8", NID_camellia_128_cfb8}, -- {"CAMELLIA-192-CFB8", "camellia-192-cfb8", NID_camellia_192_cfb8}, -- {"CAMELLIA-256-CFB8", "camellia-256-cfb8", NID_camellia_256_cfb8}, -- {"CAMELLIA-128-OFB", "camellia-128-ofb", NID_camellia_128_ofb128, 8, &so[5085]}, -- {"CAMELLIA-192-OFB", "camellia-192-ofb", NID_camellia_192_ofb128, 8, &so[5093]}, -- {"CAMELLIA-256-OFB", "camellia-256-ofb", NID_camellia_256_ofb128, 8, &so[5101]}, -- {"subjectDirectoryAttributes", "X509v3 Subject Directory Attributes", NID_subject_directory_attributes, 3, &so[5109]}, -- {"issuingDistributionPoint", "X509v3 Issuing Distribution Point", NID_issuing_distribution_point, 3, &so[5112]}, -- {"certificateIssuer", "X509v3 Certificate Issuer", NID_certificate_issuer, 3, &so[5115]}, -- { NULL, NULL, NID_undef }, -- {"KISA", "kisa", NID_kisa, 6, &so[5118]}, -- { NULL, NULL, NID_undef }, -- { NULL, NULL, NID_undef }, -- {"SEED-ECB", "seed-ecb", NID_seed_ecb, 8, &so[5124]}, -- {"SEED-CBC", "seed-cbc", NID_seed_cbc, 8, &so[5132]}, -- {"SEED-OFB", "seed-ofb", NID_seed_ofb128, 8, &so[5140]}, -- {"SEED-CFB", "seed-cfb", NID_seed_cfb128, 8, &so[5148]}, -- {"HMAC-MD5", "hmac-md5", NID_hmac_md5, 8, &so[5156]}, -- {"HMAC-SHA1", "hmac-sha1", NID_hmac_sha1, 8, &so[5164]}, -- {"id-PasswordBasedMAC", "password based MAC", NID_id_PasswordBasedMAC, 9, &so[5172]}, -- {"id-DHBasedMac", "Diffie-Hellman based MAC", NID_id_DHBasedMac, 9, &so[5181]}, -- {"id-it-suppLangTags", "id-it-suppLangTags", NID_id_it_suppLangTags, 8, &so[5190]}, -- {"caRepository", "CA Repository", NID_caRepository, 8, &so[5198]}, -- {"id-smime-ct-compressedData", "id-smime-ct-compressedData", NID_id_smime_ct_compressedData, 11, &so[5206]}, -- {"id-ct-asciiTextWithCRLF", "id-ct-asciiTextWithCRLF", NID_id_ct_asciiTextWithCRLF, 11, &so[5217]}, -- {"id-aes128-wrap", "id-aes128-wrap", NID_id_aes128_wrap, 9, &so[5228]}, -- {"id-aes192-wrap", "id-aes192-wrap", NID_id_aes192_wrap, 9, &so[5237]}, -- {"id-aes256-wrap", "id-aes256-wrap", NID_id_aes256_wrap, 9, &so[5246]}, -- {"ecdsa-with-Recommended", "ecdsa-with-Recommended", NID_ecdsa_with_Recommended, 7, &so[5255]}, -- {"ecdsa-with-Specified", "ecdsa-with-Specified", NID_ecdsa_with_Specified, 7, &so[5262]}, -- {"ecdsa-with-SHA224", "ecdsa-with-SHA224", NID_ecdsa_with_SHA224, 8, &so[5269]}, -- {"ecdsa-with-SHA256", "ecdsa-with-SHA256", NID_ecdsa_with_SHA256, 8, &so[5277]}, -- {"ecdsa-with-SHA384", "ecdsa-with-SHA384", NID_ecdsa_with_SHA384, 8, &so[5285]}, -- {"ecdsa-with-SHA512", "ecdsa-with-SHA512", NID_ecdsa_with_SHA512, 8, &so[5293]}, -- {"hmacWithMD5", "hmacWithMD5", NID_hmacWithMD5, 8, &so[5301]}, -- {"hmacWithSHA224", "hmacWithSHA224", NID_hmacWithSHA224, 8, &so[5309]}, -- {"hmacWithSHA256", "hmacWithSHA256", NID_hmacWithSHA256, 8, &so[5317]}, -- {"hmacWithSHA384", "hmacWithSHA384", NID_hmacWithSHA384, 8, &so[5325]}, -- {"hmacWithSHA512", "hmacWithSHA512", NID_hmacWithSHA512, 8, &so[5333]}, -- {"dsa_with_SHA224", "dsa_with_SHA224", NID_dsa_with_SHA224, 9, &so[5341]}, -- {"dsa_with_SHA256", "dsa_with_SHA256", NID_dsa_with_SHA256, 9, &so[5350]}, -- {"whirlpool", "whirlpool", NID_whirlpool, 6, &so[5359]}, -- {"cryptopro", "cryptopro", NID_cryptopro, 5, &so[5365]}, -- {"cryptocom", "cryptocom", NID_cryptocom, 5, &so[5370]}, -- {"id-GostR3411-94-with-GostR3410-2001", "GOST R 34.11-94 with GOST R 34.10-2001", NID_id_GostR3411_94_with_GostR3410_2001, 6, &so[5375]}, -- {"id-GostR3411-94-with-GostR3410-94", "GOST R 34.11-94 with GOST R 34.10-94", NID_id_GostR3411_94_with_GostR3410_94, 6, &so[5381]}, -- {"md_gost94", "GOST R 34.11-94", NID_id_GostR3411_94, 6, &so[5387]}, -- {"id-HMACGostR3411-94", "HMAC GOST 34.11-94", NID_id_HMACGostR3411_94, 6, &so[5393]}, -- {"gost2001", "GOST R 34.10-2001", NID_id_GostR3410_2001, 6, &so[5399]}, -- {"gost94", "GOST R 34.10-94", NID_id_GostR3410_94, 6, &so[5405]}, -- {"gost89", "GOST 28147-89", NID_id_Gost28147_89, 6, &so[5411]}, -- {"gost89-cnt", "gost89-cnt", NID_gost89_cnt}, -- {"gost-mac", "GOST 28147-89 MAC", NID_id_Gost28147_89_MAC, 6, &so[5417]}, -- {"prf-gostr3411-94", "GOST R 34.11-94 PRF", NID_id_GostR3411_94_prf, 6, &so[5423]}, -- {"id-GostR3410-2001DH", "GOST R 34.10-2001 DH", NID_id_GostR3410_2001DH, 6, &so[5429]}, -- {"id-GostR3410-94DH", "GOST R 34.10-94 DH", NID_id_GostR3410_94DH, 6, &so[5435]}, -- {"id-Gost28147-89-CryptoPro-KeyMeshing", "id-Gost28147-89-CryptoPro-KeyMeshing", NID_id_Gost28147_89_CryptoPro_KeyMeshing, 7, &so[5441]}, -- {"id-Gost28147-89-None-KeyMeshing", "id-Gost28147-89-None-KeyMeshing", NID_id_Gost28147_89_None_KeyMeshing, 7, &so[5448]}, -- {"id-GostR3411-94-TestParamSet", "id-GostR3411-94-TestParamSet", NID_id_GostR3411_94_TestParamSet, 7, &so[5455]}, -- {"id-GostR3411-94-CryptoProParamSet", "id-GostR3411-94-CryptoProParamSet", NID_id_GostR3411_94_CryptoProParamSet, 7, &so[5462]}, -- {"id-Gost28147-89-TestParamSet", "id-Gost28147-89-TestParamSet", NID_id_Gost28147_89_TestParamSet, 7, &so[5469]}, -- {"id-Gost28147-89-CryptoPro-A-ParamSet", "id-Gost28147-89-CryptoPro-A-ParamSet", NID_id_Gost28147_89_CryptoPro_A_ParamSet, 7, &so[5476]}, -- {"id-Gost28147-89-CryptoPro-B-ParamSet", "id-Gost28147-89-CryptoPro-B-ParamSet", NID_id_Gost28147_89_CryptoPro_B_ParamSet, 7, &so[5483]}, -- {"id-Gost28147-89-CryptoPro-C-ParamSet", "id-Gost28147-89-CryptoPro-C-ParamSet", NID_id_Gost28147_89_CryptoPro_C_ParamSet, 7, &so[5490]}, -- {"id-Gost28147-89-CryptoPro-D-ParamSet", "id-Gost28147-89-CryptoPro-D-ParamSet", NID_id_Gost28147_89_CryptoPro_D_ParamSet, 7, &so[5497]}, -- {"id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet", "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet", NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet, 7, &so[5504]}, -- {"id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet", "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet", NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet, 7, &so[5511]}, -- {"id-Gost28147-89-CryptoPro-RIC-1-ParamSet", "id-Gost28147-89-CryptoPro-RIC-1-ParamSet", NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet, 7, &so[5518]}, -- {"id-GostR3410-94-TestParamSet", "id-GostR3410-94-TestParamSet", NID_id_GostR3410_94_TestParamSet, 7, &so[5525]}, -- {"id-GostR3410-94-CryptoPro-A-ParamSet", "id-GostR3410-94-CryptoPro-A-ParamSet", NID_id_GostR3410_94_CryptoPro_A_ParamSet, 7, &so[5532]}, -- {"id-GostR3410-94-CryptoPro-B-ParamSet", "id-GostR3410-94-CryptoPro-B-ParamSet", NID_id_GostR3410_94_CryptoPro_B_ParamSet, 7, &so[5539]}, -- {"id-GostR3410-94-CryptoPro-C-ParamSet", "id-GostR3410-94-CryptoPro-C-ParamSet", NID_id_GostR3410_94_CryptoPro_C_ParamSet, 7, &so[5546]}, -- {"id-GostR3410-94-CryptoPro-D-ParamSet", "id-GostR3410-94-CryptoPro-D-ParamSet", NID_id_GostR3410_94_CryptoPro_D_ParamSet, 7, &so[5553]}, -- {"id-GostR3410-94-CryptoPro-XchA-ParamSet", "id-GostR3410-94-CryptoPro-XchA-ParamSet", NID_id_GostR3410_94_CryptoPro_XchA_ParamSet, 7, &so[5560]}, -- {"id-GostR3410-94-CryptoPro-XchB-ParamSet", "id-GostR3410-94-CryptoPro-XchB-ParamSet", NID_id_GostR3410_94_CryptoPro_XchB_ParamSet, 7, &so[5567]}, -- {"id-GostR3410-94-CryptoPro-XchC-ParamSet", "id-GostR3410-94-CryptoPro-XchC-ParamSet", NID_id_GostR3410_94_CryptoPro_XchC_ParamSet, 7, &so[5574]}, -- {"id-GostR3410-2001-TestParamSet", "id-GostR3410-2001-TestParamSet", NID_id_GostR3410_2001_TestParamSet, 7, &so[5581]}, -- {"id-GostR3410-2001-CryptoPro-A-ParamSet", "id-GostR3410-2001-CryptoPro-A-ParamSet", NID_id_GostR3410_2001_CryptoPro_A_ParamSet, 7, &so[5588]}, -- {"id-GostR3410-2001-CryptoPro-B-ParamSet", "id-GostR3410-2001-CryptoPro-B-ParamSet", NID_id_GostR3410_2001_CryptoPro_B_ParamSet, 7, &so[5595]}, -- {"id-GostR3410-2001-CryptoPro-C-ParamSet", "id-GostR3410-2001-CryptoPro-C-ParamSet", NID_id_GostR3410_2001_CryptoPro_C_ParamSet, 7, &so[5602]}, -- {"id-GostR3410-2001-CryptoPro-XchA-ParamSet", "id-GostR3410-2001-CryptoPro-XchA-ParamSet", NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet, 7, &so[5609]}, -- {"id-GostR3410-2001-CryptoPro-XchB-ParamSet", "id-GostR3410-2001-CryptoPro-XchB-ParamSet", NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet, 7, &so[5616]}, -- {"id-GostR3410-94-a", "id-GostR3410-94-a", NID_id_GostR3410_94_a, 7, &so[5623]}, -- {"id-GostR3410-94-aBis", "id-GostR3410-94-aBis", NID_id_GostR3410_94_aBis, 7, &so[5630]}, -- {"id-GostR3410-94-b", "id-GostR3410-94-b", NID_id_GostR3410_94_b, 7, &so[5637]}, -- {"id-GostR3410-94-bBis", "id-GostR3410-94-bBis", NID_id_GostR3410_94_bBis, 7, &so[5644]}, -- {"id-Gost28147-89-cc", "GOST 28147-89 Cryptocom ParamSet", NID_id_Gost28147_89_cc, 8, &so[5651]}, -- {"gost94cc", "GOST 34.10-94 Cryptocom", NID_id_GostR3410_94_cc, 8, &so[5659]}, -- {"gost2001cc", "GOST 34.10-2001 Cryptocom", NID_id_GostR3410_2001_cc, 8, &so[5667]}, -- {"id-GostR3411-94-with-GostR3410-94-cc", "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom", NID_id_GostR3411_94_with_GostR3410_94_cc, 8, &so[5675]}, -- {"id-GostR3411-94-with-GostR3410-2001-cc", "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom", NID_id_GostR3411_94_with_GostR3410_2001_cc, 8, &so[5683]}, -- {"id-GostR3410-2001-ParamSet-cc", "GOST R 3410-2001 Parameter Set Cryptocom", NID_id_GostR3410_2001_ParamSet_cc, 8, &so[5691]}, -- {"HMAC", "hmac", NID_hmac}, -- {"LocalKeySet", "Microsoft Local Key set", NID_LocalKeySet, 9, &so[5699]}, -- {"freshestCRL", "X509v3 Freshest CRL", NID_freshest_crl, 3, &so[5708]}, -- {"id-on-permanentIdentifier", "Permanent Identifier", NID_id_on_permanentIdentifier, 8, &so[5711]}, -- {"searchGuide", "searchGuide", NID_searchGuide, 3, &so[5719]}, -- {"businessCategory", "businessCategory", NID_businessCategory, 3, &so[5722]}, -- {"postalAddress", "postalAddress", NID_postalAddress, 3, &so[5725]}, -- {"postOfficeBox", "postOfficeBox", NID_postOfficeBox, 3, &so[5728]}, -- {"physicalDeliveryOfficeName", "physicalDeliveryOfficeName", NID_physicalDeliveryOfficeName, 3, &so[5731]}, -- {"telephoneNumber", "telephoneNumber", NID_telephoneNumber, 3, &so[5734]}, -- {"telexNumber", "telexNumber", NID_telexNumber, 3, &so[5737]}, -- {"teletexTerminalIdentifier", "teletexTerminalIdentifier", NID_teletexTerminalIdentifier, 3, &so[5740]}, -- {"facsimileTelephoneNumber", "facsimileTelephoneNumber", NID_facsimileTelephoneNumber, 3, &so[5743]}, -- {"x121Address", "x121Address", NID_x121Address, 3, &so[5746]}, -- {"internationaliSDNNumber", "internationaliSDNNumber", NID_internationaliSDNNumber, 3, &so[5749]}, -- {"registeredAddress", "registeredAddress", NID_registeredAddress, 3, &so[5752]}, -- {"destinationIndicator", "destinationIndicator", NID_destinationIndicator, 3, &so[5755]}, -- {"preferredDeliveryMethod", "preferredDeliveryMethod", NID_preferredDeliveryMethod, 3, &so[5758]}, -- {"presentationAddress", "presentationAddress", NID_presentationAddress, 3, &so[5761]}, -- {"supportedApplicationContext", "supportedApplicationContext", NID_supportedApplicationContext, 3, &so[5764]}, -- {"member", "member", NID_member, 3, &so[5767]}, -- {"owner", "owner", NID_owner, 3, &so[5770]}, -- {"roleOccupant", "roleOccupant", NID_roleOccupant, 3, &so[5773]}, -- {"seeAlso", "seeAlso", NID_seeAlso, 3, &so[5776]}, -- {"userPassword", "userPassword", NID_userPassword, 3, &so[5779]}, -- {"userCertificate", "userCertificate", NID_userCertificate, 3, &so[5782]}, -- {"cACertificate", "cACertificate", NID_cACertificate, 3, &so[5785]}, -- {"authorityRevocationList", "authorityRevocationList", NID_authorityRevocationList, 3, &so[5788]}, -- {"certificateRevocationList", "certificateRevocationList", NID_certificateRevocationList, 3, &so[5791]}, -- {"crossCertificatePair", "crossCertificatePair", NID_crossCertificatePair, 3, &so[5794]}, -- {"enhancedSearchGuide", "enhancedSearchGuide", NID_enhancedSearchGuide, 3, &so[5797]}, -- {"protocolInformation", "protocolInformation", NID_protocolInformation, 3, &so[5800]}, -- {"distinguishedName", "distinguishedName", NID_distinguishedName, 3, &so[5803]}, -- {"uniqueMember", "uniqueMember", NID_uniqueMember, 3, &so[5806]}, -- {"houseIdentifier", "houseIdentifier", NID_houseIdentifier, 3, &so[5809]}, -- {"supportedAlgorithms", "supportedAlgorithms", NID_supportedAlgorithms, 3, &so[5812]}, -- {"deltaRevocationList", "deltaRevocationList", NID_deltaRevocationList, 3, &so[5815]}, -- {"dmdName", "dmdName", NID_dmdName, 3, &so[5818]}, -- {"id-alg-PWRI-KEK", "id-alg-PWRI-KEK", NID_id_alg_PWRI_KEK, 11, &so[5821]}, -- {"CMAC", "cmac", NID_cmac}, -- {"id-aes128-GCM", "aes-128-gcm", NID_aes_128_gcm, 9, &so[5832]}, -- {"id-aes128-CCM", "aes-128-ccm", NID_aes_128_ccm, 9, &so[5841]}, -- {"id-aes128-wrap-pad", "id-aes128-wrap-pad", NID_id_aes128_wrap_pad, 9, &so[5850]}, -- {"id-aes192-GCM", "aes-192-gcm", NID_aes_192_gcm, 9, &so[5859]}, -- {"id-aes192-CCM", "aes-192-ccm", NID_aes_192_ccm, 9, &so[5868]}, -- {"id-aes192-wrap-pad", "id-aes192-wrap-pad", NID_id_aes192_wrap_pad, 9, &so[5877]}, -- {"id-aes256-GCM", "aes-256-gcm", NID_aes_256_gcm, 9, &so[5886]}, -- {"id-aes256-CCM", "aes-256-ccm", NID_aes_256_ccm, 9, &so[5895]}, -- {"id-aes256-wrap-pad", "id-aes256-wrap-pad", NID_id_aes256_wrap_pad, 9, &so[5904]}, -- {"AES-128-CTR", "aes-128-ctr", NID_aes_128_ctr}, -- {"AES-192-CTR", "aes-192-ctr", NID_aes_192_ctr}, -- {"AES-256-CTR", "aes-256-ctr", NID_aes_256_ctr}, -- {"id-camellia128-wrap", "id-camellia128-wrap", NID_id_camellia128_wrap, 11, &so[5913]}, -- {"id-camellia192-wrap", "id-camellia192-wrap", NID_id_camellia192_wrap, 11, &so[5924]}, -- {"id-camellia256-wrap", "id-camellia256-wrap", NID_id_camellia256_wrap, 11, &so[5935]}, -- {"anyExtendedKeyUsage", "Any Extended Key Usage", NID_anyExtendedKeyUsage, 4, &so[5946]}, -- {"MGF1", "mgf1", NID_mgf1, 9, &so[5950]}, -- {"RSASSA-PSS", "rsassaPss", NID_rsassaPss, 9, &so[5959]}, -- {"AES-128-XTS", "aes-128-xts", NID_aes_128_xts}, -- {"AES-256-XTS", "aes-256-xts", NID_aes_256_xts}, -- {"RC4-HMAC-MD5", "rc4-hmac-md5", NID_rc4_hmac_md5}, -- {"AES-128-CBC-HMAC-SHA1", "aes-128-cbc-hmac-sha1", NID_aes_128_cbc_hmac_sha1}, -- {"AES-192-CBC-HMAC-SHA1", "aes-192-cbc-hmac-sha1", NID_aes_192_cbc_hmac_sha1}, -- {"AES-256-CBC-HMAC-SHA1", "aes-256-cbc-hmac-sha1", NID_aes_256_cbc_hmac_sha1}, -- {"RSAES-OAEP", "rsaesOaep", NID_rsaesOaep, 9, &so[5968]}, -- {"dhpublicnumber", "X9.42 DH", NID_dhpublicnumber, 7, &so[5977]}, -- {"brainpoolP160r1", "brainpoolP160r1", NID_brainpoolP160r1, 9, &so[5984]}, -- {"brainpoolP160t1", "brainpoolP160t1", NID_brainpoolP160t1, 9, &so[5993]}, -- {"brainpoolP192r1", "brainpoolP192r1", NID_brainpoolP192r1, 9, &so[6002]}, -- {"brainpoolP192t1", "brainpoolP192t1", NID_brainpoolP192t1, 9, &so[6011]}, -- {"brainpoolP224r1", "brainpoolP224r1", NID_brainpoolP224r1, 9, &so[6020]}, -- {"brainpoolP224t1", "brainpoolP224t1", NID_brainpoolP224t1, 9, &so[6029]}, -- {"brainpoolP256r1", "brainpoolP256r1", NID_brainpoolP256r1, 9, &so[6038]}, -- {"brainpoolP256t1", "brainpoolP256t1", NID_brainpoolP256t1, 9, &so[6047]}, -- {"brainpoolP320r1", "brainpoolP320r1", NID_brainpoolP320r1, 9, &so[6056]}, -- {"brainpoolP320t1", "brainpoolP320t1", NID_brainpoolP320t1, 9, &so[6065]}, -- {"brainpoolP384r1", "brainpoolP384r1", NID_brainpoolP384r1, 9, &so[6074]}, -- {"brainpoolP384t1", "brainpoolP384t1", NID_brainpoolP384t1, 9, &so[6083]}, -- {"brainpoolP512r1", "brainpoolP512r1", NID_brainpoolP512r1, 9, &so[6092]}, -- {"brainpoolP512t1", "brainpoolP512t1", NID_brainpoolP512t1, 9, &so[6101]}, -- {"PSPECIFIED", "pSpecified", NID_pSpecified, 9, &so[6110]}, -- {"dhSinglePass-stdDH-sha1kdf-scheme", "dhSinglePass-stdDH-sha1kdf-scheme", NID_dhSinglePass_stdDH_sha1kdf_scheme, 9, &so[6119]}, -- {"dhSinglePass-stdDH-sha224kdf-scheme", "dhSinglePass-stdDH-sha224kdf-scheme", NID_dhSinglePass_stdDH_sha224kdf_scheme, 6, &so[6128]}, -- {"dhSinglePass-stdDH-sha256kdf-scheme", "dhSinglePass-stdDH-sha256kdf-scheme", NID_dhSinglePass_stdDH_sha256kdf_scheme, 6, &so[6134]}, -- {"dhSinglePass-stdDH-sha384kdf-scheme", "dhSinglePass-stdDH-sha384kdf-scheme", NID_dhSinglePass_stdDH_sha384kdf_scheme, 6, &so[6140]}, -- {"dhSinglePass-stdDH-sha512kdf-scheme", "dhSinglePass-stdDH-sha512kdf-scheme", NID_dhSinglePass_stdDH_sha512kdf_scheme, 6, &so[6146]}, -- {"dhSinglePass-cofactorDH-sha1kdf-scheme", "dhSinglePass-cofactorDH-sha1kdf-scheme", NID_dhSinglePass_cofactorDH_sha1kdf_scheme, 9, &so[6152]}, -- {"dhSinglePass-cofactorDH-sha224kdf-scheme", "dhSinglePass-cofactorDH-sha224kdf-scheme", NID_dhSinglePass_cofactorDH_sha224kdf_scheme, 6, &so[6161]}, -- {"dhSinglePass-cofactorDH-sha256kdf-scheme", "dhSinglePass-cofactorDH-sha256kdf-scheme", NID_dhSinglePass_cofactorDH_sha256kdf_scheme, 6, &so[6167]}, -- {"dhSinglePass-cofactorDH-sha384kdf-scheme", "dhSinglePass-cofactorDH-sha384kdf-scheme", NID_dhSinglePass_cofactorDH_sha384kdf_scheme, 6, &so[6173]}, -- {"dhSinglePass-cofactorDH-sha512kdf-scheme", "dhSinglePass-cofactorDH-sha512kdf-scheme", NID_dhSinglePass_cofactorDH_sha512kdf_scheme, 6, &so[6179]}, -- {"dh-std-kdf", "dh-std-kdf", NID_dh_std_kdf}, -- {"dh-cofactor-kdf", "dh-cofactor-kdf", NID_dh_cofactor_kdf}, -- {"AES-128-CBC-HMAC-SHA256", "aes-128-cbc-hmac-sha256", NID_aes_128_cbc_hmac_sha256}, -- {"AES-192-CBC-HMAC-SHA256", "aes-192-cbc-hmac-sha256", NID_aes_192_cbc_hmac_sha256}, -- {"AES-256-CBC-HMAC-SHA256", "aes-256-cbc-hmac-sha256", NID_aes_256_cbc_hmac_sha256}, -- {"ct_precert_scts", "CT Precertificate SCTs", NID_ct_precert_scts, 10, &so[6185]}, -- {"ct_precert_poison", "CT Precertificate Poison", NID_ct_precert_poison, 10, &so[6195]}, -- {"ct_precert_signer", "CT Precertificate Signer", NID_ct_precert_signer, 10, &so[6205]}, -- {"ct_cert_scts", "CT Certificate SCTs", NID_ct_cert_scts, 10, &so[6215]}, -- {"jurisdictionL", "jurisdictionLocalityName", NID_jurisdictionLocalityName, 11, &so[6225]}, -- {"jurisdictionST", "jurisdictionStateOrProvinceName", NID_jurisdictionStateOrProvinceName, 11, &so[6236]}, -- {"jurisdictionC", "jurisdictionCountryName", NID_jurisdictionCountryName, 11, &so[6247]}, -- {"AES-128-OCB", "aes-128-ocb", NID_aes_128_ocb}, -- {"AES-192-OCB", "aes-192-ocb", NID_aes_192_ocb}, -- {"AES-256-OCB", "aes-256-ocb", NID_aes_256_ocb}, -- {"CAMELLIA-128-GCM", "camellia-128-gcm", NID_camellia_128_gcm, 8, &so[6258]}, -- {"CAMELLIA-128-CCM", "camellia-128-ccm", NID_camellia_128_ccm, 8, &so[6266]}, -- {"CAMELLIA-128-CTR", "camellia-128-ctr", NID_camellia_128_ctr, 8, &so[6274]}, -- {"CAMELLIA-128-CMAC", "camellia-128-cmac", NID_camellia_128_cmac, 8, &so[6282]}, -- {"CAMELLIA-192-GCM", "camellia-192-gcm", NID_camellia_192_gcm, 8, &so[6290]}, -- {"CAMELLIA-192-CCM", "camellia-192-ccm", NID_camellia_192_ccm, 8, &so[6298]}, -- {"CAMELLIA-192-CTR", "camellia-192-ctr", NID_camellia_192_ctr, 8, &so[6306]}, -- {"CAMELLIA-192-CMAC", "camellia-192-cmac", NID_camellia_192_cmac, 8, &so[6314]}, -- {"CAMELLIA-256-GCM", "camellia-256-gcm", NID_camellia_256_gcm, 8, &so[6322]}, -- {"CAMELLIA-256-CCM", "camellia-256-ccm", NID_camellia_256_ccm, 8, &so[6330]}, -- {"CAMELLIA-256-CTR", "camellia-256-ctr", NID_camellia_256_ctr, 8, &so[6338]}, -- {"CAMELLIA-256-CMAC", "camellia-256-cmac", NID_camellia_256_cmac, 8, &so[6346]}, -- {"id-scrypt", "id-scrypt", NID_id_scrypt, 9, &so[6354]}, -- {"id-tc26", "id-tc26", NID_id_tc26, 5, &so[6363]}, -- {"gost89-cnt-12", "gost89-cnt-12", NID_gost89_cnt_12}, -- {"gost-mac-12", "gost-mac-12", NID_gost_mac_12}, -- {"id-tc26-algorithms", "id-tc26-algorithms", NID_id_tc26_algorithms, 6, &so[6368]}, -- {"id-tc26-sign", "id-tc26-sign", NID_id_tc26_sign, 7, &so[6374]}, -- {"gost2012_256", "GOST R 34.10-2012 with 256 bit modulus", NID_id_GostR3410_2012_256, 8, &so[6381]}, -- {"gost2012_512", "GOST R 34.10-2012 with 512 bit modulus", NID_id_GostR3410_2012_512, 8, &so[6389]}, -- {"id-tc26-digest", "id-tc26-digest", NID_id_tc26_digest, 7, &so[6397]}, -- {"md_gost12_256", "GOST R 34.11-2012 with 256 bit hash", NID_id_GostR3411_2012_256, 8, &so[6404]}, -- {"md_gost12_512", "GOST R 34.11-2012 with 512 bit hash", NID_id_GostR3411_2012_512, 8, &so[6412]}, -- {"id-tc26-signwithdigest", "id-tc26-signwithdigest", NID_id_tc26_signwithdigest, 7, &so[6420]}, -- {"id-tc26-signwithdigest-gost3410-2012-256", "GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)", NID_id_tc26_signwithdigest_gost3410_2012_256, 8, &so[6427]}, -- {"id-tc26-signwithdigest-gost3410-2012-512", "GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)", NID_id_tc26_signwithdigest_gost3410_2012_512, 8, &so[6435]}, -- {"id-tc26-mac", "id-tc26-mac", NID_id_tc26_mac, 7, &so[6443]}, -- {"id-tc26-hmac-gost-3411-2012-256", "HMAC GOST 34.11-2012 256 bit", NID_id_tc26_hmac_gost_3411_2012_256, 8, &so[6450]}, -- {"id-tc26-hmac-gost-3411-2012-512", "HMAC GOST 34.11-2012 512 bit", NID_id_tc26_hmac_gost_3411_2012_512, 8, &so[6458]}, -- {"id-tc26-cipher", "id-tc26-cipher", NID_id_tc26_cipher, 7, &so[6466]}, -- {"id-tc26-agreement", "id-tc26-agreement", NID_id_tc26_agreement, 7, &so[6473]}, -- {"id-tc26-agreement-gost-3410-2012-256", "id-tc26-agreement-gost-3410-2012-256", NID_id_tc26_agreement_gost_3410_2012_256, 8, &so[6480]}, -- {"id-tc26-agreement-gost-3410-2012-512", "id-tc26-agreement-gost-3410-2012-512", NID_id_tc26_agreement_gost_3410_2012_512, 8, &so[6488]}, -- {"id-tc26-constants", "id-tc26-constants", NID_id_tc26_constants, 6, &so[6496]}, -- {"id-tc26-sign-constants", "id-tc26-sign-constants", NID_id_tc26_sign_constants, 7, &so[6502]}, -- {"id-tc26-gost-3410-2012-512-constants", "id-tc26-gost-3410-2012-512-constants", NID_id_tc26_gost_3410_2012_512_constants, 8, &so[6509]}, -- {"id-tc26-gost-3410-2012-512-paramSetTest", "GOST R 34.10-2012 (512 bit) testing parameter set", NID_id_tc26_gost_3410_2012_512_paramSetTest, 9, &so[6517]}, -- {"id-tc26-gost-3410-2012-512-paramSetA", "GOST R 34.10-2012 (512 bit) ParamSet A", NID_id_tc26_gost_3410_2012_512_paramSetA, 9, &so[6526]}, -- {"id-tc26-gost-3410-2012-512-paramSetB", "GOST R 34.10-2012 (512 bit) ParamSet B", NID_id_tc26_gost_3410_2012_512_paramSetB, 9, &so[6535]}, -- {"id-tc26-digest-constants", "id-tc26-digest-constants", NID_id_tc26_digest_constants, 7, &so[6544]}, -- {"id-tc26-cipher-constants", "id-tc26-cipher-constants", NID_id_tc26_cipher_constants, 7, &so[6551]}, -- {"id-tc26-gost-28147-constants", "id-tc26-gost-28147-constants", NID_id_tc26_gost_28147_constants, 8, &so[6558]}, -- {"id-tc26-gost-28147-param-Z", "GOST 28147-89 TC26 parameter set", NID_id_tc26_gost_28147_param_Z, 9, &so[6566]}, -- {"INN", "INN", NID_INN, 8, &so[6575]}, -- {"OGRN", "OGRN", NID_OGRN, 5, &so[6583]}, -- {"SNILS", "SNILS", NID_SNILS, 5, &so[6588]}, -- {"subjectSignTool", "Signing Tool of Subject", NID_subjectSignTool, 5, &so[6593]}, -- {"issuerSignTool", "Signing Tool of Issuer", NID_issuerSignTool, 5, &so[6598]}, -- {"gost89-cbc", "gost89-cbc", NID_gost89_cbc}, -- {"gost89-ecb", "gost89-ecb", NID_gost89_ecb}, -- {"gost89-ctr", "gost89-ctr", NID_gost89_ctr}, -- {"grasshopper-ecb", "grasshopper-ecb", NID_grasshopper_ecb}, -- {"grasshopper-ctr", "grasshopper-ctr", NID_grasshopper_ctr}, -- {"grasshopper-ofb", "grasshopper-ofb", NID_grasshopper_ofb}, -- {"grasshopper-cbc", "grasshopper-cbc", NID_grasshopper_cbc}, -- {"grasshopper-cfb", "grasshopper-cfb", NID_grasshopper_cfb}, -- {"grasshopper-mac", "grasshopper-mac", NID_grasshopper_mac}, -- {"ChaCha20-Poly1305", "chacha20-poly1305", NID_chacha20_poly1305}, -- {"ChaCha20", "chacha20", NID_chacha20}, -- {"tlsfeature", "TLS Feature", NID_tlsfeature, 8, &so[6603]}, -- {"TLS1-PRF", "tls1-prf", NID_tls1_prf}, -- {"ipsecIKE", "ipsec Internet Key Exchange", NID_ipsec_IKE, 8, &so[6611]}, -- {"capwapAC", "Ctrl/provision WAP Access", NID_capwapAC, 8, &so[6619]}, -- {"capwapWTP", "Ctrl/Provision WAP Termination", NID_capwapWTP, 8, &so[6627]}, -- {"secureShellClient", "SSH Client", NID_sshClient, 8, &so[6635]}, -- {"secureShellServer", "SSH Server", NID_sshServer, 8, &so[6643]}, -- {"sendRouter", "Send Router", NID_sendRouter, 8, &so[6651]}, -- {"sendProxiedRouter", "Send Proxied Router", NID_sendProxiedRouter, 8, &so[6659]}, -- {"sendOwner", "Send Owner", NID_sendOwner, 8, &so[6667]}, -- {"sendProxiedOwner", "Send Proxied Owner", NID_sendProxiedOwner, 8, &so[6675]}, -- {"id-pkinit", "id-pkinit", NID_id_pkinit, 6, &so[6683]}, -- {"pkInitClientAuth", "PKINIT Client Auth", NID_pkInitClientAuth, 7, &so[6689]}, -- {"pkInitKDC", "Signing KDC Response", NID_pkInitKDC, 7, &so[6696]}, -- {"X25519", "X25519", NID_X25519, 3, &so[6703]}, -- {"X448", "X448", NID_X448, 3, &so[6706]}, -- {"HKDF", "hkdf", NID_hkdf}, -- {"KxRSA", "kx-rsa", NID_kx_rsa}, -- {"KxECDHE", "kx-ecdhe", NID_kx_ecdhe}, -- {"KxDHE", "kx-dhe", NID_kx_dhe}, -- {"KxECDHE-PSK", "kx-ecdhe-psk", NID_kx_ecdhe_psk}, -- {"KxDHE-PSK", "kx-dhe-psk", NID_kx_dhe_psk}, -- {"KxRSA_PSK", "kx-rsa-psk", NID_kx_rsa_psk}, -- {"KxPSK", "kx-psk", NID_kx_psk}, -- {"KxSRP", "kx-srp", NID_kx_srp}, -- {"KxGOST", "kx-gost", NID_kx_gost}, -- {"AuthRSA", "auth-rsa", NID_auth_rsa}, -- {"AuthECDSA", "auth-ecdsa", NID_auth_ecdsa}, -- {"AuthPSK", "auth-psk", NID_auth_psk}, -- {"AuthDSS", "auth-dss", NID_auth_dss}, -- {"AuthGOST01", "auth-gost01", NID_auth_gost01}, -- {"AuthGOST12", "auth-gost12", NID_auth_gost12}, -- {"AuthSRP", "auth-srp", NID_auth_srp}, -- {"AuthNULL", "auth-null", NID_auth_null}, -- { NULL, NULL, NID_undef }, -- { NULL, NULL, NID_undef }, -- {"BLAKE2b512", "blake2b512", NID_blake2b512, 11, &so[6709]}, -- {"BLAKE2s256", "blake2s256", NID_blake2s256, 11, &so[6720]}, -- {"id-smime-ct-contentCollection", "id-smime-ct-contentCollection", NID_id_smime_ct_contentCollection, 11, &so[6731]}, -- {"id-smime-ct-authEnvelopedData", "id-smime-ct-authEnvelopedData", NID_id_smime_ct_authEnvelopedData, 11, &so[6742]}, -- {"id-ct-xml", "id-ct-xml", NID_id_ct_xml, 11, &so[6753]}, -+static const ASN1_OBJECT nid_objs[NUM_NID]={ -+{"UNDEF","undefined",NID_undef,0,NULL,0}, -+{"rsadsi","RSA Data Security, Inc.",NID_rsadsi,6,&(lvalues[0]),0}, -+{"pkcs","RSA Data Security, Inc. PKCS",NID_pkcs,7,&(lvalues[6]),0}, -+{"MD2","md2",NID_md2,8,&(lvalues[13]),0}, -+{"MD5","md5",NID_md5,8,&(lvalues[21]),0}, -+{"RC4","rc4",NID_rc4,8,&(lvalues[29]),0}, -+{"rsaEncryption","rsaEncryption",NID_rsaEncryption,9,&(lvalues[37]),0}, -+{"RSA-MD2","md2WithRSAEncryption",NID_md2WithRSAEncryption,9, -+ &(lvalues[46]),0}, -+{"RSA-MD5","md5WithRSAEncryption",NID_md5WithRSAEncryption,9, -+ &(lvalues[55]),0}, -+{"PBE-MD2-DES","pbeWithMD2AndDES-CBC",NID_pbeWithMD2AndDES_CBC,9, -+ &(lvalues[64]),0}, -+{"PBE-MD5-DES","pbeWithMD5AndDES-CBC",NID_pbeWithMD5AndDES_CBC,9, -+ &(lvalues[73]),0}, -+{"X500","directory services (X.500)",NID_X500,1,&(lvalues[82]),0}, -+{"X509","X509",NID_X509,2,&(lvalues[83]),0}, -+{"CN","commonName",NID_commonName,3,&(lvalues[85]),0}, -+{"C","countryName",NID_countryName,3,&(lvalues[88]),0}, -+{"L","localityName",NID_localityName,3,&(lvalues[91]),0}, -+{"ST","stateOrProvinceName",NID_stateOrProvinceName,3,&(lvalues[94]),0}, -+{"O","organizationName",NID_organizationName,3,&(lvalues[97]),0}, -+{"OU","organizationalUnitName",NID_organizationalUnitName,3, -+ &(lvalues[100]),0}, -+{"RSA","rsa",NID_rsa,4,&(lvalues[103]),0}, -+{"pkcs7","pkcs7",NID_pkcs7,8,&(lvalues[107]),0}, -+{"pkcs7-data","pkcs7-data",NID_pkcs7_data,9,&(lvalues[115]),0}, -+{"pkcs7-signedData","pkcs7-signedData",NID_pkcs7_signed,9, -+ &(lvalues[124]),0}, -+{"pkcs7-envelopedData","pkcs7-envelopedData",NID_pkcs7_enveloped,9, -+ &(lvalues[133]),0}, -+{"pkcs7-signedAndEnvelopedData","pkcs7-signedAndEnvelopedData", -+ NID_pkcs7_signedAndEnveloped,9,&(lvalues[142]),0}, -+{"pkcs7-digestData","pkcs7-digestData",NID_pkcs7_digest,9, -+ &(lvalues[151]),0}, -+{"pkcs7-encryptedData","pkcs7-encryptedData",NID_pkcs7_encrypted,9, -+ &(lvalues[160]),0}, -+{"pkcs3","pkcs3",NID_pkcs3,8,&(lvalues[169]),0}, -+{"dhKeyAgreement","dhKeyAgreement",NID_dhKeyAgreement,9, -+ &(lvalues[177]),0}, -+{"DES-ECB","des-ecb",NID_des_ecb,5,&(lvalues[186]),0}, -+{"DES-CFB","des-cfb",NID_des_cfb64,5,&(lvalues[191]),0}, -+{"DES-CBC","des-cbc",NID_des_cbc,5,&(lvalues[196]),0}, -+{"DES-EDE","des-ede",NID_des_ede_ecb,5,&(lvalues[201]),0}, -+{"DES-EDE3","des-ede3",NID_des_ede3_ecb,0,NULL,0}, -+{"IDEA-CBC","idea-cbc",NID_idea_cbc,11,&(lvalues[206]),0}, -+{"IDEA-CFB","idea-cfb",NID_idea_cfb64,0,NULL,0}, -+{"IDEA-ECB","idea-ecb",NID_idea_ecb,0,NULL,0}, -+{"RC2-CBC","rc2-cbc",NID_rc2_cbc,8,&(lvalues[217]),0}, -+{"RC2-ECB","rc2-ecb",NID_rc2_ecb,0,NULL,0}, -+{"RC2-CFB","rc2-cfb",NID_rc2_cfb64,0,NULL,0}, -+{"RC2-OFB","rc2-ofb",NID_rc2_ofb64,0,NULL,0}, -+{"SHA","sha",NID_sha,5,&(lvalues[225]),0}, -+{"RSA-SHA","shaWithRSAEncryption",NID_shaWithRSAEncryption,5, -+ &(lvalues[230]),0}, -+{"DES-EDE-CBC","des-ede-cbc",NID_des_ede_cbc,0,NULL,0}, -+{"DES-EDE3-CBC","des-ede3-cbc",NID_des_ede3_cbc,8,&(lvalues[235]),0}, -+{"DES-OFB","des-ofb",NID_des_ofb64,5,&(lvalues[243]),0}, -+{"IDEA-OFB","idea-ofb",NID_idea_ofb64,0,NULL,0}, -+{"pkcs9","pkcs9",NID_pkcs9,8,&(lvalues[248]),0}, -+{"emailAddress","emailAddress",NID_pkcs9_emailAddress,9, -+ &(lvalues[256]),0}, -+{"unstructuredName","unstructuredName",NID_pkcs9_unstructuredName,9, -+ &(lvalues[265]),0}, -+{"contentType","contentType",NID_pkcs9_contentType,9,&(lvalues[274]),0}, -+{"messageDigest","messageDigest",NID_pkcs9_messageDigest,9, -+ &(lvalues[283]),0}, -+{"signingTime","signingTime",NID_pkcs9_signingTime,9,&(lvalues[292]),0}, -+{"countersignature","countersignature",NID_pkcs9_countersignature,9, -+ &(lvalues[301]),0}, -+{"challengePassword","challengePassword",NID_pkcs9_challengePassword, -+ 9,&(lvalues[310]),0}, -+{"unstructuredAddress","unstructuredAddress", -+ NID_pkcs9_unstructuredAddress,9,&(lvalues[319]),0}, -+{"extendedCertificateAttributes","extendedCertificateAttributes", -+ NID_pkcs9_extCertAttributes,9,&(lvalues[328]),0}, -+{"Netscape","Netscape Communications Corp.",NID_netscape,7, -+ &(lvalues[337]),0}, -+{"nsCertExt","Netscape Certificate Extension", -+ NID_netscape_cert_extension,8,&(lvalues[344]),0}, -+{"nsDataType","Netscape Data Type",NID_netscape_data_type,8, -+ &(lvalues[352]),0}, -+{"DES-EDE-CFB","des-ede-cfb",NID_des_ede_cfb64,0,NULL,0}, -+{"DES-EDE3-CFB","des-ede3-cfb",NID_des_ede3_cfb64,0,NULL,0}, -+{"DES-EDE-OFB","des-ede-ofb",NID_des_ede_ofb64,0,NULL,0}, -+{"DES-EDE3-OFB","des-ede3-ofb",NID_des_ede3_ofb64,0,NULL,0}, -+{"SHA1","sha1",NID_sha1,5,&(lvalues[360]),0}, -+{"RSA-SHA1","sha1WithRSAEncryption",NID_sha1WithRSAEncryption,9, -+ &(lvalues[365]),0}, -+{"DSA-SHA","dsaWithSHA",NID_dsaWithSHA,5,&(lvalues[374]),0}, -+{"DSA-old","dsaEncryption-old",NID_dsa_2,5,&(lvalues[379]),0}, -+{"PBE-SHA1-RC2-64","pbeWithSHA1AndRC2-CBC",NID_pbeWithSHA1AndRC2_CBC, -+ 9,&(lvalues[384]),0}, -+{"PBKDF2","PBKDF2",NID_id_pbkdf2,9,&(lvalues[393]),0}, -+{"DSA-SHA1-old","dsaWithSHA1-old",NID_dsaWithSHA1_2,5,&(lvalues[402]),0}, -+{"nsCertType","Netscape Cert Type",NID_netscape_cert_type,9, -+ &(lvalues[407]),0}, -+{"nsBaseUrl","Netscape Base Url",NID_netscape_base_url,9, -+ &(lvalues[416]),0}, -+{"nsRevocationUrl","Netscape Revocation Url", -+ NID_netscape_revocation_url,9,&(lvalues[425]),0}, -+{"nsCaRevocationUrl","Netscape CA Revocation Url", -+ NID_netscape_ca_revocation_url,9,&(lvalues[434]),0}, -+{"nsRenewalUrl","Netscape Renewal Url",NID_netscape_renewal_url,9, -+ &(lvalues[443]),0}, -+{"nsCaPolicyUrl","Netscape CA Policy Url",NID_netscape_ca_policy_url, -+ 9,&(lvalues[452]),0}, -+{"nsSslServerName","Netscape SSL Server Name", -+ NID_netscape_ssl_server_name,9,&(lvalues[461]),0}, -+{"nsComment","Netscape Comment",NID_netscape_comment,9,&(lvalues[470]),0}, -+{"nsCertSequence","Netscape Certificate Sequence", -+ NID_netscape_cert_sequence,9,&(lvalues[479]),0}, -+{"DESX-CBC","desx-cbc",NID_desx_cbc,0,NULL,0}, -+{"id-ce","id-ce",NID_id_ce,2,&(lvalues[488]),0}, -+{"subjectKeyIdentifier","X509v3 Subject Key Identifier", -+ NID_subject_key_identifier,3,&(lvalues[490]),0}, -+{"keyUsage","X509v3 Key Usage",NID_key_usage,3,&(lvalues[493]),0}, -+{"privateKeyUsagePeriod","X509v3 Private Key Usage Period", -+ NID_private_key_usage_period,3,&(lvalues[496]),0}, -+{"subjectAltName","X509v3 Subject Alternative Name", -+ NID_subject_alt_name,3,&(lvalues[499]),0}, -+{"issuerAltName","X509v3 Issuer Alternative Name",NID_issuer_alt_name, -+ 3,&(lvalues[502]),0}, -+{"basicConstraints","X509v3 Basic Constraints",NID_basic_constraints, -+ 3,&(lvalues[505]),0}, -+{"crlNumber","X509v3 CRL Number",NID_crl_number,3,&(lvalues[508]),0}, -+{"certificatePolicies","X509v3 Certificate Policies", -+ NID_certificate_policies,3,&(lvalues[511]),0}, -+{"authorityKeyIdentifier","X509v3 Authority Key Identifier", -+ NID_authority_key_identifier,3,&(lvalues[514]),0}, -+{"BF-CBC","bf-cbc",NID_bf_cbc,9,&(lvalues[517]),0}, -+{"BF-ECB","bf-ecb",NID_bf_ecb,0,NULL,0}, -+{"BF-CFB","bf-cfb",NID_bf_cfb64,0,NULL,0}, -+{"BF-OFB","bf-ofb",NID_bf_ofb64,0,NULL,0}, -+{"MDC2","mdc2",NID_mdc2,4,&(lvalues[526]),0}, -+{"RSA-MDC2","mdc2WithRSA",NID_mdc2WithRSA,4,&(lvalues[530]),0}, -+{"RC4-40","rc4-40",NID_rc4_40,0,NULL,0}, -+{"RC2-40-CBC","rc2-40-cbc",NID_rc2_40_cbc,0,NULL,0}, -+{"GN","givenName",NID_givenName,3,&(lvalues[534]),0}, -+{"SN","surname",NID_surname,3,&(lvalues[537]),0}, -+{"initials","initials",NID_initials,3,&(lvalues[540]),0}, -+{NULL,NULL,NID_undef,0,NULL,0}, -+{"crlDistributionPoints","X509v3 CRL Distribution Points", -+ NID_crl_distribution_points,3,&(lvalues[543]),0}, -+{"RSA-NP-MD5","md5WithRSA",NID_md5WithRSA,5,&(lvalues[546]),0}, -+{"serialNumber","serialNumber",NID_serialNumber,3,&(lvalues[551]),0}, -+{"title","title",NID_title,3,&(lvalues[554]),0}, -+{"description","description",NID_description,3,&(lvalues[557]),0}, -+{"CAST5-CBC","cast5-cbc",NID_cast5_cbc,9,&(lvalues[560]),0}, -+{"CAST5-ECB","cast5-ecb",NID_cast5_ecb,0,NULL,0}, -+{"CAST5-CFB","cast5-cfb",NID_cast5_cfb64,0,NULL,0}, -+{"CAST5-OFB","cast5-ofb",NID_cast5_ofb64,0,NULL,0}, -+{"pbeWithMD5AndCast5CBC","pbeWithMD5AndCast5CBC", -+ NID_pbeWithMD5AndCast5_CBC,9,&(lvalues[569]),0}, -+{"DSA-SHA1","dsaWithSHA1",NID_dsaWithSHA1,7,&(lvalues[578]),0}, -+{"MD5-SHA1","md5-sha1",NID_md5_sha1,0,NULL,0}, -+{"RSA-SHA1-2","sha1WithRSA",NID_sha1WithRSA,5,&(lvalues[585]),0}, -+{"DSA","dsaEncryption",NID_dsa,7,&(lvalues[590]),0}, -+{"RIPEMD160","ripemd160",NID_ripemd160,5,&(lvalues[597]),0}, -+{NULL,NULL,NID_undef,0,NULL,0}, -+{"RSA-RIPEMD160","ripemd160WithRSA",NID_ripemd160WithRSA,6, -+ &(lvalues[602]),0}, -+{"RC5-CBC","rc5-cbc",NID_rc5_cbc,8,&(lvalues[608]),0}, -+{"RC5-ECB","rc5-ecb",NID_rc5_ecb,0,NULL,0}, -+{"RC5-CFB","rc5-cfb",NID_rc5_cfb64,0,NULL,0}, -+{"RC5-OFB","rc5-ofb",NID_rc5_ofb64,0,NULL,0}, -+{"RLE","run length compression",NID_rle_compression,6,&(lvalues[616]),0}, -+{"ZLIB","zlib compression",NID_zlib_compression,11,&(lvalues[622]),0}, -+{"extendedKeyUsage","X509v3 Extended Key Usage",NID_ext_key_usage,3, -+ &(lvalues[633]),0}, -+{"PKIX","PKIX",NID_id_pkix,6,&(lvalues[636]),0}, -+{"id-kp","id-kp",NID_id_kp,7,&(lvalues[642]),0}, -+{"serverAuth","TLS Web Server Authentication",NID_server_auth,8, -+ &(lvalues[649]),0}, -+{"clientAuth","TLS Web Client Authentication",NID_client_auth,8, -+ &(lvalues[657]),0}, -+{"codeSigning","Code Signing",NID_code_sign,8,&(lvalues[665]),0}, -+{"emailProtection","E-mail Protection",NID_email_protect,8, -+ &(lvalues[673]),0}, -+{"timeStamping","Time Stamping",NID_time_stamp,8,&(lvalues[681]),0}, -+{"msCodeInd","Microsoft Individual Code Signing",NID_ms_code_ind,10, -+ &(lvalues[689]),0}, -+{"msCodeCom","Microsoft Commercial Code Signing",NID_ms_code_com,10, -+ &(lvalues[699]),0}, -+{"msCTLSign","Microsoft Trust List Signing",NID_ms_ctl_sign,10, -+ &(lvalues[709]),0}, -+{"msSGC","Microsoft Server Gated Crypto",NID_ms_sgc,10,&(lvalues[719]),0}, -+{"msEFS","Microsoft Encrypted File System",NID_ms_efs,10, -+ &(lvalues[729]),0}, -+{"nsSGC","Netscape Server Gated Crypto",NID_ns_sgc,9,&(lvalues[739]),0}, -+{"deltaCRL","X509v3 Delta CRL Indicator",NID_delta_crl,3, -+ &(lvalues[748]),0}, -+{"CRLReason","X509v3 CRL Reason Code",NID_crl_reason,3,&(lvalues[751]),0}, -+{"invalidityDate","Invalidity Date",NID_invalidity_date,3, -+ &(lvalues[754]),0}, -+{"SXNetID","Strong Extranet ID",NID_sxnet,5,&(lvalues[757]),0}, -+{"PBE-SHA1-RC4-128","pbeWithSHA1And128BitRC4", -+ NID_pbe_WithSHA1And128BitRC4,10,&(lvalues[762]),0}, -+{"PBE-SHA1-RC4-40","pbeWithSHA1And40BitRC4", -+ NID_pbe_WithSHA1And40BitRC4,10,&(lvalues[772]),0}, -+{"PBE-SHA1-3DES","pbeWithSHA1And3-KeyTripleDES-CBC", -+ NID_pbe_WithSHA1And3_Key_TripleDES_CBC,10,&(lvalues[782]),0}, -+{"PBE-SHA1-2DES","pbeWithSHA1And2-KeyTripleDES-CBC", -+ NID_pbe_WithSHA1And2_Key_TripleDES_CBC,10,&(lvalues[792]),0}, -+{"PBE-SHA1-RC2-128","pbeWithSHA1And128BitRC2-CBC", -+ NID_pbe_WithSHA1And128BitRC2_CBC,10,&(lvalues[802]),0}, -+{"PBE-SHA1-RC2-40","pbeWithSHA1And40BitRC2-CBC", -+ NID_pbe_WithSHA1And40BitRC2_CBC,10,&(lvalues[812]),0}, -+{"keyBag","keyBag",NID_keyBag,11,&(lvalues[822]),0}, -+{"pkcs8ShroudedKeyBag","pkcs8ShroudedKeyBag",NID_pkcs8ShroudedKeyBag, -+ 11,&(lvalues[833]),0}, -+{"certBag","certBag",NID_certBag,11,&(lvalues[844]),0}, -+{"crlBag","crlBag",NID_crlBag,11,&(lvalues[855]),0}, -+{"secretBag","secretBag",NID_secretBag,11,&(lvalues[866]),0}, -+{"safeContentsBag","safeContentsBag",NID_safeContentsBag,11, -+ &(lvalues[877]),0}, -+{"friendlyName","friendlyName",NID_friendlyName,9,&(lvalues[888]),0}, -+{"localKeyID","localKeyID",NID_localKeyID,9,&(lvalues[897]),0}, -+{"x509Certificate","x509Certificate",NID_x509Certificate,10, -+ &(lvalues[906]),0}, -+{"sdsiCertificate","sdsiCertificate",NID_sdsiCertificate,10, -+ &(lvalues[916]),0}, -+{"x509Crl","x509Crl",NID_x509Crl,10,&(lvalues[926]),0}, -+{"PBES2","PBES2",NID_pbes2,9,&(lvalues[936]),0}, -+{"PBMAC1","PBMAC1",NID_pbmac1,9,&(lvalues[945]),0}, -+{"hmacWithSHA1","hmacWithSHA1",NID_hmacWithSHA1,8,&(lvalues[954]),0}, -+{"id-qt-cps","Policy Qualifier CPS",NID_id_qt_cps,8,&(lvalues[962]),0}, -+{"id-qt-unotice","Policy Qualifier User Notice",NID_id_qt_unotice,8, -+ &(lvalues[970]),0}, -+{"RC2-64-CBC","rc2-64-cbc",NID_rc2_64_cbc,0,NULL,0}, -+{"SMIME-CAPS","S/MIME Capabilities",NID_SMIMECapabilities,9, -+ &(lvalues[978]),0}, -+{"PBE-MD2-RC2-64","pbeWithMD2AndRC2-CBC",NID_pbeWithMD2AndRC2_CBC,9, -+ &(lvalues[987]),0}, -+{"PBE-MD5-RC2-64","pbeWithMD5AndRC2-CBC",NID_pbeWithMD5AndRC2_CBC,9, -+ &(lvalues[996]),0}, -+{"PBE-SHA1-DES","pbeWithSHA1AndDES-CBC",NID_pbeWithSHA1AndDES_CBC,9, -+ &(lvalues[1005]),0}, -+{"msExtReq","Microsoft Extension Request",NID_ms_ext_req,10, -+ &(lvalues[1014]),0}, -+{"extReq","Extension Request",NID_ext_req,9,&(lvalues[1024]),0}, -+{"name","name",NID_name,3,&(lvalues[1033]),0}, -+{"dnQualifier","dnQualifier",NID_dnQualifier,3,&(lvalues[1036]),0}, -+{"id-pe","id-pe",NID_id_pe,7,&(lvalues[1039]),0}, -+{"id-ad","id-ad",NID_id_ad,7,&(lvalues[1046]),0}, -+{"authorityInfoAccess","Authority Information Access",NID_info_access, -+ 8,&(lvalues[1053]),0}, -+{"OCSP","OCSP",NID_ad_OCSP,8,&(lvalues[1061]),0}, -+{"caIssuers","CA Issuers",NID_ad_ca_issuers,8,&(lvalues[1069]),0}, -+{"OCSPSigning","OCSP Signing",NID_OCSP_sign,8,&(lvalues[1077]),0}, -+{"ISO","iso",NID_iso,0,NULL,0}, -+{"member-body","ISO Member Body",NID_member_body,1,&(lvalues[1085]),0}, -+{"ISO-US","ISO US Member Body",NID_ISO_US,3,&(lvalues[1086]),0}, -+{"X9-57","X9.57",NID_X9_57,5,&(lvalues[1089]),0}, -+{"X9cm","X9.57 CM ?",NID_X9cm,6,&(lvalues[1094]),0}, -+{"pkcs1","pkcs1",NID_pkcs1,8,&(lvalues[1100]),0}, -+{"pkcs5","pkcs5",NID_pkcs5,8,&(lvalues[1108]),0}, -+{"SMIME","S/MIME",NID_SMIME,9,&(lvalues[1116]),0}, -+{"id-smime-mod","id-smime-mod",NID_id_smime_mod,10,&(lvalues[1125]),0}, -+{"id-smime-ct","id-smime-ct",NID_id_smime_ct,10,&(lvalues[1135]),0}, -+{"id-smime-aa","id-smime-aa",NID_id_smime_aa,10,&(lvalues[1145]),0}, -+{"id-smime-alg","id-smime-alg",NID_id_smime_alg,10,&(lvalues[1155]),0}, -+{"id-smime-cd","id-smime-cd",NID_id_smime_cd,10,&(lvalues[1165]),0}, -+{"id-smime-spq","id-smime-spq",NID_id_smime_spq,10,&(lvalues[1175]),0}, -+{"id-smime-cti","id-smime-cti",NID_id_smime_cti,10,&(lvalues[1185]),0}, -+{"id-smime-mod-cms","id-smime-mod-cms",NID_id_smime_mod_cms,11, -+ &(lvalues[1195]),0}, -+{"id-smime-mod-ess","id-smime-mod-ess",NID_id_smime_mod_ess,11, -+ &(lvalues[1206]),0}, -+{"id-smime-mod-oid","id-smime-mod-oid",NID_id_smime_mod_oid,11, -+ &(lvalues[1217]),0}, -+{"id-smime-mod-msg-v3","id-smime-mod-msg-v3",NID_id_smime_mod_msg_v3, -+ 11,&(lvalues[1228]),0}, -+{"id-smime-mod-ets-eSignature-88","id-smime-mod-ets-eSignature-88", -+ NID_id_smime_mod_ets_eSignature_88,11,&(lvalues[1239]),0}, -+{"id-smime-mod-ets-eSignature-97","id-smime-mod-ets-eSignature-97", -+ NID_id_smime_mod_ets_eSignature_97,11,&(lvalues[1250]),0}, -+{"id-smime-mod-ets-eSigPolicy-88","id-smime-mod-ets-eSigPolicy-88", -+ NID_id_smime_mod_ets_eSigPolicy_88,11,&(lvalues[1261]),0}, -+{"id-smime-mod-ets-eSigPolicy-97","id-smime-mod-ets-eSigPolicy-97", -+ NID_id_smime_mod_ets_eSigPolicy_97,11,&(lvalues[1272]),0}, -+{"id-smime-ct-receipt","id-smime-ct-receipt",NID_id_smime_ct_receipt, -+ 11,&(lvalues[1283]),0}, -+{"id-smime-ct-authData","id-smime-ct-authData", -+ NID_id_smime_ct_authData,11,&(lvalues[1294]),0}, -+{"id-smime-ct-publishCert","id-smime-ct-publishCert", -+ NID_id_smime_ct_publishCert,11,&(lvalues[1305]),0}, -+{"id-smime-ct-TSTInfo","id-smime-ct-TSTInfo",NID_id_smime_ct_TSTInfo, -+ 11,&(lvalues[1316]),0}, -+{"id-smime-ct-TDTInfo","id-smime-ct-TDTInfo",NID_id_smime_ct_TDTInfo, -+ 11,&(lvalues[1327]),0}, -+{"id-smime-ct-contentInfo","id-smime-ct-contentInfo", -+ NID_id_smime_ct_contentInfo,11,&(lvalues[1338]),0}, -+{"id-smime-ct-DVCSRequestData","id-smime-ct-DVCSRequestData", -+ NID_id_smime_ct_DVCSRequestData,11,&(lvalues[1349]),0}, -+{"id-smime-ct-DVCSResponseData","id-smime-ct-DVCSResponseData", -+ NID_id_smime_ct_DVCSResponseData,11,&(lvalues[1360]),0}, -+{"id-smime-aa-receiptRequest","id-smime-aa-receiptRequest", -+ NID_id_smime_aa_receiptRequest,11,&(lvalues[1371]),0}, -+{"id-smime-aa-securityLabel","id-smime-aa-securityLabel", -+ NID_id_smime_aa_securityLabel,11,&(lvalues[1382]),0}, -+{"id-smime-aa-mlExpandHistory","id-smime-aa-mlExpandHistory", -+ NID_id_smime_aa_mlExpandHistory,11,&(lvalues[1393]),0}, -+{"id-smime-aa-contentHint","id-smime-aa-contentHint", -+ NID_id_smime_aa_contentHint,11,&(lvalues[1404]),0}, -+{"id-smime-aa-msgSigDigest","id-smime-aa-msgSigDigest", -+ NID_id_smime_aa_msgSigDigest,11,&(lvalues[1415]),0}, -+{"id-smime-aa-encapContentType","id-smime-aa-encapContentType", -+ NID_id_smime_aa_encapContentType,11,&(lvalues[1426]),0}, -+{"id-smime-aa-contentIdentifier","id-smime-aa-contentIdentifier", -+ NID_id_smime_aa_contentIdentifier,11,&(lvalues[1437]),0}, -+{"id-smime-aa-macValue","id-smime-aa-macValue", -+ NID_id_smime_aa_macValue,11,&(lvalues[1448]),0}, -+{"id-smime-aa-equivalentLabels","id-smime-aa-equivalentLabels", -+ NID_id_smime_aa_equivalentLabels,11,&(lvalues[1459]),0}, -+{"id-smime-aa-contentReference","id-smime-aa-contentReference", -+ NID_id_smime_aa_contentReference,11,&(lvalues[1470]),0}, -+{"id-smime-aa-encrypKeyPref","id-smime-aa-encrypKeyPref", -+ NID_id_smime_aa_encrypKeyPref,11,&(lvalues[1481]),0}, -+{"id-smime-aa-signingCertificate","id-smime-aa-signingCertificate", -+ NID_id_smime_aa_signingCertificate,11,&(lvalues[1492]),0}, -+{"id-smime-aa-smimeEncryptCerts","id-smime-aa-smimeEncryptCerts", -+ NID_id_smime_aa_smimeEncryptCerts,11,&(lvalues[1503]),0}, -+{"id-smime-aa-timeStampToken","id-smime-aa-timeStampToken", -+ NID_id_smime_aa_timeStampToken,11,&(lvalues[1514]),0}, -+{"id-smime-aa-ets-sigPolicyId","id-smime-aa-ets-sigPolicyId", -+ NID_id_smime_aa_ets_sigPolicyId,11,&(lvalues[1525]),0}, -+{"id-smime-aa-ets-commitmentType","id-smime-aa-ets-commitmentType", -+ NID_id_smime_aa_ets_commitmentType,11,&(lvalues[1536]),0}, -+{"id-smime-aa-ets-signerLocation","id-smime-aa-ets-signerLocation", -+ NID_id_smime_aa_ets_signerLocation,11,&(lvalues[1547]),0}, -+{"id-smime-aa-ets-signerAttr","id-smime-aa-ets-signerAttr", -+ NID_id_smime_aa_ets_signerAttr,11,&(lvalues[1558]),0}, -+{"id-smime-aa-ets-otherSigCert","id-smime-aa-ets-otherSigCert", -+ NID_id_smime_aa_ets_otherSigCert,11,&(lvalues[1569]),0}, -+{"id-smime-aa-ets-contentTimestamp", -+ "id-smime-aa-ets-contentTimestamp", -+ NID_id_smime_aa_ets_contentTimestamp,11,&(lvalues[1580]),0}, -+{"id-smime-aa-ets-CertificateRefs","id-smime-aa-ets-CertificateRefs", -+ NID_id_smime_aa_ets_CertificateRefs,11,&(lvalues[1591]),0}, -+{"id-smime-aa-ets-RevocationRefs","id-smime-aa-ets-RevocationRefs", -+ NID_id_smime_aa_ets_RevocationRefs,11,&(lvalues[1602]),0}, -+{"id-smime-aa-ets-certValues","id-smime-aa-ets-certValues", -+ NID_id_smime_aa_ets_certValues,11,&(lvalues[1613]),0}, -+{"id-smime-aa-ets-revocationValues", -+ "id-smime-aa-ets-revocationValues", -+ NID_id_smime_aa_ets_revocationValues,11,&(lvalues[1624]),0}, -+{"id-smime-aa-ets-escTimeStamp","id-smime-aa-ets-escTimeStamp", -+ NID_id_smime_aa_ets_escTimeStamp,11,&(lvalues[1635]),0}, -+{"id-smime-aa-ets-certCRLTimestamp", -+ "id-smime-aa-ets-certCRLTimestamp", -+ NID_id_smime_aa_ets_certCRLTimestamp,11,&(lvalues[1646]),0}, -+{"id-smime-aa-ets-archiveTimeStamp", -+ "id-smime-aa-ets-archiveTimeStamp", -+ NID_id_smime_aa_ets_archiveTimeStamp,11,&(lvalues[1657]),0}, -+{"id-smime-aa-signatureType","id-smime-aa-signatureType", -+ NID_id_smime_aa_signatureType,11,&(lvalues[1668]),0}, -+{"id-smime-aa-dvcs-dvc","id-smime-aa-dvcs-dvc", -+ NID_id_smime_aa_dvcs_dvc,11,&(lvalues[1679]),0}, -+{"id-smime-alg-ESDHwith3DES","id-smime-alg-ESDHwith3DES", -+ NID_id_smime_alg_ESDHwith3DES,11,&(lvalues[1690]),0}, -+{"id-smime-alg-ESDHwithRC2","id-smime-alg-ESDHwithRC2", -+ NID_id_smime_alg_ESDHwithRC2,11,&(lvalues[1701]),0}, -+{"id-smime-alg-3DESwrap","id-smime-alg-3DESwrap", -+ NID_id_smime_alg_3DESwrap,11,&(lvalues[1712]),0}, -+{"id-smime-alg-RC2wrap","id-smime-alg-RC2wrap", -+ NID_id_smime_alg_RC2wrap,11,&(lvalues[1723]),0}, -+{"id-smime-alg-ESDH","id-smime-alg-ESDH",NID_id_smime_alg_ESDH,11, -+ &(lvalues[1734]),0}, -+{"id-smime-alg-CMS3DESwrap","id-smime-alg-CMS3DESwrap", -+ NID_id_smime_alg_CMS3DESwrap,11,&(lvalues[1745]),0}, -+{"id-smime-alg-CMSRC2wrap","id-smime-alg-CMSRC2wrap", -+ NID_id_smime_alg_CMSRC2wrap,11,&(lvalues[1756]),0}, -+{"id-smime-cd-ldap","id-smime-cd-ldap",NID_id_smime_cd_ldap,11, -+ &(lvalues[1767]),0}, -+{"id-smime-spq-ets-sqt-uri","id-smime-spq-ets-sqt-uri", -+ NID_id_smime_spq_ets_sqt_uri,11,&(lvalues[1778]),0}, -+{"id-smime-spq-ets-sqt-unotice","id-smime-spq-ets-sqt-unotice", -+ NID_id_smime_spq_ets_sqt_unotice,11,&(lvalues[1789]),0}, -+{"id-smime-cti-ets-proofOfOrigin","id-smime-cti-ets-proofOfOrigin", -+ NID_id_smime_cti_ets_proofOfOrigin,11,&(lvalues[1800]),0}, -+{"id-smime-cti-ets-proofOfReceipt","id-smime-cti-ets-proofOfReceipt", -+ NID_id_smime_cti_ets_proofOfReceipt,11,&(lvalues[1811]),0}, -+{"id-smime-cti-ets-proofOfDelivery", -+ "id-smime-cti-ets-proofOfDelivery", -+ NID_id_smime_cti_ets_proofOfDelivery,11,&(lvalues[1822]),0}, -+{"id-smime-cti-ets-proofOfSender","id-smime-cti-ets-proofOfSender", -+ NID_id_smime_cti_ets_proofOfSender,11,&(lvalues[1833]),0}, -+{"id-smime-cti-ets-proofOfApproval", -+ "id-smime-cti-ets-proofOfApproval", -+ NID_id_smime_cti_ets_proofOfApproval,11,&(lvalues[1844]),0}, -+{"id-smime-cti-ets-proofOfCreation", -+ "id-smime-cti-ets-proofOfCreation", -+ NID_id_smime_cti_ets_proofOfCreation,11,&(lvalues[1855]),0}, -+{"MD4","md4",NID_md4,8,&(lvalues[1866]),0}, -+{"id-pkix-mod","id-pkix-mod",NID_id_pkix_mod,7,&(lvalues[1874]),0}, -+{"id-qt","id-qt",NID_id_qt,7,&(lvalues[1881]),0}, -+{"id-it","id-it",NID_id_it,7,&(lvalues[1888]),0}, -+{"id-pkip","id-pkip",NID_id_pkip,7,&(lvalues[1895]),0}, -+{"id-alg","id-alg",NID_id_alg,7,&(lvalues[1902]),0}, -+{"id-cmc","id-cmc",NID_id_cmc,7,&(lvalues[1909]),0}, -+{"id-on","id-on",NID_id_on,7,&(lvalues[1916]),0}, -+{"id-pda","id-pda",NID_id_pda,7,&(lvalues[1923]),0}, -+{"id-aca","id-aca",NID_id_aca,7,&(lvalues[1930]),0}, -+{"id-qcs","id-qcs",NID_id_qcs,7,&(lvalues[1937]),0}, -+{"id-cct","id-cct",NID_id_cct,7,&(lvalues[1944]),0}, -+{"id-pkix1-explicit-88","id-pkix1-explicit-88", -+ NID_id_pkix1_explicit_88,8,&(lvalues[1951]),0}, -+{"id-pkix1-implicit-88","id-pkix1-implicit-88", -+ NID_id_pkix1_implicit_88,8,&(lvalues[1959]),0}, -+{"id-pkix1-explicit-93","id-pkix1-explicit-93", -+ NID_id_pkix1_explicit_93,8,&(lvalues[1967]),0}, -+{"id-pkix1-implicit-93","id-pkix1-implicit-93", -+ NID_id_pkix1_implicit_93,8,&(lvalues[1975]),0}, -+{"id-mod-crmf","id-mod-crmf",NID_id_mod_crmf,8,&(lvalues[1983]),0}, -+{"id-mod-cmc","id-mod-cmc",NID_id_mod_cmc,8,&(lvalues[1991]),0}, -+{"id-mod-kea-profile-88","id-mod-kea-profile-88", -+ NID_id_mod_kea_profile_88,8,&(lvalues[1999]),0}, -+{"id-mod-kea-profile-93","id-mod-kea-profile-93", -+ NID_id_mod_kea_profile_93,8,&(lvalues[2007]),0}, -+{"id-mod-cmp","id-mod-cmp",NID_id_mod_cmp,8,&(lvalues[2015]),0}, -+{"id-mod-qualified-cert-88","id-mod-qualified-cert-88", -+ NID_id_mod_qualified_cert_88,8,&(lvalues[2023]),0}, -+{"id-mod-qualified-cert-93","id-mod-qualified-cert-93", -+ NID_id_mod_qualified_cert_93,8,&(lvalues[2031]),0}, -+{"id-mod-attribute-cert","id-mod-attribute-cert", -+ NID_id_mod_attribute_cert,8,&(lvalues[2039]),0}, -+{"id-mod-timestamp-protocol","id-mod-timestamp-protocol", -+ NID_id_mod_timestamp_protocol,8,&(lvalues[2047]),0}, -+{"id-mod-ocsp","id-mod-ocsp",NID_id_mod_ocsp,8,&(lvalues[2055]),0}, -+{"id-mod-dvcs","id-mod-dvcs",NID_id_mod_dvcs,8,&(lvalues[2063]),0}, -+{"id-mod-cmp2000","id-mod-cmp2000",NID_id_mod_cmp2000,8, -+ &(lvalues[2071]),0}, -+{"biometricInfo","Biometric Info",NID_biometricInfo,8,&(lvalues[2079]),0}, -+{"qcStatements","qcStatements",NID_qcStatements,8,&(lvalues[2087]),0}, -+{"ac-auditEntity","ac-auditEntity",NID_ac_auditEntity,8, -+ &(lvalues[2095]),0}, -+{"ac-targeting","ac-targeting",NID_ac_targeting,8,&(lvalues[2103]),0}, -+{"aaControls","aaControls",NID_aaControls,8,&(lvalues[2111]),0}, -+{"sbgp-ipAddrBlock","sbgp-ipAddrBlock",NID_sbgp_ipAddrBlock,8, -+ &(lvalues[2119]),0}, -+{"sbgp-autonomousSysNum","sbgp-autonomousSysNum", -+ NID_sbgp_autonomousSysNum,8,&(lvalues[2127]),0}, -+{"sbgp-routerIdentifier","sbgp-routerIdentifier", -+ NID_sbgp_routerIdentifier,8,&(lvalues[2135]),0}, -+{"textNotice","textNotice",NID_textNotice,8,&(lvalues[2143]),0}, -+{"ipsecEndSystem","IPSec End System",NID_ipsecEndSystem,8, -+ &(lvalues[2151]),0}, -+{"ipsecTunnel","IPSec Tunnel",NID_ipsecTunnel,8,&(lvalues[2159]),0}, -+{"ipsecUser","IPSec User",NID_ipsecUser,8,&(lvalues[2167]),0}, -+{"DVCS","dvcs",NID_dvcs,8,&(lvalues[2175]),0}, -+{"id-it-caProtEncCert","id-it-caProtEncCert",NID_id_it_caProtEncCert, -+ 8,&(lvalues[2183]),0}, -+{"id-it-signKeyPairTypes","id-it-signKeyPairTypes", -+ NID_id_it_signKeyPairTypes,8,&(lvalues[2191]),0}, -+{"id-it-encKeyPairTypes","id-it-encKeyPairTypes", -+ NID_id_it_encKeyPairTypes,8,&(lvalues[2199]),0}, -+{"id-it-preferredSymmAlg","id-it-preferredSymmAlg", -+ NID_id_it_preferredSymmAlg,8,&(lvalues[2207]),0}, -+{"id-it-caKeyUpdateInfo","id-it-caKeyUpdateInfo", -+ NID_id_it_caKeyUpdateInfo,8,&(lvalues[2215]),0}, -+{"id-it-currentCRL","id-it-currentCRL",NID_id_it_currentCRL,8, -+ &(lvalues[2223]),0}, -+{"id-it-unsupportedOIDs","id-it-unsupportedOIDs", -+ NID_id_it_unsupportedOIDs,8,&(lvalues[2231]),0}, -+{"id-it-subscriptionRequest","id-it-subscriptionRequest", -+ NID_id_it_subscriptionRequest,8,&(lvalues[2239]),0}, -+{"id-it-subscriptionResponse","id-it-subscriptionResponse", -+ NID_id_it_subscriptionResponse,8,&(lvalues[2247]),0}, -+{"id-it-keyPairParamReq","id-it-keyPairParamReq", -+ NID_id_it_keyPairParamReq,8,&(lvalues[2255]),0}, -+{"id-it-keyPairParamRep","id-it-keyPairParamRep", -+ NID_id_it_keyPairParamRep,8,&(lvalues[2263]),0}, -+{"id-it-revPassphrase","id-it-revPassphrase",NID_id_it_revPassphrase, -+ 8,&(lvalues[2271]),0}, -+{"id-it-implicitConfirm","id-it-implicitConfirm", -+ NID_id_it_implicitConfirm,8,&(lvalues[2279]),0}, -+{"id-it-confirmWaitTime","id-it-confirmWaitTime", -+ NID_id_it_confirmWaitTime,8,&(lvalues[2287]),0}, -+{"id-it-origPKIMessage","id-it-origPKIMessage", -+ NID_id_it_origPKIMessage,8,&(lvalues[2295]),0}, -+{"id-regCtrl","id-regCtrl",NID_id_regCtrl,8,&(lvalues[2303]),0}, -+{"id-regInfo","id-regInfo",NID_id_regInfo,8,&(lvalues[2311]),0}, -+{"id-regCtrl-regToken","id-regCtrl-regToken",NID_id_regCtrl_regToken, -+ 9,&(lvalues[2319]),0}, -+{"id-regCtrl-authenticator","id-regCtrl-authenticator", -+ NID_id_regCtrl_authenticator,9,&(lvalues[2328]),0}, -+{"id-regCtrl-pkiPublicationInfo","id-regCtrl-pkiPublicationInfo", -+ NID_id_regCtrl_pkiPublicationInfo,9,&(lvalues[2337]),0}, -+{"id-regCtrl-pkiArchiveOptions","id-regCtrl-pkiArchiveOptions", -+ NID_id_regCtrl_pkiArchiveOptions,9,&(lvalues[2346]),0}, -+{"id-regCtrl-oldCertID","id-regCtrl-oldCertID", -+ NID_id_regCtrl_oldCertID,9,&(lvalues[2355]),0}, -+{"id-regCtrl-protocolEncrKey","id-regCtrl-protocolEncrKey", -+ NID_id_regCtrl_protocolEncrKey,9,&(lvalues[2364]),0}, -+{"id-regInfo-utf8Pairs","id-regInfo-utf8Pairs", -+ NID_id_regInfo_utf8Pairs,9,&(lvalues[2373]),0}, -+{"id-regInfo-certReq","id-regInfo-certReq",NID_id_regInfo_certReq,9, -+ &(lvalues[2382]),0}, -+{"id-alg-des40","id-alg-des40",NID_id_alg_des40,8,&(lvalues[2391]),0}, -+{"id-alg-noSignature","id-alg-noSignature",NID_id_alg_noSignature,8, -+ &(lvalues[2399]),0}, -+{"id-alg-dh-sig-hmac-sha1","id-alg-dh-sig-hmac-sha1", -+ NID_id_alg_dh_sig_hmac_sha1,8,&(lvalues[2407]),0}, -+{"id-alg-dh-pop","id-alg-dh-pop",NID_id_alg_dh_pop,8,&(lvalues[2415]),0}, -+{"id-cmc-statusInfo","id-cmc-statusInfo",NID_id_cmc_statusInfo,8, -+ &(lvalues[2423]),0}, -+{"id-cmc-identification","id-cmc-identification", -+ NID_id_cmc_identification,8,&(lvalues[2431]),0}, -+{"id-cmc-identityProof","id-cmc-identityProof", -+ NID_id_cmc_identityProof,8,&(lvalues[2439]),0}, -+{"id-cmc-dataReturn","id-cmc-dataReturn",NID_id_cmc_dataReturn,8, -+ &(lvalues[2447]),0}, -+{"id-cmc-transactionId","id-cmc-transactionId", -+ NID_id_cmc_transactionId,8,&(lvalues[2455]),0}, -+{"id-cmc-senderNonce","id-cmc-senderNonce",NID_id_cmc_senderNonce,8, -+ &(lvalues[2463]),0}, -+{"id-cmc-recipientNonce","id-cmc-recipientNonce", -+ NID_id_cmc_recipientNonce,8,&(lvalues[2471]),0}, -+{"id-cmc-addExtensions","id-cmc-addExtensions", -+ NID_id_cmc_addExtensions,8,&(lvalues[2479]),0}, -+{"id-cmc-encryptedPOP","id-cmc-encryptedPOP",NID_id_cmc_encryptedPOP, -+ 8,&(lvalues[2487]),0}, -+{"id-cmc-decryptedPOP","id-cmc-decryptedPOP",NID_id_cmc_decryptedPOP, -+ 8,&(lvalues[2495]),0}, -+{"id-cmc-lraPOPWitness","id-cmc-lraPOPWitness", -+ NID_id_cmc_lraPOPWitness,8,&(lvalues[2503]),0}, -+{"id-cmc-getCert","id-cmc-getCert",NID_id_cmc_getCert,8, -+ &(lvalues[2511]),0}, -+{"id-cmc-getCRL","id-cmc-getCRL",NID_id_cmc_getCRL,8,&(lvalues[2519]),0}, -+{"id-cmc-revokeRequest","id-cmc-revokeRequest", -+ NID_id_cmc_revokeRequest,8,&(lvalues[2527]),0}, -+{"id-cmc-regInfo","id-cmc-regInfo",NID_id_cmc_regInfo,8, -+ &(lvalues[2535]),0}, -+{"id-cmc-responseInfo","id-cmc-responseInfo",NID_id_cmc_responseInfo, -+ 8,&(lvalues[2543]),0}, -+{"id-cmc-queryPending","id-cmc-queryPending",NID_id_cmc_queryPending, -+ 8,&(lvalues[2551]),0}, -+{"id-cmc-popLinkRandom","id-cmc-popLinkRandom", -+ NID_id_cmc_popLinkRandom,8,&(lvalues[2559]),0}, -+{"id-cmc-popLinkWitness","id-cmc-popLinkWitness", -+ NID_id_cmc_popLinkWitness,8,&(lvalues[2567]),0}, -+{"id-cmc-confirmCertAcceptance","id-cmc-confirmCertAcceptance", -+ NID_id_cmc_confirmCertAcceptance,8,&(lvalues[2575]),0}, -+{"id-on-personalData","id-on-personalData",NID_id_on_personalData,8, -+ &(lvalues[2583]),0}, -+{"id-pda-dateOfBirth","id-pda-dateOfBirth",NID_id_pda_dateOfBirth,8, -+ &(lvalues[2591]),0}, -+{"id-pda-placeOfBirth","id-pda-placeOfBirth",NID_id_pda_placeOfBirth, -+ 8,&(lvalues[2599]),0}, -+{NULL,NULL,NID_undef,0,NULL,0}, -+{"id-pda-gender","id-pda-gender",NID_id_pda_gender,8,&(lvalues[2607]),0}, -+{"id-pda-countryOfCitizenship","id-pda-countryOfCitizenship", -+ NID_id_pda_countryOfCitizenship,8,&(lvalues[2615]),0}, -+{"id-pda-countryOfResidence","id-pda-countryOfResidence", -+ NID_id_pda_countryOfResidence,8,&(lvalues[2623]),0}, -+{"id-aca-authenticationInfo","id-aca-authenticationInfo", -+ NID_id_aca_authenticationInfo,8,&(lvalues[2631]),0}, -+{"id-aca-accessIdentity","id-aca-accessIdentity", -+ NID_id_aca_accessIdentity,8,&(lvalues[2639]),0}, -+{"id-aca-chargingIdentity","id-aca-chargingIdentity", -+ NID_id_aca_chargingIdentity,8,&(lvalues[2647]),0}, -+{"id-aca-group","id-aca-group",NID_id_aca_group,8,&(lvalues[2655]),0}, -+{"id-aca-role","id-aca-role",NID_id_aca_role,8,&(lvalues[2663]),0}, -+{"id-qcs-pkixQCSyntax-v1","id-qcs-pkixQCSyntax-v1", -+ NID_id_qcs_pkixQCSyntax_v1,8,&(lvalues[2671]),0}, -+{"id-cct-crs","id-cct-crs",NID_id_cct_crs,8,&(lvalues[2679]),0}, -+{"id-cct-PKIData","id-cct-PKIData",NID_id_cct_PKIData,8, -+ &(lvalues[2687]),0}, -+{"id-cct-PKIResponse","id-cct-PKIResponse",NID_id_cct_PKIResponse,8, -+ &(lvalues[2695]),0}, -+{"ad_timestamping","AD Time Stamping",NID_ad_timeStamping,8, -+ &(lvalues[2703]),0}, -+{"AD_DVCS","ad dvcs",NID_ad_dvcs,8,&(lvalues[2711]),0}, -+{"basicOCSPResponse","Basic OCSP Response",NID_id_pkix_OCSP_basic,9, -+ &(lvalues[2719]),0}, -+{"Nonce","OCSP Nonce",NID_id_pkix_OCSP_Nonce,9,&(lvalues[2728]),0}, -+{"CrlID","OCSP CRL ID",NID_id_pkix_OCSP_CrlID,9,&(lvalues[2737]),0}, -+{"acceptableResponses","Acceptable OCSP Responses", -+ NID_id_pkix_OCSP_acceptableResponses,9,&(lvalues[2746]),0}, -+{"noCheck","OCSP No Check",NID_id_pkix_OCSP_noCheck,9,&(lvalues[2755]),0}, -+{"archiveCutoff","OCSP Archive Cutoff",NID_id_pkix_OCSP_archiveCutoff, -+ 9,&(lvalues[2764]),0}, -+{"serviceLocator","OCSP Service Locator", -+ NID_id_pkix_OCSP_serviceLocator,9,&(lvalues[2773]),0}, -+{"extendedStatus","Extended OCSP Status", -+ NID_id_pkix_OCSP_extendedStatus,9,&(lvalues[2782]),0}, -+{"valid","valid",NID_id_pkix_OCSP_valid,9,&(lvalues[2791]),0}, -+{"path","path",NID_id_pkix_OCSP_path,9,&(lvalues[2800]),0}, -+{"trustRoot","Trust Root",NID_id_pkix_OCSP_trustRoot,9, -+ &(lvalues[2809]),0}, -+{"algorithm","algorithm",NID_algorithm,4,&(lvalues[2818]),0}, -+{"rsaSignature","rsaSignature",NID_rsaSignature,5,&(lvalues[2822]),0}, -+{"X500algorithms","directory services - algorithms", -+ NID_X500algorithms,2,&(lvalues[2827]),0}, -+{"ORG","org",NID_org,1,&(lvalues[2829]),0}, -+{"DOD","dod",NID_dod,2,&(lvalues[2830]),0}, -+{"IANA","iana",NID_iana,3,&(lvalues[2832]),0}, -+{"directory","Directory",NID_Directory,4,&(lvalues[2835]),0}, -+{"mgmt","Management",NID_Management,4,&(lvalues[2839]),0}, -+{"experimental","Experimental",NID_Experimental,4,&(lvalues[2843]),0}, -+{"private","Private",NID_Private,4,&(lvalues[2847]),0}, -+{"security","Security",NID_Security,4,&(lvalues[2851]),0}, -+{"snmpv2","SNMPv2",NID_SNMPv2,4,&(lvalues[2855]),0}, -+{"Mail","Mail",NID_Mail,4,&(lvalues[2859]),0}, -+{"enterprises","Enterprises",NID_Enterprises,5,&(lvalues[2863]),0}, -+{"dcobject","dcObject",NID_dcObject,9,&(lvalues[2868]),0}, -+{"DC","domainComponent",NID_domainComponent,10,&(lvalues[2877]),0}, -+{"domain","Domain",NID_Domain,10,&(lvalues[2887]),0}, -+{"NULL","NULL",NID_joint_iso_ccitt,0,NULL,0}, -+{"selected-attribute-types","Selected Attribute Types", -+ NID_selected_attribute_types,3,&(lvalues[2897]),0}, -+{"clearance","clearance",NID_clearance,4,&(lvalues[2900]),0}, -+{"RSA-MD4","md4WithRSAEncryption",NID_md4WithRSAEncryption,9, -+ &(lvalues[2904]),0}, -+{"ac-proxying","ac-proxying",NID_ac_proxying,8,&(lvalues[2913]),0}, -+{"subjectInfoAccess","Subject Information Access",NID_sinfo_access,8, -+ &(lvalues[2921]),0}, -+{"id-aca-encAttrs","id-aca-encAttrs",NID_id_aca_encAttrs,8, -+ &(lvalues[2929]),0}, -+{"role","role",NID_role,3,&(lvalues[2937]),0}, -+{"policyConstraints","X509v3 Policy Constraints", -+ NID_policy_constraints,3,&(lvalues[2940]),0}, -+{"targetInformation","X509v3 AC Targeting",NID_target_information,3, -+ &(lvalues[2943]),0}, -+{"noRevAvail","X509v3 No Revocation Available",NID_no_rev_avail,3, -+ &(lvalues[2946]),0}, -+{"NULL","NULL",NID_ccitt,0,NULL,0}, -+{"ansi-X9-62","ANSI X9.62",NID_ansi_X9_62,5,&(lvalues[2949]),0}, -+{"prime-field","prime-field",NID_X9_62_prime_field,7,&(lvalues[2954]),0}, -+{"characteristic-two-field","characteristic-two-field", -+ NID_X9_62_characteristic_two_field,7,&(lvalues[2961]),0}, -+{"id-ecPublicKey","id-ecPublicKey",NID_X9_62_id_ecPublicKey,7, -+ &(lvalues[2968]),0}, -+{"prime192v1","prime192v1",NID_X9_62_prime192v1,8,&(lvalues[2975]),0}, -+{"prime192v2","prime192v2",NID_X9_62_prime192v2,8,&(lvalues[2983]),0}, -+{"prime192v3","prime192v3",NID_X9_62_prime192v3,8,&(lvalues[2991]),0}, -+{"prime239v1","prime239v1",NID_X9_62_prime239v1,8,&(lvalues[2999]),0}, -+{"prime239v2","prime239v2",NID_X9_62_prime239v2,8,&(lvalues[3007]),0}, -+{"prime239v3","prime239v3",NID_X9_62_prime239v3,8,&(lvalues[3015]),0}, -+{"prime256v1","prime256v1",NID_X9_62_prime256v1,8,&(lvalues[3023]),0}, -+{"ecdsa-with-SHA1","ecdsa-with-SHA1",NID_ecdsa_with_SHA1,7, -+ &(lvalues[3031]),0}, -+{"CSPName","Microsoft CSP Name",NID_ms_csp_name,9,&(lvalues[3038]),0}, -+{"AES-128-ECB","aes-128-ecb",NID_aes_128_ecb,9,&(lvalues[3047]),0}, -+{"AES-128-CBC","aes-128-cbc",NID_aes_128_cbc,9,&(lvalues[3056]),0}, -+{"AES-128-OFB","aes-128-ofb",NID_aes_128_ofb128,9,&(lvalues[3065]),0}, -+{"AES-128-CFB","aes-128-cfb",NID_aes_128_cfb128,9,&(lvalues[3074]),0}, -+{"AES-192-ECB","aes-192-ecb",NID_aes_192_ecb,9,&(lvalues[3083]),0}, -+{"AES-192-CBC","aes-192-cbc",NID_aes_192_cbc,9,&(lvalues[3092]),0}, -+{"AES-192-OFB","aes-192-ofb",NID_aes_192_ofb128,9,&(lvalues[3101]),0}, -+{"AES-192-CFB","aes-192-cfb",NID_aes_192_cfb128,9,&(lvalues[3110]),0}, -+{"AES-256-ECB","aes-256-ecb",NID_aes_256_ecb,9,&(lvalues[3119]),0}, -+{"AES-256-CBC","aes-256-cbc",NID_aes_256_cbc,9,&(lvalues[3128]),0}, -+{"AES-256-OFB","aes-256-ofb",NID_aes_256_ofb128,9,&(lvalues[3137]),0}, -+{"AES-256-CFB","aes-256-cfb",NID_aes_256_cfb128,9,&(lvalues[3146]),0}, -+{"holdInstructionCode","Hold Instruction Code", -+ NID_hold_instruction_code,3,&(lvalues[3155]),0}, -+{"holdInstructionNone","Hold Instruction None", -+ NID_hold_instruction_none,7,&(lvalues[3158]),0}, -+{"holdInstructionCallIssuer","Hold Instruction Call Issuer", -+ NID_hold_instruction_call_issuer,7,&(lvalues[3165]),0}, -+{"holdInstructionReject","Hold Instruction Reject", -+ NID_hold_instruction_reject,7,&(lvalues[3172]),0}, -+{"data","data",NID_data,1,&(lvalues[3179]),0}, -+{"pss","pss",NID_pss,3,&(lvalues[3180]),0}, -+{"ucl","ucl",NID_ucl,7,&(lvalues[3183]),0}, -+{"pilot","pilot",NID_pilot,8,&(lvalues[3190]),0}, -+{"pilotAttributeType","pilotAttributeType",NID_pilotAttributeType,9, -+ &(lvalues[3198]),0}, -+{"pilotAttributeSyntax","pilotAttributeSyntax", -+ NID_pilotAttributeSyntax,9,&(lvalues[3207]),0}, -+{"pilotObjectClass","pilotObjectClass",NID_pilotObjectClass,9, -+ &(lvalues[3216]),0}, -+{"pilotGroups","pilotGroups",NID_pilotGroups,9,&(lvalues[3225]),0}, -+{"iA5StringSyntax","iA5StringSyntax",NID_iA5StringSyntax,10, -+ &(lvalues[3234]),0}, -+{"caseIgnoreIA5StringSyntax","caseIgnoreIA5StringSyntax", -+ NID_caseIgnoreIA5StringSyntax,10,&(lvalues[3244]),0}, -+{"pilotObject","pilotObject",NID_pilotObject,10,&(lvalues[3254]),0}, -+{"pilotPerson","pilotPerson",NID_pilotPerson,10,&(lvalues[3264]),0}, -+{"account","account",NID_account,10,&(lvalues[3274]),0}, -+{"document","document",NID_document,10,&(lvalues[3284]),0}, -+{"room","room",NID_room,10,&(lvalues[3294]),0}, -+{"documentSeries","documentSeries",NID_documentSeries,10, -+ &(lvalues[3304]),0}, -+{"rFC822localPart","rFC822localPart",NID_rFC822localPart,10, -+ &(lvalues[3314]),0}, -+{"dNSDomain","dNSDomain",NID_dNSDomain,10,&(lvalues[3324]),0}, -+{"domainRelatedObject","domainRelatedObject",NID_domainRelatedObject, -+ 10,&(lvalues[3334]),0}, -+{"friendlyCountry","friendlyCountry",NID_friendlyCountry,10, -+ &(lvalues[3344]),0}, -+{"simpleSecurityObject","simpleSecurityObject", -+ NID_simpleSecurityObject,10,&(lvalues[3354]),0}, -+{"pilotOrganization","pilotOrganization",NID_pilotOrganization,10, -+ &(lvalues[3364]),0}, -+{"pilotDSA","pilotDSA",NID_pilotDSA,10,&(lvalues[3374]),0}, -+{"qualityLabelledData","qualityLabelledData",NID_qualityLabelledData, -+ 10,&(lvalues[3384]),0}, -+{"UID","userId",NID_userId,10,&(lvalues[3394]),0}, -+{"textEncodedORAddress","textEncodedORAddress", -+ NID_textEncodedORAddress,10,&(lvalues[3404]),0}, -+{"mail","rfc822Mailbox",NID_rfc822Mailbox,10,&(lvalues[3414]),0}, -+{"info","info",NID_info,10,&(lvalues[3424]),0}, -+{"favouriteDrink","favouriteDrink",NID_favouriteDrink,10, -+ &(lvalues[3434]),0}, -+{"roomNumber","roomNumber",NID_roomNumber,10,&(lvalues[3444]),0}, -+{"photo","photo",NID_photo,10,&(lvalues[3454]),0}, -+{"userClass","userClass",NID_userClass,10,&(lvalues[3464]),0}, -+{"host","host",NID_host,10,&(lvalues[3474]),0}, -+{"manager","manager",NID_manager,10,&(lvalues[3484]),0}, -+{"documentIdentifier","documentIdentifier",NID_documentIdentifier,10, -+ &(lvalues[3494]),0}, -+{"documentTitle","documentTitle",NID_documentTitle,10,&(lvalues[3504]),0}, -+{"documentVersion","documentVersion",NID_documentVersion,10, -+ &(lvalues[3514]),0}, -+{"documentAuthor","documentAuthor",NID_documentAuthor,10, -+ &(lvalues[3524]),0}, -+{"documentLocation","documentLocation",NID_documentLocation,10, -+ &(lvalues[3534]),0}, -+{"homeTelephoneNumber","homeTelephoneNumber",NID_homeTelephoneNumber, -+ 10,&(lvalues[3544]),0}, -+{"secretary","secretary",NID_secretary,10,&(lvalues[3554]),0}, -+{"otherMailbox","otherMailbox",NID_otherMailbox,10,&(lvalues[3564]),0}, -+{"lastModifiedTime","lastModifiedTime",NID_lastModifiedTime,10, -+ &(lvalues[3574]),0}, -+{"lastModifiedBy","lastModifiedBy",NID_lastModifiedBy,10, -+ &(lvalues[3584]),0}, -+{"aRecord","aRecord",NID_aRecord,10,&(lvalues[3594]),0}, -+{"pilotAttributeType27","pilotAttributeType27", -+ NID_pilotAttributeType27,10,&(lvalues[3604]),0}, -+{"mXRecord","mXRecord",NID_mXRecord,10,&(lvalues[3614]),0}, -+{"nSRecord","nSRecord",NID_nSRecord,10,&(lvalues[3624]),0}, -+{"sOARecord","sOARecord",NID_sOARecord,10,&(lvalues[3634]),0}, -+{"cNAMERecord","cNAMERecord",NID_cNAMERecord,10,&(lvalues[3644]),0}, -+{"associatedDomain","associatedDomain",NID_associatedDomain,10, -+ &(lvalues[3654]),0}, -+{"associatedName","associatedName",NID_associatedName,10, -+ &(lvalues[3664]),0}, -+{"homePostalAddress","homePostalAddress",NID_homePostalAddress,10, -+ &(lvalues[3674]),0}, -+{"personalTitle","personalTitle",NID_personalTitle,10,&(lvalues[3684]),0}, -+{"mobileTelephoneNumber","mobileTelephoneNumber", -+ NID_mobileTelephoneNumber,10,&(lvalues[3694]),0}, -+{"pagerTelephoneNumber","pagerTelephoneNumber", -+ NID_pagerTelephoneNumber,10,&(lvalues[3704]),0}, -+{"friendlyCountryName","friendlyCountryName",NID_friendlyCountryName, -+ 10,&(lvalues[3714]),0}, -+{"organizationalStatus","organizationalStatus", -+ NID_organizationalStatus,10,&(lvalues[3724]),0}, -+{"janetMailbox","janetMailbox",NID_janetMailbox,10,&(lvalues[3734]),0}, -+{"mailPreferenceOption","mailPreferenceOption", -+ NID_mailPreferenceOption,10,&(lvalues[3744]),0}, -+{"buildingName","buildingName",NID_buildingName,10,&(lvalues[3754]),0}, -+{"dSAQuality","dSAQuality",NID_dSAQuality,10,&(lvalues[3764]),0}, -+{"singleLevelQuality","singleLevelQuality",NID_singleLevelQuality,10, -+ &(lvalues[3774]),0}, -+{"subtreeMinimumQuality","subtreeMinimumQuality", -+ NID_subtreeMinimumQuality,10,&(lvalues[3784]),0}, -+{"subtreeMaximumQuality","subtreeMaximumQuality", -+ NID_subtreeMaximumQuality,10,&(lvalues[3794]),0}, -+{"personalSignature","personalSignature",NID_personalSignature,10, -+ &(lvalues[3804]),0}, -+{"dITRedirect","dITRedirect",NID_dITRedirect,10,&(lvalues[3814]),0}, -+{"audio","audio",NID_audio,10,&(lvalues[3824]),0}, -+{"documentPublisher","documentPublisher",NID_documentPublisher,10, -+ &(lvalues[3834]),0}, -+{"x500UniqueIdentifier","x500UniqueIdentifier", -+ NID_x500UniqueIdentifier,3,&(lvalues[3844]),0}, -+{"mime-mhs","MIME MHS",NID_mime_mhs,5,&(lvalues[3847]),0}, -+{"mime-mhs-headings","mime-mhs-headings",NID_mime_mhs_headings,6, -+ &(lvalues[3852]),0}, -+{"mime-mhs-bodies","mime-mhs-bodies",NID_mime_mhs_bodies,6, -+ &(lvalues[3858]),0}, -+{"id-hex-partial-message","id-hex-partial-message", -+ NID_id_hex_partial_message,7,&(lvalues[3864]),0}, -+{"id-hex-multipart-message","id-hex-multipart-message", -+ NID_id_hex_multipart_message,7,&(lvalues[3871]),0}, -+{"generationQualifier","generationQualifier",NID_generationQualifier, -+ 3,&(lvalues[3878]),0}, -+{"pseudonym","pseudonym",NID_pseudonym,3,&(lvalues[3881]),0}, -+{NULL,NULL,NID_undef,0,NULL,0}, -+{"id-set","Secure Electronic Transactions",NID_id_set,2, -+ &(lvalues[3884]),0}, -+{"set-ctype","content types",NID_set_ctype,3,&(lvalues[3886]),0}, -+{"set-msgExt","message extensions",NID_set_msgExt,3,&(lvalues[3889]),0}, -+{"set-attr","set-attr",NID_set_attr,3,&(lvalues[3892]),0}, -+{"set-policy","set-policy",NID_set_policy,3,&(lvalues[3895]),0}, -+{"set-certExt","certificate extensions",NID_set_certExt,3, -+ &(lvalues[3898]),0}, -+{"set-brand","set-brand",NID_set_brand,3,&(lvalues[3901]),0}, -+{"setct-PANData","setct-PANData",NID_setct_PANData,4,&(lvalues[3904]),0}, -+{"setct-PANToken","setct-PANToken",NID_setct_PANToken,4, -+ &(lvalues[3908]),0}, -+{"setct-PANOnly","setct-PANOnly",NID_setct_PANOnly,4,&(lvalues[3912]),0}, -+{"setct-OIData","setct-OIData",NID_setct_OIData,4,&(lvalues[3916]),0}, -+{"setct-PI","setct-PI",NID_setct_PI,4,&(lvalues[3920]),0}, -+{"setct-PIData","setct-PIData",NID_setct_PIData,4,&(lvalues[3924]),0}, -+{"setct-PIDataUnsigned","setct-PIDataUnsigned", -+ NID_setct_PIDataUnsigned,4,&(lvalues[3928]),0}, -+{"setct-HODInput","setct-HODInput",NID_setct_HODInput,4, -+ &(lvalues[3932]),0}, -+{"setct-AuthResBaggage","setct-AuthResBaggage", -+ NID_setct_AuthResBaggage,4,&(lvalues[3936]),0}, -+{"setct-AuthRevReqBaggage","setct-AuthRevReqBaggage", -+ NID_setct_AuthRevReqBaggage,4,&(lvalues[3940]),0}, -+{"setct-AuthRevResBaggage","setct-AuthRevResBaggage", -+ NID_setct_AuthRevResBaggage,4,&(lvalues[3944]),0}, -+{"setct-CapTokenSeq","setct-CapTokenSeq",NID_setct_CapTokenSeq,4, -+ &(lvalues[3948]),0}, -+{"setct-PInitResData","setct-PInitResData",NID_setct_PInitResData,4, -+ &(lvalues[3952]),0}, -+{"setct-PI-TBS","setct-PI-TBS",NID_setct_PI_TBS,4,&(lvalues[3956]),0}, -+{"setct-PResData","setct-PResData",NID_setct_PResData,4, -+ &(lvalues[3960]),0}, -+{"setct-AuthReqTBS","setct-AuthReqTBS",NID_setct_AuthReqTBS,4, -+ &(lvalues[3964]),0}, -+{"setct-AuthResTBS","setct-AuthResTBS",NID_setct_AuthResTBS,4, -+ &(lvalues[3968]),0}, -+{"setct-AuthResTBSX","setct-AuthResTBSX",NID_setct_AuthResTBSX,4, -+ &(lvalues[3972]),0}, -+{"setct-AuthTokenTBS","setct-AuthTokenTBS",NID_setct_AuthTokenTBS,4, -+ &(lvalues[3976]),0}, -+{"setct-CapTokenData","setct-CapTokenData",NID_setct_CapTokenData,4, -+ &(lvalues[3980]),0}, -+{"setct-CapTokenTBS","setct-CapTokenTBS",NID_setct_CapTokenTBS,4, -+ &(lvalues[3984]),0}, -+{"setct-AcqCardCodeMsg","setct-AcqCardCodeMsg", -+ NID_setct_AcqCardCodeMsg,4,&(lvalues[3988]),0}, -+{"setct-AuthRevReqTBS","setct-AuthRevReqTBS",NID_setct_AuthRevReqTBS, -+ 4,&(lvalues[3992]),0}, -+{"setct-AuthRevResData","setct-AuthRevResData", -+ NID_setct_AuthRevResData,4,&(lvalues[3996]),0}, -+{"setct-AuthRevResTBS","setct-AuthRevResTBS",NID_setct_AuthRevResTBS, -+ 4,&(lvalues[4000]),0}, -+{"setct-CapReqTBS","setct-CapReqTBS",NID_setct_CapReqTBS,4, -+ &(lvalues[4004]),0}, -+{"setct-CapReqTBSX","setct-CapReqTBSX",NID_setct_CapReqTBSX,4, -+ &(lvalues[4008]),0}, -+{"setct-CapResData","setct-CapResData",NID_setct_CapResData,4, -+ &(lvalues[4012]),0}, -+{"setct-CapRevReqTBS","setct-CapRevReqTBS",NID_setct_CapRevReqTBS,4, -+ &(lvalues[4016]),0}, -+{"setct-CapRevReqTBSX","setct-CapRevReqTBSX",NID_setct_CapRevReqTBSX, -+ 4,&(lvalues[4020]),0}, -+{"setct-CapRevResData","setct-CapRevResData",NID_setct_CapRevResData, -+ 4,&(lvalues[4024]),0}, -+{"setct-CredReqTBS","setct-CredReqTBS",NID_setct_CredReqTBS,4, -+ &(lvalues[4028]),0}, -+{"setct-CredReqTBSX","setct-CredReqTBSX",NID_setct_CredReqTBSX,4, -+ &(lvalues[4032]),0}, -+{"setct-CredResData","setct-CredResData",NID_setct_CredResData,4, -+ &(lvalues[4036]),0}, -+{"setct-CredRevReqTBS","setct-CredRevReqTBS",NID_setct_CredRevReqTBS, -+ 4,&(lvalues[4040]),0}, -+{"setct-CredRevReqTBSX","setct-CredRevReqTBSX", -+ NID_setct_CredRevReqTBSX,4,&(lvalues[4044]),0}, -+{"setct-CredRevResData","setct-CredRevResData", -+ NID_setct_CredRevResData,4,&(lvalues[4048]),0}, -+{"setct-PCertReqData","setct-PCertReqData",NID_setct_PCertReqData,4, -+ &(lvalues[4052]),0}, -+{"setct-PCertResTBS","setct-PCertResTBS",NID_setct_PCertResTBS,4, -+ &(lvalues[4056]),0}, -+{"setct-BatchAdminReqData","setct-BatchAdminReqData", -+ NID_setct_BatchAdminReqData,4,&(lvalues[4060]),0}, -+{"setct-BatchAdminResData","setct-BatchAdminResData", -+ NID_setct_BatchAdminResData,4,&(lvalues[4064]),0}, -+{"setct-CardCInitResTBS","setct-CardCInitResTBS", -+ NID_setct_CardCInitResTBS,4,&(lvalues[4068]),0}, -+{"setct-MeAqCInitResTBS","setct-MeAqCInitResTBS", -+ NID_setct_MeAqCInitResTBS,4,&(lvalues[4072]),0}, -+{"setct-RegFormResTBS","setct-RegFormResTBS",NID_setct_RegFormResTBS, -+ 4,&(lvalues[4076]),0}, -+{"setct-CertReqData","setct-CertReqData",NID_setct_CertReqData,4, -+ &(lvalues[4080]),0}, -+{"setct-CertReqTBS","setct-CertReqTBS",NID_setct_CertReqTBS,4, -+ &(lvalues[4084]),0}, -+{"setct-CertResData","setct-CertResData",NID_setct_CertResData,4, -+ &(lvalues[4088]),0}, -+{"setct-CertInqReqTBS","setct-CertInqReqTBS",NID_setct_CertInqReqTBS, -+ 4,&(lvalues[4092]),0}, -+{"setct-ErrorTBS","setct-ErrorTBS",NID_setct_ErrorTBS,4, -+ &(lvalues[4096]),0}, -+{"setct-PIDualSignedTBE","setct-PIDualSignedTBE", -+ NID_setct_PIDualSignedTBE,4,&(lvalues[4100]),0}, -+{"setct-PIUnsignedTBE","setct-PIUnsignedTBE",NID_setct_PIUnsignedTBE, -+ 4,&(lvalues[4104]),0}, -+{"setct-AuthReqTBE","setct-AuthReqTBE",NID_setct_AuthReqTBE,4, -+ &(lvalues[4108]),0}, -+{"setct-AuthResTBE","setct-AuthResTBE",NID_setct_AuthResTBE,4, -+ &(lvalues[4112]),0}, -+{"setct-AuthResTBEX","setct-AuthResTBEX",NID_setct_AuthResTBEX,4, -+ &(lvalues[4116]),0}, -+{"setct-AuthTokenTBE","setct-AuthTokenTBE",NID_setct_AuthTokenTBE,4, -+ &(lvalues[4120]),0}, -+{"setct-CapTokenTBE","setct-CapTokenTBE",NID_setct_CapTokenTBE,4, -+ &(lvalues[4124]),0}, -+{"setct-CapTokenTBEX","setct-CapTokenTBEX",NID_setct_CapTokenTBEX,4, -+ &(lvalues[4128]),0}, -+{"setct-AcqCardCodeMsgTBE","setct-AcqCardCodeMsgTBE", -+ NID_setct_AcqCardCodeMsgTBE,4,&(lvalues[4132]),0}, -+{"setct-AuthRevReqTBE","setct-AuthRevReqTBE",NID_setct_AuthRevReqTBE, -+ 4,&(lvalues[4136]),0}, -+{"setct-AuthRevResTBE","setct-AuthRevResTBE",NID_setct_AuthRevResTBE, -+ 4,&(lvalues[4140]),0}, -+{"setct-AuthRevResTBEB","setct-AuthRevResTBEB", -+ NID_setct_AuthRevResTBEB,4,&(lvalues[4144]),0}, -+{"setct-CapReqTBE","setct-CapReqTBE",NID_setct_CapReqTBE,4, -+ &(lvalues[4148]),0}, -+{"setct-CapReqTBEX","setct-CapReqTBEX",NID_setct_CapReqTBEX,4, -+ &(lvalues[4152]),0}, -+{"setct-CapResTBE","setct-CapResTBE",NID_setct_CapResTBE,4, -+ &(lvalues[4156]),0}, -+{"setct-CapRevReqTBE","setct-CapRevReqTBE",NID_setct_CapRevReqTBE,4, -+ &(lvalues[4160]),0}, -+{"setct-CapRevReqTBEX","setct-CapRevReqTBEX",NID_setct_CapRevReqTBEX, -+ 4,&(lvalues[4164]),0}, -+{"setct-CapRevResTBE","setct-CapRevResTBE",NID_setct_CapRevResTBE,4, -+ &(lvalues[4168]),0}, -+{"setct-CredReqTBE","setct-CredReqTBE",NID_setct_CredReqTBE,4, -+ &(lvalues[4172]),0}, -+{"setct-CredReqTBEX","setct-CredReqTBEX",NID_setct_CredReqTBEX,4, -+ &(lvalues[4176]),0}, -+{"setct-CredResTBE","setct-CredResTBE",NID_setct_CredResTBE,4, -+ &(lvalues[4180]),0}, -+{"setct-CredRevReqTBE","setct-CredRevReqTBE",NID_setct_CredRevReqTBE, -+ 4,&(lvalues[4184]),0}, -+{"setct-CredRevReqTBEX","setct-CredRevReqTBEX", -+ NID_setct_CredRevReqTBEX,4,&(lvalues[4188]),0}, -+{"setct-CredRevResTBE","setct-CredRevResTBE",NID_setct_CredRevResTBE, -+ 4,&(lvalues[4192]),0}, -+{"setct-BatchAdminReqTBE","setct-BatchAdminReqTBE", -+ NID_setct_BatchAdminReqTBE,4,&(lvalues[4196]),0}, -+{"setct-BatchAdminResTBE","setct-BatchAdminResTBE", -+ NID_setct_BatchAdminResTBE,4,&(lvalues[4200]),0}, -+{"setct-RegFormReqTBE","setct-RegFormReqTBE",NID_setct_RegFormReqTBE, -+ 4,&(lvalues[4204]),0}, -+{"setct-CertReqTBE","setct-CertReqTBE",NID_setct_CertReqTBE,4, -+ &(lvalues[4208]),0}, -+{"setct-CertReqTBEX","setct-CertReqTBEX",NID_setct_CertReqTBEX,4, -+ &(lvalues[4212]),0}, -+{"setct-CertResTBE","setct-CertResTBE",NID_setct_CertResTBE,4, -+ &(lvalues[4216]),0}, -+{"setct-CRLNotificationTBS","setct-CRLNotificationTBS", -+ NID_setct_CRLNotificationTBS,4,&(lvalues[4220]),0}, -+{"setct-CRLNotificationResTBS","setct-CRLNotificationResTBS", -+ NID_setct_CRLNotificationResTBS,4,&(lvalues[4224]),0}, -+{"setct-BCIDistributionTBS","setct-BCIDistributionTBS", -+ NID_setct_BCIDistributionTBS,4,&(lvalues[4228]),0}, -+{"setext-genCrypt","generic cryptogram",NID_setext_genCrypt,4, -+ &(lvalues[4232]),0}, -+{"setext-miAuth","merchant initiated auth",NID_setext_miAuth,4, -+ &(lvalues[4236]),0}, -+{"setext-pinSecure","setext-pinSecure",NID_setext_pinSecure,4, -+ &(lvalues[4240]),0}, -+{"setext-pinAny","setext-pinAny",NID_setext_pinAny,4,&(lvalues[4244]),0}, -+{"setext-track2","setext-track2",NID_setext_track2,4,&(lvalues[4248]),0}, -+{"setext-cv","additional verification",NID_setext_cv,4, -+ &(lvalues[4252]),0}, -+{"set-policy-root","set-policy-root",NID_set_policy_root,4, -+ &(lvalues[4256]),0}, -+{"setCext-hashedRoot","setCext-hashedRoot",NID_setCext_hashedRoot,4, -+ &(lvalues[4260]),0}, -+{"setCext-certType","setCext-certType",NID_setCext_certType,4, -+ &(lvalues[4264]),0}, -+{"setCext-merchData","setCext-merchData",NID_setCext_merchData,4, -+ &(lvalues[4268]),0}, -+{"setCext-cCertRequired","setCext-cCertRequired", -+ NID_setCext_cCertRequired,4,&(lvalues[4272]),0}, -+{"setCext-tunneling","setCext-tunneling",NID_setCext_tunneling,4, -+ &(lvalues[4276]),0}, -+{"setCext-setExt","setCext-setExt",NID_setCext_setExt,4, -+ &(lvalues[4280]),0}, -+{"setCext-setQualf","setCext-setQualf",NID_setCext_setQualf,4, -+ &(lvalues[4284]),0}, -+{"setCext-PGWYcapabilities","setCext-PGWYcapabilities", -+ NID_setCext_PGWYcapabilities,4,&(lvalues[4288]),0}, -+{"setCext-TokenIdentifier","setCext-TokenIdentifier", -+ NID_setCext_TokenIdentifier,4,&(lvalues[4292]),0}, -+{"setCext-Track2Data","setCext-Track2Data",NID_setCext_Track2Data,4, -+ &(lvalues[4296]),0}, -+{"setCext-TokenType","setCext-TokenType",NID_setCext_TokenType,4, -+ &(lvalues[4300]),0}, -+{"setCext-IssuerCapabilities","setCext-IssuerCapabilities", -+ NID_setCext_IssuerCapabilities,4,&(lvalues[4304]),0}, -+{"setAttr-Cert","setAttr-Cert",NID_setAttr_Cert,4,&(lvalues[4308]),0}, -+{"setAttr-PGWYcap","payment gateway capabilities",NID_setAttr_PGWYcap, -+ 4,&(lvalues[4312]),0}, -+{"setAttr-TokenType","setAttr-TokenType",NID_setAttr_TokenType,4, -+ &(lvalues[4316]),0}, -+{"setAttr-IssCap","issuer capabilities",NID_setAttr_IssCap,4, -+ &(lvalues[4320]),0}, -+{"set-rootKeyThumb","set-rootKeyThumb",NID_set_rootKeyThumb,5, -+ &(lvalues[4324]),0}, -+{"set-addPolicy","set-addPolicy",NID_set_addPolicy,5,&(lvalues[4329]),0}, -+{"setAttr-Token-EMV","setAttr-Token-EMV",NID_setAttr_Token_EMV,5, -+ &(lvalues[4334]),0}, -+{"setAttr-Token-B0Prime","setAttr-Token-B0Prime", -+ NID_setAttr_Token_B0Prime,5,&(lvalues[4339]),0}, -+{"setAttr-IssCap-CVM","setAttr-IssCap-CVM",NID_setAttr_IssCap_CVM,5, -+ &(lvalues[4344]),0}, -+{"setAttr-IssCap-T2","setAttr-IssCap-T2",NID_setAttr_IssCap_T2,5, -+ &(lvalues[4349]),0}, -+{"setAttr-IssCap-Sig","setAttr-IssCap-Sig",NID_setAttr_IssCap_Sig,5, -+ &(lvalues[4354]),0}, -+{"setAttr-GenCryptgrm","generate cryptogram",NID_setAttr_GenCryptgrm, -+ 6,&(lvalues[4359]),0}, -+{"setAttr-T2Enc","encrypted track 2",NID_setAttr_T2Enc,6, -+ &(lvalues[4365]),0}, -+{"setAttr-T2cleartxt","cleartext track 2",NID_setAttr_T2cleartxt,6, -+ &(lvalues[4371]),0}, -+{"setAttr-TokICCsig","ICC or token signature",NID_setAttr_TokICCsig,6, -+ &(lvalues[4377]),0}, -+{"setAttr-SecDevSig","secure device signature",NID_setAttr_SecDevSig, -+ 6,&(lvalues[4383]),0}, -+{"set-brand-IATA-ATA","set-brand-IATA-ATA",NID_set_brand_IATA_ATA,4, -+ &(lvalues[4389]),0}, -+{"set-brand-Diners","set-brand-Diners",NID_set_brand_Diners,4, -+ &(lvalues[4393]),0}, -+{"set-brand-AmericanExpress","set-brand-AmericanExpress", -+ NID_set_brand_AmericanExpress,4,&(lvalues[4397]),0}, -+{"set-brand-JCB","set-brand-JCB",NID_set_brand_JCB,4,&(lvalues[4401]),0}, -+{"set-brand-Visa","set-brand-Visa",NID_set_brand_Visa,4, -+ &(lvalues[4405]),0}, -+{"set-brand-MasterCard","set-brand-MasterCard", -+ NID_set_brand_MasterCard,4,&(lvalues[4409]),0}, -+{"set-brand-Novus","set-brand-Novus",NID_set_brand_Novus,5, -+ &(lvalues[4413]),0}, -+{"DES-CDMF","des-cdmf",NID_des_cdmf,8,&(lvalues[4418]),0}, -+{"rsaOAEPEncryptionSET","rsaOAEPEncryptionSET", -+ NID_rsaOAEPEncryptionSET,9,&(lvalues[4426]),0}, -+{"ITU-T","itu-t",NID_itu_t,0,NULL,0}, -+{"JOINT-ISO-ITU-T","joint-iso-itu-t",NID_joint_iso_itu_t,0,NULL,0}, -+{"international-organizations","International Organizations", -+ NID_international_organizations,1,&(lvalues[4435]),0}, -+{"msSmartcardLogin","Microsoft Smartcardlogin",NID_ms_smartcard_login, -+ 10,&(lvalues[4436]),0}, -+{"msUPN","Microsoft Universal Principal Name",NID_ms_upn,10, -+ &(lvalues[4446]),0}, -+{"AES-128-CFB1","aes-128-cfb1",NID_aes_128_cfb1,0,NULL,0}, -+{"AES-192-CFB1","aes-192-cfb1",NID_aes_192_cfb1,0,NULL,0}, -+{"AES-256-CFB1","aes-256-cfb1",NID_aes_256_cfb1,0,NULL,0}, -+{"AES-128-CFB8","aes-128-cfb8",NID_aes_128_cfb8,0,NULL,0}, -+{"AES-192-CFB8","aes-192-cfb8",NID_aes_192_cfb8,0,NULL,0}, -+{"AES-256-CFB8","aes-256-cfb8",NID_aes_256_cfb8,0,NULL,0}, -+{"DES-CFB1","des-cfb1",NID_des_cfb1,0,NULL,0}, -+{"DES-CFB8","des-cfb8",NID_des_cfb8,0,NULL,0}, -+{"DES-EDE3-CFB1","des-ede3-cfb1",NID_des_ede3_cfb1,0,NULL,0}, -+{"DES-EDE3-CFB8","des-ede3-cfb8",NID_des_ede3_cfb8,0,NULL,0}, -+{"street","streetAddress",NID_streetAddress,3,&(lvalues[4456]),0}, -+{"postalCode","postalCode",NID_postalCode,3,&(lvalues[4459]),0}, -+{"id-ppl","id-ppl",NID_id_ppl,7,&(lvalues[4462]),0}, -+{"proxyCertInfo","Proxy Certificate Information",NID_proxyCertInfo,8, -+ &(lvalues[4469]),0}, -+{"id-ppl-anyLanguage","Any language",NID_id_ppl_anyLanguage,8, -+ &(lvalues[4477]),0}, -+{"id-ppl-inheritAll","Inherit all",NID_id_ppl_inheritAll,8, -+ &(lvalues[4485]),0}, -+{"nameConstraints","X509v3 Name Constraints",NID_name_constraints,3, -+ &(lvalues[4493]),0}, -+{"id-ppl-independent","Independent",NID_Independent,8,&(lvalues[4496]),0}, -+{"RSA-SHA256","sha256WithRSAEncryption",NID_sha256WithRSAEncryption,9, -+ &(lvalues[4504]),0}, -+{"RSA-SHA384","sha384WithRSAEncryption",NID_sha384WithRSAEncryption,9, -+ &(lvalues[4513]),0}, -+{"RSA-SHA512","sha512WithRSAEncryption",NID_sha512WithRSAEncryption,9, -+ &(lvalues[4522]),0}, -+{"RSA-SHA224","sha224WithRSAEncryption",NID_sha224WithRSAEncryption,9, -+ &(lvalues[4531]),0}, -+{"SHA256","sha256",NID_sha256,9,&(lvalues[4540]),0}, -+{"SHA384","sha384",NID_sha384,9,&(lvalues[4549]),0}, -+{"SHA512","sha512",NID_sha512,9,&(lvalues[4558]),0}, -+{"SHA224","sha224",NID_sha224,9,&(lvalues[4567]),0}, -+{"identified-organization","identified-organization", -+ NID_identified_organization,1,&(lvalues[4576]),0}, -+{"certicom-arc","certicom-arc",NID_certicom_arc,3,&(lvalues[4577]),0}, -+{"wap","wap",NID_wap,2,&(lvalues[4580]),0}, -+{"wap-wsg","wap-wsg",NID_wap_wsg,3,&(lvalues[4582]),0}, -+{"id-characteristic-two-basis","id-characteristic-two-basis", -+ NID_X9_62_id_characteristic_two_basis,8,&(lvalues[4585]),0}, -+{"onBasis","onBasis",NID_X9_62_onBasis,9,&(lvalues[4593]),0}, -+{"tpBasis","tpBasis",NID_X9_62_tpBasis,9,&(lvalues[4602]),0}, -+{"ppBasis","ppBasis",NID_X9_62_ppBasis,9,&(lvalues[4611]),0}, -+{"c2pnb163v1","c2pnb163v1",NID_X9_62_c2pnb163v1,8,&(lvalues[4620]),0}, -+{"c2pnb163v2","c2pnb163v2",NID_X9_62_c2pnb163v2,8,&(lvalues[4628]),0}, -+{"c2pnb163v3","c2pnb163v3",NID_X9_62_c2pnb163v3,8,&(lvalues[4636]),0}, -+{"c2pnb176v1","c2pnb176v1",NID_X9_62_c2pnb176v1,8,&(lvalues[4644]),0}, -+{"c2tnb191v1","c2tnb191v1",NID_X9_62_c2tnb191v1,8,&(lvalues[4652]),0}, -+{"c2tnb191v2","c2tnb191v2",NID_X9_62_c2tnb191v2,8,&(lvalues[4660]),0}, -+{"c2tnb191v3","c2tnb191v3",NID_X9_62_c2tnb191v3,8,&(lvalues[4668]),0}, -+{"c2onb191v4","c2onb191v4",NID_X9_62_c2onb191v4,8,&(lvalues[4676]),0}, -+{"c2onb191v5","c2onb191v5",NID_X9_62_c2onb191v5,8,&(lvalues[4684]),0}, -+{"c2pnb208w1","c2pnb208w1",NID_X9_62_c2pnb208w1,8,&(lvalues[4692]),0}, -+{"c2tnb239v1","c2tnb239v1",NID_X9_62_c2tnb239v1,8,&(lvalues[4700]),0}, -+{"c2tnb239v2","c2tnb239v2",NID_X9_62_c2tnb239v2,8,&(lvalues[4708]),0}, -+{"c2tnb239v3","c2tnb239v3",NID_X9_62_c2tnb239v3,8,&(lvalues[4716]),0}, -+{"c2onb239v4","c2onb239v4",NID_X9_62_c2onb239v4,8,&(lvalues[4724]),0}, -+{"c2onb239v5","c2onb239v5",NID_X9_62_c2onb239v5,8,&(lvalues[4732]),0}, -+{"c2pnb272w1","c2pnb272w1",NID_X9_62_c2pnb272w1,8,&(lvalues[4740]),0}, -+{"c2pnb304w1","c2pnb304w1",NID_X9_62_c2pnb304w1,8,&(lvalues[4748]),0}, -+{"c2tnb359v1","c2tnb359v1",NID_X9_62_c2tnb359v1,8,&(lvalues[4756]),0}, -+{"c2pnb368w1","c2pnb368w1",NID_X9_62_c2pnb368w1,8,&(lvalues[4764]),0}, -+{"c2tnb431r1","c2tnb431r1",NID_X9_62_c2tnb431r1,8,&(lvalues[4772]),0}, -+{"secp112r1","secp112r1",NID_secp112r1,5,&(lvalues[4780]),0}, -+{"secp112r2","secp112r2",NID_secp112r2,5,&(lvalues[4785]),0}, -+{"secp128r1","secp128r1",NID_secp128r1,5,&(lvalues[4790]),0}, -+{"secp128r2","secp128r2",NID_secp128r2,5,&(lvalues[4795]),0}, -+{"secp160k1","secp160k1",NID_secp160k1,5,&(lvalues[4800]),0}, -+{"secp160r1","secp160r1",NID_secp160r1,5,&(lvalues[4805]),0}, -+{"secp160r2","secp160r2",NID_secp160r2,5,&(lvalues[4810]),0}, -+{"secp192k1","secp192k1",NID_secp192k1,5,&(lvalues[4815]),0}, -+{"secp224k1","secp224k1",NID_secp224k1,5,&(lvalues[4820]),0}, -+{"secp224r1","secp224r1",NID_secp224r1,5,&(lvalues[4825]),0}, -+{"secp256k1","secp256k1",NID_secp256k1,5,&(lvalues[4830]),0}, -+{"secp384r1","secp384r1",NID_secp384r1,5,&(lvalues[4835]),0}, -+{"secp521r1","secp521r1",NID_secp521r1,5,&(lvalues[4840]),0}, -+{"sect113r1","sect113r1",NID_sect113r1,5,&(lvalues[4845]),0}, -+{"sect113r2","sect113r2",NID_sect113r2,5,&(lvalues[4850]),0}, -+{"sect131r1","sect131r1",NID_sect131r1,5,&(lvalues[4855]),0}, -+{"sect131r2","sect131r2",NID_sect131r2,5,&(lvalues[4860]),0}, -+{"sect163k1","sect163k1",NID_sect163k1,5,&(lvalues[4865]),0}, -+{"sect163r1","sect163r1",NID_sect163r1,5,&(lvalues[4870]),0}, -+{"sect163r2","sect163r2",NID_sect163r2,5,&(lvalues[4875]),0}, -+{"sect193r1","sect193r1",NID_sect193r1,5,&(lvalues[4880]),0}, -+{"sect193r2","sect193r2",NID_sect193r2,5,&(lvalues[4885]),0}, -+{"sect233k1","sect233k1",NID_sect233k1,5,&(lvalues[4890]),0}, -+{"sect233r1","sect233r1",NID_sect233r1,5,&(lvalues[4895]),0}, -+{"sect239k1","sect239k1",NID_sect239k1,5,&(lvalues[4900]),0}, -+{"sect283k1","sect283k1",NID_sect283k1,5,&(lvalues[4905]),0}, -+{"sect283r1","sect283r1",NID_sect283r1,5,&(lvalues[4910]),0}, -+{"sect409k1","sect409k1",NID_sect409k1,5,&(lvalues[4915]),0}, -+{"sect409r1","sect409r1",NID_sect409r1,5,&(lvalues[4920]),0}, -+{"sect571k1","sect571k1",NID_sect571k1,5,&(lvalues[4925]),0}, -+{"sect571r1","sect571r1",NID_sect571r1,5,&(lvalues[4930]),0}, -+{"wap-wsg-idm-ecid-wtls1","wap-wsg-idm-ecid-wtls1", -+ NID_wap_wsg_idm_ecid_wtls1,5,&(lvalues[4935]),0}, -+{"wap-wsg-idm-ecid-wtls3","wap-wsg-idm-ecid-wtls3", -+ NID_wap_wsg_idm_ecid_wtls3,5,&(lvalues[4940]),0}, -+{"wap-wsg-idm-ecid-wtls4","wap-wsg-idm-ecid-wtls4", -+ NID_wap_wsg_idm_ecid_wtls4,5,&(lvalues[4945]),0}, -+{"wap-wsg-idm-ecid-wtls5","wap-wsg-idm-ecid-wtls5", -+ NID_wap_wsg_idm_ecid_wtls5,5,&(lvalues[4950]),0}, -+{"wap-wsg-idm-ecid-wtls6","wap-wsg-idm-ecid-wtls6", -+ NID_wap_wsg_idm_ecid_wtls6,5,&(lvalues[4955]),0}, -+{"wap-wsg-idm-ecid-wtls7","wap-wsg-idm-ecid-wtls7", -+ NID_wap_wsg_idm_ecid_wtls7,5,&(lvalues[4960]),0}, -+{"wap-wsg-idm-ecid-wtls8","wap-wsg-idm-ecid-wtls8", -+ NID_wap_wsg_idm_ecid_wtls8,5,&(lvalues[4965]),0}, -+{"wap-wsg-idm-ecid-wtls9","wap-wsg-idm-ecid-wtls9", -+ NID_wap_wsg_idm_ecid_wtls9,5,&(lvalues[4970]),0}, -+{"wap-wsg-idm-ecid-wtls10","wap-wsg-idm-ecid-wtls10", -+ NID_wap_wsg_idm_ecid_wtls10,5,&(lvalues[4975]),0}, -+{"wap-wsg-idm-ecid-wtls11","wap-wsg-idm-ecid-wtls11", -+ NID_wap_wsg_idm_ecid_wtls11,5,&(lvalues[4980]),0}, -+{"wap-wsg-idm-ecid-wtls12","wap-wsg-idm-ecid-wtls12", -+ NID_wap_wsg_idm_ecid_wtls12,5,&(lvalues[4985]),0}, -+{"anyPolicy","X509v3 Any Policy",NID_any_policy,4,&(lvalues[4990]),0}, -+{"policyMappings","X509v3 Policy Mappings",NID_policy_mappings,3, -+ &(lvalues[4994]),0}, -+{"inhibitAnyPolicy","X509v3 Inhibit Any Policy", -+ NID_inhibit_any_policy,3,&(lvalues[4997]),0}, -+{"Oakley-EC2N-3","ipsec3",NID_ipsec3,0,NULL,0}, -+{"Oakley-EC2N-4","ipsec4",NID_ipsec4,0,NULL,0}, -+{"CAMELLIA-128-CBC","camellia-128-cbc",NID_camellia_128_cbc,11, -+ &(lvalues[5000]),0}, -+{"CAMELLIA-192-CBC","camellia-192-cbc",NID_camellia_192_cbc,11, -+ &(lvalues[5011]),0}, -+{"CAMELLIA-256-CBC","camellia-256-cbc",NID_camellia_256_cbc,11, -+ &(lvalues[5022]),0}, -+{"CAMELLIA-128-ECB","camellia-128-ecb",NID_camellia_128_ecb,8, -+ &(lvalues[5033]),0}, -+{"CAMELLIA-192-ECB","camellia-192-ecb",NID_camellia_192_ecb,8, -+ &(lvalues[5041]),0}, -+{"CAMELLIA-256-ECB","camellia-256-ecb",NID_camellia_256_ecb,8, -+ &(lvalues[5049]),0}, -+{"CAMELLIA-128-CFB","camellia-128-cfb",NID_camellia_128_cfb128,8, -+ &(lvalues[5057]),0}, -+{"CAMELLIA-192-CFB","camellia-192-cfb",NID_camellia_192_cfb128,8, -+ &(lvalues[5065]),0}, -+{"CAMELLIA-256-CFB","camellia-256-cfb",NID_camellia_256_cfb128,8, -+ &(lvalues[5073]),0}, -+{"CAMELLIA-128-CFB1","camellia-128-cfb1",NID_camellia_128_cfb1,0,NULL,0}, -+{"CAMELLIA-192-CFB1","camellia-192-cfb1",NID_camellia_192_cfb1,0,NULL,0}, -+{"CAMELLIA-256-CFB1","camellia-256-cfb1",NID_camellia_256_cfb1,0,NULL,0}, -+{"CAMELLIA-128-CFB8","camellia-128-cfb8",NID_camellia_128_cfb8,0,NULL,0}, -+{"CAMELLIA-192-CFB8","camellia-192-cfb8",NID_camellia_192_cfb8,0,NULL,0}, -+{"CAMELLIA-256-CFB8","camellia-256-cfb8",NID_camellia_256_cfb8,0,NULL,0}, -+{"CAMELLIA-128-OFB","camellia-128-ofb",NID_camellia_128_ofb128,8, -+ &(lvalues[5081]),0}, -+{"CAMELLIA-192-OFB","camellia-192-ofb",NID_camellia_192_ofb128,8, -+ &(lvalues[5089]),0}, -+{"CAMELLIA-256-OFB","camellia-256-ofb",NID_camellia_256_ofb128,8, -+ &(lvalues[5097]),0}, -+{"subjectDirectoryAttributes","X509v3 Subject Directory Attributes", -+ NID_subject_directory_attributes,3,&(lvalues[5105]),0}, -+{"issuingDistributionPoint","X509v3 Issuing Distrubution Point", -+ NID_issuing_distribution_point,3,&(lvalues[5108]),0}, -+{"certificateIssuer","X509v3 Certificate Issuer", -+ NID_certificate_issuer,3,&(lvalues[5111]),0}, -+{NULL,NULL,NID_undef,0,NULL,0}, -+{"KISA","kisa",NID_kisa,6,&(lvalues[5114]),0}, -+{NULL,NULL,NID_undef,0,NULL,0}, -+{NULL,NULL,NID_undef,0,NULL,0}, -+{"SEED-ECB","seed-ecb",NID_seed_ecb,8,&(lvalues[5120]),0}, -+{"SEED-CBC","seed-cbc",NID_seed_cbc,8,&(lvalues[5128]),0}, -+{"SEED-OFB","seed-ofb",NID_seed_ofb128,8,&(lvalues[5136]),0}, -+{"SEED-CFB","seed-cfb",NID_seed_cfb128,8,&(lvalues[5144]),0}, -+{"HMAC-MD5","hmac-md5",NID_hmac_md5,8,&(lvalues[5152]),0}, -+{"HMAC-SHA1","hmac-sha1",NID_hmac_sha1,8,&(lvalues[5160]),0}, -+{"id-PasswordBasedMAC","password based MAC",NID_id_PasswordBasedMAC,9, -+ &(lvalues[5168]),0}, -+{"id-DHBasedMac","Diffie-Hellman based MAC",NID_id_DHBasedMac,9, -+ &(lvalues[5177]),0}, -+{"id-it-suppLangTags","id-it-suppLangTags",NID_id_it_suppLangTags,8, -+ &(lvalues[5186]),0}, -+{"caRepository","CA Repository",NID_caRepository,8,&(lvalues[5194]),0}, -+{"id-smime-ct-compressedData","id-smime-ct-compressedData", -+ NID_id_smime_ct_compressedData,11,&(lvalues[5202]),0}, -+{"id-ct-asciiTextWithCRLF","id-ct-asciiTextWithCRLF", -+ NID_id_ct_asciiTextWithCRLF,11,&(lvalues[5213]),0}, -+{"id-aes128-wrap","id-aes128-wrap",NID_id_aes128_wrap,9, -+ &(lvalues[5224]),0}, -+{"id-aes192-wrap","id-aes192-wrap",NID_id_aes192_wrap,9, -+ &(lvalues[5233]),0}, -+{"id-aes256-wrap","id-aes256-wrap",NID_id_aes256_wrap,9, -+ &(lvalues[5242]),0}, -+{"ecdsa-with-Recommended","ecdsa-with-Recommended", -+ NID_ecdsa_with_Recommended,7,&(lvalues[5251]),0}, -+{"ecdsa-with-Specified","ecdsa-with-Specified", -+ NID_ecdsa_with_Specified,7,&(lvalues[5258]),0}, -+{"ecdsa-with-SHA224","ecdsa-with-SHA224",NID_ecdsa_with_SHA224,8, -+ &(lvalues[5265]),0}, -+{"ecdsa-with-SHA256","ecdsa-with-SHA256",NID_ecdsa_with_SHA256,8, -+ &(lvalues[5273]),0}, -+{"ecdsa-with-SHA384","ecdsa-with-SHA384",NID_ecdsa_with_SHA384,8, -+ &(lvalues[5281]),0}, -+{"ecdsa-with-SHA512","ecdsa-with-SHA512",NID_ecdsa_with_SHA512,8, -+ &(lvalues[5289]),0}, -+{"hmacWithMD5","hmacWithMD5",NID_hmacWithMD5,8,&(lvalues[5297]),0}, -+{"hmacWithSHA224","hmacWithSHA224",NID_hmacWithSHA224,8, -+ &(lvalues[5305]),0}, -+{"hmacWithSHA256","hmacWithSHA256",NID_hmacWithSHA256,8, -+ &(lvalues[5313]),0}, -+{"hmacWithSHA384","hmacWithSHA384",NID_hmacWithSHA384,8, -+ &(lvalues[5321]),0}, -+{"hmacWithSHA512","hmacWithSHA512",NID_hmacWithSHA512,8, -+ &(lvalues[5329]),0}, -+{"dsa_with_SHA224","dsa_with_SHA224",NID_dsa_with_SHA224,9, -+ &(lvalues[5337]),0}, -+{"dsa_with_SHA256","dsa_with_SHA256",NID_dsa_with_SHA256,9, -+ &(lvalues[5346]),0}, -+{"whirlpool","whirlpool",NID_whirlpool,6,&(lvalues[5355]),0}, -+{"cryptopro","cryptopro",NID_cryptopro,5,&(lvalues[5361]),0}, -+{"cryptocom","cryptocom",NID_cryptocom,5,&(lvalues[5366]),0}, -+{"id-GostR3411-94-with-GostR3410-2001", -+ "GOST R 34.11-94 with GOST R 34.10-2001", -+ NID_id_GostR3411_94_with_GostR3410_2001,6,&(lvalues[5371]),0}, -+{"id-GostR3411-94-with-GostR3410-94", -+ "GOST R 34.11-94 with GOST R 34.10-94", -+ NID_id_GostR3411_94_with_GostR3410_94,6,&(lvalues[5377]),0}, -+{"md_gost94","GOST R 34.11-94",NID_id_GostR3411_94,6,&(lvalues[5383]),0}, -+{"id-HMACGostR3411-94","HMAC GOST 34.11-94",NID_id_HMACGostR3411_94,6, -+ &(lvalues[5389]),0}, -+{"gost2001","GOST R 34.10-2001",NID_id_GostR3410_2001,6, -+ &(lvalues[5395]),0}, -+{"gost94","GOST R 34.10-94",NID_id_GostR3410_94,6,&(lvalues[5401]),0}, -+{"gost89","GOST 28147-89",NID_id_Gost28147_89,6,&(lvalues[5407]),0}, -+{"gost89-cnt","gost89-cnt",NID_gost89_cnt,0,NULL,0}, -+{"gost-mac","GOST 28147-89 MAC",NID_id_Gost28147_89_MAC,6, -+ &(lvalues[5413]),0}, -+{"prf-gostr3411-94","GOST R 34.11-94 PRF",NID_id_GostR3411_94_prf,6, -+ &(lvalues[5419]),0}, -+{"id-GostR3410-2001DH","GOST R 34.10-2001 DH",NID_id_GostR3410_2001DH, -+ 6,&(lvalues[5425]),0}, -+{"id-GostR3410-94DH","GOST R 34.10-94 DH",NID_id_GostR3410_94DH,6, -+ &(lvalues[5431]),0}, -+{"id-Gost28147-89-CryptoPro-KeyMeshing", -+ "id-Gost28147-89-CryptoPro-KeyMeshing", -+ NID_id_Gost28147_89_CryptoPro_KeyMeshing,7,&(lvalues[5437]),0}, -+{"id-Gost28147-89-None-KeyMeshing","id-Gost28147-89-None-KeyMeshing", -+ NID_id_Gost28147_89_None_KeyMeshing,7,&(lvalues[5444]),0}, -+{"id-GostR3411-94-TestParamSet","id-GostR3411-94-TestParamSet", -+ NID_id_GostR3411_94_TestParamSet,7,&(lvalues[5451]),0}, -+{"id-GostR3411-94-CryptoProParamSet", -+ "id-GostR3411-94-CryptoProParamSet", -+ NID_id_GostR3411_94_CryptoProParamSet,7,&(lvalues[5458]),0}, -+{"id-Gost28147-89-TestParamSet","id-Gost28147-89-TestParamSet", -+ NID_id_Gost28147_89_TestParamSet,7,&(lvalues[5465]),0}, -+{"id-Gost28147-89-CryptoPro-A-ParamSet", -+ "id-Gost28147-89-CryptoPro-A-ParamSet", -+ NID_id_Gost28147_89_CryptoPro_A_ParamSet,7,&(lvalues[5472]),0}, -+{"id-Gost28147-89-CryptoPro-B-ParamSet", -+ "id-Gost28147-89-CryptoPro-B-ParamSet", -+ NID_id_Gost28147_89_CryptoPro_B_ParamSet,7,&(lvalues[5479]),0}, -+{"id-Gost28147-89-CryptoPro-C-ParamSet", -+ "id-Gost28147-89-CryptoPro-C-ParamSet", -+ NID_id_Gost28147_89_CryptoPro_C_ParamSet,7,&(lvalues[5486]),0}, -+{"id-Gost28147-89-CryptoPro-D-ParamSet", -+ "id-Gost28147-89-CryptoPro-D-ParamSet", -+ NID_id_Gost28147_89_CryptoPro_D_ParamSet,7,&(lvalues[5493]),0}, -+{"id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet", -+ "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet", -+ NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet,7,&(lvalues[5500]), -+ 0}, -+{"id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet", -+ "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet", -+ NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet,7,&(lvalues[5507]), -+ 0}, -+{"id-Gost28147-89-CryptoPro-RIC-1-ParamSet", -+ "id-Gost28147-89-CryptoPro-RIC-1-ParamSet", -+ NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet,7,&(lvalues[5514]),0}, -+{"id-GostR3410-94-TestParamSet","id-GostR3410-94-TestParamSet", -+ NID_id_GostR3410_94_TestParamSet,7,&(lvalues[5521]),0}, -+{"id-GostR3410-94-CryptoPro-A-ParamSet", -+ "id-GostR3410-94-CryptoPro-A-ParamSet", -+ NID_id_GostR3410_94_CryptoPro_A_ParamSet,7,&(lvalues[5528]),0}, -+{"id-GostR3410-94-CryptoPro-B-ParamSet", -+ "id-GostR3410-94-CryptoPro-B-ParamSet", -+ NID_id_GostR3410_94_CryptoPro_B_ParamSet,7,&(lvalues[5535]),0}, -+{"id-GostR3410-94-CryptoPro-C-ParamSet", -+ "id-GostR3410-94-CryptoPro-C-ParamSet", -+ NID_id_GostR3410_94_CryptoPro_C_ParamSet,7,&(lvalues[5542]),0}, -+{"id-GostR3410-94-CryptoPro-D-ParamSet", -+ "id-GostR3410-94-CryptoPro-D-ParamSet", -+ NID_id_GostR3410_94_CryptoPro_D_ParamSet,7,&(lvalues[5549]),0}, -+{"id-GostR3410-94-CryptoPro-XchA-ParamSet", -+ "id-GostR3410-94-CryptoPro-XchA-ParamSet", -+ NID_id_GostR3410_94_CryptoPro_XchA_ParamSet,7,&(lvalues[5556]),0}, -+{"id-GostR3410-94-CryptoPro-XchB-ParamSet", -+ "id-GostR3410-94-CryptoPro-XchB-ParamSet", -+ NID_id_GostR3410_94_CryptoPro_XchB_ParamSet,7,&(lvalues[5563]),0}, -+{"id-GostR3410-94-CryptoPro-XchC-ParamSet", -+ "id-GostR3410-94-CryptoPro-XchC-ParamSet", -+ NID_id_GostR3410_94_CryptoPro_XchC_ParamSet,7,&(lvalues[5570]),0}, -+{"id-GostR3410-2001-TestParamSet","id-GostR3410-2001-TestParamSet", -+ NID_id_GostR3410_2001_TestParamSet,7,&(lvalues[5577]),0}, -+{"id-GostR3410-2001-CryptoPro-A-ParamSet", -+ "id-GostR3410-2001-CryptoPro-A-ParamSet", -+ NID_id_GostR3410_2001_CryptoPro_A_ParamSet,7,&(lvalues[5584]),0}, -+{"id-GostR3410-2001-CryptoPro-B-ParamSet", -+ "id-GostR3410-2001-CryptoPro-B-ParamSet", -+ NID_id_GostR3410_2001_CryptoPro_B_ParamSet,7,&(lvalues[5591]),0}, -+{"id-GostR3410-2001-CryptoPro-C-ParamSet", -+ "id-GostR3410-2001-CryptoPro-C-ParamSet", -+ NID_id_GostR3410_2001_CryptoPro_C_ParamSet,7,&(lvalues[5598]),0}, -+{"id-GostR3410-2001-CryptoPro-XchA-ParamSet", -+ "id-GostR3410-2001-CryptoPro-XchA-ParamSet", -+ NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet,7,&(lvalues[5605]),0}, -+ -+{"id-GostR3410-2001-CryptoPro-XchB-ParamSet", -+ "id-GostR3410-2001-CryptoPro-XchB-ParamSet", -+ NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet,7,&(lvalues[5612]),0}, -+ -+{"id-GostR3410-94-a","id-GostR3410-94-a",NID_id_GostR3410_94_a,7, -+ &(lvalues[5619]),0}, -+{"id-GostR3410-94-aBis","id-GostR3410-94-aBis", -+ NID_id_GostR3410_94_aBis,7,&(lvalues[5626]),0}, -+{"id-GostR3410-94-b","id-GostR3410-94-b",NID_id_GostR3410_94_b,7, -+ &(lvalues[5633]),0}, -+{"id-GostR3410-94-bBis","id-GostR3410-94-bBis", -+ NID_id_GostR3410_94_bBis,7,&(lvalues[5640]),0}, -+{"id-Gost28147-89-cc","GOST 28147-89 Cryptocom ParamSet", -+ NID_id_Gost28147_89_cc,8,&(lvalues[5647]),0}, -+{"gost94cc","GOST 34.10-94 Cryptocom",NID_id_GostR3410_94_cc,8, -+ &(lvalues[5655]),0}, -+{"gost2001cc","GOST 34.10-2001 Cryptocom",NID_id_GostR3410_2001_cc,8, -+ &(lvalues[5663]),0}, -+{"id-GostR3411-94-with-GostR3410-94-cc", -+ "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom", -+ NID_id_GostR3411_94_with_GostR3410_94_cc,8,&(lvalues[5671]),0}, -+{"id-GostR3411-94-with-GostR3410-2001-cc", -+ "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom", -+ NID_id_GostR3411_94_with_GostR3410_2001_cc,8,&(lvalues[5679]),0}, -+{"id-GostR3410-2001-ParamSet-cc", -+ "GOST R 3410-2001 Parameter Set Cryptocom", -+ NID_id_GostR3410_2001_ParamSet_cc,8,&(lvalues[5687]),0}, -+{"HMAC","hmac",NID_hmac,0,NULL,0}, -+{"LocalKeySet","Microsoft Local Key set",NID_LocalKeySet,9, -+ &(lvalues[5695]),0}, -+{"freshestCRL","X509v3 Freshest CRL",NID_freshest_crl,3, -+ &(lvalues[5704]),0}, -+{"id-on-permanentIdentifier","Permanent Identifier", -+ NID_id_on_permanentIdentifier,8,&(lvalues[5707]),0}, -+{"searchGuide","searchGuide",NID_searchGuide,3,&(lvalues[5715]),0}, -+{"businessCategory","businessCategory",NID_businessCategory,3, -+ &(lvalues[5718]),0}, -+{"postalAddress","postalAddress",NID_postalAddress,3,&(lvalues[5721]),0}, -+{"postOfficeBox","postOfficeBox",NID_postOfficeBox,3,&(lvalues[5724]),0}, -+{"physicalDeliveryOfficeName","physicalDeliveryOfficeName", -+ NID_physicalDeliveryOfficeName,3,&(lvalues[5727]),0}, -+{"telephoneNumber","telephoneNumber",NID_telephoneNumber,3, -+ &(lvalues[5730]),0}, -+{"telexNumber","telexNumber",NID_telexNumber,3,&(lvalues[5733]),0}, -+{"teletexTerminalIdentifier","teletexTerminalIdentifier", -+ NID_teletexTerminalIdentifier,3,&(lvalues[5736]),0}, -+{"facsimileTelephoneNumber","facsimileTelephoneNumber", -+ NID_facsimileTelephoneNumber,3,&(lvalues[5739]),0}, -+{"x121Address","x121Address",NID_x121Address,3,&(lvalues[5742]),0}, -+{"internationaliSDNNumber","internationaliSDNNumber", -+ NID_internationaliSDNNumber,3,&(lvalues[5745]),0}, -+{"registeredAddress","registeredAddress",NID_registeredAddress,3, -+ &(lvalues[5748]),0}, -+{"destinationIndicator","destinationIndicator", -+ NID_destinationIndicator,3,&(lvalues[5751]),0}, -+{"preferredDeliveryMethod","preferredDeliveryMethod", -+ NID_preferredDeliveryMethod,3,&(lvalues[5754]),0}, -+{"presentationAddress","presentationAddress",NID_presentationAddress, -+ 3,&(lvalues[5757]),0}, -+{"supportedApplicationContext","supportedApplicationContext", -+ NID_supportedApplicationContext,3,&(lvalues[5760]),0}, -+{"member","member",NID_member,3,&(lvalues[5763]),0}, -+{"owner","owner",NID_owner,3,&(lvalues[5766]),0}, -+{"roleOccupant","roleOccupant",NID_roleOccupant,3,&(lvalues[5769]),0}, -+{"seeAlso","seeAlso",NID_seeAlso,3,&(lvalues[5772]),0}, -+{"userPassword","userPassword",NID_userPassword,3,&(lvalues[5775]),0}, -+{"userCertificate","userCertificate",NID_userCertificate,3, -+ &(lvalues[5778]),0}, -+{"cACertificate","cACertificate",NID_cACertificate,3,&(lvalues[5781]),0}, -+{"authorityRevocationList","authorityRevocationList", -+ NID_authorityRevocationList,3,&(lvalues[5784]),0}, -+{"certificateRevocationList","certificateRevocationList", -+ NID_certificateRevocationList,3,&(lvalues[5787]),0}, -+{"crossCertificatePair","crossCertificatePair", -+ NID_crossCertificatePair,3,&(lvalues[5790]),0}, -+{"enhancedSearchGuide","enhancedSearchGuide",NID_enhancedSearchGuide, -+ 3,&(lvalues[5793]),0}, -+{"protocolInformation","protocolInformation",NID_protocolInformation, -+ 3,&(lvalues[5796]),0}, -+{"distinguishedName","distinguishedName",NID_distinguishedName,3, -+ &(lvalues[5799]),0}, -+{"uniqueMember","uniqueMember",NID_uniqueMember,3,&(lvalues[5802]),0}, -+{"houseIdentifier","houseIdentifier",NID_houseIdentifier,3, -+ &(lvalues[5805]),0}, -+{"supportedAlgorithms","supportedAlgorithms",NID_supportedAlgorithms, -+ 3,&(lvalues[5808]),0}, -+{"deltaRevocationList","deltaRevocationList",NID_deltaRevocationList, -+ 3,&(lvalues[5811]),0}, -+{"dmdName","dmdName",NID_dmdName,3,&(lvalues[5814]),0}, -+{"id-alg-PWRI-KEK","id-alg-PWRI-KEK",NID_id_alg_PWRI_KEK,11, -+ &(lvalues[5817]),0}, -+{"CMAC","cmac",NID_cmac,0,NULL,0}, -+{"id-aes128-GCM","aes-128-gcm",NID_aes_128_gcm,9,&(lvalues[5828]),0}, -+{"id-aes128-CCM","aes-128-ccm",NID_aes_128_ccm,9,&(lvalues[5837]),0}, -+{"id-aes128-wrap-pad","id-aes128-wrap-pad",NID_id_aes128_wrap_pad,9, -+ &(lvalues[5846]),0}, -+{"id-aes192-GCM","aes-192-gcm",NID_aes_192_gcm,9,&(lvalues[5855]),0}, -+{"id-aes192-CCM","aes-192-ccm",NID_aes_192_ccm,9,&(lvalues[5864]),0}, -+{"id-aes192-wrap-pad","id-aes192-wrap-pad",NID_id_aes192_wrap_pad,9, -+ &(lvalues[5873]),0}, -+{"id-aes256-GCM","aes-256-gcm",NID_aes_256_gcm,9,&(lvalues[5882]),0}, -+{"id-aes256-CCM","aes-256-ccm",NID_aes_256_ccm,9,&(lvalues[5891]),0}, -+{"id-aes256-wrap-pad","id-aes256-wrap-pad",NID_id_aes256_wrap_pad,9, -+ &(lvalues[5900]),0}, -+{"AES-128-CTR","aes-128-ctr",NID_aes_128_ctr,0,NULL,0}, -+{"AES-192-CTR","aes-192-ctr",NID_aes_192_ctr,0,NULL,0}, -+{"AES-256-CTR","aes-256-ctr",NID_aes_256_ctr,0,NULL,0}, -+{"id-camellia128-wrap","id-camellia128-wrap",NID_id_camellia128_wrap, -+ 11,&(lvalues[5909]),0}, -+{"id-camellia192-wrap","id-camellia192-wrap",NID_id_camellia192_wrap, -+ 11,&(lvalues[5920]),0}, -+{"id-camellia256-wrap","id-camellia256-wrap",NID_id_camellia256_wrap, -+ 11,&(lvalues[5931]),0}, -+{"anyExtendedKeyUsage","Any Extended Key Usage", -+ NID_anyExtendedKeyUsage,4,&(lvalues[5942]),0}, -+{"MGF1","mgf1",NID_mgf1,9,&(lvalues[5946]),0}, -+{"RSASSA-PSS","rsassaPss",NID_rsassaPss,9,&(lvalues[5955]),0}, -+{"AES-128-XTS","aes-128-xts",NID_aes_128_xts,0,NULL,0}, -+{"AES-256-XTS","aes-256-xts",NID_aes_256_xts,0,NULL,0}, -+{"RC4-HMAC-MD5","rc4-hmac-md5",NID_rc4_hmac_md5,0,NULL,0}, -+{"AES-128-CBC-HMAC-SHA1","aes-128-cbc-hmac-sha1", -+ NID_aes_128_cbc_hmac_sha1,0,NULL,0}, -+{"AES-192-CBC-HMAC-SHA1","aes-192-cbc-hmac-sha1", -+ NID_aes_192_cbc_hmac_sha1,0,NULL,0}, -+{"AES-256-CBC-HMAC-SHA1","aes-256-cbc-hmac-sha1", -+ NID_aes_256_cbc_hmac_sha1,0,NULL,0}, -+{"RSAES-OAEP","rsaesOaep",NID_rsaesOaep,9,&(lvalues[5964]),0}, -+{"dhpublicnumber","X9.42 DH",NID_dhpublicnumber,7,&(lvalues[5973]),0}, -+{"brainpoolP160r1","brainpoolP160r1",NID_brainpoolP160r1,9, -+ &(lvalues[5980]),0}, -+{"brainpoolP160t1","brainpoolP160t1",NID_brainpoolP160t1,9, -+ &(lvalues[5989]),0}, -+{"brainpoolP192r1","brainpoolP192r1",NID_brainpoolP192r1,9, -+ &(lvalues[5998]),0}, -+{"brainpoolP192t1","brainpoolP192t1",NID_brainpoolP192t1,9, -+ &(lvalues[6007]),0}, -+{"brainpoolP224r1","brainpoolP224r1",NID_brainpoolP224r1,9, -+ &(lvalues[6016]),0}, -+{"brainpoolP224t1","brainpoolP224t1",NID_brainpoolP224t1,9, -+ &(lvalues[6025]),0}, -+{"brainpoolP256r1","brainpoolP256r1",NID_brainpoolP256r1,9, -+ &(lvalues[6034]),0}, -+{"brainpoolP256t1","brainpoolP256t1",NID_brainpoolP256t1,9, -+ &(lvalues[6043]),0}, -+{"brainpoolP320r1","brainpoolP320r1",NID_brainpoolP320r1,9, -+ &(lvalues[6052]),0}, -+{"brainpoolP320t1","brainpoolP320t1",NID_brainpoolP320t1,9, -+ &(lvalues[6061]),0}, -+{"brainpoolP384r1","brainpoolP384r1",NID_brainpoolP384r1,9, -+ &(lvalues[6070]),0}, -+{"brainpoolP384t1","brainpoolP384t1",NID_brainpoolP384t1,9, -+ &(lvalues[6079]),0}, -+{"brainpoolP512r1","brainpoolP512r1",NID_brainpoolP512r1,9, -+ &(lvalues[6088]),0}, -+{"brainpoolP512t1","brainpoolP512t1",NID_brainpoolP512t1,9, -+ &(lvalues[6097]),0}, -+{"PSPECIFIED","pSpecified",NID_pSpecified,9,&(lvalues[6106]),0}, -+{"dhSinglePass-stdDH-sha1kdf-scheme", -+ "dhSinglePass-stdDH-sha1kdf-scheme", -+ NID_dhSinglePass_stdDH_sha1kdf_scheme,9,&(lvalues[6115]),0}, -+{"dhSinglePass-stdDH-sha224kdf-scheme", -+ "dhSinglePass-stdDH-sha224kdf-scheme", -+ NID_dhSinglePass_stdDH_sha224kdf_scheme,6,&(lvalues[6124]),0}, -+{"dhSinglePass-stdDH-sha256kdf-scheme", -+ "dhSinglePass-stdDH-sha256kdf-scheme", -+ NID_dhSinglePass_stdDH_sha256kdf_scheme,6,&(lvalues[6130]),0}, -+{"dhSinglePass-stdDH-sha384kdf-scheme", -+ "dhSinglePass-stdDH-sha384kdf-scheme", -+ NID_dhSinglePass_stdDH_sha384kdf_scheme,6,&(lvalues[6136]),0}, -+{"dhSinglePass-stdDH-sha512kdf-scheme", -+ "dhSinglePass-stdDH-sha512kdf-scheme", -+ NID_dhSinglePass_stdDH_sha512kdf_scheme,6,&(lvalues[6142]),0}, -+{"dhSinglePass-cofactorDH-sha1kdf-scheme", -+ "dhSinglePass-cofactorDH-sha1kdf-scheme", -+ NID_dhSinglePass_cofactorDH_sha1kdf_scheme,9,&(lvalues[6148]),0}, -+{"dhSinglePass-cofactorDH-sha224kdf-scheme", -+ "dhSinglePass-cofactorDH-sha224kdf-scheme", -+ NID_dhSinglePass_cofactorDH_sha224kdf_scheme,6,&(lvalues[6157]),0}, -+{"dhSinglePass-cofactorDH-sha256kdf-scheme", -+ "dhSinglePass-cofactorDH-sha256kdf-scheme", -+ NID_dhSinglePass_cofactorDH_sha256kdf_scheme,6,&(lvalues[6163]),0}, -+{"dhSinglePass-cofactorDH-sha384kdf-scheme", -+ "dhSinglePass-cofactorDH-sha384kdf-scheme", -+ NID_dhSinglePass_cofactorDH_sha384kdf_scheme,6,&(lvalues[6169]),0}, -+{"dhSinglePass-cofactorDH-sha512kdf-scheme", -+ "dhSinglePass-cofactorDH-sha512kdf-scheme", -+ NID_dhSinglePass_cofactorDH_sha512kdf_scheme,6,&(lvalues[6175]),0}, -+{"dh-std-kdf","dh-std-kdf",NID_dh_std_kdf,0,NULL,0}, -+{"dh-cofactor-kdf","dh-cofactor-kdf",NID_dh_cofactor_kdf,0,NULL,0}, -+{"AES-128-CBC-HMAC-SHA256","aes-128-cbc-hmac-sha256", -+ NID_aes_128_cbc_hmac_sha256,0,NULL,0}, -+{"AES-192-CBC-HMAC-SHA256","aes-192-cbc-hmac-sha256", -+ NID_aes_192_cbc_hmac_sha256,0,NULL,0}, -+{"AES-256-CBC-HMAC-SHA256","aes-256-cbc-hmac-sha256", -+ NID_aes_256_cbc_hmac_sha256,0,NULL,0}, -+{"ct_precert_scts","CT Precertificate SCTs",NID_ct_precert_scts,10, -+ &(lvalues[6181]),0}, -+{"ct_precert_poison","CT Precertificate Poison",NID_ct_precert_poison, -+ 10,&(lvalues[6191]),0}, -+{"ct_precert_signer","CT Precertificate Signer",NID_ct_precert_signer, -+ 10,&(lvalues[6201]),0}, -+{"ct_cert_scts","CT Certificate SCTs",NID_ct_cert_scts,10, -+ &(lvalues[6211]),0}, -+{"jurisdictionL","jurisdictionLocalityName", -+ NID_jurisdictionLocalityName,11,&(lvalues[6221]),0}, -+{"jurisdictionST","jurisdictionStateOrProvinceName", -+ NID_jurisdictionStateOrProvinceName,11,&(lvalues[6232]),0}, -+{"jurisdictionC","jurisdictionCountryName", -+ NID_jurisdictionCountryName,11,&(lvalues[6243]),0}, - }; - --#define NUM_SN 1052 --static const unsigned int sn_objs[NUM_SN] = { -- 364, /* "AD_DVCS" */ -- 419, /* "AES-128-CBC" */ -- 916, /* "AES-128-CBC-HMAC-SHA1" */ -- 948, /* "AES-128-CBC-HMAC-SHA256" */ -- 421, /* "AES-128-CFB" */ -- 650, /* "AES-128-CFB1" */ -- 653, /* "AES-128-CFB8" */ -- 904, /* "AES-128-CTR" */ -- 418, /* "AES-128-ECB" */ -- 958, /* "AES-128-OCB" */ -- 420, /* "AES-128-OFB" */ -- 913, /* "AES-128-XTS" */ -- 423, /* "AES-192-CBC" */ -- 917, /* "AES-192-CBC-HMAC-SHA1" */ -- 949, /* "AES-192-CBC-HMAC-SHA256" */ -- 425, /* "AES-192-CFB" */ -- 651, /* "AES-192-CFB1" */ -- 654, /* "AES-192-CFB8" */ -- 905, /* "AES-192-CTR" */ -- 422, /* "AES-192-ECB" */ -- 959, /* "AES-192-OCB" */ -- 424, /* "AES-192-OFB" */ -- 427, /* "AES-256-CBC" */ -- 918, /* "AES-256-CBC-HMAC-SHA1" */ -- 950, /* "AES-256-CBC-HMAC-SHA256" */ -- 429, /* "AES-256-CFB" */ -- 652, /* "AES-256-CFB1" */ -- 655, /* "AES-256-CFB8" */ -- 906, /* "AES-256-CTR" */ -- 426, /* "AES-256-ECB" */ -- 960, /* "AES-256-OCB" */ -- 428, /* "AES-256-OFB" */ -- 914, /* "AES-256-XTS" */ -- 1049, /* "AuthDSS" */ -- 1047, /* "AuthECDSA" */ -- 1050, /* "AuthGOST01" */ -- 1051, /* "AuthGOST12" */ -- 1053, /* "AuthNULL" */ -- 1048, /* "AuthPSK" */ -- 1046, /* "AuthRSA" */ -- 1052, /* "AuthSRP" */ -- 91, /* "BF-CBC" */ -- 93, /* "BF-CFB" */ -- 92, /* "BF-ECB" */ -- 94, /* "BF-OFB" */ -- 1056, /* "BLAKE2b512" */ -- 1057, /* "BLAKE2s256" */ -- 14, /* "C" */ -- 751, /* "CAMELLIA-128-CBC" */ -- 962, /* "CAMELLIA-128-CCM" */ -- 757, /* "CAMELLIA-128-CFB" */ -- 760, /* "CAMELLIA-128-CFB1" */ -- 763, /* "CAMELLIA-128-CFB8" */ -- 964, /* "CAMELLIA-128-CMAC" */ -- 963, /* "CAMELLIA-128-CTR" */ -- 754, /* "CAMELLIA-128-ECB" */ -- 961, /* "CAMELLIA-128-GCM" */ -- 766, /* "CAMELLIA-128-OFB" */ -- 752, /* "CAMELLIA-192-CBC" */ -- 966, /* "CAMELLIA-192-CCM" */ -- 758, /* "CAMELLIA-192-CFB" */ -- 761, /* "CAMELLIA-192-CFB1" */ -- 764, /* "CAMELLIA-192-CFB8" */ -- 968, /* "CAMELLIA-192-CMAC" */ -- 967, /* "CAMELLIA-192-CTR" */ -- 755, /* "CAMELLIA-192-ECB" */ -- 965, /* "CAMELLIA-192-GCM" */ -- 767, /* "CAMELLIA-192-OFB" */ -- 753, /* "CAMELLIA-256-CBC" */ -- 970, /* "CAMELLIA-256-CCM" */ -- 759, /* "CAMELLIA-256-CFB" */ -- 762, /* "CAMELLIA-256-CFB1" */ -- 765, /* "CAMELLIA-256-CFB8" */ -- 972, /* "CAMELLIA-256-CMAC" */ -- 971, /* "CAMELLIA-256-CTR" */ -- 756, /* "CAMELLIA-256-ECB" */ -- 969, /* "CAMELLIA-256-GCM" */ -- 768, /* "CAMELLIA-256-OFB" */ -- 108, /* "CAST5-CBC" */ -- 110, /* "CAST5-CFB" */ -- 109, /* "CAST5-ECB" */ -- 111, /* "CAST5-OFB" */ -- 894, /* "CMAC" */ -- 13, /* "CN" */ -- 141, /* "CRLReason" */ -- 417, /* "CSPName" */ -- 1019, /* "ChaCha20" */ -- 1018, /* "ChaCha20-Poly1305" */ -- 367, /* "CrlID" */ -- 391, /* "DC" */ -- 31, /* "DES-CBC" */ -- 643, /* "DES-CDMF" */ -- 30, /* "DES-CFB" */ -- 656, /* "DES-CFB1" */ -- 657, /* "DES-CFB8" */ -- 29, /* "DES-ECB" */ -- 32, /* "DES-EDE" */ -- 43, /* "DES-EDE-CBC" */ -- 60, /* "DES-EDE-CFB" */ -- 62, /* "DES-EDE-OFB" */ -- 33, /* "DES-EDE3" */ -- 44, /* "DES-EDE3-CBC" */ -- 61, /* "DES-EDE3-CFB" */ -- 658, /* "DES-EDE3-CFB1" */ -- 659, /* "DES-EDE3-CFB8" */ -- 63, /* "DES-EDE3-OFB" */ -- 45, /* "DES-OFB" */ -- 80, /* "DESX-CBC" */ -- 380, /* "DOD" */ -- 116, /* "DSA" */ -- 66, /* "DSA-SHA" */ -- 113, /* "DSA-SHA1" */ -- 70, /* "DSA-SHA1-old" */ -- 67, /* "DSA-old" */ -- 297, /* "DVCS" */ -- 99, /* "GN" */ -- 1036, /* "HKDF" */ -- 855, /* "HMAC" */ -- 780, /* "HMAC-MD5" */ -- 781, /* "HMAC-SHA1" */ -- 381, /* "IANA" */ -- 34, /* "IDEA-CBC" */ -- 35, /* "IDEA-CFB" */ -- 36, /* "IDEA-ECB" */ -- 46, /* "IDEA-OFB" */ -- 1004, /* "INN" */ -- 181, /* "ISO" */ -- 183, /* "ISO-US" */ -- 645, /* "ITU-T" */ -- 646, /* "JOINT-ISO-ITU-T" */ -- 773, /* "KISA" */ -- 1039, /* "KxDHE" */ -- 1041, /* "KxDHE-PSK" */ -- 1038, /* "KxECDHE" */ -- 1040, /* "KxECDHE-PSK" */ -- 1045, /* "KxGOST" */ -- 1043, /* "KxPSK" */ -- 1037, /* "KxRSA" */ -- 1042, /* "KxRSA_PSK" */ -- 1044, /* "KxSRP" */ -- 15, /* "L" */ -- 856, /* "LocalKeySet" */ -- 3, /* "MD2" */ -- 257, /* "MD4" */ -- 4, /* "MD5" */ -- 114, /* "MD5-SHA1" */ -- 95, /* "MDC2" */ -- 911, /* "MGF1" */ -- 388, /* "Mail" */ -- 393, /* "NULL" */ -- 404, /* "NULL" */ -- 57, /* "Netscape" */ -- 366, /* "Nonce" */ -- 17, /* "O" */ -- 178, /* "OCSP" */ -- 180, /* "OCSPSigning" */ -- 1005, /* "OGRN" */ -- 379, /* "ORG" */ -- 18, /* "OU" */ -- 749, /* "Oakley-EC2N-3" */ -- 750, /* "Oakley-EC2N-4" */ -- 9, /* "PBE-MD2-DES" */ -- 168, /* "PBE-MD2-RC2-64" */ -- 10, /* "PBE-MD5-DES" */ -- 169, /* "PBE-MD5-RC2-64" */ -- 147, /* "PBE-SHA1-2DES" */ -- 146, /* "PBE-SHA1-3DES" */ -- 170, /* "PBE-SHA1-DES" */ -- 148, /* "PBE-SHA1-RC2-128" */ -- 149, /* "PBE-SHA1-RC2-40" */ -- 68, /* "PBE-SHA1-RC2-64" */ -- 144, /* "PBE-SHA1-RC4-128" */ -- 145, /* "PBE-SHA1-RC4-40" */ -- 161, /* "PBES2" */ -- 69, /* "PBKDF2" */ -- 162, /* "PBMAC1" */ -- 127, /* "PKIX" */ -- 935, /* "PSPECIFIED" */ -- 98, /* "RC2-40-CBC" */ -- 166, /* "RC2-64-CBC" */ -- 37, /* "RC2-CBC" */ -- 39, /* "RC2-CFB" */ -- 38, /* "RC2-ECB" */ -- 40, /* "RC2-OFB" */ -- 5, /* "RC4" */ -- 97, /* "RC4-40" */ -- 915, /* "RC4-HMAC-MD5" */ -- 120, /* "RC5-CBC" */ -- 122, /* "RC5-CFB" */ -- 121, /* "RC5-ECB" */ -- 123, /* "RC5-OFB" */ -- 117, /* "RIPEMD160" */ -- 19, /* "RSA" */ -- 7, /* "RSA-MD2" */ -- 396, /* "RSA-MD4" */ -- 8, /* "RSA-MD5" */ -- 96, /* "RSA-MDC2" */ -- 104, /* "RSA-NP-MD5" */ -- 119, /* "RSA-RIPEMD160" */ -- 42, /* "RSA-SHA" */ -- 65, /* "RSA-SHA1" */ -- 115, /* "RSA-SHA1-2" */ -- 671, /* "RSA-SHA224" */ -- 668, /* "RSA-SHA256" */ -- 669, /* "RSA-SHA384" */ -- 670, /* "RSA-SHA512" */ -- 919, /* "RSAES-OAEP" */ -- 912, /* "RSASSA-PSS" */ -- 777, /* "SEED-CBC" */ -- 779, /* "SEED-CFB" */ -- 776, /* "SEED-ECB" */ -- 778, /* "SEED-OFB" */ -- 41, /* "SHA" */ -- 64, /* "SHA1" */ -- 675, /* "SHA224" */ -- 672, /* "SHA256" */ -- 673, /* "SHA384" */ -- 674, /* "SHA512" */ -- 188, /* "SMIME" */ -- 167, /* "SMIME-CAPS" */ -- 100, /* "SN" */ -- 1006, /* "SNILS" */ -- 16, /* "ST" */ -- 143, /* "SXNetID" */ -- 1021, /* "TLS1-PRF" */ -- 458, /* "UID" */ -- 0, /* "UNDEF" */ -- 1034, /* "X25519" */ -- 1035, /* "X448" */ -- 11, /* "X500" */ -- 378, /* "X500algorithms" */ -- 12, /* "X509" */ -- 184, /* "X9-57" */ -- 185, /* "X9cm" */ -- 125, /* "ZLIB" */ -- 478, /* "aRecord" */ -- 289, /* "aaControls" */ -- 287, /* "ac-auditEntity" */ -- 397, /* "ac-proxying" */ -- 288, /* "ac-targeting" */ -- 368, /* "acceptableResponses" */ -- 446, /* "account" */ -- 363, /* "ad_timestamping" */ -- 376, /* "algorithm" */ -- 405, /* "ansi-X9-62" */ -- 910, /* "anyExtendedKeyUsage" */ -- 746, /* "anyPolicy" */ -- 370, /* "archiveCutoff" */ -- 484, /* "associatedDomain" */ -- 485, /* "associatedName" */ -- 501, /* "audio" */ -- 177, /* "authorityInfoAccess" */ -- 90, /* "authorityKeyIdentifier" */ -- 882, /* "authorityRevocationList" */ -- 87, /* "basicConstraints" */ -- 365, /* "basicOCSPResponse" */ -- 285, /* "biometricInfo" */ -- 921, /* "brainpoolP160r1" */ -- 922, /* "brainpoolP160t1" */ -- 923, /* "brainpoolP192r1" */ -- 924, /* "brainpoolP192t1" */ -- 925, /* "brainpoolP224r1" */ -- 926, /* "brainpoolP224t1" */ -- 927, /* "brainpoolP256r1" */ -- 928, /* "brainpoolP256t1" */ -- 929, /* "brainpoolP320r1" */ -- 930, /* "brainpoolP320t1" */ -- 931, /* "brainpoolP384r1" */ -- 932, /* "brainpoolP384t1" */ -- 933, /* "brainpoolP512r1" */ -- 934, /* "brainpoolP512t1" */ -- 494, /* "buildingName" */ -- 860, /* "businessCategory" */ -- 691, /* "c2onb191v4" */ -- 692, /* "c2onb191v5" */ -- 697, /* "c2onb239v4" */ -- 698, /* "c2onb239v5" */ -- 684, /* "c2pnb163v1" */ -- 685, /* "c2pnb163v2" */ -- 686, /* "c2pnb163v3" */ -- 687, /* "c2pnb176v1" */ -- 693, /* "c2pnb208w1" */ -- 699, /* "c2pnb272w1" */ -- 700, /* "c2pnb304w1" */ -- 702, /* "c2pnb368w1" */ -- 688, /* "c2tnb191v1" */ -- 689, /* "c2tnb191v2" */ -- 690, /* "c2tnb191v3" */ -- 694, /* "c2tnb239v1" */ -- 695, /* "c2tnb239v2" */ -- 696, /* "c2tnb239v3" */ -- 701, /* "c2tnb359v1" */ -- 703, /* "c2tnb431r1" */ -- 881, /* "cACertificate" */ -- 483, /* "cNAMERecord" */ -- 179, /* "caIssuers" */ -- 785, /* "caRepository" */ -- 1023, /* "capwapAC" */ -- 1024, /* "capwapWTP" */ -- 443, /* "caseIgnoreIA5StringSyntax" */ -- 152, /* "certBag" */ -- 677, /* "certicom-arc" */ -- 771, /* "certificateIssuer" */ -- 89, /* "certificatePolicies" */ -- 883, /* "certificateRevocationList" */ -- 54, /* "challengePassword" */ -- 407, /* "characteristic-two-field" */ -- 395, /* "clearance" */ -- 130, /* "clientAuth" */ -- 131, /* "codeSigning" */ -- 50, /* "contentType" */ -- 53, /* "countersignature" */ -- 153, /* "crlBag" */ -- 103, /* "crlDistributionPoints" */ -- 88, /* "crlNumber" */ -- 884, /* "crossCertificatePair" */ -- 806, /* "cryptocom" */ -- 805, /* "cryptopro" */ -- 954, /* "ct_cert_scts" */ -- 952, /* "ct_precert_poison" */ -- 951, /* "ct_precert_scts" */ -- 953, /* "ct_precert_signer" */ -- 500, /* "dITRedirect" */ -- 451, /* "dNSDomain" */ -- 495, /* "dSAQuality" */ -- 434, /* "data" */ -- 390, /* "dcobject" */ -- 140, /* "deltaCRL" */ -- 891, /* "deltaRevocationList" */ -- 107, /* "description" */ -- 871, /* "destinationIndicator" */ -- 947, /* "dh-cofactor-kdf" */ -- 946, /* "dh-std-kdf" */ -- 28, /* "dhKeyAgreement" */ -- 941, /* "dhSinglePass-cofactorDH-sha1kdf-scheme" */ -- 942, /* "dhSinglePass-cofactorDH-sha224kdf-scheme" */ -- 943, /* "dhSinglePass-cofactorDH-sha256kdf-scheme" */ -- 944, /* "dhSinglePass-cofactorDH-sha384kdf-scheme" */ -- 945, /* "dhSinglePass-cofactorDH-sha512kdf-scheme" */ -- 936, /* "dhSinglePass-stdDH-sha1kdf-scheme" */ -- 937, /* "dhSinglePass-stdDH-sha224kdf-scheme" */ -- 938, /* "dhSinglePass-stdDH-sha256kdf-scheme" */ -- 939, /* "dhSinglePass-stdDH-sha384kdf-scheme" */ -- 940, /* "dhSinglePass-stdDH-sha512kdf-scheme" */ -- 920, /* "dhpublicnumber" */ -- 382, /* "directory" */ -- 887, /* "distinguishedName" */ -- 892, /* "dmdName" */ -- 174, /* "dnQualifier" */ -- 447, /* "document" */ -- 471, /* "documentAuthor" */ -- 468, /* "documentIdentifier" */ -- 472, /* "documentLocation" */ -- 502, /* "documentPublisher" */ -- 449, /* "documentSeries" */ -- 469, /* "documentTitle" */ -- 470, /* "documentVersion" */ -- 392, /* "domain" */ -- 452, /* "domainRelatedObject" */ -- 802, /* "dsa_with_SHA224" */ -- 803, /* "dsa_with_SHA256" */ -- 791, /* "ecdsa-with-Recommended" */ -- 416, /* "ecdsa-with-SHA1" */ -- 793, /* "ecdsa-with-SHA224" */ -- 794, /* "ecdsa-with-SHA256" */ -- 795, /* "ecdsa-with-SHA384" */ -- 796, /* "ecdsa-with-SHA512" */ -- 792, /* "ecdsa-with-Specified" */ -- 48, /* "emailAddress" */ -- 132, /* "emailProtection" */ -- 885, /* "enhancedSearchGuide" */ -- 389, /* "enterprises" */ -- 384, /* "experimental" */ -- 172, /* "extReq" */ -- 56, /* "extendedCertificateAttributes" */ -- 126, /* "extendedKeyUsage" */ -- 372, /* "extendedStatus" */ -- 867, /* "facsimileTelephoneNumber" */ -- 462, /* "favouriteDrink" */ -- 857, /* "freshestCRL" */ -- 453, /* "friendlyCountry" */ -- 490, /* "friendlyCountryName" */ -- 156, /* "friendlyName" */ -- 509, /* "generationQualifier" */ -- 815, /* "gost-mac" */ -- 976, /* "gost-mac-12" */ -- 811, /* "gost2001" */ -- 851, /* "gost2001cc" */ -- 979, /* "gost2012_256" */ -- 980, /* "gost2012_512" */ -- 813, /* "gost89" */ -- 1009, /* "gost89-cbc" */ -- 814, /* "gost89-cnt" */ -- 975, /* "gost89-cnt-12" */ -- 1011, /* "gost89-ctr" */ -- 1010, /* "gost89-ecb" */ -- 812, /* "gost94" */ -- 850, /* "gost94cc" */ -- 1015, /* "grasshopper-cbc" */ -- 1016, /* "grasshopper-cfb" */ -- 1013, /* "grasshopper-ctr" */ -- 1012, /* "grasshopper-ecb" */ -- 1017, /* "grasshopper-mac" */ -- 1014, /* "grasshopper-ofb" */ -- 797, /* "hmacWithMD5" */ -- 163, /* "hmacWithSHA1" */ -- 798, /* "hmacWithSHA224" */ -- 799, /* "hmacWithSHA256" */ -- 800, /* "hmacWithSHA384" */ -- 801, /* "hmacWithSHA512" */ -- 432, /* "holdInstructionCallIssuer" */ -- 430, /* "holdInstructionCode" */ -- 431, /* "holdInstructionNone" */ -- 433, /* "holdInstructionReject" */ -- 486, /* "homePostalAddress" */ -- 473, /* "homeTelephoneNumber" */ -- 466, /* "host" */ -- 889, /* "houseIdentifier" */ -- 442, /* "iA5StringSyntax" */ -- 783, /* "id-DHBasedMac" */ -- 824, /* "id-Gost28147-89-CryptoPro-A-ParamSet" */ -- 825, /* "id-Gost28147-89-CryptoPro-B-ParamSet" */ -- 826, /* "id-Gost28147-89-CryptoPro-C-ParamSet" */ -- 827, /* "id-Gost28147-89-CryptoPro-D-ParamSet" */ -- 819, /* "id-Gost28147-89-CryptoPro-KeyMeshing" */ -- 829, /* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */ -- 828, /* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */ -- 830, /* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */ -- 820, /* "id-Gost28147-89-None-KeyMeshing" */ -- 823, /* "id-Gost28147-89-TestParamSet" */ -- 849, /* "id-Gost28147-89-cc" */ -- 840, /* "id-GostR3410-2001-CryptoPro-A-ParamSet" */ -- 841, /* "id-GostR3410-2001-CryptoPro-B-ParamSet" */ -- 842, /* "id-GostR3410-2001-CryptoPro-C-ParamSet" */ -- 843, /* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */ -- 844, /* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */ -- 854, /* "id-GostR3410-2001-ParamSet-cc" */ -- 839, /* "id-GostR3410-2001-TestParamSet" */ -- 817, /* "id-GostR3410-2001DH" */ -- 832, /* "id-GostR3410-94-CryptoPro-A-ParamSet" */ -- 833, /* "id-GostR3410-94-CryptoPro-B-ParamSet" */ -- 834, /* "id-GostR3410-94-CryptoPro-C-ParamSet" */ -- 835, /* "id-GostR3410-94-CryptoPro-D-ParamSet" */ -- 836, /* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */ -- 837, /* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */ -- 838, /* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */ -- 831, /* "id-GostR3410-94-TestParamSet" */ -- 845, /* "id-GostR3410-94-a" */ -- 846, /* "id-GostR3410-94-aBis" */ -- 847, /* "id-GostR3410-94-b" */ -- 848, /* "id-GostR3410-94-bBis" */ -- 818, /* "id-GostR3410-94DH" */ -- 822, /* "id-GostR3411-94-CryptoProParamSet" */ -- 821, /* "id-GostR3411-94-TestParamSet" */ -- 807, /* "id-GostR3411-94-with-GostR3410-2001" */ -- 853, /* "id-GostR3411-94-with-GostR3410-2001-cc" */ -- 808, /* "id-GostR3411-94-with-GostR3410-94" */ -- 852, /* "id-GostR3411-94-with-GostR3410-94-cc" */ -- 810, /* "id-HMACGostR3411-94" */ -- 782, /* "id-PasswordBasedMAC" */ -- 266, /* "id-aca" */ -- 355, /* "id-aca-accessIdentity" */ -- 354, /* "id-aca-authenticationInfo" */ -- 356, /* "id-aca-chargingIdentity" */ -- 399, /* "id-aca-encAttrs" */ -- 357, /* "id-aca-group" */ -- 358, /* "id-aca-role" */ -- 176, /* "id-ad" */ -- 896, /* "id-aes128-CCM" */ -- 895, /* "id-aes128-GCM" */ -- 788, /* "id-aes128-wrap" */ -- 897, /* "id-aes128-wrap-pad" */ -- 899, /* "id-aes192-CCM" */ -- 898, /* "id-aes192-GCM" */ -- 789, /* "id-aes192-wrap" */ -- 900, /* "id-aes192-wrap-pad" */ -- 902, /* "id-aes256-CCM" */ -- 901, /* "id-aes256-GCM" */ -- 790, /* "id-aes256-wrap" */ -- 903, /* "id-aes256-wrap-pad" */ -- 262, /* "id-alg" */ -- 893, /* "id-alg-PWRI-KEK" */ -- 323, /* "id-alg-des40" */ -- 326, /* "id-alg-dh-pop" */ -- 325, /* "id-alg-dh-sig-hmac-sha1" */ -- 324, /* "id-alg-noSignature" */ -- 907, /* "id-camellia128-wrap" */ -- 908, /* "id-camellia192-wrap" */ -- 909, /* "id-camellia256-wrap" */ -- 268, /* "id-cct" */ -- 361, /* "id-cct-PKIData" */ -- 362, /* "id-cct-PKIResponse" */ -- 360, /* "id-cct-crs" */ -- 81, /* "id-ce" */ -- 680, /* "id-characteristic-two-basis" */ -- 263, /* "id-cmc" */ -- 334, /* "id-cmc-addExtensions" */ -- 346, /* "id-cmc-confirmCertAcceptance" */ -- 330, /* "id-cmc-dataReturn" */ -- 336, /* "id-cmc-decryptedPOP" */ -- 335, /* "id-cmc-encryptedPOP" */ -- 339, /* "id-cmc-getCRL" */ -- 338, /* "id-cmc-getCert" */ -- 328, /* "id-cmc-identification" */ -- 329, /* "id-cmc-identityProof" */ -- 337, /* "id-cmc-lraPOPWitness" */ -- 344, /* "id-cmc-popLinkRandom" */ -- 345, /* "id-cmc-popLinkWitness" */ -- 343, /* "id-cmc-queryPending" */ -- 333, /* "id-cmc-recipientNonce" */ -- 341, /* "id-cmc-regInfo" */ -- 342, /* "id-cmc-responseInfo" */ -- 340, /* "id-cmc-revokeRequest" */ -- 332, /* "id-cmc-senderNonce" */ -- 327, /* "id-cmc-statusInfo" */ -- 331, /* "id-cmc-transactionId" */ -- 787, /* "id-ct-asciiTextWithCRLF" */ -- 1060, /* "id-ct-xml" */ -- 408, /* "id-ecPublicKey" */ -- 508, /* "id-hex-multipart-message" */ -- 507, /* "id-hex-partial-message" */ -- 260, /* "id-it" */ -- 302, /* "id-it-caKeyUpdateInfo" */ -- 298, /* "id-it-caProtEncCert" */ -- 311, /* "id-it-confirmWaitTime" */ -- 303, /* "id-it-currentCRL" */ -- 300, /* "id-it-encKeyPairTypes" */ -- 310, /* "id-it-implicitConfirm" */ -- 308, /* "id-it-keyPairParamRep" */ -- 307, /* "id-it-keyPairParamReq" */ -- 312, /* "id-it-origPKIMessage" */ -- 301, /* "id-it-preferredSymmAlg" */ -- 309, /* "id-it-revPassphrase" */ -- 299, /* "id-it-signKeyPairTypes" */ -- 305, /* "id-it-subscriptionRequest" */ -- 306, /* "id-it-subscriptionResponse" */ -- 784, /* "id-it-suppLangTags" */ -- 304, /* "id-it-unsupportedOIDs" */ -- 128, /* "id-kp" */ -- 280, /* "id-mod-attribute-cert" */ -- 274, /* "id-mod-cmc" */ -- 277, /* "id-mod-cmp" */ -- 284, /* "id-mod-cmp2000" */ -- 273, /* "id-mod-crmf" */ -- 283, /* "id-mod-dvcs" */ -- 275, /* "id-mod-kea-profile-88" */ -- 276, /* "id-mod-kea-profile-93" */ -- 282, /* "id-mod-ocsp" */ -- 278, /* "id-mod-qualified-cert-88" */ -- 279, /* "id-mod-qualified-cert-93" */ -- 281, /* "id-mod-timestamp-protocol" */ -- 264, /* "id-on" */ -- 858, /* "id-on-permanentIdentifier" */ -- 347, /* "id-on-personalData" */ -- 265, /* "id-pda" */ -- 352, /* "id-pda-countryOfCitizenship" */ -- 353, /* "id-pda-countryOfResidence" */ -- 348, /* "id-pda-dateOfBirth" */ -- 351, /* "id-pda-gender" */ -- 349, /* "id-pda-placeOfBirth" */ -- 175, /* "id-pe" */ -- 1031, /* "id-pkinit" */ -- 261, /* "id-pkip" */ -- 258, /* "id-pkix-mod" */ -- 269, /* "id-pkix1-explicit-88" */ -- 271, /* "id-pkix1-explicit-93" */ -- 270, /* "id-pkix1-implicit-88" */ -- 272, /* "id-pkix1-implicit-93" */ -- 662, /* "id-ppl" */ -- 664, /* "id-ppl-anyLanguage" */ -- 667, /* "id-ppl-independent" */ -- 665, /* "id-ppl-inheritAll" */ -- 267, /* "id-qcs" */ -- 359, /* "id-qcs-pkixQCSyntax-v1" */ -- 259, /* "id-qt" */ -- 164, /* "id-qt-cps" */ -- 165, /* "id-qt-unotice" */ -- 313, /* "id-regCtrl" */ -- 316, /* "id-regCtrl-authenticator" */ -- 319, /* "id-regCtrl-oldCertID" */ -- 318, /* "id-regCtrl-pkiArchiveOptions" */ -- 317, /* "id-regCtrl-pkiPublicationInfo" */ -- 320, /* "id-regCtrl-protocolEncrKey" */ -- 315, /* "id-regCtrl-regToken" */ -- 314, /* "id-regInfo" */ -- 322, /* "id-regInfo-certReq" */ -- 321, /* "id-regInfo-utf8Pairs" */ -- 973, /* "id-scrypt" */ -- 512, /* "id-set" */ -- 191, /* "id-smime-aa" */ -- 215, /* "id-smime-aa-contentHint" */ -- 218, /* "id-smime-aa-contentIdentifier" */ -- 221, /* "id-smime-aa-contentReference" */ -- 240, /* "id-smime-aa-dvcs-dvc" */ -- 217, /* "id-smime-aa-encapContentType" */ -- 222, /* "id-smime-aa-encrypKeyPref" */ -- 220, /* "id-smime-aa-equivalentLabels" */ -- 232, /* "id-smime-aa-ets-CertificateRefs" */ -- 233, /* "id-smime-aa-ets-RevocationRefs" */ -- 238, /* "id-smime-aa-ets-archiveTimeStamp" */ -- 237, /* "id-smime-aa-ets-certCRLTimestamp" */ -- 234, /* "id-smime-aa-ets-certValues" */ -- 227, /* "id-smime-aa-ets-commitmentType" */ -- 231, /* "id-smime-aa-ets-contentTimestamp" */ -- 236, /* "id-smime-aa-ets-escTimeStamp" */ -- 230, /* "id-smime-aa-ets-otherSigCert" */ -- 235, /* "id-smime-aa-ets-revocationValues" */ -- 226, /* "id-smime-aa-ets-sigPolicyId" */ -- 229, /* "id-smime-aa-ets-signerAttr" */ -- 228, /* "id-smime-aa-ets-signerLocation" */ -- 219, /* "id-smime-aa-macValue" */ -- 214, /* "id-smime-aa-mlExpandHistory" */ -- 216, /* "id-smime-aa-msgSigDigest" */ -- 212, /* "id-smime-aa-receiptRequest" */ -- 213, /* "id-smime-aa-securityLabel" */ -- 239, /* "id-smime-aa-signatureType" */ -- 223, /* "id-smime-aa-signingCertificate" */ -- 224, /* "id-smime-aa-smimeEncryptCerts" */ -- 225, /* "id-smime-aa-timeStampToken" */ -- 192, /* "id-smime-alg" */ -- 243, /* "id-smime-alg-3DESwrap" */ -- 246, /* "id-smime-alg-CMS3DESwrap" */ -- 247, /* "id-smime-alg-CMSRC2wrap" */ -- 245, /* "id-smime-alg-ESDH" */ -- 241, /* "id-smime-alg-ESDHwith3DES" */ -- 242, /* "id-smime-alg-ESDHwithRC2" */ -- 244, /* "id-smime-alg-RC2wrap" */ -- 193, /* "id-smime-cd" */ -- 248, /* "id-smime-cd-ldap" */ -- 190, /* "id-smime-ct" */ -- 210, /* "id-smime-ct-DVCSRequestData" */ -- 211, /* "id-smime-ct-DVCSResponseData" */ -- 208, /* "id-smime-ct-TDTInfo" */ -- 207, /* "id-smime-ct-TSTInfo" */ -- 205, /* "id-smime-ct-authData" */ -- 1059, /* "id-smime-ct-authEnvelopedData" */ -- 786, /* "id-smime-ct-compressedData" */ -- 1058, /* "id-smime-ct-contentCollection" */ -- 209, /* "id-smime-ct-contentInfo" */ -- 206, /* "id-smime-ct-publishCert" */ -- 204, /* "id-smime-ct-receipt" */ -- 195, /* "id-smime-cti" */ -- 255, /* "id-smime-cti-ets-proofOfApproval" */ -- 256, /* "id-smime-cti-ets-proofOfCreation" */ -- 253, /* "id-smime-cti-ets-proofOfDelivery" */ -- 251, /* "id-smime-cti-ets-proofOfOrigin" */ -- 252, /* "id-smime-cti-ets-proofOfReceipt" */ -- 254, /* "id-smime-cti-ets-proofOfSender" */ -- 189, /* "id-smime-mod" */ -- 196, /* "id-smime-mod-cms" */ -- 197, /* "id-smime-mod-ess" */ -- 202, /* "id-smime-mod-ets-eSigPolicy-88" */ -- 203, /* "id-smime-mod-ets-eSigPolicy-97" */ -- 200, /* "id-smime-mod-ets-eSignature-88" */ -- 201, /* "id-smime-mod-ets-eSignature-97" */ -- 199, /* "id-smime-mod-msg-v3" */ -- 198, /* "id-smime-mod-oid" */ -- 194, /* "id-smime-spq" */ -- 250, /* "id-smime-spq-ets-sqt-unotice" */ -- 249, /* "id-smime-spq-ets-sqt-uri" */ -- 974, /* "id-tc26" */ -- 991, /* "id-tc26-agreement" */ -- 992, /* "id-tc26-agreement-gost-3410-2012-256" */ -- 993, /* "id-tc26-agreement-gost-3410-2012-512" */ -- 977, /* "id-tc26-algorithms" */ -- 990, /* "id-tc26-cipher" */ -- 1001, /* "id-tc26-cipher-constants" */ -- 994, /* "id-tc26-constants" */ -- 981, /* "id-tc26-digest" */ -- 1000, /* "id-tc26-digest-constants" */ -- 1002, /* "id-tc26-gost-28147-constants" */ -- 1003, /* "id-tc26-gost-28147-param-Z" */ -- 996, /* "id-tc26-gost-3410-2012-512-constants" */ -- 998, /* "id-tc26-gost-3410-2012-512-paramSetA" */ -- 999, /* "id-tc26-gost-3410-2012-512-paramSetB" */ -- 997, /* "id-tc26-gost-3410-2012-512-paramSetTest" */ -- 988, /* "id-tc26-hmac-gost-3411-2012-256" */ -- 989, /* "id-tc26-hmac-gost-3411-2012-512" */ -- 987, /* "id-tc26-mac" */ -- 978, /* "id-tc26-sign" */ -- 995, /* "id-tc26-sign-constants" */ -- 984, /* "id-tc26-signwithdigest" */ -- 985, /* "id-tc26-signwithdigest-gost3410-2012-256" */ -- 986, /* "id-tc26-signwithdigest-gost3410-2012-512" */ -- 676, /* "identified-organization" */ -- 461, /* "info" */ -- 748, /* "inhibitAnyPolicy" */ -- 101, /* "initials" */ -- 647, /* "international-organizations" */ -- 869, /* "internationaliSDNNumber" */ -- 142, /* "invalidityDate" */ -- 294, /* "ipsecEndSystem" */ -- 1022, /* "ipsecIKE" */ -- 295, /* "ipsecTunnel" */ -- 296, /* "ipsecUser" */ -- 86, /* "issuerAltName" */ -- 1008, /* "issuerSignTool" */ -- 770, /* "issuingDistributionPoint" */ -- 492, /* "janetMailbox" */ -- 957, /* "jurisdictionC" */ -- 955, /* "jurisdictionL" */ -- 956, /* "jurisdictionST" */ -- 150, /* "keyBag" */ -- 83, /* "keyUsage" */ -- 477, /* "lastModifiedBy" */ -- 476, /* "lastModifiedTime" */ -- 157, /* "localKeyID" */ -- 480, /* "mXRecord" */ -- 460, /* "mail" */ -- 493, /* "mailPreferenceOption" */ -- 467, /* "manager" */ -- 982, /* "md_gost12_256" */ -- 983, /* "md_gost12_512" */ -- 809, /* "md_gost94" */ -- 875, /* "member" */ -- 182, /* "member-body" */ -- 51, /* "messageDigest" */ -- 383, /* "mgmt" */ -- 504, /* "mime-mhs" */ -- 506, /* "mime-mhs-bodies" */ -- 505, /* "mime-mhs-headings" */ -- 488, /* "mobileTelephoneNumber" */ -- 136, /* "msCTLSign" */ -- 135, /* "msCodeCom" */ -- 134, /* "msCodeInd" */ -- 138, /* "msEFS" */ -- 171, /* "msExtReq" */ -- 137, /* "msSGC" */ -- 648, /* "msSmartcardLogin" */ -- 649, /* "msUPN" */ -- 481, /* "nSRecord" */ -- 173, /* "name" */ -- 666, /* "nameConstraints" */ -- 369, /* "noCheck" */ -- 403, /* "noRevAvail" */ -- 72, /* "nsBaseUrl" */ -- 76, /* "nsCaPolicyUrl" */ -- 74, /* "nsCaRevocationUrl" */ -- 58, /* "nsCertExt" */ -- 79, /* "nsCertSequence" */ -- 71, /* "nsCertType" */ -- 78, /* "nsComment" */ -- 59, /* "nsDataType" */ -- 75, /* "nsRenewalUrl" */ -- 73, /* "nsRevocationUrl" */ -- 139, /* "nsSGC" */ -- 77, /* "nsSslServerName" */ -- 681, /* "onBasis" */ -- 491, /* "organizationalStatus" */ -- 475, /* "otherMailbox" */ -- 876, /* "owner" */ -- 489, /* "pagerTelephoneNumber" */ -- 374, /* "path" */ -- 112, /* "pbeWithMD5AndCast5CBC" */ -- 499, /* "personalSignature" */ -- 487, /* "personalTitle" */ -- 464, /* "photo" */ -- 863, /* "physicalDeliveryOfficeName" */ -- 437, /* "pilot" */ -- 439, /* "pilotAttributeSyntax" */ -- 438, /* "pilotAttributeType" */ -- 479, /* "pilotAttributeType27" */ -- 456, /* "pilotDSA" */ -- 441, /* "pilotGroups" */ -- 444, /* "pilotObject" */ -- 440, /* "pilotObjectClass" */ -- 455, /* "pilotOrganization" */ -- 445, /* "pilotPerson" */ -- 1032, /* "pkInitClientAuth" */ -- 1033, /* "pkInitKDC" */ -- 2, /* "pkcs" */ -- 186, /* "pkcs1" */ -- 27, /* "pkcs3" */ -- 187, /* "pkcs5" */ -- 20, /* "pkcs7" */ -- 21, /* "pkcs7-data" */ -- 25, /* "pkcs7-digestData" */ -- 26, /* "pkcs7-encryptedData" */ -- 23, /* "pkcs7-envelopedData" */ -- 24, /* "pkcs7-signedAndEnvelopedData" */ -- 22, /* "pkcs7-signedData" */ -- 151, /* "pkcs8ShroudedKeyBag" */ -- 47, /* "pkcs9" */ -- 401, /* "policyConstraints" */ -- 747, /* "policyMappings" */ -- 862, /* "postOfficeBox" */ -- 861, /* "postalAddress" */ -- 661, /* "postalCode" */ -- 683, /* "ppBasis" */ -- 872, /* "preferredDeliveryMethod" */ -- 873, /* "presentationAddress" */ -- 816, /* "prf-gostr3411-94" */ -- 406, /* "prime-field" */ -- 409, /* "prime192v1" */ -- 410, /* "prime192v2" */ -- 411, /* "prime192v3" */ -- 412, /* "prime239v1" */ -- 413, /* "prime239v2" */ -- 414, /* "prime239v3" */ -- 415, /* "prime256v1" */ -- 385, /* "private" */ -- 84, /* "privateKeyUsagePeriod" */ -- 886, /* "protocolInformation" */ -- 663, /* "proxyCertInfo" */ -- 510, /* "pseudonym" */ -- 435, /* "pss" */ -- 286, /* "qcStatements" */ -- 457, /* "qualityLabelledData" */ -- 450, /* "rFC822localPart" */ -- 870, /* "registeredAddress" */ -- 400, /* "role" */ -- 877, /* "roleOccupant" */ -- 448, /* "room" */ -- 463, /* "roomNumber" */ -- 6, /* "rsaEncryption" */ -- 644, /* "rsaOAEPEncryptionSET" */ -- 377, /* "rsaSignature" */ -- 1, /* "rsadsi" */ -- 482, /* "sOARecord" */ -- 155, /* "safeContentsBag" */ -- 291, /* "sbgp-autonomousSysNum" */ -- 290, /* "sbgp-ipAddrBlock" */ -- 292, /* "sbgp-routerIdentifier" */ -- 159, /* "sdsiCertificate" */ -- 859, /* "searchGuide" */ -- 704, /* "secp112r1" */ -- 705, /* "secp112r2" */ -- 706, /* "secp128r1" */ -- 707, /* "secp128r2" */ -- 708, /* "secp160k1" */ -- 709, /* "secp160r1" */ -- 710, /* "secp160r2" */ -- 711, /* "secp192k1" */ -- 712, /* "secp224k1" */ -- 713, /* "secp224r1" */ -- 714, /* "secp256k1" */ -- 715, /* "secp384r1" */ -- 716, /* "secp521r1" */ -- 154, /* "secretBag" */ -- 474, /* "secretary" */ -- 717, /* "sect113r1" */ -- 718, /* "sect113r2" */ -- 719, /* "sect131r1" */ -- 720, /* "sect131r2" */ -- 721, /* "sect163k1" */ -- 722, /* "sect163r1" */ -- 723, /* "sect163r2" */ -- 724, /* "sect193r1" */ -- 725, /* "sect193r2" */ -- 726, /* "sect233k1" */ -- 727, /* "sect233r1" */ -- 728, /* "sect239k1" */ -- 729, /* "sect283k1" */ -- 730, /* "sect283r1" */ -- 731, /* "sect409k1" */ -- 732, /* "sect409r1" */ -- 733, /* "sect571k1" */ -- 734, /* "sect571r1" */ -- 1025, /* "secureShellClient" */ -- 1026, /* "secureShellServer" */ -- 386, /* "security" */ -- 878, /* "seeAlso" */ -- 394, /* "selected-attribute-types" */ -- 1029, /* "sendOwner" */ -- 1030, /* "sendProxiedOwner" */ -- 1028, /* "sendProxiedRouter" */ -- 1027, /* "sendRouter" */ -- 105, /* "serialNumber" */ -- 129, /* "serverAuth" */ -- 371, /* "serviceLocator" */ -- 625, /* "set-addPolicy" */ -- 515, /* "set-attr" */ -- 518, /* "set-brand" */ -- 638, /* "set-brand-AmericanExpress" */ -- 637, /* "set-brand-Diners" */ -- 636, /* "set-brand-IATA-ATA" */ -- 639, /* "set-brand-JCB" */ -- 641, /* "set-brand-MasterCard" */ -- 642, /* "set-brand-Novus" */ -- 640, /* "set-brand-Visa" */ -- 517, /* "set-certExt" */ -- 513, /* "set-ctype" */ -- 514, /* "set-msgExt" */ -- 516, /* "set-policy" */ -- 607, /* "set-policy-root" */ -- 624, /* "set-rootKeyThumb" */ -- 620, /* "setAttr-Cert" */ -- 631, /* "setAttr-GenCryptgrm" */ -- 623, /* "setAttr-IssCap" */ -- 628, /* "setAttr-IssCap-CVM" */ -- 630, /* "setAttr-IssCap-Sig" */ -- 629, /* "setAttr-IssCap-T2" */ -- 621, /* "setAttr-PGWYcap" */ -- 635, /* "setAttr-SecDevSig" */ -- 632, /* "setAttr-T2Enc" */ -- 633, /* "setAttr-T2cleartxt" */ -- 634, /* "setAttr-TokICCsig" */ -- 627, /* "setAttr-Token-B0Prime" */ -- 626, /* "setAttr-Token-EMV" */ -- 622, /* "setAttr-TokenType" */ -- 619, /* "setCext-IssuerCapabilities" */ -- 615, /* "setCext-PGWYcapabilities" */ -- 616, /* "setCext-TokenIdentifier" */ -- 618, /* "setCext-TokenType" */ -- 617, /* "setCext-Track2Data" */ -- 611, /* "setCext-cCertRequired" */ -- 609, /* "setCext-certType" */ -- 608, /* "setCext-hashedRoot" */ -- 610, /* "setCext-merchData" */ -- 613, /* "setCext-setExt" */ -- 614, /* "setCext-setQualf" */ -- 612, /* "setCext-tunneling" */ -- 540, /* "setct-AcqCardCodeMsg" */ -- 576, /* "setct-AcqCardCodeMsgTBE" */ -- 570, /* "setct-AuthReqTBE" */ -- 534, /* "setct-AuthReqTBS" */ -- 527, /* "setct-AuthResBaggage" */ -- 571, /* "setct-AuthResTBE" */ -- 572, /* "setct-AuthResTBEX" */ -- 535, /* "setct-AuthResTBS" */ -- 536, /* "setct-AuthResTBSX" */ -- 528, /* "setct-AuthRevReqBaggage" */ -- 577, /* "setct-AuthRevReqTBE" */ -- 541, /* "setct-AuthRevReqTBS" */ -- 529, /* "setct-AuthRevResBaggage" */ -- 542, /* "setct-AuthRevResData" */ -- 578, /* "setct-AuthRevResTBE" */ -- 579, /* "setct-AuthRevResTBEB" */ -- 543, /* "setct-AuthRevResTBS" */ -- 573, /* "setct-AuthTokenTBE" */ -- 537, /* "setct-AuthTokenTBS" */ -- 600, /* "setct-BCIDistributionTBS" */ -- 558, /* "setct-BatchAdminReqData" */ -- 592, /* "setct-BatchAdminReqTBE" */ -- 559, /* "setct-BatchAdminResData" */ -- 593, /* "setct-BatchAdminResTBE" */ -- 599, /* "setct-CRLNotificationResTBS" */ -- 598, /* "setct-CRLNotificationTBS" */ -- 580, /* "setct-CapReqTBE" */ -- 581, /* "setct-CapReqTBEX" */ -- 544, /* "setct-CapReqTBS" */ -- 545, /* "setct-CapReqTBSX" */ -- 546, /* "setct-CapResData" */ -- 582, /* "setct-CapResTBE" */ -- 583, /* "setct-CapRevReqTBE" */ -- 584, /* "setct-CapRevReqTBEX" */ -- 547, /* "setct-CapRevReqTBS" */ -- 548, /* "setct-CapRevReqTBSX" */ -- 549, /* "setct-CapRevResData" */ -- 585, /* "setct-CapRevResTBE" */ -- 538, /* "setct-CapTokenData" */ -- 530, /* "setct-CapTokenSeq" */ -- 574, /* "setct-CapTokenTBE" */ -- 575, /* "setct-CapTokenTBEX" */ -- 539, /* "setct-CapTokenTBS" */ -- 560, /* "setct-CardCInitResTBS" */ -- 566, /* "setct-CertInqReqTBS" */ -- 563, /* "setct-CertReqData" */ -- 595, /* "setct-CertReqTBE" */ -- 596, /* "setct-CertReqTBEX" */ -- 564, /* "setct-CertReqTBS" */ -- 565, /* "setct-CertResData" */ -- 597, /* "setct-CertResTBE" */ -- 586, /* "setct-CredReqTBE" */ -- 587, /* "setct-CredReqTBEX" */ -- 550, /* "setct-CredReqTBS" */ -- 551, /* "setct-CredReqTBSX" */ -- 552, /* "setct-CredResData" */ -- 588, /* "setct-CredResTBE" */ -- 589, /* "setct-CredRevReqTBE" */ -- 590, /* "setct-CredRevReqTBEX" */ -- 553, /* "setct-CredRevReqTBS" */ -- 554, /* "setct-CredRevReqTBSX" */ -- 555, /* "setct-CredRevResData" */ -- 591, /* "setct-CredRevResTBE" */ -- 567, /* "setct-ErrorTBS" */ -- 526, /* "setct-HODInput" */ -- 561, /* "setct-MeAqCInitResTBS" */ -- 522, /* "setct-OIData" */ -- 519, /* "setct-PANData" */ -- 521, /* "setct-PANOnly" */ -- 520, /* "setct-PANToken" */ -- 556, /* "setct-PCertReqData" */ -- 557, /* "setct-PCertResTBS" */ -- 523, /* "setct-PI" */ -- 532, /* "setct-PI-TBS" */ -- 524, /* "setct-PIData" */ -- 525, /* "setct-PIDataUnsigned" */ -- 568, /* "setct-PIDualSignedTBE" */ -- 569, /* "setct-PIUnsignedTBE" */ -- 531, /* "setct-PInitResData" */ -- 533, /* "setct-PResData" */ -- 594, /* "setct-RegFormReqTBE" */ -- 562, /* "setct-RegFormResTBS" */ -- 606, /* "setext-cv" */ -- 601, /* "setext-genCrypt" */ -- 602, /* "setext-miAuth" */ -- 604, /* "setext-pinAny" */ -- 603, /* "setext-pinSecure" */ -- 605, /* "setext-track2" */ -- 52, /* "signingTime" */ -- 454, /* "simpleSecurityObject" */ -- 496, /* "singleLevelQuality" */ -- 387, /* "snmpv2" */ -- 660, /* "street" */ -- 85, /* "subjectAltName" */ -- 769, /* "subjectDirectoryAttributes" */ -- 398, /* "subjectInfoAccess" */ -- 82, /* "subjectKeyIdentifier" */ -- 1007, /* "subjectSignTool" */ -- 498, /* "subtreeMaximumQuality" */ -- 497, /* "subtreeMinimumQuality" */ -- 890, /* "supportedAlgorithms" */ -- 874, /* "supportedApplicationContext" */ -- 402, /* "targetInformation" */ -- 864, /* "telephoneNumber" */ -- 866, /* "teletexTerminalIdentifier" */ -- 865, /* "telexNumber" */ -- 459, /* "textEncodedORAddress" */ -- 293, /* "textNotice" */ -- 133, /* "timeStamping" */ -- 106, /* "title" */ -- 1020, /* "tlsfeature" */ -- 682, /* "tpBasis" */ -- 375, /* "trustRoot" */ -- 436, /* "ucl" */ -- 102, /* "uid" */ -- 888, /* "uniqueMember" */ -- 55, /* "unstructuredAddress" */ -- 49, /* "unstructuredName" */ -- 880, /* "userCertificate" */ -- 465, /* "userClass" */ -- 879, /* "userPassword" */ -- 373, /* "valid" */ -- 678, /* "wap" */ -- 679, /* "wap-wsg" */ -- 735, /* "wap-wsg-idm-ecid-wtls1" */ -- 743, /* "wap-wsg-idm-ecid-wtls10" */ -- 744, /* "wap-wsg-idm-ecid-wtls11" */ -- 745, /* "wap-wsg-idm-ecid-wtls12" */ -- 736, /* "wap-wsg-idm-ecid-wtls3" */ -- 737, /* "wap-wsg-idm-ecid-wtls4" */ -- 738, /* "wap-wsg-idm-ecid-wtls5" */ -- 739, /* "wap-wsg-idm-ecid-wtls6" */ -- 740, /* "wap-wsg-idm-ecid-wtls7" */ -- 741, /* "wap-wsg-idm-ecid-wtls8" */ -- 742, /* "wap-wsg-idm-ecid-wtls9" */ -- 804, /* "whirlpool" */ -- 868, /* "x121Address" */ -- 503, /* "x500UniqueIdentifier" */ -- 158, /* "x509Certificate" */ -- 160, /* "x509Crl" */ -+static const unsigned int sn_objs[NUM_SN]={ -+364, /* "AD_DVCS" */ -+419, /* "AES-128-CBC" */ -+916, /* "AES-128-CBC-HMAC-SHA1" */ -+948, /* "AES-128-CBC-HMAC-SHA256" */ -+421, /* "AES-128-CFB" */ -+650, /* "AES-128-CFB1" */ -+653, /* "AES-128-CFB8" */ -+904, /* "AES-128-CTR" */ -+418, /* "AES-128-ECB" */ -+420, /* "AES-128-OFB" */ -+913, /* "AES-128-XTS" */ -+423, /* "AES-192-CBC" */ -+917, /* "AES-192-CBC-HMAC-SHA1" */ -+949, /* "AES-192-CBC-HMAC-SHA256" */ -+425, /* "AES-192-CFB" */ -+651, /* "AES-192-CFB1" */ -+654, /* "AES-192-CFB8" */ -+905, /* "AES-192-CTR" */ -+422, /* "AES-192-ECB" */ -+424, /* "AES-192-OFB" */ -+427, /* "AES-256-CBC" */ -+918, /* "AES-256-CBC-HMAC-SHA1" */ -+950, /* "AES-256-CBC-HMAC-SHA256" */ -+429, /* "AES-256-CFB" */ -+652, /* "AES-256-CFB1" */ -+655, /* "AES-256-CFB8" */ -+906, /* "AES-256-CTR" */ -+426, /* "AES-256-ECB" */ -+428, /* "AES-256-OFB" */ -+914, /* "AES-256-XTS" */ -+91, /* "BF-CBC" */ -+93, /* "BF-CFB" */ -+92, /* "BF-ECB" */ -+94, /* "BF-OFB" */ -+14, /* "C" */ -+751, /* "CAMELLIA-128-CBC" */ -+757, /* "CAMELLIA-128-CFB" */ -+760, /* "CAMELLIA-128-CFB1" */ -+763, /* "CAMELLIA-128-CFB8" */ -+754, /* "CAMELLIA-128-ECB" */ -+766, /* "CAMELLIA-128-OFB" */ -+752, /* "CAMELLIA-192-CBC" */ -+758, /* "CAMELLIA-192-CFB" */ -+761, /* "CAMELLIA-192-CFB1" */ -+764, /* "CAMELLIA-192-CFB8" */ -+755, /* "CAMELLIA-192-ECB" */ -+767, /* "CAMELLIA-192-OFB" */ -+753, /* "CAMELLIA-256-CBC" */ -+759, /* "CAMELLIA-256-CFB" */ -+762, /* "CAMELLIA-256-CFB1" */ -+765, /* "CAMELLIA-256-CFB8" */ -+756, /* "CAMELLIA-256-ECB" */ -+768, /* "CAMELLIA-256-OFB" */ -+108, /* "CAST5-CBC" */ -+110, /* "CAST5-CFB" */ -+109, /* "CAST5-ECB" */ -+111, /* "CAST5-OFB" */ -+894, /* "CMAC" */ -+13, /* "CN" */ -+141, /* "CRLReason" */ -+417, /* "CSPName" */ -+367, /* "CrlID" */ -+391, /* "DC" */ -+31, /* "DES-CBC" */ -+643, /* "DES-CDMF" */ -+30, /* "DES-CFB" */ -+656, /* "DES-CFB1" */ -+657, /* "DES-CFB8" */ -+29, /* "DES-ECB" */ -+32, /* "DES-EDE" */ -+43, /* "DES-EDE-CBC" */ -+60, /* "DES-EDE-CFB" */ -+62, /* "DES-EDE-OFB" */ -+33, /* "DES-EDE3" */ -+44, /* "DES-EDE3-CBC" */ -+61, /* "DES-EDE3-CFB" */ -+658, /* "DES-EDE3-CFB1" */ -+659, /* "DES-EDE3-CFB8" */ -+63, /* "DES-EDE3-OFB" */ -+45, /* "DES-OFB" */ -+80, /* "DESX-CBC" */ -+380, /* "DOD" */ -+116, /* "DSA" */ -+66, /* "DSA-SHA" */ -+113, /* "DSA-SHA1" */ -+70, /* "DSA-SHA1-old" */ -+67, /* "DSA-old" */ -+297, /* "DVCS" */ -+99, /* "GN" */ -+855, /* "HMAC" */ -+780, /* "HMAC-MD5" */ -+781, /* "HMAC-SHA1" */ -+381, /* "IANA" */ -+34, /* "IDEA-CBC" */ -+35, /* "IDEA-CFB" */ -+36, /* "IDEA-ECB" */ -+46, /* "IDEA-OFB" */ -+181, /* "ISO" */ -+183, /* "ISO-US" */ -+645, /* "ITU-T" */ -+646, /* "JOINT-ISO-ITU-T" */ -+773, /* "KISA" */ -+15, /* "L" */ -+856, /* "LocalKeySet" */ -+ 3, /* "MD2" */ -+257, /* "MD4" */ -+ 4, /* "MD5" */ -+114, /* "MD5-SHA1" */ -+95, /* "MDC2" */ -+911, /* "MGF1" */ -+388, /* "Mail" */ -+393, /* "NULL" */ -+404, /* "NULL" */ -+57, /* "Netscape" */ -+366, /* "Nonce" */ -+17, /* "O" */ -+178, /* "OCSP" */ -+180, /* "OCSPSigning" */ -+379, /* "ORG" */ -+18, /* "OU" */ -+749, /* "Oakley-EC2N-3" */ -+750, /* "Oakley-EC2N-4" */ -+ 9, /* "PBE-MD2-DES" */ -+168, /* "PBE-MD2-RC2-64" */ -+10, /* "PBE-MD5-DES" */ -+169, /* "PBE-MD5-RC2-64" */ -+147, /* "PBE-SHA1-2DES" */ -+146, /* "PBE-SHA1-3DES" */ -+170, /* "PBE-SHA1-DES" */ -+148, /* "PBE-SHA1-RC2-128" */ -+149, /* "PBE-SHA1-RC2-40" */ -+68, /* "PBE-SHA1-RC2-64" */ -+144, /* "PBE-SHA1-RC4-128" */ -+145, /* "PBE-SHA1-RC4-40" */ -+161, /* "PBES2" */ -+69, /* "PBKDF2" */ -+162, /* "PBMAC1" */ -+127, /* "PKIX" */ -+935, /* "PSPECIFIED" */ -+98, /* "RC2-40-CBC" */ -+166, /* "RC2-64-CBC" */ -+37, /* "RC2-CBC" */ -+39, /* "RC2-CFB" */ -+38, /* "RC2-ECB" */ -+40, /* "RC2-OFB" */ -+ 5, /* "RC4" */ -+97, /* "RC4-40" */ -+915, /* "RC4-HMAC-MD5" */ -+120, /* "RC5-CBC" */ -+122, /* "RC5-CFB" */ -+121, /* "RC5-ECB" */ -+123, /* "RC5-OFB" */ -+117, /* "RIPEMD160" */ -+124, /* "RLE" */ -+19, /* "RSA" */ -+ 7, /* "RSA-MD2" */ -+396, /* "RSA-MD4" */ -+ 8, /* "RSA-MD5" */ -+96, /* "RSA-MDC2" */ -+104, /* "RSA-NP-MD5" */ -+119, /* "RSA-RIPEMD160" */ -+42, /* "RSA-SHA" */ -+65, /* "RSA-SHA1" */ -+115, /* "RSA-SHA1-2" */ -+671, /* "RSA-SHA224" */ -+668, /* "RSA-SHA256" */ -+669, /* "RSA-SHA384" */ -+670, /* "RSA-SHA512" */ -+919, /* "RSAES-OAEP" */ -+912, /* "RSASSA-PSS" */ -+777, /* "SEED-CBC" */ -+779, /* "SEED-CFB" */ -+776, /* "SEED-ECB" */ -+778, /* "SEED-OFB" */ -+41, /* "SHA" */ -+64, /* "SHA1" */ -+675, /* "SHA224" */ -+672, /* "SHA256" */ -+673, /* "SHA384" */ -+674, /* "SHA512" */ -+188, /* "SMIME" */ -+167, /* "SMIME-CAPS" */ -+100, /* "SN" */ -+16, /* "ST" */ -+143, /* "SXNetID" */ -+458, /* "UID" */ -+ 0, /* "UNDEF" */ -+11, /* "X500" */ -+378, /* "X500algorithms" */ -+12, /* "X509" */ -+184, /* "X9-57" */ -+185, /* "X9cm" */ -+125, /* "ZLIB" */ -+478, /* "aRecord" */ -+289, /* "aaControls" */ -+287, /* "ac-auditEntity" */ -+397, /* "ac-proxying" */ -+288, /* "ac-targeting" */ -+368, /* "acceptableResponses" */ -+446, /* "account" */ -+363, /* "ad_timestamping" */ -+376, /* "algorithm" */ -+405, /* "ansi-X9-62" */ -+910, /* "anyExtendedKeyUsage" */ -+746, /* "anyPolicy" */ -+370, /* "archiveCutoff" */ -+484, /* "associatedDomain" */ -+485, /* "associatedName" */ -+501, /* "audio" */ -+177, /* "authorityInfoAccess" */ -+90, /* "authorityKeyIdentifier" */ -+882, /* "authorityRevocationList" */ -+87, /* "basicConstraints" */ -+365, /* "basicOCSPResponse" */ -+285, /* "biometricInfo" */ -+921, /* "brainpoolP160r1" */ -+922, /* "brainpoolP160t1" */ -+923, /* "brainpoolP192r1" */ -+924, /* "brainpoolP192t1" */ -+925, /* "brainpoolP224r1" */ -+926, /* "brainpoolP224t1" */ -+927, /* "brainpoolP256r1" */ -+928, /* "brainpoolP256t1" */ -+929, /* "brainpoolP320r1" */ -+930, /* "brainpoolP320t1" */ -+931, /* "brainpoolP384r1" */ -+932, /* "brainpoolP384t1" */ -+933, /* "brainpoolP512r1" */ -+934, /* "brainpoolP512t1" */ -+494, /* "buildingName" */ -+860, /* "businessCategory" */ -+691, /* "c2onb191v4" */ -+692, /* "c2onb191v5" */ -+697, /* "c2onb239v4" */ -+698, /* "c2onb239v5" */ -+684, /* "c2pnb163v1" */ -+685, /* "c2pnb163v2" */ -+686, /* "c2pnb163v3" */ -+687, /* "c2pnb176v1" */ -+693, /* "c2pnb208w1" */ -+699, /* "c2pnb272w1" */ -+700, /* "c2pnb304w1" */ -+702, /* "c2pnb368w1" */ -+688, /* "c2tnb191v1" */ -+689, /* "c2tnb191v2" */ -+690, /* "c2tnb191v3" */ -+694, /* "c2tnb239v1" */ -+695, /* "c2tnb239v2" */ -+696, /* "c2tnb239v3" */ -+701, /* "c2tnb359v1" */ -+703, /* "c2tnb431r1" */ -+881, /* "cACertificate" */ -+483, /* "cNAMERecord" */ -+179, /* "caIssuers" */ -+785, /* "caRepository" */ -+443, /* "caseIgnoreIA5StringSyntax" */ -+152, /* "certBag" */ -+677, /* "certicom-arc" */ -+771, /* "certificateIssuer" */ -+89, /* "certificatePolicies" */ -+883, /* "certificateRevocationList" */ -+54, /* "challengePassword" */ -+407, /* "characteristic-two-field" */ -+395, /* "clearance" */ -+130, /* "clientAuth" */ -+131, /* "codeSigning" */ -+50, /* "contentType" */ -+53, /* "countersignature" */ -+153, /* "crlBag" */ -+103, /* "crlDistributionPoints" */ -+88, /* "crlNumber" */ -+884, /* "crossCertificatePair" */ -+806, /* "cryptocom" */ -+805, /* "cryptopro" */ -+954, /* "ct_cert_scts" */ -+952, /* "ct_precert_poison" */ -+951, /* "ct_precert_scts" */ -+953, /* "ct_precert_signer" */ -+500, /* "dITRedirect" */ -+451, /* "dNSDomain" */ -+495, /* "dSAQuality" */ -+434, /* "data" */ -+390, /* "dcobject" */ -+140, /* "deltaCRL" */ -+891, /* "deltaRevocationList" */ -+107, /* "description" */ -+871, /* "destinationIndicator" */ -+947, /* "dh-cofactor-kdf" */ -+946, /* "dh-std-kdf" */ -+28, /* "dhKeyAgreement" */ -+941, /* "dhSinglePass-cofactorDH-sha1kdf-scheme" */ -+942, /* "dhSinglePass-cofactorDH-sha224kdf-scheme" */ -+943, /* "dhSinglePass-cofactorDH-sha256kdf-scheme" */ -+944, /* "dhSinglePass-cofactorDH-sha384kdf-scheme" */ -+945, /* "dhSinglePass-cofactorDH-sha512kdf-scheme" */ -+936, /* "dhSinglePass-stdDH-sha1kdf-scheme" */ -+937, /* "dhSinglePass-stdDH-sha224kdf-scheme" */ -+938, /* "dhSinglePass-stdDH-sha256kdf-scheme" */ -+939, /* "dhSinglePass-stdDH-sha384kdf-scheme" */ -+940, /* "dhSinglePass-stdDH-sha512kdf-scheme" */ -+920, /* "dhpublicnumber" */ -+382, /* "directory" */ -+887, /* "distinguishedName" */ -+892, /* "dmdName" */ -+174, /* "dnQualifier" */ -+447, /* "document" */ -+471, /* "documentAuthor" */ -+468, /* "documentIdentifier" */ -+472, /* "documentLocation" */ -+502, /* "documentPublisher" */ -+449, /* "documentSeries" */ -+469, /* "documentTitle" */ -+470, /* "documentVersion" */ -+392, /* "domain" */ -+452, /* "domainRelatedObject" */ -+802, /* "dsa_with_SHA224" */ -+803, /* "dsa_with_SHA256" */ -+791, /* "ecdsa-with-Recommended" */ -+416, /* "ecdsa-with-SHA1" */ -+793, /* "ecdsa-with-SHA224" */ -+794, /* "ecdsa-with-SHA256" */ -+795, /* "ecdsa-with-SHA384" */ -+796, /* "ecdsa-with-SHA512" */ -+792, /* "ecdsa-with-Specified" */ -+48, /* "emailAddress" */ -+132, /* "emailProtection" */ -+885, /* "enhancedSearchGuide" */ -+389, /* "enterprises" */ -+384, /* "experimental" */ -+172, /* "extReq" */ -+56, /* "extendedCertificateAttributes" */ -+126, /* "extendedKeyUsage" */ -+372, /* "extendedStatus" */ -+867, /* "facsimileTelephoneNumber" */ -+462, /* "favouriteDrink" */ -+857, /* "freshestCRL" */ -+453, /* "friendlyCountry" */ -+490, /* "friendlyCountryName" */ -+156, /* "friendlyName" */ -+509, /* "generationQualifier" */ -+815, /* "gost-mac" */ -+811, /* "gost2001" */ -+851, /* "gost2001cc" */ -+813, /* "gost89" */ -+814, /* "gost89-cnt" */ -+812, /* "gost94" */ -+850, /* "gost94cc" */ -+797, /* "hmacWithMD5" */ -+163, /* "hmacWithSHA1" */ -+798, /* "hmacWithSHA224" */ -+799, /* "hmacWithSHA256" */ -+800, /* "hmacWithSHA384" */ -+801, /* "hmacWithSHA512" */ -+432, /* "holdInstructionCallIssuer" */ -+430, /* "holdInstructionCode" */ -+431, /* "holdInstructionNone" */ -+433, /* "holdInstructionReject" */ -+486, /* "homePostalAddress" */ -+473, /* "homeTelephoneNumber" */ -+466, /* "host" */ -+889, /* "houseIdentifier" */ -+442, /* "iA5StringSyntax" */ -+783, /* "id-DHBasedMac" */ -+824, /* "id-Gost28147-89-CryptoPro-A-ParamSet" */ -+825, /* "id-Gost28147-89-CryptoPro-B-ParamSet" */ -+826, /* "id-Gost28147-89-CryptoPro-C-ParamSet" */ -+827, /* "id-Gost28147-89-CryptoPro-D-ParamSet" */ -+819, /* "id-Gost28147-89-CryptoPro-KeyMeshing" */ -+829, /* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */ -+828, /* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */ -+830, /* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */ -+820, /* "id-Gost28147-89-None-KeyMeshing" */ -+823, /* "id-Gost28147-89-TestParamSet" */ -+849, /* "id-Gost28147-89-cc" */ -+840, /* "id-GostR3410-2001-CryptoPro-A-ParamSet" */ -+841, /* "id-GostR3410-2001-CryptoPro-B-ParamSet" */ -+842, /* "id-GostR3410-2001-CryptoPro-C-ParamSet" */ -+843, /* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */ -+844, /* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */ -+854, /* "id-GostR3410-2001-ParamSet-cc" */ -+839, /* "id-GostR3410-2001-TestParamSet" */ -+817, /* "id-GostR3410-2001DH" */ -+832, /* "id-GostR3410-94-CryptoPro-A-ParamSet" */ -+833, /* "id-GostR3410-94-CryptoPro-B-ParamSet" */ -+834, /* "id-GostR3410-94-CryptoPro-C-ParamSet" */ -+835, /* "id-GostR3410-94-CryptoPro-D-ParamSet" */ -+836, /* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */ -+837, /* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */ -+838, /* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */ -+831, /* "id-GostR3410-94-TestParamSet" */ -+845, /* "id-GostR3410-94-a" */ -+846, /* "id-GostR3410-94-aBis" */ -+847, /* "id-GostR3410-94-b" */ -+848, /* "id-GostR3410-94-bBis" */ -+818, /* "id-GostR3410-94DH" */ -+822, /* "id-GostR3411-94-CryptoProParamSet" */ -+821, /* "id-GostR3411-94-TestParamSet" */ -+807, /* "id-GostR3411-94-with-GostR3410-2001" */ -+853, /* "id-GostR3411-94-with-GostR3410-2001-cc" */ -+808, /* "id-GostR3411-94-with-GostR3410-94" */ -+852, /* "id-GostR3411-94-with-GostR3410-94-cc" */ -+810, /* "id-HMACGostR3411-94" */ -+782, /* "id-PasswordBasedMAC" */ -+266, /* "id-aca" */ -+355, /* "id-aca-accessIdentity" */ -+354, /* "id-aca-authenticationInfo" */ -+356, /* "id-aca-chargingIdentity" */ -+399, /* "id-aca-encAttrs" */ -+357, /* "id-aca-group" */ -+358, /* "id-aca-role" */ -+176, /* "id-ad" */ -+896, /* "id-aes128-CCM" */ -+895, /* "id-aes128-GCM" */ -+788, /* "id-aes128-wrap" */ -+897, /* "id-aes128-wrap-pad" */ -+899, /* "id-aes192-CCM" */ -+898, /* "id-aes192-GCM" */ -+789, /* "id-aes192-wrap" */ -+900, /* "id-aes192-wrap-pad" */ -+902, /* "id-aes256-CCM" */ -+901, /* "id-aes256-GCM" */ -+790, /* "id-aes256-wrap" */ -+903, /* "id-aes256-wrap-pad" */ -+262, /* "id-alg" */ -+893, /* "id-alg-PWRI-KEK" */ -+323, /* "id-alg-des40" */ -+326, /* "id-alg-dh-pop" */ -+325, /* "id-alg-dh-sig-hmac-sha1" */ -+324, /* "id-alg-noSignature" */ -+907, /* "id-camellia128-wrap" */ -+908, /* "id-camellia192-wrap" */ -+909, /* "id-camellia256-wrap" */ -+268, /* "id-cct" */ -+361, /* "id-cct-PKIData" */ -+362, /* "id-cct-PKIResponse" */ -+360, /* "id-cct-crs" */ -+81, /* "id-ce" */ -+680, /* "id-characteristic-two-basis" */ -+263, /* "id-cmc" */ -+334, /* "id-cmc-addExtensions" */ -+346, /* "id-cmc-confirmCertAcceptance" */ -+330, /* "id-cmc-dataReturn" */ -+336, /* "id-cmc-decryptedPOP" */ -+335, /* "id-cmc-encryptedPOP" */ -+339, /* "id-cmc-getCRL" */ -+338, /* "id-cmc-getCert" */ -+328, /* "id-cmc-identification" */ -+329, /* "id-cmc-identityProof" */ -+337, /* "id-cmc-lraPOPWitness" */ -+344, /* "id-cmc-popLinkRandom" */ -+345, /* "id-cmc-popLinkWitness" */ -+343, /* "id-cmc-queryPending" */ -+333, /* "id-cmc-recipientNonce" */ -+341, /* "id-cmc-regInfo" */ -+342, /* "id-cmc-responseInfo" */ -+340, /* "id-cmc-revokeRequest" */ -+332, /* "id-cmc-senderNonce" */ -+327, /* "id-cmc-statusInfo" */ -+331, /* "id-cmc-transactionId" */ -+787, /* "id-ct-asciiTextWithCRLF" */ -+408, /* "id-ecPublicKey" */ -+508, /* "id-hex-multipart-message" */ -+507, /* "id-hex-partial-message" */ -+260, /* "id-it" */ -+302, /* "id-it-caKeyUpdateInfo" */ -+298, /* "id-it-caProtEncCert" */ -+311, /* "id-it-confirmWaitTime" */ -+303, /* "id-it-currentCRL" */ -+300, /* "id-it-encKeyPairTypes" */ -+310, /* "id-it-implicitConfirm" */ -+308, /* "id-it-keyPairParamRep" */ -+307, /* "id-it-keyPairParamReq" */ -+312, /* "id-it-origPKIMessage" */ -+301, /* "id-it-preferredSymmAlg" */ -+309, /* "id-it-revPassphrase" */ -+299, /* "id-it-signKeyPairTypes" */ -+305, /* "id-it-subscriptionRequest" */ -+306, /* "id-it-subscriptionResponse" */ -+784, /* "id-it-suppLangTags" */ -+304, /* "id-it-unsupportedOIDs" */ -+128, /* "id-kp" */ -+280, /* "id-mod-attribute-cert" */ -+274, /* "id-mod-cmc" */ -+277, /* "id-mod-cmp" */ -+284, /* "id-mod-cmp2000" */ -+273, /* "id-mod-crmf" */ -+283, /* "id-mod-dvcs" */ -+275, /* "id-mod-kea-profile-88" */ -+276, /* "id-mod-kea-profile-93" */ -+282, /* "id-mod-ocsp" */ -+278, /* "id-mod-qualified-cert-88" */ -+279, /* "id-mod-qualified-cert-93" */ -+281, /* "id-mod-timestamp-protocol" */ -+264, /* "id-on" */ -+858, /* "id-on-permanentIdentifier" */ -+347, /* "id-on-personalData" */ -+265, /* "id-pda" */ -+352, /* "id-pda-countryOfCitizenship" */ -+353, /* "id-pda-countryOfResidence" */ -+348, /* "id-pda-dateOfBirth" */ -+351, /* "id-pda-gender" */ -+349, /* "id-pda-placeOfBirth" */ -+175, /* "id-pe" */ -+261, /* "id-pkip" */ -+258, /* "id-pkix-mod" */ -+269, /* "id-pkix1-explicit-88" */ -+271, /* "id-pkix1-explicit-93" */ -+270, /* "id-pkix1-implicit-88" */ -+272, /* "id-pkix1-implicit-93" */ -+662, /* "id-ppl" */ -+664, /* "id-ppl-anyLanguage" */ -+667, /* "id-ppl-independent" */ -+665, /* "id-ppl-inheritAll" */ -+267, /* "id-qcs" */ -+359, /* "id-qcs-pkixQCSyntax-v1" */ -+259, /* "id-qt" */ -+164, /* "id-qt-cps" */ -+165, /* "id-qt-unotice" */ -+313, /* "id-regCtrl" */ -+316, /* "id-regCtrl-authenticator" */ -+319, /* "id-regCtrl-oldCertID" */ -+318, /* "id-regCtrl-pkiArchiveOptions" */ -+317, /* "id-regCtrl-pkiPublicationInfo" */ -+320, /* "id-regCtrl-protocolEncrKey" */ -+315, /* "id-regCtrl-regToken" */ -+314, /* "id-regInfo" */ -+322, /* "id-regInfo-certReq" */ -+321, /* "id-regInfo-utf8Pairs" */ -+512, /* "id-set" */ -+191, /* "id-smime-aa" */ -+215, /* "id-smime-aa-contentHint" */ -+218, /* "id-smime-aa-contentIdentifier" */ -+221, /* "id-smime-aa-contentReference" */ -+240, /* "id-smime-aa-dvcs-dvc" */ -+217, /* "id-smime-aa-encapContentType" */ -+222, /* "id-smime-aa-encrypKeyPref" */ -+220, /* "id-smime-aa-equivalentLabels" */ -+232, /* "id-smime-aa-ets-CertificateRefs" */ -+233, /* "id-smime-aa-ets-RevocationRefs" */ -+238, /* "id-smime-aa-ets-archiveTimeStamp" */ -+237, /* "id-smime-aa-ets-certCRLTimestamp" */ -+234, /* "id-smime-aa-ets-certValues" */ -+227, /* "id-smime-aa-ets-commitmentType" */ -+231, /* "id-smime-aa-ets-contentTimestamp" */ -+236, /* "id-smime-aa-ets-escTimeStamp" */ -+230, /* "id-smime-aa-ets-otherSigCert" */ -+235, /* "id-smime-aa-ets-revocationValues" */ -+226, /* "id-smime-aa-ets-sigPolicyId" */ -+229, /* "id-smime-aa-ets-signerAttr" */ -+228, /* "id-smime-aa-ets-signerLocation" */ -+219, /* "id-smime-aa-macValue" */ -+214, /* "id-smime-aa-mlExpandHistory" */ -+216, /* "id-smime-aa-msgSigDigest" */ -+212, /* "id-smime-aa-receiptRequest" */ -+213, /* "id-smime-aa-securityLabel" */ -+239, /* "id-smime-aa-signatureType" */ -+223, /* "id-smime-aa-signingCertificate" */ -+224, /* "id-smime-aa-smimeEncryptCerts" */ -+225, /* "id-smime-aa-timeStampToken" */ -+192, /* "id-smime-alg" */ -+243, /* "id-smime-alg-3DESwrap" */ -+246, /* "id-smime-alg-CMS3DESwrap" */ -+247, /* "id-smime-alg-CMSRC2wrap" */ -+245, /* "id-smime-alg-ESDH" */ -+241, /* "id-smime-alg-ESDHwith3DES" */ -+242, /* "id-smime-alg-ESDHwithRC2" */ -+244, /* "id-smime-alg-RC2wrap" */ -+193, /* "id-smime-cd" */ -+248, /* "id-smime-cd-ldap" */ -+190, /* "id-smime-ct" */ -+210, /* "id-smime-ct-DVCSRequestData" */ -+211, /* "id-smime-ct-DVCSResponseData" */ -+208, /* "id-smime-ct-TDTInfo" */ -+207, /* "id-smime-ct-TSTInfo" */ -+205, /* "id-smime-ct-authData" */ -+786, /* "id-smime-ct-compressedData" */ -+209, /* "id-smime-ct-contentInfo" */ -+206, /* "id-smime-ct-publishCert" */ -+204, /* "id-smime-ct-receipt" */ -+195, /* "id-smime-cti" */ -+255, /* "id-smime-cti-ets-proofOfApproval" */ -+256, /* "id-smime-cti-ets-proofOfCreation" */ -+253, /* "id-smime-cti-ets-proofOfDelivery" */ -+251, /* "id-smime-cti-ets-proofOfOrigin" */ -+252, /* "id-smime-cti-ets-proofOfReceipt" */ -+254, /* "id-smime-cti-ets-proofOfSender" */ -+189, /* "id-smime-mod" */ -+196, /* "id-smime-mod-cms" */ -+197, /* "id-smime-mod-ess" */ -+202, /* "id-smime-mod-ets-eSigPolicy-88" */ -+203, /* "id-smime-mod-ets-eSigPolicy-97" */ -+200, /* "id-smime-mod-ets-eSignature-88" */ -+201, /* "id-smime-mod-ets-eSignature-97" */ -+199, /* "id-smime-mod-msg-v3" */ -+198, /* "id-smime-mod-oid" */ -+194, /* "id-smime-spq" */ -+250, /* "id-smime-spq-ets-sqt-unotice" */ -+249, /* "id-smime-spq-ets-sqt-uri" */ -+676, /* "identified-organization" */ -+461, /* "info" */ -+748, /* "inhibitAnyPolicy" */ -+101, /* "initials" */ -+647, /* "international-organizations" */ -+869, /* "internationaliSDNNumber" */ -+142, /* "invalidityDate" */ -+294, /* "ipsecEndSystem" */ -+295, /* "ipsecTunnel" */ -+296, /* "ipsecUser" */ -+86, /* "issuerAltName" */ -+770, /* "issuingDistributionPoint" */ -+492, /* "janetMailbox" */ -+957, /* "jurisdictionC" */ -+955, /* "jurisdictionL" */ -+956, /* "jurisdictionST" */ -+150, /* "keyBag" */ -+83, /* "keyUsage" */ -+477, /* "lastModifiedBy" */ -+476, /* "lastModifiedTime" */ -+157, /* "localKeyID" */ -+480, /* "mXRecord" */ -+460, /* "mail" */ -+493, /* "mailPreferenceOption" */ -+467, /* "manager" */ -+809, /* "md_gost94" */ -+875, /* "member" */ -+182, /* "member-body" */ -+51, /* "messageDigest" */ -+383, /* "mgmt" */ -+504, /* "mime-mhs" */ -+506, /* "mime-mhs-bodies" */ -+505, /* "mime-mhs-headings" */ -+488, /* "mobileTelephoneNumber" */ -+136, /* "msCTLSign" */ -+135, /* "msCodeCom" */ -+134, /* "msCodeInd" */ -+138, /* "msEFS" */ -+171, /* "msExtReq" */ -+137, /* "msSGC" */ -+648, /* "msSmartcardLogin" */ -+649, /* "msUPN" */ -+481, /* "nSRecord" */ -+173, /* "name" */ -+666, /* "nameConstraints" */ -+369, /* "noCheck" */ -+403, /* "noRevAvail" */ -+72, /* "nsBaseUrl" */ -+76, /* "nsCaPolicyUrl" */ -+74, /* "nsCaRevocationUrl" */ -+58, /* "nsCertExt" */ -+79, /* "nsCertSequence" */ -+71, /* "nsCertType" */ -+78, /* "nsComment" */ -+59, /* "nsDataType" */ -+75, /* "nsRenewalUrl" */ -+73, /* "nsRevocationUrl" */ -+139, /* "nsSGC" */ -+77, /* "nsSslServerName" */ -+681, /* "onBasis" */ -+491, /* "organizationalStatus" */ -+475, /* "otherMailbox" */ -+876, /* "owner" */ -+489, /* "pagerTelephoneNumber" */ -+374, /* "path" */ -+112, /* "pbeWithMD5AndCast5CBC" */ -+499, /* "personalSignature" */ -+487, /* "personalTitle" */ -+464, /* "photo" */ -+863, /* "physicalDeliveryOfficeName" */ -+437, /* "pilot" */ -+439, /* "pilotAttributeSyntax" */ -+438, /* "pilotAttributeType" */ -+479, /* "pilotAttributeType27" */ -+456, /* "pilotDSA" */ -+441, /* "pilotGroups" */ -+444, /* "pilotObject" */ -+440, /* "pilotObjectClass" */ -+455, /* "pilotOrganization" */ -+445, /* "pilotPerson" */ -+ 2, /* "pkcs" */ -+186, /* "pkcs1" */ -+27, /* "pkcs3" */ -+187, /* "pkcs5" */ -+20, /* "pkcs7" */ -+21, /* "pkcs7-data" */ -+25, /* "pkcs7-digestData" */ -+26, /* "pkcs7-encryptedData" */ -+23, /* "pkcs7-envelopedData" */ -+24, /* "pkcs7-signedAndEnvelopedData" */ -+22, /* "pkcs7-signedData" */ -+151, /* "pkcs8ShroudedKeyBag" */ -+47, /* "pkcs9" */ -+401, /* "policyConstraints" */ -+747, /* "policyMappings" */ -+862, /* "postOfficeBox" */ -+861, /* "postalAddress" */ -+661, /* "postalCode" */ -+683, /* "ppBasis" */ -+872, /* "preferredDeliveryMethod" */ -+873, /* "presentationAddress" */ -+816, /* "prf-gostr3411-94" */ -+406, /* "prime-field" */ -+409, /* "prime192v1" */ -+410, /* "prime192v2" */ -+411, /* "prime192v3" */ -+412, /* "prime239v1" */ -+413, /* "prime239v2" */ -+414, /* "prime239v3" */ -+415, /* "prime256v1" */ -+385, /* "private" */ -+84, /* "privateKeyUsagePeriod" */ -+886, /* "protocolInformation" */ -+663, /* "proxyCertInfo" */ -+510, /* "pseudonym" */ -+435, /* "pss" */ -+286, /* "qcStatements" */ -+457, /* "qualityLabelledData" */ -+450, /* "rFC822localPart" */ -+870, /* "registeredAddress" */ -+400, /* "role" */ -+877, /* "roleOccupant" */ -+448, /* "room" */ -+463, /* "roomNumber" */ -+ 6, /* "rsaEncryption" */ -+644, /* "rsaOAEPEncryptionSET" */ -+377, /* "rsaSignature" */ -+ 1, /* "rsadsi" */ -+482, /* "sOARecord" */ -+155, /* "safeContentsBag" */ -+291, /* "sbgp-autonomousSysNum" */ -+290, /* "sbgp-ipAddrBlock" */ -+292, /* "sbgp-routerIdentifier" */ -+159, /* "sdsiCertificate" */ -+859, /* "searchGuide" */ -+704, /* "secp112r1" */ -+705, /* "secp112r2" */ -+706, /* "secp128r1" */ -+707, /* "secp128r2" */ -+708, /* "secp160k1" */ -+709, /* "secp160r1" */ -+710, /* "secp160r2" */ -+711, /* "secp192k1" */ -+712, /* "secp224k1" */ -+713, /* "secp224r1" */ -+714, /* "secp256k1" */ -+715, /* "secp384r1" */ -+716, /* "secp521r1" */ -+154, /* "secretBag" */ -+474, /* "secretary" */ -+717, /* "sect113r1" */ -+718, /* "sect113r2" */ -+719, /* "sect131r1" */ -+720, /* "sect131r2" */ -+721, /* "sect163k1" */ -+722, /* "sect163r1" */ -+723, /* "sect163r2" */ -+724, /* "sect193r1" */ -+725, /* "sect193r2" */ -+726, /* "sect233k1" */ -+727, /* "sect233r1" */ -+728, /* "sect239k1" */ -+729, /* "sect283k1" */ -+730, /* "sect283r1" */ -+731, /* "sect409k1" */ -+732, /* "sect409r1" */ -+733, /* "sect571k1" */ -+734, /* "sect571r1" */ -+386, /* "security" */ -+878, /* "seeAlso" */ -+394, /* "selected-attribute-types" */ -+105, /* "serialNumber" */ -+129, /* "serverAuth" */ -+371, /* "serviceLocator" */ -+625, /* "set-addPolicy" */ -+515, /* "set-attr" */ -+518, /* "set-brand" */ -+638, /* "set-brand-AmericanExpress" */ -+637, /* "set-brand-Diners" */ -+636, /* "set-brand-IATA-ATA" */ -+639, /* "set-brand-JCB" */ -+641, /* "set-brand-MasterCard" */ -+642, /* "set-brand-Novus" */ -+640, /* "set-brand-Visa" */ -+517, /* "set-certExt" */ -+513, /* "set-ctype" */ -+514, /* "set-msgExt" */ -+516, /* "set-policy" */ -+607, /* "set-policy-root" */ -+624, /* "set-rootKeyThumb" */ -+620, /* "setAttr-Cert" */ -+631, /* "setAttr-GenCryptgrm" */ -+623, /* "setAttr-IssCap" */ -+628, /* "setAttr-IssCap-CVM" */ -+630, /* "setAttr-IssCap-Sig" */ -+629, /* "setAttr-IssCap-T2" */ -+621, /* "setAttr-PGWYcap" */ -+635, /* "setAttr-SecDevSig" */ -+632, /* "setAttr-T2Enc" */ -+633, /* "setAttr-T2cleartxt" */ -+634, /* "setAttr-TokICCsig" */ -+627, /* "setAttr-Token-B0Prime" */ -+626, /* "setAttr-Token-EMV" */ -+622, /* "setAttr-TokenType" */ -+619, /* "setCext-IssuerCapabilities" */ -+615, /* "setCext-PGWYcapabilities" */ -+616, /* "setCext-TokenIdentifier" */ -+618, /* "setCext-TokenType" */ -+617, /* "setCext-Track2Data" */ -+611, /* "setCext-cCertRequired" */ -+609, /* "setCext-certType" */ -+608, /* "setCext-hashedRoot" */ -+610, /* "setCext-merchData" */ -+613, /* "setCext-setExt" */ -+614, /* "setCext-setQualf" */ -+612, /* "setCext-tunneling" */ -+540, /* "setct-AcqCardCodeMsg" */ -+576, /* "setct-AcqCardCodeMsgTBE" */ -+570, /* "setct-AuthReqTBE" */ -+534, /* "setct-AuthReqTBS" */ -+527, /* "setct-AuthResBaggage" */ -+571, /* "setct-AuthResTBE" */ -+572, /* "setct-AuthResTBEX" */ -+535, /* "setct-AuthResTBS" */ -+536, /* "setct-AuthResTBSX" */ -+528, /* "setct-AuthRevReqBaggage" */ -+577, /* "setct-AuthRevReqTBE" */ -+541, /* "setct-AuthRevReqTBS" */ -+529, /* "setct-AuthRevResBaggage" */ -+542, /* "setct-AuthRevResData" */ -+578, /* "setct-AuthRevResTBE" */ -+579, /* "setct-AuthRevResTBEB" */ -+543, /* "setct-AuthRevResTBS" */ -+573, /* "setct-AuthTokenTBE" */ -+537, /* "setct-AuthTokenTBS" */ -+600, /* "setct-BCIDistributionTBS" */ -+558, /* "setct-BatchAdminReqData" */ -+592, /* "setct-BatchAdminReqTBE" */ -+559, /* "setct-BatchAdminResData" */ -+593, /* "setct-BatchAdminResTBE" */ -+599, /* "setct-CRLNotificationResTBS" */ -+598, /* "setct-CRLNotificationTBS" */ -+580, /* "setct-CapReqTBE" */ -+581, /* "setct-CapReqTBEX" */ -+544, /* "setct-CapReqTBS" */ -+545, /* "setct-CapReqTBSX" */ -+546, /* "setct-CapResData" */ -+582, /* "setct-CapResTBE" */ -+583, /* "setct-CapRevReqTBE" */ -+584, /* "setct-CapRevReqTBEX" */ -+547, /* "setct-CapRevReqTBS" */ -+548, /* "setct-CapRevReqTBSX" */ -+549, /* "setct-CapRevResData" */ -+585, /* "setct-CapRevResTBE" */ -+538, /* "setct-CapTokenData" */ -+530, /* "setct-CapTokenSeq" */ -+574, /* "setct-CapTokenTBE" */ -+575, /* "setct-CapTokenTBEX" */ -+539, /* "setct-CapTokenTBS" */ -+560, /* "setct-CardCInitResTBS" */ -+566, /* "setct-CertInqReqTBS" */ -+563, /* "setct-CertReqData" */ -+595, /* "setct-CertReqTBE" */ -+596, /* "setct-CertReqTBEX" */ -+564, /* "setct-CertReqTBS" */ -+565, /* "setct-CertResData" */ -+597, /* "setct-CertResTBE" */ -+586, /* "setct-CredReqTBE" */ -+587, /* "setct-CredReqTBEX" */ -+550, /* "setct-CredReqTBS" */ -+551, /* "setct-CredReqTBSX" */ -+552, /* "setct-CredResData" */ -+588, /* "setct-CredResTBE" */ -+589, /* "setct-CredRevReqTBE" */ -+590, /* "setct-CredRevReqTBEX" */ -+553, /* "setct-CredRevReqTBS" */ -+554, /* "setct-CredRevReqTBSX" */ -+555, /* "setct-CredRevResData" */ -+591, /* "setct-CredRevResTBE" */ -+567, /* "setct-ErrorTBS" */ -+526, /* "setct-HODInput" */ -+561, /* "setct-MeAqCInitResTBS" */ -+522, /* "setct-OIData" */ -+519, /* "setct-PANData" */ -+521, /* "setct-PANOnly" */ -+520, /* "setct-PANToken" */ -+556, /* "setct-PCertReqData" */ -+557, /* "setct-PCertResTBS" */ -+523, /* "setct-PI" */ -+532, /* "setct-PI-TBS" */ -+524, /* "setct-PIData" */ -+525, /* "setct-PIDataUnsigned" */ -+568, /* "setct-PIDualSignedTBE" */ -+569, /* "setct-PIUnsignedTBE" */ -+531, /* "setct-PInitResData" */ -+533, /* "setct-PResData" */ -+594, /* "setct-RegFormReqTBE" */ -+562, /* "setct-RegFormResTBS" */ -+606, /* "setext-cv" */ -+601, /* "setext-genCrypt" */ -+602, /* "setext-miAuth" */ -+604, /* "setext-pinAny" */ -+603, /* "setext-pinSecure" */ -+605, /* "setext-track2" */ -+52, /* "signingTime" */ -+454, /* "simpleSecurityObject" */ -+496, /* "singleLevelQuality" */ -+387, /* "snmpv2" */ -+660, /* "street" */ -+85, /* "subjectAltName" */ -+769, /* "subjectDirectoryAttributes" */ -+398, /* "subjectInfoAccess" */ -+82, /* "subjectKeyIdentifier" */ -+498, /* "subtreeMaximumQuality" */ -+497, /* "subtreeMinimumQuality" */ -+890, /* "supportedAlgorithms" */ -+874, /* "supportedApplicationContext" */ -+402, /* "targetInformation" */ -+864, /* "telephoneNumber" */ -+866, /* "teletexTerminalIdentifier" */ -+865, /* "telexNumber" */ -+459, /* "textEncodedORAddress" */ -+293, /* "textNotice" */ -+133, /* "timeStamping" */ -+106, /* "title" */ -+682, /* "tpBasis" */ -+375, /* "trustRoot" */ -+436, /* "ucl" */ -+888, /* "uniqueMember" */ -+55, /* "unstructuredAddress" */ -+49, /* "unstructuredName" */ -+880, /* "userCertificate" */ -+465, /* "userClass" */ -+879, /* "userPassword" */ -+373, /* "valid" */ -+678, /* "wap" */ -+679, /* "wap-wsg" */ -+735, /* "wap-wsg-idm-ecid-wtls1" */ -+743, /* "wap-wsg-idm-ecid-wtls10" */ -+744, /* "wap-wsg-idm-ecid-wtls11" */ -+745, /* "wap-wsg-idm-ecid-wtls12" */ -+736, /* "wap-wsg-idm-ecid-wtls3" */ -+737, /* "wap-wsg-idm-ecid-wtls4" */ -+738, /* "wap-wsg-idm-ecid-wtls5" */ -+739, /* "wap-wsg-idm-ecid-wtls6" */ -+740, /* "wap-wsg-idm-ecid-wtls7" */ -+741, /* "wap-wsg-idm-ecid-wtls8" */ -+742, /* "wap-wsg-idm-ecid-wtls9" */ -+804, /* "whirlpool" */ -+868, /* "x121Address" */ -+503, /* "x500UniqueIdentifier" */ -+158, /* "x509Certificate" */ -+160, /* "x509Crl" */ - }; - --#define NUM_LN 1052 --static const unsigned int ln_objs[NUM_LN] = { -- 363, /* "AD Time Stamping" */ -- 405, /* "ANSI X9.62" */ -- 368, /* "Acceptable OCSP Responses" */ -- 910, /* "Any Extended Key Usage" */ -- 664, /* "Any language" */ -- 177, /* "Authority Information Access" */ -- 365, /* "Basic OCSP Response" */ -- 285, /* "Biometric Info" */ -- 179, /* "CA Issuers" */ -- 785, /* "CA Repository" */ -- 954, /* "CT Certificate SCTs" */ -- 952, /* "CT Precertificate Poison" */ -- 951, /* "CT Precertificate SCTs" */ -- 953, /* "CT Precertificate Signer" */ -- 131, /* "Code Signing" */ -- 1024, /* "Ctrl/Provision WAP Termination" */ -- 1023, /* "Ctrl/provision WAP Access" */ -- 783, /* "Diffie-Hellman based MAC" */ -- 382, /* "Directory" */ -- 392, /* "Domain" */ -- 132, /* "E-mail Protection" */ -- 389, /* "Enterprises" */ -- 384, /* "Experimental" */ -- 372, /* "Extended OCSP Status" */ -- 172, /* "Extension Request" */ -- 813, /* "GOST 28147-89" */ -- 849, /* "GOST 28147-89 Cryptocom ParamSet" */ -- 815, /* "GOST 28147-89 MAC" */ -- 1003, /* "GOST 28147-89 TC26 parameter set" */ -- 851, /* "GOST 34.10-2001 Cryptocom" */ -- 850, /* "GOST 34.10-94 Cryptocom" */ -- 811, /* "GOST R 34.10-2001" */ -- 817, /* "GOST R 34.10-2001 DH" */ -- 998, /* "GOST R 34.10-2012 (512 bit) ParamSet A" */ -- 999, /* "GOST R 34.10-2012 (512 bit) ParamSet B" */ -- 997, /* "GOST R 34.10-2012 (512 bit) testing parameter set" */ -- 979, /* "GOST R 34.10-2012 with 256 bit modulus" */ -- 980, /* "GOST R 34.10-2012 with 512 bit modulus" */ -- 985, /* "GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)" */ -- 986, /* "GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)" */ -- 812, /* "GOST R 34.10-94" */ -- 818, /* "GOST R 34.10-94 DH" */ -- 982, /* "GOST R 34.11-2012 with 256 bit hash" */ -- 983, /* "GOST R 34.11-2012 with 512 bit hash" */ -- 809, /* "GOST R 34.11-94" */ -- 816, /* "GOST R 34.11-94 PRF" */ -- 807, /* "GOST R 34.11-94 with GOST R 34.10-2001" */ -- 853, /* "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom" */ -- 808, /* "GOST R 34.11-94 with GOST R 34.10-94" */ -- 852, /* "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" */ -- 854, /* "GOST R 3410-2001 Parameter Set Cryptocom" */ -- 988, /* "HMAC GOST 34.11-2012 256 bit" */ -- 989, /* "HMAC GOST 34.11-2012 512 bit" */ -- 810, /* "HMAC GOST 34.11-94" */ -- 432, /* "Hold Instruction Call Issuer" */ -- 430, /* "Hold Instruction Code" */ -- 431, /* "Hold Instruction None" */ -- 433, /* "Hold Instruction Reject" */ -- 634, /* "ICC or token signature" */ -- 1004, /* "INN" */ -- 294, /* "IPSec End System" */ -- 295, /* "IPSec Tunnel" */ -- 296, /* "IPSec User" */ -- 182, /* "ISO Member Body" */ -- 183, /* "ISO US Member Body" */ -- 667, /* "Independent" */ -- 665, /* "Inherit all" */ -- 647, /* "International Organizations" */ -- 142, /* "Invalidity Date" */ -- 504, /* "MIME MHS" */ -- 388, /* "Mail" */ -- 383, /* "Management" */ -- 417, /* "Microsoft CSP Name" */ -- 135, /* "Microsoft Commercial Code Signing" */ -- 138, /* "Microsoft Encrypted File System" */ -- 171, /* "Microsoft Extension Request" */ -- 134, /* "Microsoft Individual Code Signing" */ -- 856, /* "Microsoft Local Key set" */ -- 137, /* "Microsoft Server Gated Crypto" */ -- 648, /* "Microsoft Smartcardlogin" */ -- 136, /* "Microsoft Trust List Signing" */ -- 649, /* "Microsoft Universal Principal Name" */ -- 393, /* "NULL" */ -- 404, /* "NULL" */ -- 72, /* "Netscape Base Url" */ -- 76, /* "Netscape CA Policy Url" */ -- 74, /* "Netscape CA Revocation Url" */ -- 71, /* "Netscape Cert Type" */ -- 58, /* "Netscape Certificate Extension" */ -- 79, /* "Netscape Certificate Sequence" */ -- 78, /* "Netscape Comment" */ -- 57, /* "Netscape Communications Corp." */ -- 59, /* "Netscape Data Type" */ -- 75, /* "Netscape Renewal Url" */ -- 73, /* "Netscape Revocation Url" */ -- 77, /* "Netscape SSL Server Name" */ -- 139, /* "Netscape Server Gated Crypto" */ -- 178, /* "OCSP" */ -- 370, /* "OCSP Archive Cutoff" */ -- 367, /* "OCSP CRL ID" */ -- 369, /* "OCSP No Check" */ -- 366, /* "OCSP Nonce" */ -- 371, /* "OCSP Service Locator" */ -- 180, /* "OCSP Signing" */ -- 1005, /* "OGRN" */ -- 161, /* "PBES2" */ -- 69, /* "PBKDF2" */ -- 162, /* "PBMAC1" */ -- 1032, /* "PKINIT Client Auth" */ -- 127, /* "PKIX" */ -- 858, /* "Permanent Identifier" */ -- 164, /* "Policy Qualifier CPS" */ -- 165, /* "Policy Qualifier User Notice" */ -- 385, /* "Private" */ -- 663, /* "Proxy Certificate Information" */ -- 1, /* "RSA Data Security, Inc." */ -- 2, /* "RSA Data Security, Inc. PKCS" */ -- 188, /* "S/MIME" */ -- 167, /* "S/MIME Capabilities" */ -- 1006, /* "SNILS" */ -- 387, /* "SNMPv2" */ -- 1025, /* "SSH Client" */ -- 1026, /* "SSH Server" */ -- 512, /* "Secure Electronic Transactions" */ -- 386, /* "Security" */ -- 394, /* "Selected Attribute Types" */ -- 1029, /* "Send Owner" */ -- 1030, /* "Send Proxied Owner" */ -- 1028, /* "Send Proxied Router" */ -- 1027, /* "Send Router" */ -- 1033, /* "Signing KDC Response" */ -- 1008, /* "Signing Tool of Issuer" */ -- 1007, /* "Signing Tool of Subject" */ -- 143, /* "Strong Extranet ID" */ -- 398, /* "Subject Information Access" */ -- 1020, /* "TLS Feature" */ -- 130, /* "TLS Web Client Authentication" */ -- 129, /* "TLS Web Server Authentication" */ -- 133, /* "Time Stamping" */ -- 375, /* "Trust Root" */ -- 1034, /* "X25519" */ -- 1035, /* "X448" */ -- 12, /* "X509" */ -- 402, /* "X509v3 AC Targeting" */ -- 746, /* "X509v3 Any Policy" */ -- 90, /* "X509v3 Authority Key Identifier" */ -- 87, /* "X509v3 Basic Constraints" */ -- 103, /* "X509v3 CRL Distribution Points" */ -- 88, /* "X509v3 CRL Number" */ -- 141, /* "X509v3 CRL Reason Code" */ -- 771, /* "X509v3 Certificate Issuer" */ -- 89, /* "X509v3 Certificate Policies" */ -- 140, /* "X509v3 Delta CRL Indicator" */ -- 126, /* "X509v3 Extended Key Usage" */ -- 857, /* "X509v3 Freshest CRL" */ -- 748, /* "X509v3 Inhibit Any Policy" */ -- 86, /* "X509v3 Issuer Alternative Name" */ -- 770, /* "X509v3 Issuing Distribution Point" */ -- 83, /* "X509v3 Key Usage" */ -- 666, /* "X509v3 Name Constraints" */ -- 403, /* "X509v3 No Revocation Available" */ -- 401, /* "X509v3 Policy Constraints" */ -- 747, /* "X509v3 Policy Mappings" */ -- 84, /* "X509v3 Private Key Usage Period" */ -- 85, /* "X509v3 Subject Alternative Name" */ -- 769, /* "X509v3 Subject Directory Attributes" */ -- 82, /* "X509v3 Subject Key Identifier" */ -- 920, /* "X9.42 DH" */ -- 184, /* "X9.57" */ -- 185, /* "X9.57 CM ?" */ -- 478, /* "aRecord" */ -- 289, /* "aaControls" */ -- 287, /* "ac-auditEntity" */ -- 397, /* "ac-proxying" */ -- 288, /* "ac-targeting" */ -- 446, /* "account" */ -- 364, /* "ad dvcs" */ -- 606, /* "additional verification" */ -- 419, /* "aes-128-cbc" */ -- 916, /* "aes-128-cbc-hmac-sha1" */ -- 948, /* "aes-128-cbc-hmac-sha256" */ -- 896, /* "aes-128-ccm" */ -- 421, /* "aes-128-cfb" */ -- 650, /* "aes-128-cfb1" */ -- 653, /* "aes-128-cfb8" */ -- 904, /* "aes-128-ctr" */ -- 418, /* "aes-128-ecb" */ -- 895, /* "aes-128-gcm" */ -- 958, /* "aes-128-ocb" */ -- 420, /* "aes-128-ofb" */ -- 913, /* "aes-128-xts" */ -- 423, /* "aes-192-cbc" */ -- 917, /* "aes-192-cbc-hmac-sha1" */ -- 949, /* "aes-192-cbc-hmac-sha256" */ -- 899, /* "aes-192-ccm" */ -- 425, /* "aes-192-cfb" */ -- 651, /* "aes-192-cfb1" */ -- 654, /* "aes-192-cfb8" */ -- 905, /* "aes-192-ctr" */ -- 422, /* "aes-192-ecb" */ -- 898, /* "aes-192-gcm" */ -- 959, /* "aes-192-ocb" */ -- 424, /* "aes-192-ofb" */ -- 427, /* "aes-256-cbc" */ -- 918, /* "aes-256-cbc-hmac-sha1" */ -- 950, /* "aes-256-cbc-hmac-sha256" */ -- 902, /* "aes-256-ccm" */ -- 429, /* "aes-256-cfb" */ -- 652, /* "aes-256-cfb1" */ -- 655, /* "aes-256-cfb8" */ -- 906, /* "aes-256-ctr" */ -- 426, /* "aes-256-ecb" */ -- 901, /* "aes-256-gcm" */ -- 960, /* "aes-256-ocb" */ -- 428, /* "aes-256-ofb" */ -- 914, /* "aes-256-xts" */ -- 376, /* "algorithm" */ -- 484, /* "associatedDomain" */ -- 485, /* "associatedName" */ -- 501, /* "audio" */ -- 1049, /* "auth-dss" */ -- 1047, /* "auth-ecdsa" */ -- 1050, /* "auth-gost01" */ -- 1051, /* "auth-gost12" */ -- 1053, /* "auth-null" */ -- 1048, /* "auth-psk" */ -- 1046, /* "auth-rsa" */ -- 1052, /* "auth-srp" */ -- 882, /* "authorityRevocationList" */ -- 91, /* "bf-cbc" */ -- 93, /* "bf-cfb" */ -- 92, /* "bf-ecb" */ -- 94, /* "bf-ofb" */ -- 1056, /* "blake2b512" */ -- 1057, /* "blake2s256" */ -- 921, /* "brainpoolP160r1" */ -- 922, /* "brainpoolP160t1" */ -- 923, /* "brainpoolP192r1" */ -- 924, /* "brainpoolP192t1" */ -- 925, /* "brainpoolP224r1" */ -- 926, /* "brainpoolP224t1" */ -- 927, /* "brainpoolP256r1" */ -- 928, /* "brainpoolP256t1" */ -- 929, /* "brainpoolP320r1" */ -- 930, /* "brainpoolP320t1" */ -- 931, /* "brainpoolP384r1" */ -- 932, /* "brainpoolP384t1" */ -- 933, /* "brainpoolP512r1" */ -- 934, /* "brainpoolP512t1" */ -- 494, /* "buildingName" */ -- 860, /* "businessCategory" */ -- 691, /* "c2onb191v4" */ -- 692, /* "c2onb191v5" */ -- 697, /* "c2onb239v4" */ -- 698, /* "c2onb239v5" */ -- 684, /* "c2pnb163v1" */ -- 685, /* "c2pnb163v2" */ -- 686, /* "c2pnb163v3" */ -- 687, /* "c2pnb176v1" */ -- 693, /* "c2pnb208w1" */ -- 699, /* "c2pnb272w1" */ -- 700, /* "c2pnb304w1" */ -- 702, /* "c2pnb368w1" */ -- 688, /* "c2tnb191v1" */ -- 689, /* "c2tnb191v2" */ -- 690, /* "c2tnb191v3" */ -- 694, /* "c2tnb239v1" */ -- 695, /* "c2tnb239v2" */ -- 696, /* "c2tnb239v3" */ -- 701, /* "c2tnb359v1" */ -- 703, /* "c2tnb431r1" */ -- 881, /* "cACertificate" */ -- 483, /* "cNAMERecord" */ -- 751, /* "camellia-128-cbc" */ -- 962, /* "camellia-128-ccm" */ -- 757, /* "camellia-128-cfb" */ -- 760, /* "camellia-128-cfb1" */ -- 763, /* "camellia-128-cfb8" */ -- 964, /* "camellia-128-cmac" */ -- 963, /* "camellia-128-ctr" */ -- 754, /* "camellia-128-ecb" */ -- 961, /* "camellia-128-gcm" */ -- 766, /* "camellia-128-ofb" */ -- 752, /* "camellia-192-cbc" */ -- 966, /* "camellia-192-ccm" */ -- 758, /* "camellia-192-cfb" */ -- 761, /* "camellia-192-cfb1" */ -- 764, /* "camellia-192-cfb8" */ -- 968, /* "camellia-192-cmac" */ -- 967, /* "camellia-192-ctr" */ -- 755, /* "camellia-192-ecb" */ -- 965, /* "camellia-192-gcm" */ -- 767, /* "camellia-192-ofb" */ -- 753, /* "camellia-256-cbc" */ -- 970, /* "camellia-256-ccm" */ -- 759, /* "camellia-256-cfb" */ -- 762, /* "camellia-256-cfb1" */ -- 765, /* "camellia-256-cfb8" */ -- 972, /* "camellia-256-cmac" */ -- 971, /* "camellia-256-ctr" */ -- 756, /* "camellia-256-ecb" */ -- 969, /* "camellia-256-gcm" */ -- 768, /* "camellia-256-ofb" */ -- 443, /* "caseIgnoreIA5StringSyntax" */ -- 108, /* "cast5-cbc" */ -- 110, /* "cast5-cfb" */ -- 109, /* "cast5-ecb" */ -- 111, /* "cast5-ofb" */ -- 152, /* "certBag" */ -- 677, /* "certicom-arc" */ -- 517, /* "certificate extensions" */ -- 883, /* "certificateRevocationList" */ -- 1019, /* "chacha20" */ -- 1018, /* "chacha20-poly1305" */ -- 54, /* "challengePassword" */ -- 407, /* "characteristic-two-field" */ -- 395, /* "clearance" */ -- 633, /* "cleartext track 2" */ -- 894, /* "cmac" */ -- 13, /* "commonName" */ -- 513, /* "content types" */ -- 50, /* "contentType" */ -- 53, /* "countersignature" */ -- 14, /* "countryName" */ -- 153, /* "crlBag" */ -- 884, /* "crossCertificatePair" */ -- 806, /* "cryptocom" */ -- 805, /* "cryptopro" */ -- 500, /* "dITRedirect" */ -- 451, /* "dNSDomain" */ -- 495, /* "dSAQuality" */ -- 434, /* "data" */ -- 390, /* "dcObject" */ -- 891, /* "deltaRevocationList" */ -- 31, /* "des-cbc" */ -- 643, /* "des-cdmf" */ -- 30, /* "des-cfb" */ -- 656, /* "des-cfb1" */ -- 657, /* "des-cfb8" */ -- 29, /* "des-ecb" */ -- 32, /* "des-ede" */ -- 43, /* "des-ede-cbc" */ -- 60, /* "des-ede-cfb" */ -- 62, /* "des-ede-ofb" */ -- 33, /* "des-ede3" */ -- 44, /* "des-ede3-cbc" */ -- 61, /* "des-ede3-cfb" */ -- 658, /* "des-ede3-cfb1" */ -- 659, /* "des-ede3-cfb8" */ -- 63, /* "des-ede3-ofb" */ -- 45, /* "des-ofb" */ -- 107, /* "description" */ -- 871, /* "destinationIndicator" */ -- 80, /* "desx-cbc" */ -- 947, /* "dh-cofactor-kdf" */ -- 946, /* "dh-std-kdf" */ -- 28, /* "dhKeyAgreement" */ -- 941, /* "dhSinglePass-cofactorDH-sha1kdf-scheme" */ -- 942, /* "dhSinglePass-cofactorDH-sha224kdf-scheme" */ -- 943, /* "dhSinglePass-cofactorDH-sha256kdf-scheme" */ -- 944, /* "dhSinglePass-cofactorDH-sha384kdf-scheme" */ -- 945, /* "dhSinglePass-cofactorDH-sha512kdf-scheme" */ -- 936, /* "dhSinglePass-stdDH-sha1kdf-scheme" */ -- 937, /* "dhSinglePass-stdDH-sha224kdf-scheme" */ -- 938, /* "dhSinglePass-stdDH-sha256kdf-scheme" */ -- 939, /* "dhSinglePass-stdDH-sha384kdf-scheme" */ -- 940, /* "dhSinglePass-stdDH-sha512kdf-scheme" */ -- 11, /* "directory services (X.500)" */ -- 378, /* "directory services - algorithms" */ -- 887, /* "distinguishedName" */ -- 892, /* "dmdName" */ -- 174, /* "dnQualifier" */ -- 447, /* "document" */ -- 471, /* "documentAuthor" */ -- 468, /* "documentIdentifier" */ -- 472, /* "documentLocation" */ -- 502, /* "documentPublisher" */ -- 449, /* "documentSeries" */ -- 469, /* "documentTitle" */ -- 470, /* "documentVersion" */ -- 380, /* "dod" */ -- 391, /* "domainComponent" */ -- 452, /* "domainRelatedObject" */ -- 116, /* "dsaEncryption" */ -- 67, /* "dsaEncryption-old" */ -- 66, /* "dsaWithSHA" */ -- 113, /* "dsaWithSHA1" */ -- 70, /* "dsaWithSHA1-old" */ -- 802, /* "dsa_with_SHA224" */ -- 803, /* "dsa_with_SHA256" */ -- 297, /* "dvcs" */ -- 791, /* "ecdsa-with-Recommended" */ -- 416, /* "ecdsa-with-SHA1" */ -- 793, /* "ecdsa-with-SHA224" */ -- 794, /* "ecdsa-with-SHA256" */ -- 795, /* "ecdsa-with-SHA384" */ -- 796, /* "ecdsa-with-SHA512" */ -- 792, /* "ecdsa-with-Specified" */ -- 48, /* "emailAddress" */ -- 632, /* "encrypted track 2" */ -- 885, /* "enhancedSearchGuide" */ -- 56, /* "extendedCertificateAttributes" */ -- 867, /* "facsimileTelephoneNumber" */ -- 462, /* "favouriteDrink" */ -- 453, /* "friendlyCountry" */ -- 490, /* "friendlyCountryName" */ -- 156, /* "friendlyName" */ -- 631, /* "generate cryptogram" */ -- 509, /* "generationQualifier" */ -- 601, /* "generic cryptogram" */ -- 99, /* "givenName" */ -- 976, /* "gost-mac-12" */ -- 1009, /* "gost89-cbc" */ -- 814, /* "gost89-cnt" */ -- 975, /* "gost89-cnt-12" */ -- 1011, /* "gost89-ctr" */ -- 1010, /* "gost89-ecb" */ -- 1015, /* "grasshopper-cbc" */ -- 1016, /* "grasshopper-cfb" */ -- 1013, /* "grasshopper-ctr" */ -- 1012, /* "grasshopper-ecb" */ -- 1017, /* "grasshopper-mac" */ -- 1014, /* "grasshopper-ofb" */ -- 1036, /* "hkdf" */ -- 855, /* "hmac" */ -- 780, /* "hmac-md5" */ -- 781, /* "hmac-sha1" */ -- 797, /* "hmacWithMD5" */ -- 163, /* "hmacWithSHA1" */ -- 798, /* "hmacWithSHA224" */ -- 799, /* "hmacWithSHA256" */ -- 800, /* "hmacWithSHA384" */ -- 801, /* "hmacWithSHA512" */ -- 486, /* "homePostalAddress" */ -- 473, /* "homeTelephoneNumber" */ -- 466, /* "host" */ -- 889, /* "houseIdentifier" */ -- 442, /* "iA5StringSyntax" */ -- 381, /* "iana" */ -- 824, /* "id-Gost28147-89-CryptoPro-A-ParamSet" */ -- 825, /* "id-Gost28147-89-CryptoPro-B-ParamSet" */ -- 826, /* "id-Gost28147-89-CryptoPro-C-ParamSet" */ -- 827, /* "id-Gost28147-89-CryptoPro-D-ParamSet" */ -- 819, /* "id-Gost28147-89-CryptoPro-KeyMeshing" */ -- 829, /* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */ -- 828, /* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */ -- 830, /* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */ -- 820, /* "id-Gost28147-89-None-KeyMeshing" */ -- 823, /* "id-Gost28147-89-TestParamSet" */ -- 840, /* "id-GostR3410-2001-CryptoPro-A-ParamSet" */ -- 841, /* "id-GostR3410-2001-CryptoPro-B-ParamSet" */ -- 842, /* "id-GostR3410-2001-CryptoPro-C-ParamSet" */ -- 843, /* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */ -- 844, /* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */ -- 839, /* "id-GostR3410-2001-TestParamSet" */ -- 832, /* "id-GostR3410-94-CryptoPro-A-ParamSet" */ -- 833, /* "id-GostR3410-94-CryptoPro-B-ParamSet" */ -- 834, /* "id-GostR3410-94-CryptoPro-C-ParamSet" */ -- 835, /* "id-GostR3410-94-CryptoPro-D-ParamSet" */ -- 836, /* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */ -- 837, /* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */ -- 838, /* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */ -- 831, /* "id-GostR3410-94-TestParamSet" */ -- 845, /* "id-GostR3410-94-a" */ -- 846, /* "id-GostR3410-94-aBis" */ -- 847, /* "id-GostR3410-94-b" */ -- 848, /* "id-GostR3410-94-bBis" */ -- 822, /* "id-GostR3411-94-CryptoProParamSet" */ -- 821, /* "id-GostR3411-94-TestParamSet" */ -- 266, /* "id-aca" */ -- 355, /* "id-aca-accessIdentity" */ -- 354, /* "id-aca-authenticationInfo" */ -- 356, /* "id-aca-chargingIdentity" */ -- 399, /* "id-aca-encAttrs" */ -- 357, /* "id-aca-group" */ -- 358, /* "id-aca-role" */ -- 176, /* "id-ad" */ -- 788, /* "id-aes128-wrap" */ -- 897, /* "id-aes128-wrap-pad" */ -- 789, /* "id-aes192-wrap" */ -- 900, /* "id-aes192-wrap-pad" */ -- 790, /* "id-aes256-wrap" */ -- 903, /* "id-aes256-wrap-pad" */ -- 262, /* "id-alg" */ -- 893, /* "id-alg-PWRI-KEK" */ -- 323, /* "id-alg-des40" */ -- 326, /* "id-alg-dh-pop" */ -- 325, /* "id-alg-dh-sig-hmac-sha1" */ -- 324, /* "id-alg-noSignature" */ -- 907, /* "id-camellia128-wrap" */ -- 908, /* "id-camellia192-wrap" */ -- 909, /* "id-camellia256-wrap" */ -- 268, /* "id-cct" */ -- 361, /* "id-cct-PKIData" */ -- 362, /* "id-cct-PKIResponse" */ -- 360, /* "id-cct-crs" */ -- 81, /* "id-ce" */ -- 680, /* "id-characteristic-two-basis" */ -- 263, /* "id-cmc" */ -- 334, /* "id-cmc-addExtensions" */ -- 346, /* "id-cmc-confirmCertAcceptance" */ -- 330, /* "id-cmc-dataReturn" */ -- 336, /* "id-cmc-decryptedPOP" */ -- 335, /* "id-cmc-encryptedPOP" */ -- 339, /* "id-cmc-getCRL" */ -- 338, /* "id-cmc-getCert" */ -- 328, /* "id-cmc-identification" */ -- 329, /* "id-cmc-identityProof" */ -- 337, /* "id-cmc-lraPOPWitness" */ -- 344, /* "id-cmc-popLinkRandom" */ -- 345, /* "id-cmc-popLinkWitness" */ -- 343, /* "id-cmc-queryPending" */ -- 333, /* "id-cmc-recipientNonce" */ -- 341, /* "id-cmc-regInfo" */ -- 342, /* "id-cmc-responseInfo" */ -- 340, /* "id-cmc-revokeRequest" */ -- 332, /* "id-cmc-senderNonce" */ -- 327, /* "id-cmc-statusInfo" */ -- 331, /* "id-cmc-transactionId" */ -- 787, /* "id-ct-asciiTextWithCRLF" */ -- 1060, /* "id-ct-xml" */ -- 408, /* "id-ecPublicKey" */ -- 508, /* "id-hex-multipart-message" */ -- 507, /* "id-hex-partial-message" */ -- 260, /* "id-it" */ -- 302, /* "id-it-caKeyUpdateInfo" */ -- 298, /* "id-it-caProtEncCert" */ -- 311, /* "id-it-confirmWaitTime" */ -- 303, /* "id-it-currentCRL" */ -- 300, /* "id-it-encKeyPairTypes" */ -- 310, /* "id-it-implicitConfirm" */ -- 308, /* "id-it-keyPairParamRep" */ -- 307, /* "id-it-keyPairParamReq" */ -- 312, /* "id-it-origPKIMessage" */ -- 301, /* "id-it-preferredSymmAlg" */ -- 309, /* "id-it-revPassphrase" */ -- 299, /* "id-it-signKeyPairTypes" */ -- 305, /* "id-it-subscriptionRequest" */ -- 306, /* "id-it-subscriptionResponse" */ -- 784, /* "id-it-suppLangTags" */ -- 304, /* "id-it-unsupportedOIDs" */ -- 128, /* "id-kp" */ -- 280, /* "id-mod-attribute-cert" */ -- 274, /* "id-mod-cmc" */ -- 277, /* "id-mod-cmp" */ -- 284, /* "id-mod-cmp2000" */ -- 273, /* "id-mod-crmf" */ -- 283, /* "id-mod-dvcs" */ -- 275, /* "id-mod-kea-profile-88" */ -- 276, /* "id-mod-kea-profile-93" */ -- 282, /* "id-mod-ocsp" */ -- 278, /* "id-mod-qualified-cert-88" */ -- 279, /* "id-mod-qualified-cert-93" */ -- 281, /* "id-mod-timestamp-protocol" */ -- 264, /* "id-on" */ -- 347, /* "id-on-personalData" */ -- 265, /* "id-pda" */ -- 352, /* "id-pda-countryOfCitizenship" */ -- 353, /* "id-pda-countryOfResidence" */ -- 348, /* "id-pda-dateOfBirth" */ -- 351, /* "id-pda-gender" */ -- 349, /* "id-pda-placeOfBirth" */ -- 175, /* "id-pe" */ -- 1031, /* "id-pkinit" */ -- 261, /* "id-pkip" */ -- 258, /* "id-pkix-mod" */ -- 269, /* "id-pkix1-explicit-88" */ -- 271, /* "id-pkix1-explicit-93" */ -- 270, /* "id-pkix1-implicit-88" */ -- 272, /* "id-pkix1-implicit-93" */ -- 662, /* "id-ppl" */ -- 267, /* "id-qcs" */ -- 359, /* "id-qcs-pkixQCSyntax-v1" */ -- 259, /* "id-qt" */ -- 313, /* "id-regCtrl" */ -- 316, /* "id-regCtrl-authenticator" */ -- 319, /* "id-regCtrl-oldCertID" */ -- 318, /* "id-regCtrl-pkiArchiveOptions" */ -- 317, /* "id-regCtrl-pkiPublicationInfo" */ -- 320, /* "id-regCtrl-protocolEncrKey" */ -- 315, /* "id-regCtrl-regToken" */ -- 314, /* "id-regInfo" */ -- 322, /* "id-regInfo-certReq" */ -- 321, /* "id-regInfo-utf8Pairs" */ -- 973, /* "id-scrypt" */ -- 191, /* "id-smime-aa" */ -- 215, /* "id-smime-aa-contentHint" */ -- 218, /* "id-smime-aa-contentIdentifier" */ -- 221, /* "id-smime-aa-contentReference" */ -- 240, /* "id-smime-aa-dvcs-dvc" */ -- 217, /* "id-smime-aa-encapContentType" */ -- 222, /* "id-smime-aa-encrypKeyPref" */ -- 220, /* "id-smime-aa-equivalentLabels" */ -- 232, /* "id-smime-aa-ets-CertificateRefs" */ -- 233, /* "id-smime-aa-ets-RevocationRefs" */ -- 238, /* "id-smime-aa-ets-archiveTimeStamp" */ -- 237, /* "id-smime-aa-ets-certCRLTimestamp" */ -- 234, /* "id-smime-aa-ets-certValues" */ -- 227, /* "id-smime-aa-ets-commitmentType" */ -- 231, /* "id-smime-aa-ets-contentTimestamp" */ -- 236, /* "id-smime-aa-ets-escTimeStamp" */ -- 230, /* "id-smime-aa-ets-otherSigCert" */ -- 235, /* "id-smime-aa-ets-revocationValues" */ -- 226, /* "id-smime-aa-ets-sigPolicyId" */ -- 229, /* "id-smime-aa-ets-signerAttr" */ -- 228, /* "id-smime-aa-ets-signerLocation" */ -- 219, /* "id-smime-aa-macValue" */ -- 214, /* "id-smime-aa-mlExpandHistory" */ -- 216, /* "id-smime-aa-msgSigDigest" */ -- 212, /* "id-smime-aa-receiptRequest" */ -- 213, /* "id-smime-aa-securityLabel" */ -- 239, /* "id-smime-aa-signatureType" */ -- 223, /* "id-smime-aa-signingCertificate" */ -- 224, /* "id-smime-aa-smimeEncryptCerts" */ -- 225, /* "id-smime-aa-timeStampToken" */ -- 192, /* "id-smime-alg" */ -- 243, /* "id-smime-alg-3DESwrap" */ -- 246, /* "id-smime-alg-CMS3DESwrap" */ -- 247, /* "id-smime-alg-CMSRC2wrap" */ -- 245, /* "id-smime-alg-ESDH" */ -- 241, /* "id-smime-alg-ESDHwith3DES" */ -- 242, /* "id-smime-alg-ESDHwithRC2" */ -- 244, /* "id-smime-alg-RC2wrap" */ -- 193, /* "id-smime-cd" */ -- 248, /* "id-smime-cd-ldap" */ -- 190, /* "id-smime-ct" */ -- 210, /* "id-smime-ct-DVCSRequestData" */ -- 211, /* "id-smime-ct-DVCSResponseData" */ -- 208, /* "id-smime-ct-TDTInfo" */ -- 207, /* "id-smime-ct-TSTInfo" */ -- 205, /* "id-smime-ct-authData" */ -- 1059, /* "id-smime-ct-authEnvelopedData" */ -- 786, /* "id-smime-ct-compressedData" */ -- 1058, /* "id-smime-ct-contentCollection" */ -- 209, /* "id-smime-ct-contentInfo" */ -- 206, /* "id-smime-ct-publishCert" */ -- 204, /* "id-smime-ct-receipt" */ -- 195, /* "id-smime-cti" */ -- 255, /* "id-smime-cti-ets-proofOfApproval" */ -- 256, /* "id-smime-cti-ets-proofOfCreation" */ -- 253, /* "id-smime-cti-ets-proofOfDelivery" */ -- 251, /* "id-smime-cti-ets-proofOfOrigin" */ -- 252, /* "id-smime-cti-ets-proofOfReceipt" */ -- 254, /* "id-smime-cti-ets-proofOfSender" */ -- 189, /* "id-smime-mod" */ -- 196, /* "id-smime-mod-cms" */ -- 197, /* "id-smime-mod-ess" */ -- 202, /* "id-smime-mod-ets-eSigPolicy-88" */ -- 203, /* "id-smime-mod-ets-eSigPolicy-97" */ -- 200, /* "id-smime-mod-ets-eSignature-88" */ -- 201, /* "id-smime-mod-ets-eSignature-97" */ -- 199, /* "id-smime-mod-msg-v3" */ -- 198, /* "id-smime-mod-oid" */ -- 194, /* "id-smime-spq" */ -- 250, /* "id-smime-spq-ets-sqt-unotice" */ -- 249, /* "id-smime-spq-ets-sqt-uri" */ -- 974, /* "id-tc26" */ -- 991, /* "id-tc26-agreement" */ -- 992, /* "id-tc26-agreement-gost-3410-2012-256" */ -- 993, /* "id-tc26-agreement-gost-3410-2012-512" */ -- 977, /* "id-tc26-algorithms" */ -- 990, /* "id-tc26-cipher" */ -- 1001, /* "id-tc26-cipher-constants" */ -- 994, /* "id-tc26-constants" */ -- 981, /* "id-tc26-digest" */ -- 1000, /* "id-tc26-digest-constants" */ -- 1002, /* "id-tc26-gost-28147-constants" */ -- 996, /* "id-tc26-gost-3410-2012-512-constants" */ -- 987, /* "id-tc26-mac" */ -- 978, /* "id-tc26-sign" */ -- 995, /* "id-tc26-sign-constants" */ -- 984, /* "id-tc26-signwithdigest" */ -- 34, /* "idea-cbc" */ -- 35, /* "idea-cfb" */ -- 36, /* "idea-ecb" */ -- 46, /* "idea-ofb" */ -- 676, /* "identified-organization" */ -- 461, /* "info" */ -- 101, /* "initials" */ -- 869, /* "internationaliSDNNumber" */ -- 1022, /* "ipsec Internet Key Exchange" */ -- 749, /* "ipsec3" */ -- 750, /* "ipsec4" */ -- 181, /* "iso" */ -- 623, /* "issuer capabilities" */ -- 645, /* "itu-t" */ -- 492, /* "janetMailbox" */ -- 646, /* "joint-iso-itu-t" */ -- 957, /* "jurisdictionCountryName" */ -- 955, /* "jurisdictionLocalityName" */ -- 956, /* "jurisdictionStateOrProvinceName" */ -- 150, /* "keyBag" */ -- 773, /* "kisa" */ -- 1039, /* "kx-dhe" */ -- 1041, /* "kx-dhe-psk" */ -- 1038, /* "kx-ecdhe" */ -- 1040, /* "kx-ecdhe-psk" */ -- 1045, /* "kx-gost" */ -- 1043, /* "kx-psk" */ -- 1037, /* "kx-rsa" */ -- 1042, /* "kx-rsa-psk" */ -- 1044, /* "kx-srp" */ -- 477, /* "lastModifiedBy" */ -- 476, /* "lastModifiedTime" */ -- 157, /* "localKeyID" */ -- 15, /* "localityName" */ -- 480, /* "mXRecord" */ -- 493, /* "mailPreferenceOption" */ -- 467, /* "manager" */ -- 3, /* "md2" */ -- 7, /* "md2WithRSAEncryption" */ -- 257, /* "md4" */ -- 396, /* "md4WithRSAEncryption" */ -- 4, /* "md5" */ -- 114, /* "md5-sha1" */ -- 104, /* "md5WithRSA" */ -- 8, /* "md5WithRSAEncryption" */ -- 95, /* "mdc2" */ -- 96, /* "mdc2WithRSA" */ -- 875, /* "member" */ -- 602, /* "merchant initiated auth" */ -- 514, /* "message extensions" */ -- 51, /* "messageDigest" */ -- 911, /* "mgf1" */ -- 506, /* "mime-mhs-bodies" */ -- 505, /* "mime-mhs-headings" */ -- 488, /* "mobileTelephoneNumber" */ -- 481, /* "nSRecord" */ -- 173, /* "name" */ -- 681, /* "onBasis" */ -- 379, /* "org" */ -- 17, /* "organizationName" */ -- 491, /* "organizationalStatus" */ -- 18, /* "organizationalUnitName" */ -- 475, /* "otherMailbox" */ -- 876, /* "owner" */ -- 935, /* "pSpecified" */ -- 489, /* "pagerTelephoneNumber" */ -- 782, /* "password based MAC" */ -- 374, /* "path" */ -- 621, /* "payment gateway capabilities" */ -- 9, /* "pbeWithMD2AndDES-CBC" */ -- 168, /* "pbeWithMD2AndRC2-CBC" */ -- 112, /* "pbeWithMD5AndCast5CBC" */ -- 10, /* "pbeWithMD5AndDES-CBC" */ -- 169, /* "pbeWithMD5AndRC2-CBC" */ -- 148, /* "pbeWithSHA1And128BitRC2-CBC" */ -- 144, /* "pbeWithSHA1And128BitRC4" */ -- 147, /* "pbeWithSHA1And2-KeyTripleDES-CBC" */ -- 146, /* "pbeWithSHA1And3-KeyTripleDES-CBC" */ -- 149, /* "pbeWithSHA1And40BitRC2-CBC" */ -- 145, /* "pbeWithSHA1And40BitRC4" */ -- 170, /* "pbeWithSHA1AndDES-CBC" */ -- 68, /* "pbeWithSHA1AndRC2-CBC" */ -- 499, /* "personalSignature" */ -- 487, /* "personalTitle" */ -- 464, /* "photo" */ -- 863, /* "physicalDeliveryOfficeName" */ -- 437, /* "pilot" */ -- 439, /* "pilotAttributeSyntax" */ -- 438, /* "pilotAttributeType" */ -- 479, /* "pilotAttributeType27" */ -- 456, /* "pilotDSA" */ -- 441, /* "pilotGroups" */ -- 444, /* "pilotObject" */ -- 440, /* "pilotObjectClass" */ -- 455, /* "pilotOrganization" */ -- 445, /* "pilotPerson" */ -- 186, /* "pkcs1" */ -- 27, /* "pkcs3" */ -- 187, /* "pkcs5" */ -- 20, /* "pkcs7" */ -- 21, /* "pkcs7-data" */ -- 25, /* "pkcs7-digestData" */ -- 26, /* "pkcs7-encryptedData" */ -- 23, /* "pkcs7-envelopedData" */ -- 24, /* "pkcs7-signedAndEnvelopedData" */ -- 22, /* "pkcs7-signedData" */ -- 151, /* "pkcs8ShroudedKeyBag" */ -- 47, /* "pkcs9" */ -- 862, /* "postOfficeBox" */ -- 861, /* "postalAddress" */ -- 661, /* "postalCode" */ -- 683, /* "ppBasis" */ -- 872, /* "preferredDeliveryMethod" */ -- 873, /* "presentationAddress" */ -- 406, /* "prime-field" */ -- 409, /* "prime192v1" */ -- 410, /* "prime192v2" */ -- 411, /* "prime192v3" */ -- 412, /* "prime239v1" */ -- 413, /* "prime239v2" */ -- 414, /* "prime239v3" */ -- 415, /* "prime256v1" */ -- 886, /* "protocolInformation" */ -- 510, /* "pseudonym" */ -- 435, /* "pss" */ -- 286, /* "qcStatements" */ -- 457, /* "qualityLabelledData" */ -- 450, /* "rFC822localPart" */ -- 98, /* "rc2-40-cbc" */ -- 166, /* "rc2-64-cbc" */ -- 37, /* "rc2-cbc" */ -- 39, /* "rc2-cfb" */ -- 38, /* "rc2-ecb" */ -- 40, /* "rc2-ofb" */ -- 5, /* "rc4" */ -- 97, /* "rc4-40" */ -- 915, /* "rc4-hmac-md5" */ -- 120, /* "rc5-cbc" */ -- 122, /* "rc5-cfb" */ -- 121, /* "rc5-ecb" */ -- 123, /* "rc5-ofb" */ -- 870, /* "registeredAddress" */ -- 460, /* "rfc822Mailbox" */ -- 117, /* "ripemd160" */ -- 119, /* "ripemd160WithRSA" */ -- 400, /* "role" */ -- 877, /* "roleOccupant" */ -- 448, /* "room" */ -- 463, /* "roomNumber" */ -- 19, /* "rsa" */ -- 6, /* "rsaEncryption" */ -- 644, /* "rsaOAEPEncryptionSET" */ -- 377, /* "rsaSignature" */ -- 919, /* "rsaesOaep" */ -- 912, /* "rsassaPss" */ -- 482, /* "sOARecord" */ -- 155, /* "safeContentsBag" */ -- 291, /* "sbgp-autonomousSysNum" */ -- 290, /* "sbgp-ipAddrBlock" */ -- 292, /* "sbgp-routerIdentifier" */ -- 159, /* "sdsiCertificate" */ -- 859, /* "searchGuide" */ -- 704, /* "secp112r1" */ -- 705, /* "secp112r2" */ -- 706, /* "secp128r1" */ -- 707, /* "secp128r2" */ -- 708, /* "secp160k1" */ -- 709, /* "secp160r1" */ -- 710, /* "secp160r2" */ -- 711, /* "secp192k1" */ -- 712, /* "secp224k1" */ -- 713, /* "secp224r1" */ -- 714, /* "secp256k1" */ -- 715, /* "secp384r1" */ -- 716, /* "secp521r1" */ -- 154, /* "secretBag" */ -- 474, /* "secretary" */ -- 717, /* "sect113r1" */ -- 718, /* "sect113r2" */ -- 719, /* "sect131r1" */ -- 720, /* "sect131r2" */ -- 721, /* "sect163k1" */ -- 722, /* "sect163r1" */ -- 723, /* "sect163r2" */ -- 724, /* "sect193r1" */ -- 725, /* "sect193r2" */ -- 726, /* "sect233k1" */ -- 727, /* "sect233r1" */ -- 728, /* "sect239k1" */ -- 729, /* "sect283k1" */ -- 730, /* "sect283r1" */ -- 731, /* "sect409k1" */ -- 732, /* "sect409r1" */ -- 733, /* "sect571k1" */ -- 734, /* "sect571r1" */ -- 635, /* "secure device signature" */ -- 878, /* "seeAlso" */ -- 777, /* "seed-cbc" */ -- 779, /* "seed-cfb" */ -- 776, /* "seed-ecb" */ -- 778, /* "seed-ofb" */ -- 105, /* "serialNumber" */ -- 625, /* "set-addPolicy" */ -- 515, /* "set-attr" */ -- 518, /* "set-brand" */ -- 638, /* "set-brand-AmericanExpress" */ -- 637, /* "set-brand-Diners" */ -- 636, /* "set-brand-IATA-ATA" */ -- 639, /* "set-brand-JCB" */ -- 641, /* "set-brand-MasterCard" */ -- 642, /* "set-brand-Novus" */ -- 640, /* "set-brand-Visa" */ -- 516, /* "set-policy" */ -- 607, /* "set-policy-root" */ -- 624, /* "set-rootKeyThumb" */ -- 620, /* "setAttr-Cert" */ -- 628, /* "setAttr-IssCap-CVM" */ -- 630, /* "setAttr-IssCap-Sig" */ -- 629, /* "setAttr-IssCap-T2" */ -- 627, /* "setAttr-Token-B0Prime" */ -- 626, /* "setAttr-Token-EMV" */ -- 622, /* "setAttr-TokenType" */ -- 619, /* "setCext-IssuerCapabilities" */ -- 615, /* "setCext-PGWYcapabilities" */ -- 616, /* "setCext-TokenIdentifier" */ -- 618, /* "setCext-TokenType" */ -- 617, /* "setCext-Track2Data" */ -- 611, /* "setCext-cCertRequired" */ -- 609, /* "setCext-certType" */ -- 608, /* "setCext-hashedRoot" */ -- 610, /* "setCext-merchData" */ -- 613, /* "setCext-setExt" */ -- 614, /* "setCext-setQualf" */ -- 612, /* "setCext-tunneling" */ -- 540, /* "setct-AcqCardCodeMsg" */ -- 576, /* "setct-AcqCardCodeMsgTBE" */ -- 570, /* "setct-AuthReqTBE" */ -- 534, /* "setct-AuthReqTBS" */ -- 527, /* "setct-AuthResBaggage" */ -- 571, /* "setct-AuthResTBE" */ -- 572, /* "setct-AuthResTBEX" */ -- 535, /* "setct-AuthResTBS" */ -- 536, /* "setct-AuthResTBSX" */ -- 528, /* "setct-AuthRevReqBaggage" */ -- 577, /* "setct-AuthRevReqTBE" */ -- 541, /* "setct-AuthRevReqTBS" */ -- 529, /* "setct-AuthRevResBaggage" */ -- 542, /* "setct-AuthRevResData" */ -- 578, /* "setct-AuthRevResTBE" */ -- 579, /* "setct-AuthRevResTBEB" */ -- 543, /* "setct-AuthRevResTBS" */ -- 573, /* "setct-AuthTokenTBE" */ -- 537, /* "setct-AuthTokenTBS" */ -- 600, /* "setct-BCIDistributionTBS" */ -- 558, /* "setct-BatchAdminReqData" */ -- 592, /* "setct-BatchAdminReqTBE" */ -- 559, /* "setct-BatchAdminResData" */ -- 593, /* "setct-BatchAdminResTBE" */ -- 599, /* "setct-CRLNotificationResTBS" */ -- 598, /* "setct-CRLNotificationTBS" */ -- 580, /* "setct-CapReqTBE" */ -- 581, /* "setct-CapReqTBEX" */ -- 544, /* "setct-CapReqTBS" */ -- 545, /* "setct-CapReqTBSX" */ -- 546, /* "setct-CapResData" */ -- 582, /* "setct-CapResTBE" */ -- 583, /* "setct-CapRevReqTBE" */ -- 584, /* "setct-CapRevReqTBEX" */ -- 547, /* "setct-CapRevReqTBS" */ -- 548, /* "setct-CapRevReqTBSX" */ -- 549, /* "setct-CapRevResData" */ -- 585, /* "setct-CapRevResTBE" */ -- 538, /* "setct-CapTokenData" */ -- 530, /* "setct-CapTokenSeq" */ -- 574, /* "setct-CapTokenTBE" */ -- 575, /* "setct-CapTokenTBEX" */ -- 539, /* "setct-CapTokenTBS" */ -- 560, /* "setct-CardCInitResTBS" */ -- 566, /* "setct-CertInqReqTBS" */ -- 563, /* "setct-CertReqData" */ -- 595, /* "setct-CertReqTBE" */ -- 596, /* "setct-CertReqTBEX" */ -- 564, /* "setct-CertReqTBS" */ -- 565, /* "setct-CertResData" */ -- 597, /* "setct-CertResTBE" */ -- 586, /* "setct-CredReqTBE" */ -- 587, /* "setct-CredReqTBEX" */ -- 550, /* "setct-CredReqTBS" */ -- 551, /* "setct-CredReqTBSX" */ -- 552, /* "setct-CredResData" */ -- 588, /* "setct-CredResTBE" */ -- 589, /* "setct-CredRevReqTBE" */ -- 590, /* "setct-CredRevReqTBEX" */ -- 553, /* "setct-CredRevReqTBS" */ -- 554, /* "setct-CredRevReqTBSX" */ -- 555, /* "setct-CredRevResData" */ -- 591, /* "setct-CredRevResTBE" */ -- 567, /* "setct-ErrorTBS" */ -- 526, /* "setct-HODInput" */ -- 561, /* "setct-MeAqCInitResTBS" */ -- 522, /* "setct-OIData" */ -- 519, /* "setct-PANData" */ -- 521, /* "setct-PANOnly" */ -- 520, /* "setct-PANToken" */ -- 556, /* "setct-PCertReqData" */ -- 557, /* "setct-PCertResTBS" */ -- 523, /* "setct-PI" */ -- 532, /* "setct-PI-TBS" */ -- 524, /* "setct-PIData" */ -- 525, /* "setct-PIDataUnsigned" */ -- 568, /* "setct-PIDualSignedTBE" */ -- 569, /* "setct-PIUnsignedTBE" */ -- 531, /* "setct-PInitResData" */ -- 533, /* "setct-PResData" */ -- 594, /* "setct-RegFormReqTBE" */ -- 562, /* "setct-RegFormResTBS" */ -- 604, /* "setext-pinAny" */ -- 603, /* "setext-pinSecure" */ -- 605, /* "setext-track2" */ -- 41, /* "sha" */ -- 64, /* "sha1" */ -- 115, /* "sha1WithRSA" */ -- 65, /* "sha1WithRSAEncryption" */ -- 675, /* "sha224" */ -- 671, /* "sha224WithRSAEncryption" */ -- 672, /* "sha256" */ -- 668, /* "sha256WithRSAEncryption" */ -- 673, /* "sha384" */ -- 669, /* "sha384WithRSAEncryption" */ -- 674, /* "sha512" */ -- 670, /* "sha512WithRSAEncryption" */ -- 42, /* "shaWithRSAEncryption" */ -- 52, /* "signingTime" */ -- 454, /* "simpleSecurityObject" */ -- 496, /* "singleLevelQuality" */ -- 16, /* "stateOrProvinceName" */ -- 660, /* "streetAddress" */ -- 498, /* "subtreeMaximumQuality" */ -- 497, /* "subtreeMinimumQuality" */ -- 890, /* "supportedAlgorithms" */ -- 874, /* "supportedApplicationContext" */ -- 100, /* "surname" */ -- 864, /* "telephoneNumber" */ -- 866, /* "teletexTerminalIdentifier" */ -- 865, /* "telexNumber" */ -- 459, /* "textEncodedORAddress" */ -- 293, /* "textNotice" */ -- 106, /* "title" */ -- 1021, /* "tls1-prf" */ -- 682, /* "tpBasis" */ -- 436, /* "ucl" */ -- 0, /* "undefined" */ -- 102, /* "uniqueIdentifier" */ -- 888, /* "uniqueMember" */ -- 55, /* "unstructuredAddress" */ -- 49, /* "unstructuredName" */ -- 880, /* "userCertificate" */ -- 465, /* "userClass" */ -- 458, /* "userId" */ -- 879, /* "userPassword" */ -- 373, /* "valid" */ -- 678, /* "wap" */ -- 679, /* "wap-wsg" */ -- 735, /* "wap-wsg-idm-ecid-wtls1" */ -- 743, /* "wap-wsg-idm-ecid-wtls10" */ -- 744, /* "wap-wsg-idm-ecid-wtls11" */ -- 745, /* "wap-wsg-idm-ecid-wtls12" */ -- 736, /* "wap-wsg-idm-ecid-wtls3" */ -- 737, /* "wap-wsg-idm-ecid-wtls4" */ -- 738, /* "wap-wsg-idm-ecid-wtls5" */ -- 739, /* "wap-wsg-idm-ecid-wtls6" */ -- 740, /* "wap-wsg-idm-ecid-wtls7" */ -- 741, /* "wap-wsg-idm-ecid-wtls8" */ -- 742, /* "wap-wsg-idm-ecid-wtls9" */ -- 804, /* "whirlpool" */ -- 868, /* "x121Address" */ -- 503, /* "x500UniqueIdentifier" */ -- 158, /* "x509Certificate" */ -- 160, /* "x509Crl" */ -- 125, /* "zlib compression" */ -+static const unsigned int ln_objs[NUM_LN]={ -+363, /* "AD Time Stamping" */ -+405, /* "ANSI X9.62" */ -+368, /* "Acceptable OCSP Responses" */ -+910, /* "Any Extended Key Usage" */ -+664, /* "Any language" */ -+177, /* "Authority Information Access" */ -+365, /* "Basic OCSP Response" */ -+285, /* "Biometric Info" */ -+179, /* "CA Issuers" */ -+785, /* "CA Repository" */ -+954, /* "CT Certificate SCTs" */ -+952, /* "CT Precertificate Poison" */ -+951, /* "CT Precertificate SCTs" */ -+953, /* "CT Precertificate Signer" */ -+131, /* "Code Signing" */ -+783, /* "Diffie-Hellman based MAC" */ -+382, /* "Directory" */ -+392, /* "Domain" */ -+132, /* "E-mail Protection" */ -+389, /* "Enterprises" */ -+384, /* "Experimental" */ -+372, /* "Extended OCSP Status" */ -+172, /* "Extension Request" */ -+813, /* "GOST 28147-89" */ -+849, /* "GOST 28147-89 Cryptocom ParamSet" */ -+815, /* "GOST 28147-89 MAC" */ -+851, /* "GOST 34.10-2001 Cryptocom" */ -+850, /* "GOST 34.10-94 Cryptocom" */ -+811, /* "GOST R 34.10-2001" */ -+817, /* "GOST R 34.10-2001 DH" */ -+812, /* "GOST R 34.10-94" */ -+818, /* "GOST R 34.10-94 DH" */ -+809, /* "GOST R 34.11-94" */ -+816, /* "GOST R 34.11-94 PRF" */ -+807, /* "GOST R 34.11-94 with GOST R 34.10-2001" */ -+853, /* "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom" */ -+808, /* "GOST R 34.11-94 with GOST R 34.10-94" */ -+852, /* "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" */ -+854, /* "GOST R 3410-2001 Parameter Set Cryptocom" */ -+810, /* "HMAC GOST 34.11-94" */ -+432, /* "Hold Instruction Call Issuer" */ -+430, /* "Hold Instruction Code" */ -+431, /* "Hold Instruction None" */ -+433, /* "Hold Instruction Reject" */ -+634, /* "ICC or token signature" */ -+294, /* "IPSec End System" */ -+295, /* "IPSec Tunnel" */ -+296, /* "IPSec User" */ -+182, /* "ISO Member Body" */ -+183, /* "ISO US Member Body" */ -+667, /* "Independent" */ -+665, /* "Inherit all" */ -+647, /* "International Organizations" */ -+142, /* "Invalidity Date" */ -+504, /* "MIME MHS" */ -+388, /* "Mail" */ -+383, /* "Management" */ -+417, /* "Microsoft CSP Name" */ -+135, /* "Microsoft Commercial Code Signing" */ -+138, /* "Microsoft Encrypted File System" */ -+171, /* "Microsoft Extension Request" */ -+134, /* "Microsoft Individual Code Signing" */ -+856, /* "Microsoft Local Key set" */ -+137, /* "Microsoft Server Gated Crypto" */ -+648, /* "Microsoft Smartcardlogin" */ -+136, /* "Microsoft Trust List Signing" */ -+649, /* "Microsoft Universal Principal Name" */ -+393, /* "NULL" */ -+404, /* "NULL" */ -+72, /* "Netscape Base Url" */ -+76, /* "Netscape CA Policy Url" */ -+74, /* "Netscape CA Revocation Url" */ -+71, /* "Netscape Cert Type" */ -+58, /* "Netscape Certificate Extension" */ -+79, /* "Netscape Certificate Sequence" */ -+78, /* "Netscape Comment" */ -+57, /* "Netscape Communications Corp." */ -+59, /* "Netscape Data Type" */ -+75, /* "Netscape Renewal Url" */ -+73, /* "Netscape Revocation Url" */ -+77, /* "Netscape SSL Server Name" */ -+139, /* "Netscape Server Gated Crypto" */ -+178, /* "OCSP" */ -+370, /* "OCSP Archive Cutoff" */ -+367, /* "OCSP CRL ID" */ -+369, /* "OCSP No Check" */ -+366, /* "OCSP Nonce" */ -+371, /* "OCSP Service Locator" */ -+180, /* "OCSP Signing" */ -+161, /* "PBES2" */ -+69, /* "PBKDF2" */ -+162, /* "PBMAC1" */ -+127, /* "PKIX" */ -+858, /* "Permanent Identifier" */ -+164, /* "Policy Qualifier CPS" */ -+165, /* "Policy Qualifier User Notice" */ -+385, /* "Private" */ -+663, /* "Proxy Certificate Information" */ -+ 1, /* "RSA Data Security, Inc." */ -+ 2, /* "RSA Data Security, Inc. PKCS" */ -+188, /* "S/MIME" */ -+167, /* "S/MIME Capabilities" */ -+387, /* "SNMPv2" */ -+512, /* "Secure Electronic Transactions" */ -+386, /* "Security" */ -+394, /* "Selected Attribute Types" */ -+143, /* "Strong Extranet ID" */ -+398, /* "Subject Information Access" */ -+130, /* "TLS Web Client Authentication" */ -+129, /* "TLS Web Server Authentication" */ -+133, /* "Time Stamping" */ -+375, /* "Trust Root" */ -+12, /* "X509" */ -+402, /* "X509v3 AC Targeting" */ -+746, /* "X509v3 Any Policy" */ -+90, /* "X509v3 Authority Key Identifier" */ -+87, /* "X509v3 Basic Constraints" */ -+103, /* "X509v3 CRL Distribution Points" */ -+88, /* "X509v3 CRL Number" */ -+141, /* "X509v3 CRL Reason Code" */ -+771, /* "X509v3 Certificate Issuer" */ -+89, /* "X509v3 Certificate Policies" */ -+140, /* "X509v3 Delta CRL Indicator" */ -+126, /* "X509v3 Extended Key Usage" */ -+857, /* "X509v3 Freshest CRL" */ -+748, /* "X509v3 Inhibit Any Policy" */ -+86, /* "X509v3 Issuer Alternative Name" */ -+770, /* "X509v3 Issuing Distrubution Point" */ -+83, /* "X509v3 Key Usage" */ -+666, /* "X509v3 Name Constraints" */ -+403, /* "X509v3 No Revocation Available" */ -+401, /* "X509v3 Policy Constraints" */ -+747, /* "X509v3 Policy Mappings" */ -+84, /* "X509v3 Private Key Usage Period" */ -+85, /* "X509v3 Subject Alternative Name" */ -+769, /* "X509v3 Subject Directory Attributes" */ -+82, /* "X509v3 Subject Key Identifier" */ -+920, /* "X9.42 DH" */ -+184, /* "X9.57" */ -+185, /* "X9.57 CM ?" */ -+478, /* "aRecord" */ -+289, /* "aaControls" */ -+287, /* "ac-auditEntity" */ -+397, /* "ac-proxying" */ -+288, /* "ac-targeting" */ -+446, /* "account" */ -+364, /* "ad dvcs" */ -+606, /* "additional verification" */ -+419, /* "aes-128-cbc" */ -+916, /* "aes-128-cbc-hmac-sha1" */ -+948, /* "aes-128-cbc-hmac-sha256" */ -+896, /* "aes-128-ccm" */ -+421, /* "aes-128-cfb" */ -+650, /* "aes-128-cfb1" */ -+653, /* "aes-128-cfb8" */ -+904, /* "aes-128-ctr" */ -+418, /* "aes-128-ecb" */ -+895, /* "aes-128-gcm" */ -+420, /* "aes-128-ofb" */ -+913, /* "aes-128-xts" */ -+423, /* "aes-192-cbc" */ -+917, /* "aes-192-cbc-hmac-sha1" */ -+949, /* "aes-192-cbc-hmac-sha256" */ -+899, /* "aes-192-ccm" */ -+425, /* "aes-192-cfb" */ -+651, /* "aes-192-cfb1" */ -+654, /* "aes-192-cfb8" */ -+905, /* "aes-192-ctr" */ -+422, /* "aes-192-ecb" */ -+898, /* "aes-192-gcm" */ -+424, /* "aes-192-ofb" */ -+427, /* "aes-256-cbc" */ -+918, /* "aes-256-cbc-hmac-sha1" */ -+950, /* "aes-256-cbc-hmac-sha256" */ -+902, /* "aes-256-ccm" */ -+429, /* "aes-256-cfb" */ -+652, /* "aes-256-cfb1" */ -+655, /* "aes-256-cfb8" */ -+906, /* "aes-256-ctr" */ -+426, /* "aes-256-ecb" */ -+901, /* "aes-256-gcm" */ -+428, /* "aes-256-ofb" */ -+914, /* "aes-256-xts" */ -+376, /* "algorithm" */ -+484, /* "associatedDomain" */ -+485, /* "associatedName" */ -+501, /* "audio" */ -+882, /* "authorityRevocationList" */ -+91, /* "bf-cbc" */ -+93, /* "bf-cfb" */ -+92, /* "bf-ecb" */ -+94, /* "bf-ofb" */ -+921, /* "brainpoolP160r1" */ -+922, /* "brainpoolP160t1" */ -+923, /* "brainpoolP192r1" */ -+924, /* "brainpoolP192t1" */ -+925, /* "brainpoolP224r1" */ -+926, /* "brainpoolP224t1" */ -+927, /* "brainpoolP256r1" */ -+928, /* "brainpoolP256t1" */ -+929, /* "brainpoolP320r1" */ -+930, /* "brainpoolP320t1" */ -+931, /* "brainpoolP384r1" */ -+932, /* "brainpoolP384t1" */ -+933, /* "brainpoolP512r1" */ -+934, /* "brainpoolP512t1" */ -+494, /* "buildingName" */ -+860, /* "businessCategory" */ -+691, /* "c2onb191v4" */ -+692, /* "c2onb191v5" */ -+697, /* "c2onb239v4" */ -+698, /* "c2onb239v5" */ -+684, /* "c2pnb163v1" */ -+685, /* "c2pnb163v2" */ -+686, /* "c2pnb163v3" */ -+687, /* "c2pnb176v1" */ -+693, /* "c2pnb208w1" */ -+699, /* "c2pnb272w1" */ -+700, /* "c2pnb304w1" */ -+702, /* "c2pnb368w1" */ -+688, /* "c2tnb191v1" */ -+689, /* "c2tnb191v2" */ -+690, /* "c2tnb191v3" */ -+694, /* "c2tnb239v1" */ -+695, /* "c2tnb239v2" */ -+696, /* "c2tnb239v3" */ -+701, /* "c2tnb359v1" */ -+703, /* "c2tnb431r1" */ -+881, /* "cACertificate" */ -+483, /* "cNAMERecord" */ -+751, /* "camellia-128-cbc" */ -+757, /* "camellia-128-cfb" */ -+760, /* "camellia-128-cfb1" */ -+763, /* "camellia-128-cfb8" */ -+754, /* "camellia-128-ecb" */ -+766, /* "camellia-128-ofb" */ -+752, /* "camellia-192-cbc" */ -+758, /* "camellia-192-cfb" */ -+761, /* "camellia-192-cfb1" */ -+764, /* "camellia-192-cfb8" */ -+755, /* "camellia-192-ecb" */ -+767, /* "camellia-192-ofb" */ -+753, /* "camellia-256-cbc" */ -+759, /* "camellia-256-cfb" */ -+762, /* "camellia-256-cfb1" */ -+765, /* "camellia-256-cfb8" */ -+756, /* "camellia-256-ecb" */ -+768, /* "camellia-256-ofb" */ -+443, /* "caseIgnoreIA5StringSyntax" */ -+108, /* "cast5-cbc" */ -+110, /* "cast5-cfb" */ -+109, /* "cast5-ecb" */ -+111, /* "cast5-ofb" */ -+152, /* "certBag" */ -+677, /* "certicom-arc" */ -+517, /* "certificate extensions" */ -+883, /* "certificateRevocationList" */ -+54, /* "challengePassword" */ -+407, /* "characteristic-two-field" */ -+395, /* "clearance" */ -+633, /* "cleartext track 2" */ -+894, /* "cmac" */ -+13, /* "commonName" */ -+513, /* "content types" */ -+50, /* "contentType" */ -+53, /* "countersignature" */ -+14, /* "countryName" */ -+153, /* "crlBag" */ -+884, /* "crossCertificatePair" */ -+806, /* "cryptocom" */ -+805, /* "cryptopro" */ -+500, /* "dITRedirect" */ -+451, /* "dNSDomain" */ -+495, /* "dSAQuality" */ -+434, /* "data" */ -+390, /* "dcObject" */ -+891, /* "deltaRevocationList" */ -+31, /* "des-cbc" */ -+643, /* "des-cdmf" */ -+30, /* "des-cfb" */ -+656, /* "des-cfb1" */ -+657, /* "des-cfb8" */ -+29, /* "des-ecb" */ -+32, /* "des-ede" */ -+43, /* "des-ede-cbc" */ -+60, /* "des-ede-cfb" */ -+62, /* "des-ede-ofb" */ -+33, /* "des-ede3" */ -+44, /* "des-ede3-cbc" */ -+61, /* "des-ede3-cfb" */ -+658, /* "des-ede3-cfb1" */ -+659, /* "des-ede3-cfb8" */ -+63, /* "des-ede3-ofb" */ -+45, /* "des-ofb" */ -+107, /* "description" */ -+871, /* "destinationIndicator" */ -+80, /* "desx-cbc" */ -+947, /* "dh-cofactor-kdf" */ -+946, /* "dh-std-kdf" */ -+28, /* "dhKeyAgreement" */ -+941, /* "dhSinglePass-cofactorDH-sha1kdf-scheme" */ -+942, /* "dhSinglePass-cofactorDH-sha224kdf-scheme" */ -+943, /* "dhSinglePass-cofactorDH-sha256kdf-scheme" */ -+944, /* "dhSinglePass-cofactorDH-sha384kdf-scheme" */ -+945, /* "dhSinglePass-cofactorDH-sha512kdf-scheme" */ -+936, /* "dhSinglePass-stdDH-sha1kdf-scheme" */ -+937, /* "dhSinglePass-stdDH-sha224kdf-scheme" */ -+938, /* "dhSinglePass-stdDH-sha256kdf-scheme" */ -+939, /* "dhSinglePass-stdDH-sha384kdf-scheme" */ -+940, /* "dhSinglePass-stdDH-sha512kdf-scheme" */ -+11, /* "directory services (X.500)" */ -+378, /* "directory services - algorithms" */ -+887, /* "distinguishedName" */ -+892, /* "dmdName" */ -+174, /* "dnQualifier" */ -+447, /* "document" */ -+471, /* "documentAuthor" */ -+468, /* "documentIdentifier" */ -+472, /* "documentLocation" */ -+502, /* "documentPublisher" */ -+449, /* "documentSeries" */ -+469, /* "documentTitle" */ -+470, /* "documentVersion" */ -+380, /* "dod" */ -+391, /* "domainComponent" */ -+452, /* "domainRelatedObject" */ -+116, /* "dsaEncryption" */ -+67, /* "dsaEncryption-old" */ -+66, /* "dsaWithSHA" */ -+113, /* "dsaWithSHA1" */ -+70, /* "dsaWithSHA1-old" */ -+802, /* "dsa_with_SHA224" */ -+803, /* "dsa_with_SHA256" */ -+297, /* "dvcs" */ -+791, /* "ecdsa-with-Recommended" */ -+416, /* "ecdsa-with-SHA1" */ -+793, /* "ecdsa-with-SHA224" */ -+794, /* "ecdsa-with-SHA256" */ -+795, /* "ecdsa-with-SHA384" */ -+796, /* "ecdsa-with-SHA512" */ -+792, /* "ecdsa-with-Specified" */ -+48, /* "emailAddress" */ -+632, /* "encrypted track 2" */ -+885, /* "enhancedSearchGuide" */ -+56, /* "extendedCertificateAttributes" */ -+867, /* "facsimileTelephoneNumber" */ -+462, /* "favouriteDrink" */ -+453, /* "friendlyCountry" */ -+490, /* "friendlyCountryName" */ -+156, /* "friendlyName" */ -+631, /* "generate cryptogram" */ -+509, /* "generationQualifier" */ -+601, /* "generic cryptogram" */ -+99, /* "givenName" */ -+814, /* "gost89-cnt" */ -+855, /* "hmac" */ -+780, /* "hmac-md5" */ -+781, /* "hmac-sha1" */ -+797, /* "hmacWithMD5" */ -+163, /* "hmacWithSHA1" */ -+798, /* "hmacWithSHA224" */ -+799, /* "hmacWithSHA256" */ -+800, /* "hmacWithSHA384" */ -+801, /* "hmacWithSHA512" */ -+486, /* "homePostalAddress" */ -+473, /* "homeTelephoneNumber" */ -+466, /* "host" */ -+889, /* "houseIdentifier" */ -+442, /* "iA5StringSyntax" */ -+381, /* "iana" */ -+824, /* "id-Gost28147-89-CryptoPro-A-ParamSet" */ -+825, /* "id-Gost28147-89-CryptoPro-B-ParamSet" */ -+826, /* "id-Gost28147-89-CryptoPro-C-ParamSet" */ -+827, /* "id-Gost28147-89-CryptoPro-D-ParamSet" */ -+819, /* "id-Gost28147-89-CryptoPro-KeyMeshing" */ -+829, /* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */ -+828, /* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */ -+830, /* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */ -+820, /* "id-Gost28147-89-None-KeyMeshing" */ -+823, /* "id-Gost28147-89-TestParamSet" */ -+840, /* "id-GostR3410-2001-CryptoPro-A-ParamSet" */ -+841, /* "id-GostR3410-2001-CryptoPro-B-ParamSet" */ -+842, /* "id-GostR3410-2001-CryptoPro-C-ParamSet" */ -+843, /* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */ -+844, /* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */ -+839, /* "id-GostR3410-2001-TestParamSet" */ -+832, /* "id-GostR3410-94-CryptoPro-A-ParamSet" */ -+833, /* "id-GostR3410-94-CryptoPro-B-ParamSet" */ -+834, /* "id-GostR3410-94-CryptoPro-C-ParamSet" */ -+835, /* "id-GostR3410-94-CryptoPro-D-ParamSet" */ -+836, /* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */ -+837, /* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */ -+838, /* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */ -+831, /* "id-GostR3410-94-TestParamSet" */ -+845, /* "id-GostR3410-94-a" */ -+846, /* "id-GostR3410-94-aBis" */ -+847, /* "id-GostR3410-94-b" */ -+848, /* "id-GostR3410-94-bBis" */ -+822, /* "id-GostR3411-94-CryptoProParamSet" */ -+821, /* "id-GostR3411-94-TestParamSet" */ -+266, /* "id-aca" */ -+355, /* "id-aca-accessIdentity" */ -+354, /* "id-aca-authenticationInfo" */ -+356, /* "id-aca-chargingIdentity" */ -+399, /* "id-aca-encAttrs" */ -+357, /* "id-aca-group" */ -+358, /* "id-aca-role" */ -+176, /* "id-ad" */ -+788, /* "id-aes128-wrap" */ -+897, /* "id-aes128-wrap-pad" */ -+789, /* "id-aes192-wrap" */ -+900, /* "id-aes192-wrap-pad" */ -+790, /* "id-aes256-wrap" */ -+903, /* "id-aes256-wrap-pad" */ -+262, /* "id-alg" */ -+893, /* "id-alg-PWRI-KEK" */ -+323, /* "id-alg-des40" */ -+326, /* "id-alg-dh-pop" */ -+325, /* "id-alg-dh-sig-hmac-sha1" */ -+324, /* "id-alg-noSignature" */ -+907, /* "id-camellia128-wrap" */ -+908, /* "id-camellia192-wrap" */ -+909, /* "id-camellia256-wrap" */ -+268, /* "id-cct" */ -+361, /* "id-cct-PKIData" */ -+362, /* "id-cct-PKIResponse" */ -+360, /* "id-cct-crs" */ -+81, /* "id-ce" */ -+680, /* "id-characteristic-two-basis" */ -+263, /* "id-cmc" */ -+334, /* "id-cmc-addExtensions" */ -+346, /* "id-cmc-confirmCertAcceptance" */ -+330, /* "id-cmc-dataReturn" */ -+336, /* "id-cmc-decryptedPOP" */ -+335, /* "id-cmc-encryptedPOP" */ -+339, /* "id-cmc-getCRL" */ -+338, /* "id-cmc-getCert" */ -+328, /* "id-cmc-identification" */ -+329, /* "id-cmc-identityProof" */ -+337, /* "id-cmc-lraPOPWitness" */ -+344, /* "id-cmc-popLinkRandom" */ -+345, /* "id-cmc-popLinkWitness" */ -+343, /* "id-cmc-queryPending" */ -+333, /* "id-cmc-recipientNonce" */ -+341, /* "id-cmc-regInfo" */ -+342, /* "id-cmc-responseInfo" */ -+340, /* "id-cmc-revokeRequest" */ -+332, /* "id-cmc-senderNonce" */ -+327, /* "id-cmc-statusInfo" */ -+331, /* "id-cmc-transactionId" */ -+787, /* "id-ct-asciiTextWithCRLF" */ -+408, /* "id-ecPublicKey" */ -+508, /* "id-hex-multipart-message" */ -+507, /* "id-hex-partial-message" */ -+260, /* "id-it" */ -+302, /* "id-it-caKeyUpdateInfo" */ -+298, /* "id-it-caProtEncCert" */ -+311, /* "id-it-confirmWaitTime" */ -+303, /* "id-it-currentCRL" */ -+300, /* "id-it-encKeyPairTypes" */ -+310, /* "id-it-implicitConfirm" */ -+308, /* "id-it-keyPairParamRep" */ -+307, /* "id-it-keyPairParamReq" */ -+312, /* "id-it-origPKIMessage" */ -+301, /* "id-it-preferredSymmAlg" */ -+309, /* "id-it-revPassphrase" */ -+299, /* "id-it-signKeyPairTypes" */ -+305, /* "id-it-subscriptionRequest" */ -+306, /* "id-it-subscriptionResponse" */ -+784, /* "id-it-suppLangTags" */ -+304, /* "id-it-unsupportedOIDs" */ -+128, /* "id-kp" */ -+280, /* "id-mod-attribute-cert" */ -+274, /* "id-mod-cmc" */ -+277, /* "id-mod-cmp" */ -+284, /* "id-mod-cmp2000" */ -+273, /* "id-mod-crmf" */ -+283, /* "id-mod-dvcs" */ -+275, /* "id-mod-kea-profile-88" */ -+276, /* "id-mod-kea-profile-93" */ -+282, /* "id-mod-ocsp" */ -+278, /* "id-mod-qualified-cert-88" */ -+279, /* "id-mod-qualified-cert-93" */ -+281, /* "id-mod-timestamp-protocol" */ -+264, /* "id-on" */ -+347, /* "id-on-personalData" */ -+265, /* "id-pda" */ -+352, /* "id-pda-countryOfCitizenship" */ -+353, /* "id-pda-countryOfResidence" */ -+348, /* "id-pda-dateOfBirth" */ -+351, /* "id-pda-gender" */ -+349, /* "id-pda-placeOfBirth" */ -+175, /* "id-pe" */ -+261, /* "id-pkip" */ -+258, /* "id-pkix-mod" */ -+269, /* "id-pkix1-explicit-88" */ -+271, /* "id-pkix1-explicit-93" */ -+270, /* "id-pkix1-implicit-88" */ -+272, /* "id-pkix1-implicit-93" */ -+662, /* "id-ppl" */ -+267, /* "id-qcs" */ -+359, /* "id-qcs-pkixQCSyntax-v1" */ -+259, /* "id-qt" */ -+313, /* "id-regCtrl" */ -+316, /* "id-regCtrl-authenticator" */ -+319, /* "id-regCtrl-oldCertID" */ -+318, /* "id-regCtrl-pkiArchiveOptions" */ -+317, /* "id-regCtrl-pkiPublicationInfo" */ -+320, /* "id-regCtrl-protocolEncrKey" */ -+315, /* "id-regCtrl-regToken" */ -+314, /* "id-regInfo" */ -+322, /* "id-regInfo-certReq" */ -+321, /* "id-regInfo-utf8Pairs" */ -+191, /* "id-smime-aa" */ -+215, /* "id-smime-aa-contentHint" */ -+218, /* "id-smime-aa-contentIdentifier" */ -+221, /* "id-smime-aa-contentReference" */ -+240, /* "id-smime-aa-dvcs-dvc" */ -+217, /* "id-smime-aa-encapContentType" */ -+222, /* "id-smime-aa-encrypKeyPref" */ -+220, /* "id-smime-aa-equivalentLabels" */ -+232, /* "id-smime-aa-ets-CertificateRefs" */ -+233, /* "id-smime-aa-ets-RevocationRefs" */ -+238, /* "id-smime-aa-ets-archiveTimeStamp" */ -+237, /* "id-smime-aa-ets-certCRLTimestamp" */ -+234, /* "id-smime-aa-ets-certValues" */ -+227, /* "id-smime-aa-ets-commitmentType" */ -+231, /* "id-smime-aa-ets-contentTimestamp" */ -+236, /* "id-smime-aa-ets-escTimeStamp" */ -+230, /* "id-smime-aa-ets-otherSigCert" */ -+235, /* "id-smime-aa-ets-revocationValues" */ -+226, /* "id-smime-aa-ets-sigPolicyId" */ -+229, /* "id-smime-aa-ets-signerAttr" */ -+228, /* "id-smime-aa-ets-signerLocation" */ -+219, /* "id-smime-aa-macValue" */ -+214, /* "id-smime-aa-mlExpandHistory" */ -+216, /* "id-smime-aa-msgSigDigest" */ -+212, /* "id-smime-aa-receiptRequest" */ -+213, /* "id-smime-aa-securityLabel" */ -+239, /* "id-smime-aa-signatureType" */ -+223, /* "id-smime-aa-signingCertificate" */ -+224, /* "id-smime-aa-smimeEncryptCerts" */ -+225, /* "id-smime-aa-timeStampToken" */ -+192, /* "id-smime-alg" */ -+243, /* "id-smime-alg-3DESwrap" */ -+246, /* "id-smime-alg-CMS3DESwrap" */ -+247, /* "id-smime-alg-CMSRC2wrap" */ -+245, /* "id-smime-alg-ESDH" */ -+241, /* "id-smime-alg-ESDHwith3DES" */ -+242, /* "id-smime-alg-ESDHwithRC2" */ -+244, /* "id-smime-alg-RC2wrap" */ -+193, /* "id-smime-cd" */ -+248, /* "id-smime-cd-ldap" */ -+190, /* "id-smime-ct" */ -+210, /* "id-smime-ct-DVCSRequestData" */ -+211, /* "id-smime-ct-DVCSResponseData" */ -+208, /* "id-smime-ct-TDTInfo" */ -+207, /* "id-smime-ct-TSTInfo" */ -+205, /* "id-smime-ct-authData" */ -+786, /* "id-smime-ct-compressedData" */ -+209, /* "id-smime-ct-contentInfo" */ -+206, /* "id-smime-ct-publishCert" */ -+204, /* "id-smime-ct-receipt" */ -+195, /* "id-smime-cti" */ -+255, /* "id-smime-cti-ets-proofOfApproval" */ -+256, /* "id-smime-cti-ets-proofOfCreation" */ -+253, /* "id-smime-cti-ets-proofOfDelivery" */ -+251, /* "id-smime-cti-ets-proofOfOrigin" */ -+252, /* "id-smime-cti-ets-proofOfReceipt" */ -+254, /* "id-smime-cti-ets-proofOfSender" */ -+189, /* "id-smime-mod" */ -+196, /* "id-smime-mod-cms" */ -+197, /* "id-smime-mod-ess" */ -+202, /* "id-smime-mod-ets-eSigPolicy-88" */ -+203, /* "id-smime-mod-ets-eSigPolicy-97" */ -+200, /* "id-smime-mod-ets-eSignature-88" */ -+201, /* "id-smime-mod-ets-eSignature-97" */ -+199, /* "id-smime-mod-msg-v3" */ -+198, /* "id-smime-mod-oid" */ -+194, /* "id-smime-spq" */ -+250, /* "id-smime-spq-ets-sqt-unotice" */ -+249, /* "id-smime-spq-ets-sqt-uri" */ -+34, /* "idea-cbc" */ -+35, /* "idea-cfb" */ -+36, /* "idea-ecb" */ -+46, /* "idea-ofb" */ -+676, /* "identified-organization" */ -+461, /* "info" */ -+101, /* "initials" */ -+869, /* "internationaliSDNNumber" */ -+749, /* "ipsec3" */ -+750, /* "ipsec4" */ -+181, /* "iso" */ -+623, /* "issuer capabilities" */ -+645, /* "itu-t" */ -+492, /* "janetMailbox" */ -+646, /* "joint-iso-itu-t" */ -+957, /* "jurisdictionCountryName" */ -+955, /* "jurisdictionLocalityName" */ -+956, /* "jurisdictionStateOrProvinceName" */ -+150, /* "keyBag" */ -+773, /* "kisa" */ -+477, /* "lastModifiedBy" */ -+476, /* "lastModifiedTime" */ -+157, /* "localKeyID" */ -+15, /* "localityName" */ -+480, /* "mXRecord" */ -+493, /* "mailPreferenceOption" */ -+467, /* "manager" */ -+ 3, /* "md2" */ -+ 7, /* "md2WithRSAEncryption" */ -+257, /* "md4" */ -+396, /* "md4WithRSAEncryption" */ -+ 4, /* "md5" */ -+114, /* "md5-sha1" */ -+104, /* "md5WithRSA" */ -+ 8, /* "md5WithRSAEncryption" */ -+95, /* "mdc2" */ -+96, /* "mdc2WithRSA" */ -+875, /* "member" */ -+602, /* "merchant initiated auth" */ -+514, /* "message extensions" */ -+51, /* "messageDigest" */ -+911, /* "mgf1" */ -+506, /* "mime-mhs-bodies" */ -+505, /* "mime-mhs-headings" */ -+488, /* "mobileTelephoneNumber" */ -+481, /* "nSRecord" */ -+173, /* "name" */ -+681, /* "onBasis" */ -+379, /* "org" */ -+17, /* "organizationName" */ -+491, /* "organizationalStatus" */ -+18, /* "organizationalUnitName" */ -+475, /* "otherMailbox" */ -+876, /* "owner" */ -+935, /* "pSpecified" */ -+489, /* "pagerTelephoneNumber" */ -+782, /* "password based MAC" */ -+374, /* "path" */ -+621, /* "payment gateway capabilities" */ -+ 9, /* "pbeWithMD2AndDES-CBC" */ -+168, /* "pbeWithMD2AndRC2-CBC" */ -+112, /* "pbeWithMD5AndCast5CBC" */ -+10, /* "pbeWithMD5AndDES-CBC" */ -+169, /* "pbeWithMD5AndRC2-CBC" */ -+148, /* "pbeWithSHA1And128BitRC2-CBC" */ -+144, /* "pbeWithSHA1And128BitRC4" */ -+147, /* "pbeWithSHA1And2-KeyTripleDES-CBC" */ -+146, /* "pbeWithSHA1And3-KeyTripleDES-CBC" */ -+149, /* "pbeWithSHA1And40BitRC2-CBC" */ -+145, /* "pbeWithSHA1And40BitRC4" */ -+170, /* "pbeWithSHA1AndDES-CBC" */ -+68, /* "pbeWithSHA1AndRC2-CBC" */ -+499, /* "personalSignature" */ -+487, /* "personalTitle" */ -+464, /* "photo" */ -+863, /* "physicalDeliveryOfficeName" */ -+437, /* "pilot" */ -+439, /* "pilotAttributeSyntax" */ -+438, /* "pilotAttributeType" */ -+479, /* "pilotAttributeType27" */ -+456, /* "pilotDSA" */ -+441, /* "pilotGroups" */ -+444, /* "pilotObject" */ -+440, /* "pilotObjectClass" */ -+455, /* "pilotOrganization" */ -+445, /* "pilotPerson" */ -+186, /* "pkcs1" */ -+27, /* "pkcs3" */ -+187, /* "pkcs5" */ -+20, /* "pkcs7" */ -+21, /* "pkcs7-data" */ -+25, /* "pkcs7-digestData" */ -+26, /* "pkcs7-encryptedData" */ -+23, /* "pkcs7-envelopedData" */ -+24, /* "pkcs7-signedAndEnvelopedData" */ -+22, /* "pkcs7-signedData" */ -+151, /* "pkcs8ShroudedKeyBag" */ -+47, /* "pkcs9" */ -+862, /* "postOfficeBox" */ -+861, /* "postalAddress" */ -+661, /* "postalCode" */ -+683, /* "ppBasis" */ -+872, /* "preferredDeliveryMethod" */ -+873, /* "presentationAddress" */ -+406, /* "prime-field" */ -+409, /* "prime192v1" */ -+410, /* "prime192v2" */ -+411, /* "prime192v3" */ -+412, /* "prime239v1" */ -+413, /* "prime239v2" */ -+414, /* "prime239v3" */ -+415, /* "prime256v1" */ -+886, /* "protocolInformation" */ -+510, /* "pseudonym" */ -+435, /* "pss" */ -+286, /* "qcStatements" */ -+457, /* "qualityLabelledData" */ -+450, /* "rFC822localPart" */ -+98, /* "rc2-40-cbc" */ -+166, /* "rc2-64-cbc" */ -+37, /* "rc2-cbc" */ -+39, /* "rc2-cfb" */ -+38, /* "rc2-ecb" */ -+40, /* "rc2-ofb" */ -+ 5, /* "rc4" */ -+97, /* "rc4-40" */ -+915, /* "rc4-hmac-md5" */ -+120, /* "rc5-cbc" */ -+122, /* "rc5-cfb" */ -+121, /* "rc5-ecb" */ -+123, /* "rc5-ofb" */ -+870, /* "registeredAddress" */ -+460, /* "rfc822Mailbox" */ -+117, /* "ripemd160" */ -+119, /* "ripemd160WithRSA" */ -+400, /* "role" */ -+877, /* "roleOccupant" */ -+448, /* "room" */ -+463, /* "roomNumber" */ -+19, /* "rsa" */ -+ 6, /* "rsaEncryption" */ -+644, /* "rsaOAEPEncryptionSET" */ -+377, /* "rsaSignature" */ -+919, /* "rsaesOaep" */ -+912, /* "rsassaPss" */ -+124, /* "run length compression" */ -+482, /* "sOARecord" */ -+155, /* "safeContentsBag" */ -+291, /* "sbgp-autonomousSysNum" */ -+290, /* "sbgp-ipAddrBlock" */ -+292, /* "sbgp-routerIdentifier" */ -+159, /* "sdsiCertificate" */ -+859, /* "searchGuide" */ -+704, /* "secp112r1" */ -+705, /* "secp112r2" */ -+706, /* "secp128r1" */ -+707, /* "secp128r2" */ -+708, /* "secp160k1" */ -+709, /* "secp160r1" */ -+710, /* "secp160r2" */ -+711, /* "secp192k1" */ -+712, /* "secp224k1" */ -+713, /* "secp224r1" */ -+714, /* "secp256k1" */ -+715, /* "secp384r1" */ -+716, /* "secp521r1" */ -+154, /* "secretBag" */ -+474, /* "secretary" */ -+717, /* "sect113r1" */ -+718, /* "sect113r2" */ -+719, /* "sect131r1" */ -+720, /* "sect131r2" */ -+721, /* "sect163k1" */ -+722, /* "sect163r1" */ -+723, /* "sect163r2" */ -+724, /* "sect193r1" */ -+725, /* "sect193r2" */ -+726, /* "sect233k1" */ -+727, /* "sect233r1" */ -+728, /* "sect239k1" */ -+729, /* "sect283k1" */ -+730, /* "sect283r1" */ -+731, /* "sect409k1" */ -+732, /* "sect409r1" */ -+733, /* "sect571k1" */ -+734, /* "sect571r1" */ -+635, /* "secure device signature" */ -+878, /* "seeAlso" */ -+777, /* "seed-cbc" */ -+779, /* "seed-cfb" */ -+776, /* "seed-ecb" */ -+778, /* "seed-ofb" */ -+105, /* "serialNumber" */ -+625, /* "set-addPolicy" */ -+515, /* "set-attr" */ -+518, /* "set-brand" */ -+638, /* "set-brand-AmericanExpress" */ -+637, /* "set-brand-Diners" */ -+636, /* "set-brand-IATA-ATA" */ -+639, /* "set-brand-JCB" */ -+641, /* "set-brand-MasterCard" */ -+642, /* "set-brand-Novus" */ -+640, /* "set-brand-Visa" */ -+516, /* "set-policy" */ -+607, /* "set-policy-root" */ -+624, /* "set-rootKeyThumb" */ -+620, /* "setAttr-Cert" */ -+628, /* "setAttr-IssCap-CVM" */ -+630, /* "setAttr-IssCap-Sig" */ -+629, /* "setAttr-IssCap-T2" */ -+627, /* "setAttr-Token-B0Prime" */ -+626, /* "setAttr-Token-EMV" */ -+622, /* "setAttr-TokenType" */ -+619, /* "setCext-IssuerCapabilities" */ -+615, /* "setCext-PGWYcapabilities" */ -+616, /* "setCext-TokenIdentifier" */ -+618, /* "setCext-TokenType" */ -+617, /* "setCext-Track2Data" */ -+611, /* "setCext-cCertRequired" */ -+609, /* "setCext-certType" */ -+608, /* "setCext-hashedRoot" */ -+610, /* "setCext-merchData" */ -+613, /* "setCext-setExt" */ -+614, /* "setCext-setQualf" */ -+612, /* "setCext-tunneling" */ -+540, /* "setct-AcqCardCodeMsg" */ -+576, /* "setct-AcqCardCodeMsgTBE" */ -+570, /* "setct-AuthReqTBE" */ -+534, /* "setct-AuthReqTBS" */ -+527, /* "setct-AuthResBaggage" */ -+571, /* "setct-AuthResTBE" */ -+572, /* "setct-AuthResTBEX" */ -+535, /* "setct-AuthResTBS" */ -+536, /* "setct-AuthResTBSX" */ -+528, /* "setct-AuthRevReqBaggage" */ -+577, /* "setct-AuthRevReqTBE" */ -+541, /* "setct-AuthRevReqTBS" */ -+529, /* "setct-AuthRevResBaggage" */ -+542, /* "setct-AuthRevResData" */ -+578, /* "setct-AuthRevResTBE" */ -+579, /* "setct-AuthRevResTBEB" */ -+543, /* "setct-AuthRevResTBS" */ -+573, /* "setct-AuthTokenTBE" */ -+537, /* "setct-AuthTokenTBS" */ -+600, /* "setct-BCIDistributionTBS" */ -+558, /* "setct-BatchAdminReqData" */ -+592, /* "setct-BatchAdminReqTBE" */ -+559, /* "setct-BatchAdminResData" */ -+593, /* "setct-BatchAdminResTBE" */ -+599, /* "setct-CRLNotificationResTBS" */ -+598, /* "setct-CRLNotificationTBS" */ -+580, /* "setct-CapReqTBE" */ -+581, /* "setct-CapReqTBEX" */ -+544, /* "setct-CapReqTBS" */ -+545, /* "setct-CapReqTBSX" */ -+546, /* "setct-CapResData" */ -+582, /* "setct-CapResTBE" */ -+583, /* "setct-CapRevReqTBE" */ -+584, /* "setct-CapRevReqTBEX" */ -+547, /* "setct-CapRevReqTBS" */ -+548, /* "setct-CapRevReqTBSX" */ -+549, /* "setct-CapRevResData" */ -+585, /* "setct-CapRevResTBE" */ -+538, /* "setct-CapTokenData" */ -+530, /* "setct-CapTokenSeq" */ -+574, /* "setct-CapTokenTBE" */ -+575, /* "setct-CapTokenTBEX" */ -+539, /* "setct-CapTokenTBS" */ -+560, /* "setct-CardCInitResTBS" */ -+566, /* "setct-CertInqReqTBS" */ -+563, /* "setct-CertReqData" */ -+595, /* "setct-CertReqTBE" */ -+596, /* "setct-CertReqTBEX" */ -+564, /* "setct-CertReqTBS" */ -+565, /* "setct-CertResData" */ -+597, /* "setct-CertResTBE" */ -+586, /* "setct-CredReqTBE" */ -+587, /* "setct-CredReqTBEX" */ -+550, /* "setct-CredReqTBS" */ -+551, /* "setct-CredReqTBSX" */ -+552, /* "setct-CredResData" */ -+588, /* "setct-CredResTBE" */ -+589, /* "setct-CredRevReqTBE" */ -+590, /* "setct-CredRevReqTBEX" */ -+553, /* "setct-CredRevReqTBS" */ -+554, /* "setct-CredRevReqTBSX" */ -+555, /* "setct-CredRevResData" */ -+591, /* "setct-CredRevResTBE" */ -+567, /* "setct-ErrorTBS" */ -+526, /* "setct-HODInput" */ -+561, /* "setct-MeAqCInitResTBS" */ -+522, /* "setct-OIData" */ -+519, /* "setct-PANData" */ -+521, /* "setct-PANOnly" */ -+520, /* "setct-PANToken" */ -+556, /* "setct-PCertReqData" */ -+557, /* "setct-PCertResTBS" */ -+523, /* "setct-PI" */ -+532, /* "setct-PI-TBS" */ -+524, /* "setct-PIData" */ -+525, /* "setct-PIDataUnsigned" */ -+568, /* "setct-PIDualSignedTBE" */ -+569, /* "setct-PIUnsignedTBE" */ -+531, /* "setct-PInitResData" */ -+533, /* "setct-PResData" */ -+594, /* "setct-RegFormReqTBE" */ -+562, /* "setct-RegFormResTBS" */ -+604, /* "setext-pinAny" */ -+603, /* "setext-pinSecure" */ -+605, /* "setext-track2" */ -+41, /* "sha" */ -+64, /* "sha1" */ -+115, /* "sha1WithRSA" */ -+65, /* "sha1WithRSAEncryption" */ -+675, /* "sha224" */ -+671, /* "sha224WithRSAEncryption" */ -+672, /* "sha256" */ -+668, /* "sha256WithRSAEncryption" */ -+673, /* "sha384" */ -+669, /* "sha384WithRSAEncryption" */ -+674, /* "sha512" */ -+670, /* "sha512WithRSAEncryption" */ -+42, /* "shaWithRSAEncryption" */ -+52, /* "signingTime" */ -+454, /* "simpleSecurityObject" */ -+496, /* "singleLevelQuality" */ -+16, /* "stateOrProvinceName" */ -+660, /* "streetAddress" */ -+498, /* "subtreeMaximumQuality" */ -+497, /* "subtreeMinimumQuality" */ -+890, /* "supportedAlgorithms" */ -+874, /* "supportedApplicationContext" */ -+100, /* "surname" */ -+864, /* "telephoneNumber" */ -+866, /* "teletexTerminalIdentifier" */ -+865, /* "telexNumber" */ -+459, /* "textEncodedORAddress" */ -+293, /* "textNotice" */ -+106, /* "title" */ -+682, /* "tpBasis" */ -+436, /* "ucl" */ -+ 0, /* "undefined" */ -+888, /* "uniqueMember" */ -+55, /* "unstructuredAddress" */ -+49, /* "unstructuredName" */ -+880, /* "userCertificate" */ -+465, /* "userClass" */ -+458, /* "userId" */ -+879, /* "userPassword" */ -+373, /* "valid" */ -+678, /* "wap" */ -+679, /* "wap-wsg" */ -+735, /* "wap-wsg-idm-ecid-wtls1" */ -+743, /* "wap-wsg-idm-ecid-wtls10" */ -+744, /* "wap-wsg-idm-ecid-wtls11" */ -+745, /* "wap-wsg-idm-ecid-wtls12" */ -+736, /* "wap-wsg-idm-ecid-wtls3" */ -+737, /* "wap-wsg-idm-ecid-wtls4" */ -+738, /* "wap-wsg-idm-ecid-wtls5" */ -+739, /* "wap-wsg-idm-ecid-wtls6" */ -+740, /* "wap-wsg-idm-ecid-wtls7" */ -+741, /* "wap-wsg-idm-ecid-wtls8" */ -+742, /* "wap-wsg-idm-ecid-wtls9" */ -+804, /* "whirlpool" */ -+868, /* "x121Address" */ -+503, /* "x500UniqueIdentifier" */ -+158, /* "x509Certificate" */ -+160, /* "x509Crl" */ -+125, /* "zlib compression" */ - }; - --#define NUM_OBJ 956 --static const unsigned int obj_objs[NUM_OBJ] = { -- 0, /* OBJ_undef 0 */ -- 181, /* OBJ_iso 1 */ -- 393, /* OBJ_joint_iso_ccitt OBJ_joint_iso_itu_t */ -- 404, /* OBJ_ccitt OBJ_itu_t */ -- 645, /* OBJ_itu_t 0 */ -- 646, /* OBJ_joint_iso_itu_t 2 */ -- 434, /* OBJ_data 0 9 */ -- 182, /* OBJ_member_body 1 2 */ -- 379, /* OBJ_org 1 3 */ -- 676, /* OBJ_identified_organization 1 3 */ -- 11, /* OBJ_X500 2 5 */ -- 647, /* OBJ_international_organizations 2 23 */ -- 380, /* OBJ_dod 1 3 6 */ -- 12, /* OBJ_X509 2 5 4 */ -- 378, /* OBJ_X500algorithms 2 5 8 */ -- 81, /* OBJ_id_ce 2 5 29 */ -- 512, /* OBJ_id_set 2 23 42 */ -- 678, /* OBJ_wap 2 23 43 */ -- 435, /* OBJ_pss 0 9 2342 */ -- 183, /* OBJ_ISO_US 1 2 840 */ -- 381, /* OBJ_iana 1 3 6 1 */ -- 1034, /* OBJ_X25519 1 3 101 110 */ -- 1035, /* OBJ_X448 1 3 101 111 */ -- 677, /* OBJ_certicom_arc 1 3 132 */ -- 394, /* OBJ_selected_attribute_types 2 5 1 5 */ -- 13, /* OBJ_commonName 2 5 4 3 */ -- 100, /* OBJ_surname 2 5 4 4 */ -- 105, /* OBJ_serialNumber 2 5 4 5 */ -- 14, /* OBJ_countryName 2 5 4 6 */ -- 15, /* OBJ_localityName 2 5 4 7 */ -- 16, /* OBJ_stateOrProvinceName 2 5 4 8 */ -- 660, /* OBJ_streetAddress 2 5 4 9 */ -- 17, /* OBJ_organizationName 2 5 4 10 */ -- 18, /* OBJ_organizationalUnitName 2 5 4 11 */ -- 106, /* OBJ_title 2 5 4 12 */ -- 107, /* OBJ_description 2 5 4 13 */ -- 859, /* OBJ_searchGuide 2 5 4 14 */ -- 860, /* OBJ_businessCategory 2 5 4 15 */ -- 861, /* OBJ_postalAddress 2 5 4 16 */ -- 661, /* OBJ_postalCode 2 5 4 17 */ -- 862, /* OBJ_postOfficeBox 2 5 4 18 */ -- 863, /* OBJ_physicalDeliveryOfficeName 2 5 4 19 */ -- 864, /* OBJ_telephoneNumber 2 5 4 20 */ -- 865, /* OBJ_telexNumber 2 5 4 21 */ -- 866, /* OBJ_teletexTerminalIdentifier 2 5 4 22 */ -- 867, /* OBJ_facsimileTelephoneNumber 2 5 4 23 */ -- 868, /* OBJ_x121Address 2 5 4 24 */ -- 869, /* OBJ_internationaliSDNNumber 2 5 4 25 */ -- 870, /* OBJ_registeredAddress 2 5 4 26 */ -- 871, /* OBJ_destinationIndicator 2 5 4 27 */ -- 872, /* OBJ_preferredDeliveryMethod 2 5 4 28 */ -- 873, /* OBJ_presentationAddress 2 5 4 29 */ -- 874, /* OBJ_supportedApplicationContext 2 5 4 30 */ -- 875, /* OBJ_member 2 5 4 31 */ -- 876, /* OBJ_owner 2 5 4 32 */ -- 877, /* OBJ_roleOccupant 2 5 4 33 */ -- 878, /* OBJ_seeAlso 2 5 4 34 */ -- 879, /* OBJ_userPassword 2 5 4 35 */ -- 880, /* OBJ_userCertificate 2 5 4 36 */ -- 881, /* OBJ_cACertificate 2 5 4 37 */ -- 882, /* OBJ_authorityRevocationList 2 5 4 38 */ -- 883, /* OBJ_certificateRevocationList 2 5 4 39 */ -- 884, /* OBJ_crossCertificatePair 2 5 4 40 */ -- 173, /* OBJ_name 2 5 4 41 */ -- 99, /* OBJ_givenName 2 5 4 42 */ -- 101, /* OBJ_initials 2 5 4 43 */ -- 509, /* OBJ_generationQualifier 2 5 4 44 */ -- 503, /* OBJ_x500UniqueIdentifier 2 5 4 45 */ -- 174, /* OBJ_dnQualifier 2 5 4 46 */ -- 885, /* OBJ_enhancedSearchGuide 2 5 4 47 */ -- 886, /* OBJ_protocolInformation 2 5 4 48 */ -- 887, /* OBJ_distinguishedName 2 5 4 49 */ -- 888, /* OBJ_uniqueMember 2 5 4 50 */ -- 889, /* OBJ_houseIdentifier 2 5 4 51 */ -- 890, /* OBJ_supportedAlgorithms 2 5 4 52 */ -- 891, /* OBJ_deltaRevocationList 2 5 4 53 */ -- 892, /* OBJ_dmdName 2 5 4 54 */ -- 510, /* OBJ_pseudonym 2 5 4 65 */ -- 400, /* OBJ_role 2 5 4 72 */ -- 769, /* OBJ_subject_directory_attributes 2 5 29 9 */ -- 82, /* OBJ_subject_key_identifier 2 5 29 14 */ -- 83, /* OBJ_key_usage 2 5 29 15 */ -- 84, /* OBJ_private_key_usage_period 2 5 29 16 */ -- 85, /* OBJ_subject_alt_name 2 5 29 17 */ -- 86, /* OBJ_issuer_alt_name 2 5 29 18 */ -- 87, /* OBJ_basic_constraints 2 5 29 19 */ -- 88, /* OBJ_crl_number 2 5 29 20 */ -- 141, /* OBJ_crl_reason 2 5 29 21 */ -- 430, /* OBJ_hold_instruction_code 2 5 29 23 */ -- 142, /* OBJ_invalidity_date 2 5 29 24 */ -- 140, /* OBJ_delta_crl 2 5 29 27 */ -- 770, /* OBJ_issuing_distribution_point 2 5 29 28 */ -- 771, /* OBJ_certificate_issuer 2 5 29 29 */ -- 666, /* OBJ_name_constraints 2 5 29 30 */ -- 103, /* OBJ_crl_distribution_points 2 5 29 31 */ -- 89, /* OBJ_certificate_policies 2 5 29 32 */ -- 747, /* OBJ_policy_mappings 2 5 29 33 */ -- 90, /* OBJ_authority_key_identifier 2 5 29 35 */ -- 401, /* OBJ_policy_constraints 2 5 29 36 */ -- 126, /* OBJ_ext_key_usage 2 5 29 37 */ -- 857, /* OBJ_freshest_crl 2 5 29 46 */ -- 748, /* OBJ_inhibit_any_policy 2 5 29 54 */ -- 402, /* OBJ_target_information 2 5 29 55 */ -- 403, /* OBJ_no_rev_avail 2 5 29 56 */ -- 513, /* OBJ_set_ctype 2 23 42 0 */ -- 514, /* OBJ_set_msgExt 2 23 42 1 */ -- 515, /* OBJ_set_attr 2 23 42 3 */ -- 516, /* OBJ_set_policy 2 23 42 5 */ -- 517, /* OBJ_set_certExt 2 23 42 7 */ -- 518, /* OBJ_set_brand 2 23 42 8 */ -- 679, /* OBJ_wap_wsg 2 23 43 1 */ -- 382, /* OBJ_Directory 1 3 6 1 1 */ -- 383, /* OBJ_Management 1 3 6 1 2 */ -- 384, /* OBJ_Experimental 1 3 6 1 3 */ -- 385, /* OBJ_Private 1 3 6 1 4 */ -- 386, /* OBJ_Security 1 3 6 1 5 */ -- 387, /* OBJ_SNMPv2 1 3 6 1 6 */ -- 388, /* OBJ_Mail 1 3 6 1 7 */ -- 376, /* OBJ_algorithm 1 3 14 3 2 */ -- 395, /* OBJ_clearance 2 5 1 5 55 */ -- 19, /* OBJ_rsa 2 5 8 1 1 */ -- 96, /* OBJ_mdc2WithRSA 2 5 8 3 100 */ -- 95, /* OBJ_mdc2 2 5 8 3 101 */ -- 746, /* OBJ_any_policy 2 5 29 32 0 */ -- 910, /* OBJ_anyExtendedKeyUsage 2 5 29 37 0 */ -- 519, /* OBJ_setct_PANData 2 23 42 0 0 */ -- 520, /* OBJ_setct_PANToken 2 23 42 0 1 */ -- 521, /* OBJ_setct_PANOnly 2 23 42 0 2 */ -- 522, /* OBJ_setct_OIData 2 23 42 0 3 */ -- 523, /* OBJ_setct_PI 2 23 42 0 4 */ -- 524, /* OBJ_setct_PIData 2 23 42 0 5 */ -- 525, /* OBJ_setct_PIDataUnsigned 2 23 42 0 6 */ -- 526, /* OBJ_setct_HODInput 2 23 42 0 7 */ -- 527, /* OBJ_setct_AuthResBaggage 2 23 42 0 8 */ -- 528, /* OBJ_setct_AuthRevReqBaggage 2 23 42 0 9 */ -- 529, /* OBJ_setct_AuthRevResBaggage 2 23 42 0 10 */ -- 530, /* OBJ_setct_CapTokenSeq 2 23 42 0 11 */ -- 531, /* OBJ_setct_PInitResData 2 23 42 0 12 */ -- 532, /* OBJ_setct_PI_TBS 2 23 42 0 13 */ -- 533, /* OBJ_setct_PResData 2 23 42 0 14 */ -- 534, /* OBJ_setct_AuthReqTBS 2 23 42 0 16 */ -- 535, /* OBJ_setct_AuthResTBS 2 23 42 0 17 */ -- 536, /* OBJ_setct_AuthResTBSX 2 23 42 0 18 */ -- 537, /* OBJ_setct_AuthTokenTBS 2 23 42 0 19 */ -- 538, /* OBJ_setct_CapTokenData 2 23 42 0 20 */ -- 539, /* OBJ_setct_CapTokenTBS 2 23 42 0 21 */ -- 540, /* OBJ_setct_AcqCardCodeMsg 2 23 42 0 22 */ -- 541, /* OBJ_setct_AuthRevReqTBS 2 23 42 0 23 */ -- 542, /* OBJ_setct_AuthRevResData 2 23 42 0 24 */ -- 543, /* OBJ_setct_AuthRevResTBS 2 23 42 0 25 */ -- 544, /* OBJ_setct_CapReqTBS 2 23 42 0 26 */ -- 545, /* OBJ_setct_CapReqTBSX 2 23 42 0 27 */ -- 546, /* OBJ_setct_CapResData 2 23 42 0 28 */ -- 547, /* OBJ_setct_CapRevReqTBS 2 23 42 0 29 */ -- 548, /* OBJ_setct_CapRevReqTBSX 2 23 42 0 30 */ -- 549, /* OBJ_setct_CapRevResData 2 23 42 0 31 */ -- 550, /* OBJ_setct_CredReqTBS 2 23 42 0 32 */ -- 551, /* OBJ_setct_CredReqTBSX 2 23 42 0 33 */ -- 552, /* OBJ_setct_CredResData 2 23 42 0 34 */ -- 553, /* OBJ_setct_CredRevReqTBS 2 23 42 0 35 */ -- 554, /* OBJ_setct_CredRevReqTBSX 2 23 42 0 36 */ -- 555, /* OBJ_setct_CredRevResData 2 23 42 0 37 */ -- 556, /* OBJ_setct_PCertReqData 2 23 42 0 38 */ -- 557, /* OBJ_setct_PCertResTBS 2 23 42 0 39 */ -- 558, /* OBJ_setct_BatchAdminReqData 2 23 42 0 40 */ -- 559, /* OBJ_setct_BatchAdminResData 2 23 42 0 41 */ -- 560, /* OBJ_setct_CardCInitResTBS 2 23 42 0 42 */ -- 561, /* OBJ_setct_MeAqCInitResTBS 2 23 42 0 43 */ -- 562, /* OBJ_setct_RegFormResTBS 2 23 42 0 44 */ -- 563, /* OBJ_setct_CertReqData 2 23 42 0 45 */ -- 564, /* OBJ_setct_CertReqTBS 2 23 42 0 46 */ -- 565, /* OBJ_setct_CertResData 2 23 42 0 47 */ -- 566, /* OBJ_setct_CertInqReqTBS 2 23 42 0 48 */ -- 567, /* OBJ_setct_ErrorTBS 2 23 42 0 49 */ -- 568, /* OBJ_setct_PIDualSignedTBE 2 23 42 0 50 */ -- 569, /* OBJ_setct_PIUnsignedTBE 2 23 42 0 51 */ -- 570, /* OBJ_setct_AuthReqTBE 2 23 42 0 52 */ -- 571, /* OBJ_setct_AuthResTBE 2 23 42 0 53 */ -- 572, /* OBJ_setct_AuthResTBEX 2 23 42 0 54 */ -- 573, /* OBJ_setct_AuthTokenTBE 2 23 42 0 55 */ -- 574, /* OBJ_setct_CapTokenTBE 2 23 42 0 56 */ -- 575, /* OBJ_setct_CapTokenTBEX 2 23 42 0 57 */ -- 576, /* OBJ_setct_AcqCardCodeMsgTBE 2 23 42 0 58 */ -- 577, /* OBJ_setct_AuthRevReqTBE 2 23 42 0 59 */ -- 578, /* OBJ_setct_AuthRevResTBE 2 23 42 0 60 */ -- 579, /* OBJ_setct_AuthRevResTBEB 2 23 42 0 61 */ -- 580, /* OBJ_setct_CapReqTBE 2 23 42 0 62 */ -- 581, /* OBJ_setct_CapReqTBEX 2 23 42 0 63 */ -- 582, /* OBJ_setct_CapResTBE 2 23 42 0 64 */ -- 583, /* OBJ_setct_CapRevReqTBE 2 23 42 0 65 */ -- 584, /* OBJ_setct_CapRevReqTBEX 2 23 42 0 66 */ -- 585, /* OBJ_setct_CapRevResTBE 2 23 42 0 67 */ -- 586, /* OBJ_setct_CredReqTBE 2 23 42 0 68 */ -- 587, /* OBJ_setct_CredReqTBEX 2 23 42 0 69 */ -- 588, /* OBJ_setct_CredResTBE 2 23 42 0 70 */ -- 589, /* OBJ_setct_CredRevReqTBE 2 23 42 0 71 */ -- 590, /* OBJ_setct_CredRevReqTBEX 2 23 42 0 72 */ -- 591, /* OBJ_setct_CredRevResTBE 2 23 42 0 73 */ -- 592, /* OBJ_setct_BatchAdminReqTBE 2 23 42 0 74 */ -- 593, /* OBJ_setct_BatchAdminResTBE 2 23 42 0 75 */ -- 594, /* OBJ_setct_RegFormReqTBE 2 23 42 0 76 */ -- 595, /* OBJ_setct_CertReqTBE 2 23 42 0 77 */ -- 596, /* OBJ_setct_CertReqTBEX 2 23 42 0 78 */ -- 597, /* OBJ_setct_CertResTBE 2 23 42 0 79 */ -- 598, /* OBJ_setct_CRLNotificationTBS 2 23 42 0 80 */ -- 599, /* OBJ_setct_CRLNotificationResTBS 2 23 42 0 81 */ -- 600, /* OBJ_setct_BCIDistributionTBS 2 23 42 0 82 */ -- 601, /* OBJ_setext_genCrypt 2 23 42 1 1 */ -- 602, /* OBJ_setext_miAuth 2 23 42 1 3 */ -- 603, /* OBJ_setext_pinSecure 2 23 42 1 4 */ -- 604, /* OBJ_setext_pinAny 2 23 42 1 5 */ -- 605, /* OBJ_setext_track2 2 23 42 1 7 */ -- 606, /* OBJ_setext_cv 2 23 42 1 8 */ -- 620, /* OBJ_setAttr_Cert 2 23 42 3 0 */ -- 621, /* OBJ_setAttr_PGWYcap 2 23 42 3 1 */ -- 622, /* OBJ_setAttr_TokenType 2 23 42 3 2 */ -- 623, /* OBJ_setAttr_IssCap 2 23 42 3 3 */ -- 607, /* OBJ_set_policy_root 2 23 42 5 0 */ -- 608, /* OBJ_setCext_hashedRoot 2 23 42 7 0 */ -- 609, /* OBJ_setCext_certType 2 23 42 7 1 */ -- 610, /* OBJ_setCext_merchData 2 23 42 7 2 */ -- 611, /* OBJ_setCext_cCertRequired 2 23 42 7 3 */ -- 612, /* OBJ_setCext_tunneling 2 23 42 7 4 */ -- 613, /* OBJ_setCext_setExt 2 23 42 7 5 */ -- 614, /* OBJ_setCext_setQualf 2 23 42 7 6 */ -- 615, /* OBJ_setCext_PGWYcapabilities 2 23 42 7 7 */ -- 616, /* OBJ_setCext_TokenIdentifier 2 23 42 7 8 */ -- 617, /* OBJ_setCext_Track2Data 2 23 42 7 9 */ -- 618, /* OBJ_setCext_TokenType 2 23 42 7 10 */ -- 619, /* OBJ_setCext_IssuerCapabilities 2 23 42 7 11 */ -- 636, /* OBJ_set_brand_IATA_ATA 2 23 42 8 1 */ -- 640, /* OBJ_set_brand_Visa 2 23 42 8 4 */ -- 641, /* OBJ_set_brand_MasterCard 2 23 42 8 5 */ -- 637, /* OBJ_set_brand_Diners 2 23 42 8 30 */ -- 638, /* OBJ_set_brand_AmericanExpress 2 23 42 8 34 */ -- 639, /* OBJ_set_brand_JCB 2 23 42 8 35 */ -- 805, /* OBJ_cryptopro 1 2 643 2 2 */ -- 806, /* OBJ_cryptocom 1 2 643 2 9 */ -- 974, /* OBJ_id_tc26 1 2 643 7 1 */ -- 1005, /* OBJ_OGRN 1 2 643 100 1 */ -- 1006, /* OBJ_SNILS 1 2 643 100 3 */ -- 1007, /* OBJ_subjectSignTool 1 2 643 100 111 */ -- 1008, /* OBJ_issuerSignTool 1 2 643 100 112 */ -- 184, /* OBJ_X9_57 1 2 840 10040 */ -- 405, /* OBJ_ansi_X9_62 1 2 840 10045 */ -- 389, /* OBJ_Enterprises 1 3 6 1 4 1 */ -- 504, /* OBJ_mime_mhs 1 3 6 1 7 1 */ -- 104, /* OBJ_md5WithRSA 1 3 14 3 2 3 */ -- 29, /* OBJ_des_ecb 1 3 14 3 2 6 */ -- 31, /* OBJ_des_cbc 1 3 14 3 2 7 */ -- 45, /* OBJ_des_ofb64 1 3 14 3 2 8 */ -- 30, /* OBJ_des_cfb64 1 3 14 3 2 9 */ -- 377, /* OBJ_rsaSignature 1 3 14 3 2 11 */ -- 67, /* OBJ_dsa_2 1 3 14 3 2 12 */ -- 66, /* OBJ_dsaWithSHA 1 3 14 3 2 13 */ -- 42, /* OBJ_shaWithRSAEncryption 1 3 14 3 2 15 */ -- 32, /* OBJ_des_ede_ecb 1 3 14 3 2 17 */ -- 41, /* OBJ_sha 1 3 14 3 2 18 */ -- 64, /* OBJ_sha1 1 3 14 3 2 26 */ -- 70, /* OBJ_dsaWithSHA1_2 1 3 14 3 2 27 */ -- 115, /* OBJ_sha1WithRSA 1 3 14 3 2 29 */ -- 117, /* OBJ_ripemd160 1 3 36 3 2 1 */ -- 143, /* OBJ_sxnet 1 3 101 1 4 1 */ -- 721, /* OBJ_sect163k1 1 3 132 0 1 */ -- 722, /* OBJ_sect163r1 1 3 132 0 2 */ -- 728, /* OBJ_sect239k1 1 3 132 0 3 */ -- 717, /* OBJ_sect113r1 1 3 132 0 4 */ -- 718, /* OBJ_sect113r2 1 3 132 0 5 */ -- 704, /* OBJ_secp112r1 1 3 132 0 6 */ -- 705, /* OBJ_secp112r2 1 3 132 0 7 */ -- 709, /* OBJ_secp160r1 1 3 132 0 8 */ -- 708, /* OBJ_secp160k1 1 3 132 0 9 */ -- 714, /* OBJ_secp256k1 1 3 132 0 10 */ -- 723, /* OBJ_sect163r2 1 3 132 0 15 */ -- 729, /* OBJ_sect283k1 1 3 132 0 16 */ -- 730, /* OBJ_sect283r1 1 3 132 0 17 */ -- 719, /* OBJ_sect131r1 1 3 132 0 22 */ -- 720, /* OBJ_sect131r2 1 3 132 0 23 */ -- 724, /* OBJ_sect193r1 1 3 132 0 24 */ -- 725, /* OBJ_sect193r2 1 3 132 0 25 */ -- 726, /* OBJ_sect233k1 1 3 132 0 26 */ -- 727, /* OBJ_sect233r1 1 3 132 0 27 */ -- 706, /* OBJ_secp128r1 1 3 132 0 28 */ -- 707, /* OBJ_secp128r2 1 3 132 0 29 */ -- 710, /* OBJ_secp160r2 1 3 132 0 30 */ -- 711, /* OBJ_secp192k1 1 3 132 0 31 */ -- 712, /* OBJ_secp224k1 1 3 132 0 32 */ -- 713, /* OBJ_secp224r1 1 3 132 0 33 */ -- 715, /* OBJ_secp384r1 1 3 132 0 34 */ -- 716, /* OBJ_secp521r1 1 3 132 0 35 */ -- 731, /* OBJ_sect409k1 1 3 132 0 36 */ -- 732, /* OBJ_sect409r1 1 3 132 0 37 */ -- 733, /* OBJ_sect571k1 1 3 132 0 38 */ -- 734, /* OBJ_sect571r1 1 3 132 0 39 */ -- 624, /* OBJ_set_rootKeyThumb 2 23 42 3 0 0 */ -- 625, /* OBJ_set_addPolicy 2 23 42 3 0 1 */ -- 626, /* OBJ_setAttr_Token_EMV 2 23 42 3 2 1 */ -- 627, /* OBJ_setAttr_Token_B0Prime 2 23 42 3 2 2 */ -- 628, /* OBJ_setAttr_IssCap_CVM 2 23 42 3 3 3 */ -- 629, /* OBJ_setAttr_IssCap_T2 2 23 42 3 3 4 */ -- 630, /* OBJ_setAttr_IssCap_Sig 2 23 42 3 3 5 */ -- 642, /* OBJ_set_brand_Novus 2 23 42 8 6011 */ -- 735, /* OBJ_wap_wsg_idm_ecid_wtls1 2 23 43 1 4 1 */ -- 736, /* OBJ_wap_wsg_idm_ecid_wtls3 2 23 43 1 4 3 */ -- 737, /* OBJ_wap_wsg_idm_ecid_wtls4 2 23 43 1 4 4 */ -- 738, /* OBJ_wap_wsg_idm_ecid_wtls5 2 23 43 1 4 5 */ -- 739, /* OBJ_wap_wsg_idm_ecid_wtls6 2 23 43 1 4 6 */ -- 740, /* OBJ_wap_wsg_idm_ecid_wtls7 2 23 43 1 4 7 */ -- 741, /* OBJ_wap_wsg_idm_ecid_wtls8 2 23 43 1 4 8 */ -- 742, /* OBJ_wap_wsg_idm_ecid_wtls9 2 23 43 1 4 9 */ -- 743, /* OBJ_wap_wsg_idm_ecid_wtls10 2 23 43 1 4 10 */ -- 744, /* OBJ_wap_wsg_idm_ecid_wtls11 2 23 43 1 4 11 */ -- 745, /* OBJ_wap_wsg_idm_ecid_wtls12 2 23 43 1 4 12 */ -- 804, /* OBJ_whirlpool 1 0 10118 3 0 55 */ -- 773, /* OBJ_kisa 1 2 410 200004 */ -- 807, /* OBJ_id_GostR3411_94_with_GostR3410_2001 1 2 643 2 2 3 */ -- 808, /* OBJ_id_GostR3411_94_with_GostR3410_94 1 2 643 2 2 4 */ -- 809, /* OBJ_id_GostR3411_94 1 2 643 2 2 9 */ -- 810, /* OBJ_id_HMACGostR3411_94 1 2 643 2 2 10 */ -- 811, /* OBJ_id_GostR3410_2001 1 2 643 2 2 19 */ -- 812, /* OBJ_id_GostR3410_94 1 2 643 2 2 20 */ -- 813, /* OBJ_id_Gost28147_89 1 2 643 2 2 21 */ -- 815, /* OBJ_id_Gost28147_89_MAC 1 2 643 2 2 22 */ -- 816, /* OBJ_id_GostR3411_94_prf 1 2 643 2 2 23 */ -- 817, /* OBJ_id_GostR3410_2001DH 1 2 643 2 2 98 */ -- 818, /* OBJ_id_GostR3410_94DH 1 2 643 2 2 99 */ -- 977, /* OBJ_id_tc26_algorithms 1 2 643 7 1 1 */ -- 994, /* OBJ_id_tc26_constants 1 2 643 7 1 2 */ -- 1, /* OBJ_rsadsi 1 2 840 113549 */ -- 185, /* OBJ_X9cm 1 2 840 10040 4 */ -- 1031, /* OBJ_id_pkinit 1 3 6 1 5 2 3 */ -- 127, /* OBJ_id_pkix 1 3 6 1 5 5 7 */ -- 505, /* OBJ_mime_mhs_headings 1 3 6 1 7 1 1 */ -- 506, /* OBJ_mime_mhs_bodies 1 3 6 1 7 1 2 */ -- 119, /* OBJ_ripemd160WithRSA 1 3 36 3 3 1 2 */ -- 937, /* OBJ_dhSinglePass_stdDH_sha224kdf_scheme 1 3 132 1 11 0 */ -- 938, /* OBJ_dhSinglePass_stdDH_sha256kdf_scheme 1 3 132 1 11 1 */ -- 939, /* OBJ_dhSinglePass_stdDH_sha384kdf_scheme 1 3 132 1 11 2 */ -- 940, /* OBJ_dhSinglePass_stdDH_sha512kdf_scheme 1 3 132 1 11 3 */ -- 942, /* OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme 1 3 132 1 14 0 */ -- 943, /* OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme 1 3 132 1 14 1 */ -- 944, /* OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme 1 3 132 1 14 2 */ -- 945, /* OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme 1 3 132 1 14 3 */ -- 631, /* OBJ_setAttr_GenCryptgrm 2 23 42 3 3 3 1 */ -- 632, /* OBJ_setAttr_T2Enc 2 23 42 3 3 4 1 */ -- 633, /* OBJ_setAttr_T2cleartxt 2 23 42 3 3 4 2 */ -- 634, /* OBJ_setAttr_TokICCsig 2 23 42 3 3 5 1 */ -- 635, /* OBJ_setAttr_SecDevSig 2 23 42 3 3 5 2 */ -- 436, /* OBJ_ucl 0 9 2342 19200300 */ -- 820, /* OBJ_id_Gost28147_89_None_KeyMeshing 1 2 643 2 2 14 0 */ -- 819, /* OBJ_id_Gost28147_89_CryptoPro_KeyMeshing 1 2 643 2 2 14 1 */ -- 845, /* OBJ_id_GostR3410_94_a 1 2 643 2 2 20 1 */ -- 846, /* OBJ_id_GostR3410_94_aBis 1 2 643 2 2 20 2 */ -- 847, /* OBJ_id_GostR3410_94_b 1 2 643 2 2 20 3 */ -- 848, /* OBJ_id_GostR3410_94_bBis 1 2 643 2 2 20 4 */ -- 821, /* OBJ_id_GostR3411_94_TestParamSet 1 2 643 2 2 30 0 */ -- 822, /* OBJ_id_GostR3411_94_CryptoProParamSet 1 2 643 2 2 30 1 */ -- 823, /* OBJ_id_Gost28147_89_TestParamSet 1 2 643 2 2 31 0 */ -- 824, /* OBJ_id_Gost28147_89_CryptoPro_A_ParamSet 1 2 643 2 2 31 1 */ -- 825, /* OBJ_id_Gost28147_89_CryptoPro_B_ParamSet 1 2 643 2 2 31 2 */ -- 826, /* OBJ_id_Gost28147_89_CryptoPro_C_ParamSet 1 2 643 2 2 31 3 */ -- 827, /* OBJ_id_Gost28147_89_CryptoPro_D_ParamSet 1 2 643 2 2 31 4 */ -- 828, /* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 1 2 643 2 2 31 5 */ -- 829, /* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 1 2 643 2 2 31 6 */ -- 830, /* OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet 1 2 643 2 2 31 7 */ -- 831, /* OBJ_id_GostR3410_94_TestParamSet 1 2 643 2 2 32 0 */ -- 832, /* OBJ_id_GostR3410_94_CryptoPro_A_ParamSet 1 2 643 2 2 32 2 */ -- 833, /* OBJ_id_GostR3410_94_CryptoPro_B_ParamSet 1 2 643 2 2 32 3 */ -- 834, /* OBJ_id_GostR3410_94_CryptoPro_C_ParamSet 1 2 643 2 2 32 4 */ -- 835, /* OBJ_id_GostR3410_94_CryptoPro_D_ParamSet 1 2 643 2 2 32 5 */ -- 836, /* OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet 1 2 643 2 2 33 1 */ -- 837, /* OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet 1 2 643 2 2 33 2 */ -- 838, /* OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet 1 2 643 2 2 33 3 */ -- 839, /* OBJ_id_GostR3410_2001_TestParamSet 1 2 643 2 2 35 0 */ -- 840, /* OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet 1 2 643 2 2 35 1 */ -- 841, /* OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet 1 2 643 2 2 35 2 */ -- 842, /* OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet 1 2 643 2 2 35 3 */ -- 843, /* OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet 1 2 643 2 2 36 0 */ -- 844, /* OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet 1 2 643 2 2 36 1 */ -- 978, /* OBJ_id_tc26_sign 1 2 643 7 1 1 1 */ -- 981, /* OBJ_id_tc26_digest 1 2 643 7 1 1 2 */ -- 984, /* OBJ_id_tc26_signwithdigest 1 2 643 7 1 1 3 */ -- 987, /* OBJ_id_tc26_mac 1 2 643 7 1 1 4 */ -- 990, /* OBJ_id_tc26_cipher 1 2 643 7 1 1 5 */ -- 991, /* OBJ_id_tc26_agreement 1 2 643 7 1 1 6 */ -- 995, /* OBJ_id_tc26_sign_constants 1 2 643 7 1 2 1 */ -- 1000, /* OBJ_id_tc26_digest_constants 1 2 643 7 1 2 2 */ -- 1001, /* OBJ_id_tc26_cipher_constants 1 2 643 7 1 2 5 */ -- 2, /* OBJ_pkcs 1 2 840 113549 1 */ -- 431, /* OBJ_hold_instruction_none 1 2 840 10040 2 1 */ -- 432, /* OBJ_hold_instruction_call_issuer 1 2 840 10040 2 2 */ -- 433, /* OBJ_hold_instruction_reject 1 2 840 10040 2 3 */ -- 116, /* OBJ_dsa 1 2 840 10040 4 1 */ -- 113, /* OBJ_dsaWithSHA1 1 2 840 10040 4 3 */ -- 406, /* OBJ_X9_62_prime_field 1 2 840 10045 1 1 */ -- 407, /* OBJ_X9_62_characteristic_two_field 1 2 840 10045 1 2 */ -- 408, /* OBJ_X9_62_id_ecPublicKey 1 2 840 10045 2 1 */ -- 416, /* OBJ_ecdsa_with_SHA1 1 2 840 10045 4 1 */ -- 791, /* OBJ_ecdsa_with_Recommended 1 2 840 10045 4 2 */ -- 792, /* OBJ_ecdsa_with_Specified 1 2 840 10045 4 3 */ -- 920, /* OBJ_dhpublicnumber 1 2 840 10046 2 1 */ -- 1032, /* OBJ_pkInitClientAuth 1 3 6 1 5 2 3 4 */ -- 1033, /* OBJ_pkInitKDC 1 3 6 1 5 2 3 5 */ -- 258, /* OBJ_id_pkix_mod 1 3 6 1 5 5 7 0 */ -- 175, /* OBJ_id_pe 1 3 6 1 5 5 7 1 */ -- 259, /* OBJ_id_qt 1 3 6 1 5 5 7 2 */ -- 128, /* OBJ_id_kp 1 3 6 1 5 5 7 3 */ -- 260, /* OBJ_id_it 1 3 6 1 5 5 7 4 */ -- 261, /* OBJ_id_pkip 1 3 6 1 5 5 7 5 */ -- 262, /* OBJ_id_alg 1 3 6 1 5 5 7 6 */ -- 263, /* OBJ_id_cmc 1 3 6 1 5 5 7 7 */ -- 264, /* OBJ_id_on 1 3 6 1 5 5 7 8 */ -- 265, /* OBJ_id_pda 1 3 6 1 5 5 7 9 */ -- 266, /* OBJ_id_aca 1 3 6 1 5 5 7 10 */ -- 267, /* OBJ_id_qcs 1 3 6 1 5 5 7 11 */ -- 268, /* OBJ_id_cct 1 3 6 1 5 5 7 12 */ -- 662, /* OBJ_id_ppl 1 3 6 1 5 5 7 21 */ -- 176, /* OBJ_id_ad 1 3 6 1 5 5 7 48 */ -- 507, /* OBJ_id_hex_partial_message 1 3 6 1 7 1 1 1 */ -- 508, /* OBJ_id_hex_multipart_message 1 3 6 1 7 1 1 2 */ -- 57, /* OBJ_netscape 2 16 840 1 113730 */ -- 754, /* OBJ_camellia_128_ecb 0 3 4401 5 3 1 9 1 */ -- 766, /* OBJ_camellia_128_ofb128 0 3 4401 5 3 1 9 3 */ -- 757, /* OBJ_camellia_128_cfb128 0 3 4401 5 3 1 9 4 */ -- 961, /* OBJ_camellia_128_gcm 0 3 4401 5 3 1 9 6 */ -- 962, /* OBJ_camellia_128_ccm 0 3 4401 5 3 1 9 7 */ -- 963, /* OBJ_camellia_128_ctr 0 3 4401 5 3 1 9 9 */ -- 964, /* OBJ_camellia_128_cmac 0 3 4401 5 3 1 9 10 */ -- 755, /* OBJ_camellia_192_ecb 0 3 4401 5 3 1 9 21 */ -- 767, /* OBJ_camellia_192_ofb128 0 3 4401 5 3 1 9 23 */ -- 758, /* OBJ_camellia_192_cfb128 0 3 4401 5 3 1 9 24 */ -- 965, /* OBJ_camellia_192_gcm 0 3 4401 5 3 1 9 26 */ -- 966, /* OBJ_camellia_192_ccm 0 3 4401 5 3 1 9 27 */ -- 967, /* OBJ_camellia_192_ctr 0 3 4401 5 3 1 9 29 */ -- 968, /* OBJ_camellia_192_cmac 0 3 4401 5 3 1 9 30 */ -- 756, /* OBJ_camellia_256_ecb 0 3 4401 5 3 1 9 41 */ -- 768, /* OBJ_camellia_256_ofb128 0 3 4401 5 3 1 9 43 */ -- 759, /* OBJ_camellia_256_cfb128 0 3 4401 5 3 1 9 44 */ -- 969, /* OBJ_camellia_256_gcm 0 3 4401 5 3 1 9 46 */ -- 970, /* OBJ_camellia_256_ccm 0 3 4401 5 3 1 9 47 */ -- 971, /* OBJ_camellia_256_ctr 0 3 4401 5 3 1 9 49 */ -- 972, /* OBJ_camellia_256_cmac 0 3 4401 5 3 1 9 50 */ -- 437, /* OBJ_pilot 0 9 2342 19200300 100 */ -- 776, /* OBJ_seed_ecb 1 2 410 200004 1 3 */ -- 777, /* OBJ_seed_cbc 1 2 410 200004 1 4 */ -- 779, /* OBJ_seed_cfb128 1 2 410 200004 1 5 */ -- 778, /* OBJ_seed_ofb128 1 2 410 200004 1 6 */ -- 852, /* OBJ_id_GostR3411_94_with_GostR3410_94_cc 1 2 643 2 9 1 3 3 */ -- 853, /* OBJ_id_GostR3411_94_with_GostR3410_2001_cc 1 2 643 2 9 1 3 4 */ -- 850, /* OBJ_id_GostR3410_94_cc 1 2 643 2 9 1 5 3 */ -- 851, /* OBJ_id_GostR3410_2001_cc 1 2 643 2 9 1 5 4 */ -- 849, /* OBJ_id_Gost28147_89_cc 1 2 643 2 9 1 6 1 */ -- 854, /* OBJ_id_GostR3410_2001_ParamSet_cc 1 2 643 2 9 1 8 1 */ -- 1004, /* OBJ_INN 1 2 643 3 131 1 1 */ -- 979, /* OBJ_id_GostR3410_2012_256 1 2 643 7 1 1 1 1 */ -- 980, /* OBJ_id_GostR3410_2012_512 1 2 643 7 1 1 1 2 */ -- 982, /* OBJ_id_GostR3411_2012_256 1 2 643 7 1 1 2 2 */ -- 983, /* OBJ_id_GostR3411_2012_512 1 2 643 7 1 1 2 3 */ -- 985, /* OBJ_id_tc26_signwithdigest_gost3410_2012_256 1 2 643 7 1 1 3 2 */ -- 986, /* OBJ_id_tc26_signwithdigest_gost3410_2012_512 1 2 643 7 1 1 3 3 */ -- 988, /* OBJ_id_tc26_hmac_gost_3411_2012_256 1 2 643 7 1 1 4 1 */ -- 989, /* OBJ_id_tc26_hmac_gost_3411_2012_512 1 2 643 7 1 1 4 2 */ -- 992, /* OBJ_id_tc26_agreement_gost_3410_2012_256 1 2 643 7 1 1 6 1 */ -- 993, /* OBJ_id_tc26_agreement_gost_3410_2012_512 1 2 643 7 1 1 6 2 */ -- 996, /* OBJ_id_tc26_gost_3410_2012_512_constants 1 2 643 7 1 2 1 2 */ -- 1002, /* OBJ_id_tc26_gost_28147_constants 1 2 643 7 1 2 5 1 */ -- 186, /* OBJ_pkcs1 1 2 840 113549 1 1 */ -- 27, /* OBJ_pkcs3 1 2 840 113549 1 3 */ -- 187, /* OBJ_pkcs5 1 2 840 113549 1 5 */ -- 20, /* OBJ_pkcs7 1 2 840 113549 1 7 */ -- 47, /* OBJ_pkcs9 1 2 840 113549 1 9 */ -- 3, /* OBJ_md2 1 2 840 113549 2 2 */ -- 257, /* OBJ_md4 1 2 840 113549 2 4 */ -- 4, /* OBJ_md5 1 2 840 113549 2 5 */ -- 797, /* OBJ_hmacWithMD5 1 2 840 113549 2 6 */ -- 163, /* OBJ_hmacWithSHA1 1 2 840 113549 2 7 */ -- 798, /* OBJ_hmacWithSHA224 1 2 840 113549 2 8 */ -- 799, /* OBJ_hmacWithSHA256 1 2 840 113549 2 9 */ -- 800, /* OBJ_hmacWithSHA384 1 2 840 113549 2 10 */ -- 801, /* OBJ_hmacWithSHA512 1 2 840 113549 2 11 */ -- 37, /* OBJ_rc2_cbc 1 2 840 113549 3 2 */ -- 5, /* OBJ_rc4 1 2 840 113549 3 4 */ -- 44, /* OBJ_des_ede3_cbc 1 2 840 113549 3 7 */ -- 120, /* OBJ_rc5_cbc 1 2 840 113549 3 8 */ -- 643, /* OBJ_des_cdmf 1 2 840 113549 3 10 */ -- 680, /* OBJ_X9_62_id_characteristic_two_basis 1 2 840 10045 1 2 3 */ -- 684, /* OBJ_X9_62_c2pnb163v1 1 2 840 10045 3 0 1 */ -- 685, /* OBJ_X9_62_c2pnb163v2 1 2 840 10045 3 0 2 */ -- 686, /* OBJ_X9_62_c2pnb163v3 1 2 840 10045 3 0 3 */ -- 687, /* OBJ_X9_62_c2pnb176v1 1 2 840 10045 3 0 4 */ -- 688, /* OBJ_X9_62_c2tnb191v1 1 2 840 10045 3 0 5 */ -- 689, /* OBJ_X9_62_c2tnb191v2 1 2 840 10045 3 0 6 */ -- 690, /* OBJ_X9_62_c2tnb191v3 1 2 840 10045 3 0 7 */ -- 691, /* OBJ_X9_62_c2onb191v4 1 2 840 10045 3 0 8 */ -- 692, /* OBJ_X9_62_c2onb191v5 1 2 840 10045 3 0 9 */ -- 693, /* OBJ_X9_62_c2pnb208w1 1 2 840 10045 3 0 10 */ -- 694, /* OBJ_X9_62_c2tnb239v1 1 2 840 10045 3 0 11 */ -- 695, /* OBJ_X9_62_c2tnb239v2 1 2 840 10045 3 0 12 */ -- 696, /* OBJ_X9_62_c2tnb239v3 1 2 840 10045 3 0 13 */ -- 697, /* OBJ_X9_62_c2onb239v4 1 2 840 10045 3 0 14 */ -- 698, /* OBJ_X9_62_c2onb239v5 1 2 840 10045 3 0 15 */ -- 699, /* OBJ_X9_62_c2pnb272w1 1 2 840 10045 3 0 16 */ -- 700, /* OBJ_X9_62_c2pnb304w1 1 2 840 10045 3 0 17 */ -- 701, /* OBJ_X9_62_c2tnb359v1 1 2 840 10045 3 0 18 */ -- 702, /* OBJ_X9_62_c2pnb368w1 1 2 840 10045 3 0 19 */ -- 703, /* OBJ_X9_62_c2tnb431r1 1 2 840 10045 3 0 20 */ -- 409, /* OBJ_X9_62_prime192v1 1 2 840 10045 3 1 1 */ -- 410, /* OBJ_X9_62_prime192v2 1 2 840 10045 3 1 2 */ -- 411, /* OBJ_X9_62_prime192v3 1 2 840 10045 3 1 3 */ -- 412, /* OBJ_X9_62_prime239v1 1 2 840 10045 3 1 4 */ -- 413, /* OBJ_X9_62_prime239v2 1 2 840 10045 3 1 5 */ -- 414, /* OBJ_X9_62_prime239v3 1 2 840 10045 3 1 6 */ -- 415, /* OBJ_X9_62_prime256v1 1 2 840 10045 3 1 7 */ -- 793, /* OBJ_ecdsa_with_SHA224 1 2 840 10045 4 3 1 */ -- 794, /* OBJ_ecdsa_with_SHA256 1 2 840 10045 4 3 2 */ -- 795, /* OBJ_ecdsa_with_SHA384 1 2 840 10045 4 3 3 */ -- 796, /* OBJ_ecdsa_with_SHA512 1 2 840 10045 4 3 4 */ -- 269, /* OBJ_id_pkix1_explicit_88 1 3 6 1 5 5 7 0 1 */ -- 270, /* OBJ_id_pkix1_implicit_88 1 3 6 1 5 5 7 0 2 */ -- 271, /* OBJ_id_pkix1_explicit_93 1 3 6 1 5 5 7 0 3 */ -- 272, /* OBJ_id_pkix1_implicit_93 1 3 6 1 5 5 7 0 4 */ -- 273, /* OBJ_id_mod_crmf 1 3 6 1 5 5 7 0 5 */ -- 274, /* OBJ_id_mod_cmc 1 3 6 1 5 5 7 0 6 */ -- 275, /* OBJ_id_mod_kea_profile_88 1 3 6 1 5 5 7 0 7 */ -- 276, /* OBJ_id_mod_kea_profile_93 1 3 6 1 5 5 7 0 8 */ -- 277, /* OBJ_id_mod_cmp 1 3 6 1 5 5 7 0 9 */ -- 278, /* OBJ_id_mod_qualified_cert_88 1 3 6 1 5 5 7 0 10 */ -- 279, /* OBJ_id_mod_qualified_cert_93 1 3 6 1 5 5 7 0 11 */ -- 280, /* OBJ_id_mod_attribute_cert 1 3 6 1 5 5 7 0 12 */ -- 281, /* OBJ_id_mod_timestamp_protocol 1 3 6 1 5 5 7 0 13 */ -- 282, /* OBJ_id_mod_ocsp 1 3 6 1 5 5 7 0 14 */ -- 283, /* OBJ_id_mod_dvcs 1 3 6 1 5 5 7 0 15 */ -- 284, /* OBJ_id_mod_cmp2000 1 3 6 1 5 5 7 0 16 */ -- 177, /* OBJ_info_access 1 3 6 1 5 5 7 1 1 */ -- 285, /* OBJ_biometricInfo 1 3 6 1 5 5 7 1 2 */ -- 286, /* OBJ_qcStatements 1 3 6 1 5 5 7 1 3 */ -- 287, /* OBJ_ac_auditEntity 1 3 6 1 5 5 7 1 4 */ -- 288, /* OBJ_ac_targeting 1 3 6 1 5 5 7 1 5 */ -- 289, /* OBJ_aaControls 1 3 6 1 5 5 7 1 6 */ -- 290, /* OBJ_sbgp_ipAddrBlock 1 3 6 1 5 5 7 1 7 */ -- 291, /* OBJ_sbgp_autonomousSysNum 1 3 6 1 5 5 7 1 8 */ -- 292, /* OBJ_sbgp_routerIdentifier 1 3 6 1 5 5 7 1 9 */ -- 397, /* OBJ_ac_proxying 1 3 6 1 5 5 7 1 10 */ -- 398, /* OBJ_sinfo_access 1 3 6 1 5 5 7 1 11 */ -- 663, /* OBJ_proxyCertInfo 1 3 6 1 5 5 7 1 14 */ -- 1020, /* OBJ_tlsfeature 1 3 6 1 5 5 7 1 24 */ -- 164, /* OBJ_id_qt_cps 1 3 6 1 5 5 7 2 1 */ -- 165, /* OBJ_id_qt_unotice 1 3 6 1 5 5 7 2 2 */ -- 293, /* OBJ_textNotice 1 3 6 1 5 5 7 2 3 */ -- 129, /* OBJ_server_auth 1 3 6 1 5 5 7 3 1 */ -- 130, /* OBJ_client_auth 1 3 6 1 5 5 7 3 2 */ -- 131, /* OBJ_code_sign 1 3 6 1 5 5 7 3 3 */ -- 132, /* OBJ_email_protect 1 3 6 1 5 5 7 3 4 */ -- 294, /* OBJ_ipsecEndSystem 1 3 6 1 5 5 7 3 5 */ -- 295, /* OBJ_ipsecTunnel 1 3 6 1 5 5 7 3 6 */ -- 296, /* OBJ_ipsecUser 1 3 6 1 5 5 7 3 7 */ -- 133, /* OBJ_time_stamp 1 3 6 1 5 5 7 3 8 */ -- 180, /* OBJ_OCSP_sign 1 3 6 1 5 5 7 3 9 */ -- 297, /* OBJ_dvcs 1 3 6 1 5 5 7 3 10 */ -- 1022, /* OBJ_ipsec_IKE 1 3 6 1 5 5 7 3 17 */ -- 1023, /* OBJ_capwapAC 1 3 6 1 5 5 7 3 18 */ -- 1024, /* OBJ_capwapWTP 1 3 6 1 5 5 7 3 19 */ -- 1025, /* OBJ_sshClient 1 3 6 1 5 5 7 3 21 */ -- 1026, /* OBJ_sshServer 1 3 6 1 5 5 7 3 22 */ -- 1027, /* OBJ_sendRouter 1 3 6 1 5 5 7 3 23 */ -- 1028, /* OBJ_sendProxiedRouter 1 3 6 1 5 5 7 3 24 */ -- 1029, /* OBJ_sendOwner 1 3 6 1 5 5 7 3 25 */ -- 1030, /* OBJ_sendProxiedOwner 1 3 6 1 5 5 7 3 26 */ -- 298, /* OBJ_id_it_caProtEncCert 1 3 6 1 5 5 7 4 1 */ -- 299, /* OBJ_id_it_signKeyPairTypes 1 3 6 1 5 5 7 4 2 */ -- 300, /* OBJ_id_it_encKeyPairTypes 1 3 6 1 5 5 7 4 3 */ -- 301, /* OBJ_id_it_preferredSymmAlg 1 3 6 1 5 5 7 4 4 */ -- 302, /* OBJ_id_it_caKeyUpdateInfo 1 3 6 1 5 5 7 4 5 */ -- 303, /* OBJ_id_it_currentCRL 1 3 6 1 5 5 7 4 6 */ -- 304, /* OBJ_id_it_unsupportedOIDs 1 3 6 1 5 5 7 4 7 */ -- 305, /* OBJ_id_it_subscriptionRequest 1 3 6 1 5 5 7 4 8 */ -- 306, /* OBJ_id_it_subscriptionResponse 1 3 6 1 5 5 7 4 9 */ -- 307, /* OBJ_id_it_keyPairParamReq 1 3 6 1 5 5 7 4 10 */ -- 308, /* OBJ_id_it_keyPairParamRep 1 3 6 1 5 5 7 4 11 */ -- 309, /* OBJ_id_it_revPassphrase 1 3 6 1 5 5 7 4 12 */ -- 310, /* OBJ_id_it_implicitConfirm 1 3 6 1 5 5 7 4 13 */ -- 311, /* OBJ_id_it_confirmWaitTime 1 3 6 1 5 5 7 4 14 */ -- 312, /* OBJ_id_it_origPKIMessage 1 3 6 1 5 5 7 4 15 */ -- 784, /* OBJ_id_it_suppLangTags 1 3 6 1 5 5 7 4 16 */ -- 313, /* OBJ_id_regCtrl 1 3 6 1 5 5 7 5 1 */ -- 314, /* OBJ_id_regInfo 1 3 6 1 5 5 7 5 2 */ -- 323, /* OBJ_id_alg_des40 1 3 6 1 5 5 7 6 1 */ -- 324, /* OBJ_id_alg_noSignature 1 3 6 1 5 5 7 6 2 */ -- 325, /* OBJ_id_alg_dh_sig_hmac_sha1 1 3 6 1 5 5 7 6 3 */ -- 326, /* OBJ_id_alg_dh_pop 1 3 6 1 5 5 7 6 4 */ -- 327, /* OBJ_id_cmc_statusInfo 1 3 6 1 5 5 7 7 1 */ -- 328, /* OBJ_id_cmc_identification 1 3 6 1 5 5 7 7 2 */ -- 329, /* OBJ_id_cmc_identityProof 1 3 6 1 5 5 7 7 3 */ -- 330, /* OBJ_id_cmc_dataReturn 1 3 6 1 5 5 7 7 4 */ -- 331, /* OBJ_id_cmc_transactionId 1 3 6 1 5 5 7 7 5 */ -- 332, /* OBJ_id_cmc_senderNonce 1 3 6 1 5 5 7 7 6 */ -- 333, /* OBJ_id_cmc_recipientNonce 1 3 6 1 5 5 7 7 7 */ -- 334, /* OBJ_id_cmc_addExtensions 1 3 6 1 5 5 7 7 8 */ -- 335, /* OBJ_id_cmc_encryptedPOP 1 3 6 1 5 5 7 7 9 */ -- 336, /* OBJ_id_cmc_decryptedPOP 1 3 6 1 5 5 7 7 10 */ -- 337, /* OBJ_id_cmc_lraPOPWitness 1 3 6 1 5 5 7 7 11 */ -- 338, /* OBJ_id_cmc_getCert 1 3 6 1 5 5 7 7 15 */ -- 339, /* OBJ_id_cmc_getCRL 1 3 6 1 5 5 7 7 16 */ -- 340, /* OBJ_id_cmc_revokeRequest 1 3 6 1 5 5 7 7 17 */ -- 341, /* OBJ_id_cmc_regInfo 1 3 6 1 5 5 7 7 18 */ -- 342, /* OBJ_id_cmc_responseInfo 1 3 6 1 5 5 7 7 19 */ -- 343, /* OBJ_id_cmc_queryPending 1 3 6 1 5 5 7 7 21 */ -- 344, /* OBJ_id_cmc_popLinkRandom 1 3 6 1 5 5 7 7 22 */ -- 345, /* OBJ_id_cmc_popLinkWitness 1 3 6 1 5 5 7 7 23 */ -- 346, /* OBJ_id_cmc_confirmCertAcceptance 1 3 6 1 5 5 7 7 24 */ -- 347, /* OBJ_id_on_personalData 1 3 6 1 5 5 7 8 1 */ -- 858, /* OBJ_id_on_permanentIdentifier 1 3 6 1 5 5 7 8 3 */ -- 348, /* OBJ_id_pda_dateOfBirth 1 3 6 1 5 5 7 9 1 */ -- 349, /* OBJ_id_pda_placeOfBirth 1 3 6 1 5 5 7 9 2 */ -- 351, /* OBJ_id_pda_gender 1 3 6 1 5 5 7 9 3 */ -- 352, /* OBJ_id_pda_countryOfCitizenship 1 3 6 1 5 5 7 9 4 */ -- 353, /* OBJ_id_pda_countryOfResidence 1 3 6 1 5 5 7 9 5 */ -- 354, /* OBJ_id_aca_authenticationInfo 1 3 6 1 5 5 7 10 1 */ -- 355, /* OBJ_id_aca_accessIdentity 1 3 6 1 5 5 7 10 2 */ -- 356, /* OBJ_id_aca_chargingIdentity 1 3 6 1 5 5 7 10 3 */ -- 357, /* OBJ_id_aca_group 1 3 6 1 5 5 7 10 4 */ -- 358, /* OBJ_id_aca_role 1 3 6 1 5 5 7 10 5 */ -- 399, /* OBJ_id_aca_encAttrs 1 3 6 1 5 5 7 10 6 */ -- 359, /* OBJ_id_qcs_pkixQCSyntax_v1 1 3 6 1 5 5 7 11 1 */ -- 360, /* OBJ_id_cct_crs 1 3 6 1 5 5 7 12 1 */ -- 361, /* OBJ_id_cct_PKIData 1 3 6 1 5 5 7 12 2 */ -- 362, /* OBJ_id_cct_PKIResponse 1 3 6 1 5 5 7 12 3 */ -- 664, /* OBJ_id_ppl_anyLanguage 1 3 6 1 5 5 7 21 0 */ -- 665, /* OBJ_id_ppl_inheritAll 1 3 6 1 5 5 7 21 1 */ -- 667, /* OBJ_Independent 1 3 6 1 5 5 7 21 2 */ -- 178, /* OBJ_ad_OCSP 1 3 6 1 5 5 7 48 1 */ -- 179, /* OBJ_ad_ca_issuers 1 3 6 1 5 5 7 48 2 */ -- 363, /* OBJ_ad_timeStamping 1 3 6 1 5 5 7 48 3 */ -- 364, /* OBJ_ad_dvcs 1 3 6 1 5 5 7 48 4 */ -- 785, /* OBJ_caRepository 1 3 6 1 5 5 7 48 5 */ -- 780, /* OBJ_hmac_md5 1 3 6 1 5 5 8 1 1 */ -- 781, /* OBJ_hmac_sha1 1 3 6 1 5 5 8 1 2 */ -- 58, /* OBJ_netscape_cert_extension 2 16 840 1 113730 1 */ -- 59, /* OBJ_netscape_data_type 2 16 840 1 113730 2 */ -- 438, /* OBJ_pilotAttributeType 0 9 2342 19200300 100 1 */ -- 439, /* OBJ_pilotAttributeSyntax 0 9 2342 19200300 100 3 */ -- 440, /* OBJ_pilotObjectClass 0 9 2342 19200300 100 4 */ -- 441, /* OBJ_pilotGroups 0 9 2342 19200300 100 10 */ -- 997, /* OBJ_id_tc26_gost_3410_2012_512_paramSetTest 1 2 643 7 1 2 1 2 0 */ -- 998, /* OBJ_id_tc26_gost_3410_2012_512_paramSetA 1 2 643 7 1 2 1 2 1 */ -- 999, /* OBJ_id_tc26_gost_3410_2012_512_paramSetB 1 2 643 7 1 2 1 2 2 */ -- 1003, /* OBJ_id_tc26_gost_28147_param_Z 1 2 643 7 1 2 5 1 1 */ -- 108, /* OBJ_cast5_cbc 1 2 840 113533 7 66 10 */ -- 112, /* OBJ_pbeWithMD5AndCast5_CBC 1 2 840 113533 7 66 12 */ -- 782, /* OBJ_id_PasswordBasedMAC 1 2 840 113533 7 66 13 */ -- 783, /* OBJ_id_DHBasedMac 1 2 840 113533 7 66 30 */ -- 6, /* OBJ_rsaEncryption 1 2 840 113549 1 1 1 */ -- 7, /* OBJ_md2WithRSAEncryption 1 2 840 113549 1 1 2 */ -- 396, /* OBJ_md4WithRSAEncryption 1 2 840 113549 1 1 3 */ -- 8, /* OBJ_md5WithRSAEncryption 1 2 840 113549 1 1 4 */ -- 65, /* OBJ_sha1WithRSAEncryption 1 2 840 113549 1 1 5 */ -- 644, /* OBJ_rsaOAEPEncryptionSET 1 2 840 113549 1 1 6 */ -- 919, /* OBJ_rsaesOaep 1 2 840 113549 1 1 7 */ -- 911, /* OBJ_mgf1 1 2 840 113549 1 1 8 */ -- 935, /* OBJ_pSpecified 1 2 840 113549 1 1 9 */ -- 912, /* OBJ_rsassaPss 1 2 840 113549 1 1 10 */ -- 668, /* OBJ_sha256WithRSAEncryption 1 2 840 113549 1 1 11 */ -- 669, /* OBJ_sha384WithRSAEncryption 1 2 840 113549 1 1 12 */ -- 670, /* OBJ_sha512WithRSAEncryption 1 2 840 113549 1 1 13 */ -- 671, /* OBJ_sha224WithRSAEncryption 1 2 840 113549 1 1 14 */ -- 28, /* OBJ_dhKeyAgreement 1 2 840 113549 1 3 1 */ -- 9, /* OBJ_pbeWithMD2AndDES_CBC 1 2 840 113549 1 5 1 */ -- 10, /* OBJ_pbeWithMD5AndDES_CBC 1 2 840 113549 1 5 3 */ -- 168, /* OBJ_pbeWithMD2AndRC2_CBC 1 2 840 113549 1 5 4 */ -- 169, /* OBJ_pbeWithMD5AndRC2_CBC 1 2 840 113549 1 5 6 */ -- 170, /* OBJ_pbeWithSHA1AndDES_CBC 1 2 840 113549 1 5 10 */ -- 68, /* OBJ_pbeWithSHA1AndRC2_CBC 1 2 840 113549 1 5 11 */ -- 69, /* OBJ_id_pbkdf2 1 2 840 113549 1 5 12 */ -- 161, /* OBJ_pbes2 1 2 840 113549 1 5 13 */ -- 162, /* OBJ_pbmac1 1 2 840 113549 1 5 14 */ -- 21, /* OBJ_pkcs7_data 1 2 840 113549 1 7 1 */ -- 22, /* OBJ_pkcs7_signed 1 2 840 113549 1 7 2 */ -- 23, /* OBJ_pkcs7_enveloped 1 2 840 113549 1 7 3 */ -- 24, /* OBJ_pkcs7_signedAndEnveloped 1 2 840 113549 1 7 4 */ -- 25, /* OBJ_pkcs7_digest 1 2 840 113549 1 7 5 */ -- 26, /* OBJ_pkcs7_encrypted 1 2 840 113549 1 7 6 */ -- 48, /* OBJ_pkcs9_emailAddress 1 2 840 113549 1 9 1 */ -- 49, /* OBJ_pkcs9_unstructuredName 1 2 840 113549 1 9 2 */ -- 50, /* OBJ_pkcs9_contentType 1 2 840 113549 1 9 3 */ -- 51, /* OBJ_pkcs9_messageDigest 1 2 840 113549 1 9 4 */ -- 52, /* OBJ_pkcs9_signingTime 1 2 840 113549 1 9 5 */ -- 53, /* OBJ_pkcs9_countersignature 1 2 840 113549 1 9 6 */ -- 54, /* OBJ_pkcs9_challengePassword 1 2 840 113549 1 9 7 */ -- 55, /* OBJ_pkcs9_unstructuredAddress 1 2 840 113549 1 9 8 */ -- 56, /* OBJ_pkcs9_extCertAttributes 1 2 840 113549 1 9 9 */ -- 172, /* OBJ_ext_req 1 2 840 113549 1 9 14 */ -- 167, /* OBJ_SMIMECapabilities 1 2 840 113549 1 9 15 */ -- 188, /* OBJ_SMIME 1 2 840 113549 1 9 16 */ -- 156, /* OBJ_friendlyName 1 2 840 113549 1 9 20 */ -- 157, /* OBJ_localKeyID 1 2 840 113549 1 9 21 */ -- 681, /* OBJ_X9_62_onBasis 1 2 840 10045 1 2 3 1 */ -- 682, /* OBJ_X9_62_tpBasis 1 2 840 10045 1 2 3 2 */ -- 683, /* OBJ_X9_62_ppBasis 1 2 840 10045 1 2 3 3 */ -- 417, /* OBJ_ms_csp_name 1 3 6 1 4 1 311 17 1 */ -- 856, /* OBJ_LocalKeySet 1 3 6 1 4 1 311 17 2 */ -- 390, /* OBJ_dcObject 1 3 6 1 4 1 1466 344 */ -- 91, /* OBJ_bf_cbc 1 3 6 1 4 1 3029 1 2 */ -- 973, /* OBJ_id_scrypt 1 3 6 1 4 1 11591 4 11 */ -- 315, /* OBJ_id_regCtrl_regToken 1 3 6 1 5 5 7 5 1 1 */ -- 316, /* OBJ_id_regCtrl_authenticator 1 3 6 1 5 5 7 5 1 2 */ -- 317, /* OBJ_id_regCtrl_pkiPublicationInfo 1 3 6 1 5 5 7 5 1 3 */ -- 318, /* OBJ_id_regCtrl_pkiArchiveOptions 1 3 6 1 5 5 7 5 1 4 */ -- 319, /* OBJ_id_regCtrl_oldCertID 1 3 6 1 5 5 7 5 1 5 */ -- 320, /* OBJ_id_regCtrl_protocolEncrKey 1 3 6 1 5 5 7 5 1 6 */ -- 321, /* OBJ_id_regInfo_utf8Pairs 1 3 6 1 5 5 7 5 2 1 */ -- 322, /* OBJ_id_regInfo_certReq 1 3 6 1 5 5 7 5 2 2 */ -- 365, /* OBJ_id_pkix_OCSP_basic 1 3 6 1 5 5 7 48 1 1 */ -- 366, /* OBJ_id_pkix_OCSP_Nonce 1 3 6 1 5 5 7 48 1 2 */ -- 367, /* OBJ_id_pkix_OCSP_CrlID 1 3 6 1 5 5 7 48 1 3 */ -- 368, /* OBJ_id_pkix_OCSP_acceptableResponses 1 3 6 1 5 5 7 48 1 4 */ -- 369, /* OBJ_id_pkix_OCSP_noCheck 1 3 6 1 5 5 7 48 1 5 */ -- 370, /* OBJ_id_pkix_OCSP_archiveCutoff 1 3 6 1 5 5 7 48 1 6 */ -- 371, /* OBJ_id_pkix_OCSP_serviceLocator 1 3 6 1 5 5 7 48 1 7 */ -- 372, /* OBJ_id_pkix_OCSP_extendedStatus 1 3 6 1 5 5 7 48 1 8 */ -- 373, /* OBJ_id_pkix_OCSP_valid 1 3 6 1 5 5 7 48 1 9 */ -- 374, /* OBJ_id_pkix_OCSP_path 1 3 6 1 5 5 7 48 1 10 */ -- 375, /* OBJ_id_pkix_OCSP_trustRoot 1 3 6 1 5 5 7 48 1 11 */ -- 921, /* OBJ_brainpoolP160r1 1 3 36 3 3 2 8 1 1 1 */ -- 922, /* OBJ_brainpoolP160t1 1 3 36 3 3 2 8 1 1 2 */ -- 923, /* OBJ_brainpoolP192r1 1 3 36 3 3 2 8 1 1 3 */ -- 924, /* OBJ_brainpoolP192t1 1 3 36 3 3 2 8 1 1 4 */ -- 925, /* OBJ_brainpoolP224r1 1 3 36 3 3 2 8 1 1 5 */ -- 926, /* OBJ_brainpoolP224t1 1 3 36 3 3 2 8 1 1 6 */ -- 927, /* OBJ_brainpoolP256r1 1 3 36 3 3 2 8 1 1 7 */ -- 928, /* OBJ_brainpoolP256t1 1 3 36 3 3 2 8 1 1 8 */ -- 929, /* OBJ_brainpoolP320r1 1 3 36 3 3 2 8 1 1 9 */ -- 930, /* OBJ_brainpoolP320t1 1 3 36 3 3 2 8 1 1 10 */ -- 931, /* OBJ_brainpoolP384r1 1 3 36 3 3 2 8 1 1 11 */ -- 932, /* OBJ_brainpoolP384t1 1 3 36 3 3 2 8 1 1 12 */ -- 933, /* OBJ_brainpoolP512r1 1 3 36 3 3 2 8 1 1 13 */ -- 934, /* OBJ_brainpoolP512t1 1 3 36 3 3 2 8 1 1 14 */ -- 936, /* OBJ_dhSinglePass_stdDH_sha1kdf_scheme 1 3 133 16 840 63 0 2 */ -- 941, /* OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme 1 3 133 16 840 63 0 3 */ -- 418, /* OBJ_aes_128_ecb 2 16 840 1 101 3 4 1 1 */ -- 419, /* OBJ_aes_128_cbc 2 16 840 1 101 3 4 1 2 */ -- 420, /* OBJ_aes_128_ofb128 2 16 840 1 101 3 4 1 3 */ -- 421, /* OBJ_aes_128_cfb128 2 16 840 1 101 3 4 1 4 */ -- 788, /* OBJ_id_aes128_wrap 2 16 840 1 101 3 4 1 5 */ -- 895, /* OBJ_aes_128_gcm 2 16 840 1 101 3 4 1 6 */ -- 896, /* OBJ_aes_128_ccm 2 16 840 1 101 3 4 1 7 */ -- 897, /* OBJ_id_aes128_wrap_pad 2 16 840 1 101 3 4 1 8 */ -- 422, /* OBJ_aes_192_ecb 2 16 840 1 101 3 4 1 21 */ -- 423, /* OBJ_aes_192_cbc 2 16 840 1 101 3 4 1 22 */ -- 424, /* OBJ_aes_192_ofb128 2 16 840 1 101 3 4 1 23 */ -- 425, /* OBJ_aes_192_cfb128 2 16 840 1 101 3 4 1 24 */ -- 789, /* OBJ_id_aes192_wrap 2 16 840 1 101 3 4 1 25 */ -- 898, /* OBJ_aes_192_gcm 2 16 840 1 101 3 4 1 26 */ -- 899, /* OBJ_aes_192_ccm 2 16 840 1 101 3 4 1 27 */ -- 900, /* OBJ_id_aes192_wrap_pad 2 16 840 1 101 3 4 1 28 */ -- 426, /* OBJ_aes_256_ecb 2 16 840 1 101 3 4 1 41 */ -- 427, /* OBJ_aes_256_cbc 2 16 840 1 101 3 4 1 42 */ -- 428, /* OBJ_aes_256_ofb128 2 16 840 1 101 3 4 1 43 */ -- 429, /* OBJ_aes_256_cfb128 2 16 840 1 101 3 4 1 44 */ -- 790, /* OBJ_id_aes256_wrap 2 16 840 1 101 3 4 1 45 */ -- 901, /* OBJ_aes_256_gcm 2 16 840 1 101 3 4 1 46 */ -- 902, /* OBJ_aes_256_ccm 2 16 840 1 101 3 4 1 47 */ -- 903, /* OBJ_id_aes256_wrap_pad 2 16 840 1 101 3 4 1 48 */ -- 672, /* OBJ_sha256 2 16 840 1 101 3 4 2 1 */ -- 673, /* OBJ_sha384 2 16 840 1 101 3 4 2 2 */ -- 674, /* OBJ_sha512 2 16 840 1 101 3 4 2 3 */ -- 675, /* OBJ_sha224 2 16 840 1 101 3 4 2 4 */ -- 802, /* OBJ_dsa_with_SHA224 2 16 840 1 101 3 4 3 1 */ -- 803, /* OBJ_dsa_with_SHA256 2 16 840 1 101 3 4 3 2 */ -- 71, /* OBJ_netscape_cert_type 2 16 840 1 113730 1 1 */ -- 72, /* OBJ_netscape_base_url 2 16 840 1 113730 1 2 */ -- 73, /* OBJ_netscape_revocation_url 2 16 840 1 113730 1 3 */ -- 74, /* OBJ_netscape_ca_revocation_url 2 16 840 1 113730 1 4 */ -- 75, /* OBJ_netscape_renewal_url 2 16 840 1 113730 1 7 */ -- 76, /* OBJ_netscape_ca_policy_url 2 16 840 1 113730 1 8 */ -- 77, /* OBJ_netscape_ssl_server_name 2 16 840 1 113730 1 12 */ -- 78, /* OBJ_netscape_comment 2 16 840 1 113730 1 13 */ -- 79, /* OBJ_netscape_cert_sequence 2 16 840 1 113730 2 5 */ -- 139, /* OBJ_ns_sgc 2 16 840 1 113730 4 1 */ -- 458, /* OBJ_userId 0 9 2342 19200300 100 1 1 */ -- 459, /* OBJ_textEncodedORAddress 0 9 2342 19200300 100 1 2 */ -- 460, /* OBJ_rfc822Mailbox 0 9 2342 19200300 100 1 3 */ -- 461, /* OBJ_info 0 9 2342 19200300 100 1 4 */ -- 462, /* OBJ_favouriteDrink 0 9 2342 19200300 100 1 5 */ -- 463, /* OBJ_roomNumber 0 9 2342 19200300 100 1 6 */ -- 464, /* OBJ_photo 0 9 2342 19200300 100 1 7 */ -- 465, /* OBJ_userClass 0 9 2342 19200300 100 1 8 */ -- 466, /* OBJ_host 0 9 2342 19200300 100 1 9 */ -- 467, /* OBJ_manager 0 9 2342 19200300 100 1 10 */ -- 468, /* OBJ_documentIdentifier 0 9 2342 19200300 100 1 11 */ -- 469, /* OBJ_documentTitle 0 9 2342 19200300 100 1 12 */ -- 470, /* OBJ_documentVersion 0 9 2342 19200300 100 1 13 */ -- 471, /* OBJ_documentAuthor 0 9 2342 19200300 100 1 14 */ -- 472, /* OBJ_documentLocation 0 9 2342 19200300 100 1 15 */ -- 473, /* OBJ_homeTelephoneNumber 0 9 2342 19200300 100 1 20 */ -- 474, /* OBJ_secretary 0 9 2342 19200300 100 1 21 */ -- 475, /* OBJ_otherMailbox 0 9 2342 19200300 100 1 22 */ -- 476, /* OBJ_lastModifiedTime 0 9 2342 19200300 100 1 23 */ -- 477, /* OBJ_lastModifiedBy 0 9 2342 19200300 100 1 24 */ -- 391, /* OBJ_domainComponent 0 9 2342 19200300 100 1 25 */ -- 478, /* OBJ_aRecord 0 9 2342 19200300 100 1 26 */ -- 479, /* OBJ_pilotAttributeType27 0 9 2342 19200300 100 1 27 */ -- 480, /* OBJ_mXRecord 0 9 2342 19200300 100 1 28 */ -- 481, /* OBJ_nSRecord 0 9 2342 19200300 100 1 29 */ -- 482, /* OBJ_sOARecord 0 9 2342 19200300 100 1 30 */ -- 483, /* OBJ_cNAMERecord 0 9 2342 19200300 100 1 31 */ -- 484, /* OBJ_associatedDomain 0 9 2342 19200300 100 1 37 */ -- 485, /* OBJ_associatedName 0 9 2342 19200300 100 1 38 */ -- 486, /* OBJ_homePostalAddress 0 9 2342 19200300 100 1 39 */ -- 487, /* OBJ_personalTitle 0 9 2342 19200300 100 1 40 */ -- 488, /* OBJ_mobileTelephoneNumber 0 9 2342 19200300 100 1 41 */ -- 489, /* OBJ_pagerTelephoneNumber 0 9 2342 19200300 100 1 42 */ -- 490, /* OBJ_friendlyCountryName 0 9 2342 19200300 100 1 43 */ -- 102, /* OBJ_uniqueIdentifier 0 9 2342 19200300 100 1 44 */ -- 491, /* OBJ_organizationalStatus 0 9 2342 19200300 100 1 45 */ -- 492, /* OBJ_janetMailbox 0 9 2342 19200300 100 1 46 */ -- 493, /* OBJ_mailPreferenceOption 0 9 2342 19200300 100 1 47 */ -- 494, /* OBJ_buildingName 0 9 2342 19200300 100 1 48 */ -- 495, /* OBJ_dSAQuality 0 9 2342 19200300 100 1 49 */ -- 496, /* OBJ_singleLevelQuality 0 9 2342 19200300 100 1 50 */ -- 497, /* OBJ_subtreeMinimumQuality 0 9 2342 19200300 100 1 51 */ -- 498, /* OBJ_subtreeMaximumQuality 0 9 2342 19200300 100 1 52 */ -- 499, /* OBJ_personalSignature 0 9 2342 19200300 100 1 53 */ -- 500, /* OBJ_dITRedirect 0 9 2342 19200300 100 1 54 */ -- 501, /* OBJ_audio 0 9 2342 19200300 100 1 55 */ -- 502, /* OBJ_documentPublisher 0 9 2342 19200300 100 1 56 */ -- 442, /* OBJ_iA5StringSyntax 0 9 2342 19200300 100 3 4 */ -- 443, /* OBJ_caseIgnoreIA5StringSyntax 0 9 2342 19200300 100 3 5 */ -- 444, /* OBJ_pilotObject 0 9 2342 19200300 100 4 3 */ -- 445, /* OBJ_pilotPerson 0 9 2342 19200300 100 4 4 */ -- 446, /* OBJ_account 0 9 2342 19200300 100 4 5 */ -- 447, /* OBJ_document 0 9 2342 19200300 100 4 6 */ -- 448, /* OBJ_room 0 9 2342 19200300 100 4 7 */ -- 449, /* OBJ_documentSeries 0 9 2342 19200300 100 4 9 */ -- 392, /* OBJ_Domain 0 9 2342 19200300 100 4 13 */ -- 450, /* OBJ_rFC822localPart 0 9 2342 19200300 100 4 14 */ -- 451, /* OBJ_dNSDomain 0 9 2342 19200300 100 4 15 */ -- 452, /* OBJ_domainRelatedObject 0 9 2342 19200300 100 4 17 */ -- 453, /* OBJ_friendlyCountry 0 9 2342 19200300 100 4 18 */ -- 454, /* OBJ_simpleSecurityObject 0 9 2342 19200300 100 4 19 */ -- 455, /* OBJ_pilotOrganization 0 9 2342 19200300 100 4 20 */ -- 456, /* OBJ_pilotDSA 0 9 2342 19200300 100 4 21 */ -- 457, /* OBJ_qualityLabelledData 0 9 2342 19200300 100 4 22 */ -- 189, /* OBJ_id_smime_mod 1 2 840 113549 1 9 16 0 */ -- 190, /* OBJ_id_smime_ct 1 2 840 113549 1 9 16 1 */ -- 191, /* OBJ_id_smime_aa 1 2 840 113549 1 9 16 2 */ -- 192, /* OBJ_id_smime_alg 1 2 840 113549 1 9 16 3 */ -- 193, /* OBJ_id_smime_cd 1 2 840 113549 1 9 16 4 */ -- 194, /* OBJ_id_smime_spq 1 2 840 113549 1 9 16 5 */ -- 195, /* OBJ_id_smime_cti 1 2 840 113549 1 9 16 6 */ -- 158, /* OBJ_x509Certificate 1 2 840 113549 1 9 22 1 */ -- 159, /* OBJ_sdsiCertificate 1 2 840 113549 1 9 22 2 */ -- 160, /* OBJ_x509Crl 1 2 840 113549 1 9 23 1 */ -- 144, /* OBJ_pbe_WithSHA1And128BitRC4 1 2 840 113549 1 12 1 1 */ -- 145, /* OBJ_pbe_WithSHA1And40BitRC4 1 2 840 113549 1 12 1 2 */ -- 146, /* OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC 1 2 840 113549 1 12 1 3 */ -- 147, /* OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC 1 2 840 113549 1 12 1 4 */ -- 148, /* OBJ_pbe_WithSHA1And128BitRC2_CBC 1 2 840 113549 1 12 1 5 */ -- 149, /* OBJ_pbe_WithSHA1And40BitRC2_CBC 1 2 840 113549 1 12 1 6 */ -- 171, /* OBJ_ms_ext_req 1 3 6 1 4 1 311 2 1 14 */ -- 134, /* OBJ_ms_code_ind 1 3 6 1 4 1 311 2 1 21 */ -- 135, /* OBJ_ms_code_com 1 3 6 1 4 1 311 2 1 22 */ -- 136, /* OBJ_ms_ctl_sign 1 3 6 1 4 1 311 10 3 1 */ -- 137, /* OBJ_ms_sgc 1 3 6 1 4 1 311 10 3 3 */ -- 138, /* OBJ_ms_efs 1 3 6 1 4 1 311 10 3 4 */ -- 648, /* OBJ_ms_smartcard_login 1 3 6 1 4 1 311 20 2 2 */ -- 649, /* OBJ_ms_upn 1 3 6 1 4 1 311 20 2 3 */ -- 951, /* OBJ_ct_precert_scts 1 3 6 1 4 1 11129 2 4 2 */ -- 952, /* OBJ_ct_precert_poison 1 3 6 1 4 1 11129 2 4 3 */ -- 953, /* OBJ_ct_precert_signer 1 3 6 1 4 1 11129 2 4 4 */ -- 954, /* OBJ_ct_cert_scts 1 3 6 1 4 1 11129 2 4 5 */ -- 751, /* OBJ_camellia_128_cbc 1 2 392 200011 61 1 1 1 2 */ -- 752, /* OBJ_camellia_192_cbc 1 2 392 200011 61 1 1 1 3 */ -- 753, /* OBJ_camellia_256_cbc 1 2 392 200011 61 1 1 1 4 */ -- 907, /* OBJ_id_camellia128_wrap 1 2 392 200011 61 1 1 3 2 */ -- 908, /* OBJ_id_camellia192_wrap 1 2 392 200011 61 1 1 3 3 */ -- 909, /* OBJ_id_camellia256_wrap 1 2 392 200011 61 1 1 3 4 */ -- 196, /* OBJ_id_smime_mod_cms 1 2 840 113549 1 9 16 0 1 */ -- 197, /* OBJ_id_smime_mod_ess 1 2 840 113549 1 9 16 0 2 */ -- 198, /* OBJ_id_smime_mod_oid 1 2 840 113549 1 9 16 0 3 */ -- 199, /* OBJ_id_smime_mod_msg_v3 1 2 840 113549 1 9 16 0 4 */ -- 200, /* OBJ_id_smime_mod_ets_eSignature_88 1 2 840 113549 1 9 16 0 5 */ -- 201, /* OBJ_id_smime_mod_ets_eSignature_97 1 2 840 113549 1 9 16 0 6 */ -- 202, /* OBJ_id_smime_mod_ets_eSigPolicy_88 1 2 840 113549 1 9 16 0 7 */ -- 203, /* OBJ_id_smime_mod_ets_eSigPolicy_97 1 2 840 113549 1 9 16 0 8 */ -- 204, /* OBJ_id_smime_ct_receipt 1 2 840 113549 1 9 16 1 1 */ -- 205, /* OBJ_id_smime_ct_authData 1 2 840 113549 1 9 16 1 2 */ -- 206, /* OBJ_id_smime_ct_publishCert 1 2 840 113549 1 9 16 1 3 */ -- 207, /* OBJ_id_smime_ct_TSTInfo 1 2 840 113549 1 9 16 1 4 */ -- 208, /* OBJ_id_smime_ct_TDTInfo 1 2 840 113549 1 9 16 1 5 */ -- 209, /* OBJ_id_smime_ct_contentInfo 1 2 840 113549 1 9 16 1 6 */ -- 210, /* OBJ_id_smime_ct_DVCSRequestData 1 2 840 113549 1 9 16 1 7 */ -- 211, /* OBJ_id_smime_ct_DVCSResponseData 1 2 840 113549 1 9 16 1 8 */ -- 786, /* OBJ_id_smime_ct_compressedData 1 2 840 113549 1 9 16 1 9 */ -- 1058, /* OBJ_id_smime_ct_contentCollection 1 2 840 113549 1 9 16 1 19 */ -- 1059, /* OBJ_id_smime_ct_authEnvelopedData 1 2 840 113549 1 9 16 1 23 */ -- 787, /* OBJ_id_ct_asciiTextWithCRLF 1 2 840 113549 1 9 16 1 27 */ -- 1060, /* OBJ_id_ct_xml 1 2 840 113549 1 9 16 1 28 */ -- 212, /* OBJ_id_smime_aa_receiptRequest 1 2 840 113549 1 9 16 2 1 */ -- 213, /* OBJ_id_smime_aa_securityLabel 1 2 840 113549 1 9 16 2 2 */ -- 214, /* OBJ_id_smime_aa_mlExpandHistory 1 2 840 113549 1 9 16 2 3 */ -- 215, /* OBJ_id_smime_aa_contentHint 1 2 840 113549 1 9 16 2 4 */ -- 216, /* OBJ_id_smime_aa_msgSigDigest 1 2 840 113549 1 9 16 2 5 */ -- 217, /* OBJ_id_smime_aa_encapContentType 1 2 840 113549 1 9 16 2 6 */ -- 218, /* OBJ_id_smime_aa_contentIdentifier 1 2 840 113549 1 9 16 2 7 */ -- 219, /* OBJ_id_smime_aa_macValue 1 2 840 113549 1 9 16 2 8 */ -- 220, /* OBJ_id_smime_aa_equivalentLabels 1 2 840 113549 1 9 16 2 9 */ -- 221, /* OBJ_id_smime_aa_contentReference 1 2 840 113549 1 9 16 2 10 */ -- 222, /* OBJ_id_smime_aa_encrypKeyPref 1 2 840 113549 1 9 16 2 11 */ -- 223, /* OBJ_id_smime_aa_signingCertificate 1 2 840 113549 1 9 16 2 12 */ -- 224, /* OBJ_id_smime_aa_smimeEncryptCerts 1 2 840 113549 1 9 16 2 13 */ -- 225, /* OBJ_id_smime_aa_timeStampToken 1 2 840 113549 1 9 16 2 14 */ -- 226, /* OBJ_id_smime_aa_ets_sigPolicyId 1 2 840 113549 1 9 16 2 15 */ -- 227, /* OBJ_id_smime_aa_ets_commitmentType 1 2 840 113549 1 9 16 2 16 */ -- 228, /* OBJ_id_smime_aa_ets_signerLocation 1 2 840 113549 1 9 16 2 17 */ -- 229, /* OBJ_id_smime_aa_ets_signerAttr 1 2 840 113549 1 9 16 2 18 */ -- 230, /* OBJ_id_smime_aa_ets_otherSigCert 1 2 840 113549 1 9 16 2 19 */ -- 231, /* OBJ_id_smime_aa_ets_contentTimestamp 1 2 840 113549 1 9 16 2 20 */ -- 232, /* OBJ_id_smime_aa_ets_CertificateRefs 1 2 840 113549 1 9 16 2 21 */ -- 233, /* OBJ_id_smime_aa_ets_RevocationRefs 1 2 840 113549 1 9 16 2 22 */ -- 234, /* OBJ_id_smime_aa_ets_certValues 1 2 840 113549 1 9 16 2 23 */ -- 235, /* OBJ_id_smime_aa_ets_revocationValues 1 2 840 113549 1 9 16 2 24 */ -- 236, /* OBJ_id_smime_aa_ets_escTimeStamp 1 2 840 113549 1 9 16 2 25 */ -- 237, /* OBJ_id_smime_aa_ets_certCRLTimestamp 1 2 840 113549 1 9 16 2 26 */ -- 238, /* OBJ_id_smime_aa_ets_archiveTimeStamp 1 2 840 113549 1 9 16 2 27 */ -- 239, /* OBJ_id_smime_aa_signatureType 1 2 840 113549 1 9 16 2 28 */ -- 240, /* OBJ_id_smime_aa_dvcs_dvc 1 2 840 113549 1 9 16 2 29 */ -- 241, /* OBJ_id_smime_alg_ESDHwith3DES 1 2 840 113549 1 9 16 3 1 */ -- 242, /* OBJ_id_smime_alg_ESDHwithRC2 1 2 840 113549 1 9 16 3 2 */ -- 243, /* OBJ_id_smime_alg_3DESwrap 1 2 840 113549 1 9 16 3 3 */ -- 244, /* OBJ_id_smime_alg_RC2wrap 1 2 840 113549 1 9 16 3 4 */ -- 245, /* OBJ_id_smime_alg_ESDH 1 2 840 113549 1 9 16 3 5 */ -- 246, /* OBJ_id_smime_alg_CMS3DESwrap 1 2 840 113549 1 9 16 3 6 */ -- 247, /* OBJ_id_smime_alg_CMSRC2wrap 1 2 840 113549 1 9 16 3 7 */ -- 125, /* OBJ_zlib_compression 1 2 840 113549 1 9 16 3 8 */ -- 893, /* OBJ_id_alg_PWRI_KEK 1 2 840 113549 1 9 16 3 9 */ -- 248, /* OBJ_id_smime_cd_ldap 1 2 840 113549 1 9 16 4 1 */ -- 249, /* OBJ_id_smime_spq_ets_sqt_uri 1 2 840 113549 1 9 16 5 1 */ -- 250, /* OBJ_id_smime_spq_ets_sqt_unotice 1 2 840 113549 1 9 16 5 2 */ -- 251, /* OBJ_id_smime_cti_ets_proofOfOrigin 1 2 840 113549 1 9 16 6 1 */ -- 252, /* OBJ_id_smime_cti_ets_proofOfReceipt 1 2 840 113549 1 9 16 6 2 */ -- 253, /* OBJ_id_smime_cti_ets_proofOfDelivery 1 2 840 113549 1 9 16 6 3 */ -- 254, /* OBJ_id_smime_cti_ets_proofOfSender 1 2 840 113549 1 9 16 6 4 */ -- 255, /* OBJ_id_smime_cti_ets_proofOfApproval 1 2 840 113549 1 9 16 6 5 */ -- 256, /* OBJ_id_smime_cti_ets_proofOfCreation 1 2 840 113549 1 9 16 6 6 */ -- 150, /* OBJ_keyBag 1 2 840 113549 1 12 10 1 1 */ -- 151, /* OBJ_pkcs8ShroudedKeyBag 1 2 840 113549 1 12 10 1 2 */ -- 152, /* OBJ_certBag 1 2 840 113549 1 12 10 1 3 */ -- 153, /* OBJ_crlBag 1 2 840 113549 1 12 10 1 4 */ -- 154, /* OBJ_secretBag 1 2 840 113549 1 12 10 1 5 */ -- 155, /* OBJ_safeContentsBag 1 2 840 113549 1 12 10 1 6 */ -- 34, /* OBJ_idea_cbc 1 3 6 1 4 1 188 7 1 1 2 */ -- 955, /* OBJ_jurisdictionLocalityName 1 3 6 1 4 1 311 60 2 1 1 */ -- 956, /* OBJ_jurisdictionStateOrProvinceName 1 3 6 1 4 1 311 60 2 1 2 */ -- 957, /* OBJ_jurisdictionCountryName 1 3 6 1 4 1 311 60 2 1 3 */ -- 1056, /* OBJ_blake2b512 1 3 6 1 4 1 1722 12 2 1 16 */ -- 1057, /* OBJ_blake2s256 1 3 6 1 4 1 1722 12 2 2 8 */ -+static const unsigned int obj_objs[NUM_OBJ]={ -+ 0, /* OBJ_undef 0 */ -+181, /* OBJ_iso 1 */ -+393, /* OBJ_joint_iso_ccitt OBJ_joint_iso_itu_t */ -+404, /* OBJ_ccitt OBJ_itu_t */ -+645, /* OBJ_itu_t 0 */ -+646, /* OBJ_joint_iso_itu_t 2 */ -+434, /* OBJ_data 0 9 */ -+182, /* OBJ_member_body 1 2 */ -+379, /* OBJ_org 1 3 */ -+676, /* OBJ_identified_organization 1 3 */ -+11, /* OBJ_X500 2 5 */ -+647, /* OBJ_international_organizations 2 23 */ -+380, /* OBJ_dod 1 3 6 */ -+12, /* OBJ_X509 2 5 4 */ -+378, /* OBJ_X500algorithms 2 5 8 */ -+81, /* OBJ_id_ce 2 5 29 */ -+512, /* OBJ_id_set 2 23 42 */ -+678, /* OBJ_wap 2 23 43 */ -+435, /* OBJ_pss 0 9 2342 */ -+183, /* OBJ_ISO_US 1 2 840 */ -+381, /* OBJ_iana 1 3 6 1 */ -+677, /* OBJ_certicom_arc 1 3 132 */ -+394, /* OBJ_selected_attribute_types 2 5 1 5 */ -+13, /* OBJ_commonName 2 5 4 3 */ -+100, /* OBJ_surname 2 5 4 4 */ -+105, /* OBJ_serialNumber 2 5 4 5 */ -+14, /* OBJ_countryName 2 5 4 6 */ -+15, /* OBJ_localityName 2 5 4 7 */ -+16, /* OBJ_stateOrProvinceName 2 5 4 8 */ -+660, /* OBJ_streetAddress 2 5 4 9 */ -+17, /* OBJ_organizationName 2 5 4 10 */ -+18, /* OBJ_organizationalUnitName 2 5 4 11 */ -+106, /* OBJ_title 2 5 4 12 */ -+107, /* OBJ_description 2 5 4 13 */ -+859, /* OBJ_searchGuide 2 5 4 14 */ -+860, /* OBJ_businessCategory 2 5 4 15 */ -+861, /* OBJ_postalAddress 2 5 4 16 */ -+661, /* OBJ_postalCode 2 5 4 17 */ -+862, /* OBJ_postOfficeBox 2 5 4 18 */ -+863, /* OBJ_physicalDeliveryOfficeName 2 5 4 19 */ -+864, /* OBJ_telephoneNumber 2 5 4 20 */ -+865, /* OBJ_telexNumber 2 5 4 21 */ -+866, /* OBJ_teletexTerminalIdentifier 2 5 4 22 */ -+867, /* OBJ_facsimileTelephoneNumber 2 5 4 23 */ -+868, /* OBJ_x121Address 2 5 4 24 */ -+869, /* OBJ_internationaliSDNNumber 2 5 4 25 */ -+870, /* OBJ_registeredAddress 2 5 4 26 */ -+871, /* OBJ_destinationIndicator 2 5 4 27 */ -+872, /* OBJ_preferredDeliveryMethod 2 5 4 28 */ -+873, /* OBJ_presentationAddress 2 5 4 29 */ -+874, /* OBJ_supportedApplicationContext 2 5 4 30 */ -+875, /* OBJ_member 2 5 4 31 */ -+876, /* OBJ_owner 2 5 4 32 */ -+877, /* OBJ_roleOccupant 2 5 4 33 */ -+878, /* OBJ_seeAlso 2 5 4 34 */ -+879, /* OBJ_userPassword 2 5 4 35 */ -+880, /* OBJ_userCertificate 2 5 4 36 */ -+881, /* OBJ_cACertificate 2 5 4 37 */ -+882, /* OBJ_authorityRevocationList 2 5 4 38 */ -+883, /* OBJ_certificateRevocationList 2 5 4 39 */ -+884, /* OBJ_crossCertificatePair 2 5 4 40 */ -+173, /* OBJ_name 2 5 4 41 */ -+99, /* OBJ_givenName 2 5 4 42 */ -+101, /* OBJ_initials 2 5 4 43 */ -+509, /* OBJ_generationQualifier 2 5 4 44 */ -+503, /* OBJ_x500UniqueIdentifier 2 5 4 45 */ -+174, /* OBJ_dnQualifier 2 5 4 46 */ -+885, /* OBJ_enhancedSearchGuide 2 5 4 47 */ -+886, /* OBJ_protocolInformation 2 5 4 48 */ -+887, /* OBJ_distinguishedName 2 5 4 49 */ -+888, /* OBJ_uniqueMember 2 5 4 50 */ -+889, /* OBJ_houseIdentifier 2 5 4 51 */ -+890, /* OBJ_supportedAlgorithms 2 5 4 52 */ -+891, /* OBJ_deltaRevocationList 2 5 4 53 */ -+892, /* OBJ_dmdName 2 5 4 54 */ -+510, /* OBJ_pseudonym 2 5 4 65 */ -+400, /* OBJ_role 2 5 4 72 */ -+769, /* OBJ_subject_directory_attributes 2 5 29 9 */ -+82, /* OBJ_subject_key_identifier 2 5 29 14 */ -+83, /* OBJ_key_usage 2 5 29 15 */ -+84, /* OBJ_private_key_usage_period 2 5 29 16 */ -+85, /* OBJ_subject_alt_name 2 5 29 17 */ -+86, /* OBJ_issuer_alt_name 2 5 29 18 */ -+87, /* OBJ_basic_constraints 2 5 29 19 */ -+88, /* OBJ_crl_number 2 5 29 20 */ -+141, /* OBJ_crl_reason 2 5 29 21 */ -+430, /* OBJ_hold_instruction_code 2 5 29 23 */ -+142, /* OBJ_invalidity_date 2 5 29 24 */ -+140, /* OBJ_delta_crl 2 5 29 27 */ -+770, /* OBJ_issuing_distribution_point 2 5 29 28 */ -+771, /* OBJ_certificate_issuer 2 5 29 29 */ -+666, /* OBJ_name_constraints 2 5 29 30 */ -+103, /* OBJ_crl_distribution_points 2 5 29 31 */ -+89, /* OBJ_certificate_policies 2 5 29 32 */ -+747, /* OBJ_policy_mappings 2 5 29 33 */ -+90, /* OBJ_authority_key_identifier 2 5 29 35 */ -+401, /* OBJ_policy_constraints 2 5 29 36 */ -+126, /* OBJ_ext_key_usage 2 5 29 37 */ -+857, /* OBJ_freshest_crl 2 5 29 46 */ -+748, /* OBJ_inhibit_any_policy 2 5 29 54 */ -+402, /* OBJ_target_information 2 5 29 55 */ -+403, /* OBJ_no_rev_avail 2 5 29 56 */ -+513, /* OBJ_set_ctype 2 23 42 0 */ -+514, /* OBJ_set_msgExt 2 23 42 1 */ -+515, /* OBJ_set_attr 2 23 42 3 */ -+516, /* OBJ_set_policy 2 23 42 5 */ -+517, /* OBJ_set_certExt 2 23 42 7 */ -+518, /* OBJ_set_brand 2 23 42 8 */ -+679, /* OBJ_wap_wsg 2 23 43 1 */ -+382, /* OBJ_Directory 1 3 6 1 1 */ -+383, /* OBJ_Management 1 3 6 1 2 */ -+384, /* OBJ_Experimental 1 3 6 1 3 */ -+385, /* OBJ_Private 1 3 6 1 4 */ -+386, /* OBJ_Security 1 3 6 1 5 */ -+387, /* OBJ_SNMPv2 1 3 6 1 6 */ -+388, /* OBJ_Mail 1 3 6 1 7 */ -+376, /* OBJ_algorithm 1 3 14 3 2 */ -+395, /* OBJ_clearance 2 5 1 5 55 */ -+19, /* OBJ_rsa 2 5 8 1 1 */ -+96, /* OBJ_mdc2WithRSA 2 5 8 3 100 */ -+95, /* OBJ_mdc2 2 5 8 3 101 */ -+746, /* OBJ_any_policy 2 5 29 32 0 */ -+910, /* OBJ_anyExtendedKeyUsage 2 5 29 37 0 */ -+519, /* OBJ_setct_PANData 2 23 42 0 0 */ -+520, /* OBJ_setct_PANToken 2 23 42 0 1 */ -+521, /* OBJ_setct_PANOnly 2 23 42 0 2 */ -+522, /* OBJ_setct_OIData 2 23 42 0 3 */ -+523, /* OBJ_setct_PI 2 23 42 0 4 */ -+524, /* OBJ_setct_PIData 2 23 42 0 5 */ -+525, /* OBJ_setct_PIDataUnsigned 2 23 42 0 6 */ -+526, /* OBJ_setct_HODInput 2 23 42 0 7 */ -+527, /* OBJ_setct_AuthResBaggage 2 23 42 0 8 */ -+528, /* OBJ_setct_AuthRevReqBaggage 2 23 42 0 9 */ -+529, /* OBJ_setct_AuthRevResBaggage 2 23 42 0 10 */ -+530, /* OBJ_setct_CapTokenSeq 2 23 42 0 11 */ -+531, /* OBJ_setct_PInitResData 2 23 42 0 12 */ -+532, /* OBJ_setct_PI_TBS 2 23 42 0 13 */ -+533, /* OBJ_setct_PResData 2 23 42 0 14 */ -+534, /* OBJ_setct_AuthReqTBS 2 23 42 0 16 */ -+535, /* OBJ_setct_AuthResTBS 2 23 42 0 17 */ -+536, /* OBJ_setct_AuthResTBSX 2 23 42 0 18 */ -+537, /* OBJ_setct_AuthTokenTBS 2 23 42 0 19 */ -+538, /* OBJ_setct_CapTokenData 2 23 42 0 20 */ -+539, /* OBJ_setct_CapTokenTBS 2 23 42 0 21 */ -+540, /* OBJ_setct_AcqCardCodeMsg 2 23 42 0 22 */ -+541, /* OBJ_setct_AuthRevReqTBS 2 23 42 0 23 */ -+542, /* OBJ_setct_AuthRevResData 2 23 42 0 24 */ -+543, /* OBJ_setct_AuthRevResTBS 2 23 42 0 25 */ -+544, /* OBJ_setct_CapReqTBS 2 23 42 0 26 */ -+545, /* OBJ_setct_CapReqTBSX 2 23 42 0 27 */ -+546, /* OBJ_setct_CapResData 2 23 42 0 28 */ -+547, /* OBJ_setct_CapRevReqTBS 2 23 42 0 29 */ -+548, /* OBJ_setct_CapRevReqTBSX 2 23 42 0 30 */ -+549, /* OBJ_setct_CapRevResData 2 23 42 0 31 */ -+550, /* OBJ_setct_CredReqTBS 2 23 42 0 32 */ -+551, /* OBJ_setct_CredReqTBSX 2 23 42 0 33 */ -+552, /* OBJ_setct_CredResData 2 23 42 0 34 */ -+553, /* OBJ_setct_CredRevReqTBS 2 23 42 0 35 */ -+554, /* OBJ_setct_CredRevReqTBSX 2 23 42 0 36 */ -+555, /* OBJ_setct_CredRevResData 2 23 42 0 37 */ -+556, /* OBJ_setct_PCertReqData 2 23 42 0 38 */ -+557, /* OBJ_setct_PCertResTBS 2 23 42 0 39 */ -+558, /* OBJ_setct_BatchAdminReqData 2 23 42 0 40 */ -+559, /* OBJ_setct_BatchAdminResData 2 23 42 0 41 */ -+560, /* OBJ_setct_CardCInitResTBS 2 23 42 0 42 */ -+561, /* OBJ_setct_MeAqCInitResTBS 2 23 42 0 43 */ -+562, /* OBJ_setct_RegFormResTBS 2 23 42 0 44 */ -+563, /* OBJ_setct_CertReqData 2 23 42 0 45 */ -+564, /* OBJ_setct_CertReqTBS 2 23 42 0 46 */ -+565, /* OBJ_setct_CertResData 2 23 42 0 47 */ -+566, /* OBJ_setct_CertInqReqTBS 2 23 42 0 48 */ -+567, /* OBJ_setct_ErrorTBS 2 23 42 0 49 */ -+568, /* OBJ_setct_PIDualSignedTBE 2 23 42 0 50 */ -+569, /* OBJ_setct_PIUnsignedTBE 2 23 42 0 51 */ -+570, /* OBJ_setct_AuthReqTBE 2 23 42 0 52 */ -+571, /* OBJ_setct_AuthResTBE 2 23 42 0 53 */ -+572, /* OBJ_setct_AuthResTBEX 2 23 42 0 54 */ -+573, /* OBJ_setct_AuthTokenTBE 2 23 42 0 55 */ -+574, /* OBJ_setct_CapTokenTBE 2 23 42 0 56 */ -+575, /* OBJ_setct_CapTokenTBEX 2 23 42 0 57 */ -+576, /* OBJ_setct_AcqCardCodeMsgTBE 2 23 42 0 58 */ -+577, /* OBJ_setct_AuthRevReqTBE 2 23 42 0 59 */ -+578, /* OBJ_setct_AuthRevResTBE 2 23 42 0 60 */ -+579, /* OBJ_setct_AuthRevResTBEB 2 23 42 0 61 */ -+580, /* OBJ_setct_CapReqTBE 2 23 42 0 62 */ -+581, /* OBJ_setct_CapReqTBEX 2 23 42 0 63 */ -+582, /* OBJ_setct_CapResTBE 2 23 42 0 64 */ -+583, /* OBJ_setct_CapRevReqTBE 2 23 42 0 65 */ -+584, /* OBJ_setct_CapRevReqTBEX 2 23 42 0 66 */ -+585, /* OBJ_setct_CapRevResTBE 2 23 42 0 67 */ -+586, /* OBJ_setct_CredReqTBE 2 23 42 0 68 */ -+587, /* OBJ_setct_CredReqTBEX 2 23 42 0 69 */ -+588, /* OBJ_setct_CredResTBE 2 23 42 0 70 */ -+589, /* OBJ_setct_CredRevReqTBE 2 23 42 0 71 */ -+590, /* OBJ_setct_CredRevReqTBEX 2 23 42 0 72 */ -+591, /* OBJ_setct_CredRevResTBE 2 23 42 0 73 */ -+592, /* OBJ_setct_BatchAdminReqTBE 2 23 42 0 74 */ -+593, /* OBJ_setct_BatchAdminResTBE 2 23 42 0 75 */ -+594, /* OBJ_setct_RegFormReqTBE 2 23 42 0 76 */ -+595, /* OBJ_setct_CertReqTBE 2 23 42 0 77 */ -+596, /* OBJ_setct_CertReqTBEX 2 23 42 0 78 */ -+597, /* OBJ_setct_CertResTBE 2 23 42 0 79 */ -+598, /* OBJ_setct_CRLNotificationTBS 2 23 42 0 80 */ -+599, /* OBJ_setct_CRLNotificationResTBS 2 23 42 0 81 */ -+600, /* OBJ_setct_BCIDistributionTBS 2 23 42 0 82 */ -+601, /* OBJ_setext_genCrypt 2 23 42 1 1 */ -+602, /* OBJ_setext_miAuth 2 23 42 1 3 */ -+603, /* OBJ_setext_pinSecure 2 23 42 1 4 */ -+604, /* OBJ_setext_pinAny 2 23 42 1 5 */ -+605, /* OBJ_setext_track2 2 23 42 1 7 */ -+606, /* OBJ_setext_cv 2 23 42 1 8 */ -+620, /* OBJ_setAttr_Cert 2 23 42 3 0 */ -+621, /* OBJ_setAttr_PGWYcap 2 23 42 3 1 */ -+622, /* OBJ_setAttr_TokenType 2 23 42 3 2 */ -+623, /* OBJ_setAttr_IssCap 2 23 42 3 3 */ -+607, /* OBJ_set_policy_root 2 23 42 5 0 */ -+608, /* OBJ_setCext_hashedRoot 2 23 42 7 0 */ -+609, /* OBJ_setCext_certType 2 23 42 7 1 */ -+610, /* OBJ_setCext_merchData 2 23 42 7 2 */ -+611, /* OBJ_setCext_cCertRequired 2 23 42 7 3 */ -+612, /* OBJ_setCext_tunneling 2 23 42 7 4 */ -+613, /* OBJ_setCext_setExt 2 23 42 7 5 */ -+614, /* OBJ_setCext_setQualf 2 23 42 7 6 */ -+615, /* OBJ_setCext_PGWYcapabilities 2 23 42 7 7 */ -+616, /* OBJ_setCext_TokenIdentifier 2 23 42 7 8 */ -+617, /* OBJ_setCext_Track2Data 2 23 42 7 9 */ -+618, /* OBJ_setCext_TokenType 2 23 42 7 10 */ -+619, /* OBJ_setCext_IssuerCapabilities 2 23 42 7 11 */ -+636, /* OBJ_set_brand_IATA_ATA 2 23 42 8 1 */ -+640, /* OBJ_set_brand_Visa 2 23 42 8 4 */ -+641, /* OBJ_set_brand_MasterCard 2 23 42 8 5 */ -+637, /* OBJ_set_brand_Diners 2 23 42 8 30 */ -+638, /* OBJ_set_brand_AmericanExpress 2 23 42 8 34 */ -+639, /* OBJ_set_brand_JCB 2 23 42 8 35 */ -+805, /* OBJ_cryptopro 1 2 643 2 2 */ -+806, /* OBJ_cryptocom 1 2 643 2 9 */ -+184, /* OBJ_X9_57 1 2 840 10040 */ -+405, /* OBJ_ansi_X9_62 1 2 840 10045 */ -+389, /* OBJ_Enterprises 1 3 6 1 4 1 */ -+504, /* OBJ_mime_mhs 1 3 6 1 7 1 */ -+104, /* OBJ_md5WithRSA 1 3 14 3 2 3 */ -+29, /* OBJ_des_ecb 1 3 14 3 2 6 */ -+31, /* OBJ_des_cbc 1 3 14 3 2 7 */ -+45, /* OBJ_des_ofb64 1 3 14 3 2 8 */ -+30, /* OBJ_des_cfb64 1 3 14 3 2 9 */ -+377, /* OBJ_rsaSignature 1 3 14 3 2 11 */ -+67, /* OBJ_dsa_2 1 3 14 3 2 12 */ -+66, /* OBJ_dsaWithSHA 1 3 14 3 2 13 */ -+42, /* OBJ_shaWithRSAEncryption 1 3 14 3 2 15 */ -+32, /* OBJ_des_ede_ecb 1 3 14 3 2 17 */ -+41, /* OBJ_sha 1 3 14 3 2 18 */ -+64, /* OBJ_sha1 1 3 14 3 2 26 */ -+70, /* OBJ_dsaWithSHA1_2 1 3 14 3 2 27 */ -+115, /* OBJ_sha1WithRSA 1 3 14 3 2 29 */ -+117, /* OBJ_ripemd160 1 3 36 3 2 1 */ -+143, /* OBJ_sxnet 1 3 101 1 4 1 */ -+721, /* OBJ_sect163k1 1 3 132 0 1 */ -+722, /* OBJ_sect163r1 1 3 132 0 2 */ -+728, /* OBJ_sect239k1 1 3 132 0 3 */ -+717, /* OBJ_sect113r1 1 3 132 0 4 */ -+718, /* OBJ_sect113r2 1 3 132 0 5 */ -+704, /* OBJ_secp112r1 1 3 132 0 6 */ -+705, /* OBJ_secp112r2 1 3 132 0 7 */ -+709, /* OBJ_secp160r1 1 3 132 0 8 */ -+708, /* OBJ_secp160k1 1 3 132 0 9 */ -+714, /* OBJ_secp256k1 1 3 132 0 10 */ -+723, /* OBJ_sect163r2 1 3 132 0 15 */ -+729, /* OBJ_sect283k1 1 3 132 0 16 */ -+730, /* OBJ_sect283r1 1 3 132 0 17 */ -+719, /* OBJ_sect131r1 1 3 132 0 22 */ -+720, /* OBJ_sect131r2 1 3 132 0 23 */ -+724, /* OBJ_sect193r1 1 3 132 0 24 */ -+725, /* OBJ_sect193r2 1 3 132 0 25 */ -+726, /* OBJ_sect233k1 1 3 132 0 26 */ -+727, /* OBJ_sect233r1 1 3 132 0 27 */ -+706, /* OBJ_secp128r1 1 3 132 0 28 */ -+707, /* OBJ_secp128r2 1 3 132 0 29 */ -+710, /* OBJ_secp160r2 1 3 132 0 30 */ -+711, /* OBJ_secp192k1 1 3 132 0 31 */ -+712, /* OBJ_secp224k1 1 3 132 0 32 */ -+713, /* OBJ_secp224r1 1 3 132 0 33 */ -+715, /* OBJ_secp384r1 1 3 132 0 34 */ -+716, /* OBJ_secp521r1 1 3 132 0 35 */ -+731, /* OBJ_sect409k1 1 3 132 0 36 */ -+732, /* OBJ_sect409r1 1 3 132 0 37 */ -+733, /* OBJ_sect571k1 1 3 132 0 38 */ -+734, /* OBJ_sect571r1 1 3 132 0 39 */ -+624, /* OBJ_set_rootKeyThumb 2 23 42 3 0 0 */ -+625, /* OBJ_set_addPolicy 2 23 42 3 0 1 */ -+626, /* OBJ_setAttr_Token_EMV 2 23 42 3 2 1 */ -+627, /* OBJ_setAttr_Token_B0Prime 2 23 42 3 2 2 */ -+628, /* OBJ_setAttr_IssCap_CVM 2 23 42 3 3 3 */ -+629, /* OBJ_setAttr_IssCap_T2 2 23 42 3 3 4 */ -+630, /* OBJ_setAttr_IssCap_Sig 2 23 42 3 3 5 */ -+642, /* OBJ_set_brand_Novus 2 23 42 8 6011 */ -+735, /* OBJ_wap_wsg_idm_ecid_wtls1 2 23 43 1 4 1 */ -+736, /* OBJ_wap_wsg_idm_ecid_wtls3 2 23 43 1 4 3 */ -+737, /* OBJ_wap_wsg_idm_ecid_wtls4 2 23 43 1 4 4 */ -+738, /* OBJ_wap_wsg_idm_ecid_wtls5 2 23 43 1 4 5 */ -+739, /* OBJ_wap_wsg_idm_ecid_wtls6 2 23 43 1 4 6 */ -+740, /* OBJ_wap_wsg_idm_ecid_wtls7 2 23 43 1 4 7 */ -+741, /* OBJ_wap_wsg_idm_ecid_wtls8 2 23 43 1 4 8 */ -+742, /* OBJ_wap_wsg_idm_ecid_wtls9 2 23 43 1 4 9 */ -+743, /* OBJ_wap_wsg_idm_ecid_wtls10 2 23 43 1 4 10 */ -+744, /* OBJ_wap_wsg_idm_ecid_wtls11 2 23 43 1 4 11 */ -+745, /* OBJ_wap_wsg_idm_ecid_wtls12 2 23 43 1 4 12 */ -+804, /* OBJ_whirlpool 1 0 10118 3 0 55 */ -+124, /* OBJ_rle_compression 1 1 1 1 666 1 */ -+773, /* OBJ_kisa 1 2 410 200004 */ -+807, /* OBJ_id_GostR3411_94_with_GostR3410_2001 1 2 643 2 2 3 */ -+808, /* OBJ_id_GostR3411_94_with_GostR3410_94 1 2 643 2 2 4 */ -+809, /* OBJ_id_GostR3411_94 1 2 643 2 2 9 */ -+810, /* OBJ_id_HMACGostR3411_94 1 2 643 2 2 10 */ -+811, /* OBJ_id_GostR3410_2001 1 2 643 2 2 19 */ -+812, /* OBJ_id_GostR3410_94 1 2 643 2 2 20 */ -+813, /* OBJ_id_Gost28147_89 1 2 643 2 2 21 */ -+815, /* OBJ_id_Gost28147_89_MAC 1 2 643 2 2 22 */ -+816, /* OBJ_id_GostR3411_94_prf 1 2 643 2 2 23 */ -+817, /* OBJ_id_GostR3410_2001DH 1 2 643 2 2 98 */ -+818, /* OBJ_id_GostR3410_94DH 1 2 643 2 2 99 */ -+ 1, /* OBJ_rsadsi 1 2 840 113549 */ -+185, /* OBJ_X9cm 1 2 840 10040 4 */ -+127, /* OBJ_id_pkix 1 3 6 1 5 5 7 */ -+505, /* OBJ_mime_mhs_headings 1 3 6 1 7 1 1 */ -+506, /* OBJ_mime_mhs_bodies 1 3 6 1 7 1 2 */ -+119, /* OBJ_ripemd160WithRSA 1 3 36 3 3 1 2 */ -+937, /* OBJ_dhSinglePass_stdDH_sha224kdf_scheme 1 3 132 1 11 0 */ -+938, /* OBJ_dhSinglePass_stdDH_sha256kdf_scheme 1 3 132 1 11 1 */ -+939, /* OBJ_dhSinglePass_stdDH_sha384kdf_scheme 1 3 132 1 11 2 */ -+940, /* OBJ_dhSinglePass_stdDH_sha512kdf_scheme 1 3 132 1 11 3 */ -+942, /* OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme 1 3 132 1 14 0 */ -+943, /* OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme 1 3 132 1 14 1 */ -+944, /* OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme 1 3 132 1 14 2 */ -+945, /* OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme 1 3 132 1 14 3 */ -+631, /* OBJ_setAttr_GenCryptgrm 2 23 42 3 3 3 1 */ -+632, /* OBJ_setAttr_T2Enc 2 23 42 3 3 4 1 */ -+633, /* OBJ_setAttr_T2cleartxt 2 23 42 3 3 4 2 */ -+634, /* OBJ_setAttr_TokICCsig 2 23 42 3 3 5 1 */ -+635, /* OBJ_setAttr_SecDevSig 2 23 42 3 3 5 2 */ -+436, /* OBJ_ucl 0 9 2342 19200300 */ -+820, /* OBJ_id_Gost28147_89_None_KeyMeshing 1 2 643 2 2 14 0 */ -+819, /* OBJ_id_Gost28147_89_CryptoPro_KeyMeshing 1 2 643 2 2 14 1 */ -+845, /* OBJ_id_GostR3410_94_a 1 2 643 2 2 20 1 */ -+846, /* OBJ_id_GostR3410_94_aBis 1 2 643 2 2 20 2 */ -+847, /* OBJ_id_GostR3410_94_b 1 2 643 2 2 20 3 */ -+848, /* OBJ_id_GostR3410_94_bBis 1 2 643 2 2 20 4 */ -+821, /* OBJ_id_GostR3411_94_TestParamSet 1 2 643 2 2 30 0 */ -+822, /* OBJ_id_GostR3411_94_CryptoProParamSet 1 2 643 2 2 30 1 */ -+823, /* OBJ_id_Gost28147_89_TestParamSet 1 2 643 2 2 31 0 */ -+824, /* OBJ_id_Gost28147_89_CryptoPro_A_ParamSet 1 2 643 2 2 31 1 */ -+825, /* OBJ_id_Gost28147_89_CryptoPro_B_ParamSet 1 2 643 2 2 31 2 */ -+826, /* OBJ_id_Gost28147_89_CryptoPro_C_ParamSet 1 2 643 2 2 31 3 */ -+827, /* OBJ_id_Gost28147_89_CryptoPro_D_ParamSet 1 2 643 2 2 31 4 */ -+828, /* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 1 2 643 2 2 31 5 */ -+829, /* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 1 2 643 2 2 31 6 */ -+830, /* OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet 1 2 643 2 2 31 7 */ -+831, /* OBJ_id_GostR3410_94_TestParamSet 1 2 643 2 2 32 0 */ -+832, /* OBJ_id_GostR3410_94_CryptoPro_A_ParamSet 1 2 643 2 2 32 2 */ -+833, /* OBJ_id_GostR3410_94_CryptoPro_B_ParamSet 1 2 643 2 2 32 3 */ -+834, /* OBJ_id_GostR3410_94_CryptoPro_C_ParamSet 1 2 643 2 2 32 4 */ -+835, /* OBJ_id_GostR3410_94_CryptoPro_D_ParamSet 1 2 643 2 2 32 5 */ -+836, /* OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet 1 2 643 2 2 33 1 */ -+837, /* OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet 1 2 643 2 2 33 2 */ -+838, /* OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet 1 2 643 2 2 33 3 */ -+839, /* OBJ_id_GostR3410_2001_TestParamSet 1 2 643 2 2 35 0 */ -+840, /* OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet 1 2 643 2 2 35 1 */ -+841, /* OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet 1 2 643 2 2 35 2 */ -+842, /* OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet 1 2 643 2 2 35 3 */ -+843, /* OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet 1 2 643 2 2 36 0 */ -+844, /* OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet 1 2 643 2 2 36 1 */ -+ 2, /* OBJ_pkcs 1 2 840 113549 1 */ -+431, /* OBJ_hold_instruction_none 1 2 840 10040 2 1 */ -+432, /* OBJ_hold_instruction_call_issuer 1 2 840 10040 2 2 */ -+433, /* OBJ_hold_instruction_reject 1 2 840 10040 2 3 */ -+116, /* OBJ_dsa 1 2 840 10040 4 1 */ -+113, /* OBJ_dsaWithSHA1 1 2 840 10040 4 3 */ -+406, /* OBJ_X9_62_prime_field 1 2 840 10045 1 1 */ -+407, /* OBJ_X9_62_characteristic_two_field 1 2 840 10045 1 2 */ -+408, /* OBJ_X9_62_id_ecPublicKey 1 2 840 10045 2 1 */ -+416, /* OBJ_ecdsa_with_SHA1 1 2 840 10045 4 1 */ -+791, /* OBJ_ecdsa_with_Recommended 1 2 840 10045 4 2 */ -+792, /* OBJ_ecdsa_with_Specified 1 2 840 10045 4 3 */ -+920, /* OBJ_dhpublicnumber 1 2 840 10046 2 1 */ -+258, /* OBJ_id_pkix_mod 1 3 6 1 5 5 7 0 */ -+175, /* OBJ_id_pe 1 3 6 1 5 5 7 1 */ -+259, /* OBJ_id_qt 1 3 6 1 5 5 7 2 */ -+128, /* OBJ_id_kp 1 3 6 1 5 5 7 3 */ -+260, /* OBJ_id_it 1 3 6 1 5 5 7 4 */ -+261, /* OBJ_id_pkip 1 3 6 1 5 5 7 5 */ -+262, /* OBJ_id_alg 1 3 6 1 5 5 7 6 */ -+263, /* OBJ_id_cmc 1 3 6 1 5 5 7 7 */ -+264, /* OBJ_id_on 1 3 6 1 5 5 7 8 */ -+265, /* OBJ_id_pda 1 3 6 1 5 5 7 9 */ -+266, /* OBJ_id_aca 1 3 6 1 5 5 7 10 */ -+267, /* OBJ_id_qcs 1 3 6 1 5 5 7 11 */ -+268, /* OBJ_id_cct 1 3 6 1 5 5 7 12 */ -+662, /* OBJ_id_ppl 1 3 6 1 5 5 7 21 */ -+176, /* OBJ_id_ad 1 3 6 1 5 5 7 48 */ -+507, /* OBJ_id_hex_partial_message 1 3 6 1 7 1 1 1 */ -+508, /* OBJ_id_hex_multipart_message 1 3 6 1 7 1 1 2 */ -+57, /* OBJ_netscape 2 16 840 1 113730 */ -+754, /* OBJ_camellia_128_ecb 0 3 4401 5 3 1 9 1 */ -+766, /* OBJ_camellia_128_ofb128 0 3 4401 5 3 1 9 3 */ -+757, /* OBJ_camellia_128_cfb128 0 3 4401 5 3 1 9 4 */ -+755, /* OBJ_camellia_192_ecb 0 3 4401 5 3 1 9 21 */ -+767, /* OBJ_camellia_192_ofb128 0 3 4401 5 3 1 9 23 */ -+758, /* OBJ_camellia_192_cfb128 0 3 4401 5 3 1 9 24 */ -+756, /* OBJ_camellia_256_ecb 0 3 4401 5 3 1 9 41 */ -+768, /* OBJ_camellia_256_ofb128 0 3 4401 5 3 1 9 43 */ -+759, /* OBJ_camellia_256_cfb128 0 3 4401 5 3 1 9 44 */ -+437, /* OBJ_pilot 0 9 2342 19200300 100 */ -+776, /* OBJ_seed_ecb 1 2 410 200004 1 3 */ -+777, /* OBJ_seed_cbc 1 2 410 200004 1 4 */ -+779, /* OBJ_seed_cfb128 1 2 410 200004 1 5 */ -+778, /* OBJ_seed_ofb128 1 2 410 200004 1 6 */ -+852, /* OBJ_id_GostR3411_94_with_GostR3410_94_cc 1 2 643 2 9 1 3 3 */ -+853, /* OBJ_id_GostR3411_94_with_GostR3410_2001_cc 1 2 643 2 9 1 3 4 */ -+850, /* OBJ_id_GostR3410_94_cc 1 2 643 2 9 1 5 3 */ -+851, /* OBJ_id_GostR3410_2001_cc 1 2 643 2 9 1 5 4 */ -+849, /* OBJ_id_Gost28147_89_cc 1 2 643 2 9 1 6 1 */ -+854, /* OBJ_id_GostR3410_2001_ParamSet_cc 1 2 643 2 9 1 8 1 */ -+186, /* OBJ_pkcs1 1 2 840 113549 1 1 */ -+27, /* OBJ_pkcs3 1 2 840 113549 1 3 */ -+187, /* OBJ_pkcs5 1 2 840 113549 1 5 */ -+20, /* OBJ_pkcs7 1 2 840 113549 1 7 */ -+47, /* OBJ_pkcs9 1 2 840 113549 1 9 */ -+ 3, /* OBJ_md2 1 2 840 113549 2 2 */ -+257, /* OBJ_md4 1 2 840 113549 2 4 */ -+ 4, /* OBJ_md5 1 2 840 113549 2 5 */ -+797, /* OBJ_hmacWithMD5 1 2 840 113549 2 6 */ -+163, /* OBJ_hmacWithSHA1 1 2 840 113549 2 7 */ -+798, /* OBJ_hmacWithSHA224 1 2 840 113549 2 8 */ -+799, /* OBJ_hmacWithSHA256 1 2 840 113549 2 9 */ -+800, /* OBJ_hmacWithSHA384 1 2 840 113549 2 10 */ -+801, /* OBJ_hmacWithSHA512 1 2 840 113549 2 11 */ -+37, /* OBJ_rc2_cbc 1 2 840 113549 3 2 */ -+ 5, /* OBJ_rc4 1 2 840 113549 3 4 */ -+44, /* OBJ_des_ede3_cbc 1 2 840 113549 3 7 */ -+120, /* OBJ_rc5_cbc 1 2 840 113549 3 8 */ -+643, /* OBJ_des_cdmf 1 2 840 113549 3 10 */ -+680, /* OBJ_X9_62_id_characteristic_two_basis 1 2 840 10045 1 2 3 */ -+684, /* OBJ_X9_62_c2pnb163v1 1 2 840 10045 3 0 1 */ -+685, /* OBJ_X9_62_c2pnb163v2 1 2 840 10045 3 0 2 */ -+686, /* OBJ_X9_62_c2pnb163v3 1 2 840 10045 3 0 3 */ -+687, /* OBJ_X9_62_c2pnb176v1 1 2 840 10045 3 0 4 */ -+688, /* OBJ_X9_62_c2tnb191v1 1 2 840 10045 3 0 5 */ -+689, /* OBJ_X9_62_c2tnb191v2 1 2 840 10045 3 0 6 */ -+690, /* OBJ_X9_62_c2tnb191v3 1 2 840 10045 3 0 7 */ -+691, /* OBJ_X9_62_c2onb191v4 1 2 840 10045 3 0 8 */ -+692, /* OBJ_X9_62_c2onb191v5 1 2 840 10045 3 0 9 */ -+693, /* OBJ_X9_62_c2pnb208w1 1 2 840 10045 3 0 10 */ -+694, /* OBJ_X9_62_c2tnb239v1 1 2 840 10045 3 0 11 */ -+695, /* OBJ_X9_62_c2tnb239v2 1 2 840 10045 3 0 12 */ -+696, /* OBJ_X9_62_c2tnb239v3 1 2 840 10045 3 0 13 */ -+697, /* OBJ_X9_62_c2onb239v4 1 2 840 10045 3 0 14 */ -+698, /* OBJ_X9_62_c2onb239v5 1 2 840 10045 3 0 15 */ -+699, /* OBJ_X9_62_c2pnb272w1 1 2 840 10045 3 0 16 */ -+700, /* OBJ_X9_62_c2pnb304w1 1 2 840 10045 3 0 17 */ -+701, /* OBJ_X9_62_c2tnb359v1 1 2 840 10045 3 0 18 */ -+702, /* OBJ_X9_62_c2pnb368w1 1 2 840 10045 3 0 19 */ -+703, /* OBJ_X9_62_c2tnb431r1 1 2 840 10045 3 0 20 */ -+409, /* OBJ_X9_62_prime192v1 1 2 840 10045 3 1 1 */ -+410, /* OBJ_X9_62_prime192v2 1 2 840 10045 3 1 2 */ -+411, /* OBJ_X9_62_prime192v3 1 2 840 10045 3 1 3 */ -+412, /* OBJ_X9_62_prime239v1 1 2 840 10045 3 1 4 */ -+413, /* OBJ_X9_62_prime239v2 1 2 840 10045 3 1 5 */ -+414, /* OBJ_X9_62_prime239v3 1 2 840 10045 3 1 6 */ -+415, /* OBJ_X9_62_prime256v1 1 2 840 10045 3 1 7 */ -+793, /* OBJ_ecdsa_with_SHA224 1 2 840 10045 4 3 1 */ -+794, /* OBJ_ecdsa_with_SHA256 1 2 840 10045 4 3 2 */ -+795, /* OBJ_ecdsa_with_SHA384 1 2 840 10045 4 3 3 */ -+796, /* OBJ_ecdsa_with_SHA512 1 2 840 10045 4 3 4 */ -+269, /* OBJ_id_pkix1_explicit_88 1 3 6 1 5 5 7 0 1 */ -+270, /* OBJ_id_pkix1_implicit_88 1 3 6 1 5 5 7 0 2 */ -+271, /* OBJ_id_pkix1_explicit_93 1 3 6 1 5 5 7 0 3 */ -+272, /* OBJ_id_pkix1_implicit_93 1 3 6 1 5 5 7 0 4 */ -+273, /* OBJ_id_mod_crmf 1 3 6 1 5 5 7 0 5 */ -+274, /* OBJ_id_mod_cmc 1 3 6 1 5 5 7 0 6 */ -+275, /* OBJ_id_mod_kea_profile_88 1 3 6 1 5 5 7 0 7 */ -+276, /* OBJ_id_mod_kea_profile_93 1 3 6 1 5 5 7 0 8 */ -+277, /* OBJ_id_mod_cmp 1 3 6 1 5 5 7 0 9 */ -+278, /* OBJ_id_mod_qualified_cert_88 1 3 6 1 5 5 7 0 10 */ -+279, /* OBJ_id_mod_qualified_cert_93 1 3 6 1 5 5 7 0 11 */ -+280, /* OBJ_id_mod_attribute_cert 1 3 6 1 5 5 7 0 12 */ -+281, /* OBJ_id_mod_timestamp_protocol 1 3 6 1 5 5 7 0 13 */ -+282, /* OBJ_id_mod_ocsp 1 3 6 1 5 5 7 0 14 */ -+283, /* OBJ_id_mod_dvcs 1 3 6 1 5 5 7 0 15 */ -+284, /* OBJ_id_mod_cmp2000 1 3 6 1 5 5 7 0 16 */ -+177, /* OBJ_info_access 1 3 6 1 5 5 7 1 1 */ -+285, /* OBJ_biometricInfo 1 3 6 1 5 5 7 1 2 */ -+286, /* OBJ_qcStatements 1 3 6 1 5 5 7 1 3 */ -+287, /* OBJ_ac_auditEntity 1 3 6 1 5 5 7 1 4 */ -+288, /* OBJ_ac_targeting 1 3 6 1 5 5 7 1 5 */ -+289, /* OBJ_aaControls 1 3 6 1 5 5 7 1 6 */ -+290, /* OBJ_sbgp_ipAddrBlock 1 3 6 1 5 5 7 1 7 */ -+291, /* OBJ_sbgp_autonomousSysNum 1 3 6 1 5 5 7 1 8 */ -+292, /* OBJ_sbgp_routerIdentifier 1 3 6 1 5 5 7 1 9 */ -+397, /* OBJ_ac_proxying 1 3 6 1 5 5 7 1 10 */ -+398, /* OBJ_sinfo_access 1 3 6 1 5 5 7 1 11 */ -+663, /* OBJ_proxyCertInfo 1 3 6 1 5 5 7 1 14 */ -+164, /* OBJ_id_qt_cps 1 3 6 1 5 5 7 2 1 */ -+165, /* OBJ_id_qt_unotice 1 3 6 1 5 5 7 2 2 */ -+293, /* OBJ_textNotice 1 3 6 1 5 5 7 2 3 */ -+129, /* OBJ_server_auth 1 3 6 1 5 5 7 3 1 */ -+130, /* OBJ_client_auth 1 3 6 1 5 5 7 3 2 */ -+131, /* OBJ_code_sign 1 3 6 1 5 5 7 3 3 */ -+132, /* OBJ_email_protect 1 3 6 1 5 5 7 3 4 */ -+294, /* OBJ_ipsecEndSystem 1 3 6 1 5 5 7 3 5 */ -+295, /* OBJ_ipsecTunnel 1 3 6 1 5 5 7 3 6 */ -+296, /* OBJ_ipsecUser 1 3 6 1 5 5 7 3 7 */ -+133, /* OBJ_time_stamp 1 3 6 1 5 5 7 3 8 */ -+180, /* OBJ_OCSP_sign 1 3 6 1 5 5 7 3 9 */ -+297, /* OBJ_dvcs 1 3 6 1 5 5 7 3 10 */ -+298, /* OBJ_id_it_caProtEncCert 1 3 6 1 5 5 7 4 1 */ -+299, /* OBJ_id_it_signKeyPairTypes 1 3 6 1 5 5 7 4 2 */ -+300, /* OBJ_id_it_encKeyPairTypes 1 3 6 1 5 5 7 4 3 */ -+301, /* OBJ_id_it_preferredSymmAlg 1 3 6 1 5 5 7 4 4 */ -+302, /* OBJ_id_it_caKeyUpdateInfo 1 3 6 1 5 5 7 4 5 */ -+303, /* OBJ_id_it_currentCRL 1 3 6 1 5 5 7 4 6 */ -+304, /* OBJ_id_it_unsupportedOIDs 1 3 6 1 5 5 7 4 7 */ -+305, /* OBJ_id_it_subscriptionRequest 1 3 6 1 5 5 7 4 8 */ -+306, /* OBJ_id_it_subscriptionResponse 1 3 6 1 5 5 7 4 9 */ -+307, /* OBJ_id_it_keyPairParamReq 1 3 6 1 5 5 7 4 10 */ -+308, /* OBJ_id_it_keyPairParamRep 1 3 6 1 5 5 7 4 11 */ -+309, /* OBJ_id_it_revPassphrase 1 3 6 1 5 5 7 4 12 */ -+310, /* OBJ_id_it_implicitConfirm 1 3 6 1 5 5 7 4 13 */ -+311, /* OBJ_id_it_confirmWaitTime 1 3 6 1 5 5 7 4 14 */ -+312, /* OBJ_id_it_origPKIMessage 1 3 6 1 5 5 7 4 15 */ -+784, /* OBJ_id_it_suppLangTags 1 3 6 1 5 5 7 4 16 */ -+313, /* OBJ_id_regCtrl 1 3 6 1 5 5 7 5 1 */ -+314, /* OBJ_id_regInfo 1 3 6 1 5 5 7 5 2 */ -+323, /* OBJ_id_alg_des40 1 3 6 1 5 5 7 6 1 */ -+324, /* OBJ_id_alg_noSignature 1 3 6 1 5 5 7 6 2 */ -+325, /* OBJ_id_alg_dh_sig_hmac_sha1 1 3 6 1 5 5 7 6 3 */ -+326, /* OBJ_id_alg_dh_pop 1 3 6 1 5 5 7 6 4 */ -+327, /* OBJ_id_cmc_statusInfo 1 3 6 1 5 5 7 7 1 */ -+328, /* OBJ_id_cmc_identification 1 3 6 1 5 5 7 7 2 */ -+329, /* OBJ_id_cmc_identityProof 1 3 6 1 5 5 7 7 3 */ -+330, /* OBJ_id_cmc_dataReturn 1 3 6 1 5 5 7 7 4 */ -+331, /* OBJ_id_cmc_transactionId 1 3 6 1 5 5 7 7 5 */ -+332, /* OBJ_id_cmc_senderNonce 1 3 6 1 5 5 7 7 6 */ -+333, /* OBJ_id_cmc_recipientNonce 1 3 6 1 5 5 7 7 7 */ -+334, /* OBJ_id_cmc_addExtensions 1 3 6 1 5 5 7 7 8 */ -+335, /* OBJ_id_cmc_encryptedPOP 1 3 6 1 5 5 7 7 9 */ -+336, /* OBJ_id_cmc_decryptedPOP 1 3 6 1 5 5 7 7 10 */ -+337, /* OBJ_id_cmc_lraPOPWitness 1 3 6 1 5 5 7 7 11 */ -+338, /* OBJ_id_cmc_getCert 1 3 6 1 5 5 7 7 15 */ -+339, /* OBJ_id_cmc_getCRL 1 3 6 1 5 5 7 7 16 */ -+340, /* OBJ_id_cmc_revokeRequest 1 3 6 1 5 5 7 7 17 */ -+341, /* OBJ_id_cmc_regInfo 1 3 6 1 5 5 7 7 18 */ -+342, /* OBJ_id_cmc_responseInfo 1 3 6 1 5 5 7 7 19 */ -+343, /* OBJ_id_cmc_queryPending 1 3 6 1 5 5 7 7 21 */ -+344, /* OBJ_id_cmc_popLinkRandom 1 3 6 1 5 5 7 7 22 */ -+345, /* OBJ_id_cmc_popLinkWitness 1 3 6 1 5 5 7 7 23 */ -+346, /* OBJ_id_cmc_confirmCertAcceptance 1 3 6 1 5 5 7 7 24 */ -+347, /* OBJ_id_on_personalData 1 3 6 1 5 5 7 8 1 */ -+858, /* OBJ_id_on_permanentIdentifier 1 3 6 1 5 5 7 8 3 */ -+348, /* OBJ_id_pda_dateOfBirth 1 3 6 1 5 5 7 9 1 */ -+349, /* OBJ_id_pda_placeOfBirth 1 3 6 1 5 5 7 9 2 */ -+351, /* OBJ_id_pda_gender 1 3 6 1 5 5 7 9 3 */ -+352, /* OBJ_id_pda_countryOfCitizenship 1 3 6 1 5 5 7 9 4 */ -+353, /* OBJ_id_pda_countryOfResidence 1 3 6 1 5 5 7 9 5 */ -+354, /* OBJ_id_aca_authenticationInfo 1 3 6 1 5 5 7 10 1 */ -+355, /* OBJ_id_aca_accessIdentity 1 3 6 1 5 5 7 10 2 */ -+356, /* OBJ_id_aca_chargingIdentity 1 3 6 1 5 5 7 10 3 */ -+357, /* OBJ_id_aca_group 1 3 6 1 5 5 7 10 4 */ -+358, /* OBJ_id_aca_role 1 3 6 1 5 5 7 10 5 */ -+399, /* OBJ_id_aca_encAttrs 1 3 6 1 5 5 7 10 6 */ -+359, /* OBJ_id_qcs_pkixQCSyntax_v1 1 3 6 1 5 5 7 11 1 */ -+360, /* OBJ_id_cct_crs 1 3 6 1 5 5 7 12 1 */ -+361, /* OBJ_id_cct_PKIData 1 3 6 1 5 5 7 12 2 */ -+362, /* OBJ_id_cct_PKIResponse 1 3 6 1 5 5 7 12 3 */ -+664, /* OBJ_id_ppl_anyLanguage 1 3 6 1 5 5 7 21 0 */ -+665, /* OBJ_id_ppl_inheritAll 1 3 6 1 5 5 7 21 1 */ -+667, /* OBJ_Independent 1 3 6 1 5 5 7 21 2 */ -+178, /* OBJ_ad_OCSP 1 3 6 1 5 5 7 48 1 */ -+179, /* OBJ_ad_ca_issuers 1 3 6 1 5 5 7 48 2 */ -+363, /* OBJ_ad_timeStamping 1 3 6 1 5 5 7 48 3 */ -+364, /* OBJ_ad_dvcs 1 3 6 1 5 5 7 48 4 */ -+785, /* OBJ_caRepository 1 3 6 1 5 5 7 48 5 */ -+780, /* OBJ_hmac_md5 1 3 6 1 5 5 8 1 1 */ -+781, /* OBJ_hmac_sha1 1 3 6 1 5 5 8 1 2 */ -+58, /* OBJ_netscape_cert_extension 2 16 840 1 113730 1 */ -+59, /* OBJ_netscape_data_type 2 16 840 1 113730 2 */ -+438, /* OBJ_pilotAttributeType 0 9 2342 19200300 100 1 */ -+439, /* OBJ_pilotAttributeSyntax 0 9 2342 19200300 100 3 */ -+440, /* OBJ_pilotObjectClass 0 9 2342 19200300 100 4 */ -+441, /* OBJ_pilotGroups 0 9 2342 19200300 100 10 */ -+108, /* OBJ_cast5_cbc 1 2 840 113533 7 66 10 */ -+112, /* OBJ_pbeWithMD5AndCast5_CBC 1 2 840 113533 7 66 12 */ -+782, /* OBJ_id_PasswordBasedMAC 1 2 840 113533 7 66 13 */ -+783, /* OBJ_id_DHBasedMac 1 2 840 113533 7 66 30 */ -+ 6, /* OBJ_rsaEncryption 1 2 840 113549 1 1 1 */ -+ 7, /* OBJ_md2WithRSAEncryption 1 2 840 113549 1 1 2 */ -+396, /* OBJ_md4WithRSAEncryption 1 2 840 113549 1 1 3 */ -+ 8, /* OBJ_md5WithRSAEncryption 1 2 840 113549 1 1 4 */ -+65, /* OBJ_sha1WithRSAEncryption 1 2 840 113549 1 1 5 */ -+644, /* OBJ_rsaOAEPEncryptionSET 1 2 840 113549 1 1 6 */ -+919, /* OBJ_rsaesOaep 1 2 840 113549 1 1 7 */ -+911, /* OBJ_mgf1 1 2 840 113549 1 1 8 */ -+935, /* OBJ_pSpecified 1 2 840 113549 1 1 9 */ -+912, /* OBJ_rsassaPss 1 2 840 113549 1 1 10 */ -+668, /* OBJ_sha256WithRSAEncryption 1 2 840 113549 1 1 11 */ -+669, /* OBJ_sha384WithRSAEncryption 1 2 840 113549 1 1 12 */ -+670, /* OBJ_sha512WithRSAEncryption 1 2 840 113549 1 1 13 */ -+671, /* OBJ_sha224WithRSAEncryption 1 2 840 113549 1 1 14 */ -+28, /* OBJ_dhKeyAgreement 1 2 840 113549 1 3 1 */ -+ 9, /* OBJ_pbeWithMD2AndDES_CBC 1 2 840 113549 1 5 1 */ -+10, /* OBJ_pbeWithMD5AndDES_CBC 1 2 840 113549 1 5 3 */ -+168, /* OBJ_pbeWithMD2AndRC2_CBC 1 2 840 113549 1 5 4 */ -+169, /* OBJ_pbeWithMD5AndRC2_CBC 1 2 840 113549 1 5 6 */ -+170, /* OBJ_pbeWithSHA1AndDES_CBC 1 2 840 113549 1 5 10 */ -+68, /* OBJ_pbeWithSHA1AndRC2_CBC 1 2 840 113549 1 5 11 */ -+69, /* OBJ_id_pbkdf2 1 2 840 113549 1 5 12 */ -+161, /* OBJ_pbes2 1 2 840 113549 1 5 13 */ -+162, /* OBJ_pbmac1 1 2 840 113549 1 5 14 */ -+21, /* OBJ_pkcs7_data 1 2 840 113549 1 7 1 */ -+22, /* OBJ_pkcs7_signed 1 2 840 113549 1 7 2 */ -+23, /* OBJ_pkcs7_enveloped 1 2 840 113549 1 7 3 */ -+24, /* OBJ_pkcs7_signedAndEnveloped 1 2 840 113549 1 7 4 */ -+25, /* OBJ_pkcs7_digest 1 2 840 113549 1 7 5 */ -+26, /* OBJ_pkcs7_encrypted 1 2 840 113549 1 7 6 */ -+48, /* OBJ_pkcs9_emailAddress 1 2 840 113549 1 9 1 */ -+49, /* OBJ_pkcs9_unstructuredName 1 2 840 113549 1 9 2 */ -+50, /* OBJ_pkcs9_contentType 1 2 840 113549 1 9 3 */ -+51, /* OBJ_pkcs9_messageDigest 1 2 840 113549 1 9 4 */ -+52, /* OBJ_pkcs9_signingTime 1 2 840 113549 1 9 5 */ -+53, /* OBJ_pkcs9_countersignature 1 2 840 113549 1 9 6 */ -+54, /* OBJ_pkcs9_challengePassword 1 2 840 113549 1 9 7 */ -+55, /* OBJ_pkcs9_unstructuredAddress 1 2 840 113549 1 9 8 */ -+56, /* OBJ_pkcs9_extCertAttributes 1 2 840 113549 1 9 9 */ -+172, /* OBJ_ext_req 1 2 840 113549 1 9 14 */ -+167, /* OBJ_SMIMECapabilities 1 2 840 113549 1 9 15 */ -+188, /* OBJ_SMIME 1 2 840 113549 1 9 16 */ -+156, /* OBJ_friendlyName 1 2 840 113549 1 9 20 */ -+157, /* OBJ_localKeyID 1 2 840 113549 1 9 21 */ -+681, /* OBJ_X9_62_onBasis 1 2 840 10045 1 2 3 1 */ -+682, /* OBJ_X9_62_tpBasis 1 2 840 10045 1 2 3 2 */ -+683, /* OBJ_X9_62_ppBasis 1 2 840 10045 1 2 3 3 */ -+417, /* OBJ_ms_csp_name 1 3 6 1 4 1 311 17 1 */ -+856, /* OBJ_LocalKeySet 1 3 6 1 4 1 311 17 2 */ -+390, /* OBJ_dcObject 1 3 6 1 4 1 1466 344 */ -+91, /* OBJ_bf_cbc 1 3 6 1 4 1 3029 1 2 */ -+315, /* OBJ_id_regCtrl_regToken 1 3 6 1 5 5 7 5 1 1 */ -+316, /* OBJ_id_regCtrl_authenticator 1 3 6 1 5 5 7 5 1 2 */ -+317, /* OBJ_id_regCtrl_pkiPublicationInfo 1 3 6 1 5 5 7 5 1 3 */ -+318, /* OBJ_id_regCtrl_pkiArchiveOptions 1 3 6 1 5 5 7 5 1 4 */ -+319, /* OBJ_id_regCtrl_oldCertID 1 3 6 1 5 5 7 5 1 5 */ -+320, /* OBJ_id_regCtrl_protocolEncrKey 1 3 6 1 5 5 7 5 1 6 */ -+321, /* OBJ_id_regInfo_utf8Pairs 1 3 6 1 5 5 7 5 2 1 */ -+322, /* OBJ_id_regInfo_certReq 1 3 6 1 5 5 7 5 2 2 */ -+365, /* OBJ_id_pkix_OCSP_basic 1 3 6 1 5 5 7 48 1 1 */ -+366, /* OBJ_id_pkix_OCSP_Nonce 1 3 6 1 5 5 7 48 1 2 */ -+367, /* OBJ_id_pkix_OCSP_CrlID 1 3 6 1 5 5 7 48 1 3 */ -+368, /* OBJ_id_pkix_OCSP_acceptableResponses 1 3 6 1 5 5 7 48 1 4 */ -+369, /* OBJ_id_pkix_OCSP_noCheck 1 3 6 1 5 5 7 48 1 5 */ -+370, /* OBJ_id_pkix_OCSP_archiveCutoff 1 3 6 1 5 5 7 48 1 6 */ -+371, /* OBJ_id_pkix_OCSP_serviceLocator 1 3 6 1 5 5 7 48 1 7 */ -+372, /* OBJ_id_pkix_OCSP_extendedStatus 1 3 6 1 5 5 7 48 1 8 */ -+373, /* OBJ_id_pkix_OCSP_valid 1 3 6 1 5 5 7 48 1 9 */ -+374, /* OBJ_id_pkix_OCSP_path 1 3 6 1 5 5 7 48 1 10 */ -+375, /* OBJ_id_pkix_OCSP_trustRoot 1 3 6 1 5 5 7 48 1 11 */ -+921, /* OBJ_brainpoolP160r1 1 3 36 3 3 2 8 1 1 1 */ -+922, /* OBJ_brainpoolP160t1 1 3 36 3 3 2 8 1 1 2 */ -+923, /* OBJ_brainpoolP192r1 1 3 36 3 3 2 8 1 1 3 */ -+924, /* OBJ_brainpoolP192t1 1 3 36 3 3 2 8 1 1 4 */ -+925, /* OBJ_brainpoolP224r1 1 3 36 3 3 2 8 1 1 5 */ -+926, /* OBJ_brainpoolP224t1 1 3 36 3 3 2 8 1 1 6 */ -+927, /* OBJ_brainpoolP256r1 1 3 36 3 3 2 8 1 1 7 */ -+928, /* OBJ_brainpoolP256t1 1 3 36 3 3 2 8 1 1 8 */ -+929, /* OBJ_brainpoolP320r1 1 3 36 3 3 2 8 1 1 9 */ -+930, /* OBJ_brainpoolP320t1 1 3 36 3 3 2 8 1 1 10 */ -+931, /* OBJ_brainpoolP384r1 1 3 36 3 3 2 8 1 1 11 */ -+932, /* OBJ_brainpoolP384t1 1 3 36 3 3 2 8 1 1 12 */ -+933, /* OBJ_brainpoolP512r1 1 3 36 3 3 2 8 1 1 13 */ -+934, /* OBJ_brainpoolP512t1 1 3 36 3 3 2 8 1 1 14 */ -+936, /* OBJ_dhSinglePass_stdDH_sha1kdf_scheme 1 3 133 16 840 63 0 2 */ -+941, /* OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme 1 3 133 16 840 63 0 3 */ -+418, /* OBJ_aes_128_ecb 2 16 840 1 101 3 4 1 1 */ -+419, /* OBJ_aes_128_cbc 2 16 840 1 101 3 4 1 2 */ -+420, /* OBJ_aes_128_ofb128 2 16 840 1 101 3 4 1 3 */ -+421, /* OBJ_aes_128_cfb128 2 16 840 1 101 3 4 1 4 */ -+788, /* OBJ_id_aes128_wrap 2 16 840 1 101 3 4 1 5 */ -+895, /* OBJ_aes_128_gcm 2 16 840 1 101 3 4 1 6 */ -+896, /* OBJ_aes_128_ccm 2 16 840 1 101 3 4 1 7 */ -+897, /* OBJ_id_aes128_wrap_pad 2 16 840 1 101 3 4 1 8 */ -+422, /* OBJ_aes_192_ecb 2 16 840 1 101 3 4 1 21 */ -+423, /* OBJ_aes_192_cbc 2 16 840 1 101 3 4 1 22 */ -+424, /* OBJ_aes_192_ofb128 2 16 840 1 101 3 4 1 23 */ -+425, /* OBJ_aes_192_cfb128 2 16 840 1 101 3 4 1 24 */ -+789, /* OBJ_id_aes192_wrap 2 16 840 1 101 3 4 1 25 */ -+898, /* OBJ_aes_192_gcm 2 16 840 1 101 3 4 1 26 */ -+899, /* OBJ_aes_192_ccm 2 16 840 1 101 3 4 1 27 */ -+900, /* OBJ_id_aes192_wrap_pad 2 16 840 1 101 3 4 1 28 */ -+426, /* OBJ_aes_256_ecb 2 16 840 1 101 3 4 1 41 */ -+427, /* OBJ_aes_256_cbc 2 16 840 1 101 3 4 1 42 */ -+428, /* OBJ_aes_256_ofb128 2 16 840 1 101 3 4 1 43 */ -+429, /* OBJ_aes_256_cfb128 2 16 840 1 101 3 4 1 44 */ -+790, /* OBJ_id_aes256_wrap 2 16 840 1 101 3 4 1 45 */ -+901, /* OBJ_aes_256_gcm 2 16 840 1 101 3 4 1 46 */ -+902, /* OBJ_aes_256_ccm 2 16 840 1 101 3 4 1 47 */ -+903, /* OBJ_id_aes256_wrap_pad 2 16 840 1 101 3 4 1 48 */ -+672, /* OBJ_sha256 2 16 840 1 101 3 4 2 1 */ -+673, /* OBJ_sha384 2 16 840 1 101 3 4 2 2 */ -+674, /* OBJ_sha512 2 16 840 1 101 3 4 2 3 */ -+675, /* OBJ_sha224 2 16 840 1 101 3 4 2 4 */ -+802, /* OBJ_dsa_with_SHA224 2 16 840 1 101 3 4 3 1 */ -+803, /* OBJ_dsa_with_SHA256 2 16 840 1 101 3 4 3 2 */ -+71, /* OBJ_netscape_cert_type 2 16 840 1 113730 1 1 */ -+72, /* OBJ_netscape_base_url 2 16 840 1 113730 1 2 */ -+73, /* OBJ_netscape_revocation_url 2 16 840 1 113730 1 3 */ -+74, /* OBJ_netscape_ca_revocation_url 2 16 840 1 113730 1 4 */ -+75, /* OBJ_netscape_renewal_url 2 16 840 1 113730 1 7 */ -+76, /* OBJ_netscape_ca_policy_url 2 16 840 1 113730 1 8 */ -+77, /* OBJ_netscape_ssl_server_name 2 16 840 1 113730 1 12 */ -+78, /* OBJ_netscape_comment 2 16 840 1 113730 1 13 */ -+79, /* OBJ_netscape_cert_sequence 2 16 840 1 113730 2 5 */ -+139, /* OBJ_ns_sgc 2 16 840 1 113730 4 1 */ -+458, /* OBJ_userId 0 9 2342 19200300 100 1 1 */ -+459, /* OBJ_textEncodedORAddress 0 9 2342 19200300 100 1 2 */ -+460, /* OBJ_rfc822Mailbox 0 9 2342 19200300 100 1 3 */ -+461, /* OBJ_info 0 9 2342 19200300 100 1 4 */ -+462, /* OBJ_favouriteDrink 0 9 2342 19200300 100 1 5 */ -+463, /* OBJ_roomNumber 0 9 2342 19200300 100 1 6 */ -+464, /* OBJ_photo 0 9 2342 19200300 100 1 7 */ -+465, /* OBJ_userClass 0 9 2342 19200300 100 1 8 */ -+466, /* OBJ_host 0 9 2342 19200300 100 1 9 */ -+467, /* OBJ_manager 0 9 2342 19200300 100 1 10 */ -+468, /* OBJ_documentIdentifier 0 9 2342 19200300 100 1 11 */ -+469, /* OBJ_documentTitle 0 9 2342 19200300 100 1 12 */ -+470, /* OBJ_documentVersion 0 9 2342 19200300 100 1 13 */ -+471, /* OBJ_documentAuthor 0 9 2342 19200300 100 1 14 */ -+472, /* OBJ_documentLocation 0 9 2342 19200300 100 1 15 */ -+473, /* OBJ_homeTelephoneNumber 0 9 2342 19200300 100 1 20 */ -+474, /* OBJ_secretary 0 9 2342 19200300 100 1 21 */ -+475, /* OBJ_otherMailbox 0 9 2342 19200300 100 1 22 */ -+476, /* OBJ_lastModifiedTime 0 9 2342 19200300 100 1 23 */ -+477, /* OBJ_lastModifiedBy 0 9 2342 19200300 100 1 24 */ -+391, /* OBJ_domainComponent 0 9 2342 19200300 100 1 25 */ -+478, /* OBJ_aRecord 0 9 2342 19200300 100 1 26 */ -+479, /* OBJ_pilotAttributeType27 0 9 2342 19200300 100 1 27 */ -+480, /* OBJ_mXRecord 0 9 2342 19200300 100 1 28 */ -+481, /* OBJ_nSRecord 0 9 2342 19200300 100 1 29 */ -+482, /* OBJ_sOARecord 0 9 2342 19200300 100 1 30 */ -+483, /* OBJ_cNAMERecord 0 9 2342 19200300 100 1 31 */ -+484, /* OBJ_associatedDomain 0 9 2342 19200300 100 1 37 */ -+485, /* OBJ_associatedName 0 9 2342 19200300 100 1 38 */ -+486, /* OBJ_homePostalAddress 0 9 2342 19200300 100 1 39 */ -+487, /* OBJ_personalTitle 0 9 2342 19200300 100 1 40 */ -+488, /* OBJ_mobileTelephoneNumber 0 9 2342 19200300 100 1 41 */ -+489, /* OBJ_pagerTelephoneNumber 0 9 2342 19200300 100 1 42 */ -+490, /* OBJ_friendlyCountryName 0 9 2342 19200300 100 1 43 */ -+491, /* OBJ_organizationalStatus 0 9 2342 19200300 100 1 45 */ -+492, /* OBJ_janetMailbox 0 9 2342 19200300 100 1 46 */ -+493, /* OBJ_mailPreferenceOption 0 9 2342 19200300 100 1 47 */ -+494, /* OBJ_buildingName 0 9 2342 19200300 100 1 48 */ -+495, /* OBJ_dSAQuality 0 9 2342 19200300 100 1 49 */ -+496, /* OBJ_singleLevelQuality 0 9 2342 19200300 100 1 50 */ -+497, /* OBJ_subtreeMinimumQuality 0 9 2342 19200300 100 1 51 */ -+498, /* OBJ_subtreeMaximumQuality 0 9 2342 19200300 100 1 52 */ -+499, /* OBJ_personalSignature 0 9 2342 19200300 100 1 53 */ -+500, /* OBJ_dITRedirect 0 9 2342 19200300 100 1 54 */ -+501, /* OBJ_audio 0 9 2342 19200300 100 1 55 */ -+502, /* OBJ_documentPublisher 0 9 2342 19200300 100 1 56 */ -+442, /* OBJ_iA5StringSyntax 0 9 2342 19200300 100 3 4 */ -+443, /* OBJ_caseIgnoreIA5StringSyntax 0 9 2342 19200300 100 3 5 */ -+444, /* OBJ_pilotObject 0 9 2342 19200300 100 4 3 */ -+445, /* OBJ_pilotPerson 0 9 2342 19200300 100 4 4 */ -+446, /* OBJ_account 0 9 2342 19200300 100 4 5 */ -+447, /* OBJ_document 0 9 2342 19200300 100 4 6 */ -+448, /* OBJ_room 0 9 2342 19200300 100 4 7 */ -+449, /* OBJ_documentSeries 0 9 2342 19200300 100 4 9 */ -+392, /* OBJ_Domain 0 9 2342 19200300 100 4 13 */ -+450, /* OBJ_rFC822localPart 0 9 2342 19200300 100 4 14 */ -+451, /* OBJ_dNSDomain 0 9 2342 19200300 100 4 15 */ -+452, /* OBJ_domainRelatedObject 0 9 2342 19200300 100 4 17 */ -+453, /* OBJ_friendlyCountry 0 9 2342 19200300 100 4 18 */ -+454, /* OBJ_simpleSecurityObject 0 9 2342 19200300 100 4 19 */ -+455, /* OBJ_pilotOrganization 0 9 2342 19200300 100 4 20 */ -+456, /* OBJ_pilotDSA 0 9 2342 19200300 100 4 21 */ -+457, /* OBJ_qualityLabelledData 0 9 2342 19200300 100 4 22 */ -+189, /* OBJ_id_smime_mod 1 2 840 113549 1 9 16 0 */ -+190, /* OBJ_id_smime_ct 1 2 840 113549 1 9 16 1 */ -+191, /* OBJ_id_smime_aa 1 2 840 113549 1 9 16 2 */ -+192, /* OBJ_id_smime_alg 1 2 840 113549 1 9 16 3 */ -+193, /* OBJ_id_smime_cd 1 2 840 113549 1 9 16 4 */ -+194, /* OBJ_id_smime_spq 1 2 840 113549 1 9 16 5 */ -+195, /* OBJ_id_smime_cti 1 2 840 113549 1 9 16 6 */ -+158, /* OBJ_x509Certificate 1 2 840 113549 1 9 22 1 */ -+159, /* OBJ_sdsiCertificate 1 2 840 113549 1 9 22 2 */ -+160, /* OBJ_x509Crl 1 2 840 113549 1 9 23 1 */ -+144, /* OBJ_pbe_WithSHA1And128BitRC4 1 2 840 113549 1 12 1 1 */ -+145, /* OBJ_pbe_WithSHA1And40BitRC4 1 2 840 113549 1 12 1 2 */ -+146, /* OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC 1 2 840 113549 1 12 1 3 */ -+147, /* OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC 1 2 840 113549 1 12 1 4 */ -+148, /* OBJ_pbe_WithSHA1And128BitRC2_CBC 1 2 840 113549 1 12 1 5 */ -+149, /* OBJ_pbe_WithSHA1And40BitRC2_CBC 1 2 840 113549 1 12 1 6 */ -+171, /* OBJ_ms_ext_req 1 3 6 1 4 1 311 2 1 14 */ -+134, /* OBJ_ms_code_ind 1 3 6 1 4 1 311 2 1 21 */ -+135, /* OBJ_ms_code_com 1 3 6 1 4 1 311 2 1 22 */ -+136, /* OBJ_ms_ctl_sign 1 3 6 1 4 1 311 10 3 1 */ -+137, /* OBJ_ms_sgc 1 3 6 1 4 1 311 10 3 3 */ -+138, /* OBJ_ms_efs 1 3 6 1 4 1 311 10 3 4 */ -+648, /* OBJ_ms_smartcard_login 1 3 6 1 4 1 311 20 2 2 */ -+649, /* OBJ_ms_upn 1 3 6 1 4 1 311 20 2 3 */ -+951, /* OBJ_ct_precert_scts 1 3 6 1 4 1 11129 2 4 2 */ -+952, /* OBJ_ct_precert_poison 1 3 6 1 4 1 11129 2 4 3 */ -+953, /* OBJ_ct_precert_signer 1 3 6 1 4 1 11129 2 4 4 */ -+954, /* OBJ_ct_cert_scts 1 3 6 1 4 1 11129 2 4 5 */ -+751, /* OBJ_camellia_128_cbc 1 2 392 200011 61 1 1 1 2 */ -+752, /* OBJ_camellia_192_cbc 1 2 392 200011 61 1 1 1 3 */ -+753, /* OBJ_camellia_256_cbc 1 2 392 200011 61 1 1 1 4 */ -+907, /* OBJ_id_camellia128_wrap 1 2 392 200011 61 1 1 3 2 */ -+908, /* OBJ_id_camellia192_wrap 1 2 392 200011 61 1 1 3 3 */ -+909, /* OBJ_id_camellia256_wrap 1 2 392 200011 61 1 1 3 4 */ -+196, /* OBJ_id_smime_mod_cms 1 2 840 113549 1 9 16 0 1 */ -+197, /* OBJ_id_smime_mod_ess 1 2 840 113549 1 9 16 0 2 */ -+198, /* OBJ_id_smime_mod_oid 1 2 840 113549 1 9 16 0 3 */ -+199, /* OBJ_id_smime_mod_msg_v3 1 2 840 113549 1 9 16 0 4 */ -+200, /* OBJ_id_smime_mod_ets_eSignature_88 1 2 840 113549 1 9 16 0 5 */ -+201, /* OBJ_id_smime_mod_ets_eSignature_97 1 2 840 113549 1 9 16 0 6 */ -+202, /* OBJ_id_smime_mod_ets_eSigPolicy_88 1 2 840 113549 1 9 16 0 7 */ -+203, /* OBJ_id_smime_mod_ets_eSigPolicy_97 1 2 840 113549 1 9 16 0 8 */ -+204, /* OBJ_id_smime_ct_receipt 1 2 840 113549 1 9 16 1 1 */ -+205, /* OBJ_id_smime_ct_authData 1 2 840 113549 1 9 16 1 2 */ -+206, /* OBJ_id_smime_ct_publishCert 1 2 840 113549 1 9 16 1 3 */ -+207, /* OBJ_id_smime_ct_TSTInfo 1 2 840 113549 1 9 16 1 4 */ -+208, /* OBJ_id_smime_ct_TDTInfo 1 2 840 113549 1 9 16 1 5 */ -+209, /* OBJ_id_smime_ct_contentInfo 1 2 840 113549 1 9 16 1 6 */ -+210, /* OBJ_id_smime_ct_DVCSRequestData 1 2 840 113549 1 9 16 1 7 */ -+211, /* OBJ_id_smime_ct_DVCSResponseData 1 2 840 113549 1 9 16 1 8 */ -+786, /* OBJ_id_smime_ct_compressedData 1 2 840 113549 1 9 16 1 9 */ -+787, /* OBJ_id_ct_asciiTextWithCRLF 1 2 840 113549 1 9 16 1 27 */ -+212, /* OBJ_id_smime_aa_receiptRequest 1 2 840 113549 1 9 16 2 1 */ -+213, /* OBJ_id_smime_aa_securityLabel 1 2 840 113549 1 9 16 2 2 */ -+214, /* OBJ_id_smime_aa_mlExpandHistory 1 2 840 113549 1 9 16 2 3 */ -+215, /* OBJ_id_smime_aa_contentHint 1 2 840 113549 1 9 16 2 4 */ -+216, /* OBJ_id_smime_aa_msgSigDigest 1 2 840 113549 1 9 16 2 5 */ -+217, /* OBJ_id_smime_aa_encapContentType 1 2 840 113549 1 9 16 2 6 */ -+218, /* OBJ_id_smime_aa_contentIdentifier 1 2 840 113549 1 9 16 2 7 */ -+219, /* OBJ_id_smime_aa_macValue 1 2 840 113549 1 9 16 2 8 */ -+220, /* OBJ_id_smime_aa_equivalentLabels 1 2 840 113549 1 9 16 2 9 */ -+221, /* OBJ_id_smime_aa_contentReference 1 2 840 113549 1 9 16 2 10 */ -+222, /* OBJ_id_smime_aa_encrypKeyPref 1 2 840 113549 1 9 16 2 11 */ -+223, /* OBJ_id_smime_aa_signingCertificate 1 2 840 113549 1 9 16 2 12 */ -+224, /* OBJ_id_smime_aa_smimeEncryptCerts 1 2 840 113549 1 9 16 2 13 */ -+225, /* OBJ_id_smime_aa_timeStampToken 1 2 840 113549 1 9 16 2 14 */ -+226, /* OBJ_id_smime_aa_ets_sigPolicyId 1 2 840 113549 1 9 16 2 15 */ -+227, /* OBJ_id_smime_aa_ets_commitmentType 1 2 840 113549 1 9 16 2 16 */ -+228, /* OBJ_id_smime_aa_ets_signerLocation 1 2 840 113549 1 9 16 2 17 */ -+229, /* OBJ_id_smime_aa_ets_signerAttr 1 2 840 113549 1 9 16 2 18 */ -+230, /* OBJ_id_smime_aa_ets_otherSigCert 1 2 840 113549 1 9 16 2 19 */ -+231, /* OBJ_id_smime_aa_ets_contentTimestamp 1 2 840 113549 1 9 16 2 20 */ -+232, /* OBJ_id_smime_aa_ets_CertificateRefs 1 2 840 113549 1 9 16 2 21 */ -+233, /* OBJ_id_smime_aa_ets_RevocationRefs 1 2 840 113549 1 9 16 2 22 */ -+234, /* OBJ_id_smime_aa_ets_certValues 1 2 840 113549 1 9 16 2 23 */ -+235, /* OBJ_id_smime_aa_ets_revocationValues 1 2 840 113549 1 9 16 2 24 */ -+236, /* OBJ_id_smime_aa_ets_escTimeStamp 1 2 840 113549 1 9 16 2 25 */ -+237, /* OBJ_id_smime_aa_ets_certCRLTimestamp 1 2 840 113549 1 9 16 2 26 */ -+238, /* OBJ_id_smime_aa_ets_archiveTimeStamp 1 2 840 113549 1 9 16 2 27 */ -+239, /* OBJ_id_smime_aa_signatureType 1 2 840 113549 1 9 16 2 28 */ -+240, /* OBJ_id_smime_aa_dvcs_dvc 1 2 840 113549 1 9 16 2 29 */ -+241, /* OBJ_id_smime_alg_ESDHwith3DES 1 2 840 113549 1 9 16 3 1 */ -+242, /* OBJ_id_smime_alg_ESDHwithRC2 1 2 840 113549 1 9 16 3 2 */ -+243, /* OBJ_id_smime_alg_3DESwrap 1 2 840 113549 1 9 16 3 3 */ -+244, /* OBJ_id_smime_alg_RC2wrap 1 2 840 113549 1 9 16 3 4 */ -+245, /* OBJ_id_smime_alg_ESDH 1 2 840 113549 1 9 16 3 5 */ -+246, /* OBJ_id_smime_alg_CMS3DESwrap 1 2 840 113549 1 9 16 3 6 */ -+247, /* OBJ_id_smime_alg_CMSRC2wrap 1 2 840 113549 1 9 16 3 7 */ -+125, /* OBJ_zlib_compression 1 2 840 113549 1 9 16 3 8 */ -+893, /* OBJ_id_alg_PWRI_KEK 1 2 840 113549 1 9 16 3 9 */ -+248, /* OBJ_id_smime_cd_ldap 1 2 840 113549 1 9 16 4 1 */ -+249, /* OBJ_id_smime_spq_ets_sqt_uri 1 2 840 113549 1 9 16 5 1 */ -+250, /* OBJ_id_smime_spq_ets_sqt_unotice 1 2 840 113549 1 9 16 5 2 */ -+251, /* OBJ_id_smime_cti_ets_proofOfOrigin 1 2 840 113549 1 9 16 6 1 */ -+252, /* OBJ_id_smime_cti_ets_proofOfReceipt 1 2 840 113549 1 9 16 6 2 */ -+253, /* OBJ_id_smime_cti_ets_proofOfDelivery 1 2 840 113549 1 9 16 6 3 */ -+254, /* OBJ_id_smime_cti_ets_proofOfSender 1 2 840 113549 1 9 16 6 4 */ -+255, /* OBJ_id_smime_cti_ets_proofOfApproval 1 2 840 113549 1 9 16 6 5 */ -+256, /* OBJ_id_smime_cti_ets_proofOfCreation 1 2 840 113549 1 9 16 6 6 */ -+150, /* OBJ_keyBag 1 2 840 113549 1 12 10 1 1 */ -+151, /* OBJ_pkcs8ShroudedKeyBag 1 2 840 113549 1 12 10 1 2 */ -+152, /* OBJ_certBag 1 2 840 113549 1 12 10 1 3 */ -+153, /* OBJ_crlBag 1 2 840 113549 1 12 10 1 4 */ -+154, /* OBJ_secretBag 1 2 840 113549 1 12 10 1 5 */ -+155, /* OBJ_safeContentsBag 1 2 840 113549 1 12 10 1 6 */ -+34, /* OBJ_idea_cbc 1 3 6 1 4 1 188 7 1 1 2 */ -+955, /* OBJ_jurisdictionLocalityName 1 3 6 1 4 1 311 60 2 1 1 */ -+956, /* OBJ_jurisdictionStateOrProvinceName 1 3 6 1 4 1 311 60 2 1 2 */ -+957, /* OBJ_jurisdictionCountryName 1 3 6 1 4 1 311 60 2 1 3 */ - }; -+ -diff --git a/Cryptlib/OpenSSL/crypto/objects/obj_err.c b/Cryptlib/OpenSSL/crypto/objects/obj_err.c -index 4677b67..238aaa5 100644 ---- a/Cryptlib/OpenSSL/crypto/objects/obj_err.c -+++ b/Cryptlib/OpenSSL/crypto/objects/obj_err.c -@@ -1,11 +1,62 @@ --/* -- * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/objects/obj_err.c */ -+/* ==================================================================== -+ * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+/* -+ * NOTE: this file was auto generated by the mkerr.pl script: any changes -+ * made to it will be overwritten when the script next updates this file, -+ * only reason strings will be preserved. - */ - - #include -@@ -30,14 +81,14 @@ static ERR_STRING_DATA OBJ_str_functs[] = { - }; - - static ERR_STRING_DATA OBJ_str_reasons[] = { -- {ERR_REASON(OBJ_R_OID_EXISTS), "oid exists"}, -+ {ERR_REASON(OBJ_R_MALLOC_FAILURE), "malloc failure"}, - {ERR_REASON(OBJ_R_UNKNOWN_NID), "unknown nid"}, - {0, NULL} - }; - - #endif - --int ERR_load_OBJ_strings(void) -+void ERR_load_OBJ_strings(void) - { - #ifndef OPENSSL_NO_ERR - -@@ -46,5 +97,4 @@ int ERR_load_OBJ_strings(void) - ERR_load_strings(0, OBJ_str_reasons); - } - #endif -- return 1; - } -diff --git a/Cryptlib/OpenSSL/crypto/objects/obj_lcl.h b/Cryptlib/OpenSSL/crypto/objects/obj_lcl.h -deleted file mode 100644 -index a417f7c..0000000 ---- a/Cryptlib/OpenSSL/crypto/objects/obj_lcl.h -+++ /dev/null -@@ -1,14 +0,0 @@ --/* -- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --typedef struct name_funcs_st NAME_FUNCS; --DEFINE_STACK_OF(NAME_FUNCS) --DEFINE_LHASH_OF(OBJ_NAME); --typedef struct added_obj_st ADDED_OBJ; --DEFINE_LHASH_OF(ADDED_OBJ); -diff --git a/Cryptlib/OpenSSL/crypto/objects/obj_lib.c b/Cryptlib/OpenSSL/crypto/objects/obj_lib.c -index 33075e6..8851baf 100644 ---- a/Cryptlib/OpenSSL/crypto/objects/obj_lib.c -+++ b/Cryptlib/OpenSSL/crypto/objects/obj_lib.c -@@ -1,58 +1,127 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/objects/obj_lib.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include --#include "internal/asn1_int.h" - - ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o) - { - ASN1_OBJECT *r; -+ int i; -+ char *ln = NULL, *sn = NULL; -+ unsigned char *data = NULL; - - if (o == NULL) -- return NULL; -- /* If object isn't dynamic it's an internal OID which is never freed */ -+ return (NULL); - if (!(o->flags & ASN1_OBJECT_FLAG_DYNAMIC)) -- return ((ASN1_OBJECT *)o); -+ return ((ASN1_OBJECT *)o); /* XXX: ugh! Why? What kind of duplication -+ * is this??? */ - - r = ASN1_OBJECT_new(); - if (r == NULL) { - OBJerr(OBJ_F_OBJ_DUP, ERR_R_ASN1_LIB); - return (NULL); - } -- -- /* Set dynamic flags so everything gets freed up on error */ -- -- r->flags = o->flags | (ASN1_OBJECT_FLAG_DYNAMIC | -- ASN1_OBJECT_FLAG_DYNAMIC_STRINGS | -- ASN1_OBJECT_FLAG_DYNAMIC_DATA); -- -- if (o->length > 0 && (r->data = OPENSSL_memdup(o->data, o->length)) == NULL) -+ data = OPENSSL_malloc(o->length); -+ if (data == NULL) - goto err; -- -+ if (o->data != NULL) -+ memcpy(data, o->data, o->length); -+ /* once data attached to object it remains const */ -+ r->data = data; - r->length = o->length; - r->nid = o->nid; -+ r->ln = r->sn = NULL; -+ if (o->ln != NULL) { -+ i = strlen(o->ln) + 1; -+ ln = OPENSSL_malloc(i); -+ if (ln == NULL) -+ goto err; -+ memcpy(ln, o->ln, i); -+ r->ln = ln; -+ } - -- if (o->ln != NULL && (r->ln = OPENSSL_strdup(o->ln)) == NULL) -- goto err; -- -- if (o->sn != NULL && (r->sn = OPENSSL_strdup(o->sn)) == NULL) -- goto err; -- -- return r; -+ if (o->sn != NULL) { -+ i = strlen(o->sn) + 1; -+ sn = OPENSSL_malloc(i); -+ if (sn == NULL) -+ goto err; -+ memcpy(sn, o->sn, i); -+ r->sn = sn; -+ } -+ r->flags = o->flags | (ASN1_OBJECT_FLAG_DYNAMIC | -+ ASN1_OBJECT_FLAG_DYNAMIC_STRINGS | -+ ASN1_OBJECT_FLAG_DYNAMIC_DATA); -+ return (r); - err: -- ASN1_OBJECT_free(r); - OBJerr(OBJ_F_OBJ_DUP, ERR_R_MALLOC_FAILURE); -- return NULL; -+ if (ln != NULL) -+ OPENSSL_free(ln); -+ if (sn != NULL) -+ OPENSSL_free(sn); -+ if (data != NULL) -+ OPENSSL_free(data); -+ if (r != NULL) -+ OPENSSL_free(r); -+ return (NULL); - } - - int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b) -diff --git a/Cryptlib/OpenSSL/crypto/objects/obj_xref.c b/Cryptlib/OpenSSL/crypto/objects/obj_xref.c -index 627f5bc..97b305d 100644 ---- a/Cryptlib/OpenSSL/crypto/objects/obj_xref.c -+++ b/Cryptlib/OpenSSL/crypto/objects/obj_xref.c -@@ -1,17 +1,67 @@ -+/* crypto/objects/obj_xref.c */ - /* -- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2006. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include - #include "obj_xref.h" --#include "e_os.h" - --static STACK_OF(nid_triple) *sig_app, *sigx_app; -+DECLARE_STACK_OF(nid_triple) -+STACK_OF(nid_triple) *sig_app, *sigx_app; - - static int sig_cmp(const nid_triple *a, const nid_triple *b) - { -@@ -52,7 +102,8 @@ int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid) - } - #ifndef OBJ_XREF_TEST2 - if (rv == NULL) { -- rv = OBJ_bsearch_sig(&tmp, sigoid_srt, OSSL_NELEM(sigoid_srt)); -+ rv = OBJ_bsearch_sig(&tmp, sigoid_srt, -+ sizeof(sigoid_srt) / sizeof(nid_triple)); - } - #endif - if (rv == NULL) -@@ -82,7 +133,9 @@ int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid) - } - #ifndef OBJ_XREF_TEST2 - if (rv == NULL) { -- rv = OBJ_bsearch_sigx(&t, sigoid_srt_xref, OSSL_NELEM(sigoid_srt_xref)); -+ rv = OBJ_bsearch_sigx(&t, sigoid_srt_xref, -+ sizeof(sigoid_srt_xref) / sizeof(nid_triple *) -+ ); - } - #endif - if (rv == NULL) -@@ -95,16 +148,16 @@ int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid) - int OBJ_add_sigid(int signid, int dig_id, int pkey_id) - { - nid_triple *ntr; -- if (sig_app == NULL) -+ if (!sig_app) - sig_app = sk_nid_triple_new(sig_sk_cmp); -- if (sig_app == NULL) -+ if (!sig_app) - return 0; -- if (sigx_app == NULL) -+ if (!sigx_app) - sigx_app = sk_nid_triple_new(sigx_cmp); -- if (sigx_app == NULL) -+ if (!sigx_app) - return 0; -- ntr = OPENSSL_malloc(sizeof(*ntr)); -- if (ntr == NULL) -+ ntr = OPENSSL_malloc(sizeof(int) * 3); -+ if (!ntr) - return 0; - ntr->sign_id = signid; - ntr->hash_id = dig_id; -@@ -131,10 +184,14 @@ static void sid_free(nid_triple *tt) - - void OBJ_sigid_free(void) - { -- sk_nid_triple_pop_free(sig_app, sid_free); -- sig_app = NULL; -- sk_nid_triple_free(sigx_app); -- sigx_app = NULL; -+ if (sig_app) { -+ sk_nid_triple_pop_free(sig_app, sid_free); -+ sig_app = NULL; -+ } -+ if (sigx_app) { -+ sk_nid_triple_free(sigx_app); -+ sigx_app = NULL; -+ } - } - - #ifdef OBJ_XREF_TEST -@@ -145,12 +202,12 @@ main() - - int i, rv; - # ifdef OBJ_XREF_TEST2 -- for (i = 0; i < OSSL_NELEM(sigoid_srt); i++) { -+ for (i = 0; i < sizeof(sigoid_srt) / sizeof(nid_triple); i++) { - OBJ_add_sigid(sigoid_srt[i][0], sigoid_srt[i][1], sigoid_srt[i][2]); - } - # endif - -- for (i = 0; i < OSSL_NELEM(sigoid_srt); i++) { -+ for (i = 0; i < sizeof(sigoid_srt) / sizeof(nid_triple); i++) { - n1 = sigoid_srt[i][0]; - rv = OBJ_find_sigid_algs(n1, &n2, &n3); - printf("Forward: %d, %s %s %s\n", rv, -diff --git a/Cryptlib/OpenSSL/crypto/objects/obj_xref.h b/Cryptlib/OpenSSL/crypto/objects/obj_xref.h -index d09aa71..e453e99 100644 ---- a/Cryptlib/OpenSSL/crypto/objects/obj_xref.h -+++ b/Cryptlib/OpenSSL/crypto/objects/obj_xref.h -@@ -1,15 +1,4 @@ --/* -- * WARNING: do not edit! -- * Generated by objxref.pl -- * -- * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- -+/* AUTOGENERATED BY objxref.pl, DO NOT EDIT */ - - typedef struct { - int sign_id; -@@ -17,8 +6,6 @@ typedef struct { - int pkey_id; - } nid_triple; - --DEFINE_STACK_OF(nid_triple) -- - static const nid_triple sigoid_srt[] = { - {NID_md2WithRSAEncryption, NID_md2, NID_rsaEncryption}, - {NID_md5WithRSAEncryption, NID_md5, NID_rsaEncryption}, -@@ -69,10 +56,6 @@ static const nid_triple sigoid_srt[] = { - NID_dh_cofactor_kdf}, - {NID_dhSinglePass_cofactorDH_sha512kdf_scheme, NID_sha512, - NID_dh_cofactor_kdf}, -- {NID_id_tc26_signwithdigest_gost3410_2012_256, NID_id_GostR3411_2012_256, -- NID_id_GostR3410_2012_256}, -- {NID_id_tc26_signwithdigest_gost3410_2012_512, NID_id_GostR3411_2012_512, -- NID_id_GostR3410_2012_512}, - }; - - static const nid_triple *const sigoid_srt_xref[] = { -@@ -113,6 +96,4 @@ static const nid_triple *const sigoid_srt_xref[] = { - &sigoid_srt[26], - &sigoid_srt[27], - &sigoid_srt[28], -- &sigoid_srt[40], -- &sigoid_srt[41], - }; -diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_asn.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_asn.c -index 1e0b827..e2e52e7 100644 ---- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_asn.c -+++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_asn.c -@@ -1,19 +1,67 @@ -+/* ocsp_asn.c */ - /* -- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2000. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ -- - #include - #include - #include --#include "ocsp_lcl.h" - - ASN1_SEQUENCE(OCSP_SIGNATURE) = { -- ASN1_EMBED(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR), -+ ASN1_SIMPLE(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR), - ASN1_SIMPLE(OCSP_SIGNATURE, signature, ASN1_BIT_STRING), - ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SIGNATURE, certs, X509, 0) - } ASN1_SEQUENCE_END(OCSP_SIGNATURE) -@@ -21,10 +69,10 @@ ASN1_SEQUENCE(OCSP_SIGNATURE) = { - IMPLEMENT_ASN1_FUNCTIONS(OCSP_SIGNATURE) - - ASN1_SEQUENCE(OCSP_CERTID) = { -- ASN1_EMBED(OCSP_CERTID, hashAlgorithm, X509_ALGOR), -- ASN1_EMBED(OCSP_CERTID, issuerNameHash, ASN1_OCTET_STRING), -- ASN1_EMBED(OCSP_CERTID, issuerKeyHash, ASN1_OCTET_STRING), -- ASN1_EMBED(OCSP_CERTID, serialNumber, ASN1_INTEGER) -+ ASN1_SIMPLE(OCSP_CERTID, hashAlgorithm, X509_ALGOR), -+ ASN1_SIMPLE(OCSP_CERTID, issuerNameHash, ASN1_OCTET_STRING), -+ ASN1_SIMPLE(OCSP_CERTID, issuerKeyHash, ASN1_OCTET_STRING), -+ ASN1_SIMPLE(OCSP_CERTID, serialNumber, ASN1_INTEGER) - } ASN1_SEQUENCE_END(OCSP_CERTID) - - IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTID) -@@ -46,7 +94,7 @@ ASN1_SEQUENCE(OCSP_REQINFO) = { - IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQINFO) - - ASN1_SEQUENCE(OCSP_REQUEST) = { -- ASN1_EMBED(OCSP_REQUEST, tbsRequest, OCSP_REQINFO), -+ ASN1_SIMPLE(OCSP_REQUEST, tbsRequest, OCSP_REQINFO), - ASN1_EXP_OPT(OCSP_REQUEST, optionalSignature, OCSP_SIGNATURE, 0) - } ASN1_SEQUENCE_END(OCSP_REQUEST) - -@@ -102,7 +150,7 @@ IMPLEMENT_ASN1_FUNCTIONS(OCSP_SINGLERESP) - - ASN1_SEQUENCE(OCSP_RESPDATA) = { - ASN1_EXP_OPT(OCSP_RESPDATA, version, ASN1_INTEGER, 0), -- ASN1_EMBED(OCSP_RESPDATA, responderId, OCSP_RESPID), -+ ASN1_SIMPLE(OCSP_RESPDATA, responderId, OCSP_RESPID), - ASN1_SIMPLE(OCSP_RESPDATA, producedAt, ASN1_GENERALIZEDTIME), - ASN1_SEQUENCE_OF(OCSP_RESPDATA, responses, OCSP_SINGLERESP), - ASN1_EXP_SEQUENCE_OF_OPT(OCSP_RESPDATA, responseExtensions, X509_EXTENSION, 1) -@@ -111,8 +159,8 @@ ASN1_SEQUENCE(OCSP_RESPDATA) = { - IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPDATA) - - ASN1_SEQUENCE(OCSP_BASICRESP) = { -- ASN1_EMBED(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA), -- ASN1_EMBED(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR), -+ ASN1_SIMPLE(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA), -+ ASN1_SIMPLE(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR), - ASN1_SIMPLE(OCSP_BASICRESP, signature, ASN1_BIT_STRING), - ASN1_EXP_SEQUENCE_OF_OPT(OCSP_BASICRESP, certs, X509, 0) - } ASN1_SEQUENCE_END(OCSP_BASICRESP) -diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c -index a42b80f..fca7db0 100644 ---- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c -+++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c -@@ -1,21 +1,78 @@ -+/* ocsp_cl.c */ - /* -- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Tom Titchener for the OpenSSL -+ * project. -+ */ -+ -+/* -+ * History: This file was transfered to Richard Levitte from CertCo by Kathy -+ * Weinhold in mid-spring 2000 to be included in OpenSSL or released as a -+ * patch kit. -+ */ -+ -+/* ==================================================================== -+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include - #include --#include "internal/cryptlib.h" -+#include - #include -+#include - #include - #include - #include - #include --#include "ocsp_lcl.h" - - /* - * Utility functions related to sending OCSP requests and extracting relevant -@@ -31,11 +88,12 @@ OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid) - { - OCSP_ONEREQ *one = NULL; - -- if ((one = OCSP_ONEREQ_new()) == NULL) -- return NULL; -- OCSP_CERTID_free(one->reqCert); -+ if (!(one = OCSP_ONEREQ_new())) -+ goto err; -+ if (one->reqCert) -+ OCSP_CERTID_free(one->reqCert); - one->reqCert = cid; -- if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest.requestList, one)) { -+ if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one)) { - one->reqCert = NULL; /* do not free on error */ - goto err; - } -@@ -50,7 +108,6 @@ OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid) - int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm) - { - GENERAL_NAME *gen; -- - gen = GENERAL_NAME_new(); - if (gen == NULL) - return 0; -@@ -59,8 +116,9 @@ int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm) - return 0; - } - gen->type = GEN_DIRNAME; -- GENERAL_NAME_free(req->tbsRequest.requestorName); -- req->tbsRequest.requestorName = gen; -+ if (req->tbsRequest->requestorName) -+ GENERAL_NAME_free(req->tbsRequest->requestorName); -+ req->tbsRequest->requestorName = gen; - return 1; - } - -@@ -69,25 +127,24 @@ int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm) - int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert) - { - OCSP_SIGNATURE *sig; -- if (req->optionalSignature == NULL) -+ if (!req->optionalSignature) - req->optionalSignature = OCSP_SIGNATURE_new(); - sig = req->optionalSignature; -- if (sig == NULL) -+ if (!sig) - return 0; -- if (cert == NULL) -+ if (!cert) - return 1; -- if (sig->certs == NULL -- && (sig->certs = sk_X509_new_null()) == NULL) -+ if (!sig->certs && !(sig->certs = sk_X509_new_null())) - return 0; - - if (!sk_X509_push(sig->certs, cert)) - return 0; -- X509_up_ref(cert); -+ CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); - return 1; - } - - /* -- * Sign an OCSP request set the requestorName to the subject name of an -+ * Sign an OCSP request set the requestorName to the subjec name of an - * optional signers certificate and include one or more optional certificates - * in the request. Behaves like PKCS7_sign(). - */ -@@ -99,12 +156,13 @@ int OCSP_request_sign(OCSP_REQUEST *req, - STACK_OF(X509) *certs, unsigned long flags) - { - int i; -+ OCSP_SIGNATURE *sig; - X509 *x; - - if (!OCSP_request_set1_name(req, X509_get_subject_name(signer))) - goto err; - -- if ((req->optionalSignature = OCSP_SIGNATURE_new()) == NULL) -+ if (!(req->optionalSignature = sig = OCSP_SIGNATURE_new())) - goto err; - if (key) { - if (!X509_check_private_key(signer, key)) { -@@ -161,20 +219,15 @@ OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp) - return ASN1_item_unpack(rb->response, ASN1_ITEM_rptr(OCSP_BASICRESP)); - } - --const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs) --{ -- return bs->signature; --} -- - /* -- * Return number of OCSP_SINGLERESP responses present in a basic response. -+ * Return number of OCSP_SINGLERESP reponses present in a basic response. - */ - - int OCSP_resp_count(OCSP_BASICRESP *bs) - { - if (!bs) - return -1; -- return sk_OCSP_SINGLERESP_num(bs->tbsResponseData.responses); -+ return sk_OCSP_SINGLERESP_num(bs->tbsResponseData->responses); - } - - /* Extract an OCSP_SINGLERESP response with a given index */ -@@ -183,35 +236,7 @@ OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx) - { - if (!bs) - return NULL; -- return sk_OCSP_SINGLERESP_value(bs->tbsResponseData.responses, idx); --} -- --const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(const OCSP_BASICRESP* bs) --{ -- return bs->tbsResponseData.producedAt; --} -- --const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs) --{ -- return bs->certs; --} -- --int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, -- const ASN1_OCTET_STRING **pid, -- const X509_NAME **pname) -- --{ -- const OCSP_RESPID *rid = &bs->tbsResponseData.responderId; -- if (rid->type == V_OCSP_RESPID_NAME) { -- *pname = rid->value.byName; -- *pid = NULL; -- } else if (rid->type == V_OCSP_RESPID_KEY) { -- *pid = rid->value.byKey; -- *pname = NULL; -- } else { -- return 0; -- } -- return 1; -+ return sk_OCSP_SINGLERESP_value(bs->tbsResponseData->responses, idx); - } - - /* Look single response matching a given certificate ID */ -@@ -227,7 +252,7 @@ int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last) - last = 0; - else - last++; -- sresp = bs->tbsResponseData.responses; -+ sresp = bs->tbsResponseData->responses; - for (i = last; i < sk_OCSP_SINGLERESP_num(sresp); i++) { - single = sk_OCSP_SINGLERESP_value(sresp, i); - if (!OCSP_id_cmp(id, single->certId)) -@@ -297,7 +322,7 @@ int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status, - - /* - * Check validity of thisUpdate and nextUpdate fields. It is possible that -- * the request will take a few seconds to process and/or the time won't be -+ * the request will take a few seconds to process and/or the time wont be - * totally accurate. Therefore to avoid rejecting otherwise valid time we - * allow the times to be within 'nsec' of the current time. Also to avoid - * accepting very old responses without a nextUpdate field an optional maxage -@@ -358,8 +383,3 @@ int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, - - return ret; - } -- --const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *single) --{ -- return single->certId; --} -diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c -index a2d96e9..722043c 100644 ---- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c -+++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c -@@ -1,11 +1,62 @@ --/* -- * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/ocsp/ocsp_err.c */ -+/* ==================================================================== -+ * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+/* -+ * NOTE: this file was auto generated by the mkerr.pl script: any changes -+ * made to it will be overwritten when the script next updates this file, -+ * only reason strings will be preserved. - */ - - #include -@@ -19,25 +70,30 @@ - # define ERR_REASON(reason) ERR_PACK(ERR_LIB_OCSP,0,reason) - - static ERR_STRING_DATA OCSP_str_functs[] = { -- {ERR_FUNC(OCSP_F_D2I_OCSP_NONCE), "d2i_ocsp_nonce"}, -+ {ERR_FUNC(OCSP_F_ASN1_STRING_ENCODE), "ASN1_STRING_encode"}, -+ {ERR_FUNC(OCSP_F_D2I_OCSP_NONCE), "D2I_OCSP_NONCE"}, - {ERR_FUNC(OCSP_F_OCSP_BASIC_ADD1_STATUS), "OCSP_basic_add1_status"}, - {ERR_FUNC(OCSP_F_OCSP_BASIC_SIGN), "OCSP_basic_sign"}, - {ERR_FUNC(OCSP_F_OCSP_BASIC_VERIFY), "OCSP_basic_verify"}, - {ERR_FUNC(OCSP_F_OCSP_CERT_ID_NEW), "OCSP_cert_id_new"}, -- {ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED), "ocsp_check_delegated"}, -- {ERR_FUNC(OCSP_F_OCSP_CHECK_IDS), "ocsp_check_ids"}, -- {ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER), "ocsp_check_issuer"}, -+ {ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED), "OCSP_CHECK_DELEGATED"}, -+ {ERR_FUNC(OCSP_F_OCSP_CHECK_IDS), "OCSP_CHECK_IDS"}, -+ {ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER), "OCSP_CHECK_ISSUER"}, - {ERR_FUNC(OCSP_F_OCSP_CHECK_VALIDITY), "OCSP_check_validity"}, -- {ERR_FUNC(OCSP_F_OCSP_MATCH_ISSUERID), "ocsp_match_issuerid"}, -+ {ERR_FUNC(OCSP_F_OCSP_MATCH_ISSUERID), "OCSP_MATCH_ISSUERID"}, - {ERR_FUNC(OCSP_F_OCSP_PARSE_URL), "OCSP_parse_url"}, - {ERR_FUNC(OCSP_F_OCSP_REQUEST_SIGN), "OCSP_request_sign"}, - {ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY), "OCSP_request_verify"}, - {ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC), "OCSP_response_get1_basic"}, -- {ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1), "parse_http_line1"}, -+ {ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO), "OCSP_sendreq_bio"}, -+ {ERR_FUNC(OCSP_F_OCSP_SENDREQ_NBIO), "OCSP_sendreq_nbio"}, -+ {ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1), "PARSE_HTTP_LINE1"}, -+ {ERR_FUNC(OCSP_F_REQUEST_VERIFY), "REQUEST_VERIFY"}, - {0, NULL} - }; - - static ERR_STRING_DATA OCSP_str_reasons[] = { -+ {ERR_REASON(OCSP_R_BAD_DATA), "bad data"}, - {ERR_REASON(OCSP_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"}, - {ERR_REASON(OCSP_R_DIGEST_ERR), "digest err"}, - {ERR_REASON(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD), -@@ -51,18 +107,21 @@ static ERR_STRING_DATA OCSP_str_reasons[] = { - "nextupdate before thisupdate"}, - {ERR_REASON(OCSP_R_NOT_BASIC_RESPONSE), "not basic response"}, - {ERR_REASON(OCSP_R_NO_CERTIFICATES_IN_CHAIN), "no certificates in chain"}, -+ {ERR_REASON(OCSP_R_NO_CONTENT), "no content"}, -+ {ERR_REASON(OCSP_R_NO_PUBLIC_KEY), "no public key"}, - {ERR_REASON(OCSP_R_NO_RESPONSE_DATA), "no response data"}, - {ERR_REASON(OCSP_R_NO_REVOKED_TIME), "no revoked time"}, -- {ERR_REASON(OCSP_R_NO_SIGNER_KEY), "no signer key"}, - {ERR_REASON(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), - "private key does not match certificate"}, - {ERR_REASON(OCSP_R_REQUEST_NOT_SIGNED), "request not signed"}, - {ERR_REASON(OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA), - "response contains no revocation data"}, - {ERR_REASON(OCSP_R_ROOT_CA_NOT_TRUSTED), "root ca not trusted"}, -+ {ERR_REASON(OCSP_R_SERVER_READ_ERROR), "server read error"}, - {ERR_REASON(OCSP_R_SERVER_RESPONSE_ERROR), "server response error"}, - {ERR_REASON(OCSP_R_SERVER_RESPONSE_PARSE_ERROR), - "server response parse error"}, -+ {ERR_REASON(OCSP_R_SERVER_WRITE_ERROR), "server write error"}, - {ERR_REASON(OCSP_R_SIGNATURE_FAILURE), "signature failure"}, - {ERR_REASON(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND), - "signer certificate not found"}, -@@ -78,7 +137,7 @@ static ERR_STRING_DATA OCSP_str_reasons[] = { - - #endif - --int ERR_load_OCSP_strings(void) -+void ERR_load_OCSP_strings(void) - { - #ifndef OPENSSL_NO_ERR - -@@ -87,5 +146,4 @@ int ERR_load_OCSP_strings(void) - ERR_load_strings(0, OCSP_str_reasons); - } - #endif -- return 1; - } -diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c -index b829b2e..55af31b 100644 ---- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c -+++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c -@@ -1,18 +1,74 @@ -+/* ocsp_ext.c */ - /* -- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Tom Titchener for the OpenSSL -+ * project. -+ */ -+ -+/* -+ * History: This file was transfered to Richard Levitte from CertCo by Kathy -+ * Weinhold in mid-spring 2000 to be included in OpenSSL or released as a -+ * patch kit. -+ */ -+ -+/* ==================================================================== -+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include - #include - #include - #include --#include "ocsp_lcl.h" - #include - #include - -@@ -22,53 +78,53 @@ - - int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x) - { -- return (X509v3_get_ext_count(x->tbsRequest.requestExtensions)); -+ return (X509v3_get_ext_count(x->tbsRequest->requestExtensions)); - } - - int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos) - { - return (X509v3_get_ext_by_NID -- (x->tbsRequest.requestExtensions, nid, lastpos)); -+ (x->tbsRequest->requestExtensions, nid, lastpos)); - } - --int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, const ASN1_OBJECT *obj, -+int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj, - int lastpos) - { - return (X509v3_get_ext_by_OBJ -- (x->tbsRequest.requestExtensions, obj, lastpos)); -+ (x->tbsRequest->requestExtensions, obj, lastpos)); - } - - int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos) - { - return (X509v3_get_ext_by_critical -- (x->tbsRequest.requestExtensions, crit, lastpos)); -+ (x->tbsRequest->requestExtensions, crit, lastpos)); - } - - X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc) - { -- return (X509v3_get_ext(x->tbsRequest.requestExtensions, loc)); -+ return (X509v3_get_ext(x->tbsRequest->requestExtensions, loc)); - } - - X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc) - { -- return (X509v3_delete_ext(x->tbsRequest.requestExtensions, loc)); -+ return (X509v3_delete_ext(x->tbsRequest->requestExtensions, loc)); - } - - void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx) - { -- return X509V3_get_d2i(x->tbsRequest.requestExtensions, nid, crit, idx); -+ return X509V3_get_d2i(x->tbsRequest->requestExtensions, nid, crit, idx); - } - - int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit, - unsigned long flags) - { -- return X509V3_add1_i2d(&x->tbsRequest.requestExtensions, nid, value, -+ return X509V3_add1_i2d(&x->tbsRequest->requestExtensions, nid, value, - crit, flags); - } - - int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc) - { -- return (X509v3_add_ext(&(x->tbsRequest.requestExtensions), ex, loc) != -+ return (X509v3_add_ext(&(x->tbsRequest->requestExtensions), ex, loc) != - NULL); - } - -@@ -84,8 +140,7 @@ int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos) - return (X509v3_get_ext_by_NID(x->singleRequestExtensions, nid, lastpos)); - } - --int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, const ASN1_OBJECT *obj, -- int lastpos) -+int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, ASN1_OBJECT *obj, int lastpos) - { - return (X509v3_get_ext_by_OBJ(x->singleRequestExtensions, obj, lastpos)); - } -@@ -127,56 +182,56 @@ int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc) - - int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x) - { -- return (X509v3_get_ext_count(x->tbsResponseData.responseExtensions)); -+ return (X509v3_get_ext_count(x->tbsResponseData->responseExtensions)); - } - - int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos) - { - return (X509v3_get_ext_by_NID -- (x->tbsResponseData.responseExtensions, nid, lastpos)); -+ (x->tbsResponseData->responseExtensions, nid, lastpos)); - } - --int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, const ASN1_OBJECT *obj, -+int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, - int lastpos) - { - return (X509v3_get_ext_by_OBJ -- (x->tbsResponseData.responseExtensions, obj, lastpos)); -+ (x->tbsResponseData->responseExtensions, obj, lastpos)); - } - - int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, - int lastpos) - { - return (X509v3_get_ext_by_critical -- (x->tbsResponseData.responseExtensions, crit, lastpos)); -+ (x->tbsResponseData->responseExtensions, crit, lastpos)); - } - - X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc) - { -- return (X509v3_get_ext(x->tbsResponseData.responseExtensions, loc)); -+ return (X509v3_get_ext(x->tbsResponseData->responseExtensions, loc)); - } - - X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc) - { -- return (X509v3_delete_ext(x->tbsResponseData.responseExtensions, loc)); -+ return (X509v3_delete_ext(x->tbsResponseData->responseExtensions, loc)); - } - - void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, - int *idx) - { -- return X509V3_get_d2i(x->tbsResponseData.responseExtensions, nid, crit, -+ return X509V3_get_d2i(x->tbsResponseData->responseExtensions, nid, crit, - idx); - } - - int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, - int crit, unsigned long flags) - { -- return X509V3_add1_i2d(&x->tbsResponseData.responseExtensions, nid, -+ return X509V3_add1_i2d(&x->tbsResponseData->responseExtensions, nid, - value, crit, flags); - } - - int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc) - { -- return (X509v3_add_ext(&(x->tbsResponseData.responseExtensions), ex, loc) -+ return (X509v3_add_ext(&(x->tbsResponseData->responseExtensions), ex, loc) - != NULL); - } - -@@ -192,7 +247,7 @@ int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos) - return (X509v3_get_ext_by_NID(x->singleExtensions, nid, lastpos)); - } - --int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, const ASN1_OBJECT *obj, -+int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj, - int lastpos) - { - return (X509v3_get_ext_by_OBJ(x->singleExtensions, obj, lastpos)); -@@ -232,11 +287,54 @@ int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc) - } - - /* also CRL Entry Extensions */ -+#if 0 -+ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d, -+ void *data, STACK_OF(ASN1_OBJECT) *sk) -+{ -+ int i; -+ unsigned char *p, *b = NULL; -+ -+ if (data) { -+ if ((i = i2d(data, NULL)) <= 0) -+ goto err; -+ if (!(b = p = OPENSSL_malloc((unsigned int)i))) -+ goto err; -+ if (i2d(data, &p) <= 0) -+ goto err; -+ } else if (sk) { -+ if ((i = i2d_ASN1_SET_OF_ASN1_OBJECT(sk, NULL, -+ (I2D_OF(ASN1_OBJECT)) i2d, -+ V_ASN1_SEQUENCE, -+ V_ASN1_UNIVERSAL, -+ IS_SEQUENCE)) <= 0) -+ goto err; -+ if (!(b = p = OPENSSL_malloc((unsigned int)i))) -+ goto err; -+ if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk, &p, (I2D_OF(ASN1_OBJECT)) i2d, -+ V_ASN1_SEQUENCE, -+ V_ASN1_UNIVERSAL, IS_SEQUENCE) <= 0) -+ goto err; -+ } else { -+ OCSPerr(OCSP_F_ASN1_STRING_ENCODE, OCSP_R_BAD_DATA); -+ goto err; -+ } -+ if (!s && !(s = ASN1_STRING_new())) -+ goto err; -+ if (!(ASN1_STRING_set(s, b, i))) -+ goto err; -+ OPENSSL_free(b); -+ return s; -+ err: -+ if (b) -+ OPENSSL_free(b); -+ return NULL; -+} -+#endif - - /* Nonce handling functions */ - - /* -- * Add a nonce to an extension stack. A nonce can be specified or if NULL a -+ * Add a nonce to an extension stack. A nonce can be specificed or if NULL a - * random nonce will be generated. Note: OpenSSL 0.9.7d and later create an - * OCTET STRING containing the nonce, previous versions used the raw nonce. - */ -@@ -256,9 +354,6 @@ static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, - * relies on library internals. - */ - os.length = ASN1_object_size(0, len, V_ASN1_OCTET_STRING); -- if (os.length < 0) -- return 0; -- - os.data = OPENSSL_malloc(os.length); - if (os.data == NULL) - goto err; -@@ -273,7 +368,8 @@ static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, - goto err; - ret = 1; - err: -- OPENSSL_free(os.data); -+ if (os.data) -+ OPENSSL_free(os.data); - return ret; - } - -@@ -281,14 +377,14 @@ static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, - - int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len) - { -- return ocsp_add1_nonce(&req->tbsRequest.requestExtensions, val, len); -+ return ocsp_add1_nonce(&req->tbsRequest->requestExtensions, val, len); - } - - /* Same as above but for a response */ - - int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len) - { -- return ocsp_add1_nonce(&resp->tbsResponseData.responseExtensions, val, -+ return ocsp_add1_nonce(&resp->tbsResponseData->responseExtensions, val, - len); - } - -@@ -334,8 +430,7 @@ int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs) - */ - req_ext = OCSP_REQUEST_get_ext(req, req_idx); - resp_ext = OCSP_BASICRESP_get_ext(bs, resp_idx); -- if (ASN1_OCTET_STRING_cmp(X509_EXTENSION_get_data(req_ext), -- X509_EXTENSION_get_data(resp_ext))) -+ if (ASN1_OCTET_STRING_cmp(req_ext->value, resp_ext->value)) - return 0; - return 1; - } -@@ -357,34 +452,35 @@ int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req) - return OCSP_BASICRESP_add_ext(resp, req_ext, -1); - } - --X509_EXTENSION *OCSP_crlID_new(const char *url, long *n, char *tim) -+X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim) - { - X509_EXTENSION *x = NULL; - OCSP_CRLID *cid = NULL; - -- if ((cid = OCSP_CRLID_new()) == NULL) -+ if (!(cid = OCSP_CRLID_new())) - goto err; - if (url) { -- if ((cid->crlUrl = ASN1_IA5STRING_new()) == NULL) -+ if (!(cid->crlUrl = ASN1_IA5STRING_new())) - goto err; - if (!(ASN1_STRING_set(cid->crlUrl, url, -1))) - goto err; - } - if (n) { -- if ((cid->crlNum = ASN1_INTEGER_new()) == NULL) -+ if (!(cid->crlNum = ASN1_INTEGER_new())) - goto err; - if (!(ASN1_INTEGER_set(cid->crlNum, *n))) - goto err; - } - if (tim) { -- if ((cid->crlTime = ASN1_GENERALIZEDTIME_new()) == NULL) -+ if (!(cid->crlTime = ASN1_GENERALIZEDTIME_new())) - goto err; - if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim))) - goto err; - } - x = X509V3_EXT_i2d(NID_id_pkix_OCSP_CrlID, 0, cid); - err: -- OCSP_CRLID_free(cid); -+ if (cid) -+ OCSP_CRLID_free(cid); - return x; - } - -@@ -396,7 +492,7 @@ X509_EXTENSION *OCSP_accept_responses_new(char **oids) - ASN1_OBJECT *o = NULL; - X509_EXTENSION *x = NULL; - -- if ((sk = sk_ASN1_OBJECT_new_null()) == NULL) -+ if (!(sk = sk_ASN1_OBJECT_new_null())) - goto err; - while (oids && *oids) { - if ((nid = OBJ_txt2nid(*oids)) != NID_undef && (o = OBJ_nid2obj(nid))) -@@ -405,7 +501,8 @@ X509_EXTENSION *OCSP_accept_responses_new(char **oids) - } - x = X509V3_EXT_i2d(NID_id_pkix_OCSP_acceptableResponses, 0, sk); - err: -- sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free); -+ if (sk) -+ sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free); - return x; - } - -@@ -415,13 +512,14 @@ X509_EXTENSION *OCSP_archive_cutoff_new(char *tim) - X509_EXTENSION *x = NULL; - ASN1_GENERALIZEDTIME *gt = NULL; - -- if ((gt = ASN1_GENERALIZEDTIME_new()) == NULL) -+ if (!(gt = ASN1_GENERALIZEDTIME_new())) - goto err; - if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) - goto err; - x = X509V3_EXT_i2d(NID_id_pkix_OCSP_archiveCutoff, 0, gt); - err: -- ASN1_GENERALIZEDTIME_free(gt); -+ if (gt) -+ ASN1_GENERALIZEDTIME_free(gt); - return x; - } - -@@ -430,43 +528,39 @@ X509_EXTENSION *OCSP_archive_cutoff_new(char *tim) - * two--NID_ad_ocsp, NID_id_ad_caIssuers--and GeneralName value. This method - * forces NID_ad_ocsp and uniformResourceLocator [6] IA5String. - */ --X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, const char **urls) -+X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, char **urls) - { - X509_EXTENSION *x = NULL; - ASN1_IA5STRING *ia5 = NULL; - OCSP_SERVICELOC *sloc = NULL; - ACCESS_DESCRIPTION *ad = NULL; - -- if ((sloc = OCSP_SERVICELOC_new()) == NULL) -+ if (!(sloc = OCSP_SERVICELOC_new())) - goto err; -- if ((sloc->issuer = X509_NAME_dup(issuer)) == NULL) -+ if (!(sloc->issuer = X509_NAME_dup(issuer))) - goto err; -- if (urls && *urls -- && (sloc->locator = sk_ACCESS_DESCRIPTION_new_null()) == NULL) -+ if (urls && *urls && !(sloc->locator = sk_ACCESS_DESCRIPTION_new_null())) - goto err; - while (urls && *urls) { -- if ((ad = ACCESS_DESCRIPTION_new()) == NULL) -+ if (!(ad = ACCESS_DESCRIPTION_new())) - goto err; -- if ((ad->method = OBJ_nid2obj(NID_ad_OCSP)) == NULL) -+ if (!(ad->method = OBJ_nid2obj(NID_ad_OCSP))) - goto err; -- if ((ad->location = GENERAL_NAME_new()) == NULL) -+ if (!(ad->location = GENERAL_NAME_new())) - goto err; -- if ((ia5 = ASN1_IA5STRING_new()) == NULL) -+ if (!(ia5 = ASN1_IA5STRING_new())) - goto err; - if (!ASN1_STRING_set((ASN1_STRING *)ia5, *urls, -1)) - goto err; - ad->location->type = GEN_URI; - ad->location->d.ia5 = ia5; -- ia5 = NULL; - if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad)) - goto err; -- ad = NULL; - urls++; - } - x = X509V3_EXT_i2d(NID_id_pkix_OCSP_serviceLocator, 0, sloc); - err: -- ASN1_IA5STRING_free(ia5); -- ACCESS_DESCRIPTION_free(ad); -- OCSP_SERVICELOC_free(sloc); -+ if (sloc) -+ OCSP_SERVICELOC_free(sloc); - return x; - } -diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c -index 680edfa..88b26b3 100644 ---- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c -+++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c -@@ -1,10 +1,60 @@ -+/* ocsp_ht.c */ - /* -- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2006. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include -@@ -16,6 +66,9 @@ - #include - #include - #include -+#ifdef OPENSSL_SYS_SUNOS -+# define strtoul (unsigned long)strtol -+#endif /* OPENSSL_SYS_SUNOS */ - - /* Stateful OCSP request code, supporting non-blocking I/O */ - -@@ -63,20 +116,21 @@ static int parse_http_line1(char *line); - - OCSP_REQ_CTX *OCSP_REQ_CTX_new(BIO *io, int maxline) - { -- OCSP_REQ_CTX *rctx = OPENSSL_zalloc(sizeof(*rctx)); -- -- if (rctx == NULL) -+ OCSP_REQ_CTX *rctx; -+ rctx = OPENSSL_malloc(sizeof(OCSP_REQ_CTX)); -+ if (!rctx) - return NULL; - rctx->state = OHS_ERROR; - rctx->max_resp_len = OCSP_MAX_RESP_LENGTH; - rctx->mem = BIO_new(BIO_s_mem()); - rctx->io = io; -+ rctx->asn1_len = 0; - if (maxline > 0) - rctx->iobuflen = maxline; - else - rctx->iobuflen = OCSP_MAX_LINE_LEN; - rctx->iobuf = OPENSSL_malloc(rctx->iobuflen); -- if (rctx->iobuf == NULL || rctx->mem == NULL) { -+ if (!rctx->iobuf || !rctx->mem) { - OCSP_REQ_CTX_free(rctx); - return NULL; - } -@@ -85,10 +139,10 @@ OCSP_REQ_CTX *OCSP_REQ_CTX_new(BIO *io, int maxline) - - void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx) - { -- if (!rctx) -- return; -- BIO_free(rctx->mem); -- OPENSSL_free(rctx->iobuf); -+ if (rctx->mem) -+ BIO_free(rctx->mem); -+ if (rctx->iobuf) -+ OPENSSL_free(rctx->iobuf); - OPENSSL_free(rctx); - } - -@@ -182,7 +236,7 @@ OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req, - - OCSP_REQ_CTX *rctx = NULL; - rctx = OCSP_REQ_CTX_new(io, maxline); -- if (rctx == NULL) -+ if (!rctx) - return NULL; - - if (!OCSP_REQ_CTX_http(rctx, "POST", path)) -@@ -457,6 +511,8 @@ int OCSP_REQ_CTX_nbio(OCSP_REQ_CTX *rctx) - rctx->state = OHS_DONE; - return 1; - -+ break; -+ - case OHS_DONE: - return 1; - -@@ -483,7 +539,7 @@ OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req) - - ctx = OCSP_sendreq_new(b, path, req, -1); - -- if (ctx == NULL) -+ if (!ctx) - return NULL; - - do { -diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lcl.h b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lcl.h -deleted file mode 100644 -index f93a268..0000000 ---- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lcl.h -+++ /dev/null -@@ -1,216 +0,0 @@ --/* -- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --/*- CertID ::= SEQUENCE { -- * hashAlgorithm AlgorithmIdentifier, -- * issuerNameHash OCTET STRING, -- Hash of Issuer's DN -- * issuerKeyHash OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields) -- * serialNumber CertificateSerialNumber } -- */ --struct ocsp_cert_id_st { -- X509_ALGOR hashAlgorithm; -- ASN1_OCTET_STRING issuerNameHash; -- ASN1_OCTET_STRING issuerKeyHash; -- ASN1_INTEGER serialNumber; --}; -- --/*- Request ::= SEQUENCE { -- * reqCert CertID, -- * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } -- */ --struct ocsp_one_request_st { -- OCSP_CERTID *reqCert; -- STACK_OF(X509_EXTENSION) *singleRequestExtensions; --}; -- --/*- TBSRequest ::= SEQUENCE { -- * version [0] EXPLICIT Version DEFAULT v1, -- * requestorName [1] EXPLICIT GeneralName OPTIONAL, -- * requestList SEQUENCE OF Request, -- * requestExtensions [2] EXPLICIT Extensions OPTIONAL } -- */ --struct ocsp_req_info_st { -- ASN1_INTEGER *version; -- GENERAL_NAME *requestorName; -- STACK_OF(OCSP_ONEREQ) *requestList; -- STACK_OF(X509_EXTENSION) *requestExtensions; --}; -- --/*- Signature ::= SEQUENCE { -- * signatureAlgorithm AlgorithmIdentifier, -- * signature BIT STRING, -- * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } -- */ --struct ocsp_signature_st { -- X509_ALGOR signatureAlgorithm; -- ASN1_BIT_STRING *signature; -- STACK_OF(X509) *certs; --}; -- --/*- OCSPRequest ::= SEQUENCE { -- * tbsRequest TBSRequest, -- * optionalSignature [0] EXPLICIT Signature OPTIONAL } -- */ --struct ocsp_request_st { -- OCSP_REQINFO tbsRequest; -- OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */ --}; -- --/*- OCSPResponseStatus ::= ENUMERATED { -- * successful (0), --Response has valid confirmations -- * malformedRequest (1), --Illegal confirmation request -- * internalError (2), --Internal error in issuer -- * tryLater (3), --Try again later -- * --(4) is not used -- * sigRequired (5), --Must sign the request -- * unauthorized (6) --Request unauthorized -- * } -- */ -- --/*- ResponseBytes ::= SEQUENCE { -- * responseType OBJECT IDENTIFIER, -- * response OCTET STRING } -- */ --struct ocsp_resp_bytes_st { -- ASN1_OBJECT *responseType; -- ASN1_OCTET_STRING *response; --}; -- --/*- OCSPResponse ::= SEQUENCE { -- * responseStatus OCSPResponseStatus, -- * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } -- */ --struct ocsp_response_st { -- ASN1_ENUMERATED *responseStatus; -- OCSP_RESPBYTES *responseBytes; --}; -- --/*- ResponderID ::= CHOICE { -- * byName [1] Name, -- * byKey [2] KeyHash } -- */ --struct ocsp_responder_id_st { -- int type; -- union { -- X509_NAME *byName; -- ASN1_OCTET_STRING *byKey; -- } value; --}; -- --/*- KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key -- * --(excluding the tag and length fields) -- */ -- --/*- RevokedInfo ::= SEQUENCE { -- * revocationTime GeneralizedTime, -- * revocationReason [0] EXPLICIT CRLReason OPTIONAL } -- */ --struct ocsp_revoked_info_st { -- ASN1_GENERALIZEDTIME *revocationTime; -- ASN1_ENUMERATED *revocationReason; --}; -- --/*- CertStatus ::= CHOICE { -- * good [0] IMPLICIT NULL, -- * revoked [1] IMPLICIT RevokedInfo, -- * unknown [2] IMPLICIT UnknownInfo } -- */ --struct ocsp_cert_status_st { -- int type; -- union { -- ASN1_NULL *good; -- OCSP_REVOKEDINFO *revoked; -- ASN1_NULL *unknown; -- } value; --}; -- --/*- SingleResponse ::= SEQUENCE { -- * certID CertID, -- * certStatus CertStatus, -- * thisUpdate GeneralizedTime, -- * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, -- * singleExtensions [1] EXPLICIT Extensions OPTIONAL } -- */ --struct ocsp_single_response_st { -- OCSP_CERTID *certId; -- OCSP_CERTSTATUS *certStatus; -- ASN1_GENERALIZEDTIME *thisUpdate; -- ASN1_GENERALIZEDTIME *nextUpdate; -- STACK_OF(X509_EXTENSION) *singleExtensions; --}; -- --/*- ResponseData ::= SEQUENCE { -- * version [0] EXPLICIT Version DEFAULT v1, -- * responderID ResponderID, -- * producedAt GeneralizedTime, -- * responses SEQUENCE OF SingleResponse, -- * responseExtensions [1] EXPLICIT Extensions OPTIONAL } -- */ --struct ocsp_response_data_st { -- ASN1_INTEGER *version; -- OCSP_RESPID responderId; -- ASN1_GENERALIZEDTIME *producedAt; -- STACK_OF(OCSP_SINGLERESP) *responses; -- STACK_OF(X509_EXTENSION) *responseExtensions; --}; -- --/*- BasicOCSPResponse ::= SEQUENCE { -- * tbsResponseData ResponseData, -- * signatureAlgorithm AlgorithmIdentifier, -- * signature BIT STRING, -- * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } -- */ -- /* -- * Note 1: The value for "signature" is specified in the OCSP rfc2560 as -- * follows: "The value for the signature SHALL be computed on the hash of -- * the DER encoding ResponseData." This means that you must hash the -- * DER-encoded tbsResponseData, and then run it through a crypto-signing -- * function, which will (at least w/RSA) do a hash-'n'-private-encrypt -- * operation. This seems a bit odd, but that's the spec. Also note that -- * the data structures do not leave anywhere to independently specify the -- * algorithm used for the initial hash. So, we look at the -- * signature-specification algorithm, and try to do something intelligent. -- * -- Kathy Weinhold, CertCo -- */ -- /* -- * Note 2: It seems that the mentioned passage from RFC 2560 (section -- * 4.2.1) is open for interpretation. I've done tests against another -- * responder, and found that it doesn't do the double hashing that the RFC -- * seems to say one should. Therefore, all relevant functions take a flag -- * saying which variant should be used. -- Richard Levitte, OpenSSL team -- * and CeloCom -- */ --struct ocsp_basic_response_st { -- OCSP_RESPDATA tbsResponseData; -- X509_ALGOR signatureAlgorithm; -- ASN1_BIT_STRING *signature; -- STACK_OF(X509) *certs; --}; -- --/*- -- * CrlID ::= SEQUENCE { -- * crlUrl [0] EXPLICIT IA5String OPTIONAL, -- * crlNum [1] EXPLICIT INTEGER OPTIONAL, -- * crlTime [2] EXPLICIT GeneralizedTime OPTIONAL } -- */ --struct ocsp_crl_id_st { -- ASN1_IA5STRING *crlUrl; -- ASN1_INTEGER *crlNum; -- ASN1_GENERALIZEDTIME *crlTime; --}; -- --/*- -- * ServiceLocator ::= SEQUENCE { -- * issuer Name, -- * locator AuthorityInfoAccessSyntax OPTIONAL } -- */ --struct ocsp_service_locator_st { -- X509_NAME *issuer; -- STACK_OF(ACCESS_DESCRIPTION) *locator; --}; -diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c -index 8edd70a..ff781e5 100644 ---- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c -+++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c -@@ -1,35 +1,93 @@ -+/* ocsp_lib.c */ - /* -- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Tom Titchener for the OpenSSL -+ * project. -+ */ -+ -+/* -+ * History: This file was transfered to Richard Levitte from CertCo by Kathy -+ * Weinhold in mid-spring 2000 to be included in OpenSSL or released as a -+ * patch kit. -+ */ -+ -+/* ==================================================================== -+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include - #include -+#include - #include - #include - #include - #include --#include "ocsp_lcl.h" - #include - - /* Convert a certificate and its issuer to an OCSP_CERTID */ - --OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject, -- const X509 *issuer) -+OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer) - { - X509_NAME *iname; -- const ASN1_INTEGER *serial; -+ ASN1_INTEGER *serial; - ASN1_BIT_STRING *ikey; -+#ifndef OPENSSL_NO_SHA1 - if (!dgst) - dgst = EVP_sha1(); -+#endif - if (subject) { - iname = X509_get_issuer_name(subject); -- serial = X509_get0_serialNumber(subject); -+ serial = X509_get_serialNumber(subject); - } else { - iname = X509_get_subject_name(issuer); - serial = NULL; -@@ -39,9 +97,9 @@ OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject, - } - - OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, -- const X509_NAME *issuerName, -- const ASN1_BIT_STRING *issuerKey, -- const ASN1_INTEGER *serialNumber) -+ X509_NAME *issuerName, -+ ASN1_BIT_STRING *issuerKey, -+ ASN1_INTEGER *serialNumber) - { - int nid; - unsigned int i; -@@ -49,16 +107,17 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, - OCSP_CERTID *cid = NULL; - unsigned char md[EVP_MAX_MD_SIZE]; - -- if ((cid = OCSP_CERTID_new()) == NULL) -+ if (!(cid = OCSP_CERTID_new())) - goto err; - -- alg = &cid->hashAlgorithm; -- ASN1_OBJECT_free(alg->algorithm); -+ alg = cid->hashAlgorithm; -+ if (alg->algorithm != NULL) -+ ASN1_OBJECT_free(alg->algorithm); - if ((nid = EVP_MD_type(dgst)) == NID_undef) { - OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_UNKNOWN_NID); - goto err; - } -- if ((alg->algorithm = OBJ_nid2obj(nid)) == NULL) -+ if (!(alg->algorithm = OBJ_nid2obj(nid))) - goto err; - if ((alg->parameter = ASN1_TYPE_new()) == NULL) - goto err; -@@ -66,38 +125,40 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, - - if (!X509_NAME_digest(issuerName, dgst, md, &i)) - goto digerr; -- if (!(ASN1_OCTET_STRING_set(&cid->issuerNameHash, md, i))) -+ if (!(ASN1_OCTET_STRING_set(cid->issuerNameHash, md, i))) - goto err; - - /* Calculate the issuerKey hash, excluding tag and length */ - if (!EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL)) - goto err; - -- if (!(ASN1_OCTET_STRING_set(&cid->issuerKeyHash, md, i))) -+ if (!(ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i))) - goto err; - - if (serialNumber) { -- if (ASN1_STRING_copy(&cid->serialNumber, serialNumber) == 0) -+ ASN1_INTEGER_free(cid->serialNumber); -+ if (!(cid->serialNumber = ASN1_INTEGER_dup(serialNumber))) - goto err; - } - return cid; - digerr: - OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_DIGEST_ERR); - err: -- OCSP_CERTID_free(cid); -+ if (cid) -+ OCSP_CERTID_free(cid); - return NULL; - } - - int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b) - { - int ret; -- ret = OBJ_cmp(a->hashAlgorithm.algorithm, b->hashAlgorithm.algorithm); -+ ret = OBJ_cmp(a->hashAlgorithm->algorithm, b->hashAlgorithm->algorithm); - if (ret) - return ret; -- ret = ASN1_OCTET_STRING_cmp(&a->issuerNameHash, &b->issuerNameHash); -+ ret = ASN1_OCTET_STRING_cmp(a->issuerNameHash, b->issuerNameHash); - if (ret) - return ret; -- return ASN1_OCTET_STRING_cmp(&a->issuerKeyHash, &b->issuerKeyHash); -+ return ASN1_OCTET_STRING_cmp(a->issuerKeyHash, b->issuerKeyHash); - } - - int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b) -@@ -106,7 +167,7 @@ int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b) - ret = OCSP_id_issuer_cmp(a, b); - if (ret) - return ret; -- return ASN1_INTEGER_cmp(&a->serialNumber, &b->serialNumber); -+ return ASN1_INTEGER_cmp(a->serialNumber, b->serialNumber); - } - - /* -@@ -126,7 +187,7 @@ int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath, - *ppath = NULL; - - /* dup the buffer since we are going to mess with it */ -- buf = OPENSSL_strdup(url); -+ buf = BUF_strdup(url); - if (!buf) - goto mem_err; - -@@ -138,10 +199,10 @@ int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath, - - *(p++) = '\0'; - -- if (strcmp(buf, "http") == 0) { -+ if (!strcmp(buf, "http")) { - *pssl = 0; - port = "80"; -- } else if (strcmp(buf, "https") == 0) { -+ } else if (!strcmp(buf, "https")) { - *pssl = 1; - port = "443"; - } else -@@ -160,9 +221,9 @@ int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath, - p = strchr(p, '/'); - - if (!p) -- *ppath = OPENSSL_strdup("/"); -+ *ppath = BUF_strdup("/"); - else { -- *ppath = OPENSSL_strdup(p); -+ *ppath = BUF_strdup(p); - /* Set start of path to 0 so hostname is valid */ - *p = '\0'; - } -@@ -187,11 +248,11 @@ int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath, - port = p + 1; - } - -- *pport = OPENSSL_strdup(port); -+ *pport = BUF_strdup(port); - if (!*pport) - goto mem_err; - -- *phost = OPENSSL_strdup(host); -+ *phost = BUF_strdup(host); - - if (!*phost) - goto mem_err; -@@ -208,13 +269,20 @@ int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath, - OCSPerr(OCSP_F_OCSP_PARSE_URL, OCSP_R_ERROR_PARSING_URL); - - err: -- OPENSSL_free(buf); -- OPENSSL_free(*ppath); -- *ppath = NULL; -- OPENSSL_free(*pport); -- *pport = NULL; -- OPENSSL_free(*phost); -- *phost = NULL; -+ if (buf) -+ OPENSSL_free(buf); -+ if (*ppath) { -+ OPENSSL_free(*ppath); -+ *ppath = NULL; -+ } -+ if (*pport) { -+ OPENSSL_free(*pport); -+ *pport = NULL; -+ } -+ if (*phost) { -+ OPENSSL_free(*phost); -+ *phost = NULL; -+ } - return 0; - - } -diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c -index 5605812..47d5f83 100644 ---- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c -+++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c -@@ -1,17 +1,72 @@ -+/* ocsp_prn.c */ - /* -- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Tom Titchener for the OpenSSL -+ * project. -+ */ -+ -+/* -+ * History: This file was originally part of ocsp.c and was transfered to -+ * Richard Levitte from CertCo by Kathy Weinhold in mid-spring 2000 to be -+ * included in OpenSSL or released as a patch kit. -+ */ -+ -+/* ==================================================================== -+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include - #include - #include --#include "ocsp_lcl.h" --#include "internal/cryptlib.h" - #include - - static int ocsp_certid_print(BIO *bp, OCSP_CERTID *a, int indent) -@@ -19,13 +74,13 @@ static int ocsp_certid_print(BIO *bp, OCSP_CERTID *a, int indent) - BIO_printf(bp, "%*sCertificate ID:\n", indent, ""); - indent += 2; - BIO_printf(bp, "%*sHash Algorithm: ", indent, ""); -- i2a_ASN1_OBJECT(bp, a->hashAlgorithm.algorithm); -+ i2a_ASN1_OBJECT(bp, a->hashAlgorithm->algorithm); - BIO_printf(bp, "\n%*sIssuer Name Hash: ", indent, ""); -- i2a_ASN1_STRING(bp, &a->issuerNameHash, 0); -+ i2a_ASN1_STRING(bp, a->issuerNameHash, V_ASN1_OCTET_STRING); - BIO_printf(bp, "\n%*sIssuer Key Hash: ", indent, ""); -- i2a_ASN1_STRING(bp, &a->issuerKeyHash, 0); -+ i2a_ASN1_STRING(bp, a->issuerKeyHash, V_ASN1_OCTET_STRING); - BIO_printf(bp, "\n%*sSerial Number: ", indent, ""); -- i2a_ASN1_INTEGER(bp, &a->serialNumber); -+ i2a_ASN1_INTEGER(bp, a->serialNumber); - BIO_printf(bp, "\n"); - return 1; - } -@@ -35,17 +90,15 @@ typedef struct { - const char *m; - } OCSP_TBLSTR; - --static const char *do_table2string(long s, const OCSP_TBLSTR *ts, size_t len) -+static const char *table2string(long s, const OCSP_TBLSTR *ts, int len) - { -- size_t i; -- for (i = 0; i < len; i++, ts++) -- if (ts->t == s) -- return ts->m; -+ const OCSP_TBLSTR *p; -+ for (p = ts; p < ts + len; p++) -+ if (p->t == s) -+ return p->m; - return "(UNKNOWN)"; - } - --#define table2string(s, tbl) do_table2string(s, tbl, OSSL_NELEM(tbl)) -- - const char *OCSP_response_status_str(long s) - { - static const OCSP_TBLSTR rstat_tbl[] = { -@@ -56,7 +109,7 @@ const char *OCSP_response_status_str(long s) - {OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired"}, - {OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized"} - }; -- return table2string(s, rstat_tbl); -+ return table2string(s, rstat_tbl, 6); - } - - const char *OCSP_cert_status_str(long s) -@@ -66,7 +119,7 @@ const char *OCSP_cert_status_str(long s) - {V_OCSP_CERTSTATUS_REVOKED, "revoked"}, - {V_OCSP_CERTSTATUS_UNKNOWN, "unknown"} - }; -- return table2string(s, cstat_tbl); -+ return table2string(s, cstat_tbl, 3); - } - - const char *OCSP_crl_reason_str(long s) -@@ -81,7 +134,7 @@ const char *OCSP_crl_reason_str(long s) - {OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold"}, - {OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL"} - }; -- return table2string(s, reason_tbl); -+ return table2string(s, reason_tbl, 8); - } - - int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *o, unsigned long flags) -@@ -90,7 +143,7 @@ int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *o, unsigned long flags) - long l; - OCSP_CERTID *cid = NULL; - OCSP_ONEREQ *one = NULL; -- OCSP_REQINFO *inf = &o->tbsRequest; -+ OCSP_REQINFO *inf = o->tbsRequest; - OCSP_SIGNATURE *sig = o->optionalSignature; - - if (BIO_write(bp, "OCSP Request Data:\n", 19) <= 0) -@@ -118,7 +171,7 @@ int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *o, unsigned long flags) - inf->requestExtensions, flags, 4)) - goto err; - if (sig) { -- X509_signature_print(bp, &sig->signatureAlgorithm, sig->signature); -+ X509_signature_print(bp, sig->signatureAlgorithm, sig->signature); - for (i = 0; i < sk_X509_num(sig->certs); i++) { - X509_print(bp, sk_X509_value(sig->certs, i)); - PEM_write_bio_X509(bp, sk_X509_value(sig->certs, i)); -@@ -161,20 +214,20 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags) - - if ((br = OCSP_response_get1_basic(o)) == NULL) - goto err; -- rd = &br->tbsResponseData; -+ rd = br->tbsResponseData; - l = ASN1_INTEGER_get(rd->version); - if (BIO_printf(bp, "\n Version: %lu (0x%lx)\n", l + 1, l) <= 0) - goto err; - if (BIO_puts(bp, " Responder Id: ") <= 0) - goto err; - -- rid = &rd->responderId; -+ rid = rd->responderId; - switch (rid->type) { - case V_OCSP_RESPID_NAME: - X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE); - break; - case V_OCSP_RESPID_KEY: -- i2a_ASN1_STRING(bp, rid->value.byKey, 0); -+ i2a_ASN1_STRING(bp, rid->value.byKey, V_ASN1_OCTET_STRING); - break; - } - -@@ -231,7 +284,7 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags) - if (!X509V3_extensions_print(bp, "Response Extensions", - rd->responseExtensions, flags, 4)) - goto err; -- if (X509_signature_print(bp, &br->signatureAlgorithm, br->signature) <= 0) -+ if (X509_signature_print(bp, br->signatureAlgorithm, br->signature) <= 0) - goto err; - - for (i = 0; i < sk_X509_num(br->certs); i++) { -diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_srv.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_srv.c -index 46a4bf7..2ec2c63 100644 ---- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_srv.c -+++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_srv.c -@@ -1,20 +1,70 @@ -+/* ocsp_srv.c */ - /* -- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2001. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include - #include -+#include - #include - #include - #include - #include --#include "ocsp_lcl.h" - - /* - * Utility functions related to sending OCSP responses and extracting -@@ -23,12 +73,12 @@ - - int OCSP_request_onereq_count(OCSP_REQUEST *req) - { -- return sk_OCSP_ONEREQ_num(req->tbsRequest.requestList); -+ return sk_OCSP_ONEREQ_num(req->tbsRequest->requestList); - } - - OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i) - { -- return sk_OCSP_ONEREQ_value(req->tbsRequest.requestList, i); -+ return sk_OCSP_ONEREQ_value(req->tbsRequest->requestList, i); - } - - OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one) -@@ -43,13 +93,13 @@ int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, - if (!cid) - return 0; - if (pmd) -- *pmd = cid->hashAlgorithm.algorithm; -+ *pmd = cid->hashAlgorithm->algorithm; - if (piNameHash) -- *piNameHash = &cid->issuerNameHash; -+ *piNameHash = cid->issuerNameHash; - if (pikeyHash) -- *pikeyHash = &cid->issuerKeyHash; -+ *pikeyHash = cid->issuerKeyHash; - if (pserial) -- *pserial = &cid->serialNumber; -+ *pserial = cid->serialNumber; - return 1; - } - -@@ -65,13 +115,13 @@ OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs) - { - OCSP_RESPONSE *rsp = NULL; - -- if ((rsp = OCSP_RESPONSE_new()) == NULL) -+ if (!(rsp = OCSP_RESPONSE_new())) - goto err; - if (!(ASN1_ENUMERATED_set(rsp->responseStatus, status))) - goto err; - if (!bs) - return rsp; -- if ((rsp->responseBytes = OCSP_RESPBYTES_new()) == NULL) -+ if (!(rsp->responseBytes = OCSP_RESPBYTES_new())) - goto err; - rsp->responseBytes->responseType = OBJ_nid2obj(NID_id_pkix_OCSP_basic); - if (!ASN1_item_pack -@@ -79,7 +129,8 @@ OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs) - goto err; - return rsp; - err: -- OCSP_RESPONSE_free(rsp); -+ if (rsp) -+ OCSP_RESPONSE_free(rsp); - return NULL; - } - -@@ -94,12 +145,11 @@ OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, - OCSP_CERTSTATUS *cs; - OCSP_REVOKEDINFO *ri; - -- if (rsp->tbsResponseData.responses == NULL -- && (rsp->tbsResponseData.responses -- = sk_OCSP_SINGLERESP_new_null()) == NULL) -+ if (!rsp->tbsResponseData->responses && -+ !(rsp->tbsResponseData->responses = sk_OCSP_SINGLERESP_new_null())) - goto err; - -- if ((single = OCSP_SINGLERESP_new()) == NULL) -+ if (!(single = OCSP_SINGLERESP_new())) - goto err; - - if (!ASN1_TIME_to_generalizedtime(thisupd, &single->thisUpdate)) -@@ -110,7 +160,7 @@ OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, - - OCSP_CERTID_free(single->certId); - -- if ((single->certId = OCSP_CERTID_dup(cid)) == NULL) -+ if (!(single->certId = OCSP_CERTID_dup(cid))) - goto err; - - cs = single->certStatus; -@@ -120,12 +170,12 @@ OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, - OCSPerr(OCSP_F_OCSP_BASIC_ADD1_STATUS, OCSP_R_NO_REVOKED_TIME); - goto err; - } -- if ((cs->value.revoked = ri = OCSP_REVOKEDINFO_new()) == NULL) -+ if (!(cs->value.revoked = ri = OCSP_REVOKEDINFO_new())) - goto err; - if (!ASN1_TIME_to_generalizedtime(revtime, &ri->revocationTime)) - goto err; - if (reason != OCSP_REVOKED_STATUS_NOSTATUS) { -- if ((ri->revocationReason = ASN1_ENUMERATED_new()) == NULL) -+ if (!(ri->revocationReason = ASN1_ENUMERATED_new())) - goto err; - if (!(ASN1_ENUMERATED_set(ri->revocationReason, reason))) - goto err; -@@ -133,20 +183,18 @@ OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, - break; - - case V_OCSP_CERTSTATUS_GOOD: -- if ((cs->value.good = ASN1_NULL_new()) == NULL) -- goto err; -+ cs->value.good = ASN1_NULL_new(); - break; - - case V_OCSP_CERTSTATUS_UNKNOWN: -- if ((cs->value.unknown = ASN1_NULL_new()) == NULL) -- goto err; -+ cs->value.unknown = ASN1_NULL_new(); - break; - - default: - goto err; - - } -- if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData.responses, single))) -+ if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData->responses, single))) - goto err; - return single; - err: -@@ -158,13 +206,12 @@ OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, - - int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert) - { -- if (resp->certs == NULL -- && (resp->certs = sk_X509_new_null()) == NULL) -+ if (!resp->certs && !(resp->certs = sk_X509_new_null())) - return 0; - - if (!sk_X509_push(resp->certs, cert)) - return 0; -- X509_up_ref(cert); -+ CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); - return 1; - } - -@@ -191,16 +238,23 @@ int OCSP_basic_sign(OCSP_BASICRESP *brsp, - } - } - -- rid = &brsp->tbsResponseData.responderId; -+ rid = brsp->tbsResponseData->responderId; - if (flags & OCSP_RESPID_KEY) { -- if (!OCSP_RESPID_set_by_key(rid, signer)) -+ unsigned char md[SHA_DIGEST_LENGTH]; -+ X509_pubkey_digest(signer, EVP_sha1(), md, NULL); -+ if (!(rid->value.byKey = ASN1_OCTET_STRING_new())) - goto err; -- } else if (!OCSP_RESPID_set_by_name(rid, signer)) { -- goto err; -+ if (!(ASN1_OCTET_STRING_set(rid->value.byKey, md, SHA_DIGEST_LENGTH))) -+ goto err; -+ rid->type = V_OCSP_RESPID_KEY; -+ } else { -+ if (!X509_NAME_set(&rid->value.byName, X509_get_subject_name(signer))) -+ goto err; -+ rid->type = V_OCSP_RESPID_NAME; - } - - if (!(flags & OCSP_NOTIME) && -- !X509_gmtime_adj(brsp->tbsResponseData.producedAt, 0)) -+ !X509_gmtime_adj(brsp->tbsResponseData->producedAt, 0)) - goto err; - - /* -@@ -215,63 +269,3 @@ int OCSP_basic_sign(OCSP_BASICRESP *brsp, - err: - return 0; - } -- --int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert) --{ -- if (!X509_NAME_set(&respid->value.byName, X509_get_subject_name(cert))) -- return 0; -- -- respid->type = V_OCSP_RESPID_NAME; -- -- return 1; --} -- --int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert) --{ -- ASN1_OCTET_STRING *byKey = NULL; -- unsigned char md[SHA_DIGEST_LENGTH]; -- -- /* RFC2560 requires SHA1 */ -- if (!X509_pubkey_digest(cert, EVP_sha1(), md, NULL)) -- return 0; -- -- byKey = ASN1_OCTET_STRING_new(); -- if (byKey == NULL) -- return 0; -- -- if (!(ASN1_OCTET_STRING_set(byKey, md, SHA_DIGEST_LENGTH))) { -- ASN1_OCTET_STRING_free(byKey); -- return 0; -- } -- -- respid->type = V_OCSP_RESPID_KEY; -- respid->value.byKey = byKey; -- -- return 1; --} -- --int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert) --{ -- if (respid->type == V_OCSP_RESPID_KEY) { -- unsigned char md[SHA_DIGEST_LENGTH]; -- -- if (respid->value.byKey == NULL) -- return 0; -- -- /* RFC2560 requires SHA1 */ -- if (!X509_pubkey_digest(cert, EVP_sha1(), md, NULL)) -- return 0; -- -- return (ASN1_STRING_length(respid->value.byKey) == SHA_DIGEST_LENGTH) -- && (memcmp(ASN1_STRING_get0_data(respid->value.byKey), md, -- SHA_DIGEST_LENGTH) == 0); -- } else if(respid->type == V_OCSP_RESPID_NAME) { -- if (respid->value.byName == NULL) -- return 0; -- -- return X509_NAME_cmp(respid->value.byName, -- X509_get_subject_name(cert)) == 0; -- } -- -- return 0; --} -diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c -index e2cfa6d..d4a257c 100644 ---- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c -+++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c -@@ -1,29 +1,80 @@ -+/* ocsp_vfy.c */ - /* -- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2000. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "ocsp_lcl.h" - #include - #include - - static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, -- STACK_OF(X509) *certs, unsigned long flags); -+ STACK_OF(X509) *certs, X509_STORE *st, -+ unsigned long flags); - static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id); --static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain); -+static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, -+ unsigned long flags); - static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, - OCSP_CERTID **ret); - static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, - STACK_OF(OCSP_SINGLERESP) *sresp); --static int ocsp_check_delegated(X509 *x); -+static int ocsp_check_delegated(X509 *x, int flags); - static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, - X509_NAME *nm, STACK_OF(X509) *certs, -- unsigned long flags); -+ X509_STORE *st, unsigned long flags); - - /* Verify a basic response message */ - -@@ -33,30 +84,24 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, - X509 *signer, *x; - STACK_OF(X509) *chain = NULL; - STACK_OF(X509) *untrusted = NULL; -- X509_STORE_CTX *ctx = NULL; -- int i, ret = ocsp_find_signer(&signer, bs, certs, flags); -- -+ X509_STORE_CTX ctx; -+ int i, ret = 0; -+ ret = ocsp_find_signer(&signer, bs, certs, st, flags); - if (!ret) { - OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, - OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND); - goto end; - } -- ctx = X509_STORE_CTX_new(); -- if (ctx == NULL) { -- OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_MALLOC_FAILURE); -- goto f_err; -- } - if ((ret == 2) && (flags & OCSP_TRUSTOTHER)) - flags |= OCSP_NOVERIFY; - if (!(flags & OCSP_NOSIGS)) { - EVP_PKEY *skey; -- skey = X509_get0_pubkey(signer); -- if (skey == NULL) { -- OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_NO_SIGNER_KEY); -- goto err; -+ skey = X509_get_pubkey(signer); -+ if (skey) { -+ ret = OCSP_BASICRESP_verify(bs, skey, 0); -+ EVP_PKEY_free(skey); - } -- ret = OCSP_BASICRESP_verify(bs, skey, 0); -- if (ret <= 0) { -+ if (!skey || ret <= 0) { - OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE); - goto end; - } -@@ -70,23 +115,25 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, - for (i = 0; i < sk_X509_num(certs); i++) { - if (!sk_X509_push(untrusted, sk_X509_value(certs, i))) { - OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_MALLOC_FAILURE); -- goto f_err; -+ goto end; - } - } - } else { - untrusted = bs->certs; - } -- init_res = X509_STORE_CTX_init(ctx, st, signer, untrusted); -+ init_res = X509_STORE_CTX_init(&ctx, st, signer, untrusted); - if (!init_res) { -+ ret = -1; - OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_X509_LIB); -- goto f_err; -+ goto end; - } - -- X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_OCSP_HELPER); -- ret = X509_verify_cert(ctx); -- chain = X509_STORE_CTX_get1_chain(ctx); -+ X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER); -+ ret = X509_verify_cert(&ctx); -+ chain = X509_STORE_CTX_get1_chain(&ctx); -+ X509_STORE_CTX_cleanup(&ctx); - if (ret <= 0) { -- i = X509_STORE_CTX_get_error(ctx); -+ i = X509_STORE_CTX_get_error(&ctx); - OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, - OCSP_R_CERTIFICATE_VERIFY_ERROR); - ERR_add_error_data(2, "Verify error:", -@@ -101,7 +148,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, - * At this point we have a valid certificate chain need to verify it - * against the OCSP issuer criteria. - */ -- ret = ocsp_check_issuer(bs, chain); -+ ret = ocsp_check_issuer(bs, chain, flags); - - /* If fatal error or valid match then finish */ - if (ret != 0) -@@ -117,30 +164,25 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, - x = sk_X509_value(chain, sk_X509_num(chain) - 1); - if (X509_check_trust(x, NID_OCSP_sign, 0) != X509_TRUST_TRUSTED) { - OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_ROOT_CA_NOT_TRUSTED); -- goto err; -+ goto end; - } - ret = 1; - } -+ - end: -- X509_STORE_CTX_free(ctx); -- sk_X509_pop_free(chain, X509_free); -+ if (chain) -+ sk_X509_pop_free(chain, X509_free); - if (bs->certs && certs) - sk_X509_free(untrusted); - return ret; -- -- err: -- ret = 0; -- goto end; -- f_err: -- ret = -1; -- goto end; - } - - static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, -- STACK_OF(X509) *certs, unsigned long flags) -+ STACK_OF(X509) *certs, X509_STORE *st, -+ unsigned long flags) - { - X509 *signer; -- OCSP_RESPID *rid = &bs->tbsResponseData.responderId; -+ OCSP_RESPID *rid = bs->tbsResponseData->responderId; - if ((signer = ocsp_find_signer_sk(certs, rid))) { - *psigner = signer; - return 2; -@@ -182,13 +224,14 @@ static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id) - return NULL; - } - --static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain) -+static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, -+ unsigned long flags) - { - STACK_OF(OCSP_SINGLERESP) *sresp; - X509 *signer, *sca; - OCSP_CERTID *caid = NULL; - int i; -- sresp = bs->tbsResponseData.responses; -+ sresp = bs->tbsResponseData->responses; - - if (sk_X509_num(chain) <= 0) { - OCSPerr(OCSP_F_OCSP_CHECK_ISSUER, OCSP_R_NO_CERTIFICATES_IN_CHAIN); -@@ -211,7 +254,7 @@ static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain) - return i; - if (i) { - /* We have a match, if extensions OK then success */ -- if (ocsp_check_delegated(signer)) -+ if (ocsp_check_delegated(signer, flags)) - return 1; - return 0; - } -@@ -248,9 +291,9 @@ static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret) - tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId; - /* Check to see if IDs match */ - if (OCSP_id_issuer_cmp(cid, tmpid)) { -- /* If algorithm mismatch let caller deal with it */ -- if (OBJ_cmp(tmpid->hashAlgorithm.algorithm, -- cid->hashAlgorithm.algorithm)) -+ /* If algoritm mismatch let caller deal with it */ -+ if (OBJ_cmp(tmpid->hashAlgorithm->algorithm, -+ cid->hashAlgorithm->algorithm)) - return 2; - /* Else mismatch */ - return 0; -@@ -271,8 +314,7 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, - X509_NAME *iname; - int mdlen; - unsigned char md[EVP_MAX_MD_SIZE]; -- if ((dgst = EVP_get_digestbyobj(cid->hashAlgorithm.algorithm)) -- == NULL) { -+ if (!(dgst = EVP_get_digestbyobj(cid->hashAlgorithm->algorithm))) { - OCSPerr(OCSP_F_OCSP_MATCH_ISSUERID, - OCSP_R_UNKNOWN_MESSAGE_DIGEST); - return -1; -@@ -281,16 +323,16 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, - mdlen = EVP_MD_size(dgst); - if (mdlen < 0) - return -1; -- if ((cid->issuerNameHash.length != mdlen) || -- (cid->issuerKeyHash.length != mdlen)) -+ if ((cid->issuerNameHash->length != mdlen) || -+ (cid->issuerKeyHash->length != mdlen)) - return 0; - iname = X509_get_subject_name(cert); - if (!X509_NAME_digest(iname, dgst, md, NULL)) - return -1; -- if (memcmp(md, cid->issuerNameHash.data, mdlen)) -+ if (memcmp(md, cid->issuerNameHash->data, mdlen)) - return 0; - X509_pubkey_digest(cert, dgst, md, NULL); -- if (memcmp(md, cid->issuerKeyHash.data, mdlen)) -+ if (memcmp(md, cid->issuerKeyHash->data, mdlen)) - return 0; - - return 1; -@@ -310,10 +352,10 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, - - } - --static int ocsp_check_delegated(X509 *x) -+static int ocsp_check_delegated(X509 *x, int flags) - { -- if ((X509_get_extension_flags(x) & EXFLAG_XKUSAGE) -- && (X509_get_extended_key_usage(x) & XKU_OCSP_SIGN)) -+ X509_check_purpose(x, -1, 0); -+ if ((x->ex_flags & EXFLAG_XKUSAGE) && (x->ex_xkusage & XKU_OCSP_SIGN)) - return 1; - OCSPerr(OCSP_F_OCSP_CHECK_DELEGATED, OCSP_R_MISSING_OCSPSIGNING_USAGE); - return 0; -@@ -331,80 +373,68 @@ int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, - X509 *signer; - X509_NAME *nm; - GENERAL_NAME *gen; -- int ret = 0; -- X509_STORE_CTX *ctx = X509_STORE_CTX_new(); -- -- if (ctx == NULL) { -- OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -+ int ret; -+ X509_STORE_CTX ctx; - if (!req->optionalSignature) { - OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_REQUEST_NOT_SIGNED); -- goto err; -+ return 0; - } -- gen = req->tbsRequest.requestorName; -+ gen = req->tbsRequest->requestorName; - if (!gen || gen->type != GEN_DIRNAME) { - OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, - OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE); -- goto err; -+ return 0; - } - nm = gen->d.directoryName; -- ret = ocsp_req_find_signer(&signer, req, nm, certs, flags); -+ ret = ocsp_req_find_signer(&signer, req, nm, certs, store, flags); - if (ret <= 0) { - OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, - OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND); -- goto err; -+ return 0; - } - if ((ret == 2) && (flags & OCSP_TRUSTOTHER)) - flags |= OCSP_NOVERIFY; - if (!(flags & OCSP_NOSIGS)) { - EVP_PKEY *skey; -- skey = X509_get0_pubkey(signer); -+ skey = X509_get_pubkey(signer); - ret = OCSP_REQUEST_verify(req, skey); -+ EVP_PKEY_free(skey); - if (ret <= 0) { - OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNATURE_FAILURE); -- goto err; -+ return 0; - } - } - if (!(flags & OCSP_NOVERIFY)) { - int init_res; - if (flags & OCSP_NOCHAIN) -- init_res = X509_STORE_CTX_init(ctx, store, signer, NULL); -+ init_res = X509_STORE_CTX_init(&ctx, store, signer, NULL); - else -- init_res = X509_STORE_CTX_init(ctx, store, signer, -+ init_res = X509_STORE_CTX_init(&ctx, store, signer, - req->optionalSignature->certs); - if (!init_res) { - OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, ERR_R_X509_LIB); -- goto err; -+ return 0; - } - -- X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_OCSP_HELPER); -- X509_STORE_CTX_set_trust(ctx, X509_TRUST_OCSP_REQUEST); -- ret = X509_verify_cert(ctx); -+ X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER); -+ X509_STORE_CTX_set_trust(&ctx, X509_TRUST_OCSP_REQUEST); -+ ret = X509_verify_cert(&ctx); -+ X509_STORE_CTX_cleanup(&ctx); - if (ret <= 0) { -- ret = X509_STORE_CTX_get_error(ctx); -+ ret = X509_STORE_CTX_get_error(&ctx); - OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, - OCSP_R_CERTIFICATE_VERIFY_ERROR); - ERR_add_error_data(2, "Verify error:", - X509_verify_cert_error_string(ret)); -- goto err; -+ return 0; - } - } -- ret = 1; -- goto end; -- --err: -- ret = 0; --end: -- X509_STORE_CTX_free(ctx); -- return ret; -- -+ return 1; - } - - static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, - X509_NAME *nm, STACK_OF(X509) *certs, -- unsigned long flags) -+ X509_STORE *st, unsigned long flags) - { - X509 *signer; - if (!(flags & OCSP_NOINTERN)) { -diff --git a/Cryptlib/OpenSSL/crypto/ocsp/v3_ocsp.c b/Cryptlib/OpenSSL/crypto/ocsp/v3_ocsp.c -deleted file mode 100644 -index 2d425a8..0000000 ---- a/Cryptlib/OpenSSL/crypto/ocsp/v3_ocsp.c -+++ /dev/null -@@ -1,264 +0,0 @@ --/* -- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --# include --# include "internal/cryptlib.h" --# include --# include --# include --# include "ocsp_lcl.h" --# include --# include "../x509v3/ext_dat.h" -- --/* -- * OCSP extensions and a couple of CRL entry extensions -- */ -- --static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *nonce, -- BIO *out, int indent); --static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *nonce, -- BIO *out, int indent); --static int i2r_object(const X509V3_EXT_METHOD *method, void *obj, BIO *out, -- int indent); -- --static void *ocsp_nonce_new(void); --static int i2d_ocsp_nonce(void *a, unsigned char **pp); --static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length); --static void ocsp_nonce_free(void *a); --static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce, -- BIO *out, int indent); -- --static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, -- void *nocheck, BIO *out, int indent); --static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, -- X509V3_CTX *ctx, const char *str); --static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in, -- BIO *bp, int ind); -- --const X509V3_EXT_METHOD v3_ocsp_crlid = { -- NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID), -- 0, 0, 0, 0, -- 0, 0, -- 0, 0, -- i2r_ocsp_crlid, 0, -- NULL --}; -- --const X509V3_EXT_METHOD v3_ocsp_acutoff = { -- NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), -- 0, 0, 0, 0, -- 0, 0, -- 0, 0, -- i2r_ocsp_acutoff, 0, -- NULL --}; -- --const X509V3_EXT_METHOD v3_crl_invdate = { -- NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), -- 0, 0, 0, 0, -- 0, 0, -- 0, 0, -- i2r_ocsp_acutoff, 0, -- NULL --}; -- --const X509V3_EXT_METHOD v3_crl_hold = { -- NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT), -- 0, 0, 0, 0, -- 0, 0, -- 0, 0, -- i2r_object, 0, -- NULL --}; -- --const X509V3_EXT_METHOD v3_ocsp_nonce = { -- NID_id_pkix_OCSP_Nonce, 0, NULL, -- ocsp_nonce_new, -- ocsp_nonce_free, -- d2i_ocsp_nonce, -- i2d_ocsp_nonce, -- 0, 0, -- 0, 0, -- i2r_ocsp_nonce, 0, -- NULL --}; -- --const X509V3_EXT_METHOD v3_ocsp_nocheck = { -- NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL), -- 0, 0, 0, 0, -- 0, s2i_ocsp_nocheck, -- 0, 0, -- i2r_ocsp_nocheck, 0, -- NULL --}; -- --const X509V3_EXT_METHOD v3_ocsp_serviceloc = { -- NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC), -- 0, 0, 0, 0, -- 0, 0, -- 0, 0, -- i2r_ocsp_serviceloc, 0, -- NULL --}; -- --static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *in, BIO *bp, -- int ind) --{ -- OCSP_CRLID *a = in; -- if (a->crlUrl) { -- if (BIO_printf(bp, "%*scrlUrl: ", ind, "") <= 0) -- goto err; -- if (!ASN1_STRING_print(bp, (ASN1_STRING *)a->crlUrl)) -- goto err; -- if (BIO_write(bp, "\n", 1) <= 0) -- goto err; -- } -- if (a->crlNum) { -- if (BIO_printf(bp, "%*scrlNum: ", ind, "") <= 0) -- goto err; -- if (i2a_ASN1_INTEGER(bp, a->crlNum) <= 0) -- goto err; -- if (BIO_write(bp, "\n", 1) <= 0) -- goto err; -- } -- if (a->crlTime) { -- if (BIO_printf(bp, "%*scrlTime: ", ind, "") <= 0) -- goto err; -- if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) -- goto err; -- if (BIO_write(bp, "\n", 1) <= 0) -- goto err; -- } -- return 1; -- err: -- return 0; --} -- --static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *cutoff, -- BIO *bp, int ind) --{ -- if (BIO_printf(bp, "%*s", ind, "") <= 0) -- return 0; -- if (!ASN1_GENERALIZEDTIME_print(bp, cutoff)) -- return 0; -- return 1; --} -- --static int i2r_object(const X509V3_EXT_METHOD *method, void *oid, BIO *bp, -- int ind) --{ -- if (BIO_printf(bp, "%*s", ind, "") <= 0) -- return 0; -- if (i2a_ASN1_OBJECT(bp, oid) <= 0) -- return 0; -- return 1; --} -- --/* -- * OCSP nonce. This is needs special treatment because it doesn't have an -- * ASN1 encoding at all: it just contains arbitrary data. -- */ -- --static void *ocsp_nonce_new(void) --{ -- return ASN1_OCTET_STRING_new(); --} -- --static int i2d_ocsp_nonce(void *a, unsigned char **pp) --{ -- ASN1_OCTET_STRING *os = a; -- if (pp) { -- memcpy(*pp, os->data, os->length); -- *pp += os->length; -- } -- return os->length; --} -- --static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length) --{ -- ASN1_OCTET_STRING *os, **pos; -- pos = a; -- if (pos == NULL || *pos == NULL) { -- os = ASN1_OCTET_STRING_new(); -- if (os == NULL) -- goto err; -- } else { -- os = *pos; -- } -- if (!ASN1_OCTET_STRING_set(os, *pp, length)) -- goto err; -- -- *pp += length; -- -- if (pos) -- *pos = os; -- return os; -- -- err: -- if ((pos == NULL) || (*pos != os)) -- ASN1_OCTET_STRING_free(os); -- OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE); -- return NULL; --} -- --static void ocsp_nonce_free(void *a) --{ -- ASN1_OCTET_STRING_free(a); --} -- --static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce, -- BIO *out, int indent) --{ -- if (BIO_printf(out, "%*s", indent, "") <= 0) -- return 0; -- if (i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) -- return 0; -- return 1; --} -- --/* Nocheck is just a single NULL. Don't print anything and always set it */ -- --static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, void *nocheck, -- BIO *out, int indent) --{ -- return 1; --} -- --static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, -- X509V3_CTX *ctx, const char *str) --{ -- return ASN1_NULL_new(); --} -- --static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in, -- BIO *bp, int ind) --{ -- int i; -- OCSP_SERVICELOC *a = in; -- ACCESS_DESCRIPTION *ad; -- -- if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0) -- goto err; -- if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0) -- goto err; -- for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++) { -- ad = sk_ACCESS_DESCRIPTION_value(a->locator, i); -- if (BIO_printf(bp, "\n%*s", (2 * ind), "") <= 0) -- goto err; -- if (i2a_ASN1_OBJECT(bp, ad->method) <= 0) -- goto err; -- if (BIO_puts(bp, " - ") <= 0) -- goto err; -- if (GENERAL_NAME_print(bp, ad->location) <= 0) -- goto err; -- } -- return 1; -- err: -- return 0; --} -diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_all.c b/Cryptlib/OpenSSL/crypto/pem/pem_all.c -index 0e71813..0e5be63 100644 ---- a/Cryptlib/OpenSSL/crypto/pem/pem_all.c -+++ b/Cryptlib/OpenSSL/crypto/pem/pem_all.c -@@ -1,22 +1,130 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/pem/pem_all.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+/* ==================================================================== -+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include - #include - #include --#include --#include --#include -+#ifndef OPENSSL_NO_RSA -+# include -+#endif -+#ifndef OPENSSL_NO_DSA -+# include -+#endif -+#ifndef OPENSSL_NO_DH -+# include -+#endif - - #ifndef OPENSSL_NO_RSA - static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa); -@@ -68,7 +176,7 @@ RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **rsa, pem_password_cb *cb, - return pkey_get_rsa(pktmp, rsa); - } - --# ifndef OPENSSL_NO_STDIO -+# ifndef OPENSSL_NO_FP_API - - RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb, void *u) - { -@@ -79,10 +187,57 @@ RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb, void *u) - - # endif - --IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, -- RSAPrivateKey) -+# ifdef OPENSSL_FIPS - -+int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc, -+ unsigned char *kstr, int klen, -+ pem_password_cb *cb, void *u) -+{ -+ if (FIPS_mode()) { -+ EVP_PKEY *k; -+ int ret; -+ k = EVP_PKEY_new(); -+ if (!k) -+ return 0; -+ EVP_PKEY_set1_RSA(k, x); - -+ ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u); -+ EVP_PKEY_free(k); -+ return ret; -+ } else -+ return PEM_ASN1_write_bio((i2d_of_void *)i2d_RSAPrivateKey, -+ PEM_STRING_RSA, bp, x, enc, kstr, klen, cb, -+ u); -+} -+ -+# ifndef OPENSSL_NO_FP_API -+int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc, -+ unsigned char *kstr, int klen, -+ pem_password_cb *cb, void *u) -+{ -+ if (FIPS_mode()) { -+ EVP_PKEY *k; -+ int ret; -+ k = EVP_PKEY_new(); -+ if (!k) -+ return 0; -+ -+ EVP_PKEY_set1_RSA(k, x); -+ -+ ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u); -+ EVP_PKEY_free(k); -+ return ret; -+ } else -+ return PEM_ASN1_write((i2d_of_void *)i2d_RSAPrivateKey, -+ PEM_STRING_RSA, fp, x, enc, kstr, klen, cb, u); -+} -+# endif -+ -+# else -+ -+IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, -+ RSAPrivateKey) -+# endif - IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, - RSAPublicKey) IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, - PEM_STRING_PUBLIC, -@@ -113,10 +268,57 @@ DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb, - return pkey_get_dsa(pktmp, dsa); /* will free pktmp */ - } - -+# ifdef OPENSSL_FIPS -+ -+int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc, -+ unsigned char *kstr, int klen, -+ pem_password_cb *cb, void *u) -+{ -+ if (FIPS_mode()) { -+ EVP_PKEY *k; -+ int ret; -+ k = EVP_PKEY_new(); -+ if (!k) -+ return 0; -+ EVP_PKEY_set1_DSA(k, x); -+ -+ ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u); -+ EVP_PKEY_free(k); -+ return ret; -+ } else -+ return PEM_ASN1_write_bio((i2d_of_void *)i2d_DSAPrivateKey, -+ PEM_STRING_DSA, bp, x, enc, kstr, klen, cb, -+ u); -+} -+ -+# ifndef OPENSSL_NO_FP_API -+int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc, -+ unsigned char *kstr, int klen, -+ pem_password_cb *cb, void *u) -+{ -+ if (FIPS_mode()) { -+ EVP_PKEY *k; -+ int ret; -+ k = EVP_PKEY_new(); -+ if (!k) -+ return 0; -+ EVP_PKEY_set1_DSA(k, x); -+ ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u); -+ EVP_PKEY_free(k); -+ return ret; -+ } else -+ return PEM_ASN1_write((i2d_of_void *)i2d_DSAPrivateKey, -+ PEM_STRING_DSA, fp, x, enc, kstr, klen, cb, u); -+} -+# endif -+ -+# else -+ - IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, - DSAPrivateKey) -+# endif - IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY) --# ifndef OPENSSL_NO_STDIO -+# ifndef OPENSSL_NO_FP_API - DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb, void *u) - { - EVP_PKEY *pktmp; -@@ -155,12 +357,56 @@ EC_KEY *PEM_read_bio_ECPrivateKey(BIO *bp, EC_KEY **key, pem_password_cb *cb, - - IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, - ECPKParameters) -+# ifdef OPENSSL_FIPS -+int PEM_write_bio_ECPrivateKey(BIO *bp, EC_KEY *x, const EVP_CIPHER *enc, -+ unsigned char *kstr, int klen, -+ pem_password_cb *cb, void *u) -+{ -+ if (FIPS_mode()) { -+ EVP_PKEY *k; -+ int ret; -+ k = EVP_PKEY_new(); -+ if (!k) -+ return 0; -+ EVP_PKEY_set1_EC_KEY(k, x); -+ -+ ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u); -+ EVP_PKEY_free(k); -+ return ret; -+ } else -+ return PEM_ASN1_write_bio((i2d_of_void *)i2d_ECPrivateKey, -+ PEM_STRING_ECPRIVATEKEY, -+ bp, x, enc, kstr, klen, cb, u); -+} - -+# ifndef OPENSSL_NO_FP_API -+int PEM_write_ECPrivateKey(FILE *fp, EC_KEY *x, const EVP_CIPHER *enc, -+ unsigned char *kstr, int klen, -+ pem_password_cb *cb, void *u) -+{ -+ if (FIPS_mode()) { -+ EVP_PKEY *k; -+ int ret; -+ k = EVP_PKEY_new(); -+ if (!k) -+ return 0; -+ EVP_PKEY_set1_EC_KEY(k, x); -+ ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u); -+ EVP_PKEY_free(k); -+ return ret; -+ } else -+ return PEM_ASN1_write((i2d_of_void *)i2d_ECPrivateKey, -+ PEM_STRING_ECPRIVATEKEY, -+ fp, x, enc, kstr, klen, cb, u); -+} -+# endif - --IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, -+# else -+ IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, - ECPrivateKey) -+# endif - IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY) --# ifndef OPENSSL_NO_STDIO -+# ifndef OPENSSL_NO_FP_API - EC_KEY *PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb, - void *u) - { -diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_err.c b/Cryptlib/OpenSSL/crypto/pem/pem_err.c -index f36d893..4e5f8e9 100644 ---- a/Cryptlib/OpenSSL/crypto/pem/pem_err.c -+++ b/Cryptlib/OpenSSL/crypto/pem/pem_err.c -@@ -1,11 +1,62 @@ --/* -- * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/pem/pem_err.c */ -+/* ==================================================================== -+ * Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+/* -+ * NOTE: this file was auto generated by the mkerr.pl script: any changes -+ * made to it will be overwritten when the script next updates this file, -+ * only reason strings will be preserved. - */ - - #include -@@ -19,41 +70,46 @@ - # define ERR_REASON(reason) ERR_PACK(ERR_LIB_PEM,0,reason) - - static ERR_STRING_DATA PEM_str_functs[] = { -- {ERR_FUNC(PEM_F_B2I_DSS), "b2i_dss"}, -+ {ERR_FUNC(PEM_F_B2I_DSS), "B2I_DSS"}, - {ERR_FUNC(PEM_F_B2I_PVK_BIO), "b2i_PVK_bio"}, -- {ERR_FUNC(PEM_F_B2I_RSA), "b2i_rsa"}, -- {ERR_FUNC(PEM_F_CHECK_BITLEN_DSA), "check_bitlen_dsa"}, -- {ERR_FUNC(PEM_F_CHECK_BITLEN_RSA), "check_bitlen_rsa"}, -+ {ERR_FUNC(PEM_F_B2I_RSA), "B2I_RSA"}, -+ {ERR_FUNC(PEM_F_CHECK_BITLEN_DSA), "CHECK_BITLEN_DSA"}, -+ {ERR_FUNC(PEM_F_CHECK_BITLEN_RSA), "CHECK_BITLEN_RSA"}, - {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_BIO), "d2i_PKCS8PrivateKey_bio"}, - {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_FP), "d2i_PKCS8PrivateKey_fp"}, -- {ERR_FUNC(PEM_F_DO_B2I), "do_b2i"}, -- {ERR_FUNC(PEM_F_DO_B2I_BIO), "do_b2i_bio"}, -- {ERR_FUNC(PEM_F_DO_BLOB_HEADER), "do_blob_header"}, -- {ERR_FUNC(PEM_F_DO_PK8PKEY), "do_pk8pkey"}, -- {ERR_FUNC(PEM_F_DO_PK8PKEY_FP), "do_pk8pkey_fp"}, -- {ERR_FUNC(PEM_F_DO_PVK_BODY), "do_PVK_body"}, -- {ERR_FUNC(PEM_F_DO_PVK_HEADER), "do_PVK_header"}, -- {ERR_FUNC(PEM_F_I2B_PVK), "i2b_PVK"}, -+ {ERR_FUNC(PEM_F_DO_B2I), "DO_B2I"}, -+ {ERR_FUNC(PEM_F_DO_B2I_BIO), "DO_B2I_BIO"}, -+ {ERR_FUNC(PEM_F_DO_BLOB_HEADER), "DO_BLOB_HEADER"}, -+ {ERR_FUNC(PEM_F_DO_PK8PKEY), "DO_PK8PKEY"}, -+ {ERR_FUNC(PEM_F_DO_PK8PKEY_FP), "DO_PK8PKEY_FP"}, -+ {ERR_FUNC(PEM_F_DO_PVK_BODY), "DO_PVK_BODY"}, -+ {ERR_FUNC(PEM_F_DO_PVK_HEADER), "DO_PVK_HEADER"}, -+ {ERR_FUNC(PEM_F_I2B_PVK), "I2B_PVK"}, - {ERR_FUNC(PEM_F_I2B_PVK_BIO), "i2b_PVK_bio"}, -- {ERR_FUNC(PEM_F_LOAD_IV), "load_iv"}, -+ {ERR_FUNC(PEM_F_LOAD_IV), "LOAD_IV"}, - {ERR_FUNC(PEM_F_PEM_ASN1_READ), "PEM_ASN1_read"}, - {ERR_FUNC(PEM_F_PEM_ASN1_READ_BIO), "PEM_ASN1_read_bio"}, - {ERR_FUNC(PEM_F_PEM_ASN1_WRITE), "PEM_ASN1_write"}, - {ERR_FUNC(PEM_F_PEM_ASN1_WRITE_BIO), "PEM_ASN1_write_bio"}, - {ERR_FUNC(PEM_F_PEM_DEF_CALLBACK), "PEM_def_callback"}, - {ERR_FUNC(PEM_F_PEM_DO_HEADER), "PEM_do_header"}, -+ {ERR_FUNC(PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY), -+ "PEM_F_PEM_WRITE_PKCS8PRIVATEKEY"}, - {ERR_FUNC(PEM_F_PEM_GET_EVP_CIPHER_INFO), "PEM_get_EVP_CIPHER_INFO"}, -+ {ERR_FUNC(PEM_F_PEM_PK8PKEY), "PEM_PK8PKEY"}, - {ERR_FUNC(PEM_F_PEM_READ), "PEM_read"}, - {ERR_FUNC(PEM_F_PEM_READ_BIO), "PEM_read_bio"}, -- {ERR_FUNC(PEM_F_PEM_READ_BIO_DHPARAMS), "PEM_read_bio_DHparams"}, -+ {ERR_FUNC(PEM_F_PEM_READ_BIO_DHPARAMS), "PEM_READ_BIO_DHPARAMS"}, - {ERR_FUNC(PEM_F_PEM_READ_BIO_PARAMETERS), "PEM_read_bio_Parameters"}, -- {ERR_FUNC(PEM_F_PEM_READ_BIO_PRIVATEKEY), "PEM_read_bio_PrivateKey"}, -- {ERR_FUNC(PEM_F_PEM_READ_DHPARAMS), "PEM_read_DHparams"}, -- {ERR_FUNC(PEM_F_PEM_READ_PRIVATEKEY), "PEM_read_PrivateKey"}, -+ {ERR_FUNC(PEM_F_PEM_READ_BIO_PRIVATEKEY), "PEM_READ_BIO_PRIVATEKEY"}, -+ {ERR_FUNC(PEM_F_PEM_READ_DHPARAMS), "PEM_READ_DHPARAMS"}, -+ {ERR_FUNC(PEM_F_PEM_READ_PRIVATEKEY), "PEM_READ_PRIVATEKEY"}, -+ {ERR_FUNC(PEM_F_PEM_SEALFINAL), "PEM_SealFinal"}, -+ {ERR_FUNC(PEM_F_PEM_SEALINIT), "PEM_SealInit"}, - {ERR_FUNC(PEM_F_PEM_SIGNFINAL), "PEM_SignFinal"}, - {ERR_FUNC(PEM_F_PEM_WRITE), "PEM_write"}, - {ERR_FUNC(PEM_F_PEM_WRITE_BIO), "PEM_write_bio"}, -- {ERR_FUNC(PEM_F_PEM_WRITE_PRIVATEKEY), "PEM_write_PrivateKey"}, -+ {ERR_FUNC(PEM_F_PEM_WRITE_PRIVATEKEY), "PEM_WRITE_PRIVATEKEY"}, - {ERR_FUNC(PEM_F_PEM_X509_INFO_READ), "PEM_X509_INFO_read"}, - {ERR_FUNC(PEM_F_PEM_X509_INFO_READ_BIO), "PEM_X509_INFO_read_bio"}, - {ERR_FUNC(PEM_F_PEM_X509_INFO_WRITE_BIO), "PEM_X509_INFO_write_bio"}, -@@ -81,18 +137,17 @@ static ERR_STRING_DATA PEM_str_reasons[] = { - {ERR_REASON(PEM_R_KEYBLOB_HEADER_PARSE_ERROR), - "keyblob header parse error"}, - {ERR_REASON(PEM_R_KEYBLOB_TOO_SHORT), "keyblob too short"}, -- {ERR_REASON(PEM_R_MISSING_DEK_IV), "missing dek iv"}, - {ERR_REASON(PEM_R_NOT_DEK_INFO), "not dek info"}, - {ERR_REASON(PEM_R_NOT_ENCRYPTED), "not encrypted"}, - {ERR_REASON(PEM_R_NOT_PROC_TYPE), "not proc type"}, - {ERR_REASON(PEM_R_NO_START_LINE), "no start line"}, - {ERR_REASON(PEM_R_PROBLEMS_GETTING_PASSWORD), - "problems getting password"}, -+ {ERR_REASON(PEM_R_PUBLIC_KEY_NO_RSA), "public key no rsa"}, - {ERR_REASON(PEM_R_PVK_DATA_TOO_SHORT), "pvk data too short"}, - {ERR_REASON(PEM_R_PVK_TOO_SHORT), "pvk too short"}, - {ERR_REASON(PEM_R_READ_KEY), "read key"}, - {ERR_REASON(PEM_R_SHORT_HEADER), "short header"}, -- {ERR_REASON(PEM_R_UNEXPECTED_DEK_IV), "unexpected dek iv"}, - {ERR_REASON(PEM_R_UNSUPPORTED_CIPHER), "unsupported cipher"}, - {ERR_REASON(PEM_R_UNSUPPORTED_ENCRYPTION), "unsupported encryption"}, - {ERR_REASON(PEM_R_UNSUPPORTED_KEY_COMPONENTS), -@@ -102,7 +157,7 @@ static ERR_STRING_DATA PEM_str_reasons[] = { - - #endif - --int ERR_load_PEM_strings(void) -+void ERR_load_PEM_strings(void) - { - #ifndef OPENSSL_NO_ERR - -@@ -111,5 +166,4 @@ int ERR_load_PEM_strings(void) - ERR_load_strings(0, PEM_str_reasons); - } - #endif -- return 1; - } -diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_info.c b/Cryptlib/OpenSSL/crypto/pem/pem_info.c -index dd493c8..4d736a1 100644 ---- a/Cryptlib/OpenSSL/crypto/pem/pem_info.c -+++ b/Cryptlib/OpenSSL/crypto/pem/pem_info.c -@@ -1,23 +1,76 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/pem/pem_info.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include - #include - #include --#include --#include -+#ifndef OPENSSL_NO_RSA -+# include -+#endif -+#ifndef OPENSSL_NO_DSA -+# include -+#endif - --#ifndef OPENSSL_NO_STDIO -+#ifndef OPENSSL_NO_FP_API - STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, - pem_password_cb *cb, void *u) - { -@@ -206,11 +259,14 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, - } else { - /* unknown */ - } -- OPENSSL_free(name); -+ if (name != NULL) -+ OPENSSL_free(name); -+ if (header != NULL) -+ OPENSSL_free(header); -+ if (data != NULL) -+ OPENSSL_free(data); - name = NULL; -- OPENSSL_free(header); - header = NULL; -- OPENSSL_free(data); - data = NULL; - } - -@@ -226,7 +282,8 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, - } - ok = 1; - err: -- X509_INFO_free(xi); -+ if (xi != NULL) -+ X509_INFO_free(xi); - if (!ok) { - for (i = 0; ((int)i) < sk_X509_INFO_num(ret); i++) { - xi = sk_X509_INFO_value(ret, i); -@@ -237,9 +294,12 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, - ret = NULL; - } - -- OPENSSL_free(name); -- OPENSSL_free(header); -- OPENSSL_free(data); -+ if (name != NULL) -+ OPENSSL_free(name); -+ if (header != NULL) -+ OPENSSL_free(header); -+ if (data != NULL) -+ OPENSSL_free(data); - return (ret); - } - -@@ -248,6 +308,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, - unsigned char *kstr, int klen, - pem_password_cb *cb, void *u) - { -+ EVP_CIPHER_CTX ctx; - int i, ret = 0; - unsigned char *data = NULL; - const char *objstr = NULL; -@@ -292,13 +353,11 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, - } - - /* create the right magic header stuff */ -- OPENSSL_assert(strlen(objstr) + 23 -- + 2 * EVP_CIPHER_iv_length(enc) + 13 <= -+ OPENSSL_assert(strlen(objstr) + 23 + 2 * enc->iv_len + 13 <= - sizeof buf); - buf[0] = '\0'; - PEM_proc_type(buf, PEM_TYPE_ENCRYPTED); -- PEM_dek_info(buf, objstr, EVP_CIPHER_iv_length(enc), -- (char *)iv); -+ PEM_dek_info(buf, objstr, enc->iv_len, (char *)iv); - - /* use the normal code to write things out */ - i = PEM_write_bio(bp, PEM_STRING_RSA, buf, data, i); -@@ -309,7 +368,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, - #ifndef OPENSSL_NO_RSA - /* normal optionally encrypted stuff */ - if (PEM_write_bio_RSAPrivateKey(bp, -- EVP_PKEY_get0_RSA(xi->x_pkey->dec_pkey), -+ xi->x_pkey->dec_pkey->pkey.rsa, - enc, kstr, klen, cb, u) <= 0) - goto err; - #endif -@@ -329,6 +388,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, - ret = 1; - - err: -+ OPENSSL_cleanse((char *)&ctx, sizeof(ctx)); - OPENSSL_cleanse(buf, PEM_BUFSIZE); - return (ret); - } -diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_lib.c b/Cryptlib/OpenSSL/crypto/pem/pem_lib.c -index 2792593..56c77b1 100644 ---- a/Cryptlib/OpenSSL/crypto/pem/pem_lib.c -+++ b/Cryptlib/OpenSSL/crypto/pem/pem_lib.c -@@ -1,16 +1,64 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/pem/pem_lib.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include - #include --#include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include -@@ -18,9 +66,15 @@ - #include - #include - #include --#include "internal/asn1_int.h" --#include --#include -+#include "asn1_locl.h" -+#ifndef OPENSSL_NO_DES -+# include -+#endif -+#ifndef OPENSSL_NO_ENGINE -+# include -+#endif -+ -+const char PEM_version[] = "PEM" OPENSSL_VERSION_PTEXT; - - #define MIN_LENGTH 4 - -@@ -30,24 +84,22 @@ int pem_check_suffix(const char *pem_str, const char *suffix); - - int PEM_def_callback(char *buf, int num, int w, void *key) - { --#if defined(OPENSSL_NO_STDIO) || defined(OPENSSL_NO_UI) -- int i; -+#if defined(OPENSSL_NO_FP_API) || defined(OPENSSL_NO_UI) -+ /* -+ * We should not ever call the default callback routine from windows. -+ */ -+ PEMerr(PEM_F_PEM_DEF_CALLBACK, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -+ return (-1); - #else - int i, j; - const char *prompt; --#endif -- - if (key) { - i = strlen(key); - i = (i > num) ? num : i; - memcpy(buf, key, i); -- return i; -+ return (i); - } - --#if defined(OPENSSL_NO_STDIO) || defined(OPENSSL_NO_UI) -- PEMerr(PEM_F_PEM_DEF_CALLBACK, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -- return -1; --#else - prompt = EVP_get_pw_prompt(); - if (prompt == NULL) - prompt = "Enter PEM pass phrase:"; -@@ -63,7 +115,7 @@ int PEM_def_callback(char *buf, int num, int w, void *key) - if (i != 0) { - PEMerr(PEM_F_PEM_DEF_CALLBACK, PEM_R_PROBLEMS_GETTING_PASSWORD); - memset(buf, 0, (unsigned int)num); -- return -1; -+ return (-1); - } - j = strlen(buf); - if (min_len && j < min_len) { -@@ -73,7 +125,7 @@ int PEM_def_callback(char *buf, int num, int w, void *key) - } else - break; - } -- return j; -+ return (j); - #endif - } - -@@ -90,9 +142,9 @@ void PEM_proc_type(char *buf, int type) - else - str = "BAD-TYPE"; - -- OPENSSL_strlcat(buf, "Proc-Type: 4,", PEM_BUFSIZE); -- OPENSSL_strlcat(buf, str, PEM_BUFSIZE); -- OPENSSL_strlcat(buf, "\n", PEM_BUFSIZE); -+ BUF_strlcat(buf, "Proc-Type: 4,", PEM_BUFSIZE); -+ BUF_strlcat(buf, str, PEM_BUFSIZE); -+ BUF_strlcat(buf, "\n", PEM_BUFSIZE); - } - - void PEM_dek_info(char *buf, const char *type, int len, char *str) -@@ -101,9 +153,9 @@ void PEM_dek_info(char *buf, const char *type, int len, char *str) - long i; - int j; - -- OPENSSL_strlcat(buf, "DEK-Info: ", PEM_BUFSIZE); -- OPENSSL_strlcat(buf, type, PEM_BUFSIZE); -- OPENSSL_strlcat(buf, ",", PEM_BUFSIZE); -+ BUF_strlcat(buf, "DEK-Info: ", PEM_BUFSIZE); -+ BUF_strlcat(buf, type, PEM_BUFSIZE); -+ BUF_strlcat(buf, ",", PEM_BUFSIZE); - j = strlen(buf); - if (j + (len * 2) + 1 > PEM_BUFSIZE) - return; -@@ -115,7 +167,7 @@ void PEM_dek_info(char *buf, const char *type, int len, char *str) - buf[j + i * 2 + 1] = '\0'; - } - --#ifndef OPENSSL_NO_STDIO -+#ifndef OPENSSL_NO_FP_API - void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, - pem_password_cb *cb, void *u) - { -@@ -136,22 +188,22 @@ void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, - static int check_pem(const char *nm, const char *name) - { - /* Normal matching nm and name */ -- if (strcmp(nm, name) == 0) -+ if (!strcmp(nm, name)) - return 1; - - /* Make PEM_STRING_EVP_PKEY match any private key */ - -- if (strcmp(name, PEM_STRING_EVP_PKEY) == 0) { -+ if (!strcmp(name, PEM_STRING_EVP_PKEY)) { - int slen; - const EVP_PKEY_ASN1_METHOD *ameth; -- if (strcmp(nm, PEM_STRING_PKCS8) == 0) -+ if (!strcmp(nm, PEM_STRING_PKCS8)) - return 1; -- if (strcmp(nm, PEM_STRING_PKCS8INF) == 0) -+ if (!strcmp(nm, PEM_STRING_PKCS8INF)) - return 1; - slen = pem_check_suffix(nm, "PRIVATE KEY"); - if (slen > 0) { - /* -- * NB: ENGINE implementations won't contain a deprecated old -+ * NB: ENGINE implementations wont contain a deprecated old - * private key decode function so don't look for them. - */ - ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen); -@@ -161,7 +213,7 @@ static int check_pem(const char *nm, const char *name) - return 0; - } - -- if (strcmp(name, PEM_STRING_PARAMETERS) == 0) { -+ if (!strcmp(name, PEM_STRING_PARAMETERS)) { - int slen; - const EVP_PKEY_ASN1_METHOD *ameth; - slen = pem_check_suffix(nm, "PARAMETERS"); -@@ -175,7 +227,8 @@ static int check_pem(const char *nm, const char *name) - else - r = 0; - #ifndef OPENSSL_NO_ENGINE -- ENGINE_finish(e); -+ if (e) -+ ENGINE_finish(e); - #endif - return r; - } -@@ -183,45 +236,41 @@ static int check_pem(const char *nm, const char *name) - return 0; - } - /* If reading DH parameters handle X9.42 DH format too */ -- if (strcmp(nm, PEM_STRING_DHXPARAMS) == 0 -- && strcmp(name, PEM_STRING_DHPARAMS) == 0) -+ if (!strcmp(nm, PEM_STRING_DHXPARAMS) && -+ !strcmp(name, PEM_STRING_DHPARAMS)) - return 1; - - /* Permit older strings */ - -- if (strcmp(nm, PEM_STRING_X509_OLD) == 0 -- && strcmp(name, PEM_STRING_X509) == 0) -+ if (!strcmp(nm, PEM_STRING_X509_OLD) && !strcmp(name, PEM_STRING_X509)) - return 1; - -- if (strcmp(nm, PEM_STRING_X509_REQ_OLD) == 0 -- && strcmp(name, PEM_STRING_X509_REQ) == 0) -+ if (!strcmp(nm, PEM_STRING_X509_REQ_OLD) && -+ !strcmp(name, PEM_STRING_X509_REQ)) - return 1; - - /* Allow normal certs to be read as trusted certs */ -- if (strcmp(nm, PEM_STRING_X509) == 0 -- && strcmp(name, PEM_STRING_X509_TRUSTED) == 0) -+ if (!strcmp(nm, PEM_STRING_X509) && -+ !strcmp(name, PEM_STRING_X509_TRUSTED)) - return 1; - -- if (strcmp(nm, PEM_STRING_X509_OLD) == 0 -- && strcmp(name, PEM_STRING_X509_TRUSTED) == 0) -+ if (!strcmp(nm, PEM_STRING_X509_OLD) && -+ !strcmp(name, PEM_STRING_X509_TRUSTED)) - return 1; - - /* Some CAs use PKCS#7 with CERTIFICATE headers */ -- if (strcmp(nm, PEM_STRING_X509) == 0 -- && strcmp(name, PEM_STRING_PKCS7) == 0) -+ if (!strcmp(nm, PEM_STRING_X509) && !strcmp(name, PEM_STRING_PKCS7)) - return 1; - -- if (strcmp(nm, PEM_STRING_PKCS7_SIGNED) == 0 -- && strcmp(name, PEM_STRING_PKCS7) == 0) -+ if (!strcmp(nm, PEM_STRING_PKCS7_SIGNED) && -+ !strcmp(name, PEM_STRING_PKCS7)) - return 1; - - #ifndef OPENSSL_NO_CMS -- if (strcmp(nm, PEM_STRING_X509) == 0 -- && strcmp(name, PEM_STRING_CMS) == 0) -+ if (!strcmp(nm, PEM_STRING_X509) && !strcmp(name, PEM_STRING_CMS)) - return 1; - /* Allow CMS to be read from PKCS#7 headers */ -- if (strcmp(nm, PEM_STRING_PKCS7) == 0 -- && strcmp(name, PEM_STRING_CMS) == 0) -+ if (!strcmp(nm, PEM_STRING_PKCS7) && !strcmp(name, PEM_STRING_CMS)) - return 1; - #endif - -@@ -272,7 +321,7 @@ int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, - return ret; - } - --#ifndef OPENSSL_NO_STDIO -+#ifndef OPENSSL_NO_FP_API - int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, - void *x, const EVP_CIPHER *enc, unsigned char *kstr, - int klen, pem_password_cb *callback, void *u) -@@ -295,8 +344,8 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, - void *x, const EVP_CIPHER *enc, unsigned char *kstr, - int klen, pem_password_cb *callback, void *u) - { -- EVP_CIPHER_CTX *ctx = NULL; -- int dsize = 0, i = 0, j = 0, ret = 0; -+ EVP_CIPHER_CTX ctx; -+ int dsize = 0, i, j, ret = 0; - unsigned char *p, *data = NULL; - const char *objstr = NULL; - char buf[PEM_BUFSIZE]; -@@ -318,7 +367,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, - } - /* dzise + 8 bytes are needed */ - /* actually it needs the cipher block size extra... */ -- data = OPENSSL_malloc((unsigned int)dsize + 20); -+ data = (unsigned char *)OPENSSL_malloc((unsigned int)dsize + 20); - if (data == NULL) { - PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, ERR_R_MALLOC_FAILURE); - goto err; -@@ -343,8 +392,8 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, - kstr = (unsigned char *)buf; - } - RAND_add(data, i, 0); /* put in the RSA key. */ -- OPENSSL_assert(EVP_CIPHER_iv_length(enc) <= (int)sizeof(iv)); -- if (RAND_bytes(iv, EVP_CIPHER_iv_length(enc)) <= 0) /* Generate a salt */ -+ OPENSSL_assert(enc->iv_len <= (int)sizeof(iv)); -+ if (RAND_bytes(iv, enc->iv_len) <= 0) /* Generate a salt */ - goto err; - /* - * The 'iv' is used as the iv and as a salt. It is NOT taken from -@@ -356,20 +405,21 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, - if (kstr == (unsigned char *)buf) - OPENSSL_cleanse(buf, PEM_BUFSIZE); - -- OPENSSL_assert(strlen(objstr) + 23 + 2 * EVP_CIPHER_iv_length(enc) + 13 -- <= sizeof buf); -+ OPENSSL_assert(strlen(objstr) + 23 + 2 * enc->iv_len + 13 <= -+ sizeof buf); - - buf[0] = '\0'; - PEM_proc_type(buf, PEM_TYPE_ENCRYPTED); -- PEM_dek_info(buf, objstr, EVP_CIPHER_iv_length(enc), (char *)iv); -+ PEM_dek_info(buf, objstr, enc->iv_len, (char *)iv); - /* k=strlen(buf); */ - -+ EVP_CIPHER_CTX_init(&ctx); - ret = 1; -- if ((ctx = EVP_CIPHER_CTX_new()) == NULL -- || !EVP_EncryptInit_ex(ctx, enc, NULL, key, iv) -- || !EVP_EncryptUpdate(ctx, data, &j, data, i) -- || !EVP_EncryptFinal_ex(ctx, &(data[j]), &i)) -+ if (!EVP_EncryptInit_ex(&ctx, enc, NULL, key, iv) -+ || !EVP_EncryptUpdate(&ctx, data, &j, data, i) -+ || !EVP_EncryptFinal_ex(&ctx, &(data[j]), &i)) - ret = 0; -+ EVP_CIPHER_CTX_cleanup(&ctx); - if (ret == 0) - goto err; - i += j; -@@ -383,162 +433,127 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, - err: - OPENSSL_cleanse(key, sizeof(key)); - OPENSSL_cleanse(iv, sizeof(iv)); -- EVP_CIPHER_CTX_free(ctx); -+ OPENSSL_cleanse((char *)&ctx, sizeof(ctx)); - OPENSSL_cleanse(buf, PEM_BUFSIZE); -- OPENSSL_clear_free(data, (unsigned int)dsize); -+ if (data != NULL) { -+ OPENSSL_cleanse(data, (unsigned int)dsize); -+ OPENSSL_free(data); -+ } - return (ret); - } - - int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen, - pem_password_cb *callback, void *u) - { -- int ok; -- int keylen; -- long len = *plen; -- int ilen = (int) len; /* EVP_DecryptUpdate etc. take int lengths */ -- EVP_CIPHER_CTX *ctx; -+ int i = 0, j, o, klen; -+ long len; -+ EVP_CIPHER_CTX ctx; - unsigned char key[EVP_MAX_KEY_LENGTH]; - char buf[PEM_BUFSIZE]; - --#if LONG_MAX > INT_MAX -- /* Check that we did not truncate the length */ -- if (len > INT_MAX) { -- PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_HEADER_TOO_LONG); -- return 0; -- } --#endif -+ len = *plen; - - if (cipher->cipher == NULL) -- return 1; -+ return (1); - if (callback == NULL) -- keylen = PEM_def_callback(buf, PEM_BUFSIZE, 0, u); -+ klen = PEM_def_callback(buf, PEM_BUFSIZE, 0, u); - else -- keylen = callback(buf, PEM_BUFSIZE, 0, u); -- if (keylen <= 0) { -+ klen = callback(buf, PEM_BUFSIZE, 0, u); -+ if (klen <= 0) { - PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_PASSWORD_READ); -- return 0; -+ return (0); - } - #ifdef CHARSET_EBCDIC - /* Convert the pass phrase from EBCDIC */ -- ebcdic2ascii(buf, buf, keylen); -+ ebcdic2ascii(buf, buf, klen); - #endif - - if (!EVP_BytesToKey(cipher->cipher, EVP_md5(), &(cipher->iv[0]), -- (unsigned char *)buf, keylen, 1, key, NULL)) -- return 0; -- -- ctx = EVP_CIPHER_CTX_new(); -- if (ctx == NULL) -+ (unsigned char *)buf, klen, 1, key, NULL)) - return 0; - -- ok = EVP_DecryptInit_ex(ctx, cipher->cipher, NULL, key, &(cipher->iv[0])); -- if (ok) -- ok = EVP_DecryptUpdate(ctx, data, &ilen, data, ilen); -- if (ok) { -- /* Squirrel away the length of data decrypted so far. */ -- *plen = ilen; -- ok = EVP_DecryptFinal_ex(ctx, &(data[ilen]), &ilen); -- } -- if (ok) -- *plen += ilen; -- else -- PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_DECRYPT); -- -- EVP_CIPHER_CTX_free(ctx); -+ j = (int)len; -+ EVP_CIPHER_CTX_init(&ctx); -+ o = EVP_DecryptInit_ex(&ctx, cipher->cipher, NULL, key, &(cipher->iv[0])); -+ if (o) -+ o = EVP_DecryptUpdate(&ctx, data, &i, data, j); -+ if (o) -+ o = EVP_DecryptFinal_ex(&ctx, &(data[i]), &j); -+ EVP_CIPHER_CTX_cleanup(&ctx); - OPENSSL_cleanse((char *)buf, sizeof(buf)); - OPENSSL_cleanse((char *)key, sizeof(key)); -- return ok; -+ if (o) -+ j += i; -+ else { -+ PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_DECRYPT); -+ return (0); -+ } -+ *plen = j; -+ return (1); - } - --/* -- * This implements a very limited PEM header parser that does not support the -- * full grammar of rfc1421. In particular, folded headers are not supported, -- * nor is additional whitespace. -- * -- * A robust implementation would make use of a library that turns the headers -- * into a BIO from which one folded line is read at a time, and is then split -- * into a header label and content. We would then parse the content of the -- * headers we care about. This is overkill for just this limited use-case, but -- * presumably we also parse rfc822-style headers for S/MIME, so a common -- * abstraction might well be more generally useful. -- */ - int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) - { -- static const char ProcType[] = "Proc-Type:"; -- static const char ENCRYPTED[] = "ENCRYPTED"; -- static const char DEKInfo[] = "DEK-Info:"; - const EVP_CIPHER *enc = NULL; -- int ivlen; -- char *dekinfostart, c; -+ char *p, c; -+ char **header_pp = &header; - - cipher->cipher = NULL; - if ((header == NULL) || (*header == '\0') || (*header == '\n')) -- return 1; -- -- if (strncmp(header, ProcType, sizeof(ProcType)-1) != 0) { -+ return (1); -+ if (strncmp(header, "Proc-Type: ", 11) != 0) { - PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_PROC_TYPE); -- return 0; -+ return (0); - } -- header += sizeof(ProcType)-1; -- header += strspn(header, " \t"); -- -- if (*header++ != '4' || *header++ != ',') -- return 0; -- header += strspn(header, " \t"); -- -- /* We expect "ENCRYPTED" followed by optional white-space + line break */ -- if (strncmp(header, ENCRYPTED, sizeof(ENCRYPTED)-1) != 0 || -- strspn(header+sizeof(ENCRYPTED)-1, " \t\r\n") == 0) { -+ header += 11; -+ if (*header != '4') -+ return (0); -+ header++; -+ if (*header != ',') -+ return (0); -+ header++; -+ if (strncmp(header, "ENCRYPTED", 9) != 0) { - PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_ENCRYPTED); -- return 0; -+ return (0); - } -- header += sizeof(ENCRYPTED)-1; -- header += strspn(header, " \t\r"); -- if (*header++ != '\n') { -+ for (; (*header != '\n') && (*header != '\0'); header++) ; -+ if (*header == '\0') { - PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_SHORT_HEADER); -- return 0; -+ return (0); - } -- -- /*- -- * https://tools.ietf.org/html/rfc1421#section-4.6.1.3 -- * We expect "DEK-Info: algo[,hex-parameters]" -- */ -- if (strncmp(header, DEKInfo, sizeof(DEKInfo)-1) != 0) { -+ header++; -+ if (strncmp(header, "DEK-Info: ", 10) != 0) { - PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_DEK_INFO); -- return 0; -+ return (0); - } -- header += sizeof(DEKInfo)-1; -- header += strspn(header, " \t"); -+ header += 10; - -- /* -- * DEK-INFO is a comma-separated combination of algorithm name and optional -- * parameters. -- */ -- dekinfostart = header; -- header += strcspn(header, " \t,"); -- c = *header; -+ p = header; -+ for (;;) { -+ c = *header; -+#ifndef CHARSET_EBCDIC -+ if (!(((c >= 'A') && (c <= 'Z')) || (c == '-') || -+ ((c >= '0') && (c <= '9')))) -+ break; -+#else -+ if (!(isupper(c) || (c == '-') || isdigit(c))) -+ break; -+#endif -+ header++; -+ } - *header = '\0'; -- cipher->cipher = enc = EVP_get_cipherbyname(dekinfostart); -+ cipher->cipher = enc = EVP_get_cipherbyname(p); - *header = c; -- header += strspn(header, " \t"); -+ header++; - - if (enc == NULL) { - PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_UNSUPPORTED_ENCRYPTION); -- return 0; -- } -- ivlen = EVP_CIPHER_iv_length(enc); -- if (ivlen > 0 && *header++ != ',') { -- PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_MISSING_DEK_IV); -- return 0; -- } else if (ivlen == 0 && *header == ',') { -- PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_UNEXPECTED_DEK_IV); -- return 0; -+ return (0); - } -+ if (!load_iv(header_pp, &(cipher->iv[0]), enc->iv_len)) -+ return (0); - -- if (!load_iv(&header, cipher->iv, EVP_CIPHER_iv_length(enc))) -- return 0; -- -- return 1; -+ return (1); - } - - static int load_iv(char **fromp, unsigned char *to, int num) -@@ -551,8 +566,13 @@ static int load_iv(char **fromp, unsigned char *to, int num) - to[i] = 0; - num *= 2; - for (i = 0; i < num; i++) { -- v = OPENSSL_hexchar2int(*from); -- if (v < 0) { -+ if ((*from >= '0') && (*from <= '9')) -+ v = *from - '0'; -+ else if ((*from >= 'A') && (*from <= 'F')) -+ v = *from - 'A' + 10; -+ else if ((*from >= 'a') && (*from <= 'f')) -+ v = *from - 'a' + 10; -+ else { - PEMerr(PEM_F_LOAD_IV, PEM_R_BAD_IV_CHARS); - return (0); - } -@@ -564,7 +584,7 @@ static int load_iv(char **fromp, unsigned char *to, int num) - return (1); - } - --#ifndef OPENSSL_NO_STDIO -+#ifndef OPENSSL_NO_FP_API - int PEM_write(FILE *fp, const char *name, const char *header, - const unsigned char *data, long len) - { -@@ -587,15 +607,10 @@ int PEM_write_bio(BIO *bp, const char *name, const char *header, - { - int nlen, n, i, j, outl; - unsigned char *buf = NULL; -- EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new(); -+ EVP_ENCODE_CTX ctx; - int reason = ERR_R_BUF_LIB; - -- if (ctx == NULL) { -- reason = ERR_R_MALLOC_FAILURE; -- goto err; -- } -- -- EVP_EncodeInit(ctx); -+ EVP_EncodeInit(&ctx); - nlen = strlen(name); - - if ((BIO_write(bp, "-----BEGIN ", 11) != 11) || -@@ -618,32 +633,34 @@ int PEM_write_bio(BIO *bp, const char *name, const char *header, - i = j = 0; - while (len > 0) { - n = (int)((len > (PEM_BUFSIZE * 5)) ? (PEM_BUFSIZE * 5) : len); -- if (!EVP_EncodeUpdate(ctx, buf, &outl, &(data[j]), n)) -- goto err; -+ EVP_EncodeUpdate(&ctx, buf, &outl, &(data[j]), n); - if ((outl) && (BIO_write(bp, (char *)buf, outl) != outl)) - goto err; - i += outl; - len -= n; - j += n; - } -- EVP_EncodeFinal(ctx, buf, &outl); -+ EVP_EncodeFinal(&ctx, buf, &outl); - if ((outl > 0) && (BIO_write(bp, (char *)buf, outl) != outl)) - goto err; -+ OPENSSL_cleanse(buf, PEM_BUFSIZE * 8); -+ OPENSSL_free(buf); -+ buf = NULL; - if ((BIO_write(bp, "-----END ", 9) != 9) || - (BIO_write(bp, name, nlen) != nlen) || - (BIO_write(bp, "-----\n", 6) != 6)) - goto err; -- OPENSSL_clear_free(buf, PEM_BUFSIZE * 8); -- EVP_ENCODE_CTX_free(ctx); - return (i + outl); - err: -- OPENSSL_clear_free(buf, PEM_BUFSIZE * 8); -- EVP_ENCODE_CTX_free(ctx); -+ if (buf) { -+ OPENSSL_cleanse(buf, PEM_BUFSIZE * 8); -+ OPENSSL_free(buf); -+ } - PEMerr(PEM_F_PEM_WRITE_BIO, reason); - return (0); - } - --#ifndef OPENSSL_NO_STDIO -+#ifndef OPENSSL_NO_FP_API - int PEM_read(FILE *fp, char **name, char **header, unsigned char **data, - long *len) - { -@@ -664,23 +681,22 @@ int PEM_read(FILE *fp, char **name, char **header, unsigned char **data, - int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data, - long *len) - { -- EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new(); -+ EVP_ENCODE_CTX ctx; - int end = 0, i, k, bl = 0, hl = 0, nohead = 0; - char buf[256]; - BUF_MEM *nameB; - BUF_MEM *headerB; - BUF_MEM *dataB, *tmpB; - -- if (ctx == NULL) { -- PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE); -- return (0); -- } -- - nameB = BUF_MEM_new(); - headerB = BUF_MEM_new(); - dataB = BUF_MEM_new(); - if ((nameB == NULL) || (headerB == NULL) || (dataB == NULL)) { -- goto err; -+ BUF_MEM_free(nameB); -+ BUF_MEM_free(headerB); -+ BUF_MEM_free(dataB); -+ PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE); -+ return (0); - } - - buf[254] = '\0'; -@@ -800,15 +816,15 @@ int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data, - goto err; - } - -- EVP_DecodeInit(ctx); -- i = EVP_DecodeUpdate(ctx, -+ EVP_DecodeInit(&ctx); -+ i = EVP_DecodeUpdate(&ctx, - (unsigned char *)dataB->data, &bl, - (unsigned char *)dataB->data, bl); - if (i < 0) { - PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_BASE64_DECODE); - goto err; - } -- i = EVP_DecodeFinal(ctx, (unsigned char *)&(dataB->data[bl]), &k); -+ i = EVP_DecodeFinal(&ctx, (unsigned char *)&(dataB->data[bl]), &k); - if (i < 0) { - PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_BASE64_DECODE); - goto err; -@@ -824,13 +840,11 @@ int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data, - OPENSSL_free(nameB); - OPENSSL_free(headerB); - OPENSSL_free(dataB); -- EVP_ENCODE_CTX_free(ctx); - return (1); - err: - BUF_MEM_free(nameB); - BUF_MEM_free(headerB); - BUF_MEM_free(dataB); -- EVP_ENCODE_CTX_free(ctx); - return (0); - } - -diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_oth.c b/Cryptlib/OpenSSL/crypto/pem/pem_oth.c -index cc7a8db..1dd3bd7 100644 ---- a/Cryptlib/OpenSSL/crypto/pem/pem_oth.c -+++ b/Cryptlib/OpenSSL/crypto/pem/pem_oth.c -@@ -1,17 +1,67 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/pem/pem_oth.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include -+#include - #include - #include - -diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_pk8.c b/Cryptlib/OpenSSL/crypto/pem/pem_pk8.c -index 993c595..9edca4d 100644 ---- a/Cryptlib/OpenSSL/crypto/pem/pem_pk8.c -+++ b/Cryptlib/OpenSSL/crypto/pem/pem_pk8.c -@@ -1,17 +1,67 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/pem/pem_pkey.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include -+#include - #include - #include - #include -@@ -19,12 +69,12 @@ - static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, - int nid, const EVP_CIPHER *enc, - char *kstr, int klen, pem_password_cb *cb, void *u); -- --#ifndef OPENSSL_NO_STDIO -+#ifndef OPENSSL_NO_FP_API - static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder, - int nid, const EVP_CIPHER *enc, - char *kstr, int klen, pem_password_cb *cb, void *u); - #endif -+ - /* - * These functions write a private key in PKCS#8 format: it is a "drop in" - * replacement for PEM_write_bio_PrivateKey() and friends. As usual if 'enc' -@@ -68,8 +118,7 @@ static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, - PKCS8_PRIV_KEY_INFO *p8inf; - char buf[PEM_BUFSIZE]; - int ret; -- -- if ((p8inf = EVP_PKEY2PKCS8(x)) == NULL) { -+ if (!(p8inf = EVP_PKEY2PKCS8(x))) { - PEMerr(PEM_F_DO_PK8PKEY, PEM_R_ERROR_CONVERTING_PRIVATE_KEY); - return 0; - } -@@ -138,13 +187,14 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, - if (!ret) - return NULL; - if (x) { -- EVP_PKEY_free(*x); -+ if (*x) -+ EVP_PKEY_free(*x); - *x = ret; - } - return ret; - } - --#ifndef OPENSSL_NO_STDIO -+#ifndef OPENSSL_NO_FP_API - - int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, - char *kstr, int klen, pem_password_cb *cb, void *u) -@@ -179,8 +229,7 @@ static int do_pk8pkey_fp(FILE *fp, EVP_PKEY *x, int isder, int nid, - { - BIO *bp; - int ret; -- -- if ((bp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) { -+ if (!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) { - PEMerr(PEM_F_DO_PK8PKEY_FP, ERR_R_BUF_LIB); - return (0); - } -@@ -194,8 +243,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, - { - BIO *bp; - EVP_PKEY *ret; -- -- if ((bp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) { -+ if (!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) { - PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_FP, ERR_R_BUF_LIB); - return NULL; - } -diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_pkey.c b/Cryptlib/OpenSSL/crypto/pem/pem_pkey.c -index 6308622..04d6319 100644 ---- a/Cryptlib/OpenSSL/crypto/pem/pem_pkey.c -+++ b/Cryptlib/OpenSSL/crypto/pem/pem_pkey.c -@@ -1,24 +1,77 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/pem/pem_pkey.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include -+#include - #include - #include - #include --#include --#include --#include "internal/asn1_int.h" --#include "internal/evp_int.h" -+#ifndef OPENSSL_NO_ENGINE -+# include -+#endif -+#ifndef OPENSSL_NO_DH -+# include -+#endif -+#include "asn1_locl.h" - - int pem_check_suffix(const char *pem_str, const char *suffix); - -@@ -43,7 +96,8 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, - goto p8err; - ret = EVP_PKCS82PKEY(p8inf); - if (x) { -- EVP_PKEY_free((EVP_PKEY *)*x); -+ if (*x) -+ EVP_PKEY_free((EVP_PKEY *)*x); - *x = ret; - } - PKCS8_PRIV_KEY_INFO_free(p8inf); -@@ -70,7 +124,8 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, - goto p8err; - ret = EVP_PKCS82PKEY(p8inf); - if (x) { -- EVP_PKEY_free((EVP_PKEY *)*x); -+ if (*x) -+ EVP_PKEY_free((EVP_PKEY *)*x); - *x = ret; - } - PKCS8_PRIV_KEY_INFO_free(p8inf); -@@ -86,7 +141,8 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, - PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, ERR_R_ASN1_LIB); - err: - OPENSSL_free(nm); -- OPENSSL_clear_free(data, len); -+ OPENSSL_cleanse(data, len); -+ OPENSSL_free(data); - return (ret); - } - -@@ -94,18 +150,11 @@ int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, - unsigned char *kstr, int klen, - pem_password_cb *cb, void *u) - { -- if (x->ameth == NULL || x->ameth->priv_encode != NULL) -+ char pem_str[80]; -+ if (!x->ameth || x->ameth->priv_encode) - return PEM_write_bio_PKCS8PrivateKey(bp, x, enc, - (char *)kstr, klen, cb, u); -- return PEM_write_bio_PrivateKey_traditional(bp, x, enc, kstr, klen, cb, u); --} - --int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x, -- const EVP_CIPHER *enc, -- unsigned char *kstr, int klen, -- pem_password_cb *cb, void *u) --{ -- char pem_str[80]; - BIO_snprintf(pem_str, 80, "%s PRIVATE KEY", x->ameth->pem_str); - return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey, - pem_str, bp, x, enc, kstr, klen, cb, u); -@@ -127,7 +176,7 @@ EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x) - - if ((slen = pem_check_suffix(nm, "PARAMETERS")) > 0) { - ret = EVP_PKEY_new(); -- if (ret == NULL) -+ if (!ret) - goto err; - if (!EVP_PKEY_set_type_str(ret, nm, slen) - || !ret->ameth->param_decode -@@ -137,7 +186,8 @@ EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x) - goto err; - } - if (x) { -- EVP_PKEY_free((EVP_PKEY *)*x); -+ if (*x) -+ EVP_PKEY_free((EVP_PKEY *)*x); - *x = ret; - } - } -@@ -160,7 +210,7 @@ int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x) - pem_str, bp, x, NULL, NULL, 0, 0, NULL); - } - --#ifndef OPENSSL_NO_STDIO -+#ifndef OPENSSL_NO_FP_API - EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, - void *u) - { -@@ -211,7 +261,7 @@ DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u) - return NULL; - p = data; - -- if (strcmp(nm, PEM_STRING_DHXPARAMS) == 0) -+ if (!strcmp(nm, PEM_STRING_DHXPARAMS)) - ret = d2i_DHxparams(x, &p, len); - else - ret = d2i_DHparams(x, &p, len); -@@ -223,7 +273,7 @@ DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u) - return ret; - } - --# ifndef OPENSSL_NO_STDIO -+# ifndef OPENSSL_NO_FP_API - DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u) - { - BIO *b; -diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_seal.c b/Cryptlib/OpenSSL/crypto/pem/pem_seal.c -new file mode 100644 -index 0000000..a5c1812 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/pem/pem_seal.c -@@ -0,0 +1,191 @@ -+/* crypto/pem/pem_seal.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#include /* for OPENSSL_NO_RSA */ -+#ifndef OPENSSL_NO_RSA -+# include -+# include "cryptlib.h" -+# include -+# include -+# include -+# include -+# include -+# include -+ -+int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type, -+ unsigned char **ek, int *ekl, unsigned char *iv, -+ EVP_PKEY **pubk, int npubk) -+{ -+ unsigned char key[EVP_MAX_KEY_LENGTH]; -+ int ret = -1; -+ int i, j, max = 0; -+ char *s = NULL; -+ -+ for (i = 0; i < npubk; i++) { -+ if (pubk[i]->type != EVP_PKEY_RSA) { -+ PEMerr(PEM_F_PEM_SEALINIT, PEM_R_PUBLIC_KEY_NO_RSA); -+ goto err; -+ } -+ j = RSA_size(pubk[i]->pkey.rsa); -+ if (j > max) -+ max = j; -+ } -+ s = (char *)OPENSSL_malloc(max * 2); -+ if (s == NULL) { -+ PEMerr(PEM_F_PEM_SEALINIT, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ EVP_EncodeInit(&ctx->encode); -+ -+ EVP_MD_CTX_init(&ctx->md); -+ if (!EVP_SignInit(&ctx->md, md_type)) -+ goto err; -+ -+ EVP_CIPHER_CTX_init(&ctx->cipher); -+ ret = EVP_SealInit(&ctx->cipher, type, ek, ekl, iv, pubk, npubk); -+ if (ret <= 0) -+ goto err; -+ -+ /* base64 encode the keys */ -+ for (i = 0; i < npubk; i++) { -+ j = EVP_EncodeBlock((unsigned char *)s, ek[i], -+ RSA_size(pubk[i]->pkey.rsa)); -+ ekl[i] = j; -+ memcpy(ek[i], s, j + 1); -+ } -+ -+ ret = npubk; -+ err: -+ if (s != NULL) -+ OPENSSL_free(s); -+ OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); -+ return (ret); -+} -+ -+void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl, -+ unsigned char *in, int inl) -+{ -+ unsigned char buffer[1600]; -+ int i, j; -+ -+ *outl = 0; -+ EVP_SignUpdate(&ctx->md, in, inl); -+ for (;;) { -+ if (inl <= 0) -+ break; -+ if (inl > 1200) -+ i = 1200; -+ else -+ i = inl; -+ EVP_EncryptUpdate(&ctx->cipher, buffer, &j, in, i); -+ EVP_EncodeUpdate(&ctx->encode, out, &j, buffer, j); -+ *outl += j; -+ out += j; -+ in += i; -+ inl -= i; -+ } -+} -+ -+int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl, -+ unsigned char *out, int *outl, EVP_PKEY *priv) -+{ -+ unsigned char *s = NULL; -+ int ret = 0, j; -+ unsigned int i; -+ -+ if (priv->type != EVP_PKEY_RSA) { -+ PEMerr(PEM_F_PEM_SEALFINAL, PEM_R_PUBLIC_KEY_NO_RSA); -+ goto err; -+ } -+ i = RSA_size(priv->pkey.rsa); -+ if (i < 100) -+ i = 100; -+ s = (unsigned char *)OPENSSL_malloc(i * 2); -+ if (s == NULL) { -+ PEMerr(PEM_F_PEM_SEALFINAL, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ if (!EVP_EncryptFinal_ex(&ctx->cipher, s, (int *)&i)) -+ goto err; -+ EVP_EncodeUpdate(&ctx->encode, out, &j, s, i); -+ *outl = j; -+ out += j; -+ EVP_EncodeFinal(&ctx->encode, out, &j); -+ *outl += j; -+ -+ if (!EVP_SignFinal(&ctx->md, s, &i, priv)) -+ goto err; -+ *sigl = EVP_EncodeBlock(sig, s, i); -+ -+ ret = 1; -+ err: -+ EVP_MD_CTX_cleanup(&ctx->md); -+ EVP_CIPHER_CTX_cleanup(&ctx->cipher); -+ if (s != NULL) -+ OPENSSL_free(s); -+ return (ret); -+} -+#else /* !OPENSSL_NO_RSA */ -+ -+# if PEDANTIC -+static void *dummy = &dummy; -+# endif -+ -+#endif -diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_sign.c b/Cryptlib/OpenSSL/crypto/pem/pem_sign.c -index 12ad974..b5e5c29 100644 ---- a/Cryptlib/OpenSSL/crypto/pem/pem_sign.c -+++ b/Cryptlib/OpenSSL/crypto/pem/pem_sign.c -@@ -1,27 +1,77 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/pem/pem_sign.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" -+#include - #include - #include - #include - #include - --int PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type) -+void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type) - { -- return EVP_DigestInit_ex(ctx, type, NULL); -+ EVP_DigestInit_ex(ctx, type, NULL); - } - --int PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data, unsigned int count) -+void PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data, unsigned int count) - { -- return EVP_DigestUpdate(ctx, data, count); -+ EVP_DigestUpdate(ctx, data, count); - } - - int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, -@@ -31,7 +81,7 @@ int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, - int i, ret = 0; - unsigned int m_len; - -- m = OPENSSL_malloc(EVP_PKEY_size(pkey) + 2); -+ m = (unsigned char *)OPENSSL_malloc(EVP_PKEY_size(pkey) + 2); - if (m == NULL) { - PEMerr(PEM_F_PEM_SIGNFINAL, ERR_R_MALLOC_FAILURE); - goto err; -@@ -45,6 +95,7 @@ int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, - ret = 1; - err: - /* ctx has been zeroed by EVP_SignFinal() */ -- OPENSSL_free(m); -+ if (m != NULL) -+ OPENSSL_free(m); - return (ret); - } -diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_x509.c b/Cryptlib/OpenSSL/crypto/pem/pem_x509.c -index 3a99756..3c20ff2 100644 ---- a/Cryptlib/OpenSSL/crypto/pem/pem_x509.c -+++ b/Cryptlib/OpenSSL/crypto/pem/pem_x509.c -@@ -1,14 +1,64 @@ -+/* pem_x509.c */ - /* -- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2001. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include -diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_xaux.c b/Cryptlib/OpenSSL/crypto/pem/pem_xaux.c -index 6d7e1db..c523430 100644 ---- a/Cryptlib/OpenSSL/crypto/pem/pem_xaux.c -+++ b/Cryptlib/OpenSSL/crypto/pem/pem_xaux.c -@@ -1,14 +1,64 @@ -+/* pem_xaux.c */ - /* -- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2001. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include -@@ -16,3 +66,5 @@ - #include - - IMPLEMENT_PEM_rw(X509_AUX, X509, PEM_STRING_X509_TRUSTED, X509_AUX) -+IMPLEMENT_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR, PEM_STRING_X509_PAIR, -+ X509_CERT_PAIR) -diff --git a/Cryptlib/OpenSSL/crypto/pem/pvkfmt.c b/Cryptlib/OpenSSL/crypto/pem/pvkfmt.c -index 248704e..1ce5a1e 100644 ---- a/Cryptlib/OpenSSL/crypto/pem/pvkfmt.c -+++ b/Cryptlib/OpenSSL/crypto/pem/pvkfmt.c -@@ -1,10 +1,59 @@ - /* -- * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2005. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - /* -@@ -12,7 +61,7 @@ - * and PRIVATEKEYBLOB). - */ - --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include -@@ -44,11 +93,23 @@ static unsigned int read_ledword(const unsigned char **in) - - static int read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r) - { -- *r = BN_lebin2bn(*in, nbyte, NULL); -- if (*r == NULL) -+ const unsigned char *p; -+ unsigned char *tmpbuf, *q; -+ unsigned int i; -+ p = *in + nbyte - 1; -+ tmpbuf = OPENSSL_malloc(nbyte); -+ if (!tmpbuf) -+ return 0; -+ q = tmpbuf; -+ for (i = 0; i < nbyte; i++) -+ *q++ = *p--; -+ *r = BN_bin2bn(tmpbuf, nbyte, NULL); -+ OPENSSL_free(tmpbuf); -+ if (*r) { -+ *in += nbyte; -+ return 1; -+ } else - return 0; -- *in += nbyte; -- return 1; - } - - /* Convert private key blob to EVP_PKEY: RSA and DSA keys supported */ -@@ -78,9 +139,9 @@ static int read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r) - /* Maximum salt length */ - # define PVK_MAX_SALTLEN 10240 - --static EVP_PKEY *b2i_rsa(const unsigned char **in, -+static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length, - unsigned int bitlen, int ispub); --static EVP_PKEY *b2i_dss(const unsigned char **in, -+static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length, - unsigned int bitlen, int ispub); - - static int do_blob_header(const unsigned char **in, unsigned int length, -@@ -193,9 +254,9 @@ static EVP_PKEY *do_b2i(const unsigned char **in, unsigned int length, - return NULL; - } - if (isdss) -- return b2i_dss(&p, bitlen, ispub); -+ return b2i_dss(&p, length, bitlen, ispub); - else -- return b2i_rsa(&p, bitlen, ispub); -+ return b2i_rsa(&p, length, bitlen, ispub); - } - - static EVP_PKEY *do_b2i_bio(BIO *in, int ispub) -@@ -219,7 +280,7 @@ static EVP_PKEY *do_b2i_bio(BIO *in, int ispub) - return NULL; - } - buf = OPENSSL_malloc(length); -- if (buf == NULL) { -+ if (!buf) { - PEMerr(PEM_F_DO_B2I_BIO, ERR_R_MALLOC_FAILURE); - goto err; - } -@@ -230,16 +291,17 @@ static EVP_PKEY *do_b2i_bio(BIO *in, int ispub) - } - - if (isdss) -- ret = b2i_dss(&p, bitlen, ispub); -+ ret = b2i_dss(&p, length, bitlen, ispub); - else -- ret = b2i_rsa(&p, bitlen, ispub); -+ ret = b2i_rsa(&p, length, bitlen, ispub); - - err: -- OPENSSL_free(buf); -+ if (buf) -+ OPENSSL_free(buf); - return ret; - } - --static EVP_PKEY *b2i_dss(const unsigned char **in, -+static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length, - unsigned int bitlen, int ispub) - { - const unsigned char *p = *in; -@@ -247,48 +309,35 @@ static EVP_PKEY *b2i_dss(const unsigned char **in, - DSA *dsa = NULL; - BN_CTX *ctx = NULL; - unsigned int nbyte; -- BIGNUM *pbn = NULL, *qbn = NULL, *gbn = NULL, *priv_key = NULL; -- BIGNUM *pub_key = NULL; -- - nbyte = (bitlen + 7) >> 3; - - dsa = DSA_new(); - ret = EVP_PKEY_new(); -- if (dsa == NULL || ret == NULL) -+ if (!dsa || !ret) - goto memerr; -- if (!read_lebn(&p, nbyte, &pbn)) -+ if (!read_lebn(&p, nbyte, &dsa->p)) - goto memerr; -- -- if (!read_lebn(&p, 20, &qbn)) -+ if (!read_lebn(&p, 20, &dsa->q)) - goto memerr; -- -- if (!read_lebn(&p, nbyte, &gbn)) -+ if (!read_lebn(&p, nbyte, &dsa->g)) - goto memerr; -- - if (ispub) { -- if (!read_lebn(&p, nbyte, &pub_key)) -+ if (!read_lebn(&p, nbyte, &dsa->pub_key)) - goto memerr; - } else { -- if (!read_lebn(&p, 20, &priv_key)) -+ if (!read_lebn(&p, 20, &dsa->priv_key)) - goto memerr; -- - /* Calculate public key */ -- pub_key = BN_new(); -- if (pub_key == NULL) -+ if (!(dsa->pub_key = BN_new())) - goto memerr; -- if ((ctx = BN_CTX_new()) == NULL) -+ if (!(ctx = BN_CTX_new())) - goto memerr; - -- if (!BN_mod_exp(pub_key, gbn, priv_key, pbn, ctx)) -- goto memerr; -+ if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) - -+ goto memerr; - BN_CTX_free(ctx); - } -- if (!DSA_set0_pqg(dsa, pbn, qbn, gbn)) -- goto memerr; -- pbn = qbn = gbn = NULL; -- if (!DSA_set0_key(dsa, pub_key, priv_key)) -- goto memerr; - - EVP_PKEY_set1_DSA(ret, dsa); - DSA_free(dsa); -@@ -297,73 +346,60 @@ static EVP_PKEY *b2i_dss(const unsigned char **in, - - memerr: - PEMerr(PEM_F_B2I_DSS, ERR_R_MALLOC_FAILURE); -- DSA_free(dsa); -- BN_free(pbn); -- BN_free(qbn); -- BN_free(gbn); -- BN_free(pub_key); -- BN_free(priv_key); -- EVP_PKEY_free(ret); -- BN_CTX_free(ctx); -+ if (dsa) -+ DSA_free(dsa); -+ if (ret) -+ EVP_PKEY_free(ret); -+ if (ctx) -+ BN_CTX_free(ctx); - return NULL; - } - --static EVP_PKEY *b2i_rsa(const unsigned char **in, -+static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length, - unsigned int bitlen, int ispub) - { -- const unsigned char *pin = *in; -+ const unsigned char *p = *in; - EVP_PKEY *ret = NULL; -- BIGNUM *e = NULL, *n = NULL, *d = NULL; -- BIGNUM *p = NULL, *q = NULL, *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL; - RSA *rsa = NULL; - unsigned int nbyte, hnbyte; - nbyte = (bitlen + 7) >> 3; - hnbyte = (bitlen + 15) >> 4; - rsa = RSA_new(); - ret = EVP_PKEY_new(); -- if (rsa == NULL || ret == NULL) -+ if (!rsa || !ret) - goto memerr; -- e = BN_new(); -- if (e == NULL) -+ rsa->e = BN_new(); -+ if (!rsa->e) - goto memerr; -- if (!BN_set_word(e, read_ledword(&pin))) -+ if (!BN_set_word(rsa->e, read_ledword(&p))) - goto memerr; -- if (!read_lebn(&pin, nbyte, &n)) -+ if (!read_lebn(&p, nbyte, &rsa->n)) - goto memerr; - if (!ispub) { -- if (!read_lebn(&pin, hnbyte, &p)) -+ if (!read_lebn(&p, hnbyte, &rsa->p)) - goto memerr; -- if (!read_lebn(&pin, hnbyte, &q)) -+ if (!read_lebn(&p, hnbyte, &rsa->q)) - goto memerr; -- if (!read_lebn(&pin, hnbyte, &dmp1)) -+ if (!read_lebn(&p, hnbyte, &rsa->dmp1)) - goto memerr; -- if (!read_lebn(&pin, hnbyte, &dmq1)) -+ if (!read_lebn(&p, hnbyte, &rsa->dmq1)) - goto memerr; -- if (!read_lebn(&pin, hnbyte, &iqmp)) -+ if (!read_lebn(&p, hnbyte, &rsa->iqmp)) - goto memerr; -- if (!read_lebn(&pin, nbyte, &d)) -+ if (!read_lebn(&p, nbyte, &rsa->d)) - goto memerr; -- RSA_set0_factors(rsa, p, q); -- RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp); - } -- RSA_set0_key(rsa, n, e, d); - - EVP_PKEY_set1_RSA(ret, rsa); - RSA_free(rsa); -- *in = pin; -+ *in = p; - return ret; - memerr: - PEMerr(PEM_F_B2I_RSA, ERR_R_MALLOC_FAILURE); -- BN_free(e); -- BN_free(n); -- BN_free(p); -- BN_free(q); -- BN_free(dmp1); -- BN_free(dmq1); -- BN_free(iqmp); -- BN_free(d); -- RSA_free(rsa); -- EVP_PKEY_free(ret); -+ if (rsa) -+ RSA_free(rsa); -+ if (ret) -+ EVP_PKEY_free(ret); - return NULL; - } - -@@ -399,8 +435,26 @@ static void write_ledword(unsigned char **out, unsigned int dw) - - static void write_lebn(unsigned char **out, const BIGNUM *bn, int len) - { -- BN_bn2lebinpad(bn, *out, len); -- *out += len; -+ int nb, i; -+ unsigned char *p = *out, *q, c; -+ nb = BN_num_bytes(bn); -+ BN_bn2bin(bn, p); -+ q = p + nb - 1; -+ /* In place byte order reversal */ -+ for (i = 0; i < nb / 2; i++) { -+ c = *p; -+ *p++ = *q; -+ *q-- = c; -+ } -+ *out += nb; -+ /* Pad with zeroes if we have to */ -+ if (len > 0) { -+ len -= nb; -+ if (len > 0) { -+ memset(*out, 0, len); -+ *out += len; -+ } -+ } - } - - static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *magic); -@@ -414,12 +468,11 @@ static int do_i2b(unsigned char **out, EVP_PKEY *pk, int ispub) - unsigned char *p; - unsigned int bitlen, magic = 0, keyalg; - int outlen, noinc = 0; -- int pktype = EVP_PKEY_id(pk); -- if (pktype == EVP_PKEY_DSA) { -- bitlen = check_bitlen_dsa(EVP_PKEY_get0_DSA(pk), ispub, &magic); -+ if (pk->type == EVP_PKEY_DSA) { -+ bitlen = check_bitlen_dsa(pk->pkey.dsa, ispub, &magic); - keyalg = MS_KEYALG_DSS_SIGN; -- } else if (pktype == EVP_PKEY_RSA) { -- bitlen = check_bitlen_rsa(EVP_PKEY_get0_RSA(pk), ispub, &magic); -+ } else if (pk->type == EVP_PKEY_RSA) { -+ bitlen = check_bitlen_rsa(pk->pkey.rsa, ispub, &magic); - keyalg = MS_KEYALG_RSA_KEYX; - } else - return -1; -@@ -433,7 +486,7 @@ static int do_i2b(unsigned char **out, EVP_PKEY *pk, int ispub) - p = *out; - else { - p = OPENSSL_malloc(outlen); -- if (p == NULL) -+ if (!p) - return -1; - *out = p; - noinc = 1; -@@ -449,9 +502,9 @@ static int do_i2b(unsigned char **out, EVP_PKEY *pk, int ispub) - write_ledword(&p, magic); - write_ledword(&p, bitlen); - if (keyalg == MS_KEYALG_DSS_SIGN) -- write_dsa(&p, EVP_PKEY_get0_DSA(pk), ispub); -+ write_dsa(&p, pk->pkey.dsa, ispub); - else -- write_rsa(&p, EVP_PKEY_get0_RSA(pk), ispub); -+ write_rsa(&p, pk->pkey.rsa, ispub); - if (!noinc) - *out += outlen; - return outlen; -@@ -474,21 +527,16 @@ static int do_i2b_bio(BIO *out, EVP_PKEY *pk, int ispub) - static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *pmagic) - { - int bitlen; -- const BIGNUM *p = NULL, *q = NULL, *g = NULL; -- const BIGNUM *pub_key = NULL, *priv_key = NULL; -- -- DSA_get0_pqg(dsa, &p, &q, &g); -- DSA_get0_key(dsa, &pub_key, &priv_key); -- bitlen = BN_num_bits(p); -- if ((bitlen & 7) || (BN_num_bits(q) != 160) -- || (BN_num_bits(g) > bitlen)) -+ bitlen = BN_num_bits(dsa->p); -+ if ((bitlen & 7) || (BN_num_bits(dsa->q) != 160) -+ || (BN_num_bits(dsa->g) > bitlen)) - goto badkey; - if (ispub) { -- if (BN_num_bits(pub_key) > bitlen) -+ if (BN_num_bits(dsa->pub_key) > bitlen) - goto badkey; - *pmagic = MS_DSS1MAGIC; - } else { -- if (BN_num_bits(priv_key) > 160) -+ if (BN_num_bits(dsa->priv_key) > 160) - goto badkey; - *pmagic = MS_DSS2MAGIC; - } -@@ -502,35 +550,26 @@ static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *pmagic) - static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *pmagic) - { - int nbyte, hnbyte, bitlen; -- const BIGNUM *e; -- -- RSA_get0_key(rsa, NULL, &e, NULL); -- if (BN_num_bits(e) > 32) -+ if (BN_num_bits(rsa->e) > 32) - goto badkey; -- bitlen = RSA_bits(rsa); -- nbyte = RSA_size(rsa); -- hnbyte = (bitlen + 15) >> 4; -+ bitlen = BN_num_bits(rsa->n); -+ nbyte = BN_num_bytes(rsa->n); -+ hnbyte = (BN_num_bits(rsa->n) + 15) >> 4; - if (ispub) { - *pmagic = MS_RSA1MAGIC; - return bitlen; - } else { -- const BIGNUM *d, *p, *q, *iqmp, *dmp1, *dmq1; -- - *pmagic = MS_RSA2MAGIC; -- - /* - * For private key each component must fit within nbyte or hnbyte. - */ -- RSA_get0_key(rsa, NULL, NULL, &d); -- if (BN_num_bytes(d) > nbyte) -+ if (BN_num_bytes(rsa->d) > nbyte) - goto badkey; -- RSA_get0_factors(rsa, &p, &q); -- RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp); -- if ((BN_num_bytes(iqmp) > hnbyte) -- || (BN_num_bytes(p) > hnbyte) -- || (BN_num_bytes(q) > hnbyte) -- || (BN_num_bytes(dmp1) > hnbyte) -- || (BN_num_bytes(dmq1) > hnbyte)) -+ if ((BN_num_bytes(rsa->iqmp) > hnbyte) -+ || (BN_num_bytes(rsa->p) > hnbyte) -+ || (BN_num_bytes(rsa->q) > hnbyte) -+ || (BN_num_bytes(rsa->dmp1) > hnbyte) -+ || (BN_num_bytes(rsa->dmq1) > hnbyte)) - goto badkey; - } - return bitlen; -@@ -542,41 +581,31 @@ static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *pmagic) - static void write_rsa(unsigned char **out, RSA *rsa, int ispub) - { - int nbyte, hnbyte; -- const BIGNUM *n, *d, *e, *p, *q, *iqmp, *dmp1, *dmq1; -- -- nbyte = RSA_size(rsa); -- hnbyte = (RSA_bits(rsa) + 15) >> 4; -- RSA_get0_key(rsa, &n, &e, &d); -- write_lebn(out, e, 4); -- write_lebn(out, n, nbyte); -+ nbyte = BN_num_bytes(rsa->n); -+ hnbyte = (BN_num_bits(rsa->n) + 15) >> 4; -+ write_lebn(out, rsa->e, 4); -+ write_lebn(out, rsa->n, -1); - if (ispub) - return; -- RSA_get0_factors(rsa, &p, &q); -- RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp); -- write_lebn(out, p, hnbyte); -- write_lebn(out, q, hnbyte); -- write_lebn(out, dmp1, hnbyte); -- write_lebn(out, dmq1, hnbyte); -- write_lebn(out, iqmp, hnbyte); -- write_lebn(out, d, nbyte); -+ write_lebn(out, rsa->p, hnbyte); -+ write_lebn(out, rsa->q, hnbyte); -+ write_lebn(out, rsa->dmp1, hnbyte); -+ write_lebn(out, rsa->dmq1, hnbyte); -+ write_lebn(out, rsa->iqmp, hnbyte); -+ write_lebn(out, rsa->d, nbyte); - } - - static void write_dsa(unsigned char **out, DSA *dsa, int ispub) - { - int nbyte; -- const BIGNUM *p = NULL, *q = NULL, *g = NULL; -- const BIGNUM *pub_key = NULL, *priv_key = NULL; -- -- DSA_get0_pqg(dsa, &p, &q, &g); -- DSA_get0_key(dsa, &pub_key, &priv_key); -- nbyte = BN_num_bytes(p); -- write_lebn(out, p, nbyte); -- write_lebn(out, q, 20); -- write_lebn(out, g, nbyte); -+ nbyte = BN_num_bytes(dsa->p); -+ write_lebn(out, dsa->p, nbyte); -+ write_lebn(out, dsa->q, 20); -+ write_lebn(out, dsa->g, nbyte); - if (ispub) -- write_lebn(out, pub_key, nbyte); -+ write_lebn(out, dsa->pub_key, nbyte); - else -- write_lebn(out, priv_key, 20); -+ write_lebn(out, dsa->priv_key, 20); - /* Set "invalid" for seed structure values */ - memset(*out, 0xff, 24); - *out += 24; -@@ -642,16 +671,16 @@ static int derive_pvk_key(unsigned char *key, - const unsigned char *salt, unsigned int saltlen, - const unsigned char *pass, int passlen) - { -- EVP_MD_CTX *mctx = EVP_MD_CTX_new(); -+ EVP_MD_CTX mctx; - int rv = 1; -- if (mctx == NULL -- || !EVP_DigestInit_ex(mctx, EVP_sha1(), NULL) -- || !EVP_DigestUpdate(mctx, salt, saltlen) -- || !EVP_DigestUpdate(mctx, pass, passlen) -- || !EVP_DigestFinal_ex(mctx, key, NULL)) -+ EVP_MD_CTX_init(&mctx); -+ if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL) -+ || !EVP_DigestUpdate(&mctx, salt, saltlen) -+ || !EVP_DigestUpdate(&mctx, pass, passlen) -+ || !EVP_DigestFinal_ex(&mctx, key, NULL)) - rv = 0; - -- EVP_MD_CTX_free(mctx); -+ EVP_MD_CTX_cleanup(&mctx); - return rv; - } - -@@ -663,8 +692,8 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in, - const unsigned char *p = *in; - unsigned int magic; - unsigned char *enctmp = NULL, *q; -- -- EVP_CIPHER_CTX *cctx = EVP_CIPHER_CTX_new(); -+ EVP_CIPHER_CTX cctx; -+ EVP_CIPHER_CTX_init(&cctx); - if (saltlen) { - char psbuf[PEM_BUFSIZE]; - unsigned char keybuf[20]; -@@ -678,7 +707,7 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in, - goto err; - } - enctmp = OPENSSL_malloc(keylen + 8); -- if (enctmp == NULL) { -+ if (!enctmp) { - PEMerr(PEM_F_DO_PVK_BODY, ERR_R_MALLOC_FAILURE); - goto err; - } -@@ -695,22 +724,22 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in, - } - inlen = keylen - 8; - q = enctmp + 8; -- if (!EVP_DecryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL)) -+ if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL)) - goto err; -- if (!EVP_DecryptUpdate(cctx, q, &enctmplen, p, inlen)) -+ if (!EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen)) - goto err; -- if (!EVP_DecryptFinal_ex(cctx, q + enctmplen, &enctmplen)) -+ if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen, &enctmplen)) - goto err; - magic = read_ledword((const unsigned char **)&q); - if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) { - q = enctmp + 8; - memset(keybuf + 5, 0, 11); -- if (!EVP_DecryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL)) -+ if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL)) - goto err; - OPENSSL_cleanse(keybuf, 20); -- if (!EVP_DecryptUpdate(cctx, q, &enctmplen, p, inlen)) -+ if (!EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen)) - goto err; -- if (!EVP_DecryptFinal_ex(cctx, q + enctmplen, &enctmplen)) -+ if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen, &enctmplen)) - goto err; - magic = read_ledword((const unsigned char **)&q); - if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) { -@@ -724,8 +753,9 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in, - - ret = b2i_PrivateKey(&p, keylen); - err: -- EVP_CIPHER_CTX_free(cctx); -- OPENSSL_free(enctmp); -+ EVP_CIPHER_CTX_cleanup(&cctx); -+ if (enctmp && saltlen) -+ OPENSSL_free(enctmp); - return ret; - } - -@@ -746,7 +776,7 @@ EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u) - return 0; - buflen = (int)keylen + saltlen; - buf = OPENSSL_malloc(buflen); -- if (buf == NULL) { -+ if (!buf) { - PEMerr(PEM_F_B2I_PVK_BIO, ERR_R_MALLOC_FAILURE); - return 0; - } -@@ -758,7 +788,10 @@ EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u) - ret = do_PVK_body(&p, saltlen, keylen, cb, u); - - err: -- OPENSSL_clear_free(buf, buflen); -+ if (buf) { -+ OPENSSL_cleanse(buf, buflen); -+ OPENSSL_free(buf); -+ } - return ret; - } - -@@ -766,33 +799,31 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY *pk, int enclevel, - pem_password_cb *cb, void *u) - { - int outlen = 24, pklen; -- unsigned char *p = NULL, *start = NULL, *salt = NULL; -- EVP_CIPHER_CTX *cctx = NULL; -+ unsigned char *p, *salt = NULL; -+ EVP_CIPHER_CTX cctx; -+ EVP_CIPHER_CTX_init(&cctx); - if (enclevel) - outlen += PVK_SALTLEN; - pklen = do_i2b(NULL, pk, 0); - if (pklen < 0) - return -1; - outlen += pklen; -- if (out == NULL) -+ if (!out) - return outlen; -- if (*out != NULL) { -+ if (*out) - p = *out; -- } else { -- start = p = OPENSSL_malloc(outlen); -- if (p == NULL) { -+ else { -+ p = OPENSSL_malloc(outlen); -+ if (!p) { - PEMerr(PEM_F_I2B_PVK, ERR_R_MALLOC_FAILURE); - return -1; - } -+ *out = p; - } - -- cctx = EVP_CIPHER_CTX_new(); -- if (cctx == NULL) -- goto error; -- - write_ledword(&p, MS_PVKMAGIC); - write_ledword(&p, 0); -- if (EVP_PKEY_id(pk) == EVP_PKEY_DSA) -+ if (pk->type == EVP_PKEY_DSA) - write_ledword(&p, MS_KEYTYPE_SIGN); - else - write_ledword(&p, MS_KEYTYPE_KEYX); -@@ -806,7 +837,9 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY *pk, int enclevel, - p += PVK_SALTLEN; - } - do_i2b(&p, pk, 0); -- if (enclevel != 0) { -+ if (enclevel == 0) -+ return outlen; -+ else { - char psbuf[PEM_BUFSIZE]; - unsigned char keybuf[20]; - int enctmplen, inlen; -@@ -824,26 +857,19 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY *pk, int enclevel, - if (enclevel == 1) - memset(keybuf + 5, 0, 11); - p = salt + PVK_SALTLEN + 8; -- if (!EVP_EncryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL)) -+ if (!EVP_EncryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL)) - goto error; - OPENSSL_cleanse(keybuf, 20); -- if (!EVP_DecryptUpdate(cctx, p, &enctmplen, p, pklen - 8)) -+ if (!EVP_DecryptUpdate(&cctx, p, &enctmplen, p, pklen - 8)) - goto error; -- if (!EVP_DecryptFinal_ex(cctx, p + enctmplen, &enctmplen)) -+ if (!EVP_DecryptFinal_ex(&cctx, p + enctmplen, &enctmplen)) - goto error; - } -- -- EVP_CIPHER_CTX_free(cctx); -- -- if (*out == NULL) -- *out = start; -- -+ EVP_CIPHER_CTX_cleanup(&cctx); - return outlen; - - error: -- EVP_CIPHER_CTX_free(cctx); -- if (*out == NULL) -- OPENSSL_free(start); -+ EVP_CIPHER_CTX_cleanup(&cctx); - return -1; - } - -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c -index 193ed80..d9f03a3 100644 ---- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c -@@ -1,16 +1,65 @@ -+/* p12_add.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include --#include "p12_lcl.h" - - /* Pack an object into an OCTET STRING and turn into a safebag */ - -@@ -19,8 +68,7 @@ PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, - { - PKCS12_BAGS *bag; - PKCS12_SAFEBAG *safebag; -- -- if ((bag = PKCS12_BAGS_new()) == NULL) { -+ if (!(bag = PKCS12_BAGS_new())) { - PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); - return NULL; - } -@@ -29,7 +77,7 @@ PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, - PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); - goto err; - } -- if ((safebag = PKCS12_SAFEBAG_new()) == NULL) { -+ if (!(safebag = PKCS12_SAFEBAG_new())) { - PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); - goto err; - } -@@ -42,17 +90,64 @@ PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, - return NULL; - } - -+/* Turn PKCS8 object into a keybag */ -+ -+PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8) -+{ -+ PKCS12_SAFEBAG *bag; -+ if (!(bag = PKCS12_SAFEBAG_new())) { -+ PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ bag->type = OBJ_nid2obj(NID_keyBag); -+ bag->value.keybag = p8; -+ return bag; -+} -+ -+/* Turn PKCS8 object into a shrouded keybag */ -+ -+PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, -+ int passlen, unsigned char *salt, -+ int saltlen, int iter, -+ PKCS8_PRIV_KEY_INFO *p8) -+{ -+ PKCS12_SAFEBAG *bag; -+ const EVP_CIPHER *pbe_ciph; -+ -+ /* Set up the safe bag */ -+ if (!(bag = PKCS12_SAFEBAG_new())) { -+ PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ -+ bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag); -+ -+ pbe_ciph = EVP_get_cipherbynid(pbe_nid); -+ -+ if (pbe_ciph) -+ pbe_nid = -1; -+ -+ if (!(bag->value.shkeybag = -+ PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter, -+ p8))) { -+ PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE); -+ PKCS12_SAFEBAG_free(bag); -+ return NULL; -+ } -+ -+ return bag; -+} -+ - /* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */ - PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk) - { - PKCS7 *p7; -- -- if ((p7 = PKCS7_new()) == NULL) { -+ if (!(p7 = PKCS7_new())) { - PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE); - return NULL; - } - p7->type = OBJ_nid2obj(NID_pkcs7_data); -- if ((p7->d.data = ASN1_OCTET_STRING_new()) == NULL) { -+ if (!(p7->d.data = M_ASN1_OCTET_STRING_new())) { - PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE); - goto err; - } -@@ -88,8 +183,7 @@ PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, - PKCS7 *p7; - X509_ALGOR *pbe; - const EVP_CIPHER *pbe_ciph; -- -- if ((p7 = PKCS7_new()) == NULL) { -+ if (!(p7 = PKCS7_new())) { - PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE); - return NULL; - } -@@ -112,7 +206,7 @@ PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, - } - X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm); - p7->d.encrypted->enc_data->algorithm = pbe; -- ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data); -+ M_ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data); - if (!(p7->d.encrypted->enc_data->enc_data = - PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass, - passlen, bags, 1))) { -@@ -138,7 +232,7 @@ STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, - p7->d.encrypted->enc_data->enc_data, 1); - } - --PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag, -+PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, - const char *pass, int passlen) - { - return PKCS8_decrypt(bag->value.shkeybag, pass, passlen); -@@ -152,7 +246,7 @@ int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes) - return 0; - } - --STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12) -+STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12) - { - if (!PKCS7_type_is_data(p12->authsafes)) { - PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES, -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c -index f2bfe32..370ddbd 100644 ---- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c -@@ -1,17 +1,66 @@ -+/* p12_asn.c */ - /* -- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include --#include "p12_lcl.h" - - /* PKCS#12 ASN1 module */ - -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c -index c324f50..fff3ba1 100644 ---- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c -@@ -1,16 +1,65 @@ -+/* p12_attr.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include --#include "p12_lcl.h" - - /* Add a local keyid to a safebag */ - -@@ -28,9 +77,13 @@ int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, - - int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage) - { -- unsigned char us_val = (unsigned char)usage; -- return PKCS8_pkey_add1_attr_by_NID(p8, NID_key_usage, -- V_ASN1_BIT_STRING, &us_val, 1); -+ unsigned char us_val; -+ us_val = (unsigned char)usage; -+ if (X509at_add1_attr_by_NID(&p8->attributes, NID_key_usage, -+ V_ASN1_BIT_STRING, &us_val, 1)) -+ return 1; -+ else -+ return 0; - } - - /* Add a friendlyname to a safebag */ -@@ -45,16 +98,6 @@ int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, - return 0; - } - --int PKCS12_add_friendlyname_utf8(PKCS12_SAFEBAG *bag, const char *name, -- int namelen) --{ -- if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName, -- MBSTRING_UTF8, (unsigned char *)name, namelen)) -- return 1; -- else -- return 0; --} -- - int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, - const unsigned char *name, int namelen) - { -@@ -74,30 +117,31 @@ int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, int namelen) - return 0; - } - --ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, -- int attr_nid) -+ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid) - { - X509_ATTRIBUTE *attrib; - int i; -- i = X509at_get_attr_by_NID(attrs, attr_nid, -1); -- attrib = X509at_get_attr(attrs, i); -- return X509_ATTRIBUTE_get0_type(attrib, 0); -+ if (!attrs) -+ return NULL; -+ for (i = 0; i < sk_X509_ATTRIBUTE_num(attrs); i++) { -+ attrib = sk_X509_ATTRIBUTE_value(attrs, i); -+ if (OBJ_obj2nid(attrib->object) == attr_nid) { -+ if (sk_ASN1_TYPE_num(attrib->value.set)) -+ return sk_ASN1_TYPE_value(attrib->value.set, 0); -+ else -+ return NULL; -+ } -+ } -+ return NULL; - } - - char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag) - { -- const ASN1_TYPE *atype; -- -- if ((atype = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName)) == NULL) -+ ASN1_TYPE *atype; -+ if (!(atype = PKCS12_get_attr(bag, NID_friendlyName))) - return NULL; - if (atype->type != V_ASN1_BMPSTRING) - return NULL; -- return OPENSSL_uni2utf8(atype->value.bmpstring->data, -- atype->value.bmpstring->length); --} -- --const STACK_OF(X509_ATTRIBUTE) * --PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag) --{ -- return bag->attrib; -+ return OPENSSL_uni2asc(atype->value.bmpstring->data, -+ atype->value.bmpstring->length); - } -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c -index feef9d1..9c2dcab 100644 ---- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c -@@ -1,14 +1,64 @@ -+/* p12_crpt.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - - /* PKCS#12 PBE algorithms now in static table */ -@@ -24,22 +74,21 @@ int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - PBEPARAM *pbe; - int saltlen, iter, ret; - unsigned char *salt; -+ const unsigned char *pbuf; - unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; -- int (*pkcs12_key_gen)(const char *pass, int passlen, -- unsigned char *salt, int slen, -- int id, int iter, int n, -- unsigned char *out, -- const EVP_MD *md_type); -- -- pkcs12_key_gen = PKCS12_key_gen_utf8; - - if (cipher == NULL) - return 0; - - /* Extract useful info from parameter */ -+ if (param == NULL || param->type != V_ASN1_SEQUENCE || -+ param->value.sequence == NULL) { -+ PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_DECODE_ERROR); -+ return 0; -+ } - -- pbe = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBEPARAM), param); -- if (pbe == NULL) { -+ pbuf = param->value.sequence->data; -+ if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) { - PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_DECODE_ERROR); - return 0; - } -@@ -50,14 +99,14 @@ int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - iter = ASN1_INTEGER_get(pbe->iter); - salt = pbe->salt->data; - saltlen = pbe->salt->length; -- if (!(*pkcs12_key_gen)(pass, passlen, salt, saltlen, PKCS12_KEY_ID, -- iter, EVP_CIPHER_key_length(cipher), key, md)) { -+ if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_KEY_ID, -+ iter, EVP_CIPHER_key_length(cipher), key, md)) { - PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_KEY_GEN_ERROR); - PBEPARAM_free(pbe); - return 0; - } -- if (!(*pkcs12_key_gen)(pass, passlen, salt, saltlen, PKCS12_IV_ID, -- iter, EVP_CIPHER_iv_length(cipher), iv, md)) { -+ if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_IV_ID, -+ iter, EVP_CIPHER_iv_length(cipher), iv, md)) { - PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_IV_GEN_ERROR); - PBEPARAM_free(pbe); - return 0; -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c -index 10cf8dd..7d2aeef 100644 ---- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c -@@ -1,16 +1,65 @@ -+/* p12_crt.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -+ * project. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include --#include "p12_lcl.h" - - static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, - PKCS12_SAFEBAG *bag); -@@ -28,7 +77,7 @@ static int copy_bag_attr(PKCS12_SAFEBAG *bag, EVP_PKEY *pkey, int nid) - return 1; - } - --PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, X509 *cert, -+PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, - STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, - int mac_iter, int keytype) - { -@@ -41,12 +90,18 @@ PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, X509 * - unsigned int keyidlen = 0; - - /* Set defaults */ -- if (!nid_cert) -+ if (!nid_cert) { -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode()) -+ nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; -+ else -+#endif - #ifdef OPENSSL_NO_RC2 -- nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; -+ nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; - #else -- nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC; -+ nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC; - #endif -+ } - if (!nid_key) - nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; - if (!iter) -@@ -124,9 +179,13 @@ PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, X509 * - return p12; - - err: -- PKCS12_free(p12); -- sk_PKCS7_pop_free(safes, PKCS7_free); -- sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); -+ -+ if (p12) -+ PKCS12_free(p12); -+ if (safes) -+ sk_PKCS7_pop_free(safes, PKCS7_free); -+ if (bags) -+ sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); - return NULL; - - } -@@ -140,7 +199,7 @@ PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert) - int keyidlen = -1; - - /* Add user certificate */ -- if ((bag = PKCS12_SAFEBAG_create_cert(cert)) == NULL) -+ if (!(bag = PKCS12_x5092certbag(cert))) - goto err; - - /* -@@ -163,30 +222,32 @@ PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert) - return bag; - - err: -- PKCS12_SAFEBAG_free(bag); -+ -+ if (bag) -+ PKCS12_SAFEBAG_free(bag); -+ - return NULL; - - } - - PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, - EVP_PKEY *key, int key_usage, int iter, -- int nid_key, const char *pass) -+ int nid_key, char *pass) - { - - PKCS12_SAFEBAG *bag = NULL; - PKCS8_PRIV_KEY_INFO *p8 = NULL; - - /* Make a PKCS#8 structure */ -- if ((p8 = EVP_PKEY2PKCS8(key)) == NULL) -+ if (!(p8 = EVP_PKEY2PKCS8(key))) - goto err; - if (key_usage && !PKCS8_add_keyusage(p8, key_usage)) - goto err; - if (nid_key != -1) { -- bag = PKCS12_SAFEBAG_create_pkcs8_encrypt(nid_key, pass, -1, NULL, 0, -- iter, p8); -+ bag = PKCS12_MAKE_SHKEYBAG(nid_key, pass, -1, NULL, 0, iter, p8); - PKCS8_PRIV_KEY_INFO_free(p8); - } else -- bag = PKCS12_SAFEBAG_create0_p8inf(p8); -+ bag = PKCS12_MAKE_KEYBAG(p8); - - if (!bag) - goto err; -@@ -197,13 +258,16 @@ PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, - return bag; - - err: -- PKCS12_SAFEBAG_free(bag); -+ -+ if (bag) -+ PKCS12_SAFEBAG_free(bag); -+ - return NULL; - - } - - int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, -- int nid_safe, int iter, const char *pass) -+ int nid_safe, int iter, char *pass) - { - PKCS7 *p7 = NULL; - int free_safes = 0; -@@ -240,7 +304,10 @@ int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, - sk_PKCS7_free(*psafes); - *psafes = NULL; - } -- PKCS7_free(p7); -+ -+ if (p7) -+ PKCS7_free(p7); -+ - return 0; - - } -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c -index 3c86058..b40ea10 100644 ---- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c -@@ -1,54 +1,99 @@ -+/* p12_decr.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - - /* Define this to dump decrypted output to files called DERnnn */ - /* -- * #define OPENSSL_DEBUG_DECRYPT -+ * #define DEBUG_DECRYPT - */ - - /* - * Encrypt/Decrypt a buffer based on password and algor, result in a - * OPENSSL_malloc'ed buffer - */ --unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, -- const char *pass, int passlen, -- const unsigned char *in, int inlen, -+ -+unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, -+ int passlen, unsigned char *in, int inlen, - unsigned char **data, int *datalen, int en_de) - { -- unsigned char *out = NULL; -+ unsigned char *out; - int outlen, i; -- EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); -- -- if (ctx == NULL) { -- PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_MALLOC_FAILURE); -- goto err; -- } -+ EVP_CIPHER_CTX ctx; - -+ EVP_CIPHER_CTX_init(&ctx); - /* Decrypt data */ - if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen, -- algor->parameter, ctx, en_de)) { -+ algor->parameter, &ctx, en_de)) { - PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, - PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR); -- goto err; -+ return NULL; - } - -- if ((out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(ctx))) -- == NULL) { -+ if (!(out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) { - PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_MALLOC_FAILURE); - goto err; - } - -- if (!EVP_CipherUpdate(ctx, out, &i, in, inlen)) { -+ if (!EVP_CipherUpdate(&ctx, out, &i, in, inlen)) { - OPENSSL_free(out); - out = NULL; - PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_EVP_LIB); -@@ -56,7 +101,7 @@ unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, - } - - outlen = i; -- if (!EVP_CipherFinal_ex(ctx, out + i, &i)) { -+ if (!EVP_CipherFinal_ex(&ctx, out + i, &i)) { - OPENSSL_free(out); - out = NULL; - PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, -@@ -69,7 +114,7 @@ unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, - if (data) - *data = out; - err: -- EVP_CIPHER_CTX_free(ctx); -+ EVP_CIPHER_CTX_cleanup(&ctx); - return out; - - } -@@ -79,9 +124,9 @@ unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, - * after use. - */ - --void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it, -+void *PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it, - const char *pass, int passlen, -- const ASN1_OCTET_STRING *oct, int zbuf) -+ ASN1_OCTET_STRING *oct, int zbuf) - { - unsigned char *out; - const unsigned char *p; -@@ -95,7 +140,7 @@ void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it, - return NULL; - } - p = out; --#ifdef OPENSSL_DEBUG_DECRYPT -+#ifdef DEBUG_DECRYPT - { - FILE *op; - -@@ -129,8 +174,7 @@ ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, - ASN1_OCTET_STRING *oct = NULL; - unsigned char *in = NULL; - int inlen; -- -- if ((oct = ASN1_OCTET_STRING_new()) == NULL) { -+ if (!(oct = M_ASN1_OCTET_STRING_new())) { - PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, ERR_R_MALLOC_FAILURE); - goto err; - } -@@ -150,6 +194,9 @@ ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, - OPENSSL_free(in); - return oct; - err: -- ASN1_OCTET_STRING_free(oct); -+ if (oct) -+ ASN1_OCTET_STRING_free(oct); - return NULL; - } -+ -+IMPLEMENT_PKCS12_STACK_OF(PKCS7) -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c -index a78e183..0322df9 100644 ---- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c -@@ -1,24 +1,72 @@ -+/* p12_init.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include --#include "p12_lcl.h" - - /* Initialise a PKCS12 structure to take data */ - - PKCS12 *PKCS12_init(int mode) - { - PKCS12 *pkcs12; -- -- if ((pkcs12 = PKCS12_new()) == NULL) { -+ if (!(pkcs12 = PKCS12_new())) { - PKCS12err(PKCS12_F_PKCS12_INIT, ERR_R_MALLOC_FAILURE); - return NULL; - } -@@ -26,7 +74,7 @@ PKCS12 *PKCS12_init(int mode) - pkcs12->authsafes->type = OBJ_nid2obj(mode); - switch (mode) { - case NID_pkcs7_data: -- if ((pkcs12->authsafes->d.data = ASN1_OCTET_STRING_new()) == NULL) { -+ if (!(pkcs12->authsafes->d.data = M_ASN1_OCTET_STRING_new())) { - PKCS12err(PKCS12_F_PKCS12_INIT, ERR_R_MALLOC_FAILURE); - goto err; - } -@@ -35,9 +83,10 @@ PKCS12 *PKCS12_init(int mode) - PKCS12err(PKCS12_F_PKCS12_INIT, PKCS12_R_UNSUPPORTED_PKCS12_MODE); - goto err; - } -- return pkcs12; - -+ return pkcs12; - err: -- PKCS12_free(pkcs12); -+ if (pkcs12 != NULL) -+ PKCS12_free(pkcs12); - return NULL; - } -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c -index 9c13a45..99b8260 100644 ---- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c -@@ -1,22 +1,72 @@ -+/* p12_key.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - - /* Uncomment out this line to get debugging info about key generation */ - /* -- * #define OPENSSL_DEBUG_KEYGEN -+ * #define DEBUG_KEYGEN - */ --#ifdef OPENSSL_DEBUG_KEYGEN -+#ifdef DEBUG_KEYGEN - # include - extern BIO *bio_err; - void h__dump(unsigned char *p, int len); -@@ -46,30 +96,10 @@ int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, - id, iter, n, out, md_type); - if (ret <= 0) - return 0; -- OPENSSL_clear_free(unipass, uniplen); -- return ret; --} -- --int PKCS12_key_gen_utf8(const char *pass, int passlen, unsigned char *salt, -- int saltlen, int id, int iter, int n, -- unsigned char *out, const EVP_MD *md_type) --{ -- int ret; -- unsigned char *unipass; -- int uniplen; -- -- if (!pass) { -- unipass = NULL; -- uniplen = 0; -- } else if (!OPENSSL_utf82uni(pass, passlen, &unipass, &uniplen)) { -- PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UTF8, ERR_R_MALLOC_FAILURE); -- return 0; -+ if (unipass) { -+ OPENSSL_cleanse(unipass, uniplen); /* Clear password from memory */ -+ OPENSSL_free(unipass); - } -- ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen, -- id, iter, n, out, md_type); -- if (ret <= 0) -- return 0; -- OPENSSL_clear_free(unipass, uniplen); - return ret; - } - -@@ -77,22 +107,26 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, - int saltlen, int id, int iter, int n, - unsigned char *out, const EVP_MD *md_type) - { -- unsigned char *B = NULL, *D = NULL, *I = NULL, *p = NULL, *Ai = NULL; -+ unsigned char *B, *D, *I, *p, *Ai; - int Slen, Plen, Ilen, Ijlen; - int i, j, u, v; - int ret = 0; -- BIGNUM *Ij = NULL, *Bpl1 = NULL; /* These hold Ij and B + 1 */ -- EVP_MD_CTX *ctx = NULL; --#ifdef OPENSSL_DEBUG_KEYGEN -+ BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */ -+ EVP_MD_CTX ctx; -+#ifdef DEBUG_KEYGEN - unsigned char *tmpout = out; - int tmpn = n; - #endif - -- ctx = EVP_MD_CTX_new(); -- if (ctx == NULL) -- goto err; -+#if 0 -+ if (!pass) { -+ PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI, ERR_R_PASSED_NULL_PARAMETER); -+ return 0; -+ } -+#endif - --#ifdef OPENSSL_DEBUG_KEYGEN -+ EVP_MD_CTX_init(&ctx); -+#ifdef DEBUG_KEYGEN - fprintf(stderr, "KEYGEN DEBUG\n"); - fprintf(stderr, "ID %d, ITER %d\n", id, iter); - fprintf(stderr, "Password (length %d):\n", passlen); -@@ -102,8 +136,8 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, - #endif - v = EVP_MD_block_size(md_type); - u = EVP_MD_size(md_type); -- if (u < 0 || v <= 0) -- goto err; -+ if (u < 0) -+ return 0; - D = OPENSSL_malloc(v); - Ai = OPENSSL_malloc(u); - B = OPENSSL_malloc(v + 1); -@@ -116,8 +150,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, - I = OPENSSL_malloc(Ilen); - Ij = BN_new(); - Bpl1 = BN_new(); -- if (D == NULL || Ai == NULL || B == NULL || I == NULL || Ij == NULL -- || Bpl1 == NULL) -+ if (!D || !Ai || !B || !I || !Ij || !Bpl1) - goto err; - for (i = 0; i < v; i++) - D[i] = id; -@@ -127,20 +160,20 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, - for (i = 0; i < Plen; i++) - *p++ = pass[i % passlen]; - for (;;) { -- if (!EVP_DigestInit_ex(ctx, md_type, NULL) -- || !EVP_DigestUpdate(ctx, D, v) -- || !EVP_DigestUpdate(ctx, I, Ilen) -- || !EVP_DigestFinal_ex(ctx, Ai, NULL)) -+ if (!EVP_DigestInit_ex(&ctx, md_type, NULL) -+ || !EVP_DigestUpdate(&ctx, D, v) -+ || !EVP_DigestUpdate(&ctx, I, Ilen) -+ || !EVP_DigestFinal_ex(&ctx, Ai, NULL)) - goto err; - for (j = 1; j < iter; j++) { -- if (!EVP_DigestInit_ex(ctx, md_type, NULL) -- || !EVP_DigestUpdate(ctx, Ai, u) -- || !EVP_DigestFinal_ex(ctx, Ai, NULL)) -+ if (!EVP_DigestInit_ex(&ctx, md_type, NULL) -+ || !EVP_DigestUpdate(&ctx, Ai, u) -+ || !EVP_DigestFinal_ex(&ctx, Ai, NULL)) - goto err; - } - memcpy(out, Ai, min(n, u)); - if (u >= n) { --#ifdef OPENSSL_DEBUG_KEYGEN -+#ifdef DEBUG_KEYGEN - fprintf(stderr, "Output KEY (length %d)\n", tmpn); - h__dump(tmpout, tmpn); - #endif -@@ -191,11 +224,11 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, - OPENSSL_free(I); - BN_free(Ij); - BN_free(Bpl1); -- EVP_MD_CTX_free(ctx); -+ EVP_MD_CTX_cleanup(&ctx); - return ret; - } - --#ifdef OPENSSL_DEBUG_KEYGEN -+#ifdef DEBUG_KEYGEN - void h__dump(unsigned char *p, int len) - { - for (; len--; p++) -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c -index 62f5d1e..9aa3c90 100644 ---- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c -@@ -1,14 +1,64 @@ -+/* p12_kiss.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - - /* Simplified PKCS#12 routines */ -@@ -16,7 +66,7 @@ - static int parse_pk12(PKCS12 *p12, const char *pass, int passlen, - EVP_PKEY **pkey, STACK_OF(X509) *ocerts); - --static int parse_bags(const STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, -+static int parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, - int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts); - - static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, -@@ -26,7 +76,7 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, - * Parse and decrypt a PKCS#12 structure returning user key, user cert and - * other (CA) certs. Note either ca should be NULL, *ca should be NULL, or it - * should point to a valid STACK structure. pkey and cert can be passed -- * uninitialised. -+ * unitialised. - */ - - int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, -@@ -102,21 +152,25 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, - goto err; - x = NULL; - } -- X509_free(x); -+ if (x) -+ X509_free(x); - } - -- sk_X509_pop_free(ocerts, X509_free); -+ if (ocerts) -+ sk_X509_pop_free(ocerts, X509_free); - - return 1; - - err: - -- if (pkey) -+ if (pkey && *pkey) - EVP_PKEY_free(*pkey); -- if (cert) -+ if (cert && *cert) - X509_free(*cert); -- X509_free(x); -- sk_X509_pop_free(ocerts, X509_free); -+ if (x) -+ X509_free(x); -+ if (ocerts) -+ sk_X509_pop_free(ocerts, X509_free); - return 0; - - } -@@ -131,7 +185,7 @@ static int parse_pk12(PKCS12 *p12, const char *pass, int passlen, - int i, bagnid; - PKCS7 *p7; - -- if ((asafes = PKCS12_unpack_authsafes(p12)) == NULL) -+ if (!(asafes = PKCS12_unpack_authsafes(p12))) - return 0; - for (i = 0; i < sk_PKCS7_num(asafes); i++) { - p7 = sk_PKCS7_value(asafes, i); -@@ -157,7 +211,7 @@ static int parse_pk12(PKCS12 *p12, const char *pass, int passlen, - return 1; - } - --static int parse_bags(const STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, -+static int parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, - int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts) - { - int i; -@@ -174,29 +228,28 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, - { - PKCS8_PRIV_KEY_INFO *p8; - X509 *x509; -- const ASN1_TYPE *attrib; -+ ASN1_TYPE *attrib; - ASN1_BMPSTRING *fname = NULL; - ASN1_OCTET_STRING *lkid = NULL; - -- if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName))) -+ if ((attrib = PKCS12_get_attr(bag, NID_friendlyName))) - fname = attrib->value.bmpstring; - -- if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_localKeyID))) -+ if ((attrib = PKCS12_get_attr(bag, NID_localKeyID))) - lkid = attrib->value.octet_string; - -- switch (PKCS12_SAFEBAG_get_nid(bag)) { -+ switch (M_PKCS12_bag_type(bag)) { - case NID_keyBag: - if (!pkey || *pkey) - return 1; -- *pkey = EVP_PKCS82PKEY(PKCS12_SAFEBAG_get0_p8inf(bag)); -- if (*pkey == NULL) -+ if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag))) - return 0; - break; - - case NID_pkcs8ShroudedKeyBag: - if (!pkey || *pkey) - return 1; -- if ((p8 = PKCS12_decrypt_skey(bag, pass, passlen)) == NULL) -+ if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen))) - return 0; - *pkey = EVP_PKCS82PKEY(p8); - PKCS8_PRIV_KEY_INFO_free(p8); -@@ -205,9 +258,9 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, - break; - - case NID_certBag: -- if (PKCS12_SAFEBAG_get_bag_nid(bag) != NID_x509Certificate) -+ if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate) - return 1; -- if ((x509 = PKCS12_SAFEBAG_get1_cert(bag)) == NULL) -+ if (!(x509 = PKCS12_certbag2x509(bag))) - return 0; - if (lkid && !X509_keyid_set1(x509, lkid->data, lkid->length)) { - X509_free(x509); -@@ -235,11 +288,12 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, - break; - - case NID_safeContentsBag: -- return parse_bags(PKCS12_SAFEBAG_get0_safes(bag), pass, passlen, pkey, -- ocerts); -+ return parse_bags(bag->value.safes, pass, passlen, pkey, ocerts); -+ break; - - default: - return 1; -+ break; - } - return 1; - } -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_lcl.h b/Cryptlib/OpenSSL/crypto/pkcs12/p12_lcl.h -deleted file mode 100644 -index 0b52f1e..0000000 ---- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_lcl.h -+++ /dev/null -@@ -1,43 +0,0 @@ --/* -- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --struct PKCS12_MAC_DATA_st { -- X509_SIG *dinfo; -- ASN1_OCTET_STRING *salt; -- ASN1_INTEGER *iter; /* defaults to 1 */ --}; -- --struct PKCS12_st { -- ASN1_INTEGER *version; -- PKCS12_MAC_DATA *mac; -- PKCS7 *authsafes; --}; -- --struct PKCS12_SAFEBAG_st { -- ASN1_OBJECT *type; -- union { -- struct pkcs12_bag_st *bag; /* secret, crl and certbag */ -- struct pkcs8_priv_key_info_st *keybag; /* keybag */ -- X509_SIG *shkeybag; /* shrouded key bag */ -- STACK_OF(PKCS12_SAFEBAG) *safes; -- ASN1_TYPE *other; -- } value; -- STACK_OF(X509_ATTRIBUTE) *attrib; --}; -- --struct pkcs12_bag_st { -- ASN1_OBJECT *type; -- union { -- ASN1_OCTET_STRING *x509cert; -- ASN1_OCTET_STRING *x509crl; -- ASN1_OCTET_STRING *octet; -- ASN1_IA5STRING *sdsicert; -- ASN1_TYPE *other; /* Secret or other bag */ -- } value; --}; -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c -index d6b8919..cbf34da 100644 ---- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c -@@ -1,91 +1,79 @@ -+/* p12_mutl.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - -+#ifndef OPENSSL_NO_HMAC - # include --# include "internal/cryptlib.h" -+# include "cryptlib.h" - # include - # include - # include - # include --# include "p12_lcl.h" -- --int PKCS12_mac_present(const PKCS12 *p12) --{ -- return p12->mac ? 1 : 0; --} -- --void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac, -- const X509_ALGOR **pmacalg, -- const ASN1_OCTET_STRING **psalt, -- const ASN1_INTEGER **piter, -- const PKCS12 *p12) --{ -- if (p12->mac) { -- X509_SIG_get0(p12->mac->dinfo, pmacalg, pmac); -- if (psalt) -- *psalt = p12->mac->salt; -- if (piter) -- *piter = p12->mac->iter; -- } else { -- if (pmac) -- *pmac = NULL; -- if (pmacalg) -- *pmacalg = NULL; -- if (psalt) -- *psalt = NULL; -- if (piter) -- *piter = NULL; -- } --} -- --# define TK26_MAC_KEY_LEN 32 -- --static int pkcs12_gen_gost_mac_key(const char *pass, int passlen, -- const unsigned char *salt, int saltlen, -- int iter, int keylen, unsigned char *key, -- const EVP_MD *digest) --{ -- unsigned char out[96]; -- -- if (keylen != TK26_MAC_KEY_LEN) { -- return 0; -- } -- -- if (!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, -- digest, sizeof(out), out)) { -- return 0; -- } -- memcpy(key, out + sizeof(out) - TK26_MAC_KEY_LEN, TK26_MAC_KEY_LEN); -- OPENSSL_cleanse(out, sizeof(out)); -- return 1; --} - - /* Generate a MAC */ --static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen, -- unsigned char *mac, unsigned int *maclen, -- int (*pkcs12_key_gen)(const char *pass, int passlen, -- unsigned char *salt, int slen, -- int id, int iter, int n, -- unsigned char *out, -- const EVP_MD *md_type)) -+int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, -+ unsigned char *mac, unsigned int *maclen) - { - const EVP_MD *md_type; -- HMAC_CTX *hmac = NULL; -+ HMAC_CTX hmac; - unsigned char key[EVP_MAX_MD_SIZE], *salt; - int saltlen, iter; -- int md_size = 0; -- int md_type_nid; -- const X509_ALGOR *macalg; -- const ASN1_OBJECT *macoid; -- -- if (pkcs12_key_gen == NULL) -- pkcs12_key_gen = PKCS12_key_gen_utf8; -+ int md_size; - - if (!PKCS7_type_is_data(p12->authsafes)) { - PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_CONTENT_TYPE_NOT_DATA); -@@ -98,71 +86,46 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen, - iter = 1; - else - iter = ASN1_INTEGER_get(p12->mac->iter); -- X509_SIG_get0(p12->mac->dinfo, &macalg, NULL); -- X509_ALGOR_get0(&macoid, NULL, NULL, macalg); -- if ((md_type = EVP_get_digestbyobj(macoid)) == NULL) { -+ if (!(md_type = EVP_get_digestbyobj(p12->mac->dinfo->algor->algorithm))) { - PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM); - return 0; - } - md_size = EVP_MD_size(md_type); -- md_type_nid = EVP_MD_type(md_type); - if (md_size < 0) - return 0; -- if ((md_type_nid == NID_id_GostR3411_94 -- || md_type_nid == NID_id_GostR3411_2012_256 -- || md_type_nid == NID_id_GostR3411_2012_512) -- && !getenv("LEGACY_GOST_PKCS12")) { -- md_size = TK26_MAC_KEY_LEN; -- if (!pkcs12_gen_gost_mac_key(pass, passlen, salt, saltlen, iter, -- md_size, key, md_type)) { -- PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR); -- return 0; -- } -- } else -- if (!(*pkcs12_key_gen)(pass, passlen, salt, saltlen, PKCS12_MAC_ID, -- iter, md_size, key, md_type)) { -+ if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter, -+ md_size, key, md_type)) { - PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR); - return 0; - } -- hmac = HMAC_CTX_new(); -- if (!HMAC_Init_ex(hmac, key, md_size, md_type, NULL) -- || !HMAC_Update(hmac, p12->authsafes->d.data->data, -+ HMAC_CTX_init(&hmac); -+ if (!HMAC_Init_ex(&hmac, key, md_size, md_type, NULL) -+ || !HMAC_Update(&hmac, p12->authsafes->d.data->data, - p12->authsafes->d.data->length) -- || !HMAC_Final(hmac, mac, maclen)) { -- HMAC_CTX_free(hmac); -+ || !HMAC_Final(&hmac, mac, maclen)) { -+ HMAC_CTX_cleanup(&hmac); - return 0; - } -- HMAC_CTX_free(hmac); -+ HMAC_CTX_cleanup(&hmac); - return 1; - } - --int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, -- unsigned char *mac, unsigned int *maclen) --{ -- return pkcs12_gen_mac(p12, pass, passlen, mac, maclen, NULL); --} -- - /* Verify the mac */ - int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen) - { - unsigned char mac[EVP_MAX_MD_SIZE]; - unsigned int maclen; -- const ASN1_OCTET_STRING *macoct; -- - if (p12->mac == NULL) { - PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_ABSENT); - return 0; - } -- if (!pkcs12_gen_mac(p12, pass, passlen, mac, &maclen, -- PKCS12_key_gen_utf8)) { -+ if (!PKCS12_gen_mac(p12, pass, passlen, mac, &maclen)) { - PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_GENERATION_ERROR); - return 0; - } -- X509_SIG_get0(p12->mac->dinfo, NULL, &macoct); -- if ((maclen != (unsigned int)ASN1_STRING_length(macoct)) -- || CRYPTO_memcmp(mac, ASN1_STRING_get0_data(macoct), maclen) != 0) -+ if ((maclen != (unsigned int)p12->mac->dinfo->digest->length) -+ || CRYPTO_memcmp(mac, p12->mac->dinfo->digest->data, maclen)) - return 0; -- - return 1; - } - -@@ -174,7 +137,6 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, - { - unsigned char mac[EVP_MAX_MD_SIZE]; - unsigned int maclen; -- ASN1_OCTET_STRING *macoct; - - if (!md_type) - md_type = EVP_sha1(); -@@ -182,16 +144,11 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, - PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_SETUP_ERROR); - return 0; - } -- /* -- * Note that output mac is forced to UTF-8... -- */ -- if (!pkcs12_gen_mac(p12, pass, passlen, mac, &maclen, -- PKCS12_key_gen_utf8)) { -+ if (!PKCS12_gen_mac(p12, pass, passlen, mac, &maclen)) { - PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_GENERATION_ERROR); - return 0; - } -- X509_SIG_getm(p12->mac->dinfo, NULL, &macoct); -- if (!ASN1_OCTET_STRING_set(macoct, mac, maclen)) { -+ if (!(M_ASN1_OCTET_STRING_set(p12->mac->dinfo->digest, mac, maclen))) { - PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_STRING_SET_ERROR); - return 0; - } -@@ -202,12 +159,10 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, - int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, - const EVP_MD *md_type) - { -- X509_ALGOR *macalg; -- -- if ((p12->mac = PKCS12_MAC_DATA_new()) == NULL) -+ if (!(p12->mac = PKCS12_MAC_DATA_new())) - return PKCS12_ERROR; - if (iter > 1) { -- if ((p12->mac->iter = ASN1_INTEGER_new()) == NULL) { -+ if (!(p12->mac->iter = M_ASN1_INTEGER_new())) { - PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); - return 0; - } -@@ -228,12 +183,13 @@ int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, - return 0; - } else - memcpy(p12->mac->salt->data, salt, saltlen); -- X509_SIG_getm(p12->mac->dinfo, &macalg, NULL); -- if (!X509_ALGOR_set0(macalg, OBJ_nid2obj(EVP_MD_type(md_type)), -- V_ASN1_NULL, NULL)) { -+ p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type)); -+ if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) { - PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); - return 0; - } -+ p12->mac->dinfo->algor->parameter->type = V_ASN1_NULL; - - return 1; - } -+#endif -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c -index 0ce75ed..9e8ebb2 100644 ---- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c -@@ -1,10 +1,60 @@ -+/* p12_npas.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include -@@ -13,7 +63,6 @@ - #include - #include - #include --#include "p12_lcl.h" - - /* PKCS#12 password change routine */ - -@@ -22,8 +71,7 @@ static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass, - const char *newpass); - static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass, - const char *newpass); --static int alg_get(const X509_ALGOR *alg, int *pnid, int *piter, -- int *psaltlen); -+static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen); - - /* - * Change the password on a PKCS#12 structure. -@@ -62,7 +110,7 @@ static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass) - STACK_OF(PKCS12_SAFEBAG) *bags = NULL; - int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0; - PKCS7 *p7, *p7new; -- ASN1_OCTET_STRING *p12_data_tmp = NULL, *macoct = NULL; -+ ASN1_OCTET_STRING *p12_data_tmp = NULL; - unsigned char mac[EVP_MAX_MD_SIZE]; - unsigned int maclen; - int rv = 0; -@@ -107,11 +155,9 @@ static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass) - goto err; - if (!PKCS12_pack_authsafes(p12, newsafes)) - goto err; -- - if (!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen)) - goto err; -- X509_SIG_getm(p12->mac->dinfo, NULL, &macoct); -- if (!ASN1_OCTET_STRING_set(macoct, mac, maclen)) -+ if (!ASN1_OCTET_STRING_set(p12->mac->dinfo->digest, mac, maclen)) - goto err; - - rv = 1; -@@ -149,15 +195,13 @@ static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass, - PKCS8_PRIV_KEY_INFO *p8; - X509_SIG *p8new; - int p8_nid, p8_saltlen, p8_iter; -- const X509_ALGOR *shalg; - -- if (PKCS12_SAFEBAG_get_nid(bag) != NID_pkcs8ShroudedKeyBag) -+ if (M_PKCS12_bag_type(bag) != NID_pkcs8ShroudedKeyBag) - return 1; - -- if ((p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1)) == NULL) -+ if (!(p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1))) - return 0; -- X509_SIG_get0(bag->value.shkeybag, &shalg, NULL); -- if (!alg_get(shalg, &p8_nid, &p8_iter, &p8_saltlen)) -+ if (!alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter, &p8_saltlen)) - return 0; - p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen, - p8_iter, p8); -@@ -169,11 +213,13 @@ static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass, - return 1; - } - --static int alg_get(const X509_ALGOR *alg, int *pnid, int *piter, -- int *psaltlen) -+static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen) - { - PBEPARAM *pbe; -- pbe = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBEPARAM), alg->parameter); -+ const unsigned char *p; -+ -+ p = alg->parameter->value.sequence->data; -+ pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length); - if (!pbe) - return 0; - *pnid = OBJ_obj2nid(alg->algorithm); -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c -index d926a77..3cc7a9f 100644 ---- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c -@@ -1,23 +1,70 @@ -+/* p12_p8d.c */ - /* -- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2001. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - --PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass, -+PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, - int passlen) - { -- const X509_ALGOR *dalg; -- const ASN1_OCTET_STRING *doct; -- X509_SIG_get0(p8, &dalg, &doct); -- return PKCS12_item_decrypt_d2i(dalg, -+ return PKCS12_item_decrypt_d2i(p8->algor, - ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), pass, -- passlen, doct, 1); -+ passlen, p8->digest, 1); - } -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c -index 86a07e1..861a087 100644 ---- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c -@@ -1,16 +1,65 @@ -+/* p12_p8e.c */ - /* -- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2001. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include --#include "internal/x509_int.h" - - X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, - const char *pass, int passlen, -@@ -20,6 +69,11 @@ X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, - X509_SIG *p8 = NULL; - X509_ALGOR *pbe; - -+ if (!(p8 = X509_SIG_new())) { -+ PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ - if (pbe_nid == -1) - pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen); - else if (EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0)) -@@ -30,40 +84,22 @@ X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, - } - if (!pbe) { - PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_ASN1_LIB); -- return NULL; -- } -- p8 = PKCS8_set0_pbe(pass, passlen, p8inf, pbe); -- if (p8 == NULL) { -- X509_ALGOR_free(pbe); -- return NULL; -+ goto err; - } -- -- return p8; --} -- --X509_SIG *PKCS8_set0_pbe(const char *pass, int passlen, -- PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe) --{ -- X509_SIG *p8; -- ASN1_OCTET_STRING *enckey; -- -- enckey = -+ X509_ALGOR_free(p8->algor); -+ p8->algor = pbe; -+ M_ASN1_OCTET_STRING_free(p8->digest); -+ p8->digest = - PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), - pass, passlen, p8inf, 1); -- if (!enckey) { -- PKCS12err(PKCS12_F_PKCS8_SET0_PBE, PKCS12_R_ENCRYPT_ERROR); -- return NULL; -- } -- -- p8 = OPENSSL_zalloc(sizeof(*p8)); -- -- if (p8 == NULL) { -- PKCS12err(PKCS12_F_PKCS8_SET0_PBE, ERR_R_MALLOC_FAILURE); -- ASN1_OCTET_STRING_free(enckey); -- return NULL; -+ if (!p8->digest) { -+ PKCS12err(PKCS12_F_PKCS8_ENCRYPT, PKCS12_R_ENCRYPT_ERROR); -+ goto err; - } -- p8->algor = pbe; -- p8->digest = enckey; - - return p8; -+ -+ err: -+ X509_SIG_free(p8); -+ return NULL; - } -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_sbag.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_sbag.c -deleted file mode 100644 -index 4a3d259..0000000 ---- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_sbag.c -+++ /dev/null -@@ -1,170 +0,0 @@ --/* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include --#include "internal/cryptlib.h" --#include --#include "p12_lcl.h" -- --#if OPENSSL_API_COMPAT < 0x10100000L --ASN1_TYPE *PKCS12_get_attr(const PKCS12_SAFEBAG *bag, int attr_nid) --{ -- return PKCS12_get_attr_gen(bag->attrib, attr_nid); --} --#endif -- --const ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG *bag, -- int attr_nid) --{ -- return PKCS12_get_attr_gen(bag->attrib, attr_nid); --} -- --ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid) --{ -- return PKCS12_get_attr_gen(PKCS8_pkey_get0_attrs(p8), attr_nid); --} -- --const PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag) --{ -- if (PKCS12_SAFEBAG_get_nid(bag) != NID_keyBag) -- return NULL; -- return bag->value.keybag; --} -- --const X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag) --{ -- if (OBJ_obj2nid(bag->type) != NID_pkcs8ShroudedKeyBag) -- return NULL; -- return bag->value.shkeybag; --} -- --const STACK_OF(PKCS12_SAFEBAG) * --PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag) --{ -- if (OBJ_obj2nid(bag->type) != NID_safeContentsBag) -- return NULL; -- return bag->value.safes; --} -- --const ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag) --{ -- return bag->type; --} -- --int PKCS12_SAFEBAG_get_nid(const PKCS12_SAFEBAG *bag) --{ -- return OBJ_obj2nid(bag->type); --} -- --int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag) --{ -- int btype = PKCS12_SAFEBAG_get_nid(bag); -- -- if (btype != NID_certBag && btype != NID_crlBag && btype != NID_secretBag) -- return -1; -- return OBJ_obj2nid(bag->value.bag->type); --} -- --X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag) --{ -- if (PKCS12_SAFEBAG_get_nid(bag) != NID_certBag) -- return NULL; -- if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Certificate) -- return NULL; -- return ASN1_item_unpack(bag->value.bag->value.octet, -- ASN1_ITEM_rptr(X509)); --} -- --X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag) --{ -- if (PKCS12_SAFEBAG_get_nid(bag) != NID_crlBag) -- return NULL; -- if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Crl) -- return NULL; -- return ASN1_item_unpack(bag->value.bag->value.octet, -- ASN1_ITEM_rptr(X509_CRL)); --} -- --PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509) --{ -- return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509), -- NID_x509Certificate, NID_certBag); --} -- --PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl) --{ -- return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL), -- NID_x509Crl, NID_crlBag); --} -- --/* Turn PKCS8 object into a keybag */ -- --PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8) --{ -- PKCS12_SAFEBAG *bag = PKCS12_SAFEBAG_new(); -- -- if (bag == NULL) { -- PKCS12err(PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF, ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- bag->type = OBJ_nid2obj(NID_keyBag); -- bag->value.keybag = p8; -- return bag; --} -- --/* Turn PKCS8 object into a shrouded keybag */ -- --PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8) --{ -- PKCS12_SAFEBAG *bag = PKCS12_SAFEBAG_new(); -- -- /* Set up the safe bag */ -- if (bag == NULL) { -- PKCS12err(PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8, ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag); -- bag->value.shkeybag = p8; -- return bag; --} -- --PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid, -- const char *pass, -- int passlen, -- unsigned char *salt, -- int saltlen, int iter, -- PKCS8_PRIV_KEY_INFO *p8inf) --{ -- PKCS12_SAFEBAG *bag; -- const EVP_CIPHER *pbe_ciph; -- X509_SIG *p8; -- -- pbe_ciph = EVP_get_cipherbynid(pbe_nid); -- -- if (pbe_ciph) -- pbe_nid = -1; -- -- p8 = PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter, -- p8inf); -- -- if (p8 == NULL) { -- PKCS12err(PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- -- bag = PKCS12_SAFEBAG_create0_pkcs8(p8); -- -- if (bag == NULL) { -- PKCS12err(PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE); -- X509_SIG_free(p8); -- return NULL; -- } -- -- return bag; --} -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c -index 0701478..e466f76 100644 ---- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c -@@ -1,14 +1,64 @@ -+/* p12_utl.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - - /* Cheap and nasty Unicode stuff */ -@@ -18,11 +68,10 @@ unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, - { - int ulen, i; - unsigned char *unitmp; -- - if (asclen == -1) - asclen = strlen(asc); - ulen = asclen * 2 + 2; -- if ((unitmp = OPENSSL_malloc(ulen)) == NULL) -+ if (!(unitmp = OPENSSL_malloc(ulen))) - return NULL; - for (i = 0; i < ulen - 2; i += 2) { - unitmp[i] = 0; -@@ -38,10 +87,11 @@ unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, - return unitmp; - } - --char *OPENSSL_uni2asc(const unsigned char *uni, int unilen) -+char *OPENSSL_uni2asc(unsigned char *uni, int unilen) - { - int asclen, i; - char *asctmp; -+ - /* string must contain an even number of bytes */ - if (unilen & 1) - return NULL; -@@ -50,7 +100,7 @@ char *OPENSSL_uni2asc(const unsigned char *uni, int unilen) - if (!unilen || uni[unilen - 1]) - asclen++; - uni++; -- if ((asctmp = OPENSSL_malloc(asclen)) == NULL) -+ if (!(asctmp = OPENSSL_malloc(asclen))) - return NULL; - for (i = 0; i < unilen; i += 2) - asctmp[i >> 1] = uni[i]; -@@ -58,166 +108,12 @@ char *OPENSSL_uni2asc(const unsigned char *uni, int unilen) - return asctmp; - } - --/* -- * OPENSSL_{utf82uni|uni2utf8} perform conversion between UTF-8 and -- * PKCS#12 BMPString format, which is specified as big-endian UTF-16. -- * One should keep in mind that even though BMPString is passed as -- * unsigned char *, it's not the kind of string you can exercise e.g. -- * strlen on. Caller also has to keep in mind that its length is -- * expressed not in number of UTF-16 characters, but in number of -- * bytes the string occupies, and treat it, the length, accordingly. -- */ --unsigned char *OPENSSL_utf82uni(const char *asc, int asclen, -- unsigned char **uni, int *unilen) --{ -- int ulen, i, j; -- unsigned char *unitmp, *ret; -- unsigned long utf32chr = 0; -- -- if (asclen == -1) -- asclen = strlen(asc); -- -- for (ulen = 0, i = 0; i < asclen; i += j) { -- j = UTF8_getc((const unsigned char *)asc+i, asclen-i, &utf32chr); -- -- /* -- * Following condition is somewhat opportunistic is sense that -- * decoding failure is used as *indirect* indication that input -- * string might in fact be extended ASCII/ANSI/ISO-8859-X. The -- * fallback is taken in hope that it would allow to process -- * files created with previous OpenSSL version, which used the -- * naive OPENSSL_asc2uni all along. It might be worth noting -- * that probability of false positive depends on language. In -- * cases covered by ISO Latin 1 probability is very low, because -- * any printable non-ASCII alphabet letter followed by another -- * or any ASCII character will trigger failure and fallback. -- * In other cases situation can be intensified by the fact that -- * English letters are not part of alternative keyboard layout, -- * but even then there should be plenty of pairs that trigger -- * decoding failure... -- */ -- if (j < 0) -- return OPENSSL_asc2uni(asc, asclen, uni, unilen); -- -- if (utf32chr > 0x10FFFF) /* UTF-16 cap */ -- return NULL; -- -- if (utf32chr >= 0x10000) /* pair of UTF-16 characters */ -- ulen += 2*2; -- else /* or just one */ -- ulen += 2; -- } -- -- ulen += 2; /* for trailing UTF16 zero */ -- -- if ((ret = OPENSSL_malloc(ulen)) == NULL) -- return NULL; -- -- /* re-run the loop writing down UTF-16 characters in big-endian order */ -- for (unitmp = ret, i = 0; i < asclen; i += j) { -- j = UTF8_getc((const unsigned char *)asc+i, asclen-i, &utf32chr); -- if (utf32chr >= 0x10000) { /* pair if UTF-16 characters */ -- unsigned int hi, lo; -- -- utf32chr -= 0x10000; -- hi = 0xD800 + (utf32chr>>10); -- lo = 0xDC00 + (utf32chr&0x3ff); -- *unitmp++ = (unsigned char)(hi>>8); -- *unitmp++ = (unsigned char)(hi); -- *unitmp++ = (unsigned char)(lo>>8); -- *unitmp++ = (unsigned char)(lo); -- } else { /* or just one */ -- *unitmp++ = (unsigned char)(utf32chr>>8); -- *unitmp++ = (unsigned char)(utf32chr); -- } -- } -- /* Make result double null terminated */ -- *unitmp++ = 0; -- *unitmp++ = 0; -- if (unilen) -- *unilen = ulen; -- if (uni) -- *uni = ret; -- return ret; --} -- --static int bmp_to_utf8(char *str, const unsigned char *utf16, int len) --{ -- unsigned long utf32chr; -- -- if (len == 0) return 0; -- -- if (len < 2) return -1; -- -- /* pull UTF-16 character in big-endian order */ -- utf32chr = (utf16[0]<<8) | utf16[1]; -- -- if (utf32chr >= 0xD800 && utf32chr < 0xE000) { /* two chars */ -- unsigned int lo; -- -- if (len < 4) return -1; -- -- utf32chr -= 0xD800; -- utf32chr <<= 10; -- lo = (utf16[2]<<8) | utf16[3]; -- if (lo < 0xDC00 || lo >= 0xE000) return -1; -- utf32chr |= lo-0xDC00; -- utf32chr += 0x10000; -- } -- -- return UTF8_putc((unsigned char *)str, len > 4 ? 4 : len, utf32chr); --} -- --char *OPENSSL_uni2utf8(const unsigned char *uni, int unilen) --{ -- int asclen, i, j; -- char *asctmp; -- -- /* string must contain an even number of bytes */ -- if (unilen & 1) -- return NULL; -- -- for (asclen = 0, i = 0; i < unilen; ) { -- j = bmp_to_utf8(NULL, uni+i, unilen-i); -- /* -- * falling back to OPENSSL_uni2asc makes lesser sense [than -- * falling back to OPENSSL_asc2uni in OPENSSL_utf82uni above], -- * it's done rather to maintain symmetry... -- */ -- if (j < 0) return OPENSSL_uni2asc(uni, unilen); -- if (j == 4) i += 4; -- else i += 2; -- asclen += j; -- } -- -- /* If no terminating zero allow for one */ -- if (!unilen || (uni[unilen-2]||uni[unilen - 1])) -- asclen++; -- -- if ((asctmp = OPENSSL_malloc(asclen)) == NULL) -- return NULL; -- -- /* re-run the loop emitting UTF-8 string */ -- for (asclen = 0, i = 0; i < unilen; ) { -- j = bmp_to_utf8(asctmp+asclen, uni+i, unilen-i); -- if (j == 4) i += 4; -- else i += 2; -- asclen += j; -- } -- -- /* If no terminating zero write one */ -- if (!unilen || (uni[unilen-2]||uni[unilen - 1])) -- asctmp[asclen] = '\0'; -- -- return asctmp; --} -- - int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12) - { - return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS12), bp, p12); - } - --#ifndef OPENSSL_NO_STDIO -+#ifndef OPENSSL_NO_FP_API - int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12) - { - return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS12), fp, p12); -@@ -229,9 +125,41 @@ PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12) - return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS12), bp, p12); - } - --#ifndef OPENSSL_NO_STDIO -+#ifndef OPENSSL_NO_FP_API - PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12) - { - return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS12), fp, p12); - } - #endif -+ -+PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509) -+{ -+ return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509), -+ NID_x509Certificate, NID_certBag); -+} -+ -+PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl) -+{ -+ return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL), -+ NID_x509Crl, NID_crlBag); -+} -+ -+X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag) -+{ -+ if (M_PKCS12_bag_type(bag) != NID_certBag) -+ return NULL; -+ if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate) -+ return NULL; -+ return ASN1_item_unpack(bag->value.bag->value.octet, -+ ASN1_ITEM_rptr(X509)); -+} -+ -+X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag) -+{ -+ if (M_PKCS12_bag_type(bag) != NID_crlBag) -+ return NULL; -+ if (M_PKCS12_cert_bag_type(bag) != NID_x509Crl) -+ return NULL; -+ return ASN1_item_unpack(bag->value.bag->value.octet, -+ ASN1_ITEM_rptr(X509_CRL)); -+} -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c b/Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c -index f705084..e58710b 100644 ---- a/Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c -@@ -1,11 +1,62 @@ --/* -- * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/pkcs12/pk12err.c */ -+/* ==================================================================== -+ * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+/* -+ * NOTE: this file was auto generated by the mkerr.pl script: any changes -+ * made to it will be overwritten when the script next updates this file, -+ * only reason strings will be preserved. - */ - - #include -@@ -19,6 +70,14 @@ - # define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS12,0,reason) - - static ERR_STRING_DATA PKCS12_str_functs[] = { -+ {ERR_FUNC(PKCS12_F_PARSE_BAG), "PARSE_BAG"}, -+ {ERR_FUNC(PKCS12_F_PARSE_BAGS), "PARSE_BAGS"}, -+ {ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME), "PKCS12_ADD_FRIENDLYNAME"}, -+ {ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC), -+ "PKCS12_add_friendlyname_asc"}, -+ {ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI), -+ "PKCS12_add_friendlyname_uni"}, -+ {ERR_FUNC(PKCS12_F_PKCS12_ADD_LOCALKEYID), "PKCS12_add_localkeyid"}, - {ERR_FUNC(PKCS12_F_PKCS12_CREATE), "PKCS12_create"}, - {ERR_FUNC(PKCS12_F_PKCS12_GEN_MAC), "PKCS12_gen_mac"}, - {ERR_FUNC(PKCS12_F_PKCS12_INIT), "PKCS12_init"}, -@@ -27,26 +86,21 @@ static ERR_STRING_DATA PKCS12_str_functs[] = { - {ERR_FUNC(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG), "PKCS12_item_pack_safebag"}, - {ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_ASC), "PKCS12_key_gen_asc"}, - {ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_UNI), "PKCS12_key_gen_uni"}, -- {ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_UTF8), "PKCS12_key_gen_utf8"}, -+ {ERR_FUNC(PKCS12_F_PKCS12_MAKE_KEYBAG), "PKCS12_MAKE_KEYBAG"}, -+ {ERR_FUNC(PKCS12_F_PKCS12_MAKE_SHKEYBAG), "PKCS12_MAKE_SHKEYBAG"}, - {ERR_FUNC(PKCS12_F_PKCS12_NEWPASS), "PKCS12_newpass"}, - {ERR_FUNC(PKCS12_F_PKCS12_PACK_P7DATA), "PKCS12_pack_p7data"}, - {ERR_FUNC(PKCS12_F_PKCS12_PACK_P7ENCDATA), "PKCS12_pack_p7encdata"}, - {ERR_FUNC(PKCS12_F_PKCS12_PARSE), "PKCS12_parse"}, - {ERR_FUNC(PKCS12_F_PKCS12_PBE_CRYPT), "PKCS12_pbe_crypt"}, - {ERR_FUNC(PKCS12_F_PKCS12_PBE_KEYIVGEN), "PKCS12_PBE_keyivgen"}, -- {ERR_FUNC(PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF), -- "PKCS12_SAFEBAG_create0_p8inf"}, -- {ERR_FUNC(PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8), -- "PKCS12_SAFEBAG_create0_pkcs8"}, -- {ERR_FUNC(PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT), -- "PKCS12_SAFEBAG_create_pkcs8_encrypt"}, - {ERR_FUNC(PKCS12_F_PKCS12_SETUP_MAC), "PKCS12_setup_mac"}, - {ERR_FUNC(PKCS12_F_PKCS12_SET_MAC), "PKCS12_set_mac"}, - {ERR_FUNC(PKCS12_F_PKCS12_UNPACK_AUTHSAFES), "PKCS12_unpack_authsafes"}, - {ERR_FUNC(PKCS12_F_PKCS12_UNPACK_P7DATA), "PKCS12_unpack_p7data"}, - {ERR_FUNC(PKCS12_F_PKCS12_VERIFY_MAC), "PKCS12_verify_mac"}, -+ {ERR_FUNC(PKCS12_F_PKCS8_ADD_KEYUSAGE), "PKCS8_add_keyusage"}, - {ERR_FUNC(PKCS12_F_PKCS8_ENCRYPT), "PKCS8_encrypt"}, -- {ERR_FUNC(PKCS12_F_PKCS8_SET0_PBE), "PKCS8_set0_pbe"}, - {0, NULL} - }; - -@@ -67,6 +121,7 @@ static ERR_STRING_DATA PKCS12_str_reasons[] = { - {ERR_REASON(PKCS12_R_MAC_GENERATION_ERROR), "mac generation error"}, - {ERR_REASON(PKCS12_R_MAC_SETUP_ERROR), "mac setup error"}, - {ERR_REASON(PKCS12_R_MAC_STRING_SET_ERROR), "mac string set error"}, -+ {ERR_REASON(PKCS12_R_MAC_VERIFY_ERROR), "mac verify error"}, - {ERR_REASON(PKCS12_R_MAC_VERIFY_FAILURE), "mac verify failure"}, - {ERR_REASON(PKCS12_R_PARSE_ERROR), "parse error"}, - {ERR_REASON(PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR), -@@ -82,7 +137,7 @@ static ERR_STRING_DATA PKCS12_str_reasons[] = { - - #endif - --int ERR_load_PKCS12_strings(void) -+void ERR_load_PKCS12_strings(void) - { - #ifndef OPENSSL_NO_ERR - -@@ -91,5 +146,4 @@ int ERR_load_PKCS12_strings(void) - ERR_load_strings(0, PKCS12_str_reasons); - } - #endif -- return 1; - } -diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/bio_pk7.c b/Cryptlib/OpenSSL/crypto/pkcs7/bio_pk7.c -index 29feaa3..fae1c56 100644 ---- a/Cryptlib/OpenSSL/crypto/pkcs7/bio_pk7.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs7/bio_pk7.c -@@ -1,17 +1,63 @@ -+/* bio_pk7.c */ - /* -- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -+ * project. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include - #include - #include - --#if !defined(OPENSSL_SYS_VXWORKS) -+#if !defined(OPENSSL_SYSNAME_NETWARE) && !defined(OPENSSL_SYSNAME_VXWORKS) - # include - #endif - #include -diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c -index 315e1b8..9c0a439 100644 ---- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c -@@ -1,14 +1,64 @@ -+/* pk7_asn.c */ - /* -- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2000. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include -diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c -index e90bf03..88922ef 100644 ---- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c -@@ -1,10 +1,60 @@ -+/* pk7_attr.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2001. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2001-2004 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include -@@ -21,8 +71,7 @@ int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, - STACK_OF(X509_ALGOR) *cap) - { - ASN1_STRING *seq; -- -- if ((seq = ASN1_STRING_new()) == NULL) { -+ if (!(seq = ASN1_STRING_new())) { - PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP, ERR_R_MALLOC_FAILURE); - return 0; - } -@@ -38,7 +87,7 @@ STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si) - const unsigned char *p; - - cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities); -- if (cap == NULL || (cap->type != V_ASN1_SEQUENCE)) -+ if (!cap || (cap->type != V_ASN1_SEQUENCE)) - return NULL; - p = cap->value.sequence->data; - return (STACK_OF(X509_ALGOR) *) -@@ -49,38 +98,33 @@ STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si) - /* Basic smime-capabilities OID and optional integer arg */ - int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg) - { -- ASN1_INTEGER *nbit = NULL; - X509_ALGOR *alg; - -- if ((alg = X509_ALGOR_new()) == NULL) { -+ if (!(alg = X509_ALGOR_new())) { - PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE); - return 0; - } - ASN1_OBJECT_free(alg->algorithm); - alg->algorithm = OBJ_nid2obj(nid); - if (arg > 0) { -- if ((alg->parameter = ASN1_TYPE_new()) == NULL) { -- goto err; -+ ASN1_INTEGER *nbit; -+ if (!(alg->parameter = ASN1_TYPE_new())) { -+ PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE); -+ return 0; - } -- if ((nbit = ASN1_INTEGER_new()) == NULL) { -- goto err; -+ if (!(nbit = ASN1_INTEGER_new())) { -+ PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE); -+ return 0; - } - if (!ASN1_INTEGER_set(nbit, arg)) { -- goto err; -+ PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE); -+ return 0; - } - alg->parameter->value.integer = nbit; - alg->parameter->type = V_ASN1_INTEGER; -- nbit = NULL; -- } -- if (!sk_X509_ALGOR_push(sk, alg)) { -- goto err; - } -+ sk_X509_ALGOR_push(sk, alg); - return 1; --err: -- PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE); -- ASN1_INTEGER_free(nbit); -- X509_ALGOR_free(alg); -- return 0; - } - - int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid) -@@ -95,7 +139,7 @@ int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid) - - int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t) - { -- if (t == NULL && (t = X509_gmtime_adj(NULL, 0)) == NULL) { -+ if (!t && !(t = X509_gmtime_adj(NULL, 0))) { - PKCS7err(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME, - ERR_R_MALLOC_FAILURE); - return 0; -@@ -109,7 +153,7 @@ int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si, - { - ASN1_OCTET_STRING *os; - os = ASN1_OCTET_STRING_new(); -- if (os == NULL) -+ if (!os) - return 0; - if (!ASN1_STRING_set(os, md, mdlen) - || !PKCS7_add_signed_attribute(si, NID_pkcs9_messageDigest, -diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_dgst.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_dgst.c -deleted file mode 100644 -index 965fb37..0000000 ---- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_dgst.c -+++ /dev/null -@@ -1,15 +0,0 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include --#include "internal/cryptlib.h" --#include --#include --#include --#include -diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c -index bc6bd30..6cf8253 100644 ---- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c -@@ -1,14 +1,63 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/pkcs7/pk7_doit.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include -@@ -79,7 +128,8 @@ static int PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg) - return 1; - - err: -- BIO_free(btmp); -+ if (btmp) -+ BIO_free(btmp); - return 0; - - } -@@ -93,7 +143,7 @@ static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri, - int ret = 0; - size_t eklen; - -- pkey = X509_get0_pubkey(ri->cert); -+ pkey = X509_get_pubkey(ri->cert); - - if (!pkey) - return 0; -@@ -130,8 +180,12 @@ static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri, - ret = 1; - - err: -- EVP_PKEY_CTX_free(pctx); -- OPENSSL_free(ek); -+ if (pkey) -+ EVP_PKEY_free(pkey); -+ if (pctx) -+ EVP_PKEY_CTX_free(pctx); -+ if (ek) -+ OPENSSL_free(ek); - return ret; - - } -@@ -178,13 +232,18 @@ static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, - - ret = 1; - -- OPENSSL_clear_free(*pek, *peklen); -+ if (*pek) { -+ OPENSSL_cleanse(*pek, *peklen); -+ OPENSSL_free(*pek); -+ } -+ - *pek = ek; - *peklen = eklen; - - err: -- EVP_PKEY_CTX_free(pctx); -- if (!ret) -+ if (pctx) -+ EVP_PKEY_CTX_free(pctx); -+ if (!ret && ek) - OPENSSL_free(ek); - - return ret; -@@ -331,23 +390,27 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) - BIO_push(out, bio); - else - out = bio; -- return out; -- -+ bio = NULL; -+ if (0) { - err: -- BIO_free_all(out); -- BIO_free_all(btmp); -- return NULL; -+ if (out != NULL) -+ BIO_free_all(out); -+ if (btmp != NULL) -+ BIO_free_all(btmp); -+ out = NULL; -+ } -+ return (out); - } - - static int pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert) - { - int ret; - ret = X509_NAME_cmp(ri->issuer_and_serial->issuer, -- X509_get_issuer_name(pcert)); -+ pcert->cert_info->issuer); - if (ret) - return ret; -- return ASN1_INTEGER_cmp(X509_get_serialNumber(pcert), -- ri->issuer_and_serial->serial); -+ return M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber, -+ ri->issuer_and_serial->serial); - } - - /* int */ -@@ -459,6 +522,15 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) - } - - if (evp_cipher != NULL) { -+#if 0 -+ unsigned char key[EVP_MAX_KEY_LENGTH]; -+ unsigned char iv[EVP_MAX_IV_LENGTH]; -+ unsigned char *p; -+ int keylen, ivlen; -+ int max; -+ X509_OBJECT ret; -+#endif -+ - if ((etmp = BIO_new(BIO_f_cipher())) == NULL) { - PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_BIO_LIB); - goto err; -@@ -491,7 +563,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) - /* If we haven't got a certificate try each ri in turn */ - if (pcert == NULL) { - /* -- * Always attempt to decrypt all rinfo even after success as a -+ * Always attempt to decrypt all rinfo even after sucess as a - * defence against MMA timing attacks. - */ - for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) { -@@ -517,7 +589,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) - /* Generate random key as MMA defence */ - tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx); - tkey = OPENSSL_malloc(tkeylen); -- if (tkey == NULL) -+ if (!tkey) - goto err; - if (EVP_CIPHER_CTX_rand_key(evp_ctx, tkey) <= 0) - goto err; -@@ -535,7 +607,8 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) - */ - if (!EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen)) { - /* Use random key as MMA defence */ -- OPENSSL_clear_free(ek, eklen); -+ OPENSSL_cleanse(ek, eklen); -+ OPENSSL_free(ek); - ek = tkey; - eklen = tkeylen; - tkey = NULL; -@@ -546,10 +619,16 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) - if (EVP_CipherInit_ex(evp_ctx, NULL, NULL, ek, NULL, 0) <= 0) - goto err; - -- OPENSSL_clear_free(ek, eklen); -- ek = NULL; -- OPENSSL_clear_free(tkey, tkeylen); -- tkey = NULL; -+ if (ek) { -+ OPENSSL_cleanse(ek, eklen); -+ OPENSSL_free(ek); -+ ek = NULL; -+ } -+ if (tkey) { -+ OPENSSL_cleanse(tkey, tkeylen); -+ OPENSSL_free(tkey); -+ tkey = NULL; -+ } - - if (out == NULL) - out = etmp; -@@ -557,9 +636,24 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) - BIO_push(out, etmp); - etmp = NULL; - } -+#if 1 - if (in_bio != NULL) { - bio = in_bio; - } else { -+# if 0 -+ bio = BIO_new(BIO_s_mem()); -+ if (bio == NULL) -+ goto err; -+ /* -+ * We need to set this so that when we have read all the data, the -+ * encrypt BIO, if present, will read EOF and encode the last few -+ * bytes -+ */ -+ BIO_set_mem_eof_return(bio, 0); -+ -+ if (data_body->length > 0) -+ BIO_write(bio, (char *)data_body->data, data_body->length); -+# else - if (data_body->length > 0) - bio = BIO_new_mem_buf(data_body->data, data_body->length); - else { -@@ -570,19 +664,32 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) - } - if (bio == NULL) - goto err; -+# endif - } - BIO_push(out, bio); - bio = NULL; -- return out; -- -+#endif -+ if (0) { - err: -- OPENSSL_clear_free(ek, eklen); -- OPENSSL_clear_free(tkey, tkeylen); -- BIO_free_all(out); -- BIO_free_all(btmp); -- BIO_free_all(etmp); -- BIO_free_all(bio); -- return NULL; -+ if (ek) { -+ OPENSSL_cleanse(ek, eklen); -+ OPENSSL_free(ek); -+ } -+ if (tkey) { -+ OPENSSL_cleanse(tkey, tkeylen); -+ OPENSSL_free(tkey); -+ } -+ if (out != NULL) -+ BIO_free_all(out); -+ if (btmp != NULL) -+ BIO_free_all(btmp); -+ if (etmp != NULL) -+ BIO_free_all(etmp); -+ if (bio != NULL) -+ BIO_free_all(bio); -+ out = NULL; -+ } -+ return (out); - } - - static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid) -@@ -642,7 +749,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) - int i, j; - BIO *btmp; - PKCS7_SIGNER_INFO *si; -- EVP_MD_CTX *mdc, *ctx_tmp; -+ EVP_MD_CTX *mdc, ctx_tmp; - STACK_OF(X509_ATTRIBUTE) *sk; - STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL; - ASN1_OCTET_STRING *os = NULL; -@@ -657,12 +764,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) - return 0; - } - -- ctx_tmp = EVP_MD_CTX_new(); -- if (ctx_tmp == NULL) { -- PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE); -- return 0; -- } -- -+ EVP_MD_CTX_init(&ctx_tmp); - i = OBJ_obj2nid(p7->type); - p7->state = PKCS7_S_HEADER; - -@@ -674,9 +776,9 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) - /* XXXXXXXXXXXXXXXX */ - si_sk = p7->d.signed_and_enveloped->signer_info; - os = p7->d.signed_and_enveloped->enc_data->enc_data; -- if (os == NULL) { -- os = ASN1_OCTET_STRING_new(); -- if (os == NULL) { -+ if (!os) { -+ os = M_ASN1_OCTET_STRING_new(); -+ if (!os) { - PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE); - goto err; - } -@@ -686,9 +788,9 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) - case NID_pkcs7_enveloped: - /* XXXXXXXXXXXXXXXX */ - os = p7->d.enveloped->enc_data->enc_data; -- if (os == NULL) { -- os = ASN1_OCTET_STRING_new(); -- if (os == NULL) { -+ if (!os) { -+ os = M_ASN1_OCTET_STRING_new(); -+ if (!os) { - PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE); - goto err; - } -@@ -700,7 +802,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) - os = PKCS7_get_octet_string(p7->d.sign->contents); - /* If detached data then the content is excluded */ - if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) { -- ASN1_OCTET_STRING_free(os); -+ M_ASN1_OCTET_STRING_free(os); - os = NULL; - p7->d.sign->contents->d.data = NULL; - } -@@ -710,7 +812,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) - os = PKCS7_get_octet_string(p7->d.digest->contents); - /* If detached data then the content is excluded */ - if (PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) { -- ASN1_OCTET_STRING_free(os); -+ M_ASN1_OCTET_STRING_free(os); - os = NULL; - p7->d.digest->contents->d.data = NULL; - } -@@ -739,7 +841,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) - /* - * We now have the EVP_MD_CTX, lets do the signing. - */ -- if (!EVP_MD_CTX_copy_ex(ctx_tmp, mdc)) -+ if (!EVP_MD_CTX_copy_ex(&ctx_tmp, mdc)) - goto err; - - sk = si->auth_attr; -@@ -749,18 +851,17 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) - * sign the attributes - */ - if (sk_X509_ATTRIBUTE_num(sk) > 0) { -- if (!do_pkcs7_signed_attrib(si, ctx_tmp)) -+ if (!do_pkcs7_signed_attrib(si, &ctx_tmp)) - goto err; - } else { - unsigned char *abuf = NULL; - unsigned int abuflen; - abuflen = EVP_PKEY_size(si->pkey); - abuf = OPENSSL_malloc(abuflen); -- if (abuf == NULL) -+ if (!abuf) - goto err; - -- if (!EVP_SignFinal(ctx_tmp, abuf, &abuflen, si->pkey)) { -- OPENSSL_free(abuf); -+ if (!EVP_SignFinal(&ctx_tmp, abuf, &abuflen, si->pkey)) { - PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_EVP_LIB); - goto err; - } -@@ -775,8 +876,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) - goto err; - if (!EVP_DigestFinal_ex(mdc, md_data, &md_len)) - goto err; -- if (!ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len)) -- goto err; -+ M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len); - } - - if (!PKCS7_is_detached(p7)) { -@@ -806,13 +906,13 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) - } - ret = 1; - err: -- EVP_MD_CTX_free(ctx_tmp); -+ EVP_MD_CTX_cleanup(&ctx_tmp); - return (ret); - } - - int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) - { -- EVP_MD_CTX *mctx; -+ EVP_MD_CTX mctx; - EVP_PKEY_CTX *pctx; - unsigned char *abuf = NULL; - int alen; -@@ -823,13 +923,8 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) - if (md == NULL) - return 0; - -- mctx = EVP_MD_CTX_new(); -- if (mctx == NULL) { -- PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- if (EVP_DigestSignInit(mctx, &pctx, md, NULL, si->pkey) <= 0) -+ EVP_MD_CTX_init(&mctx); -+ if (EVP_DigestSignInit(&mctx, &pctx, md, NULL, si->pkey) <= 0) - goto err; - - if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, -@@ -842,16 +937,16 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) - ASN1_ITEM_rptr(PKCS7_ATTR_SIGN)); - if (!abuf) - goto err; -- if (EVP_DigestSignUpdate(mctx, abuf, alen) <= 0) -+ if (EVP_DigestSignUpdate(&mctx, abuf, alen) <= 0) - goto err; - OPENSSL_free(abuf); - abuf = NULL; -- if (EVP_DigestSignFinal(mctx, NULL, &siglen) <= 0) -+ if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0) - goto err; - abuf = OPENSSL_malloc(siglen); -- if (abuf == NULL) -+ if (!abuf) - goto err; -- if (EVP_DigestSignFinal(mctx, abuf, &siglen) <= 0) -+ if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0) - goto err; - - if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, -@@ -860,15 +955,16 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) - goto err; - } - -- EVP_MD_CTX_free(mctx); -+ EVP_MD_CTX_cleanup(&mctx); - - ASN1_STRING_set0(si->enc_digest, abuf, siglen); - - return 1; - - err: -- OPENSSL_free(abuf); -- EVP_MD_CTX_free(mctx); -+ if (abuf) -+ OPENSSL_free(abuf); -+ EVP_MD_CTX_cleanup(&mctx); - return 0; - - } -@@ -934,18 +1030,14 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, - X509 *x509) - { - ASN1_OCTET_STRING *os; -- EVP_MD_CTX *mdc_tmp, *mdc; -+ EVP_MD_CTX mdc_tmp, *mdc; - int ret = 0, i; - int md_type; - STACK_OF(X509_ATTRIBUTE) *sk; - BIO *btmp; - EVP_PKEY *pkey; - -- mdc_tmp = EVP_MD_CTX_new(); -- if (mdc_tmp == NULL) { -- PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ERR_R_MALLOC_FAILURE); -- goto err; -- } -+ EVP_MD_CTX_init(&mdc_tmp); - - if (!PKCS7_type_is_signed(p7) && !PKCS7_type_is_signedAndEnveloped(p7)) { - PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_WRONG_PKCS7_TYPE); -@@ -982,7 +1074,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, - * mdc is the digest ctx that we want, unless there are attributes, in - * which case the digest is the signed attributes - */ -- if (!EVP_MD_CTX_copy_ex(mdc_tmp, mdc)) -+ if (!EVP_MD_CTX_copy_ex(&mdc_tmp, mdc)) - goto err; - - sk = si->auth_attr; -@@ -992,7 +1084,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, - int alen; - ASN1_OCTET_STRING *message_digest; - -- if (!EVP_DigestFinal_ex(mdc_tmp, md_dat, &md_len)) -+ if (!EVP_DigestFinal_ex(&mdc_tmp, md_dat, &md_len)) - goto err; - message_digest = PKCS7_digest_from_attributes(sk); - if (!message_digest) { -@@ -1002,12 +1094,23 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, - } - if ((message_digest->length != (int)md_len) || - (memcmp(message_digest->data, md_dat, md_len))) { -+#if 0 -+ { -+ int ii; -+ for (ii = 0; ii < message_digest->length; ii++) -+ printf("%02X", message_digest->data[ii]); -+ printf(" sent\n"); -+ for (ii = 0; ii < md_len; ii++) -+ printf("%02X", md_dat[ii]); -+ printf(" calc\n"); -+ } -+#endif - PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_DIGEST_FAILURE); - ret = -1; - goto err; - } - -- if (!EVP_VerifyInit_ex(mdc_tmp, EVP_get_digestbynid(md_type), NULL)) -+ if (!EVP_VerifyInit_ex(&mdc_tmp, EVP_get_digestbynid(md_type), NULL)) - goto err; - - alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf, -@@ -1017,28 +1120,29 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, - ret = -1; - goto err; - } -- if (!EVP_VerifyUpdate(mdc_tmp, abuf, alen)) -+ if (!EVP_VerifyUpdate(&mdc_tmp, abuf, alen)) - goto err; - - OPENSSL_free(abuf); - } - - os = si->enc_digest; -- pkey = X509_get0_pubkey(x509); -+ pkey = X509_get_pubkey(x509); - if (!pkey) { - ret = -1; - goto err; - } - -- i = EVP_VerifyFinal(mdc_tmp, os->data, os->length, pkey); -+ i = EVP_VerifyFinal(&mdc_tmp, os->data, os->length, pkey); -+ EVP_PKEY_free(pkey); - if (i <= 0) { - PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_SIGNATURE_FAILURE); - ret = -1; - goto err; -- } -- ret = 1; -+ } else -+ ret = 1; - err: -- EVP_MD_CTX_free(mdc_tmp); -+ EVP_MD_CTX_cleanup(&mdc_tmp); - return (ret); - } - -@@ -1074,17 +1178,29 @@ ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid) - - static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid) - { -- int idx; -+ int i; - X509_ATTRIBUTE *xa; -- idx = X509at_get_attr_by_NID(sk, nid, -1); -- xa = X509at_get_attr(sk, idx); -- return X509_ATTRIBUTE_get0_type(xa, 0); -+ ASN1_OBJECT *o; -+ -+ o = OBJ_nid2obj(nid); -+ if (!o || !sk) -+ return (NULL); -+ for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) { -+ xa = sk_X509_ATTRIBUTE_value(sk, i); -+ if (OBJ_cmp(xa->object, o) == 0) { -+ if (!xa->single && sk_ASN1_TYPE_num(xa->value.set)) -+ return (sk_ASN1_TYPE_value(xa->value.set, 0)); -+ else -+ return (NULL); -+ } -+ } -+ return (NULL); - } - - ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk) - { - ASN1_TYPE *astype; -- if ((astype = get_attribute(sk, NID_pkcs9_messageDigest)) == NULL) -+ if (!(astype = get_attribute(sk, NID_pkcs9_messageDigest))) - return NULL; - return astype->value.octet_string; - } -@@ -1094,7 +1210,8 @@ int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, - { - int i; - -- sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr, X509_ATTRIBUTE_free); -+ if (p7si->auth_attr != NULL) -+ sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr, X509_ATTRIBUTE_free); - p7si->auth_attr = sk_X509_ATTRIBUTE_dup(sk); - if (p7si->auth_attr == NULL) - return 0; -@@ -1113,7 +1230,8 @@ int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, - { - int i; - -- sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, X509_ATTRIBUTE_free); -+ if (p7si->unauth_attr != NULL) -+ sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, X509_ATTRIBUTE_free); - p7si->unauth_attr = sk_X509_ATTRIBUTE_dup(sk); - if (p7si->unauth_attr == NULL) - return 0; -@@ -1145,10 +1263,11 @@ static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, - X509_ATTRIBUTE *attr = NULL; - - if (*sk == NULL) { -- if ((*sk = sk_X509_ATTRIBUTE_new_null()) == NULL) -+ *sk = sk_X509_ATTRIBUTE_new_null(); -+ if (*sk == NULL) - return 0; - new_attrib: -- if ((attr = X509_ATTRIBUTE_create(nid, atrtype, value)) == NULL) -+ if (!(attr = X509_ATTRIBUTE_create(nid, atrtype, value))) - return 0; - if (!sk_X509_ATTRIBUTE_push(*sk, attr)) { - X509_ATTRIBUTE_free(attr); -@@ -1159,7 +1278,7 @@ static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, - - for (i = 0; i < sk_X509_ATTRIBUTE_num(*sk); i++) { - attr = sk_X509_ATTRIBUTE_value(*sk, i); -- if (OBJ_obj2nid(X509_ATTRIBUTE_get0_object(attr)) == nid) { -+ if (OBJ_obj2nid(attr->object) == nid) { - X509_ATTRIBUTE_free(attr); - attr = X509_ATTRIBUTE_create(nid, atrtype, value); - if (attr == NULL) -diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_enc.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_enc.c -deleted file mode 100644 -index 3c59f9c..0000000 ---- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_enc.c -+++ /dev/null -@@ -1,25 +0,0 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include --#include "internal/cryptlib.h" --#include --#include --#include --#include -- --PKCS7_in_bio(PKCS7 *p7, BIO *in); --PKCS7_out_bio(PKCS7 *p7, BIO *out); -- --PKCS7_add_signer(PKCS7 *p7, X509 *cert, EVP_PKEY *key); --PKCS7_cipher(PKCS7 *p7, EVP_CIPHER *cipher); -- --PKCS7_Init(PKCS7 *p7); --PKCS7_Update(PKCS7 *p7); --PKCS7_Finish(PKCS7 *p7); -diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c -index 69c68cf..0c5fcaa 100644 ---- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c -@@ -1,18 +1,66 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/pkcs7/pk7_lib.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include --#include "internal/asn1_int.h" --#include "internal/evp_int.h" -+#include "asn1_locl.h" - - long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg) - { -@@ -73,7 +121,8 @@ int PKCS7_content_new(PKCS7 *p7, int type) - - return (1); - err: -- PKCS7_free(ret); -+ if (ret != NULL) -+ PKCS7_free(ret); - return (0); - } - -@@ -84,11 +133,13 @@ int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data) - i = OBJ_obj2nid(p7->type); - switch (i) { - case NID_pkcs7_signed: -- PKCS7_free(p7->d.sign->contents); -+ if (p7->d.sign->contents != NULL) -+ PKCS7_free(p7->d.sign->contents); - p7->d.sign->contents = p7_data; - break; - case NID_pkcs7_digest: -- PKCS7_free(p7->d.digest->contents); -+ if (p7->d.digest->contents != NULL) -+ PKCS7_free(p7->d.digest->contents); - p7->d.digest->contents = p7_data; - break; - case NID_pkcs7_data: -@@ -126,7 +177,7 @@ int PKCS7_set_type(PKCS7 *p7, int type) - break; - case NID_pkcs7_data: - p7->type = obj; -- if ((p7->d.data = ASN1_OCTET_STRING_new()) == NULL) -+ if ((p7->d.data = M_ASN1_OCTET_STRING_new()) == NULL) - goto err; - break; - case NID_pkcs7_signedAndEnveloped: -@@ -217,8 +268,8 @@ int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi) - } - } - if (!j) { /* we need to add another algorithm */ -- if ((alg = X509_ALGOR_new()) == NULL -- || (alg->parameter = ASN1_TYPE_new()) == NULL) { -+ if (!(alg = X509_ALGOR_new()) -+ || !(alg->parameter = ASN1_TYPE_new())) { - X509_ALGOR_free(alg); - PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER, ERR_R_MALLOC_FAILURE); - return (0); -@@ -260,7 +311,7 @@ int PKCS7_add_certificate(PKCS7 *p7, X509 *x509) - PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, ERR_R_MALLOC_FAILURE); - return 0; - } -- X509_up_ref(x509); -+ CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509); - if (!sk_X509_push(*sk, x509)) { - X509_free(x509); - return 0; -@@ -293,7 +344,7 @@ int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl) - return 0; - } - -- X509_CRL_up_ref(crl); -+ CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL); - if (!sk_X509_CRL_push(*sk, crl)) { - X509_CRL_free(crl); - return 0; -@@ -317,13 +368,13 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, - * because ASN1_INTEGER_set is used to set a 'long' we will do things the - * ugly way. - */ -- ASN1_INTEGER_free(p7i->issuer_and_serial->serial); -+ M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial); - if (!(p7i->issuer_and_serial->serial = -- ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) -+ M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) - goto err; - - /* lets keep the pkey around for a while */ -- EVP_PKEY_up_ref(pkey); -+ CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); - p7i->pkey = pkey; - - /* Set the algorithms */ -@@ -371,14 +422,15 @@ PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey, - goto err; - return (si); - err: -- PKCS7_SIGNER_INFO_free(si); -+ if (si) -+ PKCS7_SIGNER_INFO_free(si); - return (NULL); - } - - int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md) - { - if (PKCS7_type_is_digest(p7)) { -- if ((p7->d.digest->md->parameter = ASN1_TYPE_new()) == NULL) { -+ if (!(p7->d.digest->md->parameter = ASN1_TYPE_new())) { - PKCS7err(PKCS7_F_PKCS7_SET_DIGEST, ERR_R_MALLOC_FAILURE); - return 0; - } -@@ -432,7 +484,8 @@ PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509) - goto err; - return ri; - err: -- PKCS7_RECIP_INFO_free(ri); -+ if (ri) -+ PKCS7_RECIP_INFO_free(ri); - return NULL; - } - -@@ -470,12 +523,12 @@ int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509) - X509_get_issuer_name(x509))) - return 0; - -- ASN1_INTEGER_free(p7i->issuer_and_serial->serial); -+ M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial); - if (!(p7i->issuer_and_serial->serial = -- ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) -+ M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) - return 0; - -- pkey = X509_get0_pubkey(x509); -+ pkey = X509_get_pubkey(x509); - - if (!pkey || !pkey->ameth || !pkey->ameth->pkey_ctrl) { - PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET, -@@ -495,12 +548,16 @@ int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509) - goto err; - } - -- X509_up_ref(x509); -+ EVP_PKEY_free(pkey); -+ -+ CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509); - p7i->cert = x509; - - return 1; - - err: -+ if (pkey) -+ EVP_PKEY_free(pkey); - return 0; - } - -@@ -557,7 +614,7 @@ int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7) - case NID_pkcs7_signedAndEnveloped: - os = p7->d.signed_and_enveloped->enc_data->enc_data; - if (os == NULL) { -- os = ASN1_OCTET_STRING_new(); -+ os = M_ASN1_OCTET_STRING_new(); - p7->d.signed_and_enveloped->enc_data->enc_data = os; - } - break; -@@ -565,7 +622,7 @@ int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7) - case NID_pkcs7_enveloped: - os = p7->d.enveloped->enc_data->enc_data; - if (os == NULL) { -- os = ASN1_OCTET_STRING_new(); -+ os = M_ASN1_OCTET_STRING_new(); - p7->d.enveloped->enc_data->enc_data = os; - } - break; -diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c -index 97474cf..62fb299 100644 ---- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c -@@ -1,15 +1,62 @@ -+/* pk7_mime.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -+ * project. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" -+#include - #include - #include - -diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c -index 4418723..e75c4b2 100644 ---- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c -@@ -1,20 +1,69 @@ -+/* pk7_smime.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -+ * project. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - /* Simple PKCS#7 processing functions */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - -- - #define BUFFERSIZE 4096 - - static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si); -@@ -25,7 +74,7 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, - PKCS7 *p7; - int i; - -- if ((p7 = PKCS7_new()) == NULL) { -+ if (!(p7 = PKCS7_new())) { - PKCS7err(PKCS7_F_PKCS7_SIGN, ERR_R_MALLOC_FAILURE); - return NULL; - } -@@ -66,8 +115,7 @@ int PKCS7_final(PKCS7 *p7, BIO *data, int flags) - { - BIO *p7bio; - int ret = 0; -- -- if ((p7bio = PKCS7_dataInit(p7, NULL)) == NULL) { -+ if (!(p7bio = PKCS7_dataInit(p7, NULL))) { - PKCS7err(PKCS7_F_PKCS7_FINAL, ERR_R_MALLOC_FAILURE); - return 0; - } -@@ -118,7 +166,7 @@ PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, - return NULL; - } - -- if ((si = PKCS7_add_signature(p7, signcert, pkey, md)) == NULL) { -+ if (!(si = PKCS7_add_signature(p7, signcert, pkey, md))) { - PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER, - PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR); - return NULL; -@@ -134,13 +182,11 @@ PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, - goto err; - /* Add SMIMECapabilities */ - if (!(flags & PKCS7_NOSMIMECAP)) { -- if ((smcap = sk_X509_ALGOR_new_null()) == NULL) { -+ if (!(smcap = sk_X509_ALGOR_new_null())) { - PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER, ERR_R_MALLOC_FAILURE); - goto err; - } - if (!add_cipher_smcap(smcap, NID_aes_256_cbc, -1) -- || !add_digest_smcap(smcap, NID_id_GostR3411_2012_256, -1) -- || !add_digest_smcap(smcap, NID_id_GostR3411_2012_512, -1) - || !add_digest_smcap(smcap, NID_id_GostR3411_94, -1) - || !add_cipher_smcap(smcap, NID_id_Gost28147_89, -1) - || !add_cipher_smcap(smcap, NID_aes_192_cbc, -1) -@@ -164,7 +210,8 @@ PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, - } - return si; - err: -- sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); -+ if (smcap) -+ sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); - return NULL; - } - -@@ -208,7 +255,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, - X509 *signer; - STACK_OF(PKCS7_SIGNER_INFO) *sinfos; - PKCS7_SIGNER_INFO *si; -- X509_STORE_CTX *cert_ctx = NULL; -+ X509_STORE_CTX cert_ctx; - char *buf = NULL; - int i, j = 0, k, ret = 0; - BIO *p7bio = NULL; -@@ -229,20 +276,29 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, - PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_CONTENT); - return 0; - } -+#if 0 -+ /* -+ * NB: this test commented out because some versions of Netscape -+ * illegally include zero length content when signing data. Also -+ * Microsoft Authenticode includes a SpcIndirectDataContent data -+ * structure which describes the content to be protected by the -+ * signature, rather than directly embedding that content. So -+ * Authenticode implementations are also expected to use -+ * PKCS7_verify() with explicit external data, on non-detached -+ * PKCS#7 signatures. -+ * -+ * In OpenSSL 1.1 a new flag PKCS7_NO_DUAL_CONTENT has been -+ * introduced to disable this sanity check. For the 1.0.2 branch -+ * this change is not acceptable, so the check remains completely -+ * commented out (as it has been for a long time). -+ */ - -- if (flags & PKCS7_NO_DUAL_CONTENT) { -- /* -- * This was originally "#if 0" because we thought that only old broken -- * Netscape did this. It turns out that Authenticode uses this kind -- * of "extended" PKCS7 format, and things like UEFI secure boot and -- * tools like osslsigncode need it. In Authenticode the verification -- * process is different, but the existing PKCs7 verification works. -- */ -- if (!PKCS7_get_detached(p7) && indata) { -- PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT); -- return 0; -- } -+ /* Check for data and content: two sets of data */ -+ if (!PKCS7_get_detached(p7) && indata) { -+ PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT); -+ return 0; - } -+#endif - - sinfos = PKCS7_get_signer_info(p7); - -@@ -257,29 +313,26 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, - - /* Now verify the certificates */ - -- cert_ctx = X509_STORE_CTX_new(); -- if (cert_ctx == NULL) -- goto err; - if (!(flags & PKCS7_NOVERIFY)) - for (k = 0; k < sk_X509_num(signers); k++) { - signer = sk_X509_value(signers, k); - if (!(flags & PKCS7_NOCHAIN)) { -- if (!X509_STORE_CTX_init(cert_ctx, store, signer, -+ if (!X509_STORE_CTX_init(&cert_ctx, store, signer, - p7->d.sign->cert)) { - PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB); - goto err; - } -- X509_STORE_CTX_set_default(cert_ctx, "smime_sign"); -- } else if (!X509_STORE_CTX_init(cert_ctx, store, signer, NULL)) { -+ X509_STORE_CTX_set_default(&cert_ctx, "smime_sign"); -+ } else if (!X509_STORE_CTX_init(&cert_ctx, store, signer, NULL)) { - PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB); - goto err; - } - if (!(flags & PKCS7_NOCRL)) -- X509_STORE_CTX_set0_crls(cert_ctx, p7->d.sign->crl); -- i = X509_verify_cert(cert_ctx); -+ X509_STORE_CTX_set0_crls(&cert_ctx, p7->d.sign->crl); -+ i = X509_verify_cert(&cert_ctx); - if (i <= 0) -- j = X509_STORE_CTX_get_error(cert_ctx); -- X509_STORE_CTX_cleanup(cert_ctx); -+ j = X509_STORE_CTX_get_error(&cert_ctx); -+ X509_STORE_CTX_cleanup(&cert_ctx); - if (i <= 0) { - PKCS7err(PKCS7_F_PKCS7_VERIFY, - PKCS7_R_CERTIFICATE_VERIFY_ERROR); -@@ -309,11 +362,11 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, - } else - tmpin = indata; - -- if ((p7bio = PKCS7_dataInit(p7, tmpin)) == NULL) -+ if (!(p7bio = PKCS7_dataInit(p7, tmpin))) - goto err; - - if (flags & PKCS7_TEXT) { -- if ((tmpout = BIO_new(BIO_s_mem())) == NULL) { -+ if (!(tmpout = BIO_new(BIO_s_mem()))) { - PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE); - goto err; - } -@@ -358,7 +411,6 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, - ret = 1; - - err: -- X509_STORE_CTX_free(cert_ctx); - OPENSSL_free(buf); - if (tmpin == indata) { - if (indata) -@@ -398,7 +450,7 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, - return 0; - } - -- if ((signers = sk_X509_new_null()) == NULL) { -+ if (!(signers = sk_X509_new_null())) { - PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, ERR_R_MALLOC_FAILURE); - return NULL; - } -@@ -440,7 +492,7 @@ PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, - BIO *p7bio = NULL; - int i; - X509 *x509; -- if ((p7 = PKCS7_new()) == NULL) { -+ if (!(p7 = PKCS7_new())) { - PKCS7err(PKCS7_F_PKCS7_ENCRYPT, ERR_R_MALLOC_FAILURE); - return NULL; - } -@@ -477,7 +529,7 @@ PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, - int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags) - { - BIO *tmpmem; -- int ret = 0, i; -+ int ret, i; - char *buf = NULL; - - if (!p7) { -@@ -496,7 +548,7 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags) - return 0; - } - -- if ((tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert)) == NULL) { -+ if (!(tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert))) { - PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_DECRYPT_ERROR); - return 0; - } -@@ -504,12 +556,12 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags) - if (flags & PKCS7_TEXT) { - BIO *tmpbuf, *bread; - /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */ -- if ((tmpbuf = BIO_new(BIO_f_buffer())) == NULL) { -+ if (!(tmpbuf = BIO_new(BIO_f_buffer()))) { - PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE); - BIO_free_all(tmpmem); - return 0; - } -- if ((bread = BIO_push(tmpbuf, tmpmem)) == NULL) { -+ if (!(bread = BIO_push(tmpbuf, tmpmem))) { - PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE); - BIO_free_all(tmpbuf); - BIO_free_all(tmpmem); -@@ -539,9 +591,11 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags) - break; - } - if (BIO_write(data, buf, i) != i) { -+ ret = 0; - break; - } - } -+ - err: - OPENSSL_free(buf); - BIO_free_all(tmpmem); -diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c b/Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c -index d5baa9b..323513f 100644 ---- a/Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c -@@ -1,11 +1,62 @@ --/* -- * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/pkcs7/pkcs7err.c */ -+/* ==================================================================== -+ * Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+/* -+ * NOTE: this file was auto generated by the mkerr.pl script: any changes -+ * made to it will be overwritten when the script next updates this file, -+ * only reason strings will be preserved. - */ - - #include -@@ -19,7 +70,10 @@ - # define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS7,0,reason) - - static ERR_STRING_DATA PKCS7_str_functs[] = { -- {ERR_FUNC(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB), "do_pkcs7_signed_attrib"}, -+ {ERR_FUNC(PKCS7_F_B64_READ_PKCS7), "B64_READ_PKCS7"}, -+ {ERR_FUNC(PKCS7_F_B64_WRITE_PKCS7), "B64_WRITE_PKCS7"}, -+ {ERR_FUNC(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB), "DO_PKCS7_SIGNED_ATTRIB"}, -+ {ERR_FUNC(PKCS7_F_I2D_PKCS7_BIO_STREAM), "i2d_PKCS7_bio_stream"}, - {ERR_FUNC(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME), - "PKCS7_add0_attrib_signing_time"}, - {ERR_FUNC(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP), -@@ -29,20 +83,21 @@ static ERR_STRING_DATA PKCS7_str_functs[] = { - {ERR_FUNC(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO), "PKCS7_add_recipient_info"}, - {ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNATURE), "PKCS7_add_signature"}, - {ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNER), "PKCS7_add_signer"}, -- {ERR_FUNC(PKCS7_F_PKCS7_BIO_ADD_DIGEST), "PKCS7_bio_add_digest"}, -+ {ERR_FUNC(PKCS7_F_PKCS7_BIO_ADD_DIGEST), "PKCS7_BIO_ADD_DIGEST"}, - {ERR_FUNC(PKCS7_F_PKCS7_COPY_EXISTING_DIGEST), -- "pkcs7_copy_existing_digest"}, -+ "PKCS7_COPY_EXISTING_DIGEST"}, - {ERR_FUNC(PKCS7_F_PKCS7_CTRL), "PKCS7_ctrl"}, - {ERR_FUNC(PKCS7_F_PKCS7_DATADECODE), "PKCS7_dataDecode"}, - {ERR_FUNC(PKCS7_F_PKCS7_DATAFINAL), "PKCS7_dataFinal"}, - {ERR_FUNC(PKCS7_F_PKCS7_DATAINIT), "PKCS7_dataInit"}, -+ {ERR_FUNC(PKCS7_F_PKCS7_DATASIGN), "PKCS7_DATASIGN"}, - {ERR_FUNC(PKCS7_F_PKCS7_DATAVERIFY), "PKCS7_dataVerify"}, - {ERR_FUNC(PKCS7_F_PKCS7_DECRYPT), "PKCS7_decrypt"}, -- {ERR_FUNC(PKCS7_F_PKCS7_DECRYPT_RINFO), "pkcs7_decrypt_rinfo"}, -- {ERR_FUNC(PKCS7_F_PKCS7_ENCODE_RINFO), "pkcs7_encode_rinfo"}, -+ {ERR_FUNC(PKCS7_F_PKCS7_DECRYPT_RINFO), "PKCS7_DECRYPT_RINFO"}, -+ {ERR_FUNC(PKCS7_F_PKCS7_ENCODE_RINFO), "PKCS7_ENCODE_RINFO"}, - {ERR_FUNC(PKCS7_F_PKCS7_ENCRYPT), "PKCS7_encrypt"}, - {ERR_FUNC(PKCS7_F_PKCS7_FINAL), "PKCS7_final"}, -- {ERR_FUNC(PKCS7_F_PKCS7_FIND_DIGEST), "PKCS7_find_digest"}, -+ {ERR_FUNC(PKCS7_F_PKCS7_FIND_DIGEST), "PKCS7_FIND_DIGEST"}, - {ERR_FUNC(PKCS7_F_PKCS7_GET0_SIGNERS), "PKCS7_get0_signers"}, - {ERR_FUNC(PKCS7_F_PKCS7_RECIP_INFO_SET), "PKCS7_RECIP_INFO_set"}, - {ERR_FUNC(PKCS7_F_PKCS7_SET_CIPHER), "PKCS7_set_cipher"}, -@@ -56,6 +111,8 @@ static ERR_STRING_DATA PKCS7_str_functs[] = { - {ERR_FUNC(PKCS7_F_PKCS7_SIGN_ADD_SIGNER), "PKCS7_sign_add_signer"}, - {ERR_FUNC(PKCS7_F_PKCS7_SIMPLE_SMIMECAP), "PKCS7_simple_smimecap"}, - {ERR_FUNC(PKCS7_F_PKCS7_VERIFY), "PKCS7_verify"}, -+ {ERR_FUNC(PKCS7_F_SMIME_READ_PKCS7), "SMIME_read_PKCS7"}, -+ {ERR_FUNC(PKCS7_F_SMIME_TEXT), "SMIME_text"}, - {0, NULL} - }; - -@@ -68,6 +125,9 @@ static ERR_STRING_DATA PKCS7_str_reasons[] = { - {ERR_REASON(PKCS7_R_CONTENT_AND_DATA_PRESENT), - "content and data present"}, - {ERR_REASON(PKCS7_R_CTRL_ERROR), "ctrl error"}, -+ {ERR_REASON(PKCS7_R_DECODE_ERROR), "decode error"}, -+ {ERR_REASON(PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH), -+ "decrypted key is wrong length"}, - {ERR_REASON(PKCS7_R_DECRYPT_ERROR), "decrypt error"}, - {ERR_REASON(PKCS7_R_DIGEST_FAILURE), "digest failure"}, - {ERR_REASON(PKCS7_R_ENCRYPTION_CTRL_FAILURE), "encryption ctrl failure"}, -@@ -75,23 +135,39 @@ static ERR_STRING_DATA PKCS7_str_reasons[] = { - "encryption not supported for this key type"}, - {ERR_REASON(PKCS7_R_ERROR_ADDING_RECIPIENT), "error adding recipient"}, - {ERR_REASON(PKCS7_R_ERROR_SETTING_CIPHER), "error setting cipher"}, -+ {ERR_REASON(PKCS7_R_INVALID_MIME_TYPE), "invalid mime type"}, - {ERR_REASON(PKCS7_R_INVALID_NULL_POINTER), "invalid null pointer"}, - {ERR_REASON(PKCS7_R_INVALID_SIGNED_DATA_TYPE), - "invalid signed data type"}, -+ {ERR_REASON(PKCS7_R_MIME_NO_CONTENT_TYPE), "mime no content type"}, -+ {ERR_REASON(PKCS7_R_MIME_PARSE_ERROR), "mime parse error"}, -+ {ERR_REASON(PKCS7_R_MIME_SIG_PARSE_ERROR), "mime sig parse error"}, -+ {ERR_REASON(PKCS7_R_MISSING_CERIPEND_INFO), "missing ceripend info"}, - {ERR_REASON(PKCS7_R_NO_CONTENT), "no content"}, -+ {ERR_REASON(PKCS7_R_NO_CONTENT_TYPE), "no content type"}, - {ERR_REASON(PKCS7_R_NO_DEFAULT_DIGEST), "no default digest"}, - {ERR_REASON(PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND), - "no matching digest type found"}, -+ {ERR_REASON(PKCS7_R_NO_MULTIPART_BODY_FAILURE), -+ "no multipart body failure"}, -+ {ERR_REASON(PKCS7_R_NO_MULTIPART_BOUNDARY), "no multipart boundary"}, - {ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE), - "no recipient matches certificate"}, -+ {ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_KEY), -+ "no recipient matches key"}, - {ERR_REASON(PKCS7_R_NO_SIGNATURES_ON_DATA), "no signatures on data"}, - {ERR_REASON(PKCS7_R_NO_SIGNERS), "no signers"}, -+ {ERR_REASON(PKCS7_R_NO_SIG_CONTENT_TYPE), "no sig content type"}, - {ERR_REASON(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE), - "operation not supported on this type"}, - {ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR), - "pkcs7 add signature error"}, - {ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNER_ERROR), "pkcs7 add signer error"}, -+ {ERR_REASON(PKCS7_R_PKCS7_DATAFINAL), "pkcs7 datafinal"}, -+ {ERR_REASON(PKCS7_R_PKCS7_DATAFINAL_ERROR), "pkcs7 datafinal error"}, - {ERR_REASON(PKCS7_R_PKCS7_DATASIGN), "pkcs7 datasign"}, -+ {ERR_REASON(PKCS7_R_PKCS7_PARSE_ERROR), "pkcs7 parse error"}, -+ {ERR_REASON(PKCS7_R_PKCS7_SIG_PARSE_ERROR), "pkcs7 sig parse error"}, - {ERR_REASON(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), - "private key does not match certificate"}, - {ERR_REASON(PKCS7_R_SIGNATURE_FAILURE), "signature failure"}, -@@ -100,6 +176,7 @@ static ERR_STRING_DATA PKCS7_str_reasons[] = { - {ERR_REASON(PKCS7_R_SIGNING_CTRL_FAILURE), "signing ctrl failure"}, - {ERR_REASON(PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE), - "signing not supported for this key type"}, -+ {ERR_REASON(PKCS7_R_SIG_INVALID_MIME_TYPE), "sig invalid mime type"}, - {ERR_REASON(PKCS7_R_SMIME_TEXT_ERROR), "smime text error"}, - {ERR_REASON(PKCS7_R_UNABLE_TO_FIND_CERTIFICATE), - "unable to find certificate"}, -@@ -118,7 +195,7 @@ static ERR_STRING_DATA PKCS7_str_reasons[] = { - - #endif - --int ERR_load_PKCS7_strings(void) -+void ERR_load_PKCS7_strings(void) - { - #ifndef OPENSSL_NO_ERR - -@@ -127,5 +204,4 @@ int ERR_load_PKCS7_strings(void) - ERR_load_strings(0, PKCS7_str_reasons); - } - #endif -- return 1; - } -diff --git a/Cryptlib/OpenSSL/crypto/rand/md_rand.c b/Cryptlib/OpenSSL/crypto/rand/md_rand.c -index 85ce4e6..bd76e23 100644 ---- a/Cryptlib/OpenSSL/crypto/rand/md_rand.c -+++ b/Cryptlib/OpenSSL/crypto/rand/md_rand.c -@@ -1,38 +1,134 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/rand/md_rand.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ -+/* ==================================================================== -+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+#define OPENSSL_FIPSEVP - -+#ifdef MD_RAND_DEBUG -+# ifndef NDEBUG -+# define NDEBUG -+# endif -+#endif -+ -+#include - #include - #include - - #include "e_os.h" - --#if !(defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_DSPBIOS)) --# include --#endif --#if defined(OPENSSL_SYS_VXWORKS) --# include --#endif -- --#include - #include - #include --#include - #include "rand_lcl.h" - - #include - --#include -- --#ifdef OPENSSL_FIPS --# include --#endif -- - #ifdef BN_DEBUG - # define PREDICT - #endif -@@ -48,59 +144,41 @@ static long md_count[2] = { 0, 0 }; - static double entropy = 0; - static int initialized = 0; - --static CRYPTO_RWLOCK *rand_lock = NULL; --static CRYPTO_RWLOCK *rand_tmp_lock = NULL; --static CRYPTO_ONCE rand_lock_init = CRYPTO_ONCE_STATIC_INIT; -- --/* May be set only when a thread holds rand_lock (to prevent double locking) */ --static unsigned int crypto_lock_rand = 0; --/* access to locking_threadid is synchronized by rand_tmp_lock */ -+static unsigned int crypto_lock_rand = 0; /* may be set only when a thread -+ * holds CRYPTO_LOCK_RAND (to -+ * prevent double locking) */ -+/* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */ - /* valid iff crypto_lock_rand is set */ --static CRYPTO_THREAD_ID locking_threadid; -+static CRYPTO_THREADID locking_threadid; - - #ifdef PREDICT - int rand_predictable = 0; - #endif - --static int rand_hw_seed(EVP_MD_CTX *ctx); -- --static void rand_cleanup(void); --static int rand_seed(const void *buf, int num); --static int rand_add(const void *buf, int num, double add_entropy); --static int rand_bytes(unsigned char *buf, int num, int pseudo); --static int rand_nopseudo_bytes(unsigned char *buf, int num); --#if OPENSSL_API_COMPAT < 0x10100000L --static int rand_pseudo_bytes(unsigned char *buf, int num); --#endif --static int rand_status(void); -- --static RAND_METHOD rand_meth = { -- rand_seed, -- rand_nopseudo_bytes, -- rand_cleanup, -- rand_add, --#if OPENSSL_API_COMPAT < 0x10100000L -- rand_pseudo_bytes, --#else -- NULL, --#endif -- rand_status -+const char RAND_version[] = "RAND" OPENSSL_VERSION_PTEXT; -+ -+static void ssleay_rand_cleanup(void); -+static void ssleay_rand_seed(const void *buf, int num); -+static void ssleay_rand_add(const void *buf, int num, double add_entropy); -+static int ssleay_rand_nopseudo_bytes(unsigned char *buf, int num); -+static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num); -+static int ssleay_rand_status(void); -+ -+RAND_METHOD rand_ssleay_meth = { -+ ssleay_rand_seed, -+ ssleay_rand_nopseudo_bytes, -+ ssleay_rand_cleanup, -+ ssleay_rand_add, -+ ssleay_rand_pseudo_bytes, -+ ssleay_rand_status - }; - --DEFINE_RUN_ONCE_STATIC(do_rand_lock_init) --{ -- OPENSSL_init_crypto(0, NULL); -- rand_lock = CRYPTO_THREAD_lock_new(); -- rand_tmp_lock = CRYPTO_THREAD_lock_new(); -- return rand_lock != NULL && rand_tmp_lock != NULL; --} -- --RAND_METHOD *RAND_OpenSSL(void) -+RAND_METHOD *RAND_SSLeay(void) - { -- return (&rand_meth); -+ return (&rand_ssleay_meth); - } - --static void rand_cleanup(void) -+static void ssleay_rand_cleanup(void) - { - OPENSSL_cleanse(state, sizeof(state)); - state_num = 0; -@@ -110,21 +188,18 @@ static void rand_cleanup(void) - md_count[1] = 0; - entropy = 0; - initialized = 0; -- CRYPTO_THREAD_lock_free(rand_lock); -- CRYPTO_THREAD_lock_free(rand_tmp_lock); - } - --static int rand_add(const void *buf, int num, double add) -+static void ssleay_rand_add(const void *buf, int num, double add) - { - int i, j, k, st_idx; - long md_c[2]; - unsigned char local_md[MD_DIGEST_LENGTH]; -- EVP_MD_CTX *m; -+ EVP_MD_CTX m; - int do_not_lock; -- int rv = 0; - - if (!num) -- return 1; -+ return; - - /* - * (Based on the rand(3) manpage) -@@ -141,24 +216,18 @@ static int rand_add(const void *buf, int num, double add) - * hash function. - */ - -- m = EVP_MD_CTX_new(); -- if (m == NULL) -- goto err; -- -- if (!RUN_ONCE(&rand_lock_init, do_rand_lock_init)) -- goto err; -- - /* check if we already have the lock */ - if (crypto_lock_rand) { -- CRYPTO_THREAD_ID cur = CRYPTO_THREAD_get_current_id(); -- CRYPTO_THREAD_read_lock(rand_tmp_lock); -- do_not_lock = CRYPTO_THREAD_compare_id(locking_threadid, cur); -- CRYPTO_THREAD_unlock(rand_tmp_lock); -+ CRYPTO_THREADID cur; -+ CRYPTO_THREADID_current(&cur); -+ CRYPTO_r_lock(CRYPTO_LOCK_RAND2); -+ do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur); -+ CRYPTO_r_unlock(CRYPTO_LOCK_RAND2); - } else - do_not_lock = 0; - - if (!do_not_lock) -- CRYPTO_THREAD_write_lock(rand_lock); -+ CRYPTO_w_lock(CRYPTO_LOCK_RAND); - st_idx = state_index; - - /* -@@ -190,28 +259,24 @@ static int rand_add(const void *buf, int num, double add) - md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0); - - if (!do_not_lock) -- CRYPTO_THREAD_unlock(rand_lock); -+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND); - -+ EVP_MD_CTX_init(&m); - for (i = 0; i < num; i += MD_DIGEST_LENGTH) { - j = (num - i); - j = (j > MD_DIGEST_LENGTH) ? MD_DIGEST_LENGTH : j; - -- if (!MD_Init(m)) -- goto err; -- if (!MD_Update(m, local_md, MD_DIGEST_LENGTH)) -- goto err; -+ MD_Init(&m); -+ MD_Update(&m, local_md, MD_DIGEST_LENGTH); - k = (st_idx + j) - STATE_SIZE; - if (k > 0) { -- if (!MD_Update(m, &(state[st_idx]), j - k)) -- goto err; -- if (!MD_Update(m, &(state[0]), k)) -- goto err; -- } else if (!MD_Update(m, &(state[st_idx]), j)) -- goto err; -+ MD_Update(&m, &(state[st_idx]), j - k); -+ MD_Update(&m, &(state[0]), k); -+ } else -+ MD_Update(&m, &(state[st_idx]), j); - - /* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */ -- if (!MD_Update(m, buf, j)) -- goto err; -+ MD_Update(&m, buf, j); - /* - * We know that line may cause programs such as purify and valgrind - * to complain about use of uninitialized data. The problem is not, -@@ -220,10 +285,8 @@ static int rand_add(const void *buf, int num, double add) - * insecure keys. - */ - -- if (!MD_Update(m, (unsigned char *)&(md_c[0]), sizeof(md_c))) -- goto err; -- if (!MD_Final(m, local_md)) -- goto err; -+ MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c)); -+ MD_Final(&m, local_md); - md_c[1]++; - - buf = (const char *)buf + j; -@@ -232,7 +295,7 @@ static int rand_add(const void *buf, int num, double add) - /* - * Parallel threads may interfere with this, but always each byte - * of the new state is the XOR of some previous value of its and -- * local_md (intermediate values may be lost). Alway using locking -+ * local_md (itermediate values may be lost). Alway using locking - * could hurt performance more than necessary given that - * conflicts occur only when the total seeding is longer than the - * random state. -@@ -242,9 +305,10 @@ static int rand_add(const void *buf, int num, double add) - st_idx = 0; - } - } -+ EVP_MD_CTX_cleanup(&m); - - if (!do_not_lock) -- CRYPTO_THREAD_write_lock(rand_lock); -+ CRYPTO_w_lock(CRYPTO_LOCK_RAND); - /* - * Don't just copy back local_md into md -- this could mean that other - * thread's seeding remains without effect (except for the incremented -@@ -257,20 +321,19 @@ static int rand_add(const void *buf, int num, double add) - if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */ - entropy += add; - if (!do_not_lock) -- CRYPTO_THREAD_unlock(rand_lock); -+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND); - -- rv = 1; -- err: -- EVP_MD_CTX_free(m); -- return rv; -+#if !defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) -+ assert(md_c[1] == md_count[1]); -+#endif - } - --static int rand_seed(const void *buf, int num) -+static void ssleay_rand_seed(const void *buf, int num) - { -- return rand_add(buf, num, (double)num); -+ ssleay_rand_add(buf, num, (double)num); - } - --static int rand_bytes(unsigned char *buf, int num, int pseudo) -+int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock) - { - static volatile int stirred_pool = 0; - int i, j, k; -@@ -278,32 +341,11 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo) - int ok; - long md_c[2]; - unsigned char local_md[MD_DIGEST_LENGTH]; -- EVP_MD_CTX *m; -+ EVP_MD_CTX m; - #ifndef GETPID_IS_MEANINGLESS - pid_t curr_pid = getpid(); - #endif -- time_t curr_time = time(NULL); - int do_stir_pool = 0; --/* time value for various platforms */ --#ifdef OPENSSL_SYS_WIN32 -- FILETIME tv; --# ifdef _WIN32_WCE -- SYSTEMTIME t; -- GetSystemTime(&t); -- SystemTimeToFileTime(&t, &tv); --# else -- GetSystemTimeAsFileTime(&tv); --# endif --#elif defined(OPENSSL_SYS_VXWORKS) -- struct timespec tv; -- clock_gettime(CLOCK_REALTIME, &ts); --#elif defined(OPENSSL_SYS_DSPBIOS) -- unsigned long long tv, OPENSSL_rdtsc(); -- tv = OPENSSL_rdtsc(); --#else -- struct timeval tv; -- gettimeofday(&tv, NULL); --#endif - - #ifdef PREDICT - if (rand_predictable) { -@@ -318,10 +360,7 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo) - if (num <= 0) - return 1; - -- m = EVP_MD_CTX_new(); -- if (m == NULL) -- goto err_mem; -- -+ EVP_MD_CTX_init(&m); - /* round upwards to multiple of MD_DIGEST_LENGTH/2 */ - num_ceil = - (1 + (num - 1) / (MD_DIGEST_LENGTH / 2)) * (MD_DIGEST_LENGTH / 2); -@@ -343,21 +382,13 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo) - * are fed into the hash function and the results are kept in the - * global 'md'. - */ -+ if (lock) -+ CRYPTO_w_lock(CRYPTO_LOCK_RAND); - -- if (!RUN_ONCE(&rand_lock_init, do_rand_lock_init)) -- goto err_mem; -- -- CRYPTO_THREAD_write_lock(rand_lock); -- /* -- * We could end up in an async engine while holding this lock so ensure -- * we don't pause and cause a deadlock -- */ -- ASYNC_block_pause(); -- -- /* prevent rand_bytes() from trying to obtain the lock again */ -- CRYPTO_THREAD_write_lock(rand_tmp_lock); -- locking_threadid = CRYPTO_THREAD_get_current_id(); -- CRYPTO_THREAD_unlock(rand_tmp_lock); -+ /* prevent ssleay_rand_bytes() from trying to obtain the lock again */ -+ CRYPTO_w_lock(CRYPTO_LOCK_RAND2); -+ CRYPTO_THREADID_current(&locking_threadid); -+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); - crypto_lock_rand = 1; - - if (!initialized) { -@@ -391,7 +422,7 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo) - * In the output function only half of 'md' remains secret, so we - * better make sure that the required entropy gets 'evenly - * distributed' through 'state', our randomness pool. The input -- * function (rand_add) chains all of 'md', which makes it more -+ * function (ssleay_rand_add) chains all of 'md', which makes it more - * suitable for this purpose. - */ - -@@ -403,9 +434,9 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo) - #define DUMMY_SEED "...................." /* at least MD_DIGEST_LENGTH */ - /* - * Note that the seed does not matter, it's just that -- * rand_add expects to have something to hash. -+ * ssleay_rand_add expects to have something to hash. - */ -- rand_add(DUMMY_SEED, MD_DIGEST_LENGTH, 0.0); -+ ssleay_rand_add(DUMMY_SEED, MD_DIGEST_LENGTH, 0.0); - n -= MD_DIGEST_LENGTH; - } - if (ok) -@@ -431,46 +462,41 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo) - - /* before unlocking, we must clear 'crypto_lock_rand' */ - crypto_lock_rand = 0; -- ASYNC_unblock_pause(); -- CRYPTO_THREAD_unlock(rand_lock); -+ if (lock) -+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND); - - while (num > 0) { - /* num_ceil -= MD_DIGEST_LENGTH/2 */ - j = (num >= MD_DIGEST_LENGTH / 2) ? MD_DIGEST_LENGTH / 2 : num; - num -= j; -- if (!MD_Init(m)) -- goto err; -+ MD_Init(&m); - #ifndef GETPID_IS_MEANINGLESS - if (curr_pid) { /* just in the first iteration to save time */ -- if (!MD_Update(m, (unsigned char *)&curr_pid, sizeof curr_pid)) -- goto err; -+ MD_Update(&m, (unsigned char *)&curr_pid, sizeof curr_pid); - curr_pid = 0; - } - #endif -- if (curr_time) { /* just in the first iteration to save time */ -- if (!MD_Update(m, (unsigned char *)&curr_time, sizeof curr_time)) -- goto err; -- if (!MD_Update(m, (unsigned char *)&tv, sizeof tv)) -- goto err; -- curr_time = 0; -- if (!rand_hw_seed(m)) -- goto err; -- } -- if (!MD_Update(m, local_md, MD_DIGEST_LENGTH)) -- goto err; -- if (!MD_Update(m, (unsigned char *)&(md_c[0]), sizeof(md_c))) -- goto err; -+ MD_Update(&m, local_md, MD_DIGEST_LENGTH); -+ MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c)); -+ -+#ifndef PURIFY /* purify complains */ -+ /* -+ * The following line uses the supplied buffer as a small source of -+ * entropy: since this buffer is often uninitialised it may cause -+ * programs such as purify or valgrind to complain. So for those -+ * builds it is not used: the removal of such a small source of -+ * entropy has negligible impact on security. -+ */ -+ MD_Update(&m, buf, j); -+#endif - - k = (st_idx + MD_DIGEST_LENGTH / 2) - st_num; - if (k > 0) { -- if (!MD_Update(m, &(state[st_idx]), MD_DIGEST_LENGTH / 2 - k)) -- goto err; -- if (!MD_Update(m, &(state[0]), k)) -- goto err; -- } else if (!MD_Update(m, &(state[st_idx]), MD_DIGEST_LENGTH / 2)) -- goto err; -- if (!MD_Final(m, local_md)) -- goto err; -+ MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2 - k); -+ MD_Update(&m, &(state[0]), k); -+ } else -+ MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2); -+ MD_Final(&m, local_md); - - for (i = 0; i < MD_DIGEST_LENGTH / 2; i++) { - /* may compete with other threads */ -@@ -482,93 +508,69 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo) - } - } - -- if (!MD_Init(m) -- || !MD_Update(m, (unsigned char *)&(md_c[0]), sizeof(md_c)) -- || !MD_Update(m, local_md, MD_DIGEST_LENGTH)) -- goto err; -- CRYPTO_THREAD_write_lock(rand_lock); -- /* -- * Prevent deadlocks if we end up in an async engine -- */ -- ASYNC_block_pause(); -- if (!MD_Update(m, md, MD_DIGEST_LENGTH) || !MD_Final(m, md)) { -- CRYPTO_THREAD_unlock(rand_lock); -- goto err; -- } -- ASYNC_unblock_pause(); -- CRYPTO_THREAD_unlock(rand_lock); -- -- EVP_MD_CTX_free(m); -+ MD_Init(&m); -+ MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c)); -+ MD_Update(&m, local_md, MD_DIGEST_LENGTH); -+ if (lock) -+ CRYPTO_w_lock(CRYPTO_LOCK_RAND); -+ MD_Update(&m, md, MD_DIGEST_LENGTH); -+ MD_Final(&m, md); -+ if (lock) -+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND); -+ -+ EVP_MD_CTX_cleanup(&m); - if (ok) - return (1); - else if (pseudo) - return 0; - else { -- RANDerr(RAND_F_RAND_BYTES, RAND_R_PRNG_NOT_SEEDED); -+ RANDerr(RAND_F_SSLEAY_RAND_BYTES, RAND_R_PRNG_NOT_SEEDED); - ERR_add_error_data(1, "You need to read the OpenSSL FAQ, " -- "https://www.openssl.org/docs/faq.html"); -+ "http://www.openssl.org/support/faq.html"); - return (0); - } -- err: -- RANDerr(RAND_F_RAND_BYTES, ERR_R_EVP_LIB); -- EVP_MD_CTX_free(m); -- return 0; -- err_mem: -- RANDerr(RAND_F_RAND_BYTES, ERR_R_MALLOC_FAILURE); -- EVP_MD_CTX_free(m); -- return 0; -- - } - --static int rand_nopseudo_bytes(unsigned char *buf, int num) -+static int ssleay_rand_nopseudo_bytes(unsigned char *buf, int num) - { -- return rand_bytes(buf, num, 0); -+ return ssleay_rand_bytes(buf, num, 0, 1); - } - --#if OPENSSL_API_COMPAT < 0x10100000L - /* - * pseudo-random bytes that are guaranteed to be unique but not unpredictable - */ --static int rand_pseudo_bytes(unsigned char *buf, int num) -+static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) - { -- return rand_bytes(buf, num, 1); -+ return ssleay_rand_bytes(buf, num, 1, 1); - } --#endif - --static int rand_status(void) -+static int ssleay_rand_status(void) - { -- CRYPTO_THREAD_ID cur; -+ CRYPTO_THREADID cur; - int ret; - int do_not_lock; - -- if (!RUN_ONCE(&rand_lock_init, do_rand_lock_init)) -- return 0; -- -- cur = CRYPTO_THREAD_get_current_id(); -+ CRYPTO_THREADID_current(&cur); - /* - * check if we already have the lock (could happen if a RAND_poll() - * implementation calls RAND_status()) - */ - if (crypto_lock_rand) { -- CRYPTO_THREAD_read_lock(rand_tmp_lock); -- do_not_lock = CRYPTO_THREAD_compare_id(locking_threadid, cur); -- CRYPTO_THREAD_unlock(rand_tmp_lock); -+ CRYPTO_r_lock(CRYPTO_LOCK_RAND2); -+ do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur); -+ CRYPTO_r_unlock(CRYPTO_LOCK_RAND2); - } else - do_not_lock = 0; - - if (!do_not_lock) { -- CRYPTO_THREAD_write_lock(rand_lock); -- /* -- * Prevent deadlocks in case we end up in an async engine -- */ -- ASYNC_block_pause(); -+ CRYPTO_w_lock(CRYPTO_LOCK_RAND); - - /* -- * prevent rand_bytes() from trying to obtain the lock again -+ * prevent ssleay_rand_bytes() from trying to obtain the lock again - */ -- CRYPTO_THREAD_write_lock(rand_tmp_lock); -- locking_threadid = cur; -- CRYPTO_THREAD_unlock(rand_tmp_lock); -+ CRYPTO_w_lock(CRYPTO_LOCK_RAND2); -+ CRYPTO_THREADID_cpy(&locking_threadid, &cur); -+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); - crypto_lock_rand = 1; - } - -@@ -583,84 +585,8 @@ static int rand_status(void) - /* before unlocking, we must clear 'crypto_lock_rand' */ - crypto_lock_rand = 0; - -- ASYNC_unblock_pause(); -- CRYPTO_THREAD_unlock(rand_lock); -+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND); - } - - return ret; - } -- --/* -- * rand_hw_seed: get seed data from any available hardware RNG. only -- * currently supports rdrand. -- */ -- --/* Adapted from eng_rdrand.c */ -- --#if (defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ -- defined(__x86_64) || defined(__x86_64__) || \ -- defined(_M_AMD64) || defined (_M_X64)) && defined(OPENSSL_CPUID_OBJ) \ -- && !defined(OPENSSL_NO_RDRAND) -- --# define RDRAND_CALLS 4 -- --size_t OPENSSL_ia32_rdrand(void); --extern unsigned int OPENSSL_ia32cap_P[]; -- --static int rand_hw_seed(EVP_MD_CTX *ctx) --{ -- int i; -- if (!(OPENSSL_ia32cap_P[1] & (1 << (62 - 32)))) -- return 1; -- for (i = 0; i < RDRAND_CALLS; i++) { -- size_t rnd; -- rnd = OPENSSL_ia32_rdrand(); -- if (rnd == 0) -- return 1; -- if (!MD_Update(ctx, (unsigned char *)&rnd, sizeof(size_t))) -- return 0; -- } -- return 1; --} -- --/* XOR an existing buffer with random data */ -- --void rand_hw_xor(unsigned char *buf, size_t num) --{ -- size_t rnd; -- if (!(OPENSSL_ia32cap_P[1] & (1 << (62 - 32)))) -- return; -- while (num >= sizeof(size_t)) { -- rnd = OPENSSL_ia32_rdrand(); -- if (rnd == 0) -- return; -- *((size_t *)buf) ^= rnd; -- buf += sizeof(size_t); -- num -= sizeof(size_t); -- } -- if (num) { -- rnd = OPENSSL_ia32_rdrand(); -- if (rnd == 0) -- return; -- while (num) { -- *buf ^= rnd & 0xff; -- rnd >>= 8; -- buf++; -- num--; -- } -- } --} -- --#else -- --static int rand_hw_seed(EVP_MD_CTX *ctx) --{ -- return 1; --} -- --void rand_hw_xor(unsigned char *buf, size_t num) --{ -- return; --} -- --#endif -diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_egd.c b/Cryptlib/OpenSSL/crypto/rand/rand_egd.c -deleted file mode 100644 -index dd58b21..0000000 ---- a/Cryptlib/OpenSSL/crypto/rand/rand_egd.c -+++ /dev/null -@@ -1,249 +0,0 @@ --/* -- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include --#ifdef OPENSSL_NO_EGD --NON_EMPTY_TRANSLATION_UNIT --#else -- --# include --# include --# include -- --/*- -- * Query the EGD . -- * -- * This module supplies three routines: -- * -- * RAND_query_egd_bytes(path, buf, bytes) -- * will actually query "bytes" bytes of entropy form the egd-socket located -- * at path and will write them to buf (if supplied) or will directly feed -- * it to RAND_seed() if buf==NULL. -- * The number of bytes is not limited by the maximum chunk size of EGD, -- * which is 255 bytes. If more than 255 bytes are wanted, several chunks -- * of entropy bytes are requested. The connection is left open until the -- * query is competed. -- * RAND_query_egd_bytes() returns with -- * -1 if an error occurred during connection or communication. -- * num the number of bytes read from the EGD socket. This number is either -- * the number of bytes requested or smaller, if the EGD pool is -- * drained and the daemon signals that the pool is empty. -- * This routine does not touch any RAND_status(). This is necessary, since -- * PRNG functions may call it during initialization. -- * -- * RAND_egd_bytes(path, bytes) will query "bytes" bytes and have them -- * used to seed the PRNG. -- * RAND_egd_bytes() is a wrapper for RAND_query_egd_bytes() with buf=NULL. -- * Unlike RAND_query_egd_bytes(), RAND_status() is used to test the -- * seed status so that the return value can reflect the seed state: -- * -1 if an error occurred during connection or communication _or_ -- * if the PRNG has still not received the required seeding. -- * num the number of bytes read from the EGD socket. This number is either -- * the number of bytes requested or smaller, if the EGD pool is -- * drained and the daemon signals that the pool is empty. -- * -- * RAND_egd(path) will query 255 bytes and use the bytes retrieved to seed -- * the PRNG. -- * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255. -- */ -- --# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_UEFI) --int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) --{ -- return (-1); --} -- --int RAND_egd(const char *path) --{ -- return (-1); --} -- --int RAND_egd_bytes(const char *path, int bytes) --{ -- return (-1); --} --# else --# include --# include OPENSSL_UNISTD --# include --# include --# include --# ifndef NO_SYS_UN_H --# ifdef OPENSSL_SYS_VXWORKS --# include --# else --# include --# endif --# else --struct sockaddr_un { -- short sun_family; /* AF_UNIX */ -- char sun_path[108]; /* path name (gag) */ --}; --# endif /* NO_SYS_UN_H */ --# include --# include -- --int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) --{ -- int ret = 0; -- struct sockaddr_un addr; -- int len, num, numbytes; -- int fd = -1; -- int success; -- unsigned char egdbuf[2], tempbuf[255], *retrievebuf; -- -- memset(&addr, 0, sizeof(addr)); -- addr.sun_family = AF_UNIX; -- if (strlen(path) >= sizeof(addr.sun_path)) -- return (-1); -- OPENSSL_strlcpy(addr.sun_path, path, sizeof addr.sun_path); -- len = offsetof(struct sockaddr_un, sun_path) + strlen(path); -- fd = socket(AF_UNIX, SOCK_STREAM, 0); -- if (fd == -1) -- return (-1); -- success = 0; -- while (!success) { -- if (connect(fd, (struct sockaddr *)&addr, len) == 0) -- success = 1; -- else { -- switch (errno) { --# ifdef EINTR -- case EINTR: --# endif --# ifdef EAGAIN -- case EAGAIN: --# endif --# ifdef EINPROGRESS -- case EINPROGRESS: --# endif --# ifdef EALREADY -- case EALREADY: --# endif -- /* No error, try again */ -- break; --# ifdef EISCONN -- case EISCONN: -- success = 1; -- break; --# endif -- default: -- ret = -1; -- goto err; /* failure */ -- } -- } -- } -- -- while (bytes > 0) { -- egdbuf[0] = 1; -- egdbuf[1] = bytes < 255 ? bytes : 255; -- numbytes = 0; -- while (numbytes != 2) { -- num = write(fd, egdbuf + numbytes, 2 - numbytes); -- if (num >= 0) -- numbytes += num; -- else { -- switch (errno) { --# ifdef EINTR -- case EINTR: --# endif --# ifdef EAGAIN -- case EAGAIN: --# endif -- /* No error, try again */ -- break; -- default: -- ret = -1; -- goto err; /* failure */ -- } -- } -- } -- numbytes = 0; -- while (numbytes != 1) { -- num = read(fd, egdbuf, 1); -- if (num == 0) -- goto err; /* descriptor closed */ -- else if (num > 0) -- numbytes += num; -- else { -- switch (errno) { --# ifdef EINTR -- case EINTR: --# endif --# ifdef EAGAIN -- case EAGAIN: --# endif -- /* No error, try again */ -- break; -- default: -- ret = -1; -- goto err; /* failure */ -- } -- } -- } -- if (egdbuf[0] == 0) -- goto err; -- if (buf) -- retrievebuf = buf + ret; -- else -- retrievebuf = tempbuf; -- numbytes = 0; -- while (numbytes != egdbuf[0]) { -- num = read(fd, retrievebuf + numbytes, egdbuf[0] - numbytes); -- if (num == 0) -- goto err; /* descriptor closed */ -- else if (num > 0) -- numbytes += num; -- else { -- switch (errno) { --# ifdef EINTR -- case EINTR: --# endif --# ifdef EAGAIN -- case EAGAIN: --# endif -- /* No error, try again */ -- break; -- default: -- ret = -1; -- goto err; /* failure */ -- } -- } -- } -- ret += egdbuf[0]; -- bytes -= egdbuf[0]; -- if (!buf) -- RAND_seed(tempbuf, egdbuf[0]); -- } -- err: -- if (fd != -1) -- close(fd); -- return (ret); --} -- --int RAND_egd_bytes(const char *path, int bytes) --{ -- int num, ret = -1; -- -- num = RAND_query_egd_bytes(path, NULL, bytes); -- if (num < 0) -- goto err; -- if (RAND_status() == 1) -- ret = num; -- err: -- return (ret); --} -- --int RAND_egd(const char *path) --{ -- return (RAND_egd_bytes(path, 255)); --} -- --# endif -- --#endif -diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_err.c b/Cryptlib/OpenSSL/crypto/rand/rand_err.c -index 5543126..55d86ea 100644 ---- a/Cryptlib/OpenSSL/crypto/rand/rand_err.c -+++ b/Cryptlib/OpenSSL/crypto/rand/rand_err.c -@@ -1,11 +1,62 @@ --/* -- * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/rand/rand_err.c */ -+/* ==================================================================== -+ * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+/* -+ * NOTE: this file was auto generated by the mkerr.pl script: any changes -+ * made to it will be overwritten when the script next updates this file, -+ * only reason strings will be preserved. - */ - - #include -@@ -19,18 +70,25 @@ - # define ERR_REASON(reason) ERR_PACK(ERR_LIB_RAND,0,reason) - - static ERR_STRING_DATA RAND_str_functs[] = { -- {ERR_FUNC(RAND_F_RAND_BYTES), "RAND_bytes"}, -+ {ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"}, -+ {ERR_FUNC(RAND_F_RAND_INIT_FIPS), "RAND_init_fips"}, -+ {ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"}, - {0, NULL} - }; - - static ERR_STRING_DATA RAND_str_reasons[] = { -+ {ERR_REASON(RAND_R_DUAL_EC_DRBG_DISABLED), "dual ec drbg disabled"}, -+ {ERR_REASON(RAND_R_ERROR_INITIALISING_DRBG), "error initialising drbg"}, -+ {ERR_REASON(RAND_R_ERROR_INSTANTIATING_DRBG), "error instantiating drbg"}, -+ {ERR_REASON(RAND_R_NO_FIPS_RANDOM_METHOD_SET), -+ "no fips random method set"}, - {ERR_REASON(RAND_R_PRNG_NOT_SEEDED), "PRNG not seeded"}, - {0, NULL} - }; - - #endif - --int ERR_load_RAND_strings(void) -+void ERR_load_RAND_strings(void) - { - #ifndef OPENSSL_NO_ERR - -@@ -39,5 +97,4 @@ int ERR_load_RAND_strings(void) - ERR_load_strings(0, RAND_str_reasons); - } - #endif -- return 1; - } -diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_lcl.h b/Cryptlib/OpenSSL/crypto/rand/rand_lcl.h -index d98c90e..f9fda3e 100644 ---- a/Cryptlib/OpenSSL/crypto/rand/rand_lcl.h -+++ b/Cryptlib/OpenSSL/crypto/rand/rand_lcl.h -@@ -1,10 +1,112 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/rand/rand_lcl.h */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+/* ==================================================================== -+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #ifndef HEADER_RAND_LCL_H -@@ -13,7 +115,17 @@ - # define ENTROPY_NEEDED 32 /* require 256 bits = 32 bytes of randomness */ - - # if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND) --# define USE_SHA1_RAND -+# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) -+# define USE_SHA1_RAND -+# elif !defined(OPENSSL_NO_MD5) -+# define USE_MD5_RAND -+# elif !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES) -+# define USE_MDC2_RAND -+# elif !defined(OPENSSL_NO_MD2) -+# define USE_MD2_RAND -+# else -+# error No message digest algorithm available -+# endif - # endif - - # include -@@ -41,6 +153,6 @@ - # define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_md2(), NULL) - # endif - --void rand_hw_xor(unsigned char *buf, size_t num); -+int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock); - - #endif -diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_lib.c b/Cryptlib/OpenSSL/crypto/rand/rand_lib.c -index 2387126..88a78d3 100644 ---- a/Cryptlib/OpenSSL/crypto/rand/rand_lib.c -+++ b/Cryptlib/OpenSSL/crypto/rand/rand_lib.c -@@ -1,23 +1,74 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/rand/rand_lib.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include - #include --#include "internal/cryptlib.h" --#include --#include "internal/rand.h" -+#include "cryptlib.h" -+#include - --#include -+#ifndef OPENSSL_NO_ENGINE -+# include -+#endif - - #ifdef OPENSSL_FIPS - # include - # include -+# include "rand_lcl.h" - #endif - - #ifndef OPENSSL_NO_ENGINE -@@ -29,8 +80,10 @@ static const RAND_METHOD *default_RAND_meth = NULL; - int RAND_set_rand_method(const RAND_METHOD *meth) - { - #ifndef OPENSSL_NO_ENGINE -- ENGINE_finish(funct_ref); -- funct_ref = NULL; -+ if (funct_ref) { -+ ENGINE_finish(funct_ref); -+ funct_ref = NULL; -+ } - #endif - default_RAND_meth = meth; - return 1; -@@ -43,7 +96,7 @@ const RAND_METHOD *RAND_get_rand_method(void) - ENGINE *e = ENGINE_get_default_RAND(); - if (e) { - default_RAND_meth = ENGINE_get_RAND(e); -- if (default_RAND_meth == NULL) { -+ if (!default_RAND_meth) { - ENGINE_finish(e); - e = NULL; - } -@@ -52,7 +105,7 @@ const RAND_METHOD *RAND_get_rand_method(void) - funct_ref = e; - else - #endif -- default_RAND_meth = RAND_OpenSSL(); -+ default_RAND_meth = RAND_SSLeay(); - } - return default_RAND_meth; - } -@@ -65,7 +118,7 @@ int RAND_set_rand_engine(ENGINE *engine) - if (!ENGINE_init(engine)) - return 0; - tmp_meth = ENGINE_get_RAND(engine); -- if (tmp_meth == NULL) { -+ if (!tmp_meth) { - ENGINE_finish(engine); - return 0; - } -@@ -77,7 +130,7 @@ int RAND_set_rand_engine(ENGINE *engine) - } - #endif - --void rand_cleanup_int(void) -+void RAND_cleanup(void) - { - const RAND_METHOD *meth = RAND_get_rand_method(); - if (meth && meth->cleanup) -@@ -107,7 +160,6 @@ int RAND_bytes(unsigned char *buf, int num) - return (-1); - } - --#if OPENSSL_API_COMPAT < 0x10100000L - int RAND_pseudo_bytes(unsigned char *buf, int num) - { - const RAND_METHOD *meth = RAND_get_rand_method(); -@@ -115,7 +167,6 @@ int RAND_pseudo_bytes(unsigned char *buf, int num) - return meth->pseudorand(buf, num); - return (-1); - } --#endif - - int RAND_status(void) - { -@@ -124,3 +175,126 @@ int RAND_status(void) - return meth->status(); - return 0; - } -+ -+#ifdef OPENSSL_FIPS -+ -+/* -+ * FIPS DRBG initialisation code. This sets up the DRBG for use by the rest -+ * of OpenSSL. -+ */ -+ -+/* -+ * Entropy gatherer: use standard OpenSSL PRNG to seed (this will gather -+ * entropy internally through RAND_poll(). -+ */ -+ -+static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout, -+ int entropy, size_t min_len, size_t max_len) -+{ -+ /* Round up request to multiple of block size */ -+ min_len = ((min_len + 19) / 20) * 20; -+ *pout = OPENSSL_malloc(min_len); -+ if (!*pout) -+ return 0; -+ if (ssleay_rand_bytes(*pout, min_len, 0, 0) <= 0) { -+ OPENSSL_free(*pout); -+ *pout = NULL; -+ return 0; -+ } -+ return min_len; -+} -+ -+static void drbg_free_entropy(DRBG_CTX *ctx, unsigned char *out, size_t olen) -+{ -+ if (out) { -+ OPENSSL_cleanse(out, olen); -+ OPENSSL_free(out); -+ } -+} -+ -+/* -+ * Set "additional input" when generating random data. This uses the current -+ * PID, a time value and a counter. -+ */ -+ -+static size_t drbg_get_adin(DRBG_CTX *ctx, unsigned char **pout) -+{ -+ /* Use of static variables is OK as this happens under a lock */ -+ static unsigned char buf[16]; -+ static unsigned long counter; -+ FIPS_get_timevec(buf, &counter); -+ *pout = buf; -+ return sizeof(buf); -+} -+ -+/* -+ * RAND_add() and RAND_seed() pass through to OpenSSL PRNG so it is -+ * correctly seeded by RAND_poll(). -+ */ -+ -+static int drbg_rand_add(DRBG_CTX *ctx, const void *in, int inlen, -+ double entropy) -+{ -+ RAND_SSLeay()->add(in, inlen, entropy); -+ return 1; -+} -+ -+static int drbg_rand_seed(DRBG_CTX *ctx, const void *in, int inlen) -+{ -+ RAND_SSLeay()->seed(in, inlen); -+ return 1; -+} -+ -+# ifndef OPENSSL_DRBG_DEFAULT_TYPE -+# define OPENSSL_DRBG_DEFAULT_TYPE NID_aes_256_ctr -+# endif -+# ifndef OPENSSL_DRBG_DEFAULT_FLAGS -+# define OPENSSL_DRBG_DEFAULT_FLAGS DRBG_FLAG_CTR_USE_DF -+# endif -+ -+static int fips_drbg_type = OPENSSL_DRBG_DEFAULT_TYPE; -+static int fips_drbg_flags = OPENSSL_DRBG_DEFAULT_FLAGS; -+ -+void RAND_set_fips_drbg_type(int type, int flags) -+{ -+ fips_drbg_type = type; -+ fips_drbg_flags = flags; -+} -+ -+int RAND_init_fips(void) -+{ -+ DRBG_CTX *dctx; -+ size_t plen; -+ unsigned char pers[32], *p; -+# ifndef OPENSSL_ALLOW_DUAL_EC_DRBG -+ if (fips_drbg_type >> 16) { -+ RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_DUAL_EC_DRBG_DISABLED); -+ return 0; -+ } -+# endif -+ -+ dctx = FIPS_get_default_drbg(); -+ if (FIPS_drbg_init(dctx, fips_drbg_type, fips_drbg_flags) <= 0) { -+ RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_ERROR_INITIALISING_DRBG); -+ return 0; -+ } -+ -+ FIPS_drbg_set_callbacks(dctx, -+ drbg_get_entropy, drbg_free_entropy, 20, -+ drbg_get_entropy, drbg_free_entropy); -+ FIPS_drbg_set_rand_callbacks(dctx, drbg_get_adin, 0, -+ drbg_rand_seed, drbg_rand_add); -+ /* Personalisation string: a string followed by date time vector */ -+ strcpy((char *)pers, "OpenSSL DRBG2.0"); -+ plen = drbg_get_adin(dctx, &p); -+ memcpy(pers + 16, p, plen); -+ -+ if (FIPS_drbg_instantiate(dctx, pers, sizeof(pers)) <= 0) { -+ RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_ERROR_INSTANTIATING_DRBG); -+ return 0; -+ } -+ FIPS_rand_set_method(FIPS_drbg_method()); -+ return 1; -+} -+ -+#endif -diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_unix.c b/Cryptlib/OpenSSL/crypto/rand/rand_unix.c -index ecba2dc..11ee152 100644 ---- a/Cryptlib/OpenSSL/crypto/rand/rand_unix.c -+++ b/Cryptlib/OpenSSL/crypto/rand/rand_unix.c -@@ -1,21 +1,122 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/rand/rand_unix.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+/* ==================================================================== -+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ -- - #include - - #define USE_SOCKETS - #include "e_os.h" --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include "rand_lcl.h" - --#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)) -+#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI)) - - # include - # include -@@ -143,17 +244,17 @@ int RAND_poll(void) - { - unsigned long l; - pid_t curr_pid = getpid(); --# if defined(DEVRANDOM) || (!defined(OPENSS_NO_EGD) && defined(DEVRANDOM_EGD)) -+# if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) - unsigned char tmpbuf[ENTROPY_NEEDED]; - int n = 0; - # endif - # ifdef DEVRANDOM - static const char *randomfiles[] = { DEVRANDOM }; -- struct stat randomstats[OSSL_NELEM(randomfiles)]; -+ struct stat randomstats[sizeof(randomfiles) / sizeof(randomfiles[0])]; - int fd; - unsigned int i; - # endif --# if !defined(OPENSSL_NO_EGD) && defined(DEVRANDOM_EGD) -+# ifdef DEVRANDOM_EGD - static const char *egdsockets[] = { DEVRANDOM_EGD, NULL }; - const char **egdsocket = NULL; - # endif -@@ -166,7 +267,8 @@ int RAND_poll(void) - * out of random entries. - */ - -- for (i = 0; (i < OSSL_NELEM(randomfiles)) && (n < ENTROPY_NEEDED); i++) { -+ for (i = 0; (i < sizeof(randomfiles) / sizeof(randomfiles[0])) && -+ (n < ENTROPY_NEEDED); i++) { - if ((fd = open(randomfiles[i], O_RDONLY - # ifdef O_NONBLOCK - | O_NONBLOCK -@@ -205,7 +307,14 @@ int RAND_poll(void) - do { - int try_read = 0; - --# if defined(OPENSSL_SYS_LINUX) -+# if defined(OPENSSL_SYS_BEOS_R5) -+ /* -+ * select() is broken in BeOS R5, so we simply try to read -+ * something and snooze if we couldn't -+ */ -+ try_read = 1; -+ -+# elif defined(OPENSSL_SYS_LINUX) - /* use poll() */ - struct pollfd pset; - -@@ -249,6 +358,10 @@ int RAND_poll(void) - ENTROPY_NEEDED - n); - if (r > 0) - n += r; -+# if defined(OPENSSL_SYS_BEOS_R5) -+ if (r == 0) -+ snooze(t.tv_usec); -+# endif - } else - r = -1; - -@@ -270,7 +383,7 @@ int RAND_poll(void) - } - # endif /* defined(DEVRANDOM) */ - --# if !defined(OPENSSL_NO_EGD) && defined(DEVRANDOM_EGD) -+# ifdef DEVRANDOM_EGD - /* - * Use an EGD socket to read entropy from an EGD or PRNGD entropy - * collecting daemon. -@@ -287,7 +400,7 @@ int RAND_poll(void) - } - # endif /* defined(DEVRANDOM_EGD) */ - --# if defined(DEVRANDOM) || (!defined(OPENSSL_NO_EGD) && defined(DEVRANDOM_EGD)) -+# if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) - if (n > 0) { - RAND_add(tmpbuf, sizeof tmpbuf, (double)n); - OPENSSL_cleanse(tmpbuf, n); -@@ -303,7 +416,15 @@ int RAND_poll(void) - l = time(NULL); - RAND_add(&l, sizeof(l), 0.0); - --# if defined(DEVRANDOM) || (!defined(OPENSSL_NO_EGD) && defined(DEVRANDOM_EGD)) -+# if defined(OPENSSL_SYS_BEOS) -+ { -+ system_info sysInfo; -+ get_system_info(&sysInfo); -+ RAND_add(&sysInfo, sizeof(sysInfo), 0); -+ } -+# endif -+ -+# if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) - return 1; - # else - return 0; -@@ -314,7 +435,9 @@ int RAND_poll(void) - #endif /* !(defined(OPENSSL_SYS_WINDOWS) || - * defined(OPENSSL_SYS_WIN32) || - * defined(OPENSSL_SYS_VMS) || -- * defined(OPENSSL_SYS_VXWORKS) */ -+ * defined(OPENSSL_SYS_OS2) || -+ * defined(OPENSSL_SYS_VXWORKS) || -+ * defined(OPENSSL_SYS_NETWARE)) */ - - #if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI) - int RAND_poll(void) -diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_vms.c b/Cryptlib/OpenSSL/crypto/rand/rand_vms.c -deleted file mode 100644 -index 9c462dd..0000000 ---- a/Cryptlib/OpenSSL/crypto/rand/rand_vms.c -+++ /dev/null -@@ -1,133 +0,0 @@ --/* -- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --/* -- * Modified by VMS Software, Inc (2016) -- * Eliminate looping through all processes (performance) -- * Add additional randomizations using rand() function -- */ -- --#include --#include "rand_lcl.h" -- --#if defined(OPENSSL_SYS_VMS) --# include --# include --# include --# include --# include --# ifdef __DECC --# pragma message disable DOLLARID --# endif -- --/* -- * Use 32-bit pointers almost everywhere. Define the type to which to cast a -- * pointer passed to an external function. -- */ --# if __INITIAL_POINTER_SIZE == 64 --# define PTR_T __void_ptr64 --# pragma pointer_size save --# pragma pointer_size 32 --# else /* __INITIAL_POINTER_SIZE == 64 */ --# define PTR_T void * --# endif /* __INITIAL_POINTER_SIZE == 64 [else] */ -- --static struct items_data_st { -- short length, code; /* length is number of bytes */ --} items_data[] = { -- {4, JPI$_BUFIO}, -- {4, JPI$_CPUTIM}, -- {4, JPI$_DIRIO}, -- {4, JPI$_IMAGECOUNT}, -- {8, JPI$_LAST_LOGIN_I}, -- {8, JPI$_LOGINTIM}, -- {4, JPI$_PAGEFLTS}, -- {4, JPI$_PID}, -- {4, JPI$_PPGCNT}, -- {4, JPI$_WSPEAK}, -- {4, JPI$_FINALEXC}, -- {0, 0} /* zero terminated */ --}; -- --int RAND_poll(void) --{ -- -- /* determine the number of items in the JPI array */ -- -- struct items_data_st item_entry; -- int item_entry_count = sizeof(items_data)/sizeof(item_entry); -- -- /* Create the JPI itemlist array to hold item_data content */ -- -- struct { -- short length, code; -- int *buffer; -- int *retlen; -- } item[item_entry_count], *pitem; /* number of entries in items_data */ -- -- struct items_data_st *pitems_data; -- int data_buffer[(item_entry_count*2)+4]; /* 8 bytes per entry max */ -- int iosb[2]; -- int sys_time[2]; -- int *ptr; -- int i, j ; -- int tmp_length = 0; -- int total_length = 0; -- -- pitems_data = items_data; -- pitem = item; -- -- -- /* Setup itemlist for GETJPI */ -- while (pitems_data->length) { -- pitem->length = pitems_data->length; -- pitem->code = pitems_data->code; -- pitem->buffer = &data_buffer[total_length]; -- pitem->retlen = 0; -- /* total_length is in longwords */ -- total_length += pitems_data->length/4; -- pitems_data++; -- pitem ++; -- } -- pitem->length = pitem->code = 0; -- -- /* Fill data_buffer with various info bits from this process */ -- /* and twist that data to seed the SSL random number init */ -- -- if (sys$getjpiw(EFN$C_ENF, NULL, NULL, item, &iosb, 0, 0) == SS$_NORMAL) { -- for (i = 0; i < total_length; i++) { -- sys$gettim((struct _generic_64 *)&sys_time[0]); -- srand(sys_time[0] * data_buffer[0] * data_buffer[1] + i); -- -- if (i == (total_length - 1)) { /* for JPI$_FINALEXC */ -- ptr = &data_buffer[i]; -- for (j = 0; j < 4; j++) { -- data_buffer[i + j] = ptr[j]; -- /* OK to use rand() just to scramble the seed */ -- data_buffer[i + j] ^= (sys_time[0] ^ rand()); -- tmp_length++; -- } -- } else { -- /* OK to use rand() just to scramble the seed */ -- data_buffer[i] ^= (sys_time[0] ^ rand()); -- } -- } -- -- total_length += (tmp_length - 1); -- -- /* size of seed is total_length*4 bytes (64bytes) */ -- RAND_add((PTR_T) data_buffer, total_length*4, total_length * 2); -- } else { -- return 0; -- } -- -- return 1; --} -- --#endif -diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_win.c b/Cryptlib/OpenSSL/crypto/rand/rand_win.c -deleted file mode 100644 -index 1be0ed3..0000000 ---- a/Cryptlib/OpenSSL/crypto/rand/rand_win.c -+++ /dev/null -@@ -1,135 +0,0 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include "internal/cryptlib.h" --#include --#include "rand_lcl.h" -- --#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) --# include --/* On Windows 7 or higher use BCrypt instead of the legacy CryptoAPI */ --# if defined(_MSC_VER) && defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0601 --# define RAND_WINDOWS_USE_BCRYPT --# endif -- --# ifdef RAND_WINDOWS_USE_BCRYPT --# include --# pragma comment(lib, "bcrypt.lib") --# ifndef STATUS_SUCCESS --# define STATUS_SUCCESS ((NTSTATUS)0x00000000L) --# endif --# else --# include --/* -- * Intel hardware RNG CSP -- available from -- * http://developer.intel.com/design/security/rng/redist_license.htm -- */ --# define PROV_INTEL_SEC 22 --# define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider" --# endif -- --static void readtimer(void); -- --int RAND_poll(void) --{ -- MEMORYSTATUS mst; --# ifndef RAND_WINDOWS_USE_BCRYPT -- HCRYPTPROV hProvider; --# endif -- DWORD w; -- BYTE buf[64]; -- --# ifdef RAND_WINDOWS_USE_BCRYPT -- if (BCryptGenRandom(NULL, buf, (ULONG)sizeof(buf), BCRYPT_USE_SYSTEM_PREFERRED_RNG) == STATUS_SUCCESS) { -- RAND_add(buf, sizeof(buf), sizeof(buf)); -- } --# else -- /* poll the CryptoAPI PRNG */ -- /* The CryptoAPI returns sizeof(buf) bytes of randomness */ -- if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) { -- if (CryptGenRandom(hProvider, (DWORD)sizeof(buf), buf) != 0) { -- RAND_add(buf, sizeof(buf), sizeof(buf)); -- } -- CryptReleaseContext(hProvider, 0); -- } -- -- /* poll the Pentium PRG with CryptoAPI */ -- if (CryptAcquireContextW(&hProvider, NULL, INTEL_DEF_PROV, PROV_INTEL_SEC, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) { -- if (CryptGenRandom(hProvider, (DWORD)sizeof(buf), buf) != 0) { -- RAND_add(buf, sizeof(buf), sizeof(buf)); -- } -- CryptReleaseContext(hProvider, 0); -- } --# endif -- -- /* timer data */ -- readtimer(); -- -- /* memory usage statistics */ -- GlobalMemoryStatus(&mst); -- RAND_add(&mst, sizeof(mst), 1); -- -- /* process ID */ -- w = GetCurrentProcessId(); -- RAND_add(&w, sizeof(w), 1); -- -- return (1); --} -- --#if OPENSSL_API_COMPAT < 0x10100000L --int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam) --{ -- RAND_poll(); -- return RAND_status(); --} -- --void RAND_screen(void) --{ -- RAND_poll(); --} --#endif -- --/* feed timing information to the PRNG */ --static void readtimer(void) --{ -- DWORD w; -- LARGE_INTEGER l; -- static int have_perfc = 1; --# if defined(_MSC_VER) && defined(_M_X86) -- static int have_tsc = 1; -- DWORD cyclecount; -- -- if (have_tsc) { -- __try { -- __asm { -- _emit 0x0f _emit 0x31 mov cyclecount, eax} -- RAND_add(&cyclecount, sizeof(cyclecount), 1); -- } -- __except(EXCEPTION_EXECUTE_HANDLER) { -- have_tsc = 0; -- } -- } --# else --# define have_tsc 0 --# endif -- -- if (have_perfc) { -- if (QueryPerformanceCounter(&l) == 0) -- have_perfc = 0; -- else -- RAND_add(&l, sizeof(l), 0); -- } -- -- if (!have_tsc && !have_perfc) { -- w = GetTickCount(); -- RAND_add(&w, sizeof(w), 0); -- } --} -- --#endif -diff --git a/Cryptlib/OpenSSL/crypto/rand/randfile.c b/Cryptlib/OpenSSL/crypto/rand/randfile.c -index 15fa9dc..728fd0a 100644 ---- a/Cryptlib/OpenSSL/crypto/rand/randfile.c -+++ b/Cryptlib/OpenSSL/crypto/rand/randfile.c -@@ -1,19 +1,67 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/rand/randfile.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - --#include "internal/cryptlib.h" -- - #include - #include - #include - #include - -+#include "e_os.h" - #include - #include - #include -@@ -57,52 +105,23 @@ - # define chmod _chmod - # define open _open - # define fdopen _fdopen --# define fstat _fstat --# define fileno _fileno - #endif - - #undef BUFSIZE - #define BUFSIZE 1024 - #define RAND_DATA 1024 - --#ifdef OPENSSL_SYS_VMS --/* -- * Misc hacks needed for specific cases. -- * -- * __FILE_ptr32 is a type provided by DEC C headers (types.h specifically) -- * to make sure the FILE* is a 32-bit pointer no matter what. We know that -- * stdio function return this type (a study of stdio.h proves it). -- * Additionally, we create a similar char pointer type for the sake of -- * vms_setbuf below. -- */ --# if __INITIAL_POINTER_SIZE == 64 --# pragma pointer_size save --# pragma pointer_size 32 --typedef char *char_ptr32; --# pragma pointer_size restore --/* -- * On VMS, setbuf() will only take 32-bit pointers, and a compilation -- * with /POINTER_SIZE=64 will give off a MAYLOSEDATA2 warning here. -- * Since we know that the FILE* really is a 32-bit pointer expanded to -- * 64 bits, we also know it's safe to convert it back to a 32-bit pointer. -- * As for the buffer parameter, we only use NULL here, so that passes as -- * well... -- */ --# define setbuf(fp,buf) (setbuf)((__FILE_ptr32)(fp), (char_ptr32)(buf)) --# endif -- -+#if (defined(OPENSSL_SYS_VMS) && (defined(__alpha) || defined(__ia64))) - /* - * This declaration is a nasty hack to get around vms' extension to fopen for -- * passing in sharing options being disabled by /STANDARD=ANSI89 -+ * passing in sharing options being disabled by our /STANDARD=ANSI89 - */ --static __FILE_ptr32 (*const vms_fopen)(const char *, const char *, ...) = -- (__FILE_ptr32 (*)(const char *, const char *, ...))fopen; -+static FILE *(*const vms_fopen)(const char *, const char *, ...) = -+ (FILE *(*)(const char *, const char *, ...))fopen; - # define VMS_OPEN_ATTRS "shr=get,put,upd,del","ctx=bin,stm","rfm=stm","rat=none","mrs=0" -- --# define openssl_fopen(fname,mode) vms_fopen((fname), (mode), VMS_OPEN_ATTRS) - #endif - --#define RFILE ".rnd" -+/* #define RFILE ".rnd" - defined in ../../e_os.h */ - - /* - * Note that these functions are intended for seed files only. Entropy -@@ -116,24 +135,35 @@ int RAND_load_file(const char *file, long bytes) - * if bytes == -1, read complete file. - */ - -- unsigned char buf[BUFSIZE]; -+ MS_STATIC unsigned char buf[BUFSIZE]; - #ifndef OPENSSL_NO_POSIX_IO - struct stat sb; - #endif - int i, ret = 0, n; -- FILE *in = NULL; -+/* -+ * If setvbuf() is to be called, then the FILE pointer -+ * to it must be 32 bit. -+*/ -+ -+#if !defined OPENSSL_NO_SETVBUF_IONBF && defined(OPENSSL_SYS_VMS) && defined(__VMS_VER) && (__VMS_VER >= 70000000) -+ /* For 64-bit-->32 bit API Support*/ -+#if __INITIAL_POINTER_SIZE == 64 -+#pragma __required_pointer_size __save -+#pragma __required_pointer_size 32 -+#endif -+ FILE *in; /* setvbuf() requires 32-bit pointers */ -+#if __INITIAL_POINTER_SIZE == 64 -+#pragma __required_pointer_size __restore -+#endif -+#else -+ FILE *in; -+#endif /* OPENSSL_SYS_VMS */ - - if (file == NULL) -- return 0; -- -- if (bytes == 0) -- return ret; -- -- in = openssl_fopen(file, "rb"); -- if (in == NULL) -- goto err; -+ return (0); - - #ifndef OPENSSL_NO_POSIX_IO -+# ifdef PURIFY - /* - * struct stat can have padding and unused fields that may not be - * initialized in the call to stat(). We need to clear the entire -@@ -141,11 +171,22 @@ int RAND_load_file(const char *file, long bytes) - * applications such as Valgrind. - */ - memset(&sb, 0, sizeof(sb)); -- if (fstat(fileno(in), &sb) < 0) -- goto err; -+# endif -+ if (stat(file, &sb) < 0) -+ return (0); - RAND_add(&sb, sizeof(sb), 0.0); -+#endif -+ if (bytes == 0) -+ return (ret); - --# if defined(S_ISBLK) && defined(S_ISCHR) -+#ifdef OPENSSL_SYS_VMS -+ in = vms_fopen(file, "rb", VMS_OPEN_ATTRS); -+#else -+ in = fopen(file, "rb"); -+#endif -+ if (in == NULL) -+ goto err; -+#if defined(S_ISBLK) && defined(S_ISCHR) && !defined(OPENSSL_NO_POSIX_IO) - if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) { - /* - * this file is a device. we don't want read an infinite number of -@@ -153,9 +194,10 @@ int RAND_load_file(const char *file, long bytes) - * because we will waste system entropy. - */ - bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */ -- setbuf(in, NULL); /* don't do buffered reads */ -+# ifndef OPENSSL_NO_SETVBUF_IONBF -+ setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */ -+# endif /* ndef OPENSSL_NO_SETVBUF_IONBF */ - } --# endif - #endif - for (;;) { - if (bytes > 0) -@@ -165,8 +207,12 @@ int RAND_load_file(const char *file, long bytes) - i = fread(buf, 1, n, in); - if (i <= 0) - break; -- -+#ifdef PURIFY - RAND_add(buf, i, (double)i); -+#else -+ /* even if n != i, use the full array */ -+ RAND_add(buf, n, (double)i); -+#endif - ret += i; - if (bytes > 0) { - bytes -= n; -@@ -174,11 +220,10 @@ int RAND_load_file(const char *file, long bytes) - break; - } - } -+ fclose(in); - OPENSSL_cleanse(buf, BUFSIZE); - err: -- if (in != NULL) -- fclose(in); -- return ret; -+ return (ret); - } - - int RAND_write_file(const char *file) -@@ -190,15 +235,9 @@ int RAND_write_file(const char *file) - #ifndef OPENSSL_NO_POSIX_IO - struct stat sb; - --# if defined(S_ISBLK) && defined(S_ISCHR) --# ifdef _WIN32 -- /* -- * Check for |file| being a driver as "ASCII-safe" on Windows, -- * because driver paths are always ASCII. -- */ --# endif - i = stat(file, &sb); - if (i != -1) { -+# if defined(S_ISBLK) && defined(S_ISCHR) - if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) { - /* - * this file is a device. we don't write back to it. we -@@ -206,14 +245,13 @@ int RAND_write_file(const char *file) - * device. Otherwise attempting to write to and chmod the device - * causes problems. - */ -- return 1; -+ return (1); - } -- } - # endif -+ } - #endif - --#if defined(O_CREAT) && !defined(OPENSSL_NO_POSIX_IO) && \ -- !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WINDOWS) -+#if defined(O_CREAT) && !defined(OPENSSL_NO_POSIX_IO) && !defined(OPENSSL_SYS_VMS) - { - # ifndef O_BINARY - # define O_BINARY 0 -@@ -228,7 +266,7 @@ int RAND_write_file(const char *file) - } - #endif - --#ifdef OPENSSL_SYS_VMS -+#if (defined(OPENSSL_SYS_VMS) && (defined(__alpha) || defined(__ia64))) - /* - * VMS NOTE: Prior versions of this routine created a _new_ version of - * the rand file for each call into this routine, then deleted all -@@ -247,14 +285,17 @@ int RAND_write_file(const char *file) - * rand file in a concurrent use situation. - */ - -- out = openssl_fopen(file, "rb+"); --#endif -+ out = vms_fopen(file, "rb+", VMS_OPEN_ATTRS); - if (out == NULL) -- out = openssl_fopen(file, "wb"); -+ out = vms_fopen(file, "wb", VMS_OPEN_ATTRS); -+#else -+ if (out == NULL) -+ out = fopen(file, "wb"); -+#endif - if (out == NULL) - goto err; - --#if !defined(NO_CHMOD) && !defined(OPENSSL_NO_POSIX_IO) -+#ifndef NO_CHMOD - chmod(file, 0600); - #endif - n = RAND_DATA; -@@ -282,70 +323,31 @@ int RAND_write_file(const char *file) - const char *RAND_file_name(char *buf, size_t size) - { - char *s = NULL; -- int use_randfile = 1; - #ifdef __OpenBSD__ - struct stat sb; - #endif - --#if defined(_WIN32) && defined(CP_UTF8) -- DWORD len; -- WCHAR *var, *val; -- -- if ((var = L"RANDFILE", -- len = GetEnvironmentVariableW(var, NULL, 0)) == 0 -- && (var = L"HOME", use_randfile = 0, -- len = GetEnvironmentVariableW(var, NULL, 0)) == 0 -- && (var = L"USERPROFILE", -- len = GetEnvironmentVariableW(var, NULL, 0)) == 0) { -- var = L"SYSTEMROOT", -- len = GetEnvironmentVariableW(var, NULL, 0); -- } -- -- if (len != 0) { -- int sz; -- -- val = _alloca(len * sizeof(WCHAR)); -- -- if (GetEnvironmentVariableW(var, val, len) < len -- && (sz = WideCharToMultiByte(CP_UTF8, 0, val, -1, NULL, 0, -- NULL, NULL)) != 0) { -- s = _alloca(sz); -- if (WideCharToMultiByte(CP_UTF8, 0, val, -1, s, sz, -- NULL, NULL) == 0) -- s = NULL; -- } -- } --#else -- if (OPENSSL_issetugid() != 0) { -- use_randfile = 0; -- } else { -+ if (OPENSSL_issetugid() == 0) - s = getenv("RANDFILE"); -- if (s == NULL || *s == '\0') { -- use_randfile = 0; -+ if (s != NULL && *s && strlen(s) + 1 < size) { -+ if (BUF_strlcpy(buf, s, size) >= size) -+ return NULL; -+ } else { -+ if (OPENSSL_issetugid() == 0) - s = getenv("HOME"); -- } -- } --#endif - #ifdef DEFAULT_HOME -- if (!use_randfile && s == NULL) { -- s = DEFAULT_HOME; -- } -+ if (s == NULL) { -+ s = DEFAULT_HOME; -+ } - #endif -- if (s != NULL && *s) { -- size_t len = strlen(s); -- -- if (use_randfile && len + 1 < size) { -- if (OPENSSL_strlcpy(buf, s, size) >= size) -- return NULL; -- } else if (len + strlen(RFILE) + 2 < size) { -- OPENSSL_strlcpy(buf, s, size); -+ if (s && *s && strlen(s) + strlen(RFILE) + 2 < size) { -+ BUF_strlcpy(buf, s, size); - #ifndef OPENSSL_SYS_VMS -- OPENSSL_strlcat(buf, "/", size); -+ BUF_strlcat(buf, "/", size); - #endif -- OPENSSL_strlcat(buf, RFILE, size); -- } -- } else { -- buf[0] = '\0'; /* no file name */ -+ BUF_strlcat(buf, RFILE, size); -+ } else -+ buf[0] = '\0'; /* no file name */ - } - - #ifdef __OpenBSD__ -@@ -357,10 +359,14 @@ const char *RAND_file_name(char *buf, size_t size) - * available. - */ - -- if (!buf[0] || stat(buf, &sb) == -1) -- if (OPENSSL_strlcpy(buf, "/dev/arandom", size) >= size) { -- return NULL; -+ if (!buf[0]) -+ if (BUF_strlcpy(buf, "/dev/arandom", size) >= size) { -+ return (NULL); -+ } -+ if (stat(buf, &sb) == -1) -+ if (BUF_strlcpy(buf, "/dev/arandom", size) >= size) { -+ return (NULL); - } - #endif -- return buf[0] ? buf : NULL; -+ return (buf); - } -diff --git a/Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c b/Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c -index be11bad..0f0a248 100644 ---- a/Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c -+++ b/Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c -@@ -1,10 +1,59 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/rc4/rc4_enc.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include -@@ -30,6 +79,197 @@ void RC4(RC4_KEY *key, size_t len, const unsigned char *indata, - y = key->y; - d = key->data; - -+#if defined(RC4_CHUNK) && !defined(PEDANTIC) -+ /*- -+ * The original reason for implementing this(*) was the fact that -+ * pre-21164a Alpha CPUs don't have byte load/store instructions -+ * and e.g. a byte store has to be done with 64-bit load, shift, -+ * and, or and finally 64-bit store. Peaking data and operating -+ * at natural word size made it possible to reduce amount of -+ * instructions as well as to perform early read-ahead without -+ * suffering from RAW (read-after-write) hazard. This resulted -+ * in ~40%(**) performance improvement on 21064 box with gcc. -+ * But it's not only Alpha users who win here:-) Thanks to the -+ * early-n-wide read-ahead this implementation also exhibits -+ * >40% speed-up on SPARC and 20-30% on 64-bit MIPS (depending -+ * on sizeof(RC4_INT)). -+ * -+ * (*) "this" means code which recognizes the case when input -+ * and output pointers appear to be aligned at natural CPU -+ * word boundary -+ * (**) i.e. according to 'apps/openssl speed rc4' benchmark, -+ * crypto/rc4/rc4speed.c exhibits almost 70% speed-up... -+ * -+ * Cavets. -+ * -+ * - RC4_CHUNK="unsigned long long" should be a #1 choice for -+ * UltraSPARC. Unfortunately gcc generates very slow code -+ * (2.5-3 times slower than one generated by Sun's WorkShop -+ * C) and therefore gcc (at least 2.95 and earlier) should -+ * always be told that RC4_CHUNK="unsigned long". -+ * -+ * -+ */ -+ -+# define RC4_STEP ( \ -+ x=(x+1) &0xff, \ -+ tx=d[x], \ -+ y=(tx+y)&0xff, \ -+ ty=d[y], \ -+ d[y]=tx, \ -+ d[x]=ty, \ -+ (RC4_CHUNK)d[(tx+ty)&0xff]\ -+ ) -+ -+ if ((((size_t)indata & (sizeof(RC4_CHUNK) - 1)) | -+ ((size_t)outdata & (sizeof(RC4_CHUNK) - 1))) == 0) { -+ RC4_CHUNK ichunk, otp; -+ const union { -+ long one; -+ char little; -+ } is_endian = { -+ 1 -+ }; -+ -+ /*- -+ * I reckon we can afford to implement both endian -+ * cases and to decide which way to take at run-time -+ * because the machine code appears to be very compact -+ * and redundant 1-2KB is perfectly tolerable (i.e. -+ * in case the compiler fails to eliminate it:-). By -+ * suggestion from Terrel Larson -+ * who also stands for the is_endian union:-) -+ * -+ * Special notes. -+ * -+ * - is_endian is declared automatic as doing otherwise -+ * (declaring static) prevents gcc from eliminating -+ * the redundant code; -+ * - compilers (those I've tried) don't seem to have -+ * problems eliminating either the operators guarded -+ * by "if (sizeof(RC4_CHUNK)==8)" or the condition -+ * expressions themselves so I've got 'em to replace -+ * corresponding #ifdefs from the previous version; -+ * - I chose to let the redundant switch cases when -+ * sizeof(RC4_CHUNK)!=8 be (were also #ifdefed -+ * before); -+ * - in case you wonder "&(sizeof(RC4_CHUNK)*8-1)" in -+ * [LB]ESHFT guards against "shift is out of range" -+ * warnings when sizeof(RC4_CHUNK)!=8 -+ * -+ * -+ */ -+ if (!is_endian.little) { /* BIG-ENDIAN CASE */ -+# define BESHFT(c) (((sizeof(RC4_CHUNK)-(c)-1)*8)&(sizeof(RC4_CHUNK)*8-1)) -+ for (; len & (0 - sizeof(RC4_CHUNK)); len -= sizeof(RC4_CHUNK)) { -+ ichunk = *(RC4_CHUNK *) indata; -+ otp = RC4_STEP << BESHFT(0); -+ otp |= RC4_STEP << BESHFT(1); -+ otp |= RC4_STEP << BESHFT(2); -+ otp |= RC4_STEP << BESHFT(3); -+ if (sizeof(RC4_CHUNK) == 8) { -+ otp |= RC4_STEP << BESHFT(4); -+ otp |= RC4_STEP << BESHFT(5); -+ otp |= RC4_STEP << BESHFT(6); -+ otp |= RC4_STEP << BESHFT(7); -+ } -+ *(RC4_CHUNK *) outdata = otp ^ ichunk; -+ indata += sizeof(RC4_CHUNK); -+ outdata += sizeof(RC4_CHUNK); -+ } -+ if (len) { -+ RC4_CHUNK mask = (RC4_CHUNK) - 1, ochunk; -+ -+ ichunk = *(RC4_CHUNK *) indata; -+ ochunk = *(RC4_CHUNK *) outdata; -+ otp = 0; -+ i = BESHFT(0); -+ mask <<= (sizeof(RC4_CHUNK) - len) << 3; -+ switch (len & (sizeof(RC4_CHUNK) - 1)) { -+ case 7: -+ otp = RC4_STEP << i, i -= 8; -+ case 6: -+ otp |= RC4_STEP << i, i -= 8; -+ case 5: -+ otp |= RC4_STEP << i, i -= 8; -+ case 4: -+ otp |= RC4_STEP << i, i -= 8; -+ case 3: -+ otp |= RC4_STEP << i, i -= 8; -+ case 2: -+ otp |= RC4_STEP << i, i -= 8; -+ case 1: -+ otp |= RC4_STEP << i, i -= 8; -+ case 0:; /* -+ * it's never the case, -+ * but it has to be here -+ * for ultrix? -+ */ -+ } -+ ochunk &= ~mask; -+ ochunk |= (otp ^ ichunk) & mask; -+ *(RC4_CHUNK *) outdata = ochunk; -+ } -+ key->x = x; -+ key->y = y; -+ return; -+ } else { /* LITTLE-ENDIAN CASE */ -+# define LESHFT(c) (((c)*8)&(sizeof(RC4_CHUNK)*8-1)) -+ for (; len & (0 - sizeof(RC4_CHUNK)); len -= sizeof(RC4_CHUNK)) { -+ ichunk = *(RC4_CHUNK *) indata; -+ otp = RC4_STEP; -+ otp |= RC4_STEP << 8; -+ otp |= RC4_STEP << 16; -+ otp |= RC4_STEP << 24; -+ if (sizeof(RC4_CHUNK) == 8) { -+ otp |= RC4_STEP << LESHFT(4); -+ otp |= RC4_STEP << LESHFT(5); -+ otp |= RC4_STEP << LESHFT(6); -+ otp |= RC4_STEP << LESHFT(7); -+ } -+ *(RC4_CHUNK *) outdata = otp ^ ichunk; -+ indata += sizeof(RC4_CHUNK); -+ outdata += sizeof(RC4_CHUNK); -+ } -+ if (len) { -+ RC4_CHUNK mask = (RC4_CHUNK) - 1, ochunk; -+ -+ ichunk = *(RC4_CHUNK *) indata; -+ ochunk = *(RC4_CHUNK *) outdata; -+ otp = 0; -+ i = 0; -+ mask >>= (sizeof(RC4_CHUNK) - len) << 3; -+ switch (len & (sizeof(RC4_CHUNK) - 1)) { -+ case 7: -+ otp = RC4_STEP, i += 8; -+ case 6: -+ otp |= RC4_STEP << i, i += 8; -+ case 5: -+ otp |= RC4_STEP << i, i += 8; -+ case 4: -+ otp |= RC4_STEP << i, i += 8; -+ case 3: -+ otp |= RC4_STEP << i, i += 8; -+ case 2: -+ otp |= RC4_STEP << i, i += 8; -+ case 1: -+ otp |= RC4_STEP << i, i += 8; -+ case 0:; /* -+ * it's never the case, -+ * but it has to be here -+ * for ultrix? -+ */ -+ } -+ ochunk &= ~mask; -+ ochunk |= (otp ^ ichunk) & mask; -+ *(RC4_CHUNK *) outdata = ochunk; -+ } -+ key->x = x; -+ key->y = y; -+ return; -+ } -+ } -+#endif - #define LOOP(in,out) \ - x=((x+1)&0xff); \ - tx=d[x]; \ -@@ -38,19 +278,27 @@ void RC4(RC4_KEY *key, size_t len, const unsigned char *indata, - d[y]=tx; \ - (out) = d[(tx+ty)&0xff]^ (in); - -+#ifndef RC4_INDEX -+# define RC4_LOOP(a,b,i) LOOP(*((a)++),*((b)++)) -+#else -+# define RC4_LOOP(a,b,i) LOOP(a[i],b[i]) -+#endif -+ - i = len >> 3; - if (i) { - for (;;) { -- LOOP(indata[0], outdata[0]); -- LOOP(indata[1], outdata[1]); -- LOOP(indata[2], outdata[2]); -- LOOP(indata[3], outdata[3]); -- LOOP(indata[4], outdata[4]); -- LOOP(indata[5], outdata[5]); -- LOOP(indata[6], outdata[6]); -- LOOP(indata[7], outdata[7]); -+ RC4_LOOP(indata, outdata, 0); -+ RC4_LOOP(indata, outdata, 1); -+ RC4_LOOP(indata, outdata, 2); -+ RC4_LOOP(indata, outdata, 3); -+ RC4_LOOP(indata, outdata, 4); -+ RC4_LOOP(indata, outdata, 5); -+ RC4_LOOP(indata, outdata, 6); -+ RC4_LOOP(indata, outdata, 7); -+#ifdef RC4_INDEX - indata += 8; - outdata += 8; -+#endif - if (--i == 0) - break; - } -@@ -58,25 +306,25 @@ void RC4(RC4_KEY *key, size_t len, const unsigned char *indata, - i = len & 0x07; - if (i) { - for (;;) { -- LOOP(indata[0], outdata[0]); -+ RC4_LOOP(indata, outdata, 0); - if (--i == 0) - break; -- LOOP(indata[1], outdata[1]); -+ RC4_LOOP(indata, outdata, 1); - if (--i == 0) - break; -- LOOP(indata[2], outdata[2]); -+ RC4_LOOP(indata, outdata, 2); - if (--i == 0) - break; -- LOOP(indata[3], outdata[3]); -+ RC4_LOOP(indata, outdata, 3); - if (--i == 0) - break; -- LOOP(indata[4], outdata[4]); -+ RC4_LOOP(indata, outdata, 4); - if (--i == 0) - break; -- LOOP(indata[5], outdata[5]); -+ RC4_LOOP(indata, outdata, 5); - if (--i == 0) - break; -- LOOP(indata[6], outdata[6]); -+ RC4_LOOP(indata, outdata, 6); - if (--i == 0) - break; - } -diff --git a/Cryptlib/OpenSSL/crypto/rc4/rc4_locl.h b/Cryptlib/OpenSSL/crypto/rc4/rc4_locl.h -index 4380add..faf8742 100644 ---- a/Cryptlib/OpenSSL/crypto/rc4/rc4_locl.h -+++ b/Cryptlib/OpenSSL/crypto/rc4/rc4_locl.h -@@ -1,16 +1,5 @@ --/* -- * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- - #ifndef HEADER_RC4_LOCL_H - # define HEADER_RC4_LOCL_H -- - # include --# include "internal/cryptlib.h" -- -+# include - #endif -diff --git a/Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c b/Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c -index 16f81a4..06890d1 100644 ---- a/Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c -+++ b/Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c -@@ -1,22 +1,80 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/rc4/rc4_skey.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include - #include "rc4_locl.h" - #include - -+const char RC4_version[] = "RC4" OPENSSL_VERSION_PTEXT; -+ - const char *RC4_options(void) - { -+#ifdef RC4_INDEX -+ if (sizeof(RC4_INT) == 1) -+ return ("rc4(idx,char)"); -+ else -+ return ("rc4(idx,int)"); -+#else - if (sizeof(RC4_INT) == 1) -- return ("rc4(char)"); -+ return ("rc4(ptr,char)"); - else -- return ("rc4(int)"); -+ return ("rc4(ptr,int)"); -+#endif - } - - /*- -@@ -28,7 +86,7 @@ const char *RC4_options(void) - * Date: Wed, 14 Sep 1994 06:35:31 GMT - */ - --void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data) -+void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data) - { - register RC4_INT tmp; - register int id1, id2; -diff --git a/Cryptlib/OpenSSL/crypto/rc4/rc4_utl.c b/Cryptlib/OpenSSL/crypto/rc4/rc4_utl.c -new file mode 100644 -index 0000000..cbd4a24 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/rc4/rc4_utl.c -@@ -0,0 +1,62 @@ -+/* crypto/rc4/rc4_utl.c */ -+/* ==================================================================== -+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ */ -+ -+#include -+#include -+#include -+ -+void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data) -+{ -+#ifdef OPENSSL_FIPS -+ fips_cipher_abort(RC4); -+#endif -+ private_RC4_set_key(key, len, data); -+} -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c -index 5694140..951e1d5 100644 ---- a/Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c -+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c -@@ -1,21 +1,72 @@ -+/* crypto/rsa/rsa_ameth.c */ - /* -- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2006. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include -+#include - #include --#include --#include "internal/asn1_int.h" --#include "internal/evp_int.h" --#include "rsa_locl.h" -+#ifndef OPENSSL_NO_CMS -+# include -+#endif -+#include "asn1_locl.h" - - #ifndef OPENSSL_NO_CMS - static int rsa_cms_sign(CMS_SignerInfo *si); -@@ -44,10 +95,9 @@ static int rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) - const unsigned char *p; - int pklen; - RSA *rsa = NULL; -- - if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, NULL, pubkey)) - return 0; -- if ((rsa = d2i_RSAPublicKey(NULL, &p, pklen)) == NULL) { -+ if (!(rsa = d2i_RSAPublicKey(NULL, &p, pklen))) { - RSAerr(RSA_F_RSA_PUB_DECODE, ERR_R_RSA_LIB); - return 0; - } -@@ -67,8 +117,7 @@ static int old_rsa_priv_decode(EVP_PKEY *pkey, - const unsigned char **pder, int derlen) - { - RSA *rsa; -- -- if ((rsa = d2i_RSAPrivateKey(NULL, pder, derlen)) == NULL) { -+ if (!(rsa = d2i_RSAPrivateKey(NULL, pder, derlen))) { - RSAerr(RSA_F_OLD_RSA_PRIV_DECODE, ERR_R_RSA_LIB); - return 0; - } -@@ -101,7 +150,7 @@ static int rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) - return 1; - } - --static int rsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) -+static int rsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) - { - const unsigned char *p; - int pklen; -@@ -120,21 +169,45 @@ static int rsa_bits(const EVP_PKEY *pkey) - return BN_num_bits(pkey->pkey.rsa->n); - } - --static int rsa_security_bits(const EVP_PKEY *pkey) -+static void int_rsa_free(EVP_PKEY *pkey) - { -- return RSA_security_bits(pkey->pkey.rsa); -+ RSA_free(pkey->pkey.rsa); - } - --static void int_rsa_free(EVP_PKEY *pkey) -+static void update_buflen(const BIGNUM *b, size_t *pbuflen) - { -- RSA_free(pkey->pkey.rsa); -+ size_t i; -+ if (!b) -+ return; -+ if (*pbuflen < (i = (size_t)BN_num_bytes(b))) -+ *pbuflen = i; - } - - static int do_rsa_print(BIO *bp, const RSA *x, int off, int priv) - { - char *str; - const char *s; -+ unsigned char *m = NULL; - int ret = 0, mod_len = 0; -+ size_t buf_len = 0; -+ -+ update_buflen(x->n, &buf_len); -+ update_buflen(x->e, &buf_len); -+ -+ if (priv) { -+ update_buflen(x->d, &buf_len); -+ update_buflen(x->p, &buf_len); -+ update_buflen(x->q, &buf_len); -+ update_buflen(x->dmp1, &buf_len); -+ update_buflen(x->dmq1, &buf_len); -+ update_buflen(x->iqmp, &buf_len); -+ } -+ -+ m = (unsigned char *)OPENSSL_malloc(buf_len + 10); -+ if (m == NULL) { -+ RSAerr(RSA_F_DO_RSA_PRINT, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } - - if (x->n != NULL) - mod_len = BN_num_bits(x->n); -@@ -143,36 +216,40 @@ static int do_rsa_print(BIO *bp, const RSA *x, int off, int priv) - goto err; - - if (priv && x->d) { -- if (BIO_printf(bp, "Private-Key: (%d bit)\n", mod_len) <= 0) -+ if (BIO_printf(bp, "Private-Key: (%d bit)\n", mod_len) -+ <= 0) - goto err; - str = "modulus:"; - s = "publicExponent:"; - } else { -- if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len) <= 0) -+ if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len) -+ <= 0) - goto err; - str = "Modulus:"; - s = "Exponent:"; - } -- if (!ASN1_bn_print(bp, str, x->n, NULL, off)) -+ if (!ASN1_bn_print(bp, str, x->n, m, off)) - goto err; -- if (!ASN1_bn_print(bp, s, x->e, NULL, off)) -+ if (!ASN1_bn_print(bp, s, x->e, m, off)) - goto err; - if (priv) { -- if (!ASN1_bn_print(bp, "privateExponent:", x->d, NULL, off)) -+ if (!ASN1_bn_print(bp, "privateExponent:", x->d, m, off)) - goto err; -- if (!ASN1_bn_print(bp, "prime1:", x->p, NULL, off)) -+ if (!ASN1_bn_print(bp, "prime1:", x->p, m, off)) - goto err; -- if (!ASN1_bn_print(bp, "prime2:", x->q, NULL, off)) -+ if (!ASN1_bn_print(bp, "prime2:", x->q, m, off)) - goto err; -- if (!ASN1_bn_print(bp, "exponent1:", x->dmp1, NULL, off)) -+ if (!ASN1_bn_print(bp, "exponent1:", x->dmp1, m, off)) - goto err; -- if (!ASN1_bn_print(bp, "exponent2:", x->dmq1, NULL, off)) -+ if (!ASN1_bn_print(bp, "exponent2:", x->dmq1, m, off)) - goto err; -- if (!ASN1_bn_print(bp, "coefficient:", x->iqmp, NULL, off)) -+ if (!ASN1_bn_print(bp, "coefficient:", x->iqmp, m, off)) - goto err; - } - ret = 1; - err: -+ if (m != NULL) -+ OPENSSL_free(m); - return (ret); - } - -@@ -191,23 +268,34 @@ static int rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, - /* Given an MGF1 Algorithm ID decode to an Algorithm Identifier */ - static X509_ALGOR *rsa_mgf1_decode(X509_ALGOR *alg) - { -- if (alg == NULL) -+ const unsigned char *p; -+ int plen; -+ if (alg == NULL || alg->parameter == NULL) - return NULL; - if (OBJ_obj2nid(alg->algorithm) != NID_mgf1) - return NULL; -- return ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(X509_ALGOR), -- alg->parameter); -+ if (alg->parameter->type != V_ASN1_SEQUENCE) -+ return NULL; -+ -+ p = alg->parameter->value.sequence->data; -+ plen = alg->parameter->value.sequence->length; -+ return d2i_X509_ALGOR(NULL, &p, plen); - } - - static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg, - X509_ALGOR **pmaskHash) - { -+ const unsigned char *p; -+ int plen; - RSA_PSS_PARAMS *pss; - - *pmaskHash = NULL; - -- pss = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_PSS_PARAMS), -- alg->parameter); -+ if (!alg->parameter || alg->parameter->type != V_ASN1_SEQUENCE) -+ return NULL; -+ p = alg->parameter->value.sequence->data; -+ plen = alg->parameter->value.sequence->length; -+ pss = d2i_RSA_PSS_PARAMS(NULL, &p, plen); - - if (!pss) - return NULL; -@@ -299,8 +387,10 @@ static int rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, - X509_ALGOR *maskHash; - pss = rsa_pss_decode(sigalg, &maskHash); - rv = rsa_pss_param_print(bp, pss, maskHash, indent); -- RSA_PSS_PARAMS_free(pss); -- X509_ALGOR_free(maskHash); -+ if (pss) -+ RSA_PSS_PARAMS_free(pss); -+ if (maskHash) -+ X509_ALGOR_free(maskHash); - if (!rv) - return 0; - } else if (!sig && BIO_puts(bp, "\n") <= 0) -@@ -366,7 +456,7 @@ static int rsa_md_to_algor(X509_ALGOR **palg, const EVP_MD *md) - if (EVP_MD_type(md) == NID_sha1) - return 1; - *palg = X509_ALGOR_new(); -- if (*palg == NULL) -+ if (!*palg) - return 0; - X509_ALGOR_set_md(*palg, md); - return 1; -@@ -386,13 +476,15 @@ static int rsa_md_to_mgf1(X509_ALGOR **palg, const EVP_MD *mgf1md) - if (!ASN1_item_pack(algtmp, ASN1_ITEM_rptr(X509_ALGOR), &stmp)) - goto err; - *palg = X509_ALGOR_new(); -- if (*palg == NULL) -+ if (!*palg) - goto err; - X509_ALGOR_set0(*palg, OBJ_nid2obj(NID_mgf1), V_ASN1_SEQUENCE, stmp); - stmp = NULL; - err: -- ASN1_STRING_free(stmp); -- X509_ALGOR_free(algtmp); -+ if (stmp) -+ ASN1_STRING_free(stmp); -+ if (algtmp) -+ X509_ALGOR_free(algtmp); - if (*palg) - return 1; - return 0; -@@ -459,11 +551,11 @@ static ASN1_STRING *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx) - saltlen--; - } - pss = RSA_PSS_PARAMS_new(); -- if (pss == NULL) -+ if (!pss) - goto err; - if (saltlen != 20) { - pss->saltLength = ASN1_INTEGER_new(); -- if (pss->saltLength == NULL) -+ if (!pss->saltLength) - goto err; - if (!ASN1_INTEGER_set(pss->saltLength, saltlen)) - goto err; -@@ -477,16 +569,18 @@ static ASN1_STRING *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx) - goto err; - rv = 1; - err: -- RSA_PSS_PARAMS_free(pss); -+ if (pss) -+ RSA_PSS_PARAMS_free(pss); - if (rv) - return os; -- ASN1_STRING_free(os); -+ if (os) -+ ASN1_STRING_free(os); - return NULL; - } - - /* - * From PSS AlgorithmIdentifier set public key parameters. If pkey isn't NULL -- * then the EVP_MD_CTX is setup and initialised. If it is NULL parameters are -+ * then the EVP_MD_CTX is setup and initalised. If it is NULL parameters are - * passed to pkctx instead. - */ - -@@ -568,7 +662,8 @@ static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx, - - err: - RSA_PSS_PARAMS_free(pss); -- X509_ALGOR_free(maskHash); -+ if (maskHash) -+ X509_ALGOR_free(maskHash); - return rv; - } - -@@ -646,7 +741,7 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, - ASN1_BIT_STRING *sig) - { - int pad_mode; -- EVP_PKEY_CTX *pkctx = EVP_MD_CTX_pkey_ctx(ctx); -+ EVP_PKEY_CTX *pkctx = ctx->pctx; - if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0) - return 0; - if (pad_mode == RSA_PKCS1_PADDING) -@@ -673,16 +768,20 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, - return 2; - } - --#ifndef OPENSSL_NO_CMS - static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg, - X509_ALGOR **pmaskHash) - { -+ const unsigned char *p; -+ int plen; - RSA_OAEP_PARAMS *pss; - - *pmaskHash = NULL; - -- pss = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_OAEP_PARAMS), -- alg->parameter); -+ if (!alg->parameter || alg->parameter->type != V_ASN1_SEQUENCE) -+ return NULL; -+ p = alg->parameter->value.sequence->data; -+ plen = alg->parameter->value.sequence->length; -+ pss = d2i_RSA_OAEP_PARAMS(NULL, &p, plen); - - if (!pss) - return NULL; -@@ -692,6 +791,7 @@ static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg, - return pss; - } - -+#ifndef OPENSSL_NO_CMS - static int rsa_cms_decrypt(CMS_RecipientInfo *ri) - { - EVP_PKEY_CTX *pkctx; -@@ -760,7 +860,8 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri) - - err: - RSA_OAEP_PARAMS_free(oaep); -- X509_ALGOR_free(maskHash); -+ if (maskHash) -+ X509_ALGOR_free(maskHash); - return rv; - } - -@@ -793,19 +894,18 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri) - if (labellen < 0) - goto err; - oaep = RSA_OAEP_PARAMS_new(); -- if (oaep == NULL) -+ if (!oaep) - goto err; - if (!rsa_md_to_algor(&oaep->hashFunc, md)) - goto err; - if (!rsa_md_to_mgf1(&oaep->maskGenFunc, mgf1md)) - goto err; - if (labellen > 0) { -- ASN1_OCTET_STRING *los; -+ ASN1_OCTET_STRING *los = ASN1_OCTET_STRING_new(); - oaep->pSourceFunc = X509_ALGOR_new(); -- if (oaep->pSourceFunc == NULL) -+ if (!oaep->pSourceFunc) - goto err; -- los = ASN1_OCTET_STRING_new(); -- if (los == NULL) -+ if (!los) - goto err; - if (!ASN1_OCTET_STRING_set(los, label, labellen)) { - ASN1_OCTET_STRING_free(los); -@@ -821,13 +921,15 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri) - os = NULL; - rv = 1; - err: -- RSA_OAEP_PARAMS_free(oaep); -- ASN1_STRING_free(os); -+ if (oaep) -+ RSA_OAEP_PARAMS_free(oaep); -+ if (os) -+ ASN1_STRING_free(os); - return rv; - } - #endif - --const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[2] = { -+const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = { - { - EVP_PKEY_RSA, - EVP_PKEY_RSA, -@@ -847,7 +949,6 @@ const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[2] = { - - int_rsa_size, - rsa_bits, -- rsa_security_bits, - - 0, 0, 0, 0, 0, 0, - -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c -index 20f8ebf..aff8b58 100644 ---- a/Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c -+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c -@@ -1,18 +1,68 @@ -+/* rsa_asn1.c */ - /* -- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2000. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include -+#include - #include - #include --#include "rsa_locl.h" - - /* Override the default free and new methods */ - static int rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, -@@ -20,7 +70,7 @@ static int rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - { - if (operation == ASN1_OP_NEW_PRE) { - *pval = (ASN1_VALUE *)RSA_new(); -- if (*pval != NULL) -+ if (*pval) - return 2; - return 0; - } else if (operation == ASN1_OP_FREE_PRE) { -@@ -35,12 +85,12 @@ ASN1_SEQUENCE_cb(RSAPrivateKey, rsa_cb) = { - ASN1_SIMPLE(RSA, version, LONG), - ASN1_SIMPLE(RSA, n, BIGNUM), - ASN1_SIMPLE(RSA, e, BIGNUM), -- ASN1_SIMPLE(RSA, d, CBIGNUM), -- ASN1_SIMPLE(RSA, p, CBIGNUM), -- ASN1_SIMPLE(RSA, q, CBIGNUM), -- ASN1_SIMPLE(RSA, dmp1, CBIGNUM), -- ASN1_SIMPLE(RSA, dmq1, CBIGNUM), -- ASN1_SIMPLE(RSA, iqmp, CBIGNUM) -+ ASN1_SIMPLE(RSA, d, BIGNUM), -+ ASN1_SIMPLE(RSA, p, BIGNUM), -+ ASN1_SIMPLE(RSA, q, BIGNUM), -+ ASN1_SIMPLE(RSA, dmp1, BIGNUM), -+ ASN1_SIMPLE(RSA, dmq1, BIGNUM), -+ ASN1_SIMPLE(RSA, iqmp, BIGNUM) - } ASN1_SEQUENCE_END_cb(RSA, RSAPrivateKey) - - -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c -index 00260fb..475dfc5 100644 ---- a/Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c -+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c -@@ -1,30 +1,65 @@ --/* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/rsa/rsa_chk.c */ -+/* ==================================================================== -+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== - */ - - #include - #include --#include "rsa_locl.h" -+#include - - int RSA_check_key(const RSA *key) --{ -- return RSA_check_key_ex(key, NULL); --} -- --int RSA_check_key_ex(const RSA *key, BN_GENCB *cb) - { - BIGNUM *i, *j, *k, *l, *m; - BN_CTX *ctx; - int ret = 1; - -- if (key->p == NULL || key->q == NULL || key->n == NULL -- || key->e == NULL || key->d == NULL) { -- RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_VALUE_MISSING); -+ if (!key->p || !key->q || !key->n || !key->e || !key->d) { -+ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_VALUE_MISSING); - return 0; - } - -@@ -37,29 +72,29 @@ int RSA_check_key_ex(const RSA *key, BN_GENCB *cb) - if (i == NULL || j == NULL || k == NULL || l == NULL - || m == NULL || ctx == NULL) { - ret = -1; -- RSAerr(RSA_F_RSA_CHECK_KEY_EX, ERR_R_MALLOC_FAILURE); -+ RSAerr(RSA_F_RSA_CHECK_KEY, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (BN_is_one(key->e)) { - ret = 0; -- RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_BAD_E_VALUE); -+ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_BAD_E_VALUE); - } - if (!BN_is_odd(key->e)) { - ret = 0; -- RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_BAD_E_VALUE); -+ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_BAD_E_VALUE); - } - - /* p prime? */ -- if (BN_is_prime_ex(key->p, BN_prime_checks, NULL, cb) != 1) { -+ if (BN_is_prime_ex(key->p, BN_prime_checks, NULL, NULL) != 1) { - ret = 0; -- RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_P_NOT_PRIME); -+ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_P_NOT_PRIME); - } - - /* q prime? */ -- if (BN_is_prime_ex(key->q, BN_prime_checks, NULL, cb) != 1) { -+ if (BN_is_prime_ex(key->q, BN_prime_checks, NULL, NULL) != 1) { - ret = 0; -- RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_Q_NOT_PRIME); -+ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_Q_NOT_PRIME); - } - - /* n = p*q? */ -@@ -69,7 +104,7 @@ int RSA_check_key_ex(const RSA *key, BN_GENCB *cb) - } - if (BN_cmp(i, key->n) != 0) { - ret = 0; -- RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_N_DOES_NOT_EQUAL_P_Q); -+ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_N_DOES_NOT_EQUAL_P_Q); - } - - /* d*e = 1 mod lcm(p-1,q-1)? */ -@@ -102,7 +137,7 @@ int RSA_check_key_ex(const RSA *key, BN_GENCB *cb) - - if (!BN_is_one(i)) { - ret = 0; -- RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_D_E_NOT_CONGRUENT_TO_1); -+ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_D_E_NOT_CONGRUENT_TO_1); - } - - if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL) { -@@ -117,7 +152,7 @@ int RSA_check_key_ex(const RSA *key, BN_GENCB *cb) - } - if (BN_cmp(j, key->dmp1) != 0) { - ret = 0; -- RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_DMP1_NOT_CONGRUENT_TO_D); -+ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_DMP1_NOT_CONGRUENT_TO_D); - } - - /* dmq1 = d mod (q-1)? */ -@@ -131,7 +166,7 @@ int RSA_check_key_ex(const RSA *key, BN_GENCB *cb) - } - if (BN_cmp(j, key->dmq1) != 0) { - ret = 0; -- RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_DMQ1_NOT_CONGRUENT_TO_D); -+ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_DMQ1_NOT_CONGRUENT_TO_D); - } - - /* iqmp = q^-1 mod p? */ -@@ -141,7 +176,7 @@ int RSA_check_key_ex(const RSA *key, BN_GENCB *cb) - } - if (BN_cmp(i, key->iqmp) != 0) { - ret = 0; -- RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_IQMP_NOT_INVERSE_OF_Q); -+ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_IQMP_NOT_INVERSE_OF_Q); - } - } - -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_crpt.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_crpt.c -index 9cd733b..5c416b5 100644 ---- a/Cryptlib/OpenSSL/crypto/rsa/rsa_crpt.c -+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_crpt.c -@@ -1,24 +1,71 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/rsa/rsa_lib.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include --#include "internal/bn_int.h" -+#include -+#include - #include --#include "rsa_locl.h" -- --int RSA_bits(const RSA *r) --{ -- return (BN_num_bits(r->n)); --} -+#ifndef OPENSSL_NO_ENGINE -+# include -+#endif - - int RSA_size(const RSA *r) - { -@@ -28,24 +75,52 @@ int RSA_size(const RSA *r) - int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, - RSA *rsa, int padding) - { -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) -+ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { -+ RSAerr(RSA_F_RSA_PUBLIC_ENCRYPT, RSA_R_NON_FIPS_RSA_METHOD); -+ return -1; -+ } -+#endif - return (rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding)); - } - - int RSA_private_encrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) - { -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) -+ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { -+ RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, RSA_R_NON_FIPS_RSA_METHOD); -+ return -1; -+ } -+#endif - return (rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding)); - } - - int RSA_private_decrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) - { -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) -+ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { -+ RSAerr(RSA_F_RSA_PRIVATE_DECRYPT, RSA_R_NON_FIPS_RSA_METHOD); -+ return -1; -+ } -+#endif - return (rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding)); - } - - int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to, - RSA *rsa, int padding) - { -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) -+ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { -+ RSAerr(RSA_F_RSA_PUBLIC_DECRYPT, RSA_R_NON_FIPS_RSA_METHOD); -+ return -1; -+ } -+#endif - return (rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding)); - } - -@@ -56,8 +131,10 @@ int RSA_flags(const RSA *r) - - void RSA_blinding_off(RSA *rsa) - { -- BN_BLINDING_free(rsa->blinding); -- rsa->blinding = NULL; -+ if (rsa->blinding != NULL) { -+ BN_BLINDING_free(rsa->blinding); -+ rsa->blinding = NULL; -+ } - rsa->flags &= ~RSA_FLAG_BLINDING; - rsa->flags |= RSA_FLAG_NO_BLINDING; - } -@@ -110,7 +187,8 @@ static BIGNUM *rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p, - - BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx) - { -- BIGNUM *e; -+ BIGNUM local_n; -+ BIGNUM *e, *n; - BN_CTX *ctx; - BN_BLINDING *ret = NULL; - -@@ -136,42 +214,33 @@ BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx) - } else - e = rsa->e; - -- if ((RAND_status() == 0) && rsa->d != NULL -- && bn_get_words(rsa->d) != NULL) { -+ if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL) { - /* - * if PRNG is not properly seeded, resort to secret exponent as - * unpredictable seed - */ -- RAND_add(bn_get_words(rsa->d), bn_get_dmax(rsa->d) * sizeof(BN_ULONG), -- 0.0); -+ RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0); - } - -- { -- BIGNUM *n = BN_new(); -- -- if (n == NULL) { -- RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE); -- goto err; -- } -+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { -+ /* Set BN_FLG_CONSTTIME flag */ -+ n = &local_n; - BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME); -+ } else -+ n = rsa->n; - -- ret = BN_BLINDING_create_param(NULL, e, n, ctx, rsa->meth->bn_mod_exp, -- rsa->_method_mod_n); -- /* We MUST free n before any further use of rsa->n */ -- BN_free(n); -- } -+ ret = BN_BLINDING_create_param(NULL, e, n, ctx, -+ rsa->meth->bn_mod_exp, rsa->_method_mod_n); - if (ret == NULL) { - RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB); - goto err; - } -- -- BN_BLINDING_set_current_thread(ret); -- -+ CRYPTO_THREADID_current(BN_BLINDING_thread_id(ret)); - err: - BN_CTX_end(ctx); -- if (ctx != in_ctx) -+ if (in_ctx == NULL) - BN_CTX_free(ctx); -- if (e != rsa->e) -+ if (rsa->e == NULL) - BN_free(e); - - return ret; -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c -index 21e0562..32f0c88 100644 ---- a/Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c -+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c -@@ -1,10 +1,56 @@ --/* -- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/rsa/rsa_depr.c */ -+/* ==================================================================== -+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - /* -@@ -12,27 +58,27 @@ - * "new" versions). - */ - --#include --#if OPENSSL_API_COMPAT >= 0x00908000L --NON_EMPTY_TRANSLATION_UNIT -+#include -+#include -+#include "cryptlib.h" -+#include -+#include - --#else -+#ifdef OPENSSL_NO_DEPRECATED - --# include --# include --# include "internal/cryptlib.h" --# include --# include -+static void *dummy = &dummy; -+ -+#else - - RSA *RSA_generate_key(int bits, unsigned long e_value, - void (*callback) (int, int, void *), void *cb_arg) - { -+ BN_GENCB cb; - int i; -- BN_GENCB *cb = BN_GENCB_new(); - RSA *rsa = RSA_new(); - BIGNUM *e = BN_new(); - -- if (cb == NULL || rsa == NULL || e == NULL) -+ if (!rsa || !e) - goto err; - - /* -@@ -45,17 +91,17 @@ RSA *RSA_generate_key(int bits, unsigned long e_value, - goto err; - } - -- BN_GENCB_set_old(cb, callback, cb_arg); -+ BN_GENCB_set_old(&cb, callback, cb_arg); - -- if (RSA_generate_key_ex(rsa, bits, e, cb)) { -+ if (RSA_generate_key_ex(rsa, bits, e, &cb)) { - BN_free(e); -- BN_GENCB_free(cb); - return rsa; - } - err: -- BN_free(e); -- RSA_free(rsa); -- BN_GENCB_free(cb); -+ if (e) -+ BN_free(e); -+ if (rsa) -+ RSA_free(rsa); - return 0; - } - #endif -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c -new file mode 100644 -index 0000000..b147fff ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c -@@ -0,0 +1,904 @@ -+/* crypto/rsa/rsa_eay.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+/* ==================================================================== -+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+#include -+#include "cryptlib.h" -+#include -+#include -+#include -+ -+#ifndef RSA_NULL -+ -+static int RSA_eay_public_encrypt(int flen, const unsigned char *from, -+ unsigned char *to, RSA *rsa, int padding); -+static int RSA_eay_private_encrypt(int flen, const unsigned char *from, -+ unsigned char *to, RSA *rsa, int padding); -+static int RSA_eay_public_decrypt(int flen, const unsigned char *from, -+ unsigned char *to, RSA *rsa, int padding); -+static int RSA_eay_private_decrypt(int flen, const unsigned char *from, -+ unsigned char *to, RSA *rsa, int padding); -+static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa, -+ BN_CTX *ctx); -+static int RSA_eay_init(RSA *rsa); -+static int RSA_eay_finish(RSA *rsa); -+static RSA_METHOD rsa_pkcs1_eay_meth = { -+ "Eric Young's PKCS#1 RSA", -+ RSA_eay_public_encrypt, -+ RSA_eay_public_decrypt, /* signature verification */ -+ RSA_eay_private_encrypt, /* signing */ -+ RSA_eay_private_decrypt, -+ RSA_eay_mod_exp, -+ BN_mod_exp_mont, /* XXX probably we should not use Montgomery -+ * if e == 3 */ -+ RSA_eay_init, -+ RSA_eay_finish, -+ 0, /* flags */ -+ NULL, -+ 0, /* rsa_sign */ -+ 0, /* rsa_verify */ -+ NULL /* rsa_keygen */ -+}; -+ -+const RSA_METHOD *RSA_PKCS1_SSLeay(void) -+{ -+ return (&rsa_pkcs1_eay_meth); -+} -+ -+static int RSA_eay_public_encrypt(int flen, const unsigned char *from, -+ unsigned char *to, RSA *rsa, int padding) -+{ -+ BIGNUM *f, *ret; -+ int i, j, k, num = 0, r = -1; -+ unsigned char *buf = NULL; -+ BN_CTX *ctx = NULL; -+ -+ if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { -+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE); -+ return -1; -+ } -+ -+ if (BN_ucmp(rsa->n, rsa->e) <= 0) { -+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE); -+ return -1; -+ } -+ -+ /* for large moduli, enforce exponent limit */ -+ if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) { -+ if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) { -+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE); -+ return -1; -+ } -+ } -+ -+ if ((ctx = BN_CTX_new()) == NULL) -+ goto err; -+ BN_CTX_start(ctx); -+ f = BN_CTX_get(ctx); -+ ret = BN_CTX_get(ctx); -+ num = BN_num_bytes(rsa->n); -+ buf = OPENSSL_malloc(num); -+ if (!f || !ret || !buf) { -+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ switch (padding) { -+ case RSA_PKCS1_PADDING: -+ i = RSA_padding_add_PKCS1_type_2(buf, num, from, flen); -+ break; -+# ifndef OPENSSL_NO_SHA -+ case RSA_PKCS1_OAEP_PADDING: -+ i = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, NULL, 0); -+ break; -+# endif -+ case RSA_SSLV23_PADDING: -+ i = RSA_padding_add_SSLv23(buf, num, from, flen); -+ break; -+ case RSA_NO_PADDING: -+ i = RSA_padding_add_none(buf, num, from, flen); -+ break; -+ default: -+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE); -+ goto err; -+ } -+ if (i <= 0) -+ goto err; -+ -+ if (BN_bin2bn(buf, num, f) == NULL) -+ goto err; -+ -+ if (BN_ucmp(f, rsa->n) >= 0) { -+ /* usually the padding functions would catch this */ -+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, -+ RSA_R_DATA_TOO_LARGE_FOR_MODULUS); -+ goto err; -+ } -+ -+ if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) -+ if (!BN_MONT_CTX_set_locked -+ (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) -+ goto err; -+ -+ if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx, -+ rsa->_method_mod_n)) -+ goto err; -+ -+ /* -+ * put in leading 0 bytes if the number is less than the length of the -+ * modulus -+ */ -+ j = BN_num_bytes(ret); -+ i = BN_bn2bin(ret, &(to[num - j])); -+ for (k = 0; k < (num - i); k++) -+ to[k] = 0; -+ -+ r = num; -+ err: -+ if (ctx != NULL) { -+ BN_CTX_end(ctx); -+ BN_CTX_free(ctx); -+ } -+ if (buf != NULL) { -+ OPENSSL_cleanse(buf, num); -+ OPENSSL_free(buf); -+ } -+ return (r); -+} -+ -+static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx) -+{ -+ BN_BLINDING *ret; -+ int got_write_lock = 0; -+ CRYPTO_THREADID cur; -+ -+ CRYPTO_r_lock(CRYPTO_LOCK_RSA); -+ -+ if (rsa->blinding == NULL) { -+ CRYPTO_r_unlock(CRYPTO_LOCK_RSA); -+ CRYPTO_w_lock(CRYPTO_LOCK_RSA); -+ got_write_lock = 1; -+ -+ if (rsa->blinding == NULL) -+ rsa->blinding = RSA_setup_blinding(rsa, ctx); -+ } -+ -+ ret = rsa->blinding; -+ if (ret == NULL) -+ goto err; -+ -+ CRYPTO_THREADID_current(&cur); -+ if (!CRYPTO_THREADID_cmp(&cur, BN_BLINDING_thread_id(ret))) { -+ /* rsa->blinding is ours! */ -+ -+ *local = 1; -+ } else { -+ /* resort to rsa->mt_blinding instead */ -+ -+ /* -+ * instructs rsa_blinding_convert(), rsa_blinding_invert() that the -+ * BN_BLINDING is shared, meaning that accesses require locks, and -+ * that the blinding factor must be stored outside the BN_BLINDING -+ */ -+ *local = 0; -+ -+ if (rsa->mt_blinding == NULL) { -+ if (!got_write_lock) { -+ CRYPTO_r_unlock(CRYPTO_LOCK_RSA); -+ CRYPTO_w_lock(CRYPTO_LOCK_RSA); -+ got_write_lock = 1; -+ } -+ -+ if (rsa->mt_blinding == NULL) -+ rsa->mt_blinding = RSA_setup_blinding(rsa, ctx); -+ } -+ ret = rsa->mt_blinding; -+ } -+ -+ err: -+ if (got_write_lock) -+ CRYPTO_w_unlock(CRYPTO_LOCK_RSA); -+ else -+ CRYPTO_r_unlock(CRYPTO_LOCK_RSA); -+ return ret; -+} -+ -+static int rsa_blinding_convert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind, -+ BN_CTX *ctx) -+{ -+ if (unblind == NULL) -+ /* -+ * Local blinding: store the unblinding factor in BN_BLINDING. -+ */ -+ return BN_BLINDING_convert_ex(f, NULL, b, ctx); -+ else { -+ /* -+ * Shared blinding: store the unblinding factor outside BN_BLINDING. -+ */ -+ int ret; -+ CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING); -+ ret = BN_BLINDING_convert_ex(f, unblind, b, ctx); -+ CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING); -+ return ret; -+ } -+} -+ -+static int rsa_blinding_invert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind, -+ BN_CTX *ctx) -+{ -+ /* -+ * For local blinding, unblind is set to NULL, and BN_BLINDING_invert_ex -+ * will use the unblinding factor stored in BN_BLINDING. If BN_BLINDING -+ * is shared between threads, unblind must be non-null: -+ * BN_BLINDING_invert_ex will then use the local unblinding factor, and -+ * will only read the modulus from BN_BLINDING. In both cases it's safe -+ * to access the blinding without a lock. -+ */ -+ return BN_BLINDING_invert_ex(f, unblind, b, ctx); -+} -+ -+/* signing */ -+static int RSA_eay_private_encrypt(int flen, const unsigned char *from, -+ unsigned char *to, RSA *rsa, int padding) -+{ -+ BIGNUM *f, *ret, *res; -+ int i, j, k, num = 0, r = -1; -+ unsigned char *buf = NULL; -+ BN_CTX *ctx = NULL; -+ int local_blinding = 0; -+ /* -+ * Used only if the blinding structure is shared. A non-NULL unblind -+ * instructs rsa_blinding_convert() and rsa_blinding_invert() to store -+ * the unblinding factor outside the blinding structure. -+ */ -+ BIGNUM *unblind = NULL; -+ BN_BLINDING *blinding = NULL; -+ -+ if ((ctx = BN_CTX_new()) == NULL) -+ goto err; -+ BN_CTX_start(ctx); -+ f = BN_CTX_get(ctx); -+ ret = BN_CTX_get(ctx); -+ num = BN_num_bytes(rsa->n); -+ buf = OPENSSL_malloc(num); -+ if (!f || !ret || !buf) { -+ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ switch (padding) { -+ case RSA_PKCS1_PADDING: -+ i = RSA_padding_add_PKCS1_type_1(buf, num, from, flen); -+ break; -+ case RSA_X931_PADDING: -+ i = RSA_padding_add_X931(buf, num, from, flen); -+ break; -+ case RSA_NO_PADDING: -+ i = RSA_padding_add_none(buf, num, from, flen); -+ break; -+ case RSA_SSLV23_PADDING: -+ default: -+ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE); -+ goto err; -+ } -+ if (i <= 0) -+ goto err; -+ -+ if (BN_bin2bn(buf, num, f) == NULL) -+ goto err; -+ -+ if (BN_ucmp(f, rsa->n) >= 0) { -+ /* usually the padding functions would catch this */ -+ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, -+ RSA_R_DATA_TOO_LARGE_FOR_MODULUS); -+ goto err; -+ } -+ -+ if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) { -+ blinding = rsa_get_blinding(rsa, &local_blinding, ctx); -+ if (blinding == NULL) { -+ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ } -+ -+ if (blinding != NULL) { -+ if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) { -+ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ if (!rsa_blinding_convert(blinding, f, unblind, ctx)) -+ goto err; -+ } -+ -+ if ((rsa->flags & RSA_FLAG_EXT_PKEY) || -+ ((rsa->p != NULL) && -+ (rsa->q != NULL) && -+ (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL))) { -+ if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) -+ goto err; -+ } else { -+ BIGNUM local_d; -+ BIGNUM *d = NULL; -+ -+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { -+ BN_init(&local_d); -+ d = &local_d; -+ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); -+ } else -+ d = rsa->d; -+ -+ if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) -+ if (!BN_MONT_CTX_set_locked -+ (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) -+ goto err; -+ -+ if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx, -+ rsa->_method_mod_n)) -+ goto err; -+ } -+ -+ if (blinding) -+ if (!rsa_blinding_invert(blinding, ret, unblind, ctx)) -+ goto err; -+ -+ if (padding == RSA_X931_PADDING) { -+ BN_sub(f, rsa->n, ret); -+ if (BN_cmp(ret, f) > 0) -+ res = f; -+ else -+ res = ret; -+ } else -+ res = ret; -+ -+ /* -+ * put in leading 0 bytes if the number is less than the length of the -+ * modulus -+ */ -+ j = BN_num_bytes(res); -+ i = BN_bn2bin(res, &(to[num - j])); -+ for (k = 0; k < (num - i); k++) -+ to[k] = 0; -+ -+ r = num; -+ err: -+ if (ctx != NULL) { -+ BN_CTX_end(ctx); -+ BN_CTX_free(ctx); -+ } -+ if (buf != NULL) { -+ OPENSSL_cleanse(buf, num); -+ OPENSSL_free(buf); -+ } -+ return (r); -+} -+ -+static int RSA_eay_private_decrypt(int flen, const unsigned char *from, -+ unsigned char *to, RSA *rsa, int padding) -+{ -+ BIGNUM *f, *ret; -+ int j, num = 0, r = -1; -+ unsigned char *p; -+ unsigned char *buf = NULL; -+ BN_CTX *ctx = NULL; -+ int local_blinding = 0; -+ /* -+ * Used only if the blinding structure is shared. A non-NULL unblind -+ * instructs rsa_blinding_convert() and rsa_blinding_invert() to store -+ * the unblinding factor outside the blinding structure. -+ */ -+ BIGNUM *unblind = NULL; -+ BN_BLINDING *blinding = NULL; -+ -+ if ((ctx = BN_CTX_new()) == NULL) -+ goto err; -+ BN_CTX_start(ctx); -+ f = BN_CTX_get(ctx); -+ ret = BN_CTX_get(ctx); -+ num = BN_num_bytes(rsa->n); -+ buf = OPENSSL_malloc(num); -+ if (!f || !ret || !buf) { -+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* -+ * This check was for equality but PGP does evil things and chops off the -+ * top '0' bytes -+ */ -+ if (flen > num) { -+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, -+ RSA_R_DATA_GREATER_THAN_MOD_LEN); -+ goto err; -+ } -+ -+ /* make data into a big number */ -+ if (BN_bin2bn(from, (int)flen, f) == NULL) -+ goto err; -+ -+ if (BN_ucmp(f, rsa->n) >= 0) { -+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, -+ RSA_R_DATA_TOO_LARGE_FOR_MODULUS); -+ goto err; -+ } -+ -+ if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) { -+ blinding = rsa_get_blinding(rsa, &local_blinding, ctx); -+ if (blinding == NULL) { -+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ } -+ -+ if (blinding != NULL) { -+ if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) { -+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ if (!rsa_blinding_convert(blinding, f, unblind, ctx)) -+ goto err; -+ } -+ -+ /* do the decrypt */ -+ if ((rsa->flags & RSA_FLAG_EXT_PKEY) || -+ ((rsa->p != NULL) && -+ (rsa->q != NULL) && -+ (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL))) { -+ if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) -+ goto err; -+ } else { -+ BIGNUM local_d; -+ BIGNUM *d = NULL; -+ -+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { -+ d = &local_d; -+ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); -+ } else -+ d = rsa->d; -+ -+ if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) -+ if (!BN_MONT_CTX_set_locked -+ (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) -+ goto err; -+ if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx, -+ rsa->_method_mod_n)) -+ goto err; -+ } -+ -+ if (blinding) -+ if (!rsa_blinding_invert(blinding, ret, unblind, ctx)) -+ goto err; -+ -+ p = buf; -+ j = BN_bn2bin(ret, p); /* j is only used with no-padding mode */ -+ -+ switch (padding) { -+ case RSA_PKCS1_PADDING: -+ r = RSA_padding_check_PKCS1_type_2(to, num, buf, j, num); -+ break; -+# ifndef OPENSSL_NO_SHA -+ case RSA_PKCS1_OAEP_PADDING: -+ r = RSA_padding_check_PKCS1_OAEP(to, num, buf, j, num, NULL, 0); -+ break; -+# endif -+ case RSA_SSLV23_PADDING: -+ r = RSA_padding_check_SSLv23(to, num, buf, j, num); -+ break; -+ case RSA_NO_PADDING: -+ r = RSA_padding_check_none(to, num, buf, j, num); -+ break; -+ default: -+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE); -+ goto err; -+ } -+ if (r < 0) -+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_PADDING_CHECK_FAILED); -+ -+ err: -+ if (ctx != NULL) { -+ BN_CTX_end(ctx); -+ BN_CTX_free(ctx); -+ } -+ if (buf != NULL) { -+ OPENSSL_cleanse(buf, num); -+ OPENSSL_free(buf); -+ } -+ return (r); -+} -+ -+/* signature verification */ -+static int RSA_eay_public_decrypt(int flen, const unsigned char *from, -+ unsigned char *to, RSA *rsa, int padding) -+{ -+ BIGNUM *f, *ret; -+ int i, num = 0, r = -1; -+ unsigned char *p; -+ unsigned char *buf = NULL; -+ BN_CTX *ctx = NULL; -+ -+ if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { -+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE); -+ return -1; -+ } -+ -+ if (BN_ucmp(rsa->n, rsa->e) <= 0) { -+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE); -+ return -1; -+ } -+ -+ /* for large moduli, enforce exponent limit */ -+ if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) { -+ if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) { -+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE); -+ return -1; -+ } -+ } -+ -+ if ((ctx = BN_CTX_new()) == NULL) -+ goto err; -+ BN_CTX_start(ctx); -+ f = BN_CTX_get(ctx); -+ ret = BN_CTX_get(ctx); -+ num = BN_num_bytes(rsa->n); -+ buf = OPENSSL_malloc(num); -+ if (!f || !ret || !buf) { -+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* -+ * This check was for equality but PGP does evil things and chops off the -+ * top '0' bytes -+ */ -+ if (flen > num) { -+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_DATA_GREATER_THAN_MOD_LEN); -+ goto err; -+ } -+ -+ if (BN_bin2bn(from, flen, f) == NULL) -+ goto err; -+ -+ if (BN_ucmp(f, rsa->n) >= 0) { -+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, -+ RSA_R_DATA_TOO_LARGE_FOR_MODULUS); -+ goto err; -+ } -+ -+ if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) -+ if (!BN_MONT_CTX_set_locked -+ (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) -+ goto err; -+ -+ if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx, -+ rsa->_method_mod_n)) -+ goto err; -+ -+ if ((padding == RSA_X931_PADDING) && ((ret->d[0] & 0xf) != 12)) -+ if (!BN_sub(ret, rsa->n, ret)) -+ goto err; -+ -+ p = buf; -+ i = BN_bn2bin(ret, p); -+ -+ switch (padding) { -+ case RSA_PKCS1_PADDING: -+ r = RSA_padding_check_PKCS1_type_1(to, num, buf, i, num); -+ break; -+ case RSA_X931_PADDING: -+ r = RSA_padding_check_X931(to, num, buf, i, num); -+ break; -+ case RSA_NO_PADDING: -+ r = RSA_padding_check_none(to, num, buf, i, num); -+ break; -+ default: -+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE); -+ goto err; -+ } -+ if (r < 0) -+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_PADDING_CHECK_FAILED); -+ -+ err: -+ if (ctx != NULL) { -+ BN_CTX_end(ctx); -+ BN_CTX_free(ctx); -+ } -+ if (buf != NULL) { -+ OPENSSL_cleanse(buf, num); -+ OPENSSL_free(buf); -+ } -+ return (r); -+} -+ -+static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) -+{ -+ BIGNUM *r1, *m1, *vrfy; -+ BIGNUM local_dmp1, local_dmq1, local_c, local_r1; -+ BIGNUM *dmp1, *dmq1, *c, *pr1; -+ int ret = 0; -+ -+ BN_CTX_start(ctx); -+ r1 = BN_CTX_get(ctx); -+ m1 = BN_CTX_get(ctx); -+ vrfy = BN_CTX_get(ctx); -+ -+ { -+ BIGNUM local_p, local_q; -+ BIGNUM *p = NULL, *q = NULL; -+ -+ /* -+ * Make sure BN_mod_inverse in Montgomery intialization uses the -+ * BN_FLG_CONSTTIME flag (unless RSA_FLAG_NO_CONSTTIME is set) -+ */ -+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { -+ BN_init(&local_p); -+ p = &local_p; -+ BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME); -+ -+ BN_init(&local_q); -+ q = &local_q; -+ BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME); -+ } else { -+ p = rsa->p; -+ q = rsa->q; -+ } -+ -+ if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) { -+ if (!BN_MONT_CTX_set_locked -+ (&rsa->_method_mod_p, CRYPTO_LOCK_RSA, p, ctx)) -+ goto err; -+ if (!BN_MONT_CTX_set_locked -+ (&rsa->_method_mod_q, CRYPTO_LOCK_RSA, q, ctx)) -+ goto err; -+ } -+ } -+ -+ if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) -+ if (!BN_MONT_CTX_set_locked -+ (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) -+ goto err; -+ -+ /* compute I mod q */ -+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { -+ c = &local_c; -+ BN_with_flags(c, I, BN_FLG_CONSTTIME); -+ if (!BN_mod(r1, c, rsa->q, ctx)) -+ goto err; -+ } else { -+ if (!BN_mod(r1, I, rsa->q, ctx)) -+ goto err; -+ } -+ -+ /* compute r1^dmq1 mod q */ -+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { -+ dmq1 = &local_dmq1; -+ BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME); -+ } else -+ dmq1 = rsa->dmq1; -+ if (!rsa->meth->bn_mod_exp(m1, r1, dmq1, rsa->q, ctx, rsa->_method_mod_q)) -+ goto err; -+ -+ /* compute I mod p */ -+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { -+ c = &local_c; -+ BN_with_flags(c, I, BN_FLG_CONSTTIME); -+ if (!BN_mod(r1, c, rsa->p, ctx)) -+ goto err; -+ } else { -+ if (!BN_mod(r1, I, rsa->p, ctx)) -+ goto err; -+ } -+ -+ /* compute r1^dmp1 mod p */ -+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { -+ dmp1 = &local_dmp1; -+ BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME); -+ } else -+ dmp1 = rsa->dmp1; -+ if (!rsa->meth->bn_mod_exp(r0, r1, dmp1, rsa->p, ctx, rsa->_method_mod_p)) -+ goto err; -+ -+ if (!BN_sub(r0, r0, m1)) -+ goto err; -+ /* -+ * This will help stop the size of r0 increasing, which does affect the -+ * multiply if it optimised for a power of 2 size -+ */ -+ if (BN_is_negative(r0)) -+ if (!BN_add(r0, r0, rsa->p)) -+ goto err; -+ -+ if (!BN_mul(r1, r0, rsa->iqmp, ctx)) -+ goto err; -+ -+ /* Turn BN_FLG_CONSTTIME flag on before division operation */ -+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { -+ pr1 = &local_r1; -+ BN_with_flags(pr1, r1, BN_FLG_CONSTTIME); -+ } else -+ pr1 = r1; -+ if (!BN_mod(r0, pr1, rsa->p, ctx)) -+ goto err; -+ -+ /* -+ * If p < q it is occasionally possible for the correction of adding 'p' -+ * if r0 is negative above to leave the result still negative. This can -+ * break the private key operations: the following second correction -+ * should *always* correct this rare occurrence. This will *never* happen -+ * with OpenSSL generated keys because they ensure p > q [steve] -+ */ -+ if (BN_is_negative(r0)) -+ if (!BN_add(r0, r0, rsa->p)) -+ goto err; -+ if (!BN_mul(r1, r0, rsa->q, ctx)) -+ goto err; -+ if (!BN_add(r0, r1, m1)) -+ goto err; -+ -+ if (rsa->e && rsa->n) { -+ if (!rsa->meth->bn_mod_exp(vrfy, r0, rsa->e, rsa->n, ctx, -+ rsa->_method_mod_n)) -+ goto err; -+ /* -+ * If 'I' was greater than (or equal to) rsa->n, the operation will -+ * be equivalent to using 'I mod n'. However, the result of the -+ * verify will *always* be less than 'n' so we don't check for -+ * absolute equality, just congruency. -+ */ -+ if (!BN_sub(vrfy, vrfy, I)) -+ goto err; -+ if (!BN_mod(vrfy, vrfy, rsa->n, ctx)) -+ goto err; -+ if (BN_is_negative(vrfy)) -+ if (!BN_add(vrfy, vrfy, rsa->n)) -+ goto err; -+ if (!BN_is_zero(vrfy)) { -+ /* -+ * 'I' and 'vrfy' aren't congruent mod n. Don't leak -+ * miscalculated CRT output, just do a raw (slower) mod_exp and -+ * return that instead. -+ */ -+ -+ BIGNUM local_d; -+ BIGNUM *d = NULL; -+ -+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { -+ d = &local_d; -+ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); -+ } else -+ d = rsa->d; -+ if (!rsa->meth->bn_mod_exp(r0, I, d, rsa->n, ctx, -+ rsa->_method_mod_n)) -+ goto err; -+ } -+ } -+ ret = 1; -+ err: -+ BN_CTX_end(ctx); -+ return (ret); -+} -+ -+static int RSA_eay_init(RSA *rsa) -+{ -+ rsa->flags |= RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE; -+ return (1); -+} -+ -+static int RSA_eay_finish(RSA *rsa) -+{ -+ if (rsa->_method_mod_n != NULL) -+ BN_MONT_CTX_free(rsa->_method_mod_n); -+ if (rsa->_method_mod_p != NULL) -+ BN_MONT_CTX_free(rsa->_method_mod_p); -+ if (rsa->_method_mod_q != NULL) -+ BN_MONT_CTX_free(rsa->_method_mod_q); -+ return (1); -+} -+ -+#endif -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_err.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_err.c -index bf54095..0bab05e 100644 ---- a/Cryptlib/OpenSSL/crypto/rsa/rsa_err.c -+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_err.c -@@ -1,11 +1,62 @@ --/* -- * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/rsa/rsa_err.c */ -+/* ==================================================================== -+ * Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+/* -+ * NOTE: this file was auto generated by the mkerr.pl script: any changes -+ * made to it will be overwritten when the script next updates this file, -+ * only reason strings will be preserved. - */ - - #include -@@ -19,35 +70,36 @@ - # define ERR_REASON(reason) ERR_PACK(ERR_LIB_RSA,0,reason) - - static ERR_STRING_DATA RSA_str_functs[] = { -- {ERR_FUNC(RSA_F_CHECK_PADDING_MD), "check_padding_md"}, -- {ERR_FUNC(RSA_F_ENCODE_PKCS1), "encode_pkcs1"}, -- {ERR_FUNC(RSA_F_INT_RSA_VERIFY), "int_rsa_verify"}, -- {ERR_FUNC(RSA_F_OLD_RSA_PRIV_DECODE), "old_rsa_priv_decode"}, -- {ERR_FUNC(RSA_F_PKEY_RSA_CTRL), "pkey_rsa_ctrl"}, -- {ERR_FUNC(RSA_F_PKEY_RSA_CTRL_STR), "pkey_rsa_ctrl_str"}, -- {ERR_FUNC(RSA_F_PKEY_RSA_SIGN), "pkey_rsa_sign"}, -- {ERR_FUNC(RSA_F_PKEY_RSA_VERIFY), "pkey_rsa_verify"}, -- {ERR_FUNC(RSA_F_PKEY_RSA_VERIFYRECOVER), "pkey_rsa_verifyrecover"}, -- {ERR_FUNC(RSA_F_RSA_ALGOR_TO_MD), "rsa_algor_to_md"}, -- {ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN), "rsa_builtin_keygen"}, -+ {ERR_FUNC(RSA_F_CHECK_PADDING_MD), "CHECK_PADDING_MD"}, -+ {ERR_FUNC(RSA_F_DO_RSA_PRINT), "DO_RSA_PRINT"}, -+ {ERR_FUNC(RSA_F_INT_RSA_VERIFY), "INT_RSA_VERIFY"}, -+ {ERR_FUNC(RSA_F_MEMORY_LOCK), "MEMORY_LOCK"}, -+ {ERR_FUNC(RSA_F_OLD_RSA_PRIV_DECODE), "OLD_RSA_PRIV_DECODE"}, -+ {ERR_FUNC(RSA_F_PKEY_RSA_CTRL), "PKEY_RSA_CTRL"}, -+ {ERR_FUNC(RSA_F_PKEY_RSA_CTRL_STR), "PKEY_RSA_CTRL_STR"}, -+ {ERR_FUNC(RSA_F_PKEY_RSA_SIGN), "PKEY_RSA_SIGN"}, -+ {ERR_FUNC(RSA_F_PKEY_RSA_VERIFY), "PKEY_RSA_VERIFY"}, -+ {ERR_FUNC(RSA_F_PKEY_RSA_VERIFYRECOVER), "PKEY_RSA_VERIFYRECOVER"}, -+ {ERR_FUNC(RSA_F_RSA_ALGOR_TO_MD), "RSA_ALGOR_TO_MD"}, -+ {ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN), "RSA_BUILTIN_KEYGEN"}, - {ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"}, -- {ERR_FUNC(RSA_F_RSA_CHECK_KEY_EX), "RSA_check_key_ex"}, -- {ERR_FUNC(RSA_F_RSA_CMS_DECRYPT), "rsa_cms_decrypt"}, -- {ERR_FUNC(RSA_F_RSA_ITEM_VERIFY), "rsa_item_verify"}, -- {ERR_FUNC(RSA_F_RSA_METH_DUP), "RSA_meth_dup"}, -- {ERR_FUNC(RSA_F_RSA_METH_NEW), "RSA_meth_new"}, -- {ERR_FUNC(RSA_F_RSA_METH_SET1_NAME), "RSA_meth_set1_name"}, -- {ERR_FUNC(RSA_F_RSA_MGF1_TO_MD), "rsa_mgf1_to_md"}, -+ {ERR_FUNC(RSA_F_RSA_CMS_DECRYPT), "RSA_CMS_DECRYPT"}, -+ {ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_DECRYPT), "RSA_EAY_PRIVATE_DECRYPT"}, -+ {ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_ENCRYPT), "RSA_EAY_PRIVATE_ENCRYPT"}, -+ {ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_DECRYPT), "RSA_EAY_PUBLIC_DECRYPT"}, -+ {ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_ENCRYPT), "RSA_EAY_PUBLIC_ENCRYPT"}, -+ {ERR_FUNC(RSA_F_RSA_GENERATE_KEY), "RSA_generate_key"}, -+ {ERR_FUNC(RSA_F_RSA_GENERATE_KEY_EX), "RSA_generate_key_ex"}, -+ {ERR_FUNC(RSA_F_RSA_ITEM_VERIFY), "RSA_ITEM_VERIFY"}, -+ {ERR_FUNC(RSA_F_RSA_MEMORY_LOCK), "RSA_memory_lock"}, -+ {ERR_FUNC(RSA_F_RSA_MGF1_TO_MD), "RSA_MGF1_TO_MD"}, - {ERR_FUNC(RSA_F_RSA_NEW_METHOD), "RSA_new_method"}, - {ERR_FUNC(RSA_F_RSA_NULL), "RSA_NULL"}, -- {ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_DECRYPT), "RSA_null_private_decrypt"}, -- {ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_ENCRYPT), "RSA_null_private_encrypt"}, -- {ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_DECRYPT), "RSA_null_public_decrypt"}, -- {ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_ENCRYPT), "RSA_null_public_encrypt"}, -- {ERR_FUNC(RSA_F_RSA_OSSL_PRIVATE_DECRYPT), "rsa_ossl_private_decrypt"}, -- {ERR_FUNC(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT), "rsa_ossl_private_encrypt"}, -- {ERR_FUNC(RSA_F_RSA_OSSL_PUBLIC_DECRYPT), "rsa_ossl_public_decrypt"}, -- {ERR_FUNC(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT), "rsa_ossl_public_encrypt"}, -+ {ERR_FUNC(RSA_F_RSA_NULL_MOD_EXP), "RSA_NULL_MOD_EXP"}, -+ {ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_DECRYPT), "RSA_NULL_PRIVATE_DECRYPT"}, -+ {ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_ENCRYPT), "RSA_NULL_PRIVATE_ENCRYPT"}, -+ {ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_DECRYPT), "RSA_NULL_PUBLIC_DECRYPT"}, -+ {ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_ENCRYPT), "RSA_NULL_PUBLIC_ENCRYPT"}, - {ERR_FUNC(RSA_F_RSA_PADDING_ADD_NONE), "RSA_padding_add_none"}, - {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP), - "RSA_padding_add_PKCS1_OAEP"}, -@@ -75,9 +127,14 @@ static ERR_STRING_DATA RSA_str_functs[] = { - {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931), "RSA_padding_check_X931"}, - {ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"}, - {ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"}, -- {ERR_FUNC(RSA_F_RSA_PRIV_ENCODE), "rsa_priv_encode"}, -- {ERR_FUNC(RSA_F_RSA_PSS_TO_CTX), "rsa_pss_to_ctx"}, -- {ERR_FUNC(RSA_F_RSA_PUB_DECODE), "rsa_pub_decode"}, -+ {ERR_FUNC(RSA_F_RSA_PRIVATE_DECRYPT), "RSA_private_decrypt"}, -+ {ERR_FUNC(RSA_F_RSA_PRIVATE_ENCRYPT), "RSA_private_encrypt"}, -+ {ERR_FUNC(RSA_F_RSA_PRIV_DECODE), "RSA_PRIV_DECODE"}, -+ {ERR_FUNC(RSA_F_RSA_PRIV_ENCODE), "RSA_PRIV_ENCODE"}, -+ {ERR_FUNC(RSA_F_RSA_PSS_TO_CTX), "RSA_PSS_TO_CTX"}, -+ {ERR_FUNC(RSA_F_RSA_PUBLIC_DECRYPT), "RSA_public_decrypt"}, -+ {ERR_FUNC(RSA_F_RSA_PUBLIC_ENCRYPT), "RSA_public_encrypt"}, -+ {ERR_FUNC(RSA_F_RSA_PUB_DECODE), "RSA_PUB_DECODE"}, - {ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"}, - {ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"}, - {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), -@@ -85,6 +142,7 @@ static ERR_STRING_DATA RSA_str_functs[] = { - {ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"}, - {ERR_FUNC(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING), - "RSA_verify_ASN1_OCTET_STRING"}, -+ {ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS), "RSA_verify_PKCS1_PSS"}, - {ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1), "RSA_verify_PKCS1_PSS_mgf1"}, - {0, NULL} - }; -@@ -119,6 +177,7 @@ static ERR_STRING_DATA RSA_str_reasons[] = { - {ERR_REASON(RSA_R_INVALID_DIGEST), "invalid digest"}, - {ERR_REASON(RSA_R_INVALID_DIGEST_LENGTH), "invalid digest length"}, - {ERR_REASON(RSA_R_INVALID_HEADER), "invalid header"}, -+ {ERR_REASON(RSA_R_INVALID_KEYBITS), "invalid keybits"}, - {ERR_REASON(RSA_R_INVALID_LABEL), "invalid label"}, - {ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH), "invalid message length"}, - {ERR_REASON(RSA_R_INVALID_MGF1_MD), "invalid mgf1 md"}, -@@ -134,11 +193,14 @@ static ERR_STRING_DATA RSA_str_reasons[] = { - {ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL), "key size too small"}, - {ERR_REASON(RSA_R_LAST_OCTET_INVALID), "last octet invalid"}, - {ERR_REASON(RSA_R_MODULUS_TOO_LARGE), "modulus too large"}, -+ {ERR_REASON(RSA_R_NON_FIPS_RSA_METHOD), "non fips rsa method"}, - {ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT), "no public exponent"}, - {ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING), - "null before block missing"}, - {ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q), "n does not equal p q"}, - {ERR_REASON(RSA_R_OAEP_DECODING_ERROR), "oaep decoding error"}, -+ {ERR_REASON(RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE), -+ "operation not allowed in fips mode"}, - {ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), - "operation not supported for this keytype"}, - {ERR_REASON(RSA_R_PADDING_CHECK_FAILED), "padding check failed"}, -@@ -156,6 +218,7 @@ static ERR_STRING_DATA RSA_str_reasons[] = { - {ERR_REASON(RSA_R_UNKNOWN_DIGEST), "unknown digest"}, - {ERR_REASON(RSA_R_UNKNOWN_MASK_DIGEST), "unknown mask digest"}, - {ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE), "unknown padding type"}, -+ {ERR_REASON(RSA_R_UNKNOWN_PSS_DIGEST), "unknown pss digest"}, - {ERR_REASON(RSA_R_UNSUPPORTED_ENCRYPTION_TYPE), - "unsupported encryption type"}, - {ERR_REASON(RSA_R_UNSUPPORTED_LABEL_SOURCE), "unsupported label source"}, -@@ -172,7 +235,7 @@ static ERR_STRING_DATA RSA_str_reasons[] = { - - #endif - --int ERR_load_RSA_strings(void) -+void ERR_load_RSA_strings(void) - { - #ifndef OPENSSL_NO_ERR - -@@ -181,5 +244,4 @@ int ERR_load_RSA_strings(void) - ERR_load_strings(0, RSA_str_reasons); - } - #endif -- return 1; - } -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c -index 0d1d56b..082c8da 100644 ---- a/Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c -+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c -@@ -1,10 +1,59 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/rsa/rsa_gen.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - /* -@@ -15,9 +64,14 @@ - - #include - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include --#include "rsa_locl.h" -+#include -+#ifdef OPENSSL_FIPS -+# include -+extern int FIPS_rsa_x931_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, -+ BN_GENCB *cb); -+#endif - - static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, - BN_GENCB *cb); -@@ -31,8 +85,19 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, - */ - int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) - { -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) -+ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { -+ RSAerr(RSA_F_RSA_GENERATE_KEY_EX, RSA_R_NON_FIPS_RSA_METHOD); -+ return 0; -+ } -+#endif - if (rsa->meth->rsa_keygen) - return rsa->meth->rsa_keygen(rsa, bits, e_value, cb); -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode()) -+ return FIPS_rsa_x931_generate_key_ex(rsa, bits, e_value, cb); -+#endif - return rsa_builtin_keygen(rsa, bits, e_value, cb); - } - -@@ -40,6 +105,8 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, - BN_GENCB *cb) - { - BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL, *tmp; -+ BIGNUM local_r0, local_d, local_p; -+ BIGNUM *pr0, *d, *p; - int bitsp, bitsq, ok = -1, n = 0; - BN_CTX *ctx = NULL; - -@@ -60,19 +127,19 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, - /* We need the RSA components non-NULL */ - if (!rsa->n && ((rsa->n = BN_new()) == NULL)) - goto err; -- if (!rsa->d && ((rsa->d = BN_secure_new()) == NULL)) -+ if (!rsa->d && ((rsa->d = BN_new()) == NULL)) - goto err; - if (!rsa->e && ((rsa->e = BN_new()) == NULL)) - goto err; -- if (!rsa->p && ((rsa->p = BN_secure_new()) == NULL)) -+ if (!rsa->p && ((rsa->p = BN_new()) == NULL)) - goto err; -- if (!rsa->q && ((rsa->q = BN_secure_new()) == NULL)) -+ if (!rsa->q && ((rsa->q = BN_new()) == NULL)) - goto err; -- if (!rsa->dmp1 && ((rsa->dmp1 = BN_secure_new()) == NULL)) -+ if (!rsa->dmp1 && ((rsa->dmp1 = BN_new()) == NULL)) - goto err; -- if (!rsa->dmq1 && ((rsa->dmq1 = BN_secure_new()) == NULL)) -+ if (!rsa->dmq1 && ((rsa->dmq1 = BN_new()) == NULL)) - goto err; -- if (!rsa->iqmp && ((rsa->iqmp = BN_secure_new()) == NULL)) -+ if (!rsa->iqmp && ((rsa->iqmp = BN_new()) == NULL)) - goto err; - - if (BN_copy(rsa->e, e_value) == NULL) -@@ -137,53 +204,37 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, - goto err; /* q-1 */ - if (!BN_mul(r0, r1, r2, ctx)) - goto err; /* (p-1)(q-1) */ -- { -- BIGNUM *pr0 = BN_new(); -- -- if (pr0 == NULL) -- goto err; -+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { -+ pr0 = &local_r0; - BN_with_flags(pr0, r0, BN_FLG_CONSTTIME); -- if (!BN_mod_inverse(rsa->d, rsa->e, pr0, ctx)) { -- BN_free(pr0); -- goto err; /* d */ -- } -- /* We MUST free pr0 before any further use of r0 */ -- BN_free(pr0); -- } -- -- { -- BIGNUM *d = BN_new(); -- -- if (d == NULL) -- goto err; -+ } else -+ pr0 = r0; -+ if (!BN_mod_inverse(rsa->d, rsa->e, pr0, ctx)) -+ goto err; /* d */ -+ -+ /* set up d for correct BN_FLG_CONSTTIME flag */ -+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { -+ d = &local_d; - BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); -+ } else -+ d = rsa->d; - -- if ( /* calculate d mod (p-1) */ -- !BN_mod(rsa->dmp1, d, r1, ctx) -- /* calculate d mod (q-1) */ -- || !BN_mod(rsa->dmq1, d, r2, ctx)) { -- BN_free(d); -- goto err; -- } -- /* We MUST free d before any further use of rsa->d */ -- BN_free(d); -- } -+ /* calculate d mod (p-1) */ -+ if (!BN_mod(rsa->dmp1, d, r1, ctx)) -+ goto err; - -- { -- BIGNUM *p = BN_new(); -+ /* calculate d mod (q-1) */ -+ if (!BN_mod(rsa->dmq1, d, r2, ctx)) -+ goto err; - -- if (p == NULL) -- goto err; -+ /* calculate inverse of q mod p */ -+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { -+ p = &local_p; - BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME); -- -- /* calculate inverse of q mod p */ -- if (!BN_mod_inverse(rsa->iqmp, rsa->q, p, ctx)) { -- BN_free(p); -- goto err; -- } -- /* We MUST free p before any further use of rsa->p */ -- BN_free(p); -- } -+ } else -+ p = rsa->p; -+ if (!BN_mod_inverse(rsa->iqmp, rsa->q, p, ctx)) -+ goto err; - - ok = 1; - err: -@@ -191,9 +242,10 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, - RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, ERR_LIB_BN); - ok = 0; - } -- if (ctx != NULL) -+ if (ctx != NULL) { - BN_CTX_end(ctx); -- BN_CTX_free(ctx); -+ BN_CTX_free(ctx); -+ } - - return ok; - } -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c -index 48e9100..6ea6b40 100644 ---- a/Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c -+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c -@@ -1,19 +1,77 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/rsa/rsa_lib.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include --#include "internal/bn_int.h" --#include --#include "rsa_locl.h" -+#include -+#include -+#include -+#ifndef OPENSSL_NO_ENGINE -+# include -+#endif -+ -+#ifdef OPENSSL_FIPS -+# include -+#endif -+ -+const char RSA_version[] = "RSA" OPENSSL_VERSION_PTEXT; - - static const RSA_METHOD *default_RSA_meth = NULL; - -@@ -32,10 +90,17 @@ void RSA_set_default_method(const RSA_METHOD *meth) - const RSA_METHOD *RSA_get_default_method(void) - { - if (default_RSA_meth == NULL) { --#ifdef RSA_NULL -- default_RSA_meth = RSA_null_method(); -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode()) -+ return FIPS_rsa_pkcs1_ssleay(); -+ else -+ return RSA_PKCS1_SSLeay(); - #else -- default_RSA_meth = RSA_PKCS1_OpenSSL(); -+# ifdef RSA_NULL -+ default_RSA_meth = RSA_null_method(); -+# else -+ default_RSA_meth = RSA_PKCS1_SSLeay(); -+# endif - #endif - } - -@@ -58,8 +123,10 @@ int RSA_set_method(RSA *rsa, const RSA_METHOD *meth) - if (mtmp->finish) - mtmp->finish(rsa); - #ifndef OPENSSL_NO_ENGINE -- ENGINE_finish(rsa->engine); -- rsa->engine = NULL; -+ if (rsa->engine) { -+ ENGINE_finish(rsa->engine); -+ rsa->engine = NULL; -+ } - #endif - rsa->meth = meth; - if (meth->init) -@@ -69,56 +136,74 @@ int RSA_set_method(RSA *rsa, const RSA_METHOD *meth) - - RSA *RSA_new_method(ENGINE *engine) - { -- RSA *ret = OPENSSL_zalloc(sizeof(*ret)); -+ RSA *ret; - -+ ret = (RSA *)OPENSSL_malloc(sizeof(RSA)); - if (ret == NULL) { - RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_MALLOC_FAILURE); - return NULL; - } -- -- ret->references = 1; -- ret->lock = CRYPTO_THREAD_lock_new(); -- if (ret->lock == NULL) { -- RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_MALLOC_FAILURE); -- OPENSSL_free(ret); -- return NULL; -- } -+ memset(ret,0,sizeof(RSA)); - - ret->meth = RSA_get_default_method(); - #ifndef OPENSSL_NO_ENGINE -- ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW; - if (engine) { - if (!ENGINE_init(engine)) { - RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB); -- goto err; -+ OPENSSL_free(ret); -+ return NULL; - } - ret->engine = engine; - } else - ret->engine = ENGINE_get_default_RSA(); - if (ret->engine) { - ret->meth = ENGINE_get_RSA(ret->engine); -- if (ret->meth == NULL) { -+ if (!ret->meth) { - RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB); -- goto err; -+ ENGINE_finish(ret->engine); -+ OPENSSL_free(ret); -+ return NULL; - } - } - #endif - -+ ret->pad = 0; -+ ret->version = 0; -+ ret->n = NULL; -+ ret->e = NULL; -+ ret->d = NULL; -+ ret->p = NULL; -+ ret->q = NULL; -+ ret->dmp1 = NULL; -+ ret->dmq1 = NULL; -+ ret->iqmp = NULL; -+ ret->references = 1; -+ ret->_method_mod_n = NULL; -+ ret->_method_mod_p = NULL; -+ ret->_method_mod_q = NULL; -+ ret->blinding = NULL; -+ ret->mt_blinding = NULL; -+ ret->bignum_data = NULL; - ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW; - if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) { -- goto err; -+#ifndef OPENSSL_NO_ENGINE -+ if (ret->engine) -+ ENGINE_finish(ret->engine); -+#endif -+ OPENSSL_free(ret); -+ return (NULL); - } - - if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { -- RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_INIT_FAIL); -- goto err; -+#ifndef OPENSSL_NO_ENGINE -+ if (ret->engine) -+ ENGINE_finish(ret->engine); -+#endif -+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); -+ OPENSSL_free(ret); -+ ret = NULL; - } -- -- return ret; -- --err: -- RSA_free(ret); -- return NULL; -+ return (ret); - } - - void RSA_free(RSA *r) -@@ -128,48 +213,75 @@ void RSA_free(RSA *r) - if (r == NULL) - return; - -- CRYPTO_atomic_add(&r->references, -1, &i, r->lock); -- REF_PRINT_COUNT("RSA", r); -+ i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_RSA); -+#ifdef REF_PRINT -+ REF_PRINT("RSA", r); -+#endif - if (i > 0) - return; -- REF_ASSERT_ISNT(i < 0); -+#ifdef REF_CHECK -+ if (i < 0) { -+ fprintf(stderr, "RSA_free, bad reference count\n"); -+ abort(); -+ } -+#endif - - if (r->meth->finish) - r->meth->finish(r); - #ifndef OPENSSL_NO_ENGINE -- ENGINE_finish(r->engine); -+ if (r->engine) -+ ENGINE_finish(r->engine); - #endif - - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data); - -- CRYPTO_THREAD_lock_free(r->lock); -- -- BN_clear_free(r->n); -- BN_clear_free(r->e); -- BN_clear_free(r->d); -- BN_clear_free(r->p); -- BN_clear_free(r->q); -- BN_clear_free(r->dmp1); -- BN_clear_free(r->dmq1); -- BN_clear_free(r->iqmp); -- BN_BLINDING_free(r->blinding); -- BN_BLINDING_free(r->mt_blinding); -- OPENSSL_free(r->bignum_data); -+ if (r->n != NULL) -+ BN_clear_free(r->n); -+ if (r->e != NULL) -+ BN_clear_free(r->e); -+ if (r->d != NULL) -+ BN_clear_free(r->d); -+ if (r->p != NULL) -+ BN_clear_free(r->p); -+ if (r->q != NULL) -+ BN_clear_free(r->q); -+ if (r->dmp1 != NULL) -+ BN_clear_free(r->dmp1); -+ if (r->dmq1 != NULL) -+ BN_clear_free(r->dmq1); -+ if (r->iqmp != NULL) -+ BN_clear_free(r->iqmp); -+ if (r->blinding != NULL) -+ BN_BLINDING_free(r->blinding); -+ if (r->mt_blinding != NULL) -+ BN_BLINDING_free(r->mt_blinding); -+ if (r->bignum_data != NULL) -+ OPENSSL_free_locked(r->bignum_data); - OPENSSL_free(r); - } - - int RSA_up_ref(RSA *r) - { -- int i; -- -- if (CRYPTO_atomic_add(&r->references, 1, &i, r->lock) <= 0) -- return 0; -- -- REF_PRINT_COUNT("RSA", r); -- REF_ASSERT_ISNT(i < 2); -+ int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA); -+#ifdef REF_PRINT -+ REF_PRINT("RSA", r); -+#endif -+#ifdef REF_CHECK -+ if (i < 2) { -+ fprintf(stderr, "RSA_up_ref, bad reference count\n"); -+ abort(); -+ } -+#endif - return ((i > 1) ? 1 : 0); - } - -+int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, -+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) -+{ -+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp, -+ new_func, dup_func, free_func); -+} -+ - int RSA_set_ex_data(RSA *r, int idx, void *arg) - { - return (CRYPTO_set_ex_data(&r->ex_data, idx, arg)); -@@ -180,131 +292,46 @@ void *RSA_get_ex_data(const RSA *r, int idx) - return (CRYPTO_get_ex_data(&r->ex_data, idx)); - } - --int RSA_security_bits(const RSA *rsa) --{ -- return BN_security_bits(BN_num_bits(rsa->n), -1); --} -- --int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) --{ -- /* If the fields n and e in r are NULL, the corresponding input -- * parameters MUST be non-NULL for n and e. d may be -- * left NULL (in case only the public key is used). -- */ -- if ((r->n == NULL && n == NULL) -- || (r->e == NULL && e == NULL)) -- return 0; -- -- if (n != NULL) { -- BN_free(r->n); -- r->n = n; -- } -- if (e != NULL) { -- BN_free(r->e); -- r->e = e; -- } -- if (d != NULL) { -- BN_free(r->d); -- r->d = d; -- } -- -- return 1; --} -- --int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) -+int RSA_memory_lock(RSA *r) - { -- /* If the fields p and q in r are NULL, the corresponding input -- * parameters MUST be non-NULL. -- */ -- if ((r->p == NULL && p == NULL) -- || (r->q == NULL && q == NULL)) -- return 0; -- -- if (p != NULL) { -- BN_free(r->p); -- r->p = p; -- } -- if (q != NULL) { -- BN_free(r->q); -- r->q = q; -- } -- -- return 1; --} -- --int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) --{ -- /* If the fields dmp1, dmq1 and iqmp in r are NULL, the corresponding input -- * parameters MUST be non-NULL. -- */ -- if ((r->dmp1 == NULL && dmp1 == NULL) -- || (r->dmq1 == NULL && dmq1 == NULL) -- || (r->iqmp == NULL && iqmp == NULL)) -- return 0; -- -- if (dmp1 != NULL) { -- BN_free(r->dmp1); -- r->dmp1 = dmp1; -+ int i, j, k, off; -+ char *p; -+ BIGNUM *bn, **t[6], *b; -+ BN_ULONG *ul; -+ -+ if (r->d == NULL) -+ return (1); -+ t[0] = &r->d; -+ t[1] = &r->p; -+ t[2] = &r->q; -+ t[3] = &r->dmp1; -+ t[4] = &r->dmq1; -+ t[5] = &r->iqmp; -+ k = sizeof(BIGNUM) * 6; -+ off = k / sizeof(BN_ULONG) + 1; -+ j = 1; -+ for (i = 0; i < 6; i++) -+ j += (*t[i])->top; -+ if ((p = OPENSSL_malloc_locked((off + j) * sizeof(BN_ULONG))) == NULL) { -+ RSAerr(RSA_F_RSA_MEMORY_LOCK, ERR_R_MALLOC_FAILURE); -+ return (0); - } -- if (dmq1 != NULL) { -- BN_free(r->dmq1); -- r->dmq1 = dmq1; -+ bn = (BIGNUM *)p; -+ ul = (BN_ULONG *)&(p[off]); -+ for (i = 0; i < 6; i++) { -+ b = *(t[i]); -+ *(t[i]) = &(bn[i]); -+ memcpy((char *)&(bn[i]), (char *)b, sizeof(BIGNUM)); -+ bn[i].flags = BN_FLG_STATIC_DATA; -+ bn[i].d = ul; -+ memcpy((char *)ul, b->d, sizeof(BN_ULONG) * b->top); -+ ul += b->top; -+ BN_clear_free(b); - } -- if (iqmp != NULL) { -- BN_free(r->iqmp); -- r->iqmp = iqmp; -- } -- -- return 1; --} -- --void RSA_get0_key(const RSA *r, -- const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) --{ -- if (n != NULL) -- *n = r->n; -- if (e != NULL) -- *e = r->e; -- if (d != NULL) -- *d = r->d; --} -- --void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q) --{ -- if (p != NULL) -- *p = r->p; -- if (q != NULL) -- *q = r->q; --} -- --void RSA_get0_crt_params(const RSA *r, -- const BIGNUM **dmp1, const BIGNUM **dmq1, -- const BIGNUM **iqmp) --{ -- if (dmp1 != NULL) -- *dmp1 = r->dmp1; -- if (dmq1 != NULL) -- *dmq1 = r->dmq1; -- if (iqmp != NULL) -- *iqmp = r->iqmp; --} - --void RSA_clear_flags(RSA *r, int flags) --{ -- r->flags &= ~flags; --} -+ /* I should fix this so it can still be done */ -+ r->flags &= ~(RSA_FLAG_CACHE_PRIVATE | RSA_FLAG_CACHE_PUBLIC); - --int RSA_test_flags(const RSA *r, int flags) --{ -- return r->flags & flags; --} -- --void RSA_set_flags(RSA *r, int flags) --{ -- r->flags |= flags; --} -- --ENGINE *RSA_get0_engine(const RSA *r) --{ -- return r->engine; -+ r->bignum_data = p; -+ return (1); - } -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_locl.h b/Cryptlib/OpenSSL/crypto/rsa/rsa_locl.h -index 5d16aa6..3e88187 100644 ---- a/Cryptlib/OpenSSL/crypto/rsa/rsa_locl.h -+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_locl.h -@@ -1,95 +1,3 @@ --/* -- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include -- --struct rsa_st { -- /* -- * The first parameter is used to pickup errors where this is passed -- * instead of aEVP_PKEY, it is set to 0 -- */ -- int pad; -- long version; -- const RSA_METHOD *meth; -- /* functional reference if 'meth' is ENGINE-provided */ -- ENGINE *engine; -- BIGNUM *n; -- BIGNUM *e; -- BIGNUM *d; -- BIGNUM *p; -- BIGNUM *q; -- BIGNUM *dmp1; -- BIGNUM *dmq1; -- BIGNUM *iqmp; -- /* be careful using this if the RSA structure is shared */ -- CRYPTO_EX_DATA ex_data; -- int references; -- int flags; -- /* Used to cache montgomery values */ -- BN_MONT_CTX *_method_mod_n; -- BN_MONT_CTX *_method_mod_p; -- BN_MONT_CTX *_method_mod_q; -- /* -- * all BIGNUM values are actually in the following data, if it is not -- * NULL -- */ -- char *bignum_data; -- BN_BLINDING *blinding; -- BN_BLINDING *mt_blinding; -- CRYPTO_RWLOCK *lock; --}; -- --struct rsa_meth_st { -- char *name; -- int (*rsa_pub_enc) (int flen, const unsigned char *from, -- unsigned char *to, RSA *rsa, int padding); -- int (*rsa_pub_dec) (int flen, const unsigned char *from, -- unsigned char *to, RSA *rsa, int padding); -- int (*rsa_priv_enc) (int flen, const unsigned char *from, -- unsigned char *to, RSA *rsa, int padding); -- int (*rsa_priv_dec) (int flen, const unsigned char *from, -- unsigned char *to, RSA *rsa, int padding); -- /* Can be null */ -- int (*rsa_mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); -- /* Can be null */ -- int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, -- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); -- /* called at new */ -- int (*init) (RSA *rsa); -- /* called at free */ -- int (*finish) (RSA *rsa); -- /* RSA_METHOD_FLAG_* things */ -- int flags; -- /* may be needed! */ -- char *app_data; -- /* -- * New sign and verify functions: some libraries don't allow arbitrary -- * data to be signed/verified: this allows them to be used. Note: for -- * this to work the RSA_public_decrypt() and RSA_private_encrypt() should -- * *NOT* be used RSA_sign(), RSA_verify() should be used instead. -- */ -- int (*rsa_sign) (int type, -- const unsigned char *m, unsigned int m_length, -- unsigned char *sigret, unsigned int *siglen, -- const RSA *rsa); -- int (*rsa_verify) (int dtype, const unsigned char *m, -- unsigned int m_length, const unsigned char *sigbuf, -- unsigned int siglen, const RSA *rsa); -- /* -- * If this callback is NULL, the builtin software RSA key-gen will be -- * used. This is for behavioural compatibility whilst the code gets -- * rewired, but one day it would be nice to assume there are no such -- * things as "builtin software" implementations. -- */ -- int (*rsa_keygen) (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); --}; -- - extern int int_rsa_verify(int dtype, const unsigned char *m, - unsigned int m_len, unsigned char *rm, - size_t *prm_len, const unsigned char *sigbuf, -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_meth.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_meth.c -deleted file mode 100644 -index 9480abd..0000000 ---- a/Cryptlib/OpenSSL/crypto/rsa/rsa_meth.c -+++ /dev/null -@@ -1,273 +0,0 @@ --/* -- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include --#include "rsa_locl.h" --#include -- --RSA_METHOD *RSA_meth_new(const char *name, int flags) --{ -- RSA_METHOD *meth = OPENSSL_zalloc(sizeof(*meth)); -- -- if (meth != NULL) { -- meth->flags = flags; -- -- meth->name = OPENSSL_strdup(name); -- if (meth->name != NULL) -- return meth; -- -- OPENSSL_free(meth); -- } -- -- RSAerr(RSA_F_RSA_METH_NEW, ERR_R_MALLOC_FAILURE); -- return NULL; --} -- --void RSA_meth_free(RSA_METHOD *meth) --{ -- if (meth != NULL) { -- OPENSSL_free(meth->name); -- OPENSSL_free(meth); -- } --} -- --RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth) --{ -- RSA_METHOD *ret = OPENSSL_malloc(sizeof(*ret)); -- -- if (ret != NULL) { -- memcpy(ret, meth, sizeof(*meth)); -- -- ret->name = OPENSSL_strdup(meth->name); -- if (ret->name != NULL) -- return ret; -- -- OPENSSL_free(ret); -- } -- -- RSAerr(RSA_F_RSA_METH_DUP, ERR_R_MALLOC_FAILURE); -- return NULL; --} -- --const char *RSA_meth_get0_name(const RSA_METHOD *meth) --{ -- return meth->name; --} -- --int RSA_meth_set1_name(RSA_METHOD *meth, const char *name) --{ -- char *tmpname = OPENSSL_strdup(name); -- -- if (tmpname == NULL) { -- RSAerr(RSA_F_RSA_METH_SET1_NAME, ERR_R_MALLOC_FAILURE); -- return 0; -- } -- -- OPENSSL_free(meth->name); -- meth->name = tmpname; -- -- return 1; --} -- --int RSA_meth_get_flags(RSA_METHOD *meth) --{ -- return meth->flags; --} -- --int RSA_meth_set_flags(RSA_METHOD *meth, int flags) --{ -- meth->flags = flags; -- return 1; --} -- --void *RSA_meth_get0_app_data(const RSA_METHOD *meth) --{ -- return meth->app_data; --} -- --int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data) --{ -- meth->app_data = app_data; -- return 1; --} -- --int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth)) -- (int flen, const unsigned char *from, -- unsigned char *to, RSA *rsa, int padding) --{ -- return meth->rsa_pub_enc; --} -- --int RSA_meth_set_pub_enc(RSA_METHOD *meth, -- int (*pub_enc) (int flen, const unsigned char *from, -- unsigned char *to, RSA *rsa, -- int padding)) --{ -- meth->rsa_pub_enc = pub_enc; -- return 1; --} -- --int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth)) -- (int flen, const unsigned char *from, -- unsigned char *to, RSA *rsa, int padding) --{ -- return meth->rsa_pub_dec; --} -- --int RSA_meth_set_pub_dec(RSA_METHOD *meth, -- int (*pub_dec) (int flen, const unsigned char *from, -- unsigned char *to, RSA *rsa, -- int padding)) --{ -- meth->rsa_pub_dec = pub_dec; -- return 1; --} -- --int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth)) -- (int flen, const unsigned char *from, -- unsigned char *to, RSA *rsa, int padding) --{ -- return meth->rsa_priv_enc; --} -- --int RSA_meth_set_priv_enc(RSA_METHOD *meth, -- int (*priv_enc) (int flen, const unsigned char *from, -- unsigned char *to, RSA *rsa, -- int padding)) --{ -- meth->rsa_priv_enc = priv_enc; -- return 1; --} -- --int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth)) -- (int flen, const unsigned char *from, -- unsigned char *to, RSA *rsa, int padding) --{ -- return meth->rsa_priv_dec; --} -- --int RSA_meth_set_priv_dec(RSA_METHOD *meth, -- int (*priv_dec) (int flen, const unsigned char *from, -- unsigned char *to, RSA *rsa, -- int padding)) --{ -- meth->rsa_priv_dec = priv_dec; -- return 1; --} -- -- /* Can be null */ --int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth)) -- (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) --{ -- return meth->rsa_mod_exp; --} -- --int RSA_meth_set_mod_exp(RSA_METHOD *meth, -- int (*mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa, -- BN_CTX *ctx)) --{ -- meth->rsa_mod_exp = mod_exp; -- return 1; --} -- -- /* Can be null */ --int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth)) -- (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, -- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) --{ -- return meth->bn_mod_exp; --} -- --int RSA_meth_set_bn_mod_exp(RSA_METHOD *meth, -- int (*bn_mod_exp) (BIGNUM *r, -- const BIGNUM *a, -- const BIGNUM *p, -- const BIGNUM *m, -- BN_CTX *ctx, -- BN_MONT_CTX *m_ctx)) --{ -- meth->bn_mod_exp = bn_mod_exp; -- return 1; --} -- -- /* called at new */ --int (*RSA_meth_get_init(const RSA_METHOD *meth)) (RSA *rsa) --{ -- return meth->init; --} -- --int RSA_meth_set_init(RSA_METHOD *meth, int (*init) (RSA *rsa)) --{ -- meth->init = init; -- return 1; --} -- -- /* called at free */ --int (*RSA_meth_get_finish(const RSA_METHOD *meth)) (RSA *rsa) --{ -- return meth->finish; --} -- --int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa)) --{ -- meth->finish = finish; -- return 1; --} -- --int (*RSA_meth_get_sign(const RSA_METHOD *meth)) -- (int type, -- const unsigned char *m, unsigned int m_length, -- unsigned char *sigret, unsigned int *siglen, -- const RSA *rsa) --{ -- return meth->rsa_sign; --} -- --int RSA_meth_set_sign(RSA_METHOD *meth, -- int (*sign) (int type, const unsigned char *m, -- unsigned int m_length, -- unsigned char *sigret, unsigned int *siglen, -- const RSA *rsa)) --{ -- meth->rsa_sign = sign; -- return 1; --} -- --int (*RSA_meth_get_verify(const RSA_METHOD *meth)) -- (int dtype, const unsigned char *m, -- unsigned int m_length, const unsigned char *sigbuf, -- unsigned int siglen, const RSA *rsa) --{ -- return meth->rsa_verify; --} -- --int RSA_meth_set_verify(RSA_METHOD *meth, -- int (*verify) (int dtype, const unsigned char *m, -- unsigned int m_length, -- const unsigned char *sigbuf, -- unsigned int siglen, const RSA *rsa)) --{ -- meth->rsa_verify = verify; -- return 1; --} -- --int (*RSA_meth_get_keygen(const RSA_METHOD *meth)) -- (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) --{ -- return meth->rsa_keygen; --} -- --int RSA_meth_set_keygen(RSA_METHOD *meth, -- int (*keygen) (RSA *rsa, int bits, BIGNUM *e, -- BN_GENCB *cb)) --{ -- meth->rsa_keygen = keygen; -- return 1; --} -- -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_none.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_none.c -index b78756d..982b31f 100644 ---- a/Cryptlib/OpenSSL/crypto/rsa/rsa_none.c -+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_none.c -@@ -1,15 +1,66 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/rsa/rsa_none.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - --#include "internal/cryptlib.h" -+#include -+#include "cryptlib.h" - #include - #include -+#include - - int RSA_padding_add_none(unsigned char *to, int tlen, - const unsigned char *from, int flen) -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_null.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_null.c -index d339494..241b431 100644 ---- a/Cryptlib/OpenSSL/crypto/rsa/rsa_null.c -+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_null.c -@@ -1,16 +1,67 @@ -+/* rsa_null.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include --#include "rsa_locl.h" -+#include -+#include - - /* - * This is a dummy RSA implementation that just returns errors when called. -@@ -28,6 +79,9 @@ static int RSA_null_public_decrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); - static int RSA_null_private_decrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); -+#if 0 /* not currently used */ -+static int RSA_null_mod_exp(const BIGNUM *r0, const BIGNUM *i, RSA *rsa); -+#endif - static int RSA_null_init(RSA *rsa); - static int RSA_null_finish(RSA *rsa); - static RSA_METHOD rsa_null_meth = { -@@ -82,6 +136,14 @@ static int RSA_null_public_decrypt(int flen, const unsigned char *from, - return -1; - } - -+#if 0 /* not currently used */ -+static int RSA_null_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa) -+{ -+ ... err(RSA_F_RSA_NULL_MOD_EXP, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); -+ return -1; -+} -+#endif -+ - static int RSA_null_init(RSA *rsa) - { - return (1); -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c -index 868104f..19d28c6 100644 ---- a/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c -+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c -@@ -1,10 +1,7 @@ -+/* crypto/rsa/rsa_oaep.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * Written by Ulf Moeller. This software is distributed on an "AS IS" basis, -+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. - */ - - /* EME-OAEP as defined in RFC 2437 (PKCS #1 v2.0) */ -@@ -20,15 +17,16 @@ - * one-wayness. For the RSA function, this is an equivalent notion. - */ - --#include "internal/constant_time_locl.h" -+#include "constant_time_locl.h" - --#include --#include "internal/cryptlib.h" --#include --#include --#include --#include --#include "rsa_locl.h" -+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) -+# include -+# include "cryptlib.h" -+# include -+# include -+# include -+# include -+# include - - int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, - const unsigned char *from, int flen, -@@ -78,11 +76,11 @@ int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, - memcpy(db + emlen - flen - mdlen, from, (unsigned int)flen); - if (RAND_bytes(seed, mdlen) <= 0) - return 0; --#ifdef PKCS_TESTVECT -+# ifdef PKCS_TESTVECT - memcpy(seed, - "\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2\xf0\x6c\xb5\x8f", - 20); --#endif -+# endif - - dbmask = OPENSSL_malloc(emlen - mdlen); - if (dbmask == NULL) { -@@ -239,8 +237,10 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, - RSA_R_OAEP_DECODING_ERROR); - cleanup: -- OPENSSL_free(db); -- OPENSSL_free(em); -+ if (db != NULL) -+ OPENSSL_free(db); -+ if (em != NULL) -+ OPENSSL_free(em); - return mlen; - } - -@@ -249,13 +249,12 @@ int PKCS1_MGF1(unsigned char *mask, long len, - { - long i, outlen = 0; - unsigned char cnt[4]; -- EVP_MD_CTX *c = EVP_MD_CTX_new(); -+ EVP_MD_CTX c; - unsigned char md[EVP_MAX_MD_SIZE]; - int mdlen; - int rv = -1; - -- if (c == NULL) -- goto err; -+ EVP_MD_CTX_init(&c); - mdlen = EVP_MD_size(dgst); - if (mdlen < 0) - goto err; -@@ -264,16 +263,16 @@ int PKCS1_MGF1(unsigned char *mask, long len, - cnt[1] = (unsigned char)((i >> 16) & 255); - cnt[2] = (unsigned char)((i >> 8)) & 255; - cnt[3] = (unsigned char)(i & 255); -- if (!EVP_DigestInit_ex(c, dgst, NULL) -- || !EVP_DigestUpdate(c, seed, seedlen) -- || !EVP_DigestUpdate(c, cnt, 4)) -+ if (!EVP_DigestInit_ex(&c, dgst, NULL) -+ || !EVP_DigestUpdate(&c, seed, seedlen) -+ || !EVP_DigestUpdate(&c, cnt, 4)) - goto err; - if (outlen + mdlen <= len) { -- if (!EVP_DigestFinal_ex(c, mask + outlen, NULL)) -+ if (!EVP_DigestFinal_ex(&c, mask + outlen, NULL)) - goto err; - outlen += mdlen; - } else { -- if (!EVP_DigestFinal_ex(c, md, NULL)) -+ if (!EVP_DigestFinal_ex(&c, md, NULL)) - goto err; - memcpy(mask + outlen, md, len - outlen); - outlen = len; -@@ -281,6 +280,8 @@ int PKCS1_MGF1(unsigned char *mask, long len, - } - rv = 0; - err: -- EVP_MD_CTX_free(c); -+ EVP_MD_CTX_cleanup(&c); - return rv; - } -+ -+#endif -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_ossl.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_ossl.c -deleted file mode 100644 -index 7826066..0000000 ---- a/Cryptlib/OpenSSL/crypto/rsa/rsa_ossl.c -+++ /dev/null -@@ -1,790 +0,0 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include "internal/cryptlib.h" --#include "internal/bn_int.h" --#include "rsa_locl.h" -- --#ifndef RSA_NULL -- --static int rsa_ossl_public_encrypt(int flen, const unsigned char *from, -- unsigned char *to, RSA *rsa, int padding); --static int rsa_ossl_private_encrypt(int flen, const unsigned char *from, -- unsigned char *to, RSA *rsa, int padding); --static int rsa_ossl_public_decrypt(int flen, const unsigned char *from, -- unsigned char *to, RSA *rsa, int padding); --static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, -- unsigned char *to, RSA *rsa, int padding); --static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa, -- BN_CTX *ctx); --static int rsa_ossl_init(RSA *rsa); --static int rsa_ossl_finish(RSA *rsa); --static RSA_METHOD rsa_pkcs1_ossl_meth = { -- "OpenSSL PKCS#1 RSA (from Eric Young)", -- rsa_ossl_public_encrypt, -- rsa_ossl_public_decrypt, /* signature verification */ -- rsa_ossl_private_encrypt, /* signing */ -- rsa_ossl_private_decrypt, -- rsa_ossl_mod_exp, -- BN_mod_exp_mont, /* XXX probably we should not use Montgomery -- * if e == 3 */ -- rsa_ossl_init, -- rsa_ossl_finish, -- RSA_FLAG_FIPS_METHOD, /* flags */ -- NULL, -- 0, /* rsa_sign */ -- 0, /* rsa_verify */ -- NULL /* rsa_keygen */ --}; -- --const RSA_METHOD *RSA_PKCS1_OpenSSL(void) --{ -- return &rsa_pkcs1_ossl_meth; --} -- --static int rsa_ossl_public_encrypt(int flen, const unsigned char *from, -- unsigned char *to, RSA *rsa, int padding) --{ -- BIGNUM *f, *ret; -- int i, j, k, num = 0, r = -1; -- unsigned char *buf = NULL; -- BN_CTX *ctx = NULL; -- -- if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { -- RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE); -- return -1; -- } -- -- if (BN_ucmp(rsa->n, rsa->e) <= 0) { -- RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE); -- return -1; -- } -- -- /* for large moduli, enforce exponent limit */ -- if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) { -- if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) { -- RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE); -- return -1; -- } -- } -- -- if ((ctx = BN_CTX_new()) == NULL) -- goto err; -- BN_CTX_start(ctx); -- f = BN_CTX_get(ctx); -- ret = BN_CTX_get(ctx); -- num = BN_num_bytes(rsa->n); -- buf = OPENSSL_malloc(num); -- if (f == NULL || ret == NULL || buf == NULL) { -- RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- switch (padding) { -- case RSA_PKCS1_PADDING: -- i = RSA_padding_add_PKCS1_type_2(buf, num, from, flen); -- break; -- case RSA_PKCS1_OAEP_PADDING: -- i = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, NULL, 0); -- break; -- case RSA_SSLV23_PADDING: -- i = RSA_padding_add_SSLv23(buf, num, from, flen); -- break; -- case RSA_NO_PADDING: -- i = RSA_padding_add_none(buf, num, from, flen); -- break; -- default: -- RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE); -- goto err; -- } -- if (i <= 0) -- goto err; -- -- if (BN_bin2bn(buf, num, f) == NULL) -- goto err; -- -- if (BN_ucmp(f, rsa->n) >= 0) { -- /* usually the padding functions would catch this */ -- RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, -- RSA_R_DATA_TOO_LARGE_FOR_MODULUS); -- goto err; -- } -- -- if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) -- if (!BN_MONT_CTX_set_locked -- (&rsa->_method_mod_n, rsa->lock, rsa->n, ctx)) -- goto err; -- -- if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx, -- rsa->_method_mod_n)) -- goto err; -- -- /* -- * put in leading 0 bytes if the number is less than the length of the -- * modulus -- */ -- j = BN_num_bytes(ret); -- i = BN_bn2bin(ret, &(to[num - j])); -- for (k = 0; k < (num - i); k++) -- to[k] = 0; -- -- r = num; -- err: -- if (ctx != NULL) -- BN_CTX_end(ctx); -- BN_CTX_free(ctx); -- OPENSSL_clear_free(buf, num); -- return (r); --} -- --static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx) --{ -- BN_BLINDING *ret; -- -- CRYPTO_THREAD_write_lock(rsa->lock); -- -- if (rsa->blinding == NULL) { -- rsa->blinding = RSA_setup_blinding(rsa, ctx); -- } -- -- ret = rsa->blinding; -- if (ret == NULL) -- goto err; -- -- if (BN_BLINDING_is_current_thread(ret)) { -- /* rsa->blinding is ours! */ -- -- *local = 1; -- } else { -- /* resort to rsa->mt_blinding instead */ -- -- /* -- * instructs rsa_blinding_convert(), rsa_blinding_invert() that the -- * BN_BLINDING is shared, meaning that accesses require locks, and -- * that the blinding factor must be stored outside the BN_BLINDING -- */ -- *local = 0; -- -- if (rsa->mt_blinding == NULL) { -- rsa->mt_blinding = RSA_setup_blinding(rsa, ctx); -- } -- ret = rsa->mt_blinding; -- } -- -- err: -- CRYPTO_THREAD_unlock(rsa->lock); -- return ret; --} -- --static int rsa_blinding_convert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind, -- BN_CTX *ctx) --{ -- if (unblind == NULL) -- /* -- * Local blinding: store the unblinding factor in BN_BLINDING. -- */ -- return BN_BLINDING_convert_ex(f, NULL, b, ctx); -- else { -- /* -- * Shared blinding: store the unblinding factor outside BN_BLINDING. -- */ -- int ret; -- -- BN_BLINDING_lock(b); -- ret = BN_BLINDING_convert_ex(f, unblind, b, ctx); -- BN_BLINDING_unlock(b); -- -- return ret; -- } --} -- --static int rsa_blinding_invert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind, -- BN_CTX *ctx) --{ -- /* -- * For local blinding, unblind is set to NULL, and BN_BLINDING_invert_ex -- * will use the unblinding factor stored in BN_BLINDING. If BN_BLINDING -- * is shared between threads, unblind must be non-null: -- * BN_BLINDING_invert_ex will then use the local unblinding factor, and -- * will only read the modulus from BN_BLINDING. In both cases it's safe -- * to access the blinding without a lock. -- */ -- return BN_BLINDING_invert_ex(f, unblind, b, ctx); --} -- --/* signing */ --static int rsa_ossl_private_encrypt(int flen, const unsigned char *from, -- unsigned char *to, RSA *rsa, int padding) --{ -- BIGNUM *f, *ret, *res; -- int i, j, k, num = 0, r = -1; -- unsigned char *buf = NULL; -- BN_CTX *ctx = NULL; -- int local_blinding = 0; -- /* -- * Used only if the blinding structure is shared. A non-NULL unblind -- * instructs rsa_blinding_convert() and rsa_blinding_invert() to store -- * the unblinding factor outside the blinding structure. -- */ -- BIGNUM *unblind = NULL; -- BN_BLINDING *blinding = NULL; -- -- if ((ctx = BN_CTX_new()) == NULL) -- goto err; -- BN_CTX_start(ctx); -- f = BN_CTX_get(ctx); -- ret = BN_CTX_get(ctx); -- num = BN_num_bytes(rsa->n); -- buf = OPENSSL_malloc(num); -- if (f == NULL || ret == NULL || buf == NULL) { -- RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- switch (padding) { -- case RSA_PKCS1_PADDING: -- i = RSA_padding_add_PKCS1_type_1(buf, num, from, flen); -- break; -- case RSA_X931_PADDING: -- i = RSA_padding_add_X931(buf, num, from, flen); -- break; -- case RSA_NO_PADDING: -- i = RSA_padding_add_none(buf, num, from, flen); -- break; -- case RSA_SSLV23_PADDING: -- default: -- RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE); -- goto err; -- } -- if (i <= 0) -- goto err; -- -- if (BN_bin2bn(buf, num, f) == NULL) -- goto err; -- -- if (BN_ucmp(f, rsa->n) >= 0) { -- /* usually the padding functions would catch this */ -- RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, -- RSA_R_DATA_TOO_LARGE_FOR_MODULUS); -- goto err; -- } -- -- if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) { -- blinding = rsa_get_blinding(rsa, &local_blinding, ctx); -- if (blinding == NULL) { -- RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR); -- goto err; -- } -- } -- -- if (blinding != NULL) { -- if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) { -- RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- if (!rsa_blinding_convert(blinding, f, unblind, ctx)) -- goto err; -- } -- -- if ((rsa->flags & RSA_FLAG_EXT_PKEY) || -- ((rsa->p != NULL) && -- (rsa->q != NULL) && -- (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL))) { -- if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) -- goto err; -- } else { -- BIGNUM *d = BN_new(); -- if (d == NULL) { -- RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); -- -- if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) -- if (!BN_MONT_CTX_set_locked -- (&rsa->_method_mod_n, rsa->lock, rsa->n, ctx)) { -- BN_free(d); -- goto err; -- } -- -- if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx, -- rsa->_method_mod_n)) { -- BN_free(d); -- goto err; -- } -- /* We MUST free d before any further use of rsa->d */ -- BN_free(d); -- } -- -- if (blinding) -- if (!rsa_blinding_invert(blinding, ret, unblind, ctx)) -- goto err; -- -- if (padding == RSA_X931_PADDING) { -- BN_sub(f, rsa->n, ret); -- if (BN_cmp(ret, f) > 0) -- res = f; -- else -- res = ret; -- } else -- res = ret; -- -- /* -- * put in leading 0 bytes if the number is less than the length of the -- * modulus -- */ -- j = BN_num_bytes(res); -- i = BN_bn2bin(res, &(to[num - j])); -- for (k = 0; k < (num - i); k++) -- to[k] = 0; -- -- r = num; -- err: -- if (ctx != NULL) -- BN_CTX_end(ctx); -- BN_CTX_free(ctx); -- OPENSSL_clear_free(buf, num); -- return (r); --} -- --static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, -- unsigned char *to, RSA *rsa, int padding) --{ -- BIGNUM *f, *ret; -- int j, num = 0, r = -1; -- unsigned char *p; -- unsigned char *buf = NULL; -- BN_CTX *ctx = NULL; -- int local_blinding = 0; -- /* -- * Used only if the blinding structure is shared. A non-NULL unblind -- * instructs rsa_blinding_convert() and rsa_blinding_invert() to store -- * the unblinding factor outside the blinding structure. -- */ -- BIGNUM *unblind = NULL; -- BN_BLINDING *blinding = NULL; -- -- if ((ctx = BN_CTX_new()) == NULL) -- goto err; -- BN_CTX_start(ctx); -- f = BN_CTX_get(ctx); -- ret = BN_CTX_get(ctx); -- num = BN_num_bytes(rsa->n); -- buf = OPENSSL_malloc(num); -- if (f == NULL || ret == NULL || buf == NULL) { -- RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- /* -- * This check was for equality but PGP does evil things and chops off the -- * top '0' bytes -- */ -- if (flen > num) { -- RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, -- RSA_R_DATA_GREATER_THAN_MOD_LEN); -- goto err; -- } -- -- /* make data into a big number */ -- if (BN_bin2bn(from, (int)flen, f) == NULL) -- goto err; -- -- if (BN_ucmp(f, rsa->n) >= 0) { -- RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, -- RSA_R_DATA_TOO_LARGE_FOR_MODULUS); -- goto err; -- } -- -- if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) { -- blinding = rsa_get_blinding(rsa, &local_blinding, ctx); -- if (blinding == NULL) { -- RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR); -- goto err; -- } -- } -- -- if (blinding != NULL) { -- if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) { -- RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- if (!rsa_blinding_convert(blinding, f, unblind, ctx)) -- goto err; -- } -- -- /* do the decrypt */ -- if ((rsa->flags & RSA_FLAG_EXT_PKEY) || -- ((rsa->p != NULL) && -- (rsa->q != NULL) && -- (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL))) { -- if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) -- goto err; -- } else { -- BIGNUM *d = BN_new(); -- if (d == NULL) { -- RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); -- -- if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) -- if (!BN_MONT_CTX_set_locked -- (&rsa->_method_mod_n, rsa->lock, rsa->n, ctx)) { -- BN_free(d); -- goto err; -- } -- if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx, -- rsa->_method_mod_n)) { -- BN_free(d); -- goto err; -- } -- /* We MUST free d before any further use of rsa->d */ -- BN_free(d); -- } -- -- if (blinding) -- if (!rsa_blinding_invert(blinding, ret, unblind, ctx)) -- goto err; -- -- p = buf; -- j = BN_bn2bin(ret, p); /* j is only used with no-padding mode */ -- -- switch (padding) { -- case RSA_PKCS1_PADDING: -- r = RSA_padding_check_PKCS1_type_2(to, num, buf, j, num); -- break; -- case RSA_PKCS1_OAEP_PADDING: -- r = RSA_padding_check_PKCS1_OAEP(to, num, buf, j, num, NULL, 0); -- break; -- case RSA_SSLV23_PADDING: -- r = RSA_padding_check_SSLv23(to, num, buf, j, num); -- break; -- case RSA_NO_PADDING: -- r = RSA_padding_check_none(to, num, buf, j, num); -- break; -- default: -- RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE); -- goto err; -- } -- if (r < 0) -- RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_PADDING_CHECK_FAILED); -- -- err: -- if (ctx != NULL) -- BN_CTX_end(ctx); -- BN_CTX_free(ctx); -- OPENSSL_clear_free(buf, num); -- return (r); --} -- --/* signature verification */ --static int rsa_ossl_public_decrypt(int flen, const unsigned char *from, -- unsigned char *to, RSA *rsa, int padding) --{ -- BIGNUM *f, *ret; -- int i, num = 0, r = -1; -- unsigned char *p; -- unsigned char *buf = NULL; -- BN_CTX *ctx = NULL; -- -- if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { -- RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE); -- return -1; -- } -- -- if (BN_ucmp(rsa->n, rsa->e) <= 0) { -- RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE); -- return -1; -- } -- -- /* for large moduli, enforce exponent limit */ -- if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) { -- if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) { -- RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE); -- return -1; -- } -- } -- -- if ((ctx = BN_CTX_new()) == NULL) -- goto err; -- BN_CTX_start(ctx); -- f = BN_CTX_get(ctx); -- ret = BN_CTX_get(ctx); -- num = BN_num_bytes(rsa->n); -- buf = OPENSSL_malloc(num); -- if (f == NULL || ret == NULL || buf == NULL) { -- RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- /* -- * This check was for equality but PGP does evil things and chops off the -- * top '0' bytes -- */ -- if (flen > num) { -- RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_DATA_GREATER_THAN_MOD_LEN); -- goto err; -- } -- -- if (BN_bin2bn(from, flen, f) == NULL) -- goto err; -- -- if (BN_ucmp(f, rsa->n) >= 0) { -- RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, -- RSA_R_DATA_TOO_LARGE_FOR_MODULUS); -- goto err; -- } -- -- if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) -- if (!BN_MONT_CTX_set_locked -- (&rsa->_method_mod_n, rsa->lock, rsa->n, ctx)) -- goto err; -- -- if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx, -- rsa->_method_mod_n)) -- goto err; -- -- if ((padding == RSA_X931_PADDING) && ((bn_get_words(ret)[0] & 0xf) != 12)) -- if (!BN_sub(ret, rsa->n, ret)) -- goto err; -- -- p = buf; -- i = BN_bn2bin(ret, p); -- -- switch (padding) { -- case RSA_PKCS1_PADDING: -- r = RSA_padding_check_PKCS1_type_1(to, num, buf, i, num); -- break; -- case RSA_X931_PADDING: -- r = RSA_padding_check_X931(to, num, buf, i, num); -- break; -- case RSA_NO_PADDING: -- r = RSA_padding_check_none(to, num, buf, i, num); -- break; -- default: -- RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE); -- goto err; -- } -- if (r < 0) -- RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_PADDING_CHECK_FAILED); -- -- err: -- if (ctx != NULL) -- BN_CTX_end(ctx); -- BN_CTX_free(ctx); -- OPENSSL_clear_free(buf, num); -- return (r); --} -- --static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) --{ -- BIGNUM *r1, *m1, *vrfy; -- int ret = 0; -- -- BN_CTX_start(ctx); -- -- r1 = BN_CTX_get(ctx); -- m1 = BN_CTX_get(ctx); -- vrfy = BN_CTX_get(ctx); -- -- { -- BIGNUM *p = BN_new(), *q = BN_new(); -- -- /* -- * Make sure BN_mod_inverse in Montgomery initialization uses the -- * BN_FLG_CONSTTIME flag -- */ -- if (p == NULL || q == NULL) { -- BN_free(p); -- BN_free(q); -- goto err; -- } -- BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME); -- BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME); -- -- if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) { -- if (!BN_MONT_CTX_set_locked -- (&rsa->_method_mod_p, rsa->lock, p, ctx) -- || !BN_MONT_CTX_set_locked(&rsa->_method_mod_q, -- rsa->lock, q, ctx)) { -- BN_free(p); -- BN_free(q); -- goto err; -- } -- } -- /* -- * We MUST free p and q before any further use of rsa->p and rsa->q -- */ -- BN_free(p); -- BN_free(q); -- } -- -- if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) -- if (!BN_MONT_CTX_set_locked -- (&rsa->_method_mod_n, rsa->lock, rsa->n, ctx)) -- goto err; -- -- /* compute I mod q */ -- { -- BIGNUM *c = BN_new(); -- if (c == NULL) -- goto err; -- BN_with_flags(c, I, BN_FLG_CONSTTIME); -- -- if (!BN_mod(r1, c, rsa->q, ctx)) { -- BN_free(c); -- goto err; -- } -- -- { -- BIGNUM *dmq1 = BN_new(); -- if (dmq1 == NULL) { -- BN_free(c); -- goto err; -- } -- BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME); -- -- /* compute r1^dmq1 mod q */ -- if (!rsa->meth->bn_mod_exp(m1, r1, dmq1, rsa->q, ctx, -- rsa->_method_mod_q)) { -- BN_free(c); -- BN_free(dmq1); -- goto err; -- } -- /* We MUST free dmq1 before any further use of rsa->dmq1 */ -- BN_free(dmq1); -- } -- -- /* compute I mod p */ -- if (!BN_mod(r1, c, rsa->p, ctx)) { -- BN_free(c); -- goto err; -- } -- /* We MUST free c before any further use of I */ -- BN_free(c); -- } -- -- { -- BIGNUM *dmp1 = BN_new(); -- if (dmp1 == NULL) -- goto err; -- BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME); -- -- /* compute r1^dmp1 mod p */ -- if (!rsa->meth->bn_mod_exp(r0, r1, dmp1, rsa->p, ctx, -- rsa->_method_mod_p)) { -- BN_free(dmp1); -- goto err; -- } -- /* We MUST free dmp1 before any further use of rsa->dmp1 */ -- BN_free(dmp1); -- } -- -- if (!BN_sub(r0, r0, m1)) -- goto err; -- /* -- * This will help stop the size of r0 increasing, which does affect the -- * multiply if it optimised for a power of 2 size -- */ -- if (BN_is_negative(r0)) -- if (!BN_add(r0, r0, rsa->p)) -- goto err; -- -- if (!BN_mul(r1, r0, rsa->iqmp, ctx)) -- goto err; -- -- { -- BIGNUM *pr1 = BN_new(); -- if (pr1 == NULL) -- goto err; -- BN_with_flags(pr1, r1, BN_FLG_CONSTTIME); -- -- if (!BN_mod(r0, pr1, rsa->p, ctx)) { -- BN_free(pr1); -- goto err; -- } -- /* We MUST free pr1 before any further use of r1 */ -- BN_free(pr1); -- } -- -- /* -- * If p < q it is occasionally possible for the correction of adding 'p' -- * if r0 is negative above to leave the result still negative. This can -- * break the private key operations: the following second correction -- * should *always* correct this rare occurrence. This will *never* happen -- * with OpenSSL generated keys because they ensure p > q [steve] -- */ -- if (BN_is_negative(r0)) -- if (!BN_add(r0, r0, rsa->p)) -- goto err; -- if (!BN_mul(r1, r0, rsa->q, ctx)) -- goto err; -- if (!BN_add(r0, r1, m1)) -- goto err; -- -- if (rsa->e && rsa->n) { -- if (!rsa->meth->bn_mod_exp(vrfy, r0, rsa->e, rsa->n, ctx, -- rsa->_method_mod_n)) -- goto err; -- /* -- * If 'I' was greater than (or equal to) rsa->n, the operation will -- * be equivalent to using 'I mod n'. However, the result of the -- * verify will *always* be less than 'n' so we don't check for -- * absolute equality, just congruency. -- */ -- if (!BN_sub(vrfy, vrfy, I)) -- goto err; -- if (!BN_mod(vrfy, vrfy, rsa->n, ctx)) -- goto err; -- if (BN_is_negative(vrfy)) -- if (!BN_add(vrfy, vrfy, rsa->n)) -- goto err; -- if (!BN_is_zero(vrfy)) { -- /* -- * 'I' and 'vrfy' aren't congruent mod n. Don't leak -- * miscalculated CRT output, just do a raw (slower) mod_exp and -- * return that instead. -- */ -- -- BIGNUM *d = BN_new(); -- if (d == NULL) -- goto err; -- BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); -- -- if (!rsa->meth->bn_mod_exp(r0, I, d, rsa->n, ctx, -- rsa->_method_mod_n)) { -- BN_free(d); -- goto err; -- } -- /* We MUST free d before any further use of rsa->d */ -- BN_free(d); -- } -- } -- ret = 1; -- err: -- BN_CTX_end(ctx); -- return (ret); --} -- --static int rsa_ossl_init(RSA *rsa) --{ -- rsa->flags |= RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE; -- return (1); --} -- --static int rsa_ossl_finish(RSA *rsa) --{ -- BN_MONT_CTX_free(rsa->_method_mod_n); -- BN_MONT_CTX_free(rsa->_method_mod_p); -- BN_MONT_CTX_free(rsa->_method_mod_q); -- return (1); --} -- --#endif -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c -index efb16a0..efa1fd3 100644 ---- a/Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c -+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c -@@ -1,16 +1,65 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/rsa/rsa_pk1.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - --#include "internal/constant_time_locl.h" -+#include "constant_time_locl.h" - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include -@@ -49,28 +98,7 @@ int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, - const unsigned char *p; - - p = from; -- -- /* -- * The format is -- * 00 || 01 || PS || 00 || D -- * PS - padding string, at least 8 bytes of FF -- * D - data. -- */ -- -- if (num < 11) -- return -1; -- -- /* Accept inputs with and without the leading 0-byte. */ -- if (num == flen) { -- if ((*p++) != 0x00) { -- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1, -- RSA_R_INVALID_PADDING); -- return -1; -- } -- flen--; -- } -- -- if ((num != (flen + 1)) || (*(p++) != 0x01)) { -+ if ((num != (flen + 1)) || (*(p++) != 01)) { - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1, - RSA_R_BLOCK_TYPE_IS_NOT_01); - return (-1); -@@ -175,15 +203,16 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, - if (num < 11) - goto err; - -- em = OPENSSL_zalloc(num); -+ em = OPENSSL_malloc(num); - if (em == NULL) { - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, ERR_R_MALLOC_FAILURE); - return -1; - } -+ memset(em, 0, num); - /* - * Always do this zero-padding copy (even when num == flen) to avoid - * leaking that information. The copy still leaks some side-channel -- * information, but it's impossible to have a fixed memory access -+ * information, but it's impossible to have a fixed memory access - * pattern since we can't read out of the bounds of |from|. - * - * TODO(emilia): Consider porting BN_bn2bin_padded from BoringSSL. -@@ -237,7 +266,8 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, - memcpy(to, em + msg_index, mlen); - - err: -- OPENSSL_free(em); -+ if (em != NULL) -+ OPENSSL_free(em); - if (mlen == -1) - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, - RSA_R_PKCS_DECODING_ERROR); -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_pmeth.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_pmeth.c -index db4fb0f..ac583bf 100644 ---- a/Cryptlib/OpenSSL/crypto/rsa/rsa_pmeth.c -+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_pmeth.c -@@ -1,22 +1,77 @@ -+/* crypto/rsa/rsa_pmeth.c */ - /* -- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2006. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include - #include - #include - #include --#include --#include "internal/evp_int.h" -+#ifndef OPENSSL_NO_CMS -+# include -+#endif -+#ifdef OPENSSL_FIPS -+# include -+#endif -+#include "evp_locl.h" - #include "rsa_locl.h" - - /* RSA pkey context structure */ -@@ -45,12 +100,21 @@ typedef struct { - static int pkey_rsa_init(EVP_PKEY_CTX *ctx) - { - RSA_PKEY_CTX *rctx; -- rctx = OPENSSL_zalloc(sizeof(*rctx)); -- if (rctx == NULL) -+ rctx = OPENSSL_malloc(sizeof(RSA_PKEY_CTX)); -+ if (!rctx) - return 0; - rctx->nbits = 1024; -+ rctx->pub_exp = NULL; - rctx->pad_mode = RSA_PKCS1_PADDING; -+ rctx->md = NULL; -+ rctx->mgf1md = NULL; -+ rctx->tbuf = NULL; -+ - rctx->saltlen = -2; -+ -+ rctx->oaep_label = NULL; -+ rctx->oaep_labellen = 0; -+ - ctx->data = rctx; - ctx->keygen_info = rctx->gentmp; - ctx->keygen_info_count = 2; -@@ -75,8 +139,9 @@ static int pkey_rsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) - dctx->md = sctx->md; - dctx->mgf1md = sctx->mgf1md; - if (sctx->oaep_label) { -- OPENSSL_free(dctx->oaep_label); -- dctx->oaep_label = OPENSSL_memdup(sctx->oaep_label, sctx->oaep_labellen); -+ if (dctx->oaep_label) -+ OPENSSL_free(dctx->oaep_label); -+ dctx->oaep_label = BUF_memdup(sctx->oaep_label, sctx->oaep_labellen); - if (!dctx->oaep_label) - return 0; - dctx->oaep_labellen = sctx->oaep_labellen; -@@ -89,7 +154,7 @@ static int setup_tbuf(RSA_PKEY_CTX *ctx, EVP_PKEY_CTX *pk) - if (ctx->tbuf) - return 1; - ctx->tbuf = OPENSSL_malloc(EVP_PKEY_size(pk->pkey)); -- if (ctx->tbuf == NULL) -+ if (!ctx->tbuf) - return 0; - return 1; - } -@@ -98,13 +163,50 @@ static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx) - { - RSA_PKEY_CTX *rctx = ctx->data; - if (rctx) { -- BN_free(rctx->pub_exp); -- OPENSSL_free(rctx->tbuf); -- OPENSSL_free(rctx->oaep_label); -+ if (rctx->pub_exp) -+ BN_free(rctx->pub_exp); -+ if (rctx->tbuf) -+ OPENSSL_free(rctx->tbuf); -+ if (rctx->oaep_label) -+ OPENSSL_free(rctx->oaep_label); - OPENSSL_free(rctx); - } - } - -+#ifdef OPENSSL_FIPS -+/* -+ * FIP checker. Return value indicates status of context parameters: 1 : -+ * redirect to FIPS. 0 : don't redirect to FIPS. -1 : illegal operation in -+ * FIPS mode. -+ */ -+ -+static int pkey_fips_check_ctx(EVP_PKEY_CTX *ctx) -+{ -+ RSA_PKEY_CTX *rctx = ctx->data; -+ RSA *rsa = ctx->pkey->pkey.rsa; -+ int rv = -1; -+ if (!FIPS_mode()) -+ return 0; -+ if (rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) -+ rv = 0; -+ if (!(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) && rv) -+ return -1; -+ if (rctx->md) { -+ const EVP_MD *fmd; -+ fmd = FIPS_get_digestbynid(EVP_MD_type(rctx->md)); -+ if (!fmd || !(fmd->flags & EVP_MD_FLAG_FIPS)) -+ return rv; -+ } -+ if (rctx->mgf1md && !(rctx->mgf1md->flags & EVP_MD_FLAG_FIPS)) { -+ const EVP_MD *fmd; -+ fmd = FIPS_get_digestbynid(EVP_MD_type(rctx->mgf1md)); -+ if (!fmd || !(fmd->flags & EVP_MD_FLAG_FIPS)) -+ return rv; -+ } -+ return 1; -+} -+#endif -+ - static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, - size_t *siglen, const unsigned char *tbs, - size_t tbslen) -@@ -113,17 +215,39 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, - RSA_PKEY_CTX *rctx = ctx->data; - RSA *rsa = ctx->pkey->pkey.rsa; - -+#ifdef OPENSSL_FIPS -+ ret = pkey_fips_check_ctx(ctx); -+ if (ret < 0) { -+ RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); -+ return -1; -+ } -+#endif -+ - if (rctx->md) { - if (tbslen != (size_t)EVP_MD_size(rctx->md)) { - RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_INVALID_DIGEST_LENGTH); - return -1; - } -+#ifdef OPENSSL_FIPS -+ if (ret > 0) { -+ unsigned int slen; -+ ret = FIPS_rsa_sign_digest(rsa, tbs, tbslen, rctx->md, -+ rctx->pad_mode, -+ rctx->saltlen, -+ rctx->mgf1md, sig, &slen); -+ if (ret > 0) -+ *siglen = slen; -+ else -+ *siglen = 0; -+ return ret; -+ } -+#endif - - if (EVP_MD_type(rctx->md) == NID_mdc2) { - unsigned int sltmp; - if (rctx->pad_mode != RSA_PKCS1_PADDING) - return -1; -- ret = RSA_sign_ASN1_OCTET_STRING(0, -+ ret = RSA_sign_ASN1_OCTET_STRING(NID_mdc2, - tbs, tbslen, sig, &sltmp, rsa); - - if (ret <= 0) -@@ -225,7 +349,27 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx, - RSA_PKEY_CTX *rctx = ctx->data; - RSA *rsa = ctx->pkey->pkey.rsa; - size_t rslen; -+#ifdef OPENSSL_FIPS -+ int rv; -+ rv = pkey_fips_check_ctx(ctx); -+ if (rv < 0) { -+ RSAerr(RSA_F_PKEY_RSA_VERIFY, -+ RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); -+ return -1; -+ } -+#endif - if (rctx->md) { -+#ifdef OPENSSL_FIPS -+ if (rv > 0) { -+ return FIPS_rsa_verify_digest(rsa, -+ tbs, tbslen, -+ rctx->md, -+ rctx->pad_mode, -+ rctx->saltlen, -+ rctx->mgf1md, sig, siglen); -+ -+ } -+#endif - if (rctx->pad_mode == RSA_PKCS1_PADDING) - return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen, - sig, siglen, rsa); -@@ -329,43 +473,20 @@ static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx, - - static int check_padding_md(const EVP_MD *md, int padding) - { -- int mdnid; - if (!md) - return 1; - -- mdnid = EVP_MD_type(md); -- - if (padding == RSA_NO_PADDING) { - RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_PADDING_MODE); - return 0; - } - - if (padding == RSA_X931_PADDING) { -- if (RSA_X931_hash_id(mdnid) == -1) { -+ if (RSA_X931_hash_id(EVP_MD_type(md)) == -1) { - RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_X931_DIGEST); - return 0; - } -- } else { -- switch(mdnid) { -- /* List of all supported RSA digests */ -- case NID_sha1: -- case NID_sha224: -- case NID_sha256: -- case NID_sha384: -- case NID_sha512: -- case NID_md5: -- case NID_md5_sha1: -- case NID_md2: -- case NID_md4: -- case NID_mdc2: -- case NID_ripemd160: -- return 1; -- -- default: -- RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_DIGEST); -- return 0; -- -- } -+ return 1; - } - - return 1; -@@ -420,8 +541,8 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) - return 1; - - case EVP_PKEY_CTRL_RSA_KEYGEN_BITS: -- if (p1 < 512) { -- RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_KEY_SIZE_TOO_SMALL); -+ if (p1 < 256) { -+ RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_KEYBITS); - return -2; - } - rctx->nbits = p1; -@@ -479,7 +600,8 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) - RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PADDING_MODE); - return -2; - } -- OPENSSL_free(rctx->oaep_label); -+ if (rctx->oaep_label) -+ OPENSSL_free(rctx->oaep_label); - if (p2 && p1 > 0) { - rctx->oaep_label = p2; - rctx->oaep_labellen = p1; -@@ -526,21 +648,21 @@ static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, - RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_VALUE_MISSING); - return 0; - } -- if (strcmp(type, "rsa_padding_mode") == 0) { -+ if (!strcmp(type, "rsa_padding_mode")) { - int pm; -- if (strcmp(value, "pkcs1") == 0) -+ if (!strcmp(value, "pkcs1")) - pm = RSA_PKCS1_PADDING; -- else if (strcmp(value, "sslv23") == 0) -+ else if (!strcmp(value, "sslv23")) - pm = RSA_SSLV23_PADDING; -- else if (strcmp(value, "none") == 0) -+ else if (!strcmp(value, "none")) - pm = RSA_NO_PADDING; -- else if (strcmp(value, "oeap") == 0) -+ else if (!strcmp(value, "oeap")) - pm = RSA_PKCS1_OAEP_PADDING; -- else if (strcmp(value, "oaep") == 0) -+ else if (!strcmp(value, "oaep")) - pm = RSA_PKCS1_OAEP_PADDING; -- else if (strcmp(value, "x931") == 0) -+ else if (!strcmp(value, "x931")) - pm = RSA_X931_PADDING; -- else if (strcmp(value, "pss") == 0) -+ else if (!strcmp(value, "pss")) - pm = RSA_PKCS1_PSS_PADDING; - else { - RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_UNKNOWN_PADDING_TYPE); -@@ -549,19 +671,19 @@ static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, - return EVP_PKEY_CTX_set_rsa_padding(ctx, pm); - } - -- if (strcmp(type, "rsa_pss_saltlen") == 0) { -+ if (!strcmp(type, "rsa_pss_saltlen")) { - int saltlen; - saltlen = atoi(value); - return EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, saltlen); - } - -- if (strcmp(type, "rsa_keygen_bits") == 0) { -+ if (!strcmp(type, "rsa_keygen_bits")) { - int nbits; - nbits = atoi(value); - return EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, nbits); - } - -- if (strcmp(type, "rsa_keygen_pubexp") == 0) { -+ if (!strcmp(type, "rsa_keygen_pubexp")) { - int ret; - BIGNUM *pubexp = NULL; - if (!BN_asc2bn(&pubexp, value)) -@@ -572,28 +694,28 @@ static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, - return ret; - } - -- if (strcmp(type, "rsa_mgf1_md") == 0) { -+ if (!strcmp(type, "rsa_mgf1_md")) { - const EVP_MD *md; -- if ((md = EVP_get_digestbyname(value)) == NULL) { -+ if (!(md = EVP_get_digestbyname(value))) { - RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_INVALID_DIGEST); - return 0; - } - return EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md); - } - -- if (strcmp(type, "rsa_oaep_md") == 0) { -+ if (!strcmp(type, "rsa_oaep_md")) { - const EVP_MD *md; -- if ((md = EVP_get_digestbyname(value)) == NULL) { -+ if (!(md = EVP_get_digestbyname(value))) { - RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_INVALID_DIGEST); - return 0; - } - return EVP_PKEY_CTX_set_rsa_oaep_md(ctx, md); - } -- if (strcmp(type, "rsa_oaep_label") == 0) { -+ if (!strcmp(type, "rsa_oaep_label")) { - unsigned char *lab; - long lablen; - int ret; -- lab = OPENSSL_hexstr2buf(value, &lablen); -+ lab = string_to_hex(value, &lablen); - if (!lab) - return 0; - ret = EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, lab, lablen); -@@ -609,27 +731,22 @@ static int pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) - { - RSA *rsa = NULL; - RSA_PKEY_CTX *rctx = ctx->data; -- BN_GENCB *pcb; -+ BN_GENCB *pcb, cb; - int ret; -- if (rctx->pub_exp == NULL) { -+ if (!rctx->pub_exp) { - rctx->pub_exp = BN_new(); -- if (rctx->pub_exp == NULL || !BN_set_word(rctx->pub_exp, RSA_F4)) -+ if (!rctx->pub_exp || !BN_set_word(rctx->pub_exp, RSA_F4)) - return 0; - } - rsa = RSA_new(); -- if (rsa == NULL) -+ if (!rsa) - return 0; - if (ctx->pkey_gencb) { -- pcb = BN_GENCB_new(); -- if (pcb == NULL) { -- RSA_free(rsa); -- return 0; -- } -+ pcb = &cb; - evp_pkey_set_cb_translate(pcb, ctx); - } else - pcb = NULL; - ret = RSA_generate_key_ex(rsa, rctx->nbits, rctx->pub_exp, pcb); -- BN_GENCB_free(pcb); - if (ret > 0) - EVP_PKEY_assign_RSA(pkey, rsa); - else -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_prn.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_prn.c -index 5e6c599..076f871 100644 ---- a/Cryptlib/OpenSSL/crypto/rsa/rsa_prn.c -+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_prn.c -@@ -1,18 +1,68 @@ -+/* crypto/rsa/rsa_prn.c */ - /* -- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2006. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - --#ifndef OPENSSL_NO_STDIO -+#ifndef OPENSSL_NO_FP_API - int RSA_print_fp(FILE *fp, const RSA *x, int off) - { - BIO *b; -@@ -34,7 +84,7 @@ int RSA_print(BIO *bp, const RSA *x, int off) - EVP_PKEY *pk; - int ret; - pk = EVP_PKEY_new(); -- if (pk == NULL || !EVP_PKEY_set1_RSA(pk, (RSA *)x)) -+ if (!pk || !EVP_PKEY_set1_RSA(pk, (RSA *)x)) - return 0; - ret = EVP_PKEY_print_private(bp, pk, off, NULL); - EVP_PKEY_free(pk); -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c -index 0ec63b2..41bc084 100644 ---- a/Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c -+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c -@@ -1,20 +1,69 @@ -+/* rsa_pss.c */ - /* -- * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2005. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include - #include - #include --#include "rsa_locl.h" - - static const unsigned char zeroes[] = { 0, 0, 0, 0, 0, 0, 0, 0 }; - -@@ -38,12 +87,9 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, - int hLen, maskedDBLen, MSBits, emLen; - const unsigned char *H; - unsigned char *DB = NULL; -- EVP_MD_CTX *ctx = EVP_MD_CTX_new(); -+ EVP_MD_CTX ctx; - unsigned char H_[EVP_MAX_MD_SIZE]; -- -- -- if (ctx == NULL) -- goto err; -+ EVP_MD_CTX_init(&ctx); - - if (mgf1Hash == NULL) - mgf1Hash = Hash; -@@ -87,7 +133,7 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, - maskedDBLen = emLen - hLen - 1; - H = EM + maskedDBLen; - DB = OPENSSL_malloc(maskedDBLen); -- if (DB == NULL) { -+ if (!DB) { - RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, ERR_R_MALLOC_FAILURE); - goto err; - } -@@ -106,15 +152,15 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, - RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_SLEN_CHECK_FAILED); - goto err; - } -- if (!EVP_DigestInit_ex(ctx, Hash, NULL) -- || !EVP_DigestUpdate(ctx, zeroes, sizeof zeroes) -- || !EVP_DigestUpdate(ctx, mHash, hLen)) -+ if (!EVP_DigestInit_ex(&ctx, Hash, NULL) -+ || !EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes) -+ || !EVP_DigestUpdate(&ctx, mHash, hLen)) - goto err; - if (maskedDBLen - i) { -- if (!EVP_DigestUpdate(ctx, DB + i, maskedDBLen - i)) -+ if (!EVP_DigestUpdate(&ctx, DB + i, maskedDBLen - i)) - goto err; - } -- if (!EVP_DigestFinal_ex(ctx, H_, NULL)) -+ if (!EVP_DigestFinal_ex(&ctx, H_, NULL)) - goto err; - if (memcmp(H_, H, hLen)) { - RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_BAD_SIGNATURE); -@@ -123,8 +169,9 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, - ret = 1; - - err: -- OPENSSL_free(DB); -- EVP_MD_CTX_free(ctx); -+ if (DB) -+ OPENSSL_free(DB); -+ EVP_MD_CTX_cleanup(&ctx); - - return ret; - -@@ -146,7 +193,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, - int ret = 0; - int hLen, maskedDBLen, MSBits, emLen; - unsigned char *H, *salt = NULL, *p; -- EVP_MD_CTX *ctx = NULL; -+ EVP_MD_CTX ctx; - - if (mgf1Hash == NULL) - mgf1Hash = Hash; -@@ -184,7 +231,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, - } - if (sLen > 0) { - salt = OPENSSL_malloc(sLen); -- if (salt == NULL) { -+ if (!salt) { - RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1, - ERR_R_MALLOC_FAILURE); - goto err; -@@ -194,17 +241,16 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, - } - maskedDBLen = emLen - hLen - 1; - H = EM + maskedDBLen; -- ctx = EVP_MD_CTX_new(); -- if (ctx == NULL) -- goto err; -- if (!EVP_DigestInit_ex(ctx, Hash, NULL) -- || !EVP_DigestUpdate(ctx, zeroes, sizeof zeroes) -- || !EVP_DigestUpdate(ctx, mHash, hLen)) -+ EVP_MD_CTX_init(&ctx); -+ if (!EVP_DigestInit_ex(&ctx, Hash, NULL) -+ || !EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes) -+ || !EVP_DigestUpdate(&ctx, mHash, hLen)) - goto err; -- if (sLen && !EVP_DigestUpdate(ctx, salt, sLen)) -+ if (sLen && !EVP_DigestUpdate(&ctx, salt, sLen)) - goto err; -- if (!EVP_DigestFinal_ex(ctx, H, NULL)) -+ if (!EVP_DigestFinal_ex(&ctx, H, NULL)) - goto err; -+ EVP_MD_CTX_cleanup(&ctx); - - /* Generate dbMask in place then perform XOR on it */ - if (PKCS1_MGF1(EM, maskedDBLen, H, hLen, mgf1Hash)) -@@ -232,8 +278,8 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, - ret = 1; - - err: -- EVP_MD_CTX_free(ctx); -- OPENSSL_free(salt); -+ if (salt) -+ OPENSSL_free(salt); - - return ret; - -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c -index 9e5fff4..e400236 100644 ---- a/Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c -+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c -@@ -1,14 +1,63 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/rsa/rsa_saos.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include -@@ -34,7 +83,7 @@ int RSA_sign_ASN1_OCTET_STRING(int type, - RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); - return (0); - } -- s = OPENSSL_malloc((unsigned int)j + 1); -+ s = (unsigned char *)OPENSSL_malloc((unsigned int)j + 1); - if (s == NULL) { - RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE); - return (0); -@@ -47,7 +96,8 @@ int RSA_sign_ASN1_OCTET_STRING(int type, - else - *siglen = i; - -- OPENSSL_clear_free(s, (unsigned int)j + 1); -+ OPENSSL_cleanse(s, (unsigned int)j + 1); -+ OPENSSL_free(s); - return (ret); - } - -@@ -67,7 +117,7 @@ int RSA_verify_ASN1_OCTET_STRING(int dtype, - return (0); - } - -- s = OPENSSL_malloc((unsigned int)siglen); -+ s = (unsigned char *)OPENSSL_malloc((unsigned int)siglen); - if (s == NULL) { - RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE); - goto err; -@@ -88,7 +138,11 @@ int RSA_verify_ASN1_OCTET_STRING(int dtype, - } else - ret = 1; - err: -- ASN1_OCTET_STRING_free(sig); -- OPENSSL_clear_free(s, (unsigned int)siglen); -+ if (sig != NULL) -+ M_ASN1_OCTET_STRING_free(sig); -+ if (s != NULL) { -+ OPENSSL_cleanse(s, (unsigned int)siglen); -+ OPENSSL_free(s); -+ } - return (ret); - } -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c -index 952d24f..82ca832 100644 ---- a/Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c -+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c -@@ -1,248 +1,301 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/rsa/rsa_sign.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include - #include --#include "internal/x509_int.h" - #include "rsa_locl.h" - - /* Size of an SSL signature: MD5+SHA1 */ - #define SSL_SIG_LENGTH 36 - --/* -- * encode_pkcs1 encodes a DigestInfo prefix of hash |type| and digest |m|, as -- * described in EMSA-PKCS1-v1_5-ENCODE, RFC 3447 section 9.2 step 2. This -- * encodes the DigestInfo (T and tLen) but does not add the padding. -- * -- * On success, it returns one and sets |*out| to a newly allocated buffer -- * containing the result and |*out_len| to its length. The caller must free -- * |*out| with |OPENSSL_free|. Otherwise, it returns zero. -- */ --static int encode_pkcs1(unsigned char **out, int *out_len, int type, -- const unsigned char *m, unsigned int m_len) -+int RSA_sign(int type, const unsigned char *m, unsigned int m_len, -+ unsigned char *sigret, unsigned int *siglen, RSA *rsa) - { - X509_SIG sig; -- X509_ALGOR algor; - ASN1_TYPE parameter; -+ int i, j, ret = 1; -+ unsigned char *p, *tmps = NULL; -+ const unsigned char *s = NULL; -+ X509_ALGOR algor; - ASN1_OCTET_STRING digest; -- uint8_t *der = NULL; -- int len; -- -- sig.algor = &algor; -- sig.algor->algorithm = OBJ_nid2obj(type); -- if (sig.algor->algorithm == NULL) { -- RSAerr(RSA_F_ENCODE_PKCS1, RSA_R_UNKNOWN_ALGORITHM_TYPE); -- return 0; -- } -- if (OBJ_length(sig.algor->algorithm) == 0) { -- RSAerr(RSA_F_ENCODE_PKCS1, -- RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) -+ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { -+ RSAerr(RSA_F_RSA_SIGN, RSA_R_NON_FIPS_RSA_METHOD); - return 0; - } -- parameter.type = V_ASN1_NULL; -- parameter.value.ptr = NULL; -- sig.algor->parameter = ¶meter; -- -- sig.digest = &digest; -- sig.digest->data = (unsigned char *)m; -- sig.digest->length = m_len; -- -- len = i2d_X509_SIG(&sig, &der); -- if (len < 0) -- return 0; -- -- *out = der; -- *out_len = len; -- return 1; --} -- --int RSA_sign(int type, const unsigned char *m, unsigned int m_len, -- unsigned char *sigret, unsigned int *siglen, RSA *rsa) --{ -- int encrypt_len, encoded_len = 0, ret = 0; -- unsigned char *tmps = NULL; -- const unsigned char *encoded = NULL; -- -- if (rsa->meth->rsa_sign) { -+#endif -+ if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) { - return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa); - } -- -- /* Compute the encoded digest. */ -+ /* Special case: SSL signature, just check the length */ - if (type == NID_md5_sha1) { -- /* -- * NID_md5_sha1 corresponds to the MD5/SHA1 combination in TLS 1.1 and -- * earlier. It has no DigestInfo wrapper but otherwise is -- * RSASSA-PKCS1-v1_5. -- */ - if (m_len != SSL_SIG_LENGTH) { - RSAerr(RSA_F_RSA_SIGN, RSA_R_INVALID_MESSAGE_LENGTH); -- return 0; -+ return (0); - } -- encoded_len = SSL_SIG_LENGTH; -- encoded = m; -+ i = SSL_SIG_LENGTH; -+ s = m; - } else { -- if (!encode_pkcs1(&tmps, &encoded_len, type, m, m_len)) -- goto err; -- encoded = tmps; -- } -+ sig.algor = &algor; -+ sig.algor->algorithm = OBJ_nid2obj(type); -+ if (sig.algor->algorithm == NULL) { -+ RSAerr(RSA_F_RSA_SIGN, RSA_R_UNKNOWN_ALGORITHM_TYPE); -+ return (0); -+ } -+ if (sig.algor->algorithm->length == 0) { -+ RSAerr(RSA_F_RSA_SIGN, -+ RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); -+ return (0); -+ } -+ parameter.type = V_ASN1_NULL; -+ parameter.value.ptr = NULL; -+ sig.algor->parameter = ¶meter; - -- if (encoded_len > RSA_size(rsa) - RSA_PKCS1_PADDING_SIZE) { -+ sig.digest = &digest; -+ sig.digest->data = (unsigned char *)m; /* TMP UGLY CAST */ -+ sig.digest->length = m_len; -+ -+ i = i2d_X509_SIG(&sig, NULL); -+ } -+ j = RSA_size(rsa); -+ if (i > (j - RSA_PKCS1_PADDING_SIZE)) { - RSAerr(RSA_F_RSA_SIGN, RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); -- goto err; -+ return (0); - } -- encrypt_len = RSA_private_encrypt(encoded_len, encoded, sigret, rsa, -- RSA_PKCS1_PADDING); -- if (encrypt_len <= 0) -- goto err; -- -- *siglen = encrypt_len; -- ret = 1; -+ if (type != NID_md5_sha1) { -+ tmps = (unsigned char *)OPENSSL_malloc((unsigned int)j + 1); -+ if (tmps == NULL) { -+ RSAerr(RSA_F_RSA_SIGN, ERR_R_MALLOC_FAILURE); -+ return (0); -+ } -+ p = tmps; -+ i2d_X509_SIG(&sig, &p); -+ s = tmps; -+ } -+ i = RSA_private_encrypt(i, s, sigret, rsa, RSA_PKCS1_PADDING); -+ if (i <= 0) -+ ret = 0; -+ else -+ *siglen = i; - --err: -- OPENSSL_clear_free(tmps, (size_t)encoded_len); -- return ret; -+ if (type != NID_md5_sha1) { -+ OPENSSL_cleanse(tmps, (unsigned int)j + 1); -+ OPENSSL_free(tmps); -+ } -+ return (ret); - } - - /* -- * int_rsa_verify verifies an RSA signature in |sigbuf| using |rsa|. It may be -- * called in two modes. If |rm| is NULL, it verifies the signature for digest -- * |m|. Otherwise, it recovers the digest from the signature, writing the digest -- * to |rm| and the length to |*prm_len|. |type| is the NID of the digest -- * algorithm to use. It returns one on successful verification and zero -- * otherwise. -+ * Check DigestInfo structure does not contain extraneous data by reencoding -+ * using DER and checking encoding against original. - */ --int int_rsa_verify(int type, const unsigned char *m, unsigned int m_len, -+static int rsa_check_digestinfo(X509_SIG *sig, const unsigned char *dinfo, -+ int dinfolen) -+{ -+ unsigned char *der = NULL; -+ int derlen; -+ int ret = 0; -+ derlen = i2d_X509_SIG(sig, &der); -+ if (derlen <= 0) -+ return 0; -+ if (derlen == dinfolen && !memcmp(dinfo, der, derlen)) -+ ret = 1; -+ OPENSSL_cleanse(der, derlen); -+ OPENSSL_free(der); -+ return ret; -+} -+ -+int int_rsa_verify(int dtype, const unsigned char *m, -+ unsigned int m_len, - unsigned char *rm, size_t *prm_len, - const unsigned char *sigbuf, size_t siglen, RSA *rsa) - { -- int decrypt_len, ret = 0, encoded_len = 0; -- unsigned char *decrypt_buf = NULL, *encoded = NULL; -+ int i, ret = 0, sigtype; -+ unsigned char *s; -+ X509_SIG *sig = NULL; - -- if (siglen != (size_t)RSA_size(rsa)) { -- RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_WRONG_SIGNATURE_LENGTH); -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) -+ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { -+ RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_NON_FIPS_RSA_METHOD); - return 0; - } -+#endif - -- /* Recover the encoded digest. */ -- decrypt_buf = OPENSSL_malloc(siglen); -- if (decrypt_buf == NULL) { -+ if (siglen != (unsigned int)RSA_size(rsa)) { -+ RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_WRONG_SIGNATURE_LENGTH); -+ return (0); -+ } -+ -+ if ((dtype == NID_md5_sha1) && rm) { -+ i = RSA_public_decrypt((int)siglen, -+ sigbuf, rm, rsa, RSA_PKCS1_PADDING); -+ if (i <= 0) -+ return 0; -+ *prm_len = i; -+ return 1; -+ } -+ -+ s = (unsigned char *)OPENSSL_malloc((unsigned int)siglen); -+ if (s == NULL) { - RSAerr(RSA_F_INT_RSA_VERIFY, ERR_R_MALLOC_FAILURE); - goto err; - } -- -- decrypt_len = RSA_public_decrypt((int)siglen, sigbuf, decrypt_buf, rsa, -- RSA_PKCS1_PADDING); -- if (decrypt_len <= 0) -+ if ((dtype == NID_md5_sha1) && (m_len != SSL_SIG_LENGTH)) { -+ RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_INVALID_MESSAGE_LENGTH); - goto err; -+ } -+ i = RSA_public_decrypt((int)siglen, sigbuf, s, rsa, RSA_PKCS1_PADDING); - -- if (type == NID_md5_sha1) { -- /* -- * NID_md5_sha1 corresponds to the MD5/SHA1 combination in TLS 1.1 and -- * earlier. It has no DigestInfo wrapper but otherwise is -- * RSASSA-PKCS1-v1_5. -- */ -- if (decrypt_len != SSL_SIG_LENGTH) { -- RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE); -- goto err; -- } -- -- if (rm != NULL) { -- memcpy(rm, decrypt_buf, SSL_SIG_LENGTH); -- *prm_len = SSL_SIG_LENGTH; -- } else { -- if (m_len != SSL_SIG_LENGTH) { -- RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_INVALID_MESSAGE_LENGTH); -- goto err; -- } -- -- if (memcmp(decrypt_buf, m, SSL_SIG_LENGTH) != 0) { -- RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE); -- goto err; -- } -- } -- } else if (type == NID_mdc2 && decrypt_len == 2 + 16 -- && decrypt_buf[0] == 0x04 && decrypt_buf[1] == 0x10) { -- /* -- * Oddball MDC2 case: signature can be OCTET STRING. check for correct -- * tag and length octets. -- */ -- if (rm != NULL) { -- memcpy(rm, decrypt_buf + 2, 16); -+ if (i <= 0) -+ goto err; -+ /* -+ * Oddball MDC2 case: signature can be OCTET STRING. check for correct -+ * tag and length octets. -+ */ -+ if (dtype == NID_mdc2 && i == 18 && s[0] == 0x04 && s[1] == 0x10) { -+ if (rm) { -+ memcpy(rm, s + 2, 16); - *prm_len = 16; -+ ret = 1; -+ } else if (memcmp(m, s + 2, 16)) { -+ RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE); - } else { -- if (m_len != 16) { -- RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_INVALID_MESSAGE_LENGTH); -- goto err; -- } -- -- if (memcmp(m, decrypt_buf + 2, 16) != 0) { -- RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE); -- goto err; -- } -+ ret = 1; - } -+ } else if (dtype == NID_md5_sha1) { -+ /* Special case: SSL signature */ -+ if ((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH)) -+ RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE); -+ else -+ ret = 1; - } else { -- /* -- * If recovering the digest, extract a digest-sized output from the end -- * of |decrypt_buf| for |encode_pkcs1|, then compare the decryption -- * output as in a standard verification. -- */ -- if (rm != NULL) { -- const EVP_MD *md = EVP_get_digestbynid(type); -- if (md == NULL) { -- RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_UNKNOWN_ALGORITHM_TYPE); -- goto err; -- } -- -- m_len = EVP_MD_size(md); -- if (m_len > (size_t)decrypt_len) { -- RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_INVALID_DIGEST_LENGTH); -- goto err; -- } -- m = decrypt_buf + decrypt_len - m_len; -- } -+ const unsigned char *p = s; -+ sig = d2i_X509_SIG(NULL, &p, (long)i); - -- /* Construct the encoded digest and ensure it matches. */ -- if (!encode_pkcs1(&encoded, &encoded_len, type, m, m_len)) -+ if (sig == NULL) - goto err; - -- if (encoded_len != decrypt_len -- || memcmp(encoded, decrypt_buf, encoded_len) != 0) { -+ /* Excess data can be used to create forgeries */ -+ if (p != s + i || !rsa_check_digestinfo(sig, s, i)) { - RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE); - goto err; - } - -- /* Output the recovered digest. */ -- if (rm != NULL) { -- memcpy(rm, m, m_len); -- *prm_len = m_len; -+ /* -+ * Parameters to the signature algorithm can also be used to create -+ * forgeries -+ */ -+ if (sig->algor->parameter -+ && ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL) { -+ RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE); -+ goto err; - } -- } - -- ret = 1; -+ sigtype = OBJ_obj2nid(sig->algor->algorithm); - --err: -- OPENSSL_clear_free(encoded, (size_t)encoded_len); -- OPENSSL_clear_free(decrypt_buf, siglen); -- return ret; -+#ifdef RSA_DEBUG -+ /* put a backward compatibility flag in EAY */ -+ fprintf(stderr, "in(%s) expect(%s)\n", OBJ_nid2ln(sigtype), -+ OBJ_nid2ln(dtype)); -+#endif -+ if (sigtype != dtype) { -+ RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_ALGORITHM_MISMATCH); -+ goto err; -+ } -+ if (rm) { -+ const EVP_MD *md; -+ md = EVP_get_digestbynid(dtype); -+ if (md && (EVP_MD_size(md) != sig->digest->length)) -+ RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_INVALID_DIGEST_LENGTH); -+ else { -+ memcpy(rm, sig->digest->data, sig->digest->length); -+ *prm_len = sig->digest->length; -+ ret = 1; -+ } -+ } else if (((unsigned int)sig->digest->length != m_len) || -+ (memcmp(m, sig->digest->data, m_len) != 0)) { -+ RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE); -+ } else -+ ret = 1; -+ } -+ err: -+ if (sig != NULL) -+ X509_SIG_free(sig); -+ if (s != NULL) { -+ OPENSSL_cleanse(s, (unsigned int)siglen); -+ OPENSSL_free(s); -+ } -+ return (ret); - } - --int RSA_verify(int type, const unsigned char *m, unsigned int m_len, -+int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, - const unsigned char *sigbuf, unsigned int siglen, RSA *rsa) - { - -- if (rsa->meth->rsa_verify) { -- return rsa->meth->rsa_verify(type, m, m_len, sigbuf, siglen, rsa); -+ if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) { -+ return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa); - } - -- return int_rsa_verify(type, m, m_len, NULL, NULL, sigbuf, siglen, rsa); -+ return int_rsa_verify(dtype, m, m_len, NULL, NULL, sigbuf, siglen, rsa); - } -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c -index 9ef6b80..746e01f 100644 ---- a/Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c -+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c -@@ -1,14 +1,63 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/rsa/rsa_ssl.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c -index b9301f3..725ead0 100644 ---- a/Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c -+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c -@@ -1,16 +1,67 @@ -+/* rsa_x931.c */ - /* -- * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2005. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include -+#include - #include - - int RSA_padding_add_X931(unsigned char *to, int tlen, -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c -deleted file mode 100644 -index 9dd993f..0000000 ---- a/Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c -+++ /dev/null -@@ -1,195 +0,0 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include --#include --#include --#include --#include --#include "rsa_locl.h" -- --/* X9.31 RSA key derivation and generation */ -- --int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, -- BIGNUM *q2, const BIGNUM *Xp1, const BIGNUM *Xp2, -- const BIGNUM *Xp, const BIGNUM *Xq1, const BIGNUM *Xq2, -- const BIGNUM *Xq, const BIGNUM *e, BN_GENCB *cb) --{ -- BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL; -- BN_CTX *ctx = NULL, *ctx2 = NULL; -- int ret = 0; -- -- if (!rsa) -- goto err; -- -- ctx = BN_CTX_new(); -- if (ctx == NULL) -- goto err; -- BN_CTX_start(ctx); -- -- r0 = BN_CTX_get(ctx); -- r1 = BN_CTX_get(ctx); -- r2 = BN_CTX_get(ctx); -- r3 = BN_CTX_get(ctx); -- -- if (r3 == NULL) -- goto err; -- if (!rsa->e) { -- rsa->e = BN_dup(e); -- if (!rsa->e) -- goto err; -- } else -- e = rsa->e; -- -- /* -- * If not all parameters present only calculate what we can. This allows -- * test programs to output selective parameters. -- */ -- -- if (Xp && rsa->p == NULL) { -- rsa->p = BN_new(); -- if (rsa->p == NULL) -- goto err; -- -- if (!BN_X931_derive_prime_ex(rsa->p, p1, p2, -- Xp, Xp1, Xp2, e, ctx, cb)) -- goto err; -- } -- -- if (Xq && rsa->q == NULL) { -- rsa->q = BN_new(); -- if (rsa->q == NULL) -- goto err; -- if (!BN_X931_derive_prime_ex(rsa->q, q1, q2, -- Xq, Xq1, Xq2, e, ctx, cb)) -- goto err; -- } -- -- if (rsa->p == NULL || rsa->q == NULL) { -- BN_CTX_end(ctx); -- BN_CTX_free(ctx); -- return 2; -- } -- -- /* -- * Since both primes are set we can now calculate all remaining -- * components. -- */ -- -- /* calculate n */ -- rsa->n = BN_new(); -- if (rsa->n == NULL) -- goto err; -- if (!BN_mul(rsa->n, rsa->p, rsa->q, ctx)) -- goto err; -- -- /* calculate d */ -- if (!BN_sub(r1, rsa->p, BN_value_one())) -- goto err; /* p-1 */ -- if (!BN_sub(r2, rsa->q, BN_value_one())) -- goto err; /* q-1 */ -- if (!BN_mul(r0, r1, r2, ctx)) -- goto err; /* (p-1)(q-1) */ -- -- if (!BN_gcd(r3, r1, r2, ctx)) -- goto err; -- -- if (!BN_div(r0, NULL, r0, r3, ctx)) -- goto err; /* LCM((p-1)(q-1)) */ -- -- ctx2 = BN_CTX_new(); -- if (ctx2 == NULL) -- goto err; -- -- rsa->d = BN_mod_inverse(NULL, rsa->e, r0, ctx2); /* d */ -- if (rsa->d == NULL) -- goto err; -- -- /* calculate d mod (p-1) */ -- rsa->dmp1 = BN_new(); -- if (rsa->dmp1 == NULL) -- goto err; -- if (!BN_mod(rsa->dmp1, rsa->d, r1, ctx)) -- goto err; -- -- /* calculate d mod (q-1) */ -- rsa->dmq1 = BN_new(); -- if (rsa->dmq1 == NULL) -- goto err; -- if (!BN_mod(rsa->dmq1, rsa->d, r2, ctx)) -- goto err; -- -- /* calculate inverse of q mod p */ -- rsa->iqmp = BN_mod_inverse(NULL, rsa->q, rsa->p, ctx2); -- -- ret = 1; -- err: -- if (ctx) -- BN_CTX_end(ctx); -- BN_CTX_free(ctx); -- BN_CTX_free(ctx2); -- -- return ret; -- --} -- --int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, -- BN_GENCB *cb) --{ -- int ok = 0; -- BIGNUM *Xp = NULL, *Xq = NULL; -- BN_CTX *ctx = NULL; -- -- ctx = BN_CTX_new(); -- if (ctx == NULL) -- goto error; -- -- BN_CTX_start(ctx); -- Xp = BN_CTX_get(ctx); -- Xq = BN_CTX_get(ctx); -- if (!BN_X931_generate_Xpq(Xp, Xq, bits, ctx)) -- goto error; -- -- rsa->p = BN_new(); -- rsa->q = BN_new(); -- if (rsa->p == NULL || rsa->q == NULL) -- goto error; -- -- /* Generate two primes from Xp, Xq */ -- -- if (!BN_X931_generate_prime_ex(rsa->p, NULL, NULL, NULL, NULL, Xp, -- e, ctx, cb)) -- goto error; -- -- if (!BN_X931_generate_prime_ex(rsa->q, NULL, NULL, NULL, NULL, Xq, -- e, ctx, cb)) -- goto error; -- -- /* -- * Since rsa->p and rsa->q are valid this call will just derive remaining -- * RSA components. -- */ -- -- if (!RSA_X931_derive_ex(rsa, NULL, NULL, NULL, NULL, -- NULL, NULL, NULL, NULL, NULL, NULL, e, cb)) -- goto error; -- -- ok = 1; -- -- error: -- if (ctx) -- BN_CTX_end(ctx); -- BN_CTX_free(ctx); -- -- if (ok) -- return 1; -- -- return 0; -- --} -diff --git a/Cryptlib/OpenSSL/crypto/sha/sha1_one.c b/Cryptlib/OpenSSL/crypto/sha/sha1_one.c -index 273ab08..a6dd760 100644 ---- a/Cryptlib/OpenSSL/crypto/sha/sha1_one.c -+++ b/Cryptlib/OpenSSL/crypto/sha/sha1_one.c -@@ -1,10 +1,59 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/sha/sha1_one.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include -@@ -12,6 +61,7 @@ - #include - #include - -+#ifndef OPENSSL_NO_SHA1 - unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md) - { - SHA_CTX c; -@@ -26,3 +76,4 @@ unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md) - OPENSSL_cleanse(&c, sizeof(c)); - return (md); - } -+#endif -diff --git a/Cryptlib/OpenSSL/crypto/sha/sha1dgst.c b/Cryptlib/OpenSSL/crypto/sha/sha1dgst.c -index 819370e..a67f1fe 100644 ---- a/Cryptlib/OpenSSL/crypto/sha/sha1dgst.c -+++ b/Cryptlib/OpenSSL/crypto/sha/sha1dgst.c -@@ -1,17 +1,74 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/sha/sha1dgst.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include - #include -+#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA) -+ -+# undef SHA_0 -+# define SHA_1 - - # include - -+const char SHA1_version[] = "SHA1" OPENSSL_VERSION_PTEXT; -+ - /* The implementation is in ../md32_common.h */ - - # include "sha_locl.h" -+ -+#endif -diff --git a/Cryptlib/OpenSSL/crypto/sha/sha256.c b/Cryptlib/OpenSSL/crypto/sha/sha256.c -index 5e7ba43..72a1159 100644 ---- a/Cryptlib/OpenSSL/crypto/sha/sha256.c -+++ b/Cryptlib/OpenSSL/crypto/sha/sha256.c -@@ -1,22 +1,22 @@ --/* -- * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+/* crypto/sha/sha256.c */ -+/* ==================================================================== -+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved -+ * according to the OpenSSL license [found in ../../LICENSE]. -+ * ==================================================================== - */ -- - #include -+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256) - --#include --#include -+# include -+# include - --#include --#include --#include -+# include -+# include -+# include - --int SHA224_Init(SHA256_CTX *c) -+const char SHA256_version[] = "SHA-256" OPENSSL_VERSION_PTEXT; -+ -+fips_md_init_ctx(SHA224, SHA256) - { - memset(c, 0, sizeof(*c)); - c->h[0] = 0xc1059ed8UL; -@@ -31,7 +31,7 @@ int SHA224_Init(SHA256_CTX *c) - return 1; - } - --int SHA256_Init(SHA256_CTX *c) -+fips_md_init(SHA256) - { - memset(c, 0, sizeof(*c)); - c->h[0] = 0x6a09e667UL; -@@ -84,21 +84,20 @@ int SHA224_Final(unsigned char *md, SHA256_CTX *c) - return SHA256_Final(md, c); - } - --#define DATA_ORDER_IS_BIG_ENDIAN -- --#define HASH_LONG SHA_LONG --#define HASH_CTX SHA256_CTX --#define HASH_CBLOCK SHA_CBLOCK -+# define DATA_ORDER_IS_BIG_ENDIAN - -+# define HASH_LONG SHA_LONG -+# define HASH_CTX SHA256_CTX -+# define HASH_CBLOCK SHA_CBLOCK - /* - * Note that FIPS180-2 discusses "Truncation of the Hash Function Output." - * default: case below covers for it. It's not clear however if it's - * permitted to truncate to amount of bytes not divisible by 4. I bet not, - * but if it is, then default: case shall be extended. For reference. -- * Idea behind separate cases for pre-defined lengths is to let the -+ * Idea behind separate cases for pre-defined lenghts is to let the - * compiler decide if it's appropriate to unroll small loops. - */ --#define HASH_MAKE_STRING(c,s) do { \ -+# define HASH_MAKE_STRING(c,s) do { \ - unsigned long ll; \ - unsigned int nn; \ - switch ((c)->md_len) \ -@@ -119,18 +118,18 @@ int SHA224_Final(unsigned char *md, SHA256_CTX *c) - } \ - } while (0) - --#define HASH_UPDATE SHA256_Update --#define HASH_TRANSFORM SHA256_Transform --#define HASH_FINAL SHA256_Final --#define HASH_BLOCK_DATA_ORDER sha256_block_data_order --#ifndef SHA256_ASM -+# define HASH_UPDATE SHA256_Update -+# define HASH_TRANSFORM SHA256_Transform -+# define HASH_FINAL SHA256_Final -+# define HASH_BLOCK_DATA_ORDER sha256_block_data_order -+# ifndef SHA256_ASM - static --#endif -+# endif - void sha256_block_data_order(SHA256_CTX *ctx, const void *in, size_t num); - --#include "internal/md32_common.h" -+# include "md32_common.h" - --#ifndef SHA256_ASM -+# ifndef SHA256_ASM - static const SHA_LONG K256[64] = { - 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, - 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, -@@ -155,15 +154,15 @@ static const SHA_LONG K256[64] = { - * is left one. This is why you might notice that rotation coefficients - * differ from those observed in FIPS document by 32-N... - */ --# define Sigma0(x) (ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10)) --# define Sigma1(x) (ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7)) --# define sigma0(x) (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3)) --# define sigma1(x) (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10)) -+# define Sigma0(x) (ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10)) -+# define Sigma1(x) (ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7)) -+# define sigma0(x) (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3)) -+# define sigma1(x) (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10)) - --# define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) --# define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) -+# define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) -+# define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) - --# ifdef OPENSSL_SMALL_FOOTPRINT -+# ifdef OPENSSL_SMALL_FOOTPRINT - - static void sha256_block_data_order(SHA256_CTX *ctx, const void *in, - size_t num) -@@ -185,7 +184,7 @@ static void sha256_block_data_order(SHA256_CTX *ctx, const void *in, - h = ctx->h[7]; - - for (i = 0; i < 16; i++) { -- (void)HOST_c2l(data, l); -+ HOST_c2l(data, l); - T1 = X[i] = l; - T1 += h + Sigma1(e) + Ch(e, f, g) + K256[i]; - T2 = Sigma0(a) + Maj(a, b, c); -@@ -230,14 +229,14 @@ static void sha256_block_data_order(SHA256_CTX *ctx, const void *in, - } - } - --# else -+# else - --# define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \ -+# define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \ - T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; \ - h = Sigma0(a) + Maj(a,b,c); \ - d += T1; h += T1; } while (0) - --# define ROUND_16_63(i,a,b,c,d,e,f,g,h,X) do { \ -+# define ROUND_16_63(i,a,b,c,d,e,f,g,h,X) do { \ - s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \ - s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \ - T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \ -@@ -309,52 +308,52 @@ static void sha256_block_data_order(SHA256_CTX *ctx, const void *in, - } else { - SHA_LONG l; - -- (void)HOST_c2l(data, l); -+ HOST_c2l(data, l); - T1 = X[0] = l; - ROUND_00_15(0, a, b, c, d, e, f, g, h); -- (void)HOST_c2l(data, l); -+ HOST_c2l(data, l); - T1 = X[1] = l; - ROUND_00_15(1, h, a, b, c, d, e, f, g); -- (void)HOST_c2l(data, l); -+ HOST_c2l(data, l); - T1 = X[2] = l; - ROUND_00_15(2, g, h, a, b, c, d, e, f); -- (void)HOST_c2l(data, l); -+ HOST_c2l(data, l); - T1 = X[3] = l; - ROUND_00_15(3, f, g, h, a, b, c, d, e); -- (void)HOST_c2l(data, l); -+ HOST_c2l(data, l); - T1 = X[4] = l; - ROUND_00_15(4, e, f, g, h, a, b, c, d); -- (void)HOST_c2l(data, l); -+ HOST_c2l(data, l); - T1 = X[5] = l; - ROUND_00_15(5, d, e, f, g, h, a, b, c); -- (void)HOST_c2l(data, l); -+ HOST_c2l(data, l); - T1 = X[6] = l; - ROUND_00_15(6, c, d, e, f, g, h, a, b); -- (void)HOST_c2l(data, l); -+ HOST_c2l(data, l); - T1 = X[7] = l; - ROUND_00_15(7, b, c, d, e, f, g, h, a); -- (void)HOST_c2l(data, l); -+ HOST_c2l(data, l); - T1 = X[8] = l; - ROUND_00_15(8, a, b, c, d, e, f, g, h); -- (void)HOST_c2l(data, l); -+ HOST_c2l(data, l); - T1 = X[9] = l; - ROUND_00_15(9, h, a, b, c, d, e, f, g); -- (void)HOST_c2l(data, l); -+ HOST_c2l(data, l); - T1 = X[10] = l; - ROUND_00_15(10, g, h, a, b, c, d, e, f); -- (void)HOST_c2l(data, l); -+ HOST_c2l(data, l); - T1 = X[11] = l; - ROUND_00_15(11, f, g, h, a, b, c, d, e); -- (void)HOST_c2l(data, l); -+ HOST_c2l(data, l); - T1 = X[12] = l; - ROUND_00_15(12, e, f, g, h, a, b, c, d); -- (void)HOST_c2l(data, l); -+ HOST_c2l(data, l); - T1 = X[13] = l; - ROUND_00_15(13, d, e, f, g, h, a, b, c); -- (void)HOST_c2l(data, l); -+ HOST_c2l(data, l); - T1 = X[14] = l; - ROUND_00_15(14, c, d, e, f, g, h, a, b); -- (void)HOST_c2l(data, l); -+ HOST_c2l(data, l); - T1 = X[15] = l; - ROUND_00_15(15, b, c, d, e, f, g, h, a); - } -@@ -382,5 +381,7 @@ static void sha256_block_data_order(SHA256_CTX *ctx, const void *in, - } - } - --# endif --#endif /* SHA256_ASM */ -+# endif -+# endif /* SHA256_ASM */ -+ -+#endif /* OPENSSL_NO_SHA256 */ -diff --git a/Cryptlib/OpenSSL/crypto/sha/sha512.c b/Cryptlib/OpenSSL/crypto/sha/sha512.c -index d24d103..3bf66ae 100644 ---- a/Cryptlib/OpenSSL/crypto/sha/sha512.c -+++ b/Cryptlib/OpenSSL/crypto/sha/sha512.c -@@ -1,19 +1,17 @@ --/* -- * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+/* crypto/sha/sha512.c */ -+/* ==================================================================== -+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved -+ * according to the OpenSSL license [found in ../../LICENSE]. -+ * ==================================================================== - */ -- - #include -+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512) - /*- - * IMPLEMENTATION NOTES. - * - * As you might have noticed 32-bit hash algorithms: - * -- * - permit SHA_LONG to be wider than 32-bit -+ * - permit SHA_LONG to be wider than 32-bit (case on CRAY); - * - optimized versions implement two transform functions: one operating - * on [aligned] data in host byte order and one - on data in input - * stream byte order; -@@ -43,24 +41,26 @@ - * 16-bit platforms. - * - */ --#include --#include -+# include -+# include - --#include --#include --#include -+# include -+# include -+# include - --#include "internal/cryptlib.h" -+# include "cryptlib.h" - --#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ -+const char SHA512_version[] = "SHA-512" OPENSSL_VERSION_PTEXT; -+ -+# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ - defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \ - defined(__s390__) || defined(__s390x__) || \ - defined(__aarch64__) || \ - defined(SHA512_ASM) --# define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA --#endif -+# define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA -+# endif - --int SHA384_Init(SHA512_CTX *c) -+fips_md_init_ctx(SHA384, SHA512) - { - c->h[0] = U64(0xcbbb9d5dc1059ed8); - c->h[1] = U64(0x629a292a367cd507); -@@ -78,7 +78,7 @@ int SHA384_Init(SHA512_CTX *c) - return 1; - } - --int SHA512_Init(SHA512_CTX *c) -+fips_md_init(SHA512) - { - c->h[0] = U64(0x6a09e667f3bcc908); - c->h[1] = U64(0xbb67ae8584caa73b); -@@ -96,9 +96,9 @@ int SHA512_Init(SHA512_CTX *c) - return 1; - } - --#ifndef SHA512_ASM -+# ifndef SHA512_ASM - static --#endif -+# endif - void sha512_block_data_order(SHA512_CTX *ctx, const void *in, size_t num); - - int SHA512_Final(unsigned char *md, SHA512_CTX *c) -@@ -108,17 +108,15 @@ int SHA512_Final(unsigned char *md, SHA512_CTX *c) - - p[n] = 0x80; /* There always is a room for one */ - n++; -- if (n > (sizeof(c->u) - 16)) { -- memset(p + n, 0, sizeof(c->u) - n); -- n = 0; -- sha512_block_data_order(c, p, 1); -- } -+ if (n > (sizeof(c->u) - 16)) -+ memset(p + n, 0, sizeof(c->u) - n), n = 0, -+ sha512_block_data_order(c, p, 1); - - memset(p + n, 0, sizeof(c->u) - 16 - n); --#ifdef B_ENDIAN -+# ifdef B_ENDIAN - c->u.d[SHA_LBLOCK - 2] = c->Nh; - c->u.d[SHA_LBLOCK - 1] = c->Nl; --#else -+# else - p[sizeof(c->u) - 1] = (unsigned char)(c->Nl); - p[sizeof(c->u) - 2] = (unsigned char)(c->Nl >> 8); - p[sizeof(c->u) - 3] = (unsigned char)(c->Nl >> 16); -@@ -135,7 +133,7 @@ int SHA512_Final(unsigned char *md, SHA512_CTX *c) - p[sizeof(c->u) - 14] = (unsigned char)(c->Nh >> 40); - p[sizeof(c->u) - 15] = (unsigned char)(c->Nh >> 48); - p[sizeof(c->u) - 16] = (unsigned char)(c->Nh >> 56); --#endif -+# endif - - sha512_block_data_order(c, p, 1); - -@@ -215,14 +213,14 @@ int SHA512_Update(SHA512_CTX *c, const void *_data, size_t len) - } - - if (len >= sizeof(c->u)) { --#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA -+# ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA - if ((size_t)data % sizeof(c->u.d[0]) != 0) - while (len >= sizeof(c->u)) - memcpy(p, data, sizeof(c->u)), - sha512_block_data_order(c, p, 1), - len -= sizeof(c->u), data += sizeof(c->u); - else --#endif -+# endif - sha512_block_data_order(c, data, len / sizeof(c->u)), - data += len, len %= sizeof(c->u), data -= len; - } -@@ -240,10 +238,10 @@ int SHA384_Update(SHA512_CTX *c, const void *data, size_t len) - - void SHA512_Transform(SHA512_CTX *c, const unsigned char *data) - { --#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA -+# ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA - if ((size_t)data % sizeof(c->u.d[0]) != 0) - memcpy(c->u.p, data, sizeof(c->u.p)), data = c->u.p; --#endif -+# endif - sha512_block_data_order(c, data, 1); - } - -@@ -275,7 +273,7 @@ unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md) - return (md); - } - --#ifndef SHA512_ASM -+# ifndef SHA512_ASM - static const SHA_LONG64 K512[80] = { - U64(0x428a2f98d728ae22), U64(0x7137449123ef65cd), - U64(0xb5c0fbcfec4d3b2f), U64(0xe9b5dba58189dbbc), -@@ -319,23 +317,23 @@ static const SHA_LONG64 K512[80] = { - U64(0x5fcb6fab3ad6faec), U64(0x6c44198c4a475817) - }; - --# ifndef PEDANTIC --# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) --# if defined(__x86_64) || defined(__x86_64__) --# define ROTR(a,n) ({ SHA_LONG64 ret; \ -+# ifndef PEDANTIC -+# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) -+# if defined(__x86_64) || defined(__x86_64__) -+# define ROTR(a,n) ({ SHA_LONG64 ret; \ - asm ("rorq %1,%0" \ - : "=r"(ret) \ - : "J"(n),"0"(a) \ - : "cc"); ret; }) --# if !defined(B_ENDIAN) --# define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x))); \ -+# if !defined(B_ENDIAN) -+# define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x))); \ - asm ("bswapq %0" \ - : "=r"(ret) \ - : "0"(ret)); ret; }) --# endif --# elif (defined(__i386) || defined(__i386__)) && !defined(B_ENDIAN) --# if defined(I386_ONLY) --# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ -+# endif -+# elif (defined(__i386) || defined(__i386__)) && !defined(B_ENDIAN) -+# if defined(I386_ONLY) -+# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ - unsigned int hi=p[0],lo=p[1]; \ - asm("xchgb %%ah,%%al;xchgb %%dh,%%dl;"\ - "roll $16,%%eax; roll $16,%%edx; "\ -@@ -343,39 +341,39 @@ static const SHA_LONG64 K512[80] = { - : "=a"(lo),"=d"(hi) \ - : "0"(lo),"1"(hi) : "cc"); \ - ((SHA_LONG64)hi)<<32|lo; }) --# else --# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ -+# else -+# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ - unsigned int hi=p[0],lo=p[1]; \ - asm ("bswapl %0; bswapl %1;" \ - : "=r"(lo),"=r"(hi) \ - : "0"(lo),"1"(hi)); \ - ((SHA_LONG64)hi)<<32|lo; }) --# endif --# elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64) --# define ROTR(a,n) ({ SHA_LONG64 ret; \ -+# endif -+# elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64) -+# define ROTR(a,n) ({ SHA_LONG64 ret; \ - asm ("rotrdi %0,%1,%2" \ - : "=r"(ret) \ - : "r"(a),"K"(n)); ret; }) --# elif defined(__aarch64__) --# define ROTR(a,n) ({ SHA_LONG64 ret; \ -+# elif defined(__aarch64__) -+# define ROTR(a,n) ({ SHA_LONG64 ret; \ - asm ("ror %0,%1,%2" \ - : "=r"(ret) \ - : "r"(a),"I"(n)); ret; }) --# if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \ -+# if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \ - __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__ --# define PULL64(x) ({ SHA_LONG64 ret; \ -+# define PULL64(x) ({ SHA_LONG64 ret; \ - asm ("rev %0,%1" \ - : "=r"(ret) \ - : "r"(*((const SHA_LONG64 *)(&(x))))); ret; }) -+# endif - # endif --# endif --# elif defined(_MSC_VER) --# if defined(_WIN64) /* applies to both IA-64 and AMD64 */ --# pragma intrinsic(_rotr64) --# define ROTR(a,n) _rotr64((a),n) --# endif --# if defined(_M_IX86) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) --# if defined(I386_ONLY) -+# elif defined(_MSC_VER) -+# if defined(_WIN64) /* applies to both IA-64 and AMD64 */ -+# pragma intrinsic(_rotr64) -+# define ROTR(a,n) _rotr64((a),n) -+# endif -+# if defined(_M_IX86) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) -+# if defined(I386_ONLY) - static SHA_LONG64 __fastcall __pull64be(const void *x) - { - _asm mov edx,[ecx + 0] -@@ -383,34 +381,34 @@ static SHA_LONG64 __fastcall __pull64be(const void *x) - _asm xchg dh, dl - _asm xchg ah, al - _asm rol edx, 16 _asm rol eax, 16 _asm xchg dh, dl _asm xchg ah, al} --# else -+# else - static SHA_LONG64 __fastcall __pull64be(const void *x) - { - _asm mov edx,[ecx + 0] - _asm mov eax,[ecx + 4] - _asm bswap edx _asm bswap eax} --# endif --# define PULL64(x) __pull64be(&(x)) --# if _MSC_VER<=1200 --# pragma inline_depth(0) -+# endif -+# define PULL64(x) __pull64be(&(x)) -+# if _MSC_VER<=1200 -+# pragma inline_depth(0) -+# endif - # endif - # endif - # endif --# endif --# ifndef PULL64 --# define B(x,j) (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8)) --# define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7)) --# endif --# ifndef ROTR --# define ROTR(x,s) (((x)>>s) | (x)<<(64-s)) --# endif --# define Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39)) --# define Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41)) --# define sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7)) --# define sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6)) --# define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) --# define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) --# if defined(__i386) || defined(__i386__) || defined(_M_IX86) -+# ifndef PULL64 -+# define B(x,j) (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8)) -+# define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7)) -+# endif -+# ifndef ROTR -+# define ROTR(x,s) (((x)>>s) | (x)<<(64-s)) -+# endif -+# define Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39)) -+# define Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41)) -+# define sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7)) -+# define sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6)) -+# define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) -+# define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) -+# if defined(__i386) || defined(__i386__) || defined(_M_IX86) - /* - * This code should give better results on 32-bit CPU with less than - * ~24 registers, both size and performance wise... -@@ -435,11 +433,11 @@ _asm bswap edx _asm bswap eax} - F[7] = ctx->h[7]; - - for (i = 0; i < 16; i++, F--) { --# ifdef B_ENDIAN -+# ifdef B_ENDIAN - T = W[i]; --# else -+# else - T = PULL64(W[i]); --# endif -+# endif - F[0] = A; - F[4] = E; - F[8] = T; -@@ -474,7 +472,7 @@ _asm bswap edx _asm bswap eax} - } - } - --# elif defined(OPENSSL_SMALL_FOOTPRINT) -+# elif defined(OPENSSL_SMALL_FOOTPRINT) - static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, - size_t num) - { -@@ -495,11 +493,11 @@ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, - h = ctx->h[7]; - - for (i = 0; i < 16; i++) { --# ifdef B_ENDIAN -+# ifdef B_ENDIAN - T1 = X[i] = W[i]; --# else -+# else - T1 = X[i] = PULL64(W[i]); --# endif -+# endif - T1 += h + Sigma1(e) + Ch(e, f, g) + K512[i]; - T2 = Sigma0(a) + Maj(a, b, c); - h = g; -@@ -544,12 +542,12 @@ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, - } - } - --# else --# define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \ -+# else -+# define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \ - T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; \ - h = Sigma0(a) + Maj(a,b,c); \ - d += T1; h += T1; } while (0) --# define ROUND_16_80(i,j,a,b,c,d,e,f,g,h,X) do { \ -+# define ROUND_16_80(i,j,a,b,c,d,e,f,g,h,X) do { \ - s0 = X[(j+1)&0x0f]; s0 = sigma0(s0); \ - s1 = X[(j+14)&0x0f]; s1 = sigma1(s1); \ - T1 = X[(j)&0x0f] += s0 + s1 + X[(j+9)&0x0f]; \ -@@ -573,7 +571,7 @@ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, - g = ctx->h[6]; - h = ctx->h[7]; - --# ifdef B_ENDIAN -+# ifdef B_ENDIAN - T1 = X[0] = W[0]; - ROUND_00_15(0, a, b, c, d, e, f, g, h); - T1 = X[1] = W[1]; -@@ -606,7 +604,7 @@ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, - ROUND_00_15(14, c, d, e, f, g, h, a, b); - T1 = X[15] = W[15]; - ROUND_00_15(15, b, c, d, e, f, g, h, a); --# else -+# else - T1 = X[0] = PULL64(W[0]); - ROUND_00_15(0, a, b, c, d, e, f, g, h); - T1 = X[1] = PULL64(W[1]); -@@ -639,7 +637,7 @@ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, - ROUND_00_15(14, c, d, e, f, g, h, a, b); - T1 = X[15] = PULL64(W[15]); - ROUND_00_15(15, b, c, d, e, f, g, h, a); --# endif -+# endif - - for (i = 16; i < 80; i += 16) { - ROUND_16_80(i, 0, a, b, c, d, e, f, g, h, X); -@@ -673,6 +671,14 @@ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, - } - } - -+# endif -+ -+# endif /* SHA512_ASM */ -+ -+#else /* !OPENSSL_NO_SHA512 */ -+ -+# if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX) -+static void *dummy = &dummy; - # endif - --#endif /* SHA512_ASM */ -+#endif /* !OPENSSL_NO_SHA512 */ -diff --git a/Cryptlib/OpenSSL/crypto/sha/sha_dgst.c b/Cryptlib/OpenSSL/crypto/sha/sha_dgst.c -new file mode 100644 -index 0000000..f77cf5e ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/sha/sha_dgst.c -@@ -0,0 +1,74 @@ -+/* crypto/sha/sha1dgst.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#include -+#include -+#if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA) -+ -+# undef SHA_1 -+# define SHA_0 -+ -+# include -+ -+const char SHA_version[] = "SHA" OPENSSL_VERSION_PTEXT; -+ -+/* The implementation is in ../md32_common.h */ -+ -+# include "sha_locl.h" -+ -+#endif -diff --git a/Cryptlib/OpenSSL/crypto/sha/sha_locl.h b/Cryptlib/OpenSSL/crypto/sha/sha_locl.h -index 918278a..03bd411 100644 ---- a/Cryptlib/OpenSSL/crypto/sha/sha_locl.h -+++ b/Cryptlib/OpenSSL/crypto/sha/sha_locl.h -@@ -1,10 +1,59 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/sha/sha_locl.h */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include -@@ -27,22 +76,45 @@ - ll=(c)->h4; (void)HOST_l2c(ll,(s)); \ - } while (0) - --#define HASH_UPDATE SHA1_Update --#define HASH_TRANSFORM SHA1_Transform --#define HASH_FINAL SHA1_Final --#define HASH_INIT SHA1_Init --#define HASH_BLOCK_DATA_ORDER sha1_block_data_order --#define Xupdate(a,ix,ia,ib,ic,id) ( (a)=(ia^ib^ic^id), \ -+#if defined(SHA_0) -+ -+# define HASH_UPDATE SHA_Update -+# define HASH_TRANSFORM SHA_Transform -+# define HASH_FINAL SHA_Final -+# define HASH_INIT SHA_Init -+# define HASH_BLOCK_DATA_ORDER sha_block_data_order -+# define Xupdate(a,ix,ia,ib,ic,id) (ix=(a)=(ia^ib^ic^id)) -+ -+static void sha_block_data_order(SHA_CTX *c, const void *p, size_t num); -+ -+#elif defined(SHA_1) -+ -+# define HASH_UPDATE SHA1_Update -+# define HASH_TRANSFORM SHA1_Transform -+# define HASH_FINAL SHA1_Final -+# define HASH_INIT SHA1_Init -+# define HASH_BLOCK_DATA_ORDER sha1_block_data_order -+# if defined(__MWERKS__) && defined(__MC68K__) -+ /* Metrowerks for Motorola fails otherwise:-( */ -+# define Xupdate(a,ix,ia,ib,ic,id) do { (a)=(ia^ib^ic^id); \ -+ ix=(a)=ROTATE((a),1); \ -+ } while (0) -+# else -+# define Xupdate(a,ix,ia,ib,ic,id) ( (a)=(ia^ib^ic^id), \ - ix=(a)=ROTATE((a),1) \ - ) -+# endif - --#ifndef SHA1_ASM --static void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num); --#else -+# ifndef SHA1_ASM -+static -+# endif - void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num); -+ -+#else -+# error "Either SHA_0 or SHA_1 must be defined." - #endif - --#include "internal/md32_common.h" -+#include "md32_common.h" - - #define INIT_DATA_h0 0x67452301UL - #define INIT_DATA_h1 0xefcdab89UL -@@ -50,7 +122,11 @@ void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num); - #define INIT_DATA_h3 0x10325476UL - #define INIT_DATA_h4 0xc3d2e1f0UL - --int HASH_INIT(SHA_CTX *c) -+#ifdef SHA_0 -+fips_md_init(SHA) -+#else -+fips_md_init_ctx(SHA1, SHA) -+#endif - { - memset(c, 0, sizeof(*c)); - c->h0 = INIT_DATA_h0; -@@ -115,7 +191,7 @@ int HASH_INIT(SHA_CTX *c) - # ifndef MD32_XARRAY - /* - * Originally X was an array. As it's automatic it's natural -- * to expect RISC compiler to accommodate at least part of it in -+ * to expect RISC compiler to accomodate at least part of it in - * the register bank, isn't it? Unfortunately not all compilers - * "find" this expectation reasonable:-( On order to make such - * compilers generate better code I replace X[] with a bunch of -@@ -132,7 +208,7 @@ int HASH_INIT(SHA_CTX *c) - # define X(i) XX[i] - # endif - --# if !defined(SHA1_ASM) -+# if !defined(SHA_1) || !defined(SHA1_ASM) - static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num) - { - const unsigned char *data = p; -@@ -366,7 +442,7 @@ static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num) - E=D, D=C, C=ROTATE(B,30), B=A; \ - A=ROTATE(A,5)+T+xa; } while(0) - --# if !defined(SHA1_ASM) -+# if !defined(SHA_1) || !defined(SHA1_ASM) - static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num) - { - const unsigned char *data = p; -@@ -382,7 +458,7 @@ static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num) - - for (;;) { - for (i = 0; i < 16; i++) { -- (void)HOST_c2l(data, l); -+ HOST_c2l(data, l); - X[i] = l; - BODY_00_15(X[i]); - } -diff --git a/Cryptlib/OpenSSL/crypto/sha/sha_one.c b/Cryptlib/OpenSSL/crypto/sha/sha_one.c -new file mode 100644 -index 0000000..0930b98 ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/sha/sha_one.c -@@ -0,0 +1,79 @@ -+/* crypto/sha/sha_one.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#include -+#include -+#include -+#include -+ -+#ifndef OPENSSL_NO_SHA0 -+unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md) -+{ -+ SHA_CTX c; -+ static unsigned char m[SHA_DIGEST_LENGTH]; -+ -+ if (md == NULL) -+ md = m; -+ if (!SHA_Init(&c)) -+ return NULL; -+ SHA_Update(&c, d, n); -+ SHA_Final(md, &c); -+ OPENSSL_cleanse(&c, sizeof(c)); -+ return (md); -+} -+#endif -diff --git a/Cryptlib/OpenSSL/crypto/stack/stack.c b/Cryptlib/OpenSSL/crypto/stack/stack.c -index 43ddf30..fa50083 100644 ---- a/Cryptlib/OpenSSL/crypto/stack/stack.c -+++ b/Cryptlib/OpenSSL/crypto/stack/stack.c -@@ -1,34 +1,86 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/stack/stack.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - -+/*- -+ * Code for stacks -+ * Author - Eric Young v 1.0 -+ * 1.2 eay 12-Mar-97 - Modified sk_find so that it _DOES_ return the -+ * lowest index for the searched item. -+ * -+ * 1.1 eay - Take from netdb and added to SSLeay -+ * -+ * 1.0 eay - First version 29/07/92 -+ */ - #include --#include "internal/cryptlib.h" --#include "internal/numbers.h" -+#include "cryptlib.h" - #include - #include - --struct stack_st { -- int num; -- const char **data; -- int sorted; -- size_t num_alloc; -- OPENSSL_sk_compfunc comp; --}; -- - #undef MIN_NODES - #define MIN_NODES 4 - -+const char STACK_version[] = "Stack" OPENSSL_VERSION_PTEXT; -+ - #include - --OPENSSL_sk_compfunc OPENSSL_sk_set_cmp_func(OPENSSL_STACK *sk, OPENSSL_sk_compfunc c) --{ -- OPENSSL_sk_compfunc old = sk->comp; -+int (*sk_set_cmp_func(_STACK *sk, int (*c) (const void *, const void *))) -+ (const void *, const void *) { -+ int (*old) (const void *, const void *) = sk->comp; - - if (sk->comp != c) - sk->sorted = 0; -@@ -37,50 +89,51 @@ OPENSSL_sk_compfunc OPENSSL_sk_set_cmp_func(OPENSSL_STACK *sk, OPENSSL_sk_compfu - return old; - } - --OPENSSL_STACK *OPENSSL_sk_dup(const OPENSSL_STACK *sk) -+_STACK *sk_dup(_STACK *sk) - { -- OPENSSL_STACK *ret; -+ _STACK *ret; -+ char **s; - -- if (sk->num < 0) -- return NULL; -- -- if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) -- return NULL; -- -- /* direct structure assignment */ -- *ret = *sk; -- -- if ((ret->data = OPENSSL_malloc(sizeof(*ret->data) * sk->num_alloc)) == NULL) -+ if ((ret = sk_new(sk->comp)) == NULL) - goto err; -+ s = (char **)OPENSSL_realloc((char *)ret->data, -+ (unsigned int)sizeof(char *) * -+ sk->num_alloc); -+ if (s == NULL) -+ goto err; -+ ret->data = s; -+ -+ ret->num = sk->num; - memcpy(ret->data, sk->data, sizeof(char *) * sk->num); -- return ret; -+ ret->sorted = sk->sorted; -+ ret->num_alloc = sk->num_alloc; -+ ret->comp = sk->comp; -+ return (ret); - err: -- OPENSSL_sk_free(ret); -- return NULL; -+ if (ret) -+ sk_free(ret); -+ return (NULL); - } - --OPENSSL_STACK *OPENSSL_sk_deep_copy(const OPENSSL_STACK *sk, -- OPENSSL_sk_copyfunc copy_func, -- OPENSSL_sk_freefunc free_func) -+_STACK *sk_deep_copy(_STACK *sk, void *(*copy_func) (void *), -+ void (*free_func) (void *)) - { -- OPENSSL_STACK *ret; -+ _STACK *ret; - int i; - -- if (sk->num < 0) -- return NULL; -- -- if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) -- return NULL; -- -- /* direct structure assignment */ -- *ret = *sk; -- -- ret->num_alloc = sk->num > MIN_NODES ? (size_t)sk->num : MIN_NODES; -- ret->data = OPENSSL_zalloc(sizeof(*ret->data) * ret->num_alloc); -+ if ((ret = OPENSSL_malloc(sizeof(_STACK))) == NULL) -+ return ret; -+ ret->comp = sk->comp; -+ ret->sorted = sk->sorted; -+ ret->num = sk->num; -+ ret->num_alloc = sk->num > MIN_NODES ? sk->num : MIN_NODES; -+ ret->data = OPENSSL_malloc(sizeof(char *) * ret->num_alloc); - if (ret->data == NULL) { - OPENSSL_free(ret); - return NULL; - } -+ for (i = 0; i < ret->num_alloc; i++) -+ ret->data[i] = NULL; - - for (i = 0; i < ret->num; ++i) { - if (sk->data[i] == NULL) -@@ -88,103 +141,112 @@ OPENSSL_STACK *OPENSSL_sk_deep_copy(const OPENSSL_STACK *sk, - if ((ret->data[i] = copy_func(sk->data[i])) == NULL) { - while (--i >= 0) - if (ret->data[i] != NULL) -- free_func((void *)ret->data[i]); -- OPENSSL_sk_free(ret); -+ free_func(ret->data[i]); -+ sk_free(ret); - return NULL; - } - } - return ret; - } - --OPENSSL_STACK *OPENSSL_sk_new_null(void) -+_STACK *sk_new_null(void) - { -- return OPENSSL_sk_new((OPENSSL_sk_compfunc)NULL); -+ return sk_new((int (*)(const void *, const void *))0); - } - --OPENSSL_STACK *OPENSSL_sk_new(OPENSSL_sk_compfunc c) -+_STACK *sk_new(int (*c) (const void *, const void *)) - { -- OPENSSL_STACK *ret; -+ _STACK *ret; -+ int i; - -- if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) -+ if ((ret = OPENSSL_malloc(sizeof(_STACK))) == NULL) - goto err; -- if ((ret->data = OPENSSL_zalloc(sizeof(*ret->data) * MIN_NODES)) == NULL) -+ if ((ret->data = OPENSSL_malloc(sizeof(char *) * MIN_NODES)) == NULL) - goto err; -+ for (i = 0; i < MIN_NODES; i++) -+ ret->data[i] = NULL; - ret->comp = c; - ret->num_alloc = MIN_NODES; -+ ret->num = 0; -+ ret->sorted = 0; - return (ret); -- - err: -- OPENSSL_free(ret); -+ if (ret) -+ OPENSSL_free(ret); - return (NULL); - } - --int OPENSSL_sk_insert(OPENSSL_STACK *st, const void *data, int loc) -+int sk_insert(_STACK *st, void *data, int loc) - { -- if (st == NULL || st->num < 0 || st->num == INT_MAX) { -- return 0; -- } -- -- if (st->num_alloc <= (size_t)(st->num + 1)) { -- size_t doub_num_alloc = st->num_alloc * 2; -- const char **tmpdata; -+ char **s; - -- /* Overflow checks */ -- if (doub_num_alloc < st->num_alloc) -- return 0; -- -- /* Avoid overflow due to multiplication by sizeof(char *) */ -- if (doub_num_alloc > SIZE_MAX / sizeof(char *)) -- return 0; -- -- tmpdata = OPENSSL_realloc((char *)st->data, -- sizeof(char *) * doub_num_alloc); -- if (tmpdata == NULL) -- return 0; -- -- st->data = tmpdata; -- st->num_alloc = doub_num_alloc; -+ if (st == NULL) -+ return 0; -+ if (st->num_alloc <= st->num + 1) { -+ s = OPENSSL_realloc((char *)st->data, -+ (unsigned int)sizeof(char *) * st->num_alloc * 2); -+ if (s == NULL) -+ return (0); -+ st->data = s; -+ st->num_alloc *= 2; - } -- if ((loc >= st->num) || (loc < 0)) { -+ if ((loc >= (int)st->num) || (loc < 0)) - st->data[st->num] = data; -- } else { -- memmove(&st->data[loc + 1], &st->data[loc], -- sizeof(st->data[0]) * (st->num - loc)); -+ else { -+ int i; -+ char **f, **t; -+ -+ f = st->data; -+ t = &(st->data[1]); -+ for (i = st->num; i >= loc; i--) -+ t[i] = f[i]; -+ -+#ifdef undef /* no memmove on sunos :-( */ -+ memmove(&(st->data[loc + 1]), -+ &(st->data[loc]), sizeof(char *) * (st->num - loc)); -+#endif - st->data[loc] = data; - } - st->num++; - st->sorted = 0; -- return st->num; -+ return (st->num); - } - --void *OPENSSL_sk_delete_ptr(OPENSSL_STACK *st, const void *p) -+void *sk_delete_ptr(_STACK *st, void *p) - { - int i; - - for (i = 0; i < st->num; i++) - if (st->data[i] == p) -- return OPENSSL_sk_delete(st, i); -- return NULL; -+ return (sk_delete(st, i)); -+ return (NULL); - } - --void *OPENSSL_sk_delete(OPENSSL_STACK *st, int loc) -+void *sk_delete(_STACK *st, int loc) - { -- const char *ret; -+ char *ret; -+ int i, j; - -- if (st == NULL || loc < 0 || loc >= st->num) -+ if (!st || (loc < 0) || (loc >= st->num)) - return NULL; - - ret = st->data[loc]; -- if (loc != st->num - 1) -- memmove(&st->data[loc], &st->data[loc + 1], -- sizeof(st->data[0]) * (st->num - loc - 1)); -+ if (loc != st->num - 1) { -+ j = st->num - 1; -+ for (i = loc; i < j; i++) -+ st->data[i] = st->data[i + 1]; -+ /* -+ * In theory memcpy is not safe for this memcpy( &(st->data[loc]), -+ * &(st->data[loc+1]), sizeof(char *)*(st->num-loc-1)); -+ */ -+ } - st->num--; -- return (void *)ret; -+ return (ret); - } - --static int internal_find(OPENSSL_STACK *st, const void *data, -- int ret_val_options) -+static int internal_find(_STACK *st, void *data, int ret_val_options) - { -- const void *r; -+ const void *const *r; - int i; - - if (st == NULL) -@@ -196,65 +258,65 @@ static int internal_find(OPENSSL_STACK *st, const void *data, - return (i); - return (-1); - } -- OPENSSL_sk_sort(st); -+ sk_sort(st); - if (data == NULL) - return (-1); - r = OBJ_bsearch_ex_(&data, st->data, st->num, sizeof(void *), st->comp, - ret_val_options); - if (r == NULL) - return (-1); -- return (int)((const char **)r - st->data); -+ return (int)((char **)r - st->data); - } - --int OPENSSL_sk_find(OPENSSL_STACK *st, const void *data) -+int sk_find(_STACK *st, void *data) - { - return internal_find(st, data, OBJ_BSEARCH_FIRST_VALUE_ON_MATCH); - } - --int OPENSSL_sk_find_ex(OPENSSL_STACK *st, const void *data) -+int sk_find_ex(_STACK *st, void *data) - { - return internal_find(st, data, OBJ_BSEARCH_VALUE_ON_NOMATCH); - } - --int OPENSSL_sk_push(OPENSSL_STACK *st, const void *data) -+int sk_push(_STACK *st, void *data) - { -- return (OPENSSL_sk_insert(st, data, st->num)); -+ return (sk_insert(st, data, st->num)); - } - --int OPENSSL_sk_unshift(OPENSSL_STACK *st, const void *data) -+int sk_unshift(_STACK *st, void *data) - { -- return (OPENSSL_sk_insert(st, data, 0)); -+ return (sk_insert(st, data, 0)); - } - --void *OPENSSL_sk_shift(OPENSSL_STACK *st) -+void *sk_shift(_STACK *st) - { - if (st == NULL) - return (NULL); - if (st->num <= 0) - return (NULL); -- return (OPENSSL_sk_delete(st, 0)); -+ return (sk_delete(st, 0)); - } - --void *OPENSSL_sk_pop(OPENSSL_STACK *st) -+void *sk_pop(_STACK *st) - { - if (st == NULL) - return (NULL); - if (st->num <= 0) - return (NULL); -- return (OPENSSL_sk_delete(st, st->num - 1)); -+ return (sk_delete(st, st->num - 1)); - } - --void OPENSSL_sk_zero(OPENSSL_STACK *st) -+void sk_zero(_STACK *st) - { - if (st == NULL) - return; - if (st->num <= 0) - return; -- memset(st->data, 0, sizeof(*st->data) * st->num); -+ memset((char *)st->data, 0, sizeof(*st->data) * st->num); - st->num = 0; - } - --void OPENSSL_sk_pop_free(OPENSSL_STACK *st, OPENSSL_sk_freefunc func) -+void sk_pop_free(_STACK *st, void (*func) (void *)) - { - int i; - -@@ -262,51 +324,61 @@ void OPENSSL_sk_pop_free(OPENSSL_STACK *st, OPENSSL_sk_freefunc func) - return; - for (i = 0; i < st->num; i++) - if (st->data[i] != NULL) -- func((char *)st->data[i]); -- OPENSSL_sk_free(st); -+ func(st->data[i]); -+ sk_free(st); - } - --void OPENSSL_sk_free(OPENSSL_STACK *st) -+void sk_free(_STACK *st) - { - if (st == NULL) - return; -- OPENSSL_free(st->data); -+ if (st->data != NULL) -+ OPENSSL_free(st->data); - OPENSSL_free(st); - } - --int OPENSSL_sk_num(const OPENSSL_STACK *st) -+int sk_num(const _STACK *st) - { - if (st == NULL) - return -1; - return st->num; - } - --void *OPENSSL_sk_value(const OPENSSL_STACK *st, int i) -+void *sk_value(const _STACK *st, int i) - { -- if (st == NULL || i < 0 || i >= st->num) -+ if (!st || (i < 0) || (i >= st->num)) - return NULL; -- return (void *)st->data[i]; -+ return st->data[i]; - } - --void *OPENSSL_sk_set(OPENSSL_STACK *st, int i, const void *data) -+void *sk_set(_STACK *st, int i, void *value) - { -- if (st == NULL || i < 0 || i >= st->num) -+ if (!st || (i < 0) || (i >= st->num)) - return NULL; -- st->data[i] = data; -- return (void *)st->data[i]; -+ return (st->data[i] = value); - } - --void OPENSSL_sk_sort(OPENSSL_STACK *st) -+void sk_sort(_STACK *st) - { - if (st && !st->sorted && st->comp != NULL) { -- qsort(st->data, st->num, sizeof(char *), st->comp); -+ int (*comp_func) (const void *, const void *); -+ -+ /* -+ * same comment as in sk_find ... previously st->comp was declared as -+ * a (void*,void*) callback type, but this made the population of the -+ * callback pointer illogical - our callbacks compare type** with -+ * type**, so we leave the casting until absolutely necessary (ie. -+ * "now"). -+ */ -+ comp_func = (int (*)(const void *, const void *))(st->comp); -+ qsort(st->data, st->num, sizeof(char *), comp_func); - st->sorted = 1; - } - } - --int OPENSSL_sk_is_sorted(const OPENSSL_STACK *st) -+int sk_is_sorted(const _STACK *st) - { -- if (st == NULL) -+ if (!st) - return 1; - return st->sorted; - } -diff --git a/Cryptlib/OpenSSL/crypto/threads_none.c b/Cryptlib/OpenSSL/crypto/threads_none.c -deleted file mode 100644 -index 72bf25b..0000000 ---- a/Cryptlib/OpenSSL/crypto/threads_none.c -+++ /dev/null -@@ -1,124 +0,0 @@ --/* -- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include -- --#if !defined(OPENSSL_THREADS) || defined(CRYPTO_TDEBUG) -- --CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void) --{ -- CRYPTO_RWLOCK *lock = OPENSSL_zalloc(sizeof(unsigned int)); -- if (lock == NULL) -- return NULL; -- -- *(unsigned int *)lock = 1; -- -- return lock; --} -- --int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock) --{ -- OPENSSL_assert(*(unsigned int *)lock == 1); -- return 1; --} -- --int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock) --{ -- OPENSSL_assert(*(unsigned int *)lock == 1); -- return 1; --} -- --int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock) --{ -- OPENSSL_assert(*(unsigned int *)lock == 1); -- return 1; --} -- --void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock) { -- if (lock == NULL) -- return; -- -- *(unsigned int *)lock = 0; -- OPENSSL_free(lock); -- -- return; --} -- --int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void)) --{ -- if (*once != 0) -- return 1; -- -- init(); -- *once = 1; -- -- return 1; --} -- --#define OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX 256 -- --static void *thread_local_storage[OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX]; -- --int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *)) --{ -- static unsigned int thread_local_key = 0; -- -- if (thread_local_key >= OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX) -- return 0; -- -- *key = thread_local_key++; -- -- thread_local_storage[*key] = NULL; -- -- return 1; --} -- --void *CRYPTO_THREAD_get_local(CRYPTO_THREAD_LOCAL *key) --{ -- if (*key >= OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX) -- return NULL; -- -- return thread_local_storage[*key]; --} -- --int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val) --{ -- if (*key >= OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX) -- return 0; -- -- thread_local_storage[*key] = val; -- -- return 1; --} -- --int CRYPTO_THREAD_cleanup_local(CRYPTO_THREAD_LOCAL *key) --{ -- *key = OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX + 1; -- return 1; --} -- --CRYPTO_THREAD_ID CRYPTO_THREAD_get_current_id(void) --{ -- return 0; --} -- --int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b) --{ -- return (a == b); --} -- --int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock) --{ -- *val += amount; -- *ret = *val; -- -- return 1; --} -- --#endif -diff --git a/Cryptlib/OpenSSL/crypto/threads_pthread.c b/Cryptlib/OpenSSL/crypto/threads_pthread.c -deleted file mode 100644 -index 151013e..0000000 ---- a/Cryptlib/OpenSSL/crypto/threads_pthread.c -+++ /dev/null -@@ -1,171 +0,0 @@ --/* -- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include -- --#if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) && !defined(OPENSSL_SYS_WINDOWS) -- --# ifdef PTHREAD_RWLOCK_INITIALIZER --# define USE_RWLOCK --# endif -- --CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void) --{ --# ifdef USE_RWLOCK -- CRYPTO_RWLOCK *lock = OPENSSL_zalloc(sizeof(pthread_rwlock_t)); -- if (lock == NULL) -- return NULL; -- -- if (pthread_rwlock_init(lock, NULL) != 0) { -- OPENSSL_free(lock); -- return NULL; -- } --# else -- pthread_mutexattr_t attr; -- CRYPTO_RWLOCK *lock = OPENSSL_zalloc(sizeof(pthread_mutex_t)); -- if (lock == NULL) -- return NULL; -- -- pthread_mutexattr_init(&attr); -- pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_RECURSIVE); -- -- if (pthread_mutex_init(lock, &attr) != 0) { -- pthread_mutexattr_destroy(&attr); -- OPENSSL_free(lock); -- return NULL; -- } -- -- pthread_mutexattr_destroy(&attr); --# endif -- -- return lock; --} -- --int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock) --{ --# ifdef USE_RWLOCK -- if (pthread_rwlock_rdlock(lock) != 0) -- return 0; --# else -- if (pthread_mutex_lock(lock) != 0) -- return 0; --# endif -- -- return 1; --} -- --int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock) --{ --# ifdef USE_RWLOCK -- if (pthread_rwlock_wrlock(lock) != 0) -- return 0; --# else -- if (pthread_mutex_lock(lock) != 0) -- return 0; --# endif -- -- return 1; --} -- --int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock) --{ --# ifdef USE_RWLOCK -- if (pthread_rwlock_unlock(lock) != 0) -- return 0; --# else -- if (pthread_mutex_unlock(lock) != 0) -- return 0; --# endif -- -- return 1; --} -- --void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock) --{ -- if (lock == NULL) -- return; -- --# ifdef USE_RWLOCK -- pthread_rwlock_destroy(lock); --# else -- pthread_mutex_destroy(lock); --# endif -- OPENSSL_free(lock); -- -- return; --} -- --int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void)) --{ -- if (pthread_once(once, init) != 0) -- return 0; -- -- return 1; --} -- --int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *)) --{ -- if (pthread_key_create(key, cleanup) != 0) -- return 0; -- -- return 1; --} -- --void *CRYPTO_THREAD_get_local(CRYPTO_THREAD_LOCAL *key) --{ -- return pthread_getspecific(*key); --} -- --int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val) --{ -- if (pthread_setspecific(*key, val) != 0) -- return 0; -- -- return 1; --} -- --int CRYPTO_THREAD_cleanup_local(CRYPTO_THREAD_LOCAL *key) --{ -- if (pthread_key_delete(*key) != 0) -- return 0; -- -- return 1; --} -- --CRYPTO_THREAD_ID CRYPTO_THREAD_get_current_id(void) --{ -- return pthread_self(); --} -- --int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b) --{ -- return pthread_equal(a, b); --} -- --int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock) --{ --# if defined(__GNUC__) && defined(__ATOMIC_ACQ_REL) -- if (__atomic_is_lock_free(sizeof(*val), val)) { -- *ret = __atomic_add_fetch(val, amount, __ATOMIC_ACQ_REL); -- return 1; -- } --# endif -- if (!CRYPTO_THREAD_write_lock(lock)) -- return 0; -- -- *val += amount; -- *ret = *val; -- -- if (!CRYPTO_THREAD_unlock(lock)) -- return 0; -- -- return 1; --} -- --#endif -diff --git a/Cryptlib/OpenSSL/crypto/threads_win.c b/Cryptlib/OpenSSL/crypto/threads_win.c -deleted file mode 100644 -index 4e0de90..0000000 ---- a/Cryptlib/OpenSSL/crypto/threads_win.c -+++ /dev/null -@@ -1,136 +0,0 @@ --/* -- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#if defined(_WIN32) --# include --#endif -- --#include -- --#if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) && defined(OPENSSL_SYS_WINDOWS) -- --CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void) --{ -- CRYPTO_RWLOCK *lock = OPENSSL_zalloc(sizeof(CRITICAL_SECTION)); -- if (lock == NULL) -- return NULL; -- -- /* 0x400 is the spin count value suggested in the documentation */ -- if (!InitializeCriticalSectionAndSpinCount(lock, 0x400)) { -- OPENSSL_free(lock); -- return NULL; -- } -- -- return lock; --} -- --int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock) --{ -- EnterCriticalSection(lock); -- return 1; --} -- --int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock) --{ -- EnterCriticalSection(lock); -- return 1; --} -- --int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock) --{ -- LeaveCriticalSection(lock); -- return 1; --} -- --void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock) --{ -- if (lock == NULL) -- return; -- -- DeleteCriticalSection(lock); -- OPENSSL_free(lock); -- -- return; --} -- --# define ONCE_UNINITED 0 --# define ONCE_ININIT 1 --# define ONCE_DONE 2 -- --/* -- * We don't use InitOnceExecuteOnce because that isn't available in WinXP which -- * we still have to support. -- */ --int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void)) --{ -- LONG volatile *lock = (LONG *)once; -- LONG result; -- -- if (*lock == ONCE_DONE) -- return 1; -- -- do { -- result = InterlockedCompareExchange(lock, ONCE_ININIT, ONCE_UNINITED); -- if (result == ONCE_UNINITED) { -- init(); -- *lock = ONCE_DONE; -- return 1; -- } -- } while (result == ONCE_ININIT); -- -- return (*lock == ONCE_DONE); --} -- --int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *)) --{ -- *key = TlsAlloc(); -- if (*key == TLS_OUT_OF_INDEXES) -- return 0; -- -- return 1; --} -- --void *CRYPTO_THREAD_get_local(CRYPTO_THREAD_LOCAL *key) --{ -- return TlsGetValue(*key); --} -- --int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val) --{ -- if (TlsSetValue(*key, val) == 0) -- return 0; -- -- return 1; --} -- --int CRYPTO_THREAD_cleanup_local(CRYPTO_THREAD_LOCAL *key) --{ -- if (TlsFree(*key) == 0) -- return 0; -- -- return 1; --} -- --CRYPTO_THREAD_ID CRYPTO_THREAD_get_current_id(void) --{ -- return GetCurrentThreadId(); --} -- --int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b) --{ -- return (a == b); --} -- --int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock) --{ -- *ret = InterlockedExchangeAdd(val, amount) + amount; -- return 1; --} -- --#endif -diff --git a/Cryptlib/OpenSSL/crypto/txt_db/txt_db.c b/Cryptlib/OpenSSL/crypto/txt_db/txt_db.c -index 1432230..f9b42ac 100644 ---- a/Cryptlib/OpenSSL/crypto/txt_db/txt_db.c -+++ b/Cryptlib/OpenSSL/crypto/txt_db/txt_db.c -@@ -1,25 +1,77 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/txt_db/txt_db.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include - #include - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - - #undef BUFSIZE - #define BUFSIZE 512 - -+const char TXT_DB_version[] = "TXT_DB" OPENSSL_VERSION_PTEXT; -+ - TXT_DB *TXT_DB_read(BIO *in, int num) - { - TXT_DB *ret = NULL; -+ int er = 1; - int esc = 0; - long ln = 0; - int i, add, n; -@@ -34,7 +86,7 @@ TXT_DB *TXT_DB_read(BIO *in, int num) - if (!BUF_MEM_grow(buf, size)) - goto err; - -- if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) -+ if ((ret = OPENSSL_malloc(sizeof(TXT_DB))) == NULL) - goto err; - ret->num_fields = num; - ret->index = NULL; -@@ -72,7 +124,7 @@ TXT_DB *TXT_DB_read(BIO *in, int num) - continue; - else { - buf->data[offset - 1] = '\0'; /* blat the '\n' */ -- if ((p = OPENSSL_malloc(add + offset)) == NULL) -+ if (!(p = OPENSSL_malloc(add + offset))) - goto err; - offset = 0; - } -@@ -104,24 +156,46 @@ TXT_DB *TXT_DB_read(BIO *in, int num) - } - *(p++) = '\0'; - if ((n != num) || (*f != '\0')) { -- ret->error = DB_ERROR_WRONG_NUM_FIELDS; -+#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) /* temporary -+ * fix :-( */ -+ fprintf(stderr, -+ "wrong number of fields on line %ld (looking for field %d, got %d, '%s' left)\n", -+ ln, num, n, f); -+#endif -+ er = 2; - goto err; - } - pp[n] = p; -- if (!sk_OPENSSL_PSTRING_push(ret->data, pp)) -+ if (!sk_OPENSSL_PSTRING_push(ret->data, pp)) { -+#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) /* temporary -+ * fix :-( */ -+ fprintf(stderr, "failure in sk_push\n"); -+#endif -+ er = 2; - goto err; -+ } - } -- BUF_MEM_free(buf); -- return ret; -+ er = 0; - err: - BUF_MEM_free(buf); -- if (ret != NULL) { -- sk_OPENSSL_PSTRING_free(ret->data); -- OPENSSL_free(ret->index); -- OPENSSL_free(ret->qual); -- OPENSSL_free(ret); -- } -- return (NULL); -+ if (er) { -+#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) -+ if (er == 1) -+ fprintf(stderr, "OPENSSL_malloc failure\n"); -+#endif -+ if (ret != NULL) { -+ if (ret->data != NULL) -+ sk_OPENSSL_PSTRING_free(ret->data); -+ if (ret->index != NULL) -+ OPENSSL_free(ret->index); -+ if (ret->qual != NULL) -+ OPENSSL_free(ret->qual); -+ if (ret != NULL) -+ OPENSSL_free(ret); -+ } -+ return (NULL); -+ } else -+ return (ret); - } - - OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx, -@@ -145,7 +219,7 @@ OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx, - } - - int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *), -- OPENSSL_LH_HASHFUNC hash, OPENSSL_LH_COMPFUNC cmp) -+ LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp) - { - LHASH_OF(OPENSSL_STRING) *idx; - OPENSSL_STRING *r; -@@ -156,7 +230,7 @@ int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *), - return (0); - } - /* FIXME: we lose type checking at this point */ -- if ((idx = (LHASH_OF(OPENSSL_STRING) *)OPENSSL_LH_new(hash, cmp)) == NULL) { -+ if ((idx = (LHASH_OF(OPENSSL_STRING) *)lh_new(hash, cmp)) == NULL) { - db->error = DB_ERROR_MALLOC; - return (0); - } -@@ -173,7 +247,8 @@ int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *), - return (0); - } - } -- lh_OPENSSL_STRING_free(db->index[field]); -+ if (db->index[field] != NULL) -+ lh_OPENSSL_STRING_free(db->index[field]); - db->index[field] = idx; - db->qual[field] = qual; - return (1); -@@ -222,7 +297,8 @@ long TXT_DB_write(BIO *out, TXT_DB *db) - } - ret = tot; - err: -- BUF_MEM_free(buf); -+ if (buf != NULL) -+ BUF_MEM_free(buf); - return (ret); - } - -@@ -272,10 +348,12 @@ void TXT_DB_free(TXT_DB *db) - - if (db->index != NULL) { - for (i = db->num_fields - 1; i >= 0; i--) -- lh_OPENSSL_STRING_free(db->index[i]); -+ if (db->index[i] != NULL) -+ lh_OPENSSL_STRING_free(db->index[i]); - OPENSSL_free(db->index); - } -- OPENSSL_free(db->qual); -+ if (db->qual != NULL) -+ OPENSSL_free(db->qual); - if (db->data != NULL) { - for (i = sk_OPENSSL_PSTRING_num(db->data) - 1; i >= 0; i--) { - /* -@@ -286,10 +364,12 @@ void TXT_DB_free(TXT_DB *db) - max = p[db->num_fields]; /* last address */ - if (max == NULL) { /* new row */ - for (n = 0; n < db->num_fields; n++) -- OPENSSL_free(p[n]); -+ if (p[n] != NULL) -+ OPENSSL_free(p[n]); - } else { - for (n = 0; n < db->num_fields; n++) { -- if (((p[n] < (char *)p) || (p[n] > max))) -+ if (((p[n] < (char *)p) || (p[n] > max)) -+ && (p[n] != NULL)) - OPENSSL_free(p[n]); - } - } -diff --git a/Cryptlib/OpenSSL/crypto/ui/ui_compat.c b/Cryptlib/OpenSSL/crypto/ui/ui_compat.c -new file mode 100644 -index 0000000..e79d54e ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/ui/ui_compat.c -@@ -0,0 +1,69 @@ -+/* crypto/ui/ui_compat.c */ -+/* ==================================================================== -+ * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+#include -+#include -+ -+int _ossl_old_des_read_pw_string(char *buf, int length, const char *prompt, -+ int verify) -+{ -+ return UI_UTIL_read_pw_string(buf, length, prompt, verify); -+} -+ -+int _ossl_old_des_read_pw(char *buf, char *buff, int size, const char *prompt, -+ int verify) -+{ -+ return UI_UTIL_read_pw(buf, buff, size, prompt, verify); -+} -diff --git a/Cryptlib/OpenSSL/crypto/ui/ui_lib.c b/Cryptlib/OpenSSL/crypto/ui/ui_lib.c -new file mode 100644 -index 0000000..3cc067c ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/ui/ui_lib.c -@@ -0,0 +1,878 @@ -+/* crypto/ui/ui_lib.c */ -+/* -+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project -+ * 2001. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+#include -+#include "cryptlib.h" -+#include -+#include -+#include -+#include -+#include "ui_locl.h" -+ -+IMPLEMENT_STACK_OF(UI_STRING_ST) -+ -+static const UI_METHOD *default_UI_meth = NULL; -+ -+UI *UI_new(void) -+{ -+ return (UI_new_method(NULL)); -+} -+ -+UI *UI_new_method(const UI_METHOD *method) -+{ -+ UI *ret; -+ -+ ret = (UI *)OPENSSL_malloc(sizeof(UI)); -+ if (ret == NULL) { -+ UIerr(UI_F_UI_NEW_METHOD, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ if (method == NULL) -+ ret->meth = UI_get_default_method(); -+ else -+ ret->meth = method; -+ -+ ret->strings = NULL; -+ ret->user_data = NULL; -+ ret->flags = 0; -+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI, ret, &ret->ex_data); -+ return ret; -+} -+ -+static void free_string(UI_STRING *uis) -+{ -+ if (uis->flags & OUT_STRING_FREEABLE) { -+ OPENSSL_free((char *)uis->out_string); -+ switch (uis->type) { -+ case UIT_BOOLEAN: -+ OPENSSL_free((char *)uis->_.boolean_data.action_desc); -+ OPENSSL_free((char *)uis->_.boolean_data.ok_chars); -+ OPENSSL_free((char *)uis->_.boolean_data.cancel_chars); -+ break; -+ default: -+ break; -+ } -+ } -+ OPENSSL_free(uis); -+} -+ -+void UI_free(UI *ui) -+{ -+ if (ui == NULL) -+ return; -+ sk_UI_STRING_pop_free(ui->strings, free_string); -+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_UI, ui, &ui->ex_data); -+ OPENSSL_free(ui); -+} -+ -+static int allocate_string_stack(UI *ui) -+{ -+ if (ui->strings == NULL) { -+ ui->strings = sk_UI_STRING_new_null(); -+ if (ui->strings == NULL) { -+ return -1; -+ } -+ } -+ return 0; -+} -+ -+static UI_STRING *general_allocate_prompt(UI *ui, const char *prompt, -+ int prompt_freeable, -+ enum UI_string_types type, -+ int input_flags, char *result_buf) -+{ -+ UI_STRING *ret = NULL; -+ -+ if (prompt == NULL) { -+ UIerr(UI_F_GENERAL_ALLOCATE_PROMPT, ERR_R_PASSED_NULL_PARAMETER); -+ } else if ((type == UIT_PROMPT || type == UIT_VERIFY -+ || type == UIT_BOOLEAN) && result_buf == NULL) { -+ UIerr(UI_F_GENERAL_ALLOCATE_PROMPT, UI_R_NO_RESULT_BUFFER); -+ } else if ((ret = (UI_STRING *)OPENSSL_malloc(sizeof(UI_STRING)))) { -+ ret->out_string = prompt; -+ ret->flags = prompt_freeable ? OUT_STRING_FREEABLE : 0; -+ ret->input_flags = input_flags; -+ ret->type = type; -+ ret->result_buf = result_buf; -+ } -+ return ret; -+} -+ -+static int general_allocate_string(UI *ui, const char *prompt, -+ int prompt_freeable, -+ enum UI_string_types type, int input_flags, -+ char *result_buf, int minsize, int maxsize, -+ const char *test_buf) -+{ -+ int ret = -1; -+ UI_STRING *s = general_allocate_prompt(ui, prompt, prompt_freeable, -+ type, input_flags, result_buf); -+ -+ if (s != NULL) { -+ if (allocate_string_stack(ui) >= 0) { -+ s->_.string_data.result_minsize = minsize; -+ s->_.string_data.result_maxsize = maxsize; -+ s->_.string_data.test_buf = test_buf; -+ ret = sk_UI_STRING_push(ui->strings, s); -+ /* sk_push() returns 0 on error. Let's addapt that */ -+ if (ret <= 0) -+ ret--; -+ } else -+ free_string(s); -+ } -+ return ret; -+} -+ -+static int general_allocate_boolean(UI *ui, -+ const char *prompt, -+ const char *action_desc, -+ const char *ok_chars, -+ const char *cancel_chars, -+ int prompt_freeable, -+ enum UI_string_types type, -+ int input_flags, char *result_buf) -+{ -+ int ret = -1; -+ UI_STRING *s; -+ const char *p; -+ -+ if (ok_chars == NULL) { -+ UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN, ERR_R_PASSED_NULL_PARAMETER); -+ } else if (cancel_chars == NULL) { -+ UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN, ERR_R_PASSED_NULL_PARAMETER); -+ } else { -+ for (p = ok_chars; *p != '\0'; p++) { -+ if (strchr(cancel_chars, *p) != NULL) { -+ UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN, -+ UI_R_COMMON_OK_AND_CANCEL_CHARACTERS); -+ } -+ } -+ -+ s = general_allocate_prompt(ui, prompt, prompt_freeable, -+ type, input_flags, result_buf); -+ -+ if (s != NULL) { -+ if (allocate_string_stack(ui) >= 0) { -+ s->_.boolean_data.action_desc = action_desc; -+ s->_.boolean_data.ok_chars = ok_chars; -+ s->_.boolean_data.cancel_chars = cancel_chars; -+ ret = sk_UI_STRING_push(ui->strings, s); -+ /* -+ * sk_push() returns 0 on error. Let's addapt that -+ */ -+ if (ret <= 0) -+ ret--; -+ } else -+ free_string(s); -+ } -+ } -+ return ret; -+} -+ -+/* -+ * Returns the index to the place in the stack or -1 for error. Uses a -+ * direct reference to the prompt. -+ */ -+int UI_add_input_string(UI *ui, const char *prompt, int flags, -+ char *result_buf, int minsize, int maxsize) -+{ -+ return general_allocate_string(ui, prompt, 0, -+ UIT_PROMPT, flags, result_buf, minsize, -+ maxsize, NULL); -+} -+ -+/* Same as UI_add_input_string(), excepts it takes a copy of the prompt */ -+int UI_dup_input_string(UI *ui, const char *prompt, int flags, -+ char *result_buf, int minsize, int maxsize) -+{ -+ char *prompt_copy = NULL; -+ -+ if (prompt != NULL) { -+ prompt_copy = BUF_strdup(prompt); -+ if (prompt_copy == NULL) { -+ UIerr(UI_F_UI_DUP_INPUT_STRING, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ } -+ -+ return general_allocate_string(ui, prompt_copy, 1, -+ UIT_PROMPT, flags, result_buf, minsize, -+ maxsize, NULL); -+} -+ -+int UI_add_verify_string(UI *ui, const char *prompt, int flags, -+ char *result_buf, int minsize, int maxsize, -+ const char *test_buf) -+{ -+ return general_allocate_string(ui, prompt, 0, -+ UIT_VERIFY, flags, result_buf, minsize, -+ maxsize, test_buf); -+} -+ -+int UI_dup_verify_string(UI *ui, const char *prompt, int flags, -+ char *result_buf, int minsize, int maxsize, -+ const char *test_buf) -+{ -+ char *prompt_copy = NULL; -+ -+ if (prompt != NULL) { -+ prompt_copy = BUF_strdup(prompt); -+ if (prompt_copy == NULL) { -+ UIerr(UI_F_UI_DUP_VERIFY_STRING, ERR_R_MALLOC_FAILURE); -+ return -1; -+ } -+ } -+ -+ return general_allocate_string(ui, prompt_copy, 1, -+ UIT_VERIFY, flags, result_buf, minsize, -+ maxsize, test_buf); -+} -+ -+int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc, -+ const char *ok_chars, const char *cancel_chars, -+ int flags, char *result_buf) -+{ -+ return general_allocate_boolean(ui, prompt, action_desc, -+ ok_chars, cancel_chars, 0, UIT_BOOLEAN, -+ flags, result_buf); -+} -+ -+int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc, -+ const char *ok_chars, const char *cancel_chars, -+ int flags, char *result_buf) -+{ -+ char *prompt_copy = NULL; -+ char *action_desc_copy = NULL; -+ char *ok_chars_copy = NULL; -+ char *cancel_chars_copy = NULL; -+ -+ if (prompt != NULL) { -+ prompt_copy = BUF_strdup(prompt); -+ if (prompt_copy == NULL) { -+ UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ } -+ -+ if (action_desc != NULL) { -+ action_desc_copy = BUF_strdup(action_desc); -+ if (action_desc_copy == NULL) { -+ UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ } -+ -+ if (ok_chars != NULL) { -+ ok_chars_copy = BUF_strdup(ok_chars); -+ if (ok_chars_copy == NULL) { -+ UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ } -+ -+ if (cancel_chars != NULL) { -+ cancel_chars_copy = BUF_strdup(cancel_chars); -+ if (cancel_chars_copy == NULL) { -+ UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ } -+ -+ return general_allocate_boolean(ui, prompt_copy, action_desc_copy, -+ ok_chars_copy, cancel_chars_copy, 1, -+ UIT_BOOLEAN, flags, result_buf); -+ err: -+ if (prompt_copy) -+ OPENSSL_free(prompt_copy); -+ if (action_desc_copy) -+ OPENSSL_free(action_desc_copy); -+ if (ok_chars_copy) -+ OPENSSL_free(ok_chars_copy); -+ if (cancel_chars_copy) -+ OPENSSL_free(cancel_chars_copy); -+ return -1; -+} -+ -+int UI_add_info_string(UI *ui, const char *text) -+{ -+ return general_allocate_string(ui, text, 0, UIT_INFO, 0, NULL, 0, 0, -+ NULL); -+} -+ -+int UI_dup_info_string(UI *ui, const char *text) -+{ -+ char *text_copy = NULL; -+ -+ if (text != NULL) { -+ text_copy = BUF_strdup(text); -+ if (text_copy == NULL) { -+ UIerr(UI_F_UI_DUP_INFO_STRING, ERR_R_MALLOC_FAILURE); -+ return -1; -+ } -+ } -+ -+ return general_allocate_string(ui, text_copy, 1, UIT_INFO, 0, NULL, -+ 0, 0, NULL); -+} -+ -+int UI_add_error_string(UI *ui, const char *text) -+{ -+ return general_allocate_string(ui, text, 0, UIT_ERROR, 0, NULL, 0, 0, -+ NULL); -+} -+ -+int UI_dup_error_string(UI *ui, const char *text) -+{ -+ char *text_copy = NULL; -+ -+ if (text != NULL) { -+ text_copy = BUF_strdup(text); -+ if (text_copy == NULL) { -+ UIerr(UI_F_UI_DUP_ERROR_STRING, ERR_R_MALLOC_FAILURE); -+ return -1; -+ } -+ } -+ return general_allocate_string(ui, text_copy, 1, UIT_ERROR, 0, NULL, -+ 0, 0, NULL); -+} -+ -+char *UI_construct_prompt(UI *ui, const char *object_desc, -+ const char *object_name) -+{ -+ char *prompt = NULL; -+ -+ if (ui->meth->ui_construct_prompt != NULL) -+ prompt = ui->meth->ui_construct_prompt(ui, object_desc, object_name); -+ else { -+ char prompt1[] = "Enter "; -+ char prompt2[] = " for "; -+ char prompt3[] = ":"; -+ int len = 0; -+ -+ if (object_desc == NULL) -+ return NULL; -+ len = sizeof(prompt1) - 1 + strlen(object_desc); -+ if (object_name != NULL) -+ len += sizeof(prompt2) - 1 + strlen(object_name); -+ len += sizeof(prompt3) - 1; -+ -+ prompt = (char *)OPENSSL_malloc(len + 1); -+ if (prompt == NULL) -+ return NULL; -+ BUF_strlcpy(prompt, prompt1, len + 1); -+ BUF_strlcat(prompt, object_desc, len + 1); -+ if (object_name != NULL) { -+ BUF_strlcat(prompt, prompt2, len + 1); -+ BUF_strlcat(prompt, object_name, len + 1); -+ } -+ BUF_strlcat(prompt, prompt3, len + 1); -+ } -+ return prompt; -+} -+ -+void *UI_add_user_data(UI *ui, void *user_data) -+{ -+ void *old_data = ui->user_data; -+ ui->user_data = user_data; -+ return old_data; -+} -+ -+void *UI_get0_user_data(UI *ui) -+{ -+ return ui->user_data; -+} -+ -+const char *UI_get0_result(UI *ui, int i) -+{ -+ if (i < 0) { -+ UIerr(UI_F_UI_GET0_RESULT, UI_R_INDEX_TOO_SMALL); -+ return NULL; -+ } -+ if (i >= sk_UI_STRING_num(ui->strings)) { -+ UIerr(UI_F_UI_GET0_RESULT, UI_R_INDEX_TOO_LARGE); -+ return NULL; -+ } -+ return UI_get0_result_string(sk_UI_STRING_value(ui->strings, i)); -+} -+ -+static int print_error(const char *str, size_t len, UI *ui) -+{ -+ UI_STRING uis; -+ -+ memset(&uis, 0, sizeof(uis)); -+ uis.type = UIT_ERROR; -+ uis.out_string = str; -+ -+ if (ui->meth->ui_write_string != NULL -+ && ui->meth->ui_write_string(ui, &uis) <= 0) -+ return -1; -+ return 0; -+} -+ -+int UI_process(UI *ui) -+{ -+ int i, ok = 0; -+ -+ if (ui->meth->ui_open_session != NULL -+ && ui->meth->ui_open_session(ui) <= 0) { -+ ok = -1; -+ goto err; -+ } -+ -+ if (ui->flags & UI_FLAG_PRINT_ERRORS) -+ ERR_print_errors_cb((int (*)(const char *, size_t, void *)) -+ print_error, (void *)ui); -+ -+ for (i = 0; i < sk_UI_STRING_num(ui->strings); i++) { -+ if (ui->meth->ui_write_string != NULL -+ && (ui->meth->ui_write_string(ui, -+ sk_UI_STRING_value(ui->strings, i)) -+ <= 0)) -+ { -+ ok = -1; -+ goto err; -+ } -+ } -+ -+ if (ui->meth->ui_flush != NULL) -+ switch (ui->meth->ui_flush(ui)) { -+ case -1: /* Interrupt/Cancel/something... */ -+ ok = -2; -+ goto err; -+ case 0: /* Errors */ -+ ok = -1; -+ goto err; -+ default: /* Success */ -+ ok = 0; -+ break; -+ } -+ -+ for (i = 0; i < sk_UI_STRING_num(ui->strings); i++) { -+ if (ui->meth->ui_read_string != NULL) { -+ switch (ui->meth->ui_read_string(ui, -+ sk_UI_STRING_value(ui->strings, -+ i))) { -+ case -1: /* Interrupt/Cancel/something... */ -+ ok = -2; -+ goto err; -+ case 0: /* Errors */ -+ ok = -1; -+ goto err; -+ default: /* Success */ -+ ok = 0; -+ break; -+ } -+ } -+ } -+ err: -+ if (ui->meth->ui_close_session != NULL -+ && ui->meth->ui_close_session(ui) <= 0) -+ return -1; -+ return ok; -+} -+ -+int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void)) -+{ -+ if (ui == NULL) { -+ UIerr(UI_F_UI_CTRL, ERR_R_PASSED_NULL_PARAMETER); -+ return -1; -+ } -+ switch (cmd) { -+ case UI_CTRL_PRINT_ERRORS: -+ { -+ int save_flag = ! !(ui->flags & UI_FLAG_PRINT_ERRORS); -+ if (i) -+ ui->flags |= UI_FLAG_PRINT_ERRORS; -+ else -+ ui->flags &= ~UI_FLAG_PRINT_ERRORS; -+ return save_flag; -+ } -+ case UI_CTRL_IS_REDOABLE: -+ return ! !(ui->flags & UI_FLAG_REDOABLE); -+ default: -+ break; -+ } -+ UIerr(UI_F_UI_CTRL, UI_R_UNKNOWN_CONTROL_COMMAND); -+ return -1; -+} -+ -+int UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, -+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) -+{ -+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI, argl, argp, -+ new_func, dup_func, free_func); -+} -+ -+int UI_set_ex_data(UI *r, int idx, void *arg) -+{ -+ return (CRYPTO_set_ex_data(&r->ex_data, idx, arg)); -+} -+ -+void *UI_get_ex_data(UI *r, int idx) -+{ -+ return (CRYPTO_get_ex_data(&r->ex_data, idx)); -+} -+ -+void UI_set_default_method(const UI_METHOD *meth) -+{ -+ default_UI_meth = meth; -+} -+ -+const UI_METHOD *UI_get_default_method(void) -+{ -+ if (default_UI_meth == NULL) { -+ default_UI_meth = UI_OpenSSL(); -+ } -+ return default_UI_meth; -+} -+ -+const UI_METHOD *UI_get_method(UI *ui) -+{ -+ return ui->meth; -+} -+ -+const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth) -+{ -+ ui->meth = meth; -+ return ui->meth; -+} -+ -+UI_METHOD *UI_create_method(char *name) -+{ -+ UI_METHOD *ui_method = (UI_METHOD *)OPENSSL_malloc(sizeof(UI_METHOD)); -+ -+ if (ui_method) { -+ memset(ui_method, 0, sizeof(*ui_method)); -+ ui_method->name = BUF_strdup(name); -+ } -+ return ui_method; -+} -+ -+/* -+ * BIG FSCKING WARNING!!!! If you use this on a statically allocated method -+ * (that is, it hasn't been allocated using UI_create_method(), you deserve -+ * anything Murphy can throw at you and more! You have been warned. -+ */ -+void UI_destroy_method(UI_METHOD *ui_method) -+{ -+ OPENSSL_free(ui_method->name); -+ ui_method->name = NULL; -+ OPENSSL_free(ui_method); -+} -+ -+int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui)) -+{ -+ if (method != NULL) { -+ method->ui_open_session = opener; -+ return 0; -+ } -+ return -1; -+} -+ -+int UI_method_set_writer(UI_METHOD *method, -+ int (*writer) (UI *ui, UI_STRING *uis)) -+{ -+ if (method != NULL) { -+ method->ui_write_string = writer; -+ return 0; -+ } -+ return -1; -+} -+ -+int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui)) -+{ -+ if (method != NULL) { -+ method->ui_flush = flusher; -+ return 0; -+ } -+ return -1; -+} -+ -+int UI_method_set_reader(UI_METHOD *method, -+ int (*reader) (UI *ui, UI_STRING *uis)) -+{ -+ if (method != NULL) { -+ method->ui_read_string = reader; -+ return 0; -+ } -+ return -1; -+} -+ -+int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui)) -+{ -+ if (method != NULL) { -+ method->ui_close_session = closer; -+ return 0; -+ } -+ return -1; -+} -+ -+int UI_method_set_prompt_constructor(UI_METHOD *method, -+ char *(*prompt_constructor) (UI *ui, -+ const char -+ *object_desc, -+ const char -+ *object_name)) -+{ -+ if (method != NULL) { -+ method->ui_construct_prompt = prompt_constructor; -+ return 0; -+ } -+ return -1; -+} -+ -+int (*UI_method_get_opener(UI_METHOD *method)) (UI *) -+{ -+ if (method != NULL) -+ return method->ui_open_session; -+ return NULL; -+} -+ -+int (*UI_method_get_writer(UI_METHOD *method)) (UI *, UI_STRING *) -+{ -+ if (method != NULL) -+ return method->ui_write_string; -+ return NULL; -+} -+ -+int (*UI_method_get_flusher(UI_METHOD *method)) (UI *) -+{ -+ if (method != NULL) -+ return method->ui_flush; -+ return NULL; -+} -+ -+int (*UI_method_get_reader(UI_METHOD *method)) (UI *, UI_STRING *) -+{ -+ if (method != NULL) -+ return method->ui_read_string; -+ return NULL; -+} -+ -+int (*UI_method_get_closer(UI_METHOD *method)) (UI *) -+{ -+ if (method != NULL) -+ return method->ui_close_session; -+ return NULL; -+} -+ -+char *(*UI_method_get_prompt_constructor(UI_METHOD *method)) (UI *, -+ const char *, -+ const char *) -+{ -+ if (method != NULL) -+ return method->ui_construct_prompt; -+ return NULL; -+} -+ -+enum UI_string_types UI_get_string_type(UI_STRING *uis) -+{ -+ if (!uis) -+ return UIT_NONE; -+ return uis->type; -+} -+ -+int UI_get_input_flags(UI_STRING *uis) -+{ -+ if (!uis) -+ return 0; -+ return uis->input_flags; -+} -+ -+const char *UI_get0_output_string(UI_STRING *uis) -+{ -+ if (!uis) -+ return NULL; -+ return uis->out_string; -+} -+ -+const char *UI_get0_action_string(UI_STRING *uis) -+{ -+ if (!uis) -+ return NULL; -+ switch (uis->type) { -+ case UIT_PROMPT: -+ case UIT_BOOLEAN: -+ return uis->_.boolean_data.action_desc; -+ default: -+ return NULL; -+ } -+} -+ -+const char *UI_get0_result_string(UI_STRING *uis) -+{ -+ if (!uis) -+ return NULL; -+ switch (uis->type) { -+ case UIT_PROMPT: -+ case UIT_VERIFY: -+ return uis->result_buf; -+ default: -+ return NULL; -+ } -+} -+ -+const char *UI_get0_test_string(UI_STRING *uis) -+{ -+ if (!uis) -+ return NULL; -+ switch (uis->type) { -+ case UIT_VERIFY: -+ return uis->_.string_data.test_buf; -+ default: -+ return NULL; -+ } -+} -+ -+int UI_get_result_minsize(UI_STRING *uis) -+{ -+ if (!uis) -+ return -1; -+ switch (uis->type) { -+ case UIT_PROMPT: -+ case UIT_VERIFY: -+ return uis->_.string_data.result_minsize; -+ default: -+ return -1; -+ } -+} -+ -+int UI_get_result_maxsize(UI_STRING *uis) -+{ -+ if (!uis) -+ return -1; -+ switch (uis->type) { -+ case UIT_PROMPT: -+ case UIT_VERIFY: -+ return uis->_.string_data.result_maxsize; -+ default: -+ return -1; -+ } -+} -+ -+int UI_set_result(UI *ui, UI_STRING *uis, const char *result) -+{ -+ int l = strlen(result); -+ -+ ui->flags &= ~UI_FLAG_REDOABLE; -+ -+ if (!uis) -+ return -1; -+ switch (uis->type) { -+ case UIT_PROMPT: -+ case UIT_VERIFY: -+ { -+ char number1[DECIMAL_SIZE(uis->_.string_data.result_minsize) + 1]; -+ char number2[DECIMAL_SIZE(uis->_.string_data.result_maxsize) + 1]; -+ -+ BIO_snprintf(number1, sizeof(number1), "%d", -+ uis->_.string_data.result_minsize); -+ BIO_snprintf(number2, sizeof(number2), "%d", -+ uis->_.string_data.result_maxsize); -+ -+ if (l < uis->_.string_data.result_minsize) { -+ ui->flags |= UI_FLAG_REDOABLE; -+ UIerr(UI_F_UI_SET_RESULT, UI_R_RESULT_TOO_SMALL); -+ ERR_add_error_data(5, "You must type in ", -+ number1, " to ", number2, " characters"); -+ return -1; -+ } -+ if (l > uis->_.string_data.result_maxsize) { -+ ui->flags |= UI_FLAG_REDOABLE; -+ UIerr(UI_F_UI_SET_RESULT, UI_R_RESULT_TOO_LARGE); -+ ERR_add_error_data(5, "You must type in ", -+ number1, " to ", number2, " characters"); -+ return -1; -+ } -+ } -+ -+ if (!uis->result_buf) { -+ UIerr(UI_F_UI_SET_RESULT, UI_R_NO_RESULT_BUFFER); -+ return -1; -+ } -+ -+ BUF_strlcpy(uis->result_buf, result, -+ uis->_.string_data.result_maxsize + 1); -+ break; -+ case UIT_BOOLEAN: -+ { -+ const char *p; -+ -+ if (!uis->result_buf) { -+ UIerr(UI_F_UI_SET_RESULT, UI_R_NO_RESULT_BUFFER); -+ return -1; -+ } -+ -+ uis->result_buf[0] = '\0'; -+ for (p = result; *p; p++) { -+ if (strchr(uis->_.boolean_data.ok_chars, *p)) { -+ uis->result_buf[0] = uis->_.boolean_data.ok_chars[0]; -+ break; -+ } -+ if (strchr(uis->_.boolean_data.cancel_chars, *p)) { -+ uis->result_buf[0] = uis->_.boolean_data.cancel_chars[0]; -+ break; -+ } -+ } -+ } -+ default: -+ break; -+ } -+ return 0; -+} -diff --git a/Cryptlib/OpenSSL/crypto/ui/ui_locl.h b/Cryptlib/OpenSSL/crypto/ui/ui_locl.h -new file mode 100644 -index 0000000..bebc13a ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/ui/ui_locl.h -@@ -0,0 +1,145 @@ -+/* crypto/ui/ui.h */ -+/* -+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project -+ * 2001. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+#ifndef HEADER_UI_LOCL_H -+# define HEADER_UI_LOCL_H -+ -+# include -+# include -+ -+# ifdef _ -+# undef _ -+# endif -+ -+struct ui_method_st { -+ char *name; -+ /* -+ * All the functions return 1 or non-NULL for success and 0 or NULL for -+ * failure -+ */ -+ /* -+ * Open whatever channel for this, be it the console, an X window or -+ * whatever. This function should use the ex_data structure to save -+ * intermediate data. -+ */ -+ int (*ui_open_session) (UI *ui); -+ int (*ui_write_string) (UI *ui, UI_STRING *uis); -+ /* -+ * Flush the output. If a GUI dialog box is used, this function can be -+ * used to actually display it. -+ */ -+ int (*ui_flush) (UI *ui); -+ int (*ui_read_string) (UI *ui, UI_STRING *uis); -+ int (*ui_close_session) (UI *ui); -+ /* -+ * Construct a prompt in a user-defined manner. object_desc is a textual -+ * short description of the object, for example "pass phrase", and -+ * object_name is the name of the object (might be a card name or a file -+ * name. The returned string shall always be allocated on the heap with -+ * OPENSSL_malloc(), and need to be free'd with OPENSSL_free(). -+ */ -+ char *(*ui_construct_prompt) (UI *ui, const char *object_desc, -+ const char *object_name); -+}; -+ -+struct ui_string_st { -+ enum UI_string_types type; /* Input */ -+ const char *out_string; /* Input */ -+ int input_flags; /* Flags from the user */ -+ /* -+ * The following parameters are completely irrelevant for UIT_INFO, and -+ * can therefore be set to 0 or NULL -+ */ -+ char *result_buf; /* Input and Output: If not NULL, -+ * user-defined with size in result_maxsize. -+ * Otherwise, it may be allocated by the UI -+ * routine, meaning result_minsize is going -+ * to be overwritten. */ -+ union { -+ struct { -+ int result_minsize; /* Input: minimum required size of the -+ * result. */ -+ int result_maxsize; /* Input: maximum permitted size of the -+ * result */ -+ const char *test_buf; /* Input: test string to verify against */ -+ } string_data; -+ struct { -+ const char *action_desc; /* Input */ -+ const char *ok_chars; /* Input */ -+ const char *cancel_chars; /* Input */ -+ } boolean_data; -+ } _; -+ -+# define OUT_STRING_FREEABLE 0x01 -+ int flags; /* flags for internal use */ -+}; -+ -+struct ui_st { -+ const UI_METHOD *meth; -+ STACK_OF(UI_STRING) *strings; /* We might want to prompt for more than -+ * one thing at a time, and with different -+ * echoing status. */ -+ void *user_data; -+ CRYPTO_EX_DATA ex_data; -+# define UI_FLAG_REDOABLE 0x0001 -+# define UI_FLAG_PRINT_ERRORS 0x0100 -+ int flags; -+}; -+ -+#endif -diff --git a/Cryptlib/OpenSSL/crypto/ui/ui_util.c b/Cryptlib/OpenSSL/crypto/ui/ui_util.c -new file mode 100644 -index 0000000..80dd40e ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/ui/ui_util.c -@@ -0,0 +1,97 @@ -+/* crypto/ui/ui_util.c */ -+/* ==================================================================== -+ * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+#include -+#include "ui_locl.h" -+ -+#ifndef BUFSIZ -+#define BUFSIZ 256 -+#endif -+ -+int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, -+ int verify) -+{ -+ char buff[BUFSIZ]; -+ int ret; -+ -+ ret = -+ UI_UTIL_read_pw(buf, buff, (length > BUFSIZ) ? BUFSIZ : length, -+ prompt, verify); -+ OPENSSL_cleanse(buff, BUFSIZ); -+ return (ret); -+} -+ -+int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt, -+ int verify) -+{ -+ int ok = 0; -+ UI *ui; -+ -+ if (size < 1) -+ return -1; -+ -+ ui = UI_new(); -+ if (ui) { -+ ok = UI_add_input_string(ui, prompt, 0, buf, 0, size - 1); -+ if (ok >= 0 && verify) -+ ok = UI_add_verify_string(ui, prompt, 0, buff, 0, size - 1, buf); -+ if (ok >= 0) -+ ok = UI_process(ui); -+ UI_free(ui); -+ } -+ if (ok > 0) -+ ok = 0; -+ return (ok); -+} -diff --git a/Cryptlib/OpenSSL/crypto/uid.c b/Cryptlib/OpenSSL/crypto/uid.c -index 12df8a4..90694c6 100644 ---- a/Cryptlib/OpenSSL/crypto/uid.c -+++ b/Cryptlib/OpenSSL/crypto/uid.c -@@ -1,10 +1,56 @@ --/* -- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/uid.c */ -+/* ==================================================================== -+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include -@@ -19,7 +65,7 @@ int OPENSSL_issetugid(void) - return issetugid(); - } - --#elif defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS) -+#elif defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) - - int OPENSSL_issetugid(void) - { -diff --git a/Cryptlib/OpenSSL/crypto/x509/by_dir.c b/Cryptlib/OpenSSL/crypto/x509/by_dir.c -deleted file mode 100644 -index f3a1f05..0000000 ---- a/Cryptlib/OpenSSL/crypto/x509/by_dir.c -+++ /dev/null -@@ -1,388 +0,0 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include --#include --#include -- --#include "internal/cryptlib.h" -- --#ifndef NO_SYS_TYPES_H --# include --#endif --#ifndef OPENSSL_NO_POSIX_IO --# include --#endif -- -- --#include --#include --#include "internal/x509_int.h" --#include "x509_lcl.h" -- --struct lookup_dir_hashes_st { -- unsigned long hash; -- int suffix; --}; -- --struct lookup_dir_entry_st { -- char *dir; -- int dir_type; -- STACK_OF(BY_DIR_HASH) *hashes; --}; -- --typedef struct lookup_dir_st { -- BUF_MEM *buffer; -- STACK_OF(BY_DIR_ENTRY) *dirs; -- CRYPTO_RWLOCK *lock; --} BY_DIR; -- --static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, -- char **ret); --static int new_dir(X509_LOOKUP *lu); --static void free_dir(X509_LOOKUP *lu); --static int add_cert_dir(BY_DIR *ctx, const char *dir, int type); --static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type, -- X509_NAME *name, X509_OBJECT *ret); --static X509_LOOKUP_METHOD x509_dir_lookup = { -- "Load certs from files in a directory", -- new_dir, /* new */ -- free_dir, /* free */ -- NULL, /* init */ -- NULL, /* shutdown */ -- dir_ctrl, /* ctrl */ -- get_cert_by_subject, /* get_by_subject */ -- NULL, /* get_by_issuer_serial */ -- NULL, /* get_by_fingerprint */ -- NULL, /* get_by_alias */ --}; -- --X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void) --{ -- return (&x509_dir_lookup); --} -- --static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, -- char **retp) --{ -- int ret = 0; -- BY_DIR *ld; -- char *dir = NULL; -- -- ld = (BY_DIR *)ctx->method_data; -- -- switch (cmd) { -- case X509_L_ADD_DIR: -- if (argl == X509_FILETYPE_DEFAULT) { -- dir = (char *)getenv(X509_get_default_cert_dir_env()); -- if (dir) -- ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM); -- else -- ret = add_cert_dir(ld, X509_get_default_cert_dir(), -- X509_FILETYPE_PEM); -- if (!ret) { -- X509err(X509_F_DIR_CTRL, X509_R_LOADING_CERT_DIR); -- } -- } else -- ret = add_cert_dir(ld, argp, (int)argl); -- break; -- } -- return (ret); --} -- --static int new_dir(X509_LOOKUP *lu) --{ -- BY_DIR *a; -- -- if ((a = OPENSSL_malloc(sizeof(*a))) == NULL) -- return 0; -- if ((a->buffer = BUF_MEM_new()) == NULL) { -- OPENSSL_free(a); -- return 0; -- } -- a->dirs = NULL; -- a->lock = CRYPTO_THREAD_lock_new(); -- if (a->lock == NULL) { -- BUF_MEM_free(a->buffer); -- OPENSSL_free(a); -- return 0; -- } -- lu->method_data = (char *)a; -- return 1; --} -- --static void by_dir_hash_free(BY_DIR_HASH *hash) --{ -- OPENSSL_free(hash); --} -- --static int by_dir_hash_cmp(const BY_DIR_HASH *const *a, -- const BY_DIR_HASH *const *b) --{ -- if ((*a)->hash > (*b)->hash) -- return 1; -- if ((*a)->hash < (*b)->hash) -- return -1; -- return 0; --} -- --static void by_dir_entry_free(BY_DIR_ENTRY *ent) --{ -- OPENSSL_free(ent->dir); -- sk_BY_DIR_HASH_pop_free(ent->hashes, by_dir_hash_free); -- OPENSSL_free(ent); --} -- --static void free_dir(X509_LOOKUP *lu) --{ -- BY_DIR *a; -- -- a = (BY_DIR *)lu->method_data; -- sk_BY_DIR_ENTRY_pop_free(a->dirs, by_dir_entry_free); -- BUF_MEM_free(a->buffer); -- CRYPTO_THREAD_lock_free(a->lock); -- OPENSSL_free(a); --} -- --static int add_cert_dir(BY_DIR *ctx, const char *dir, int type) --{ -- const char *s, *p; -- -- if (dir == NULL || !*dir) { -- X509err(X509_F_ADD_CERT_DIR, X509_R_INVALID_DIRECTORY); -- return 0; -- } -- -- s = dir; -- p = s; -- do { -- if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0')) { -- BY_DIR_ENTRY *ent; -- int j; -- size_t len; -- const char *ss = s; -- s = p + 1; -- len = p - ss; -- if (len == 0) -- continue; -- for (j = 0; j < sk_BY_DIR_ENTRY_num(ctx->dirs); j++) { -- ent = sk_BY_DIR_ENTRY_value(ctx->dirs, j); -- if (strlen(ent->dir) == len && -- strncmp(ent->dir, ss, len) == 0) -- break; -- } -- if (j < sk_BY_DIR_ENTRY_num(ctx->dirs)) -- continue; -- if (ctx->dirs == NULL) { -- ctx->dirs = sk_BY_DIR_ENTRY_new_null(); -- if (!ctx->dirs) { -- X509err(X509_F_ADD_CERT_DIR, ERR_R_MALLOC_FAILURE); -- return 0; -- } -- } -- ent = OPENSSL_malloc(sizeof(*ent)); -- if (ent == NULL) -- return 0; -- ent->dir_type = type; -- ent->hashes = sk_BY_DIR_HASH_new(by_dir_hash_cmp); -- ent->dir = OPENSSL_strndup(ss, len); -- if (ent->dir == NULL || ent->hashes == NULL) { -- by_dir_entry_free(ent); -- return 0; -- } -- if (!sk_BY_DIR_ENTRY_push(ctx->dirs, ent)) { -- by_dir_entry_free(ent); -- return 0; -- } -- } -- } while (*p++ != '\0'); -- return 1; --} -- --static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type, -- X509_NAME *name, X509_OBJECT *ret) --{ -- BY_DIR *ctx; -- union { -- X509 st_x509; -- X509_CRL crl; -- } data; -- int ok = 0; -- int i, j, k; -- unsigned long h; -- BUF_MEM *b = NULL; -- X509_OBJECT stmp, *tmp; -- const char *postfix = ""; -- -- if (name == NULL) -- return (0); -- -- stmp.type = type; -- if (type == X509_LU_X509) { -- data.st_x509.cert_info.subject = name; -- stmp.data.x509 = &data.st_x509; -- postfix = ""; -- } else if (type == X509_LU_CRL) { -- data.crl.crl.issuer = name; -- stmp.data.crl = &data.crl; -- postfix = "r"; -- } else { -- X509err(X509_F_GET_CERT_BY_SUBJECT, X509_R_WRONG_LOOKUP_TYPE); -- goto finish; -- } -- -- if ((b = BUF_MEM_new()) == NULL) { -- X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_BUF_LIB); -- goto finish; -- } -- -- ctx = (BY_DIR *)xl->method_data; -- -- h = X509_NAME_hash(name); -- for (i = 0; i < sk_BY_DIR_ENTRY_num(ctx->dirs); i++) { -- BY_DIR_ENTRY *ent; -- int idx; -- BY_DIR_HASH htmp, *hent; -- ent = sk_BY_DIR_ENTRY_value(ctx->dirs, i); -- j = strlen(ent->dir) + 1 + 8 + 6 + 1 + 1; -- if (!BUF_MEM_grow(b, j)) { -- X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE); -- goto finish; -- } -- if (type == X509_LU_CRL && ent->hashes) { -- htmp.hash = h; -- CRYPTO_THREAD_read_lock(ctx->lock); -- idx = sk_BY_DIR_HASH_find(ent->hashes, &htmp); -- if (idx >= 0) { -- hent = sk_BY_DIR_HASH_value(ent->hashes, idx); -- k = hent->suffix; -- } else { -- hent = NULL; -- k = 0; -- } -- CRYPTO_THREAD_unlock(ctx->lock); -- } else { -- k = 0; -- hent = NULL; -- } -- for (;;) { -- char c = '/'; --#ifdef OPENSSL_SYS_VMS -- c = ent->dir[strlen(ent->dir) - 1]; -- if (c != ':' && c != '>' && c != ']') { -- /* -- * If no separator is present, we assume the directory -- * specifier is a logical name, and add a colon. We really -- * should use better VMS routines for merging things like -- * this, but this will do for now... -- Richard Levitte -- */ -- c = ':'; -- } else { -- c = '\0'; -- } --#endif -- if (c == '\0') { -- /* -- * This is special. When c == '\0', no directory separator -- * should be added. -- */ -- BIO_snprintf(b->data, b->max, -- "%s%08lx.%s%d", ent->dir, h, postfix, k); -- } else { -- BIO_snprintf(b->data, b->max, -- "%s%c%08lx.%s%d", ent->dir, c, h, postfix, k); -- } --#ifndef OPENSSL_NO_POSIX_IO --# ifdef _WIN32 --# define stat _stat --# endif -- { -- struct stat st; -- if (stat(b->data, &st) < 0) -- break; -- } --#endif -- /* found one. */ -- if (type == X509_LU_X509) { -- if ((X509_load_cert_file(xl, b->data, ent->dir_type)) == 0) -- break; -- } else if (type == X509_LU_CRL) { -- if ((X509_load_crl_file(xl, b->data, ent->dir_type)) == 0) -- break; -- } -- /* else case will caught higher up */ -- k++; -- } -- -- /* -- * we have added it to the cache so now pull it out again -- */ -- CRYPTO_THREAD_write_lock(ctx->lock); -- j = sk_X509_OBJECT_find(xl->store_ctx->objs, &stmp); -- if (j != -1) -- tmp = sk_X509_OBJECT_value(xl->store_ctx->objs, j); -- else -- tmp = NULL; -- CRYPTO_THREAD_unlock(ctx->lock); -- -- /* If a CRL, update the last file suffix added for this */ -- -- if (type == X509_LU_CRL) { -- CRYPTO_THREAD_write_lock(ctx->lock); -- /* -- * Look for entry again in case another thread added an entry -- * first. -- */ -- if (!hent) { -- htmp.hash = h; -- idx = sk_BY_DIR_HASH_find(ent->hashes, &htmp); -- if (idx >= 0) -- hent = sk_BY_DIR_HASH_value(ent->hashes, idx); -- } -- if (!hent) { -- hent = OPENSSL_malloc(sizeof(*hent)); -- if (hent == NULL) { -- CRYPTO_THREAD_unlock(ctx->lock); -- X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE); -- ok = 0; -- goto finish; -- } -- hent->hash = h; -- hent->suffix = k; -- if (!sk_BY_DIR_HASH_push(ent->hashes, hent)) { -- CRYPTO_THREAD_unlock(ctx->lock); -- OPENSSL_free(hent); -- ok = 0; -- goto finish; -- } -- } else if (hent->suffix < k) { -- hent->suffix = k; -- } -- -- CRYPTO_THREAD_unlock(ctx->lock); -- -- } -- -- if (tmp != NULL) { -- ok = 1; -- ret->type = tmp->type; -- memcpy(&ret->data, &tmp->data, sizeof(ret->data)); -- /* -- * If we were going to up the reference count, we would need to -- * do it on a perl 'type' basis -- */ -- /*- CRYPTO_add(&tmp->data.x509->references,1, -- CRYPTO_LOCK_X509);*/ -- goto finish; -- } -- } -- finish: -- BUF_MEM_free(b); -- return (ok); --} -diff --git a/Cryptlib/OpenSSL/crypto/x509/by_file.c b/Cryptlib/OpenSSL/crypto/x509/by_file.c -deleted file mode 100644 -index 4376bed..0000000 ---- a/Cryptlib/OpenSSL/crypto/x509/by_file.c -+++ /dev/null -@@ -1,221 +0,0 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include --#include --#include -- --#include "internal/cryptlib.h" --#include --#include --#include --#include --#include "x509_lcl.h" -- --static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, -- long argl, char **ret); --static X509_LOOKUP_METHOD x509_file_lookup = { -- "Load file into cache", -- NULL, /* new */ -- NULL, /* free */ -- NULL, /* init */ -- NULL, /* shutdown */ -- by_file_ctrl, /* ctrl */ -- NULL, /* get_by_subject */ -- NULL, /* get_by_issuer_serial */ -- NULL, /* get_by_fingerprint */ -- NULL, /* get_by_alias */ --}; -- --X509_LOOKUP_METHOD *X509_LOOKUP_file(void) --{ -- return (&x509_file_lookup); --} -- --static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, -- long argl, char **ret) --{ -- int ok = 0; -- char *file; -- -- switch (cmd) { -- case X509_L_FILE_LOAD: -- if (argl == X509_FILETYPE_DEFAULT) { -- file = (char *)getenv(X509_get_default_cert_file_env()); -- if (file) -- ok = (X509_load_cert_crl_file(ctx, file, -- X509_FILETYPE_PEM) != 0); -- -- else -- ok = (X509_load_cert_crl_file -- (ctx, X509_get_default_cert_file(), -- X509_FILETYPE_PEM) != 0); -- -- if (!ok) { -- X509err(X509_F_BY_FILE_CTRL, X509_R_LOADING_DEFAULTS); -- } -- } else { -- if (argl == X509_FILETYPE_PEM) -- ok = (X509_load_cert_crl_file(ctx, argp, -- X509_FILETYPE_PEM) != 0); -- else -- ok = (X509_load_cert_file(ctx, argp, (int)argl) != 0); -- } -- break; -- } -- return (ok); --} -- --int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type) --{ -- int ret = 0; -- BIO *in = NULL; -- int i, count = 0; -- X509 *x = NULL; -- -- if (file == NULL) -- return (1); -- in = BIO_new(BIO_s_file()); -- -- if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) { -- X509err(X509_F_X509_LOAD_CERT_FILE, ERR_R_SYS_LIB); -- goto err; -- } -- -- if (type == X509_FILETYPE_PEM) { -- for (;;) { -- x = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL); -- if (x == NULL) { -- if ((ERR_GET_REASON(ERR_peek_last_error()) == -- PEM_R_NO_START_LINE) && (count > 0)) { -- ERR_clear_error(); -- break; -- } else { -- X509err(X509_F_X509_LOAD_CERT_FILE, ERR_R_PEM_LIB); -- goto err; -- } -- } -- i = X509_STORE_add_cert(ctx->store_ctx, x); -- if (!i) -- goto err; -- count++; -- X509_free(x); -- x = NULL; -- } -- ret = count; -- } else if (type == X509_FILETYPE_ASN1) { -- x = d2i_X509_bio(in, NULL); -- if (x == NULL) { -- X509err(X509_F_X509_LOAD_CERT_FILE, ERR_R_ASN1_LIB); -- goto err; -- } -- i = X509_STORE_add_cert(ctx->store_ctx, x); -- if (!i) -- goto err; -- ret = i; -- } else { -- X509err(X509_F_X509_LOAD_CERT_FILE, X509_R_BAD_X509_FILETYPE); -- goto err; -- } -- err: -- X509_free(x); -- BIO_free(in); -- return (ret); --} -- --int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type) --{ -- int ret = 0; -- BIO *in = NULL; -- int i, count = 0; -- X509_CRL *x = NULL; -- -- if (file == NULL) -- return (1); -- in = BIO_new(BIO_s_file()); -- -- if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) { -- X509err(X509_F_X509_LOAD_CRL_FILE, ERR_R_SYS_LIB); -- goto err; -- } -- -- if (type == X509_FILETYPE_PEM) { -- for (;;) { -- x = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL); -- if (x == NULL) { -- if ((ERR_GET_REASON(ERR_peek_last_error()) == -- PEM_R_NO_START_LINE) && (count > 0)) { -- ERR_clear_error(); -- break; -- } else { -- X509err(X509_F_X509_LOAD_CRL_FILE, ERR_R_PEM_LIB); -- goto err; -- } -- } -- i = X509_STORE_add_crl(ctx->store_ctx, x); -- if (!i) -- goto err; -- count++; -- X509_CRL_free(x); -- x = NULL; -- } -- ret = count; -- } else if (type == X509_FILETYPE_ASN1) { -- x = d2i_X509_CRL_bio(in, NULL); -- if (x == NULL) { -- X509err(X509_F_X509_LOAD_CRL_FILE, ERR_R_ASN1_LIB); -- goto err; -- } -- i = X509_STORE_add_crl(ctx->store_ctx, x); -- if (!i) -- goto err; -- ret = i; -- } else { -- X509err(X509_F_X509_LOAD_CRL_FILE, X509_R_BAD_X509_FILETYPE); -- goto err; -- } -- err: -- X509_CRL_free(x); -- BIO_free(in); -- return (ret); --} -- --int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type) --{ -- STACK_OF(X509_INFO) *inf; -- X509_INFO *itmp; -- BIO *in; -- int i, count = 0; -- if (type != X509_FILETYPE_PEM) -- return X509_load_cert_file(ctx, file, type); -- in = BIO_new_file(file, "r"); -- if (!in) { -- X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_SYS_LIB); -- return 0; -- } -- inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL); -- BIO_free(in); -- if (!inf) { -- X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_PEM_LIB); -- return 0; -- } -- for (i = 0; i < sk_X509_INFO_num(inf); i++) { -- itmp = sk_X509_INFO_value(inf, i); -- if (itmp->x509) { -- X509_STORE_add_cert(ctx->store_ctx, itmp->x509); -- count++; -- } -- if (itmp->crl) { -- X509_STORE_add_crl(ctx->store_ctx, itmp->crl); -- count++; -- } -- } -- sk_X509_INFO_pop_free(inf, X509_INFO_free); -- return count; --} -diff --git a/Cryptlib/OpenSSL/crypto/x509/t_crl.c b/Cryptlib/OpenSSL/crypto/x509/t_crl.c -deleted file mode 100644 -index f3ca6db..0000000 ---- a/Cryptlib/OpenSSL/crypto/x509/t_crl.c -+++ /dev/null -@@ -1,89 +0,0 @@ --/* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include --#include "internal/cryptlib.h" --#include --#include --#include --#include --#include -- --#ifndef OPENSSL_NO_STDIO --int X509_CRL_print_fp(FILE *fp, X509_CRL *x) --{ -- BIO *b; -- int ret; -- -- if ((b = BIO_new(BIO_s_file())) == NULL) { -- X509err(X509_F_X509_CRL_PRINT_FP, ERR_R_BUF_LIB); -- return (0); -- } -- BIO_set_fp(b, fp, BIO_NOCLOSE); -- ret = X509_CRL_print(b, x); -- BIO_free(b); -- return (ret); --} --#endif -- --int X509_CRL_print(BIO *out, X509_CRL *x) --{ -- STACK_OF(X509_REVOKED) *rev; -- X509_REVOKED *r; -- const X509_ALGOR *sig_alg; -- const ASN1_BIT_STRING *sig; -- long l; -- int i; -- char *p; -- -- BIO_printf(out, "Certificate Revocation List (CRL):\n"); -- l = X509_CRL_get_version(x); -- if (l >= 0 && l <= 1) -- BIO_printf(out, "%8sVersion %ld (0x%lx)\n", "", l + 1, (unsigned long)l); -- else -- BIO_printf(out, "%8sVersion unknown (%ld)\n", "", l); -- X509_CRL_get0_signature(x, &sig, &sig_alg); -- X509_signature_print(out, sig_alg, NULL); -- p = X509_NAME_oneline(X509_CRL_get_issuer(x), NULL, 0); -- BIO_printf(out, "%8sIssuer: %s\n", "", p); -- OPENSSL_free(p); -- BIO_printf(out, "%8sLast Update: ", ""); -- ASN1_TIME_print(out, X509_CRL_get0_lastUpdate(x)); -- BIO_printf(out, "\n%8sNext Update: ", ""); -- if (X509_CRL_get0_nextUpdate(x)) -- ASN1_TIME_print(out, X509_CRL_get0_nextUpdate(x)); -- else -- BIO_printf(out, "NONE"); -- BIO_printf(out, "\n"); -- -- X509V3_extensions_print(out, "CRL extensions", -- X509_CRL_get0_extensions(x), 0, 8); -- -- rev = X509_CRL_get_REVOKED(x); -- -- if (sk_X509_REVOKED_num(rev) > 0) -- BIO_printf(out, "Revoked Certificates:\n"); -- else -- BIO_printf(out, "No Revoked Certificates.\n"); -- -- for (i = 0; i < sk_X509_REVOKED_num(rev); i++) { -- r = sk_X509_REVOKED_value(rev, i); -- BIO_printf(out, " Serial Number: "); -- i2a_ASN1_INTEGER(out, X509_REVOKED_get0_serialNumber(r)); -- BIO_printf(out, "\n Revocation Date: "); -- ASN1_TIME_print(out, X509_REVOKED_get0_revocationDate(r)); -- BIO_printf(out, "\n"); -- X509V3_extensions_print(out, "CRL entry extensions", -- X509_REVOKED_get0_extensions(r), 0, 8); -- } -- X509_signature_print(out, sig_alg, sig); -- -- return 1; -- --} -diff --git a/Cryptlib/OpenSSL/crypto/x509/t_req.c b/Cryptlib/OpenSSL/crypto/x509/t_req.c -deleted file mode 100644 -index 77ce810..0000000 ---- a/Cryptlib/OpenSSL/crypto/x509/t_req.c -+++ /dev/null -@@ -1,198 +0,0 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include --#include "internal/cryptlib.h" --#include --#include --#include --#include --#include --#include --#include -- --#ifndef OPENSSL_NO_STDIO --int X509_REQ_print_fp(FILE *fp, X509_REQ *x) --{ -- BIO *b; -- int ret; -- -- if ((b = BIO_new(BIO_s_file())) == NULL) { -- X509err(X509_F_X509_REQ_PRINT_FP, ERR_R_BUF_LIB); -- return (0); -- } -- BIO_set_fp(b, fp, BIO_NOCLOSE); -- ret = X509_REQ_print(b, x); -- BIO_free(b); -- return (ret); --} --#endif -- --int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, -- unsigned long cflag) --{ -- long l; -- int i; -- EVP_PKEY *pkey; -- STACK_OF(X509_EXTENSION) *exts; -- char mlch = ' '; -- int nmindent = 0; -- -- if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) { -- mlch = '\n'; -- nmindent = 12; -- } -- -- if (nmflags == X509_FLAG_COMPAT) -- nmindent = 16; -- -- if (!(cflag & X509_FLAG_NO_HEADER)) { -- if (BIO_write(bp, "Certificate Request:\n", 21) <= 0) -- goto err; -- if (BIO_write(bp, " Data:\n", 10) <= 0) -- goto err; -- } -- if (!(cflag & X509_FLAG_NO_VERSION)) { -- l = X509_REQ_get_version(x); -- if (l >= 0 && l <= 2) { -- if (BIO_printf(bp, "%8sVersion: %ld (0x%lx)\n", "", l + 1, (unsigned long)l) <= 0) -- goto err; -- } else { -- if (BIO_printf(bp, "%8sVersion: Unknown (%ld)\n", "", l) <= 0) -- goto err; -- } -- } -- if (!(cflag & X509_FLAG_NO_SUBJECT)) { -- if (BIO_printf(bp, " Subject:%c", mlch) <= 0) -- goto err; -- if (X509_NAME_print_ex(bp, X509_REQ_get_subject_name(x), -- nmindent, nmflags) < 0) -- goto err; -- if (BIO_write(bp, "\n", 1) <= 0) -- goto err; -- } -- if (!(cflag & X509_FLAG_NO_PUBKEY)) { -- X509_PUBKEY *xpkey; -- ASN1_OBJECT *koid; -- if (BIO_write(bp, " Subject Public Key Info:\n", 33) <= 0) -- goto err; -- if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0) -- goto err; -- xpkey = X509_REQ_get_X509_PUBKEY(x); -- X509_PUBKEY_get0_param(&koid, NULL, NULL, NULL, xpkey); -- if (i2a_ASN1_OBJECT(bp, koid) <= 0) -- goto err; -- if (BIO_puts(bp, "\n") <= 0) -- goto err; -- -- pkey = X509_REQ_get0_pubkey(x); -- if (pkey == NULL) { -- BIO_printf(bp, "%12sUnable to load Public Key\n", ""); -- ERR_print_errors(bp); -- } else { -- EVP_PKEY_print_public(bp, pkey, 16, NULL); -- } -- } -- -- if (!(cflag & X509_FLAG_NO_ATTRIBUTES)) { -- /* may not be */ -- if (BIO_printf(bp, "%8sAttributes:\n", "") <= 0) -- goto err; -- -- if (X509_REQ_get_attr_count(x) == 0) { -- if (BIO_printf(bp, "%12sa0:00\n", "") <= 0) -- goto err; -- } else { -- for (i = 0; i < X509_REQ_get_attr_count(x); i++) { -- ASN1_TYPE *at; -- X509_ATTRIBUTE *a; -- ASN1_BIT_STRING *bs = NULL; -- ASN1_OBJECT *aobj; -- int j, type = 0, count = 1, ii = 0; -- -- a = X509_REQ_get_attr(x, i); -- aobj = X509_ATTRIBUTE_get0_object(a); -- if (X509_REQ_extension_nid(OBJ_obj2nid(aobj))) -- continue; -- if (BIO_printf(bp, "%12s", "") <= 0) -- goto err; -- if ((j = i2a_ASN1_OBJECT(bp, aobj)) > 0) { -- ii = 0; -- count = X509_ATTRIBUTE_count(a); -- get_next: -- at = X509_ATTRIBUTE_get0_type(a, ii); -- type = at->type; -- bs = at->value.asn1_string; -- } -- for (j = 25 - j; j > 0; j--) -- if (BIO_write(bp, " ", 1) != 1) -- goto err; -- if (BIO_puts(bp, ":") <= 0) -- goto err; -- if ((type == V_ASN1_PRINTABLESTRING) || -- (type == V_ASN1_T61STRING) || -- (type == V_ASN1_UTF8STRING) || -- (type == V_ASN1_IA5STRING)) { -- if (BIO_write(bp, (char *)bs->data, bs->length) -- != bs->length) -- goto err; -- BIO_puts(bp, "\n"); -- } else { -- BIO_puts(bp, "unable to print attribute\n"); -- } -- if (++ii < count) -- goto get_next; -- } -- } -- } -- if (!(cflag & X509_FLAG_NO_EXTENSIONS)) { -- exts = X509_REQ_get_extensions(x); -- if (exts) { -- BIO_printf(bp, "%8sRequested Extensions:\n", ""); -- for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) { -- ASN1_OBJECT *obj; -- X509_EXTENSION *ex; -- int critical; -- ex = sk_X509_EXTENSION_value(exts, i); -- if (BIO_printf(bp, "%12s", "") <= 0) -- goto err; -- obj = X509_EXTENSION_get_object(ex); -- i2a_ASN1_OBJECT(bp, obj); -- critical = X509_EXTENSION_get_critical(ex); -- if (BIO_printf(bp, ": %s\n", critical ? "critical" : "") <= 0) -- goto err; -- if (!X509V3_EXT_print(bp, ex, cflag, 16)) { -- BIO_printf(bp, "%16s", ""); -- ASN1_STRING_print(bp, X509_EXTENSION_get_data(ex)); -- } -- if (BIO_write(bp, "\n", 1) <= 0) -- goto err; -- } -- sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); -- } -- } -- -- if (!(cflag & X509_FLAG_NO_SIGDUMP)) { -- const X509_ALGOR *sig_alg; -- const ASN1_BIT_STRING *sig; -- X509_REQ_get0_signature(x, &sig, &sig_alg); -- if (!X509_signature_print(bp, sig_alg, sig)) -- goto err; -- } -- -- return (1); -- err: -- X509err(X509_F_X509_REQ_PRINT_EX, ERR_R_BUF_LIB); -- return (0); --} -- --int X509_REQ_print(BIO *bp, X509_REQ *x) --{ -- return X509_REQ_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT); --} -diff --git a/Cryptlib/OpenSSL/crypto/x509/t_x509.c b/Cryptlib/OpenSSL/crypto/x509/t_x509.c -deleted file mode 100644 -index eb65d88..0000000 ---- a/Cryptlib/OpenSSL/crypto/x509/t_x509.c -+++ /dev/null -@@ -1,376 +0,0 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include --#include "internal/cryptlib.h" --#include --#include --#include --#include --#include --#include "internal/asn1_int.h" -- --#ifndef OPENSSL_NO_STDIO --int X509_print_fp(FILE *fp, X509 *x) --{ -- return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT); --} -- --int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, -- unsigned long cflag) --{ -- BIO *b; -- int ret; -- -- if ((b = BIO_new(BIO_s_file())) == NULL) { -- X509err(X509_F_X509_PRINT_EX_FP, ERR_R_BUF_LIB); -- return (0); -- } -- BIO_set_fp(b, fp, BIO_NOCLOSE); -- ret = X509_print_ex(b, x, nmflag, cflag); -- BIO_free(b); -- return (ret); --} --#endif -- --int X509_print(BIO *bp, X509 *x) --{ -- return X509_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT); --} -- --int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, -- unsigned long cflag) --{ -- long l; -- int ret = 0, i; -- char *m = NULL, mlch = ' '; -- int nmindent = 0; -- ASN1_INTEGER *bs; -- EVP_PKEY *pkey = NULL; -- const char *neg; -- -- if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) { -- mlch = '\n'; -- nmindent = 12; -- } -- -- if (nmflags == X509_FLAG_COMPAT) -- nmindent = 16; -- -- if (!(cflag & X509_FLAG_NO_HEADER)) { -- if (BIO_write(bp, "Certificate:\n", 13) <= 0) -- goto err; -- if (BIO_write(bp, " Data:\n", 10) <= 0) -- goto err; -- } -- if (!(cflag & X509_FLAG_NO_VERSION)) { -- l = X509_get_version(x); -- if (l >= 0 && l <= 2) { -- if (BIO_printf(bp, "%8sVersion: %ld (0x%lx)\n", "", l + 1, (unsigned long)l) <= 0) -- goto err; -- } else { -- if (BIO_printf(bp, "%8sVersion: Unknown (%ld)\n", "", l) <= 0) -- goto err; -- } -- } -- if (!(cflag & X509_FLAG_NO_SERIAL)) { -- -- if (BIO_write(bp, " Serial Number:", 22) <= 0) -- goto err; -- -- bs = X509_get_serialNumber(x); -- if (bs->length <= (int)sizeof(long)) { -- ERR_set_mark(); -- l = ASN1_INTEGER_get(bs); -- ERR_pop_to_mark(); -- } else { -- l = -1; -- } -- if (l != -1) { -- unsigned long ul; -- if (bs->type == V_ASN1_NEG_INTEGER) { -- ul = 0 - (unsigned long)l; -- neg = "-"; -- } else { -- ul = l; -- neg = ""; -- } -- if (BIO_printf(bp, " %s%lu (%s0x%lx)\n", neg, ul, neg, ul) <= 0) -- goto err; -- } else { -- neg = (bs->type == V_ASN1_NEG_INTEGER) ? " (Negative)" : ""; -- if (BIO_printf(bp, "\n%12s%s", "", neg) <= 0) -- goto err; -- -- for (i = 0; i < bs->length; i++) { -- if (BIO_printf(bp, "%02x%c", bs->data[i], -- ((i + 1 == bs->length) ? '\n' : ':')) <= 0) -- goto err; -- } -- } -- -- } -- -- if (!(cflag & X509_FLAG_NO_SIGNAME)) { -- const X509_ALGOR *tsig_alg = X509_get0_tbs_sigalg(x); -- if (X509_signature_print(bp, tsig_alg, NULL) <= 0) -- goto err; -- } -- -- if (!(cflag & X509_FLAG_NO_ISSUER)) { -- if (BIO_printf(bp, " Issuer:%c", mlch) <= 0) -- goto err; -- if (X509_NAME_print_ex(bp, X509_get_issuer_name(x), nmindent, nmflags) -- < 0) -- goto err; -- if (BIO_write(bp, "\n", 1) <= 0) -- goto err; -- } -- if (!(cflag & X509_FLAG_NO_VALIDITY)) { -- if (BIO_write(bp, " Validity\n", 17) <= 0) -- goto err; -- if (BIO_write(bp, " Not Before: ", 24) <= 0) -- goto err; -- if (!ASN1_TIME_print(bp, X509_get0_notBefore(x))) -- goto err; -- if (BIO_write(bp, "\n Not After : ", 25) <= 0) -- goto err; -- if (!ASN1_TIME_print(bp, X509_get0_notAfter(x))) -- goto err; -- if (BIO_write(bp, "\n", 1) <= 0) -- goto err; -- } -- if (!(cflag & X509_FLAG_NO_SUBJECT)) { -- if (BIO_printf(bp, " Subject:%c", mlch) <= 0) -- goto err; -- if (X509_NAME_print_ex -- (bp, X509_get_subject_name(x), nmindent, nmflags) < 0) -- goto err; -- if (BIO_write(bp, "\n", 1) <= 0) -- goto err; -- } -- if (!(cflag & X509_FLAG_NO_PUBKEY)) { -- X509_PUBKEY *xpkey = X509_get_X509_PUBKEY(x); -- ASN1_OBJECT *xpoid; -- X509_PUBKEY_get0_param(&xpoid, NULL, NULL, NULL, xpkey); -- if (BIO_write(bp, " Subject Public Key Info:\n", 33) <= 0) -- goto err; -- if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0) -- goto err; -- if (i2a_ASN1_OBJECT(bp, xpoid) <= 0) -- goto err; -- if (BIO_puts(bp, "\n") <= 0) -- goto err; -- -- pkey = X509_get0_pubkey(x); -- if (pkey == NULL) { -- BIO_printf(bp, "%12sUnable to load Public Key\n", ""); -- ERR_print_errors(bp); -- } else { -- EVP_PKEY_print_public(bp, pkey, 16, NULL); -- } -- } -- -- if (!(cflag & X509_FLAG_NO_IDS)) { -- const ASN1_BIT_STRING *iuid, *suid; -- X509_get0_uids(x, &iuid, &suid); -- if (iuid != NULL) { -- if (BIO_printf(bp, "%8sIssuer Unique ID: ", "") <= 0) -- goto err; -- if (!X509_signature_dump(bp, iuid, 12)) -- goto err; -- } -- if (suid != NULL) { -- if (BIO_printf(bp, "%8sSubject Unique ID: ", "") <= 0) -- goto err; -- if (!X509_signature_dump(bp, suid, 12)) -- goto err; -- } -- } -- -- if (!(cflag & X509_FLAG_NO_EXTENSIONS)) -- X509V3_extensions_print(bp, "X509v3 extensions", -- X509_get0_extensions(x), cflag, 8); -- -- if (!(cflag & X509_FLAG_NO_SIGDUMP)) { -- const X509_ALGOR *sig_alg; -- const ASN1_BIT_STRING *sig; -- X509_get0_signature(&sig, &sig_alg, x); -- if (X509_signature_print(bp, sig_alg, sig) <= 0) -- goto err; -- } -- if (!(cflag & X509_FLAG_NO_AUX)) { -- if (!X509_aux_print(bp, x, 0)) -- goto err; -- } -- ret = 1; -- err: -- OPENSSL_free(m); -- return (ret); --} -- --int X509_ocspid_print(BIO *bp, X509 *x) --{ -- unsigned char *der = NULL; -- unsigned char *dertmp; -- int derlen; -- int i; -- unsigned char SHA1md[SHA_DIGEST_LENGTH]; -- ASN1_BIT_STRING *keybstr; -- X509_NAME *subj; -- -- /* -- * display the hash of the subject as it would appear in OCSP requests -- */ -- if (BIO_printf(bp, " Subject OCSP hash: ") <= 0) -- goto err; -- subj = X509_get_subject_name(x); -- derlen = i2d_X509_NAME(subj, NULL); -- if ((der = dertmp = OPENSSL_malloc(derlen)) == NULL) -- goto err; -- i2d_X509_NAME(subj, &dertmp); -- -- if (!EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL)) -- goto err; -- for (i = 0; i < SHA_DIGEST_LENGTH; i++) { -- if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0) -- goto err; -- } -- OPENSSL_free(der); -- der = NULL; -- -- /* -- * display the hash of the public key as it would appear in OCSP requests -- */ -- if (BIO_printf(bp, "\n Public key OCSP hash: ") <= 0) -- goto err; -- -- keybstr = X509_get0_pubkey_bitstr(x); -- -- if (keybstr == NULL) -- goto err; -- -- if (!EVP_Digest(ASN1_STRING_get0_data(keybstr), -- ASN1_STRING_length(keybstr), SHA1md, NULL, EVP_sha1(), -- NULL)) -- goto err; -- for (i = 0; i < SHA_DIGEST_LENGTH; i++) { -- if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0) -- goto err; -- } -- BIO_printf(bp, "\n"); -- -- return (1); -- err: -- OPENSSL_free(der); -- return (0); --} -- --int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent) --{ -- const unsigned char *s; -- int i, n; -- -- n = sig->length; -- s = sig->data; -- for (i = 0; i < n; i++) { -- if ((i % 18) == 0) { -- if (BIO_write(bp, "\n", 1) <= 0) -- return 0; -- if (BIO_indent(bp, indent, indent) <= 0) -- return 0; -- } -- if (BIO_printf(bp, "%02x%s", s[i], ((i + 1) == n) ? "" : ":") <= 0) -- return 0; -- } -- if (BIO_write(bp, "\n", 1) != 1) -- return 0; -- -- return 1; --} -- --int X509_signature_print(BIO *bp, const X509_ALGOR *sigalg, -- const ASN1_STRING *sig) --{ -- int sig_nid; -- if (BIO_puts(bp, " Signature Algorithm: ") <= 0) -- return 0; -- if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0) -- return 0; -- -- sig_nid = OBJ_obj2nid(sigalg->algorithm); -- if (sig_nid != NID_undef) { -- int pkey_nid, dig_nid; -- const EVP_PKEY_ASN1_METHOD *ameth; -- if (OBJ_find_sigid_algs(sig_nid, &dig_nid, &pkey_nid)) { -- ameth = EVP_PKEY_asn1_find(NULL, pkey_nid); -- if (ameth && ameth->sig_print) -- return ameth->sig_print(bp, sigalg, sig, 9, 0); -- } -- } -- if (sig) -- return X509_signature_dump(bp, sig, 9); -- else if (BIO_puts(bp, "\n") <= 0) -- return 0; -- return 1; --} -- --int X509_aux_print(BIO *out, X509 *x, int indent) --{ -- char oidstr[80], first; -- STACK_OF(ASN1_OBJECT) *trust, *reject; -- const unsigned char *alias, *keyid; -- int keyidlen; -- int i; -- if (X509_trusted(x) == 0) -- return 1; -- trust = X509_get0_trust_objects(x); -- reject = X509_get0_reject_objects(x); -- if (trust) { -- first = 1; -- BIO_printf(out, "%*sTrusted Uses:\n%*s", indent, "", indent + 2, ""); -- for (i = 0; i < sk_ASN1_OBJECT_num(trust); i++) { -- if (!first) -- BIO_puts(out, ", "); -- else -- first = 0; -- OBJ_obj2txt(oidstr, sizeof oidstr, -- sk_ASN1_OBJECT_value(trust, i), 0); -- BIO_puts(out, oidstr); -- } -- BIO_puts(out, "\n"); -- } else -- BIO_printf(out, "%*sNo Trusted Uses.\n", indent, ""); -- if (reject) { -- first = 1; -- BIO_printf(out, "%*sRejected Uses:\n%*s", indent, "", indent + 2, ""); -- for (i = 0; i < sk_ASN1_OBJECT_num(reject); i++) { -- if (!first) -- BIO_puts(out, ", "); -- else -- first = 0; -- OBJ_obj2txt(oidstr, sizeof oidstr, -- sk_ASN1_OBJECT_value(reject, i), 0); -- BIO_puts(out, oidstr); -- } -- BIO_puts(out, "\n"); -- } else -- BIO_printf(out, "%*sNo Rejected Uses.\n", indent, ""); -- alias = X509_alias_get0(x, NULL); -- if (alias) -- BIO_printf(out, "%*sAlias: %s\n", indent, "", alias); -- keyid = X509_keyid_get0(x, &keyidlen); -- if (keyid) { -- BIO_printf(out, "%*sKey Id: ", indent, ""); -- for (i = 0; i < keyidlen; i++) -- BIO_printf(out, "%s%02X", i ? ":" : "", keyid[i]); -- BIO_write(out, "\n", 1); -- } -- return 1; --} -diff --git a/Cryptlib/OpenSSL/crypto/x509/vpm_int.h b/Cryptlib/OpenSSL/crypto/x509/vpm_int.h -new file mode 100644 -index 0000000..9c55def ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/x509/vpm_int.h -@@ -0,0 +1,70 @@ -+/* vpm_int.h */ -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2013. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2013 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+/* internal only structure to hold additional X509_VERIFY_PARAM data */ -+ -+struct X509_VERIFY_PARAM_ID_st { -+ STACK_OF(OPENSSL_STRING) *hosts; /* Set of acceptable names */ -+ unsigned int hostflags; /* Flags to control matching features */ -+ char *peername; /* Matching hostname in peer certificate */ -+ char *email; /* If not NULL email address to match */ -+ size_t emaillen; -+ unsigned char *ip; /* If not NULL IP address to match */ -+ size_t iplen; /* Length of IP address */ -+}; -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_att.c b/Cryptlib/OpenSSL/crypto/x509/x509_att.c -index 15f0e4f..2501075 100644 ---- a/Cryptlib/OpenSSL/crypto/x509/x509_att.c -+++ b/Cryptlib/OpenSSL/crypto/x509/x509_att.c -@@ -1,21 +1,69 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/x509/x509_att.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include - #include - #include --#include "x509_lcl.h" - - int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x) - { -@@ -25,15 +73,16 @@ int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x) - int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, - int lastpos) - { -- const ASN1_OBJECT *obj = OBJ_nid2obj(nid); -+ ASN1_OBJECT *obj; - -+ obj = OBJ_nid2obj(nid); - if (obj == NULL) - return (-2); - return (X509at_get_attr_by_OBJ(x, obj, lastpos)); - } - - int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, -- const ASN1_OBJECT *obj, int lastpos) -+ ASN1_OBJECT *obj, int lastpos) - { - int n; - X509_ATTRIBUTE *ex; -@@ -97,8 +146,10 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, - err: - X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_MALLOC_FAILURE); - err2: -- X509_ATTRIBUTE_free(new_attr); -- sk_X509_ATTRIBUTE_free(sk); -+ if (new_attr != NULL) -+ X509_ATTRIBUTE_free(new_attr); -+ if (sk != NULL) -+ sk_X509_ATTRIBUTE_free(sk); - return (NULL); - } - -@@ -150,7 +201,7 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) - } - - void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, -- const ASN1_OBJECT *obj, int lastpos, int type) -+ ASN1_OBJECT *obj, int lastpos, int type) - { - int i; - X509_ATTRIBUTE *at; -@@ -239,7 +290,7 @@ int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj) - return (0); - ASN1_OBJECT_free(attr->object); - attr->object = OBJ_dup(obj); -- return attr->object != NULL; -+ return (1); - } - - int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, -@@ -259,12 +310,15 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, - } - atype = stmp->type; - } else if (len != -1) { -- if ((stmp = ASN1_STRING_type_new(attrtype)) == NULL) -+ if (!(stmp = ASN1_STRING_type_new(attrtype))) - goto err; - if (!ASN1_STRING_set(stmp, data, len)) - goto err; - atype = attrtype; - } -+ if (!(attr->value.set = sk_ASN1_TYPE_new_null())) -+ goto err; -+ attr->single = 0; - /* - * This is a bit naughty because the attribute should really have at - * least one value but some types use and zero length SET and require -@@ -274,7 +328,7 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, - ASN1_STRING_free(stmp); - return 1; - } -- if ((ttmp = ASN1_TYPE_new()) == NULL) -+ if (!(ttmp = ASN1_TYPE_new())) - goto err; - if ((len == -1) && !(attrtype & MBSTRING_FLAG)) { - if (!ASN1_TYPE_set1(ttmp, attrtype, data)) -@@ -283,7 +337,7 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, - ASN1_TYPE_set(ttmp, atype, stmp); - stmp = NULL; - } -- if (!sk_ASN1_TYPE_push(attr->set, ttmp)) -+ if (!sk_ASN1_TYPE_push(attr->value.set, ttmp)) - goto err; - return 1; - err: -@@ -293,11 +347,13 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, - return 0; - } - --int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr) -+int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr) - { -- if (attr == NULL) -- return 0; -- return sk_ASN1_TYPE_num(attr->set); -+ if (!attr->single) -+ return sk_ASN1_TYPE_num(attr->value.set); -+ if (attr->value.single) -+ return 1; -+ return 0; - } - - ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr) -@@ -324,6 +380,11 @@ void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, - ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx) - { - if (attr == NULL) -+ return (NULL); -+ if (idx >= X509_ATTRIBUTE_count(attr)) - return NULL; -- return sk_ASN1_TYPE_value(attr->set, idx); -+ if (!attr->single) -+ return sk_ASN1_TYPE_value(attr->value.set, idx); -+ else -+ return attr->value.single; - } -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_cmp.c b/Cryptlib/OpenSSL/crypto/x509/x509_cmp.c -index 0105635..49c71b9 100644 ---- a/Cryptlib/OpenSSL/crypto/x509/x509_cmp.c -+++ b/Cryptlib/OpenSSL/crypto/x509/x509_cmp.c -@@ -1,29 +1,77 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/x509/x509_cmp.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include - #include --#include "internal/x509_int.h" - - int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b) - { - int i; -- const X509_CINF *ai, *bi; -+ X509_CINF *ai, *bi; - -- ai = &a->cert_info; -- bi = &b->cert_info; -- i = ASN1_INTEGER_cmp(&ai->serialNumber, &bi->serialNumber); -+ ai = a->cert_info; -+ bi = b->cert_info; -+ i = M_ASN1_INTEGER_cmp(ai->serialNumber, bi->serialNumber); - if (i) - return (i); - return (X509_NAME_cmp(ai->issuer, bi->issuer)); -@@ -33,97 +81,94 @@ int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b) - unsigned long X509_issuer_and_serial_hash(X509 *a) - { - unsigned long ret = 0; -- EVP_MD_CTX *ctx = EVP_MD_CTX_new(); -+ EVP_MD_CTX ctx; - unsigned char md[16]; - char *f; - -- if (ctx == NULL) -+ EVP_MD_CTX_init(&ctx); -+ f = X509_NAME_oneline(a->cert_info->issuer, NULL, 0); -+ if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL)) - goto err; -- f = X509_NAME_oneline(a->cert_info.issuer, NULL, 0); -- if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL)) -- goto err; -- if (!EVP_DigestUpdate(ctx, (unsigned char *)f, strlen(f))) -+ if (!EVP_DigestUpdate(&ctx, (unsigned char *)f, strlen(f))) - goto err; - OPENSSL_free(f); - if (!EVP_DigestUpdate -- (ctx, (unsigned char *)a->cert_info.serialNumber.data, -- (unsigned long)a->cert_info.serialNumber.length)) -+ (&ctx, (unsigned char *)a->cert_info->serialNumber->data, -+ (unsigned long)a->cert_info->serialNumber->length)) - goto err; -- if (!EVP_DigestFinal_ex(ctx, &(md[0]), NULL)) -+ if (!EVP_DigestFinal_ex(&ctx, &(md[0]), NULL)) - goto err; - ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) | - ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L) - ) & 0xffffffffL; - err: -- EVP_MD_CTX_free(ctx); -+ EVP_MD_CTX_cleanup(&ctx); - return (ret); - } - #endif - - int X509_issuer_name_cmp(const X509 *a, const X509 *b) - { -- return (X509_NAME_cmp(a->cert_info.issuer, b->cert_info.issuer)); -+ return (X509_NAME_cmp(a->cert_info->issuer, b->cert_info->issuer)); - } - - int X509_subject_name_cmp(const X509 *a, const X509 *b) - { -- return (X509_NAME_cmp(a->cert_info.subject, b->cert_info.subject)); -+ return (X509_NAME_cmp(a->cert_info->subject, b->cert_info->subject)); - } - - int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b) - { -- return (X509_NAME_cmp(a->crl.issuer, b->crl.issuer)); -+ return (X509_NAME_cmp(a->crl->issuer, b->crl->issuer)); - } - -+#ifndef OPENSSL_NO_SHA - int X509_CRL_match(const X509_CRL *a, const X509_CRL *b) - { - return memcmp(a->sha1_hash, b->sha1_hash, 20); - } -+#endif - --X509_NAME *X509_get_issuer_name(const X509 *a) -+X509_NAME *X509_get_issuer_name(X509 *a) - { -- return (a->cert_info.issuer); -+ return (a->cert_info->issuer); - } - - unsigned long X509_issuer_name_hash(X509 *x) - { -- return (X509_NAME_hash(x->cert_info.issuer)); -+ return (X509_NAME_hash(x->cert_info->issuer)); - } - - #ifndef OPENSSL_NO_MD5 - unsigned long X509_issuer_name_hash_old(X509 *x) - { -- return (X509_NAME_hash_old(x->cert_info.issuer)); -+ return (X509_NAME_hash_old(x->cert_info->issuer)); - } - #endif - --X509_NAME *X509_get_subject_name(const X509 *a) -+X509_NAME *X509_get_subject_name(X509 *a) - { -- return (a->cert_info.subject); -+ return (a->cert_info->subject); - } - - ASN1_INTEGER *X509_get_serialNumber(X509 *a) - { -- return &a->cert_info.serialNumber; --} -- --const ASN1_INTEGER *X509_get0_serialNumber(const X509 *a) --{ -- return &a->cert_info.serialNumber; -+ return (a->cert_info->serialNumber); - } - - unsigned long X509_subject_name_hash(X509 *x) - { -- return (X509_NAME_hash(x->cert_info.subject)); -+ return (X509_NAME_hash(x->cert_info->subject)); - } - - #ifndef OPENSSL_NO_MD5 - unsigned long X509_subject_name_hash_old(X509 *x) - { -- return (X509_NAME_hash_old(x->cert_info.subject)); -+ return (X509_NAME_hash_old(x->cert_info->subject)); - } - #endif - -+#ifndef OPENSSL_NO_SHA - /* - * Compare two certificates: they must be identical for this to work. NB: - * Although "cmp" operations are generally prototyped to take "const" -@@ -143,16 +188,16 @@ int X509_cmp(const X509 *a, const X509 *b) - if (rv) - return rv; - /* Check for match against stored encoding too */ -- if (!a->cert_info.enc.modified && !b->cert_info.enc.modified) { -- if (a->cert_info.enc.len < b->cert_info.enc.len) -- return -1; -- if (a->cert_info.enc.len > b->cert_info.enc.len) -- return 1; -- return memcmp(a->cert_info.enc.enc, b->cert_info.enc.enc, -- a->cert_info.enc.len); -+ if (!a->cert_info->enc.modified && !b->cert_info->enc.modified) { -+ rv = (int)(a->cert_info->enc.len - b->cert_info->enc.len); -+ if (rv) -+ return rv; -+ return memcmp(a->cert_info->enc.enc, b->cert_info->enc.enc, -+ a->cert_info->enc.len); - } - return rv; - } -+#endif - - int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) - { -@@ -206,23 +251,21 @@ unsigned long X509_NAME_hash(X509_NAME *x) - - unsigned long X509_NAME_hash_old(X509_NAME *x) - { -- EVP_MD_CTX *md_ctx = EVP_MD_CTX_new(); -+ EVP_MD_CTX md_ctx; - unsigned long ret = 0; - unsigned char md[16]; - -- if (md_ctx == NULL) -- return ret; -- - /* Make sure X509_NAME structure contains valid cached encoding */ - i2d_X509_NAME(x, NULL); -- EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); -- if (EVP_DigestInit_ex(md_ctx, EVP_md5(), NULL) -- && EVP_DigestUpdate(md_ctx, x->bytes->data, x->bytes->length) -- && EVP_DigestFinal_ex(md_ctx, md, NULL)) -+ EVP_MD_CTX_init(&md_ctx); -+ EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); -+ if (EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL) -+ && EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length) -+ && EVP_DigestFinal_ex(&md_ctx, md, NULL)) - ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) | - ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L) - ) & 0xffffffffL; -- EVP_MD_CTX_free(md_ctx); -+ EVP_MD_CTX_cleanup(&md_ctx); - - return (ret); - } -@@ -233,13 +276,15 @@ X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name, - ASN1_INTEGER *serial) - { - int i; -+ X509_CINF cinf; - X509 x, *x509 = NULL; - - if (!sk) - return NULL; - -- x.cert_info.serialNumber = *serial; -- x.cert_info.issuer = name; -+ x.cert_info = &cinf; -+ cinf.serialNumber = serial; -+ cinf.issuer = name; - - for (i = 0; i < sk_X509_num(sk); i++) { - x509 = sk_X509_value(sk, i); -@@ -262,26 +307,26 @@ X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name) - return (NULL); - } - --EVP_PKEY *X509_get0_pubkey(const X509 *x) -+EVP_PKEY *X509_get_pubkey(X509 *x) - { -- if (x == NULL) -- return NULL; -- return X509_PUBKEY_get0(x->cert_info.key); -+ if ((x == NULL) || (x->cert_info == NULL)) -+ return (NULL); -+ return (X509_PUBKEY_get(x->cert_info->key)); - } - --EVP_PKEY *X509_get_pubkey(X509 *x) -+ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x) - { -- if (x == NULL) -+ if (!x) - return NULL; -- return X509_PUBKEY_get(x->cert_info.key); -+ return x->cert_info->key->public_key; - } - --int X509_check_private_key(const X509 *x, const EVP_PKEY *k) -+int X509_check_private_key(X509 *x, EVP_PKEY *k) - { -- const EVP_PKEY *xk; -+ EVP_PKEY *xk; - int ret; - -- xk = X509_get0_pubkey(x); -+ xk = X509_get_pubkey(x); - - if (xk) - ret = EVP_PKEY_cmp(xk, k); -@@ -300,6 +345,8 @@ int X509_check_private_key(const X509 *x, const EVP_PKEY *k) - case -2: - X509err(X509_F_X509_CHECK_PRIVATE_KEY, X509_R_UNKNOWN_KEY_TYPE); - } -+ if (xk) -+ EVP_PKEY_free(xk); - if (ret > 0) - return 1; - return 0; -@@ -317,8 +364,8 @@ static int check_suite_b(EVP_PKEY *pkey, int sign_nid, unsigned long *pflags) - { - const EC_GROUP *grp = NULL; - int curve_nid; -- if (pkey && EVP_PKEY_id(pkey) == EVP_PKEY_EC) -- grp = EC_KEY_get0_group(EVP_PKEY_get0_EC_KEY(pkey)); -+ if (pkey && pkey->type == EVP_PKEY_EC) -+ grp = EC_KEY_get0_group(pkey->pkey.ec); - if (!grp) - return X509_V_ERR_SUITE_B_INVALID_ALGORITHM; - curve_nid = EC_GROUP_get_curve_name(grp); -@@ -348,12 +395,11 @@ int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain, - unsigned long flags) - { - int rv, i, sign_nid; -- EVP_PKEY *pk; -- unsigned long tflags = flags; -- -+ EVP_PKEY *pk = NULL; -+ unsigned long tflags; - if (!(flags & X509_V_FLAG_SUITEB_128_LOS)) - return X509_V_OK; -- -+ tflags = flags; - /* If no EE certificate passed in must be first in chain */ - if (x == NULL) { - x = sk_X509_value(chain, 0); -@@ -361,17 +407,6 @@ int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain, - } else - i = 0; - -- pk = X509_get0_pubkey(x); -- -- /* -- * With DANE-EE(3) success, or DANE-EE(3)/PKIX-EE(1) failure we don't build -- * a chain all, just report trust success or failure, but must also report -- * Suite-B errors if applicable. This is indicated via a NULL chain -- * pointer. All we need to do is check the leaf key algorithm. -- */ -- if (chain == NULL) -- return check_suite_b(pk, -1, &tflags); -- - if (X509_get_version(x) != 2) { - rv = X509_V_ERR_SUITE_B_INVALID_VERSION; - /* Correct error depth */ -@@ -379,6 +414,7 @@ int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain, - goto end; - } - -+ pk = X509_get_pubkey(x); - /* Check EE key only */ - rv = check_suite_b(pk, -1, &tflags); - if (rv != X509_V_OK) { -@@ -393,7 +429,8 @@ int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain, - rv = X509_V_ERR_SUITE_B_INVALID_VERSION; - goto end; - } -- pk = X509_get0_pubkey(x); -+ EVP_PKEY_free(pk); -+ pk = X509_get_pubkey(x); - rv = check_suite_b(pk, sign_nid, &tflags); - if (rv != X509_V_OK) - goto end; -@@ -402,6 +439,8 @@ int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain, - /* Final check: root CA signature */ - rv = check_suite_b(pk, X509_get_signature_nid(x), &tflags); - end: -+ if (pk) -+ EVP_PKEY_free(pk); - if (rv != X509_V_OK) { - /* Invalid signature or LOS errors are for previous cert */ - if ((rv == X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM -@@ -409,7 +448,7 @@ int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain, - i--; - /* - * If we have LOS error and flags changed then we are signing P-384 -- * with P-256. Use more meaningful error. -+ * with P-256. Use more meaninggul error. - */ - if (rv == X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED && flags != tflags) - rv = X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256; -@@ -424,7 +463,7 @@ int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags) - int sign_nid; - if (!(flags & X509_V_FLAG_SUITEB_128_LOS)) - return X509_V_OK; -- sign_nid = OBJ_obj2nid(crl->crl.sig_alg.algorithm); -+ sign_nid = OBJ_obj2nid(crl->crl->sig_alg->algorithm); - return check_suite_b(pk, sign_nid, &flags); - } - -@@ -453,7 +492,7 @@ STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain) - ret = sk_X509_dup(chain); - for (i = 0; i < sk_X509_num(ret); i++) { - X509 *x = sk_X509_value(ret, i); -- X509_up_ref(x); -+ CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); - } - return ret; - } -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_d2.c b/Cryptlib/OpenSSL/crypto/x509/x509_d2.c -index cb03dbf..50ca2a6 100644 ---- a/Cryptlib/OpenSSL/crypto/x509/x509_d2.c -+++ b/Cryptlib/OpenSSL/crypto/x509/x509_d2.c -@@ -1,17 +1,67 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/x509/x509_d2.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - -+#ifndef OPENSSL_NO_STDIO - int X509_STORE_set_default_paths(X509_STORE *ctx) - { - X509_LOOKUP *lookup; -@@ -55,3 +105,5 @@ int X509_STORE_load_locations(X509_STORE *ctx, const char *file, - return (0); - return (1); - } -+ -+#endif -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_def.c b/Cryptlib/OpenSSL/crypto/x509/x509_def.c -index d11358e..25c5537 100644 ---- a/Cryptlib/OpenSSL/crypto/x509/x509_def.c -+++ b/Cryptlib/OpenSSL/crypto/x509/x509_def.c -@@ -1,14 +1,63 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/x509/x509_def.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_err.c b/Cryptlib/OpenSSL/crypto/x509/x509_err.c -index 3f4b8ef..a2a8e1b 100644 ---- a/Cryptlib/OpenSSL/crypto/x509/x509_err.c -+++ b/Cryptlib/OpenSSL/crypto/x509/x509_err.c -@@ -1,11 +1,62 @@ --/* -- * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/x509/x509_err.c */ -+/* ==================================================================== -+ * Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+/* -+ * NOTE: this file was auto generated by the mkerr.pl script: any changes -+ * made to it will be overwritten when the script next updates this file, -+ * only reason strings will be preserved. - */ - - #include -@@ -19,14 +70,12 @@ - # define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509,0,reason) - - static ERR_STRING_DATA X509_str_functs[] = { -- {ERR_FUNC(X509_F_ADD_CERT_DIR), "add_cert_dir"}, -- {ERR_FUNC(X509_F_BUILD_CHAIN), "build_chain"}, -- {ERR_FUNC(X509_F_BY_FILE_CTRL), "by_file_ctrl"}, -- {ERR_FUNC(X509_F_CHECK_NAME_CONSTRAINTS), "check_name_constraints"}, -- {ERR_FUNC(X509_F_CHECK_POLICY), "check_policy"}, -- {ERR_FUNC(X509_F_DANE_I2D), "dane_i2d"}, -- {ERR_FUNC(X509_F_DIR_CTRL), "dir_ctrl"}, -- {ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT), "get_cert_by_subject"}, -+ {ERR_FUNC(X509_F_ADD_CERT_DIR), "ADD_CERT_DIR"}, -+ {ERR_FUNC(X509_F_BY_FILE_CTRL), "BY_FILE_CTRL"}, -+ {ERR_FUNC(X509_F_CHECK_NAME_CONSTRAINTS), "CHECK_NAME_CONSTRAINTS"}, -+ {ERR_FUNC(X509_F_CHECK_POLICY), "CHECK_POLICY"}, -+ {ERR_FUNC(X509_F_DIR_CTRL), "DIR_CTRL"}, -+ {ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT), "GET_CERT_BY_SUBJECT"}, - {ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_DECODE), "NETSCAPE_SPKI_b64_decode"}, - {ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_ENCODE), "NETSCAPE_SPKI_b64_encode"}, - {ERR_FUNC(X509_F_X509AT_ADD1_ATTR), "X509at_add1_attr"}, -@@ -60,10 +109,8 @@ static ERR_STRING_DATA X509_str_functs[] = { - "X509_NAME_ENTRY_set_object"}, - {ERR_FUNC(X509_F_X509_NAME_ONELINE), "X509_NAME_oneline"}, - {ERR_FUNC(X509_F_X509_NAME_PRINT), "X509_NAME_print"}, -- {ERR_FUNC(X509_F_X509_OBJECT_NEW), "X509_OBJECT_new"}, - {ERR_FUNC(X509_F_X509_PRINT_EX_FP), "X509_print_ex_fp"}, -- {ERR_FUNC(X509_F_X509_PUBKEY_DECODE), "x509_pubkey_decode"}, -- {ERR_FUNC(X509_F_X509_PUBKEY_GET0), "X509_PUBKEY_get0"}, -+ {ERR_FUNC(X509_F_X509_PUBKEY_GET), "X509_PUBKEY_get"}, - {ERR_FUNC(X509_F_X509_PUBKEY_SET), "X509_PUBKEY_set"}, - {ERR_FUNC(X509_F_X509_REQ_CHECK_PRIVATE_KEY), - "X509_REQ_check_private_key"}, -@@ -87,7 +134,6 @@ static ERR_STRING_DATA X509_str_functs[] = { - - static ERR_STRING_DATA X509_str_reasons[] = { - {ERR_REASON(X509_R_AKID_MISMATCH), "akid mismatch"}, -- {ERR_REASON(X509_R_BAD_SELECTOR), "bad selector"}, - {ERR_REASON(X509_R_BAD_X509_FILETYPE), "bad x509 filetype"}, - {ERR_REASON(X509_R_BASE64_DECODE_ERROR), "base64 decode error"}, - {ERR_REASON(X509_R_CANT_CHECK_DH_KEY), "cant check dh key"}, -@@ -95,6 +141,7 @@ static ERR_STRING_DATA X509_str_reasons[] = { - "cert already in hash table"}, - {ERR_REASON(X509_R_CRL_ALREADY_DELTA), "crl already delta"}, - {ERR_REASON(X509_R_CRL_VERIFY_FAILURE), "crl verify failure"}, -+ {ERR_REASON(X509_R_ERR_ASN1_LIB), "err asn1 lib"}, - {ERR_REASON(X509_R_IDP_MISMATCH), "idp mismatch"}, - {ERR_REASON(X509_R_INVALID_DIRECTORY), "invalid directory"}, - {ERR_REASON(X509_R_INVALID_FIELD_NAME), "invalid field name"}, -@@ -129,7 +176,7 @@ static ERR_STRING_DATA X509_str_reasons[] = { - - #endif - --int ERR_load_X509_strings(void) -+void ERR_load_X509_strings(void) - { - #ifndef OPENSSL_NO_ERR - -@@ -138,5 +185,4 @@ int ERR_load_X509_strings(void) - ERR_load_strings(0, X509_str_reasons); - } - #endif -- return 1; - } -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_ext.c b/Cryptlib/OpenSSL/crypto/x509/x509_ext.c -index 3bbb0a6..fb4e311 100644 ---- a/Cryptlib/OpenSSL/crypto/x509/x509_ext.c -+++ b/Cryptlib/OpenSSL/crypto/x509/x509_ext.c -@@ -1,139 +1,186 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/x509/x509_ext.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include - #include --#include "internal/x509_int.h" - #include - --int X509_CRL_get_ext_count(const X509_CRL *x) -+int X509_CRL_get_ext_count(X509_CRL *x) - { -- return (X509v3_get_ext_count(x->crl.extensions)); -+ return (X509v3_get_ext_count(x->crl->extensions)); - } - --int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos) -+int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos) - { -- return (X509v3_get_ext_by_NID(x->crl.extensions, nid, lastpos)); -+ return (X509v3_get_ext_by_NID(x->crl->extensions, nid, lastpos)); - } - --int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj, -- int lastpos) -+int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos) - { -- return (X509v3_get_ext_by_OBJ(x->crl.extensions, obj, lastpos)); -+ return (X509v3_get_ext_by_OBJ(x->crl->extensions, obj, lastpos)); - } - --int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos) -+int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos) - { -- return (X509v3_get_ext_by_critical(x->crl.extensions, crit, lastpos)); -+ return (X509v3_get_ext_by_critical(x->crl->extensions, crit, lastpos)); - } - --X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc) -+X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc) - { -- return (X509v3_get_ext(x->crl.extensions, loc)); -+ return (X509v3_get_ext(x->crl->extensions, loc)); - } - - X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc) - { -- return (X509v3_delete_ext(x->crl.extensions, loc)); -+ return (X509v3_delete_ext(x->crl->extensions, loc)); - } - --void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx) -+void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx) - { -- return X509V3_get_d2i(x->crl.extensions, nid, crit, idx); -+ return X509V3_get_d2i(x->crl->extensions, nid, crit, idx); - } - - int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit, - unsigned long flags) - { -- return X509V3_add1_i2d(&x->crl.extensions, nid, value, crit, flags); -+ return X509V3_add1_i2d(&x->crl->extensions, nid, value, crit, flags); - } - - int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc) - { -- return (X509v3_add_ext(&(x->crl.extensions), ex, loc) != NULL); -+ return (X509v3_add_ext(&(x->crl->extensions), ex, loc) != NULL); - } - --int X509_get_ext_count(const X509 *x) -+int X509_get_ext_count(X509 *x) - { -- return (X509v3_get_ext_count(x->cert_info.extensions)); -+ return (X509v3_get_ext_count(x->cert_info->extensions)); - } - --int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos) -+int X509_get_ext_by_NID(X509 *x, int nid, int lastpos) - { -- return (X509v3_get_ext_by_NID(x->cert_info.extensions, nid, lastpos)); -+ return (X509v3_get_ext_by_NID(x->cert_info->extensions, nid, lastpos)); - } - --int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos) -+int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos) - { -- return (X509v3_get_ext_by_OBJ(x->cert_info.extensions, obj, lastpos)); -+ return (X509v3_get_ext_by_OBJ(x->cert_info->extensions, obj, lastpos)); - } - --int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos) -+int X509_get_ext_by_critical(X509 *x, int crit, int lastpos) - { - return (X509v3_get_ext_by_critical -- (x->cert_info.extensions, crit, lastpos)); -+ (x->cert_info->extensions, crit, lastpos)); - } - --X509_EXTENSION *X509_get_ext(const X509 *x, int loc) -+X509_EXTENSION *X509_get_ext(X509 *x, int loc) - { -- return (X509v3_get_ext(x->cert_info.extensions, loc)); -+ return (X509v3_get_ext(x->cert_info->extensions, loc)); - } - - X509_EXTENSION *X509_delete_ext(X509 *x, int loc) - { -- return (X509v3_delete_ext(x->cert_info.extensions, loc)); -+ return (X509v3_delete_ext(x->cert_info->extensions, loc)); - } - - int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc) - { -- return (X509v3_add_ext(&(x->cert_info.extensions), ex, loc) != NULL); -+ return (X509v3_add_ext(&(x->cert_info->extensions), ex, loc) != NULL); - } - --void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx) -+void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx) - { -- return X509V3_get_d2i(x->cert_info.extensions, nid, crit, idx); -+ return X509V3_get_d2i(x->cert_info->extensions, nid, crit, idx); - } - - int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, - unsigned long flags) - { -- return X509V3_add1_i2d(&x->cert_info.extensions, nid, value, crit, -+ return X509V3_add1_i2d(&x->cert_info->extensions, nid, value, crit, - flags); - } - --int X509_REVOKED_get_ext_count(const X509_REVOKED *x) -+int X509_REVOKED_get_ext_count(X509_REVOKED *x) - { - return (X509v3_get_ext_count(x->extensions)); - } - --int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos) -+int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos) - { - return (X509v3_get_ext_by_NID(x->extensions, nid, lastpos)); - } - --int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj, -+int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj, - int lastpos) - { - return (X509v3_get_ext_by_OBJ(x->extensions, obj, lastpos)); - } - --int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, int lastpos) -+int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos) - { - return (X509v3_get_ext_by_critical(x->extensions, crit, lastpos)); - } - --X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc) -+X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc) - { - return (X509v3_get_ext(x->extensions, loc)); - } -@@ -148,7 +195,7 @@ int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc) - return (X509v3_add_ext(&(x->extensions), ex, loc) != NULL); - } - --void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *x, int nid, int *crit, int *idx) -+void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx) - { - return X509V3_get_d2i(x->extensions, nid, crit, idx); - } -@@ -158,3 +205,7 @@ int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit, - { - return X509V3_add1_i2d(&x->extensions, nid, value, crit, flags); - } -+ -+IMPLEMENT_STACK_OF(X509_EXTENSION) -+ -+IMPLEMENT_ASN1_SET_OF(X509_EXTENSION) -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_lcl.h b/Cryptlib/OpenSSL/crypto/x509/x509_lcl.h -deleted file mode 100644 -index 40bd102..0000000 ---- a/Cryptlib/OpenSSL/crypto/x509/x509_lcl.h -+++ /dev/null -@@ -1,142 +0,0 @@ --/* -- * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --/* -- * This structure holds all parameters associated with a verify operation by -- * including an X509_VERIFY_PARAM structure in related structures the -- * parameters used can be customized -- */ -- --struct X509_VERIFY_PARAM_st { -- char *name; -- time_t check_time; /* Time to use */ -- uint32_t inh_flags; /* Inheritance flags */ -- unsigned long flags; /* Various verify flags */ -- int purpose; /* purpose to check untrusted certificates */ -- int trust; /* trust setting to check */ -- int depth; /* Verify depth */ -- int auth_level; /* Security level for chain verification */ -- STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */ -- /* Peer identity details */ -- STACK_OF(OPENSSL_STRING) *hosts; /* Set of acceptable names */ -- unsigned int hostflags; /* Flags to control matching features */ -- char *peername; /* Matching hostname in peer certificate */ -- char *email; /* If not NULL email address to match */ -- size_t emaillen; -- unsigned char *ip; /* If not NULL IP address to match */ -- size_t iplen; /* Length of IP address */ --}; -- --/* No error callback if depth < 0 */ --int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth); -- --/* a sequence of these are used */ --struct x509_attributes_st { -- ASN1_OBJECT *object; -- STACK_OF(ASN1_TYPE) *set; --}; -- --struct X509_extension_st { -- ASN1_OBJECT *object; -- ASN1_BOOLEAN critical; -- ASN1_OCTET_STRING value; --}; -- --/* -- * Method to handle CRL access. In general a CRL could be very large (several -- * Mb) and can consume large amounts of resources if stored in memory by -- * multiple processes. This method allows general CRL operations to be -- * redirected to more efficient callbacks: for example a CRL entry database. -- */ -- --#define X509_CRL_METHOD_DYNAMIC 1 -- --struct x509_crl_method_st { -- int flags; -- int (*crl_init) (X509_CRL *crl); -- int (*crl_free) (X509_CRL *crl); -- int (*crl_lookup) (X509_CRL *crl, X509_REVOKED **ret, -- ASN1_INTEGER *ser, X509_NAME *issuer); -- int (*crl_verify) (X509_CRL *crl, EVP_PKEY *pk); --}; -- --struct x509_lookup_method_st { -- const char *name; -- int (*new_item) (X509_LOOKUP *ctx); -- void (*free) (X509_LOOKUP *ctx); -- int (*init) (X509_LOOKUP *ctx); -- int (*shutdown) (X509_LOOKUP *ctx); -- int (*ctrl) (X509_LOOKUP *ctx, int cmd, const char *argc, long argl, -- char **ret); -- int (*get_by_subject) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, -- X509_NAME *name, X509_OBJECT *ret); -- int (*get_by_issuer_serial) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, -- X509_NAME *name, ASN1_INTEGER *serial, -- X509_OBJECT *ret); -- int (*get_by_fingerprint) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, -- const unsigned char *bytes, int len, -- X509_OBJECT *ret); -- int (*get_by_alias) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, -- const char *str, int len, X509_OBJECT *ret); --}; -- --/* This is the functions plus an instance of the local variables. */ --struct x509_lookup_st { -- int init; /* have we been started */ -- int skip; /* don't use us. */ -- X509_LOOKUP_METHOD *method; /* the functions */ -- char *method_data; /* method data */ -- X509_STORE *store_ctx; /* who owns us */ --}; -- --/* -- * This is used to hold everything. It is used for all certificate -- * validation. Once we have a certificate chain, the 'verify' function is -- * then called to actually check the cert chain. -- */ --struct x509_store_st { -- /* The following is a cache of trusted certs */ -- int cache; /* if true, stash any hits */ -- STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */ -- /* These are external lookup methods */ -- STACK_OF(X509_LOOKUP) *get_cert_methods; -- X509_VERIFY_PARAM *param; -- /* Callbacks for various operations */ -- /* called to verify a certificate */ -- int (*verify) (X509_STORE_CTX *ctx); -- /* error callback */ -- int (*verify_cb) (int ok, X509_STORE_CTX *ctx); -- /* get issuers cert from ctx */ -- int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x); -- /* check issued */ -- int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer); -- /* Check revocation status of chain */ -- int (*check_revocation) (X509_STORE_CTX *ctx); -- /* retrieve CRL */ -- int (*get_crl) (X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); -- /* Check CRL validity */ -- int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl); -- /* Check certificate against CRL */ -- int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); -- /* Check policy status of the chain */ -- int (*check_policy) (X509_STORE_CTX *ctx); -- STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm); -- STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm); -- int (*cleanup) (X509_STORE_CTX *ctx); -- CRYPTO_EX_DATA ex_data; -- int references; -- CRYPTO_RWLOCK *lock; --}; -- --typedef struct lookup_dir_hashes_st BY_DIR_HASH; --typedef struct lookup_dir_entry_st BY_DIR_ENTRY; --DEFINE_STACK_OF(BY_DIR_HASH) --DEFINE_STACK_OF(BY_DIR_ENTRY) --typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY; --DEFINE_STACK_OF(STACK_OF_X509_NAME_ENTRY) -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_lu.c b/Cryptlib/OpenSSL/crypto/x509/x509_lu.c -index 952cbfb..50120a4 100644 ---- a/Cryptlib/OpenSSL/crypto/x509/x509_lu.c -+++ b/Cryptlib/OpenSSL/crypto/x509/x509_lu.c -@@ -1,29 +1,80 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/x509/x509_lu.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include --#include "internal/x509_int.h" - #include --#include "x509_lcl.h" - - X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method) - { - X509_LOOKUP *ret; - -- ret = OPENSSL_zalloc(sizeof(*ret)); -+ ret = (X509_LOOKUP *)OPENSSL_malloc(sizeof(X509_LOOKUP)); - if (ret == NULL) - return NULL; - -+ ret->init = 0; -+ ret->skip = 0; - ret->method = method; -+ ret->method_data = NULL; -+ ret->store_ctx = NULL; - if ((method->new_item != NULL) && !method->new_item(ret)) { - OPENSSL_free(ret); - return NULL; -@@ -40,16 +91,6 @@ void X509_LOOKUP_free(X509_LOOKUP *ctx) - OPENSSL_free(ctx); - } - --int X509_STORE_lock(X509_STORE *s) --{ -- return CRYPTO_THREAD_write_lock(s->lock); --} -- --int X509_STORE_unlock(X509_STORE *s) --{ -- return CRYPTO_THREAD_unlock(s->lock); --} -- - int X509_LOOKUP_init(X509_LOOKUP *ctx) - { - if (ctx->method == NULL) -@@ -81,39 +122,38 @@ int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, - return 1; - } - --int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, -- X509_NAME *name, X509_OBJECT *ret) -+int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name, -+ X509_OBJECT *ret) - { - if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL)) -- return 0; -+ return X509_LU_FAIL; - if (ctx->skip) - return 0; - return ctx->method->get_by_subject(ctx, type, name, ret); - } - --int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, -- X509_NAME *name, ASN1_INTEGER *serial, -- X509_OBJECT *ret) -+int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name, -+ ASN1_INTEGER *serial, X509_OBJECT *ret) - { - if ((ctx->method == NULL) || (ctx->method->get_by_issuer_serial == NULL)) -- return 0; -+ return X509_LU_FAIL; - return ctx->method->get_by_issuer_serial(ctx, type, name, serial, ret); - } - --int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, -- const unsigned char *bytes, int len, -+int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type, -+ unsigned char *bytes, int len, - X509_OBJECT *ret) - { - if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL)) -- return 0; -+ return X509_LU_FAIL; - return ctx->method->get_by_fingerprint(ctx, type, bytes, len, ret); - } - --int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, -- const char *str, int len, X509_OBJECT *ret) -+int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len, -+ X509_OBJECT *ret) - { - if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL)) -- return 0; -+ return X509_LU_FAIL; - return ctx->method->get_by_alias(ctx, type, str, len, ret); - } - -@@ -143,33 +183,35 @@ X509_STORE *X509_STORE_new(void) - { - X509_STORE *ret; - -- if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) -+ if ((ret = (X509_STORE *)OPENSSL_malloc(sizeof(X509_STORE))) == NULL) - return NULL; -- if ((ret->objs = sk_X509_OBJECT_new(x509_object_cmp)) == NULL) -- goto err; -+ ret->objs = sk_X509_OBJECT_new(x509_object_cmp); - ret->cache = 1; -- if ((ret->get_cert_methods = sk_X509_LOOKUP_new_null()) == NULL) -- goto err; -+ ret->get_cert_methods = sk_X509_LOOKUP_new_null(); -+ ret->verify = 0; -+ ret->verify_cb = 0; - - if ((ret->param = X509_VERIFY_PARAM_new()) == NULL) -- goto err; -- -- if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) -- goto err; -+ return NULL; - -- ret->lock = CRYPTO_THREAD_lock_new(); -- if (ret->lock == NULL) -- goto err; -+ ret->get_issuer = 0; -+ ret->check_issued = 0; -+ ret->check_revocation = 0; -+ ret->get_crl = 0; -+ ret->check_crl = 0; -+ ret->cert_crl = 0; -+ ret->lookup_certs = 0; -+ ret->lookup_crls = 0; -+ ret->cleanup = 0; -+ -+ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) { -+ sk_X509_OBJECT_free(ret->objs); -+ OPENSSL_free(ret); -+ return NULL; -+ } - - ret->references = 1; - return ret; -- --err: -- X509_VERIFY_PARAM_free(ret->param); -- sk_X509_OBJECT_free(ret->objs); -- sk_X509_LOOKUP_free(ret->get_cert_methods); -- OPENSSL_free(ret); -- return NULL; - } - - static void cleanup(X509_OBJECT *a) -@@ -196,11 +238,18 @@ void X509_STORE_free(X509_STORE *vfy) - if (vfy == NULL) - return; - -- CRYPTO_atomic_add(&vfy->references, -1, &i, vfy->lock); -- REF_PRINT_COUNT("X509_STORE", vfy); -+ i = CRYPTO_add(&vfy->references, -1, CRYPTO_LOCK_X509_STORE); -+#ifdef REF_PRINT -+ REF_PRINT("X509_STORE", vfy); -+#endif - if (i > 0) - return; -- REF_ASSERT_ISNT(i < 0); -+#ifdef REF_CHECK -+ if (i < 0) { -+ fprintf(stderr, "X509_STORE_free, bad reference count\n"); -+ abort(); /* ok */ -+ } -+#endif - - sk = vfy->get_cert_methods; - for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) { -@@ -212,23 +261,11 @@ void X509_STORE_free(X509_STORE *vfy) - sk_X509_OBJECT_pop_free(vfy->objs, cleanup); - - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data); -- X509_VERIFY_PARAM_free(vfy->param); -- CRYPTO_THREAD_lock_free(vfy->lock); -+ if (vfy->param) -+ X509_VERIFY_PARAM_free(vfy->param); - OPENSSL_free(vfy); - } - --int X509_STORE_up_ref(X509_STORE *vfy) --{ -- int i; -- -- if (CRYPTO_atomic_add(&vfy->references, 1, &i, vfy->lock) <= 0) -- return 0; -- -- REF_PRINT_COUNT("X509_STORE", a); -- REF_ASSERT_ISNT(i < 2); -- return ((i > 1) ? 1 : 0); --} -- - X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m) - { - int i; -@@ -257,46 +294,39 @@ X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m) - } - } - --X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs, -- X509_LOOKUP_TYPE type, -- X509_NAME *name) --{ -- X509_OBJECT *ret = X509_OBJECT_new(); -- -- if (ret == NULL) -- return NULL; -- if (!X509_STORE_CTX_get_by_subject(vs, type, name, ret)) { -- X509_OBJECT_free(ret); -- return NULL; -- } -- return ret; --} -- --int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, -- X509_NAME *name, X509_OBJECT *ret) -+int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name, -+ X509_OBJECT *ret) - { - X509_STORE *ctx = vs->ctx; - X509_LOOKUP *lu; - X509_OBJECT stmp, *tmp; - int i, j; - -- CRYPTO_THREAD_write_lock(ctx->lock); -+ CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); - tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name); -- CRYPTO_THREAD_unlock(ctx->lock); -+ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); - - if (tmp == NULL || type == X509_LU_CRL) { -- for (i = 0; i < sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) { -+ for (i = vs->current_method; -+ i < sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) { - lu = sk_X509_LOOKUP_value(ctx->get_cert_methods, i); - j = X509_LOOKUP_by_subject(lu, type, name, &stmp); -- if (j) { -+ if (j < 0) { -+ vs->current_method = j; -+ return j; -+ } else if (j) { - tmp = &stmp; - break; - } - } -+ vs->current_method = 0; - if (tmp == NULL) - return 0; - } - -+/*- if (ret->data.ptr != NULL) -+ X509_OBJECT_free_contents(ret); */ -+ - ret->type = tmp->type; - ret->data.ptr = tmp->data.ptr; - -@@ -308,34 +338,32 @@ int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, - int X509_STORE_add_cert(X509_STORE *ctx, X509 *x) - { - X509_OBJECT *obj; -- int ret = 1, added = 1; -+ int ret = 1; - - if (x == NULL) - return 0; -- obj = X509_OBJECT_new(); -- if (obj == NULL) -+ obj = (X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT)); -+ if (obj == NULL) { -+ X509err(X509_F_X509_STORE_ADD_CERT, ERR_R_MALLOC_FAILURE); - return 0; -+ } - obj->type = X509_LU_X509; - obj->data.x509 = x; -- X509_OBJECT_up_ref_count(obj); - -- CRYPTO_THREAD_write_lock(ctx->lock); -+ CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); -+ -+ X509_OBJECT_up_ref_count(obj); - - if (X509_OBJECT_retrieve_match(ctx->objs, obj)) { -+ X509_OBJECT_free_contents(obj); -+ OPENSSL_free(obj); - X509err(X509_F_X509_STORE_ADD_CERT, - X509_R_CERT_ALREADY_IN_HASH_TABLE); - ret = 0; -- } else { -- added = sk_X509_OBJECT_push(ctx->objs, obj); -- ret = added != 0; -- } -- -- CRYPTO_THREAD_unlock(ctx->lock); -+ } else -+ sk_X509_OBJECT_push(ctx->objs, obj); - -- if (!ret) /* obj not pushed */ -- X509_OBJECT_free(obj); -- if (!added) /* on push failure */ -- X509err(X509_F_X509_STORE_ADD_CERT, ERR_R_MALLOC_FAILURE); -+ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); - - return ret; - } -@@ -343,89 +371,50 @@ int X509_STORE_add_cert(X509_STORE *ctx, X509 *x) - int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x) - { - X509_OBJECT *obj; -- int ret = 1, added = 1; -+ int ret = 1; - - if (x == NULL) - return 0; -- obj = X509_OBJECT_new(); -- if (obj == NULL) -+ obj = (X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT)); -+ if (obj == NULL) { -+ X509err(X509_F_X509_STORE_ADD_CRL, ERR_R_MALLOC_FAILURE); - return 0; -+ } - obj->type = X509_LU_CRL; - obj->data.crl = x; -- X509_OBJECT_up_ref_count(obj); - -- CRYPTO_THREAD_write_lock(ctx->lock); -+ CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); -+ -+ X509_OBJECT_up_ref_count(obj); - - if (X509_OBJECT_retrieve_match(ctx->objs, obj)) { -+ X509_OBJECT_free_contents(obj); -+ OPENSSL_free(obj); - X509err(X509_F_X509_STORE_ADD_CRL, X509_R_CERT_ALREADY_IN_HASH_TABLE); - ret = 0; -- } else { -- added = sk_X509_OBJECT_push(ctx->objs, obj); -- ret = added != 0; -- } -+ } else -+ sk_X509_OBJECT_push(ctx->objs, obj); - -- CRYPTO_THREAD_unlock(ctx->lock); -- -- if (!ret) /* obj not pushed */ -- X509_OBJECT_free(obj); -- if (!added) /* on push failure */ -- X509err(X509_F_X509_STORE_ADD_CRL, ERR_R_MALLOC_FAILURE); -+ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); - - return ret; - } - --int X509_OBJECT_up_ref_count(X509_OBJECT *a) -+void X509_OBJECT_up_ref_count(X509_OBJECT *a) - { - switch (a->type) { -- default: -- break; - case X509_LU_X509: -- return X509_up_ref(a->data.x509); -+ CRYPTO_add(&a->data.x509->references, 1, CRYPTO_LOCK_X509); -+ break; - case X509_LU_CRL: -- return X509_CRL_up_ref(a->data.crl); -- } -- return 1; --} -- --X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a) --{ -- if (a == NULL || a->type != X509_LU_X509) -- return NULL; -- return a->data.x509; --} -- --X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *a) --{ -- if (a == NULL || a->type != X509_LU_CRL) -- return NULL; -- return a->data.crl; --} -- --X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a) --{ -- return a->type; --} -- --X509_OBJECT *X509_OBJECT_new() --{ -- X509_OBJECT *ret = OPENSSL_zalloc(sizeof(*ret)); -- -- if (ret == NULL) { -- X509err(X509_F_X509_OBJECT_NEW, ERR_R_MALLOC_FAILURE); -- return NULL; -+ CRYPTO_add(&a->data.crl->references, 1, CRYPTO_LOCK_X509_CRL); -+ break; - } -- ret->type = X509_LU_NONE; -- return ret; - } - -- --void X509_OBJECT_free(X509_OBJECT *a) -+void X509_OBJECT_free_contents(X509_OBJECT *a) - { -- if (a == NULL) -- return; - switch (a->type) { -- default: -- break; - case X509_LU_X509: - X509_free(a->data.x509); - break; -@@ -433,26 +422,29 @@ void X509_OBJECT_free(X509_OBJECT *a) - X509_CRL_free(a->data.crl); - break; - } -- OPENSSL_free(a); - } - --static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type, -+static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type, - X509_NAME *name, int *pnmatch) - { - X509_OBJECT stmp; - X509 x509_s; -+ X509_CINF cinf_s; - X509_CRL crl_s; -+ X509_CRL_INFO crl_info_s; - int idx; - - stmp.type = type; - switch (type) { - case X509_LU_X509: - stmp.data.x509 = &x509_s; -- x509_s.cert_info.subject = name; -+ x509_s.cert_info = &cinf_s; -+ cinf_s.subject = name; - break; - case X509_LU_CRL: - stmp.data.crl = &crl_s; -- crl_s.crl.issuer = name; -+ crl_s.crl = &crl_info_s; -+ crl_info_s.issuer = name; - break; - default: - /* abort(); */ -@@ -475,15 +467,14 @@ static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type, - return idx; - } - --int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type, -+int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, - X509_NAME *name) - { - return x509_object_idx_cnt(h, type, name, NULL); - } - - X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, -- X509_LOOKUP_TYPE type, -- X509_NAME *name) -+ int type, X509_NAME *name) - { - int idx; - idx = X509_OBJECT_idx_by_subject(h, type, name); -@@ -492,78 +483,73 @@ X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, - return sk_X509_OBJECT_value(h, idx); - } - --STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v) --{ -- return v->objs; --} -- --STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) -+STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) - { - int i, idx, cnt; -- STACK_OF(X509) *sk = NULL; -+ STACK_OF(X509) *sk; - X509 *x; - X509_OBJECT *obj; -- -- CRYPTO_THREAD_write_lock(ctx->ctx->lock); -+ sk = sk_X509_new_null(); -+ CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); - idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt); - if (idx < 0) { - /* - * Nothing found in cache: do lookup to possibly add new objects to - * cache - */ -- X509_OBJECT *xobj = X509_OBJECT_new(); -- -- CRYPTO_THREAD_unlock(ctx->ctx->lock); -- if (xobj == NULL) -- return NULL; -- if (!X509_STORE_CTX_get_by_subject(ctx, X509_LU_X509, nm, xobj)) { -- X509_OBJECT_free(xobj); -+ X509_OBJECT xobj; -+ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); -+ if (!X509_STORE_get_by_subject(ctx, X509_LU_X509, nm, &xobj)) { -+ sk_X509_free(sk); - return NULL; - } -- X509_OBJECT_free(xobj); -- CRYPTO_THREAD_write_lock(ctx->ctx->lock); -+ X509_OBJECT_free_contents(&xobj); -+ CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); - idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt); - if (idx < 0) { -- CRYPTO_THREAD_unlock(ctx->ctx->lock); -+ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); -+ sk_X509_free(sk); - return NULL; - } - } -- -- sk = sk_X509_new_null(); - for (i = 0; i < cnt; i++, idx++) { - obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx); - x = obj->data.x509; -- X509_up_ref(x); -+ CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); - if (!sk_X509_push(sk, x)) { -- CRYPTO_THREAD_unlock(ctx->ctx->lock); -+ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); - X509_free(x); - sk_X509_pop_free(sk, X509_free); - return NULL; - } - } -- CRYPTO_THREAD_unlock(ctx->ctx->lock); -+ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); - return sk; -+ - } - --STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) -+STACK_OF(X509_CRL) *X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) - { - int i, idx, cnt; -- STACK_OF(X509_CRL) *sk = sk_X509_CRL_new_null(); -+ STACK_OF(X509_CRL) *sk; - X509_CRL *x; -- X509_OBJECT *obj, *xobj = X509_OBJECT_new(); -- -- /* Always do lookup to possibly add new CRLs to cache */ -- if (sk == NULL || xobj == NULL || -- !X509_STORE_CTX_get_by_subject(ctx, X509_LU_CRL, nm, xobj)) { -- X509_OBJECT_free(xobj); -+ X509_OBJECT *obj, xobj; -+ sk = sk_X509_CRL_new_null(); -+ CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); -+ -+ /* -+ * Always do lookup to possibly add new CRLs to cache -+ */ -+ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); -+ if (!X509_STORE_get_by_subject(ctx, X509_LU_CRL, nm, &xobj)) { - sk_X509_CRL_free(sk); - return NULL; - } -- X509_OBJECT_free(xobj); -- CRYPTO_THREAD_write_lock(ctx->ctx->lock); -+ X509_OBJECT_free_contents(&xobj); -+ CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); - idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt); - if (idx < 0) { -- CRYPTO_THREAD_unlock(ctx->ctx->lock); -+ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); - sk_X509_CRL_free(sk); - return NULL; - } -@@ -571,15 +557,15 @@ STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) - for (i = 0; i < cnt; i++, idx++) { - obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx); - x = obj->data.crl; -- X509_CRL_up_ref(x); -+ CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL); - if (!sk_X509_CRL_push(sk, x)) { -- CRYPTO_THREAD_unlock(ctx->ctx->lock); -+ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); - X509_CRL_free(x); - sk_X509_CRL_pop_free(sk, X509_CRL_free); - return NULL; - } - } -- CRYPTO_THREAD_unlock(ctx->ctx->lock); -+ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); - return sk; - } - -@@ -625,32 +611,32 @@ X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, - int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) - { - X509_NAME *xn; -- X509_OBJECT *obj = X509_OBJECT_new(), *pobj = NULL; -+ X509_OBJECT obj, *pobj; - int i, ok, idx, ret; -- -- if (obj == NULL) -- return -1; -- *issuer = NULL; - xn = X509_get_issuer_name(x); -- ok = X509_STORE_CTX_get_by_subject(ctx, X509_LU_X509, xn, obj); -- if (ok != 1) { -- X509_OBJECT_free(obj); -+ ok = X509_STORE_get_by_subject(ctx, X509_LU_X509, xn, &obj); -+ if (ok != X509_LU_X509) { -+ if (ok == X509_LU_RETRY) { -+ X509_OBJECT_free_contents(&obj); -+ X509err(X509_F_X509_STORE_CTX_GET1_ISSUER, X509_R_SHOULD_RETRY); -+ return -1; -+ } else if (ok != X509_LU_FAIL) { -+ X509_OBJECT_free_contents(&obj); -+ /* not good :-(, break anyway */ -+ return -1; -+ } - return 0; - } - /* If certificate matches all OK */ -- if (ctx->check_issued(ctx, x, obj->data.x509)) { -- if (x509_check_cert_time(ctx, obj->data.x509, -1)) { -- *issuer = obj->data.x509; -- X509_up_ref(*issuer); -- X509_OBJECT_free(obj); -- return 1; -- } -+ if (ctx->check_issued(ctx, x, obj.data.x509)) { -+ *issuer = obj.data.x509; -+ return 1; - } -- X509_OBJECT_free(obj); -+ X509_OBJECT_free_contents(&obj); - - /* Else find index of first cert accepted by 'check_issued' */ - ret = 0; -- CRYPTO_THREAD_write_lock(ctx->ctx->lock); -+ CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); - idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn); - if (idx != -1) { /* should be true as we've had at least one - * match */ -@@ -664,22 +650,13 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) - break; - if (ctx->check_issued(ctx, x, pobj->data.x509)) { - *issuer = pobj->data.x509; -+ X509_OBJECT_up_ref_count(pobj); - ret = 1; -- /* -- * If times check, exit with match, -- * otherwise keep looking. Leave last -- * match in issuer so we return nearest -- * match if no certificate time is OK. -- */ -- -- if (x509_check_cert_time(ctx, *issuer, -1)) -- break; -+ break; - } - } - } -- CRYPTO_THREAD_unlock(ctx->ctx->lock); -- if (*issuer) -- X509_up_ref(*issuer); -+ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); - return ret; - } - -@@ -709,153 +686,25 @@ int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *param) - return X509_VERIFY_PARAM_set1(ctx->param, param); - } - --X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx) --{ -- return ctx->param; --} -- --void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify) --{ -- ctx->verify = verify; --} -- --X509_STORE_CTX_verify_fn X509_STORE_get_verify(X509_STORE *ctx) --{ -- return ctx->verify; --} -- - void X509_STORE_set_verify_cb(X509_STORE *ctx, -- X509_STORE_CTX_verify_cb verify_cb) -+ int (*verify_cb) (int, X509_STORE_CTX *)) - { - ctx->verify_cb = verify_cb; - } - --X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE *ctx) --{ -- return ctx->verify_cb; --} -- --void X509_STORE_set_get_issuer(X509_STORE *ctx, -- X509_STORE_CTX_get_issuer_fn get_issuer) --{ -- ctx->get_issuer = get_issuer; --} -- --X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE *ctx) --{ -- return ctx->get_issuer; --} -- --void X509_STORE_set_check_issued(X509_STORE *ctx, -- X509_STORE_CTX_check_issued_fn check_issued) --{ -- ctx->check_issued = check_issued; --} -- --X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE *ctx) --{ -- return ctx->check_issued; --} -- --void X509_STORE_set_check_revocation(X509_STORE *ctx, -- X509_STORE_CTX_check_revocation_fn check_revocation) --{ -- ctx->check_revocation = check_revocation; --} -- --X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE *ctx) --{ -- return ctx->check_revocation; --} -- --void X509_STORE_set_get_crl(X509_STORE *ctx, -- X509_STORE_CTX_get_crl_fn get_crl) --{ -- ctx->get_crl = get_crl; --} -- --X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE *ctx) --{ -- return ctx->get_crl; --} -- --void X509_STORE_set_check_crl(X509_STORE *ctx, -- X509_STORE_CTX_check_crl_fn check_crl) --{ -- ctx->check_crl = check_crl; --} -- --X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE *ctx) --{ -- return ctx->check_crl; --} -- --void X509_STORE_set_cert_crl(X509_STORE *ctx, -- X509_STORE_CTX_cert_crl_fn cert_crl) -+void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx, -+ STACK_OF(X509_CRL) *(*cb) (X509_STORE_CTX -+ *ctx, -+ X509_NAME *nm)) - { -- ctx->cert_crl = cert_crl; --} -- --X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE *ctx) --{ -- return ctx->cert_crl; --} -- --void X509_STORE_set_check_policy(X509_STORE *ctx, -- X509_STORE_CTX_check_policy_fn check_policy) --{ -- ctx->check_policy = check_policy; --} -- --X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE *ctx) --{ -- return ctx->check_policy; --} -- --void X509_STORE_set_lookup_certs(X509_STORE *ctx, -- X509_STORE_CTX_lookup_certs_fn lookup_certs) --{ -- ctx->lookup_certs = lookup_certs; --} -- --X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE *ctx) --{ -- return ctx->lookup_certs; --} -- --void X509_STORE_set_lookup_crls(X509_STORE *ctx, -- X509_STORE_CTX_lookup_crls_fn lookup_crls) --{ -- ctx->lookup_crls = lookup_crls; --} -- --X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE *ctx) --{ -- return ctx->lookup_crls; --} -- --void X509_STORE_set_cleanup(X509_STORE *ctx, -- X509_STORE_CTX_cleanup_fn ctx_cleanup) --{ -- ctx->cleanup = ctx_cleanup; --} -- --X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE *ctx) --{ -- return ctx->cleanup; --} -- --int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data) --{ -- return CRYPTO_set_ex_data(&ctx->ex_data, idx, data); --} -- --void *X509_STORE_get_ex_data(X509_STORE *ctx, int idx) --{ -- return CRYPTO_get_ex_data(&ctx->ex_data, idx); -+ ctx->lookup_crls = cb; - } - - X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx) - { - return ctx->ctx; - } -+ -+IMPLEMENT_STACK_OF(X509_LOOKUP) -+ -+IMPLEMENT_STACK_OF(X509_OBJECT) -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_obj.c b/Cryptlib/OpenSSL/crypto/x509/x509_obj.c -index 55dc778..0a839f3 100644 ---- a/Cryptlib/OpenSSL/crypto/x509/x509_obj.c -+++ b/Cryptlib/OpenSSL/crypto/x509/x509_obj.c -@@ -1,30 +1,78 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/x509/x509_obj.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include - #include --#include "internal/x509_int.h" - - /* - * Limit to ensure we don't overflow: much greater than -- * anything encountered in practice. -+ * anything enountered in practice. - */ - - #define NAME_ONELINE_MAX (1024 * 1024) - --char *X509_NAME_oneline(const X509_NAME *a, char *buf, int len) -+char *X509_NAME_oneline(X509_NAME *a, char *buf, int len) - { -- const X509_NAME_ENTRY *ne; -+ X509_NAME_ENTRY *ne; - int i; - int n, lold, l, l1, l2, num, j, type; - const char *s; -@@ -35,7 +83,7 @@ char *X509_NAME_oneline(const X509_NAME *a, char *buf, int len) - int gs_doit[4]; - char tmp_buf[80]; - #ifdef CHARSET_EBCDIC -- unsigned char ebcdic_buf[1024]; -+ char ebcdic_buf[1024]; - #endif - - if (buf == NULL) { -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_r2x.c b/Cryptlib/OpenSSL/crypto/x509/x509_r2x.c -index 3d72787..2879569 100644 ---- a/Cryptlib/OpenSSL/crypto/x509/x509_r2x.c -+++ b/Cryptlib/OpenSSL/crypto/x509/x509_r2x.c -@@ -1,19 +1,67 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/x509/x509_r2x.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include - #include --#include "internal/x509_int.h" - #include - #include - -@@ -23,6 +71,7 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey) - X509_CINF *xi = NULL; - X509_NAME *xn; - EVP_PKEY *pubkey = NULL; -+ int res; - - if ((ret = X509_new()) == NULL) { - X509err(X509_F_X509_REQ_TO_X509, ERR_R_MALLOC_FAILURE); -@@ -30,10 +79,10 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey) - } - - /* duplicate the request */ -- xi = &ret->cert_info; -+ xi = ret->cert_info; - -- if (sk_X509_ATTRIBUTE_num(r->req_info.attributes) != 0) { -- if ((xi->version = ASN1_INTEGER_new()) == NULL) -+ if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0) { -+ if ((xi->version = M_ASN1_INTEGER_new()) == NULL) - goto err; - if (!ASN1_INTEGER_set(xi->version, 2)) - goto err; -@@ -47,21 +96,22 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey) - if (X509_set_issuer_name(ret, xn) == 0) - goto err; - -- if (X509_gmtime_adj(xi->validity.notBefore, 0) == NULL) -+ if (X509_gmtime_adj(xi->validity->notBefore, 0) == NULL) - goto err; -- if (X509_gmtime_adj(xi->validity.notAfter, (long)60 * 60 * 24 * days) == -+ if (X509_gmtime_adj(xi->validity->notAfter, (long)60 * 60 * 24 * days) == - NULL) - goto err; - -- pubkey = X509_REQ_get0_pubkey(r); -- if (pubkey == NULL || !X509_set_pubkey(ret, pubkey)) -- goto err; -+ pubkey = X509_REQ_get_pubkey(r); -+ res = X509_set_pubkey(ret, pubkey); -+ EVP_PKEY_free(pubkey); - -- if (!X509_sign(ret, pkey, EVP_md5())) -+ if (!res || !X509_sign(ret, pkey, EVP_md5())) - goto err; -- return ret; -- -+ if (0) { - err: -- X509_free(ret); -- return NULL; -+ X509_free(ret); -+ ret = NULL; -+ } -+ return (ret); - } -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_req.c b/Cryptlib/OpenSSL/crypto/x509/x509_req.c -index 7b88dbc..01795f4 100644 ---- a/Cryptlib/OpenSSL/crypto/x509/x509_req.c -+++ b/Cryptlib/OpenSSL/crypto/x509/x509_req.c -@@ -1,20 +1,68 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/x509/x509_req.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include - #include - #include --#include "internal/x509_int.h" - #include - #include - #include -@@ -32,10 +80,10 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) - goto err; - } - -- ri = &ret->req_info; -+ ri = ret->req_info; - - ri->version->length = 1; -- ri->version->data = OPENSSL_malloc(1); -+ ri->version->data = (unsigned char *)OPENSSL_malloc(1); - if (ri->version->data == NULL) - goto err; - ri->version->data[0] = 0; /* version == 0 */ -@@ -43,10 +91,11 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) - if (!X509_REQ_set_subject_name(ret, X509_get_subject_name(x))) - goto err; - -- pktmp = X509_get0_pubkey(x); -+ pktmp = X509_get_pubkey(x); - if (pktmp == NULL) - goto err; - i = X509_REQ_set_pubkey(ret, pktmp); -+ EVP_PKEY_free(pktmp); - if (!i) - goto err; - -@@ -62,21 +111,9 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) - - EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req) - { -- if (req == NULL) -+ if ((req == NULL) || (req->req_info == NULL)) - return (NULL); -- return (X509_PUBKEY_get(req->req_info.pubkey)); --} -- --EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req) --{ -- if (req == NULL) -- return NULL; -- return (X509_PUBKEY_get0(req->req_info.pubkey)); --} -- --X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req) --{ -- return req->req_info.pubkey; -+ return (X509_PUBKEY_get(req->req_info->pubkey)); - } - - int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k) -@@ -98,13 +135,13 @@ int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k) - break; - case -2: - #ifndef OPENSSL_NO_EC -- if (EVP_PKEY_id(k) == EVP_PKEY_EC) { -+ if (k->type == EVP_PKEY_EC) { - X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, ERR_R_EC_LIB); - break; - } - #endif - #ifndef OPENSSL_NO_DH -- if (EVP_PKEY_id(k) == EVP_PKEY_DH) { -+ if (k->type == EVP_PKEY_DH) { - /* No idea */ - X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, - X509_R_CANT_CHECK_DH_KEY); -@@ -157,14 +194,17 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req) - int idx, *pnid; - const unsigned char *p; - -- if ((req == NULL) || !ext_nids) -+ if ((req == NULL) || (req->req_info == NULL) || !ext_nids) - return (NULL); - for (pnid = ext_nids; *pnid != NID_undef; pnid++) { - idx = X509_REQ_get_attr_by_NID(req, *pnid, -1); - if (idx == -1) - continue; - attr = X509_REQ_get_attr(req, idx); -- ext = X509_ATTRIBUTE_get0_type(attr, 0); -+ if (attr->single) -+ ext = attr->value.single; -+ else if (sk_ASN1_TYPE_num(attr->value.set)) -+ ext = sk_ASN1_TYPE_value(attr->value.set, 0); - break; - } - if (!ext || (ext->type != V_ASN1_SEQUENCE)) -@@ -183,17 +223,37 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req) - int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, - int nid) - { -- int extlen; -- int rv = 0; -- unsigned char *ext = NULL; -+ ASN1_TYPE *at = NULL; -+ X509_ATTRIBUTE *attr = NULL; -+ if (!(at = ASN1_TYPE_new()) || !(at->value.sequence = ASN1_STRING_new())) -+ goto err; -+ -+ at->type = V_ASN1_SEQUENCE; - /* Generate encoding of extensions */ -- extlen = ASN1_item_i2d((ASN1_VALUE *)exts, &ext, -- ASN1_ITEM_rptr(X509_EXTENSIONS)); -- if (extlen <= 0) -- return 0; -- rv = X509_REQ_add1_attr_by_NID(req, nid, V_ASN1_SEQUENCE, ext, extlen); -- OPENSSL_free(ext); -- return rv; -+ at->value.sequence->length = -+ ASN1_item_i2d((ASN1_VALUE *)exts, -+ &at->value.sequence->data, -+ ASN1_ITEM_rptr(X509_EXTENSIONS)); -+ if (!(attr = X509_ATTRIBUTE_new())) -+ goto err; -+ if (!(attr->value.set = sk_ASN1_TYPE_new_null())) -+ goto err; -+ if (!sk_ASN1_TYPE_push(attr->value.set, at)) -+ goto err; -+ at = NULL; -+ attr->single = 0; -+ attr->object = OBJ_nid2obj(nid); -+ if (!req->req_info->attributes) { -+ if (!(req->req_info->attributes = sk_X509_ATTRIBUTE_new_null())) -+ goto err; -+ } -+ if (!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) -+ goto err; -+ return 1; -+ err: -+ X509_ATTRIBUTE_free(attr); -+ ASN1_TYPE_free(at); -+ return 0; - } - - /* This is the normal usage: use the "official" OID */ -@@ -206,33 +266,33 @@ int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts) - - int X509_REQ_get_attr_count(const X509_REQ *req) - { -- return X509at_get_attr_count(req->req_info.attributes); -+ return X509at_get_attr_count(req->req_info->attributes); - } - - int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos) - { -- return X509at_get_attr_by_NID(req->req_info.attributes, nid, lastpos); -+ return X509at_get_attr_by_NID(req->req_info->attributes, nid, lastpos); - } - --int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, const ASN1_OBJECT *obj, -+int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj, - int lastpos) - { -- return X509at_get_attr_by_OBJ(req->req_info.attributes, obj, lastpos); -+ return X509at_get_attr_by_OBJ(req->req_info->attributes, obj, lastpos); - } - - X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc) - { -- return X509at_get_attr(req->req_info.attributes, loc); -+ return X509at_get_attr(req->req_info->attributes, loc); - } - - X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc) - { -- return X509at_delete_attr(req->req_info.attributes, loc); -+ return X509at_delete_attr(req->req_info->attributes, loc); - } - - int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr) - { -- if (X509at_add1_attr(&req->req_info.attributes, attr)) -+ if (X509at_add1_attr(&req->req_info->attributes, attr)) - return 1; - return 0; - } -@@ -241,7 +301,7 @@ int X509_REQ_add1_attr_by_OBJ(X509_REQ *req, - const ASN1_OBJECT *obj, int type, - const unsigned char *bytes, int len) - { -- if (X509at_add1_attr_by_OBJ(&req->req_info.attributes, obj, -+ if (X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj, - type, bytes, len)) - return 1; - return 0; -@@ -251,7 +311,7 @@ int X509_REQ_add1_attr_by_NID(X509_REQ *req, - int nid, int type, - const unsigned char *bytes, int len) - { -- if (X509at_add1_attr_by_NID(&req->req_info.attributes, nid, -+ if (X509at_add1_attr_by_NID(&req->req_info->attributes, nid, - type, bytes, len)) - return 1; - return 0; -@@ -261,38 +321,8 @@ int X509_REQ_add1_attr_by_txt(X509_REQ *req, - const char *attrname, int type, - const unsigned char *bytes, int len) - { -- if (X509at_add1_attr_by_txt(&req->req_info.attributes, attrname, -+ if (X509at_add1_attr_by_txt(&req->req_info->attributes, attrname, - type, bytes, len)) - return 1; - return 0; - } -- --long X509_REQ_get_version(const X509_REQ *req) --{ -- return ASN1_INTEGER_get(req->req_info.version); --} -- --X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req) --{ -- return req->req_info.subject; --} -- --void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, -- const X509_ALGOR **palg) --{ -- if (psig != NULL) -- *psig = req->signature; -- if (palg != NULL) -- *palg = &req->sig_alg; --} -- --int X509_REQ_get_signature_nid(const X509_REQ *req) --{ -- return OBJ_obj2nid(req->sig_alg.algorithm); --} -- --int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp) --{ -- req->req_info.enc.modified = 1; -- return i2d_X509_REQ_INFO(&req->req_info, pp); --} -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_set.c b/Cryptlib/OpenSSL/crypto/x509/x509_set.c -index c0ea418..5b802bd 100644 ---- a/Cryptlib/OpenSSL/crypto/x509/x509_set.c -+++ b/Cryptlib/OpenSSL/crypto/x509/x509_set.c -@@ -1,34 +1,82 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/x509/x509_set.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include - #include --#include "internal/x509_int.h" - - int X509_set_version(X509 *x, long version) - { - if (x == NULL) - return (0); - if (version == 0) { -- ASN1_INTEGER_free(x->cert_info.version); -- x->cert_info.version = NULL; -+ M_ASN1_INTEGER_free(x->cert_info->version); -+ x->cert_info->version = NULL; - return (1); - } -- if (x->cert_info.version == NULL) { -- if ((x->cert_info.version = ASN1_INTEGER_new()) == NULL) -+ if (x->cert_info->version == NULL) { -+ if ((x->cert_info->version = M_ASN1_INTEGER_new()) == NULL) - return (0); - } -- return (ASN1_INTEGER_set(x->cert_info.version, version)); -+ return (ASN1_INTEGER_set(x->cert_info->version, version)); - } - - int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial) -@@ -36,124 +84,69 @@ int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial) - ASN1_INTEGER *in; - - if (x == NULL) -- return 0; -- in = &x->cert_info.serialNumber; -- if (in != serial) -- return ASN1_STRING_copy(in, serial); -- return 1; -+ return (0); -+ in = x->cert_info->serialNumber; -+ if (in != serial) { -+ in = M_ASN1_INTEGER_dup(serial); -+ if (in != NULL) { -+ M_ASN1_INTEGER_free(x->cert_info->serialNumber); -+ x->cert_info->serialNumber = in; -+ } -+ } -+ return (in != NULL); - } - - int X509_set_issuer_name(X509 *x, X509_NAME *name) - { -- if (x == NULL) -+ if ((x == NULL) || (x->cert_info == NULL)) - return (0); -- return (X509_NAME_set(&x->cert_info.issuer, name)); -+ return (X509_NAME_set(&x->cert_info->issuer, name)); - } - - int X509_set_subject_name(X509 *x, X509_NAME *name) - { -- if (x == NULL) -+ if ((x == NULL) || (x->cert_info == NULL)) - return (0); -- return (X509_NAME_set(&x->cert_info.subject, name)); -+ return (X509_NAME_set(&x->cert_info->subject, name)); - } - --int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm) -+int X509_set_notBefore(X509 *x, const ASN1_TIME *tm) - { - ASN1_TIME *in; -- in = *ptm; -+ -+ if ((x == NULL) || (x->cert_info->validity == NULL)) -+ return (0); -+ in = x->cert_info->validity->notBefore; - if (in != tm) { -- in = ASN1_STRING_dup(tm); -+ in = M_ASN1_TIME_dup(tm); - if (in != NULL) { -- ASN1_TIME_free(*ptm); -- *ptm = in; -+ M_ASN1_TIME_free(x->cert_info->validity->notBefore); -+ x->cert_info->validity->notBefore = in; - } - } - return (in != NULL); - } - --int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm) -+int X509_set_notAfter(X509 *x, const ASN1_TIME *tm) - { -- if (x == NULL) -- return 0; -- return x509_set1_time(&x->cert_info.validity.notBefore, tm); --} -+ ASN1_TIME *in; - --int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm) --{ -- if (x == NULL) -- return 0; -- return x509_set1_time(&x->cert_info.validity.notAfter, tm); -+ if ((x == NULL) || (x->cert_info->validity == NULL)) -+ return (0); -+ in = x->cert_info->validity->notAfter; -+ if (in != tm) { -+ in = M_ASN1_TIME_dup(tm); -+ if (in != NULL) { -+ M_ASN1_TIME_free(x->cert_info->validity->notAfter); -+ x->cert_info->validity->notAfter = in; -+ } -+ } -+ return (in != NULL); - } - - int X509_set_pubkey(X509 *x, EVP_PKEY *pkey) - { -- if (x == NULL) -+ if ((x == NULL) || (x->cert_info == NULL)) - return (0); -- return (X509_PUBKEY_set(&(x->cert_info.key), pkey)); --} -- --int X509_up_ref(X509 *x) --{ -- int i; -- -- if (CRYPTO_atomic_add(&x->references, 1, &i, x->lock) <= 0) -- return 0; -- -- REF_PRINT_COUNT("X509", x); -- REF_ASSERT_ISNT(i < 2); -- return ((i > 1) ? 1 : 0); --} -- --long X509_get_version(const X509 *x) --{ -- return ASN1_INTEGER_get(x->cert_info.version); --} -- --const ASN1_TIME *X509_get0_notBefore(const X509 *x) --{ -- return x->cert_info.validity.notBefore; --} -- --const ASN1_TIME *X509_get0_notAfter(const X509 *x) --{ -- return x->cert_info.validity.notAfter; --} -- --ASN1_TIME *X509_getm_notBefore(const X509 *x) --{ -- return x->cert_info.validity.notBefore; --} -- --ASN1_TIME *X509_getm_notAfter(const X509 *x) --{ -- return x->cert_info.validity.notAfter; --} -- --int X509_get_signature_type(const X509 *x) --{ -- return EVP_PKEY_type(OBJ_obj2nid(x->sig_alg.algorithm)); --} -- --X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x) --{ -- return x->cert_info.key; --} -- --const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x) --{ -- return x->cert_info.extensions; --} -- --void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid, -- const ASN1_BIT_STRING **psuid) --{ -- if (piuid != NULL) -- *piuid = x->cert_info.issuerUID; -- if (psuid != NULL) -- *psuid = x->cert_info.subjectUID; --} -- --const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x) --{ -- return &x->cert_info.signature; -+ return (X509_PUBKEY_set(&(x->cert_info->key), pkey)); - } -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_trs.c b/Cryptlib/OpenSSL/crypto/x509/x509_trs.c -index a9bb88d..11e0763 100644 ---- a/Cryptlib/OpenSSL/crypto/x509/x509_trs.c -+++ b/Cryptlib/OpenSSL/crypto/x509/x509_trs.c -@@ -1,16 +1,65 @@ -+/* x509_trs.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include --#include "internal/x509_int.h" - - static int tr_cmp(const X509_TRUST *const *a, const X509_TRUST *const *b); - static void trtable_free(X509_TRUST *p); -@@ -45,7 +94,9 @@ static X509_TRUST trstandard[] = { - {X509_TRUST_TSA, 0, trust_1oidany, "TSA server", NID_time_stamp, NULL} - }; - --#define X509_TRUST_COUNT OSSL_NELEM(trstandard) -+#define X509_TRUST_COUNT (sizeof(trstandard)/sizeof(X509_TRUST)) -+ -+IMPLEMENT_STACK_OF(X509_TRUST) - - static STACK_OF(X509_TRUST) *trtable = NULL; - -@@ -66,11 +117,16 @@ int X509_check_trust(X509 *x, int id, int flags) - { - X509_TRUST *pt; - int idx; -- -+ if (id == -1) -+ return 1; - /* We get this as a default value */ -- if (id == X509_TRUST_DEFAULT) -- return obj_trust(NID_anyExtendedKeyUsage, x, -- flags | X509_TRUST_DO_SS_COMPAT); -+ if (id == 0) { -+ int rv; -+ rv = obj_trust(NID_anyExtendedKeyUsage, x, 0); -+ if (rv != X509_TRUST_UNTRUSTED) -+ return rv; -+ return trust_compat(NULL, x, 0); -+ } - idx = X509_TRUST_get_by_id(id); - if (idx == -1) - return default_trust(id, x, flags); -@@ -120,7 +176,7 @@ int X509_TRUST_set(int *t, int trust) - } - - int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int), -- const char *name, int arg1, void *arg2) -+ char *name, int arg1, void *arg2) - { - int idx; - X509_TRUST *trtmp; -@@ -134,7 +190,7 @@ int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int), - idx = X509_TRUST_get_by_id(id); - /* Need a new entry */ - if (idx == -1) { -- if ((trtmp = OPENSSL_malloc(sizeof(*trtmp))) == NULL) { -+ if (!(trtmp = OPENSSL_malloc(sizeof(X509_TRUST)))) { - X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE); - return 0; - } -@@ -146,9 +202,9 @@ int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int), - if (trtmp->flags & X509_TRUST_DYNAMIC_NAME) - OPENSSL_free(trtmp->name); - /* dup supplied name */ -- if ((trtmp->name = OPENSSL_strdup(name)) == NULL) { -+ if (!(trtmp->name = BUF_strdup(name))) { - X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE); -- goto err; -+ return 0; - } - /* Keep the dynamic flag of existing entry */ - trtmp->flags &= X509_TRUST_DYNAMIC; -@@ -162,23 +218,16 @@ int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int), - - /* If its a new entry manage the dynamic table */ - if (idx == -1) { -- if (trtable == NULL -- && (trtable = sk_X509_TRUST_new(tr_cmp)) == NULL) { -+ if (!trtable && !(trtable = sk_X509_TRUST_new(tr_cmp))) { - X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE); -- goto err;; -+ return 0; - } - if (!sk_X509_TRUST_push(trtable, trtmp)) { - X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE); -- goto err; -+ return 0; - } - } - return 1; -- err: -- if (idx == -1) { -- OPENSSL_free(trtmp->name); -- OPENSSL_free(trtmp); -- } -- return 0; - } - - static void trtable_free(X509_TRUST *p) -@@ -194,53 +243,50 @@ static void trtable_free(X509_TRUST *p) - - void X509_TRUST_cleanup(void) - { -+ unsigned int i; -+ for (i = 0; i < X509_TRUST_COUNT; i++) -+ trtable_free(trstandard + i); - sk_X509_TRUST_pop_free(trtable, trtable_free); - trtable = NULL; - } - --int X509_TRUST_get_flags(const X509_TRUST *xp) -+int X509_TRUST_get_flags(X509_TRUST *xp) - { - return xp->flags; - } - --char *X509_TRUST_get0_name(const X509_TRUST *xp) -+char *X509_TRUST_get0_name(X509_TRUST *xp) - { - return xp->name; - } - --int X509_TRUST_get_trust(const X509_TRUST *xp) -+int X509_TRUST_get_trust(X509_TRUST *xp) - { - return xp->trust; - } - - static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags) - { -+ if (x->aux && (x->aux->trust || x->aux->reject)) -+ return obj_trust(trust->arg1, x, flags); - /* -- * Declare the chain verified if the desired trust OID is not rejected in -- * any auxiliary trust info for this certificate, and the OID is either -- * expressly trusted, or else either "anyEKU" is trusted, or the -- * certificate is self-signed. -+ * we don't have any trust settings: for compatibility we return trusted -+ * if it is self signed - */ -- flags |= X509_TRUST_DO_SS_COMPAT | X509_TRUST_OK_ANY_EKU; -- return obj_trust(trust->arg1, x, flags); -+ return trust_compat(trust, x, flags); - } - - static int trust_1oid(X509_TRUST *trust, X509 *x, int flags) - { -- /* -- * Declare the chain verified only if the desired trust OID is not -- * rejected and is expressly trusted. Neither "anyEKU" nor "compat" -- * trust in self-signed certificates apply. -- */ -- flags &= ~(X509_TRUST_DO_SS_COMPAT | X509_TRUST_OK_ANY_EKU); -- return obj_trust(trust->arg1, x, flags); -+ if (x->aux) -+ return obj_trust(trust->arg1, x, flags); -+ return X509_TRUST_UNTRUSTED; - } - - static int trust_compat(X509_TRUST *trust, X509 *x, int flags) - { -- /* Call for side-effect of computing hash and caching extensions */ - X509_check_purpose(x, -1, 0); -- if ((flags & X509_TRUST_NO_SS_COMPAT) == 0 && x->ex_flags & EXFLAG_SS) -+ if (x->ex_flags & EXFLAG_SS) - return X509_TRUST_TRUSTED; - else - return X509_TRUST_UNTRUSTED; -@@ -248,51 +294,25 @@ static int trust_compat(X509_TRUST *trust, X509 *x, int flags) - - static int obj_trust(int id, X509 *x, int flags) - { -- X509_CERT_AUX *ax = x->aux; -+ ASN1_OBJECT *obj; - int i; -- -- if (ax && ax->reject) { -+ X509_CERT_AUX *ax; -+ ax = x->aux; -+ if (!ax) -+ return X509_TRUST_UNTRUSTED; -+ if (ax->reject) { - for (i = 0; i < sk_ASN1_OBJECT_num(ax->reject); i++) { -- ASN1_OBJECT *obj = sk_ASN1_OBJECT_value(ax->reject, i); -- int nid = OBJ_obj2nid(obj); -- -- if (nid == id || (nid == NID_anyExtendedKeyUsage && -- (flags & X509_TRUST_OK_ANY_EKU))) -+ obj = sk_ASN1_OBJECT_value(ax->reject, i); -+ if (OBJ_obj2nid(obj) == id) - return X509_TRUST_REJECTED; - } - } -- -- if (ax && ax->trust) { -+ if (ax->trust) { - for (i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) { -- ASN1_OBJECT *obj = sk_ASN1_OBJECT_value(ax->trust, i); -- int nid = OBJ_obj2nid(obj); -- -- if (nid == id || (nid == NID_anyExtendedKeyUsage && -- (flags & X509_TRUST_OK_ANY_EKU))) -+ obj = sk_ASN1_OBJECT_value(ax->trust, i); -+ if (OBJ_obj2nid(obj) == id) - return X509_TRUST_TRUSTED; - } -- /* -- * Reject when explicit trust EKU are set and none match. -- * -- * Returning untrusted is enough for for full chains that end in -- * self-signed roots, because when explicit trust is specified it -- * suppresses the default blanket trust of self-signed objects. -- * -- * But for partial chains, this is not enough, because absent a similar -- * trust-self-signed policy, non matching EKUs are indistinguishable -- * from lack of EKU constraints. -- * -- * Therefore, failure to match any trusted purpose must trigger an -- * explicit reject. -- */ -- return X509_TRUST_REJECTED; - } -- -- if ((flags & X509_TRUST_DO_SS_COMPAT) == 0) -- return X509_TRUST_UNTRUSTED; -- -- /* -- * Not rejected, and there is no list of accepted uses, try compat. -- */ -- return trust_compat(NULL, x, flags); -+ return X509_TRUST_UNTRUSTED; - } -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_txt.c b/Cryptlib/OpenSSL/crypto/x509/x509_txt.c -index 66e5fcd..35db095 100644 ---- a/Cryptlib/OpenSSL/crypto/x509/x509_txt.c -+++ b/Cryptlib/OpenSSL/crypto/x509/x509_txt.c -@@ -1,17 +1,66 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/x509/x509_txt.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include - #include - #include - --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include -@@ -21,11 +70,11 @@ - - const char *X509_verify_cert_error_string(long n) - { -+ static char buf[100]; -+ - switch ((int)n) { - case X509_V_OK: - return ("ok"); -- case X509_V_ERR_UNSPECIFIED: -- return ("unspecified certificate verification error"); - case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: - return ("unable to get issuer certificate"); - case X509_V_ERR_UNABLE_TO_GET_CRL: -@@ -42,10 +91,10 @@ const char *X509_verify_cert_error_string(long n) - return ("CRL signature failure"); - case X509_V_ERR_CERT_NOT_YET_VALID: - return ("certificate is not yet valid"); -- case X509_V_ERR_CERT_HAS_EXPIRED: -- return ("certificate has expired"); - case X509_V_ERR_CRL_NOT_YET_VALID: - return ("CRL is not yet valid"); -+ case X509_V_ERR_CERT_HAS_EXPIRED: -+ return ("certificate has expired"); - case X509_V_ERR_CRL_HAS_EXPIRED: - return ("CRL has expired"); - case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: -@@ -72,14 +121,23 @@ const char *X509_verify_cert_error_string(long n) - return ("certificate revoked"); - case X509_V_ERR_INVALID_CA: - return ("invalid CA certificate"); -+ case X509_V_ERR_INVALID_NON_CA: -+ return ("invalid non-CA certificate (has CA markings)"); - case X509_V_ERR_PATH_LENGTH_EXCEEDED: - return ("path length constraint exceeded"); -+ case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED: -+ return ("proxy path length constraint exceeded"); -+ case X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED: -+ return -+ ("proxy certificates not allowed, please set the appropriate flag"); - case X509_V_ERR_INVALID_PURPOSE: - return ("unsupported certificate purpose"); - case X509_V_ERR_CERT_UNTRUSTED: - return ("certificate not trusted"); - case X509_V_ERR_CERT_REJECTED: - return ("certificate rejected"); -+ case X509_V_ERR_APPLICATION_VERIFICATION: -+ return ("application verification failure"); - case X509_V_ERR_SUBJECT_ISSUER_MISMATCH: - return ("subject issuer mismatch"); - case X509_V_ERR_AKID_SKID_MISMATCH: -@@ -94,17 +152,10 @@ const char *X509_verify_cert_error_string(long n) - return ("unhandled critical extension"); - case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN: - return ("key usage does not include CRL signing"); -- case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION: -- return ("unhandled critical CRL extension"); -- case X509_V_ERR_INVALID_NON_CA: -- return ("invalid non-CA certificate (has CA markings)"); -- case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED: -- return ("proxy path length constraint exceeded"); - case X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE: - return ("key usage does not include digital signature"); -- case X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED: -- return -- ("proxy certificates not allowed, please set the appropriate flag"); -+ case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION: -+ return ("unhandled critical CRL extension"); - case X509_V_ERR_INVALID_EXTENSION: - return ("invalid or inconsistent certificate extension"); - case X509_V_ERR_INVALID_POLICY_EXTENSION: -@@ -117,14 +168,13 @@ const char *X509_verify_cert_error_string(long n) - return ("Unsupported extension feature"); - case X509_V_ERR_UNNESTED_RESOURCE: - return ("RFC 3779 resource not subset of parent's resources"); -+ - case X509_V_ERR_PERMITTED_VIOLATION: - return ("permitted subtree violation"); - case X509_V_ERR_EXCLUDED_VIOLATION: - return ("excluded subtree violation"); - case X509_V_ERR_SUBTREE_MINMAX: - return ("name constraints minimum and maximum not supported"); -- case X509_V_ERR_APPLICATION_VERIFICATION: -- return ("application verification failure"); - case X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: - return ("unsupported name constraint type"); - case X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: -@@ -133,8 +183,7 @@ const char *X509_verify_cert_error_string(long n) - return ("unsupported or invalid name syntax"); - case X509_V_ERR_CRL_PATH_VALIDATION_ERROR: - return ("CRL path validation error"); -- case X509_V_ERR_PATH_LOOP: -- return ("Path Loop"); -+ - case X509_V_ERR_SUITE_B_INVALID_VERSION: - return ("Suite B: certificate version invalid"); - case X509_V_ERR_SUITE_B_INVALID_ALGORITHM: -@@ -147,31 +196,23 @@ const char *X509_verify_cert_error_string(long n) - return ("Suite B: curve not allowed for this LOS"); - case X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256: - return ("Suite B: cannot sign P-384 with P-256"); -+ - case X509_V_ERR_HOSTNAME_MISMATCH: - return ("Hostname mismatch"); - case X509_V_ERR_EMAIL_MISMATCH: - return ("Email address mismatch"); - case X509_V_ERR_IP_ADDRESS_MISMATCH: - return ("IP address mismatch"); -- case X509_V_ERR_DANE_NO_MATCH: -- return ("No matching DANE TLSA records"); -- case X509_V_ERR_EE_KEY_TOO_SMALL: -- return ("EE certificate key too weak"); -- case X509_V_ERR_CA_KEY_TOO_SMALL: -- return ("CA certificate key too weak"); -- case X509_V_ERR_CA_MD_TOO_WEAK: -- return ("CA signature digest algorithm too weak"); -+ - case X509_V_ERR_INVALID_CALL: - return ("Invalid certificate verification context"); - case X509_V_ERR_STORE_LOOKUP: - return ("Issuer certificate lookup error"); -- case X509_V_ERR_NO_VALID_SCTS: -- return ("Certificate Transparency required, but no valid SCTs found"); - case X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION: - return ("proxy subject name violation"); - - default: -- /* Printing an error number into a static buffer is not thread-safe */ -- return ("unknown certificate verification error"); -+ BIO_snprintf(buf, sizeof buf, "error number %ld", n); -+ return (buf); - } - } -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_v3.c b/Cryptlib/OpenSSL/crypto/x509/x509_v3.c -index ad126ef..4a03445 100644 ---- a/Cryptlib/OpenSSL/crypto/x509/x509_v3.c -+++ b/Cryptlib/OpenSSL/crypto/x509/x509_v3.c -@@ -1,21 +1,69 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/x509/x509_v3.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include - #include - #include --#include "x509_lcl.h" - - int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x) - { -@@ -36,7 +84,7 @@ int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, int nid, - } - - int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk, -- const ASN1_OBJECT *obj, int lastpos) -+ ASN1_OBJECT *obj, int lastpos) - { - int n; - X509_EXTENSION *ex; -@@ -127,8 +175,10 @@ STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, - err: - X509err(X509_F_X509V3_ADD_EXT, ERR_R_MALLOC_FAILURE); - err2: -- X509_EXTENSION_free(new_ex); -- sk_X509_EXTENSION_free(sk); -+ if (new_ex != NULL) -+ X509_EXTENSION_free(new_ex); -+ if (sk != NULL) -+ sk_X509_EXTENSION_free(sk); - return (NULL); - } - -@@ -151,7 +201,7 @@ X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid, - } - - X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, -- const ASN1_OBJECT *obj, int crit, -+ ASN1_OBJECT *obj, int crit, - ASN1_OCTET_STRING *data) - { - X509_EXTENSION *ret; -@@ -181,13 +231,13 @@ X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, - return (NULL); - } - --int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj) -+int X509_EXTENSION_set_object(X509_EXTENSION *ex, ASN1_OBJECT *obj) - { - if ((ex == NULL) || (obj == NULL)) - return (0); - ASN1_OBJECT_free(ex->object); - ex->object = OBJ_dup(obj); -- return ex->object != NULL; -+ return (1); - } - - int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit) -@@ -204,7 +254,7 @@ int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data) - - if (ex == NULL) - return (0); -- i = ASN1_OCTET_STRING_set(&ex->value, data->data, data->length); -+ i = M_ASN1_OCTET_STRING_set(ex->value, data->data, data->length); - if (!i) - return (0); - return (1); -@@ -221,10 +271,10 @@ ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ex) - { - if (ex == NULL) - return (NULL); -- return &ex->value; -+ return (ex->value); - } - --int X509_EXTENSION_get_critical(const X509_EXTENSION *ex) -+int X509_EXTENSION_get_critical(X509_EXTENSION *ex) - { - if (ex == NULL) - return (0); -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c b/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c -index ebc4424..5bf3f07 100644 ---- a/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c -+++ b/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c -@@ -1,18 +1,66 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/x509/x509_vfy.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include - #include - #include --#include - --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include -@@ -21,9 +69,7 @@ - #include - #include - #include --#include --#include --#include "x509_lcl.h" -+#include "vpm_int.h" - - /* CRL score values */ - -@@ -63,23 +109,16 @@ - - #define CRL_SCORE_TIME_DELTA 0x002 - --static int build_chain(X509_STORE_CTX *ctx); --static int verify_chain(X509_STORE_CTX *ctx); --static int dane_verify(X509_STORE_CTX *ctx); - static int null_callback(int ok, X509_STORE_CTX *e); - static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); - static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x); - static int check_chain_extensions(X509_STORE_CTX *ctx); - static int check_name_constraints(X509_STORE_CTX *ctx); - static int check_id(X509_STORE_CTX *ctx); --static int check_trust(X509_STORE_CTX *ctx, int num_untrusted); -+static int check_trust(X509_STORE_CTX *ctx); - static int check_revocation(X509_STORE_CTX *ctx); - static int check_cert(X509_STORE_CTX *ctx); - static int check_policy(X509_STORE_CTX *ctx); --static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); --static int check_dane_issuer(X509_STORE_CTX *ctx, int depth); --static int check_key_level(X509_STORE_CTX *ctx, X509 *cert); --static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert); - - static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, - unsigned int *preasons, X509_CRL *crl, X509 *x); -@@ -98,20 +137,22 @@ static int check_crl_chain(X509_STORE_CTX *ctx, - STACK_OF(X509) *crl_path); - - static int internal_verify(X509_STORE_CTX *ctx); -+const char X509_version[] = "X.509" OPENSSL_VERSION_PTEXT; - - static int null_callback(int ok, X509_STORE_CTX *e) - { - return ok; - } - -+#if 0 -+static int x509_subject_cmp(X509 **a, X509 **b) -+{ -+ return X509_subject_name_cmp(*a, *b); -+} -+#endif - /* Return 1 is a certificate is self signed */ - static int cert_self_signed(X509 *x) - { -- /* -- * FIXME: x509v3_cache_extensions() needs to detect more failures and not -- * set EXFLAG_SET when that happens. Especially, if the failures are -- * parse errors, rather than memory pressure! -- */ - X509_check_purpose(x, -1, 0); - if (x->ex_flags & EXFLAG_SS) - return 1; -@@ -137,128 +178,30 @@ static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x) - break; - } - if (i < sk_X509_num(certs)) -- X509_up_ref(xtmp); -+ CRYPTO_add(&xtmp->references, 1, CRYPTO_LOCK_X509); - else - xtmp = NULL; - sk_X509_pop_free(certs, X509_free); - return xtmp; - } - --/*- -- * Inform the verify callback of an error. -- * If B is not NULL it is the error cert, otherwise use the chain cert at -- * B. -- * If B is not X509_V_OK, that's the error value, otherwise leave -- * unchanged (presumably set by the caller). -- * -- * Returns 0 to abort verification with an error, non-zero to continue. -- */ --static int verify_cb_cert(X509_STORE_CTX *ctx, X509 *x, int depth, int err) --{ -- ctx->error_depth = depth; -- ctx->current_cert = (x != NULL) ? x : sk_X509_value(ctx->chain, depth); -- if (err != X509_V_OK) -- ctx->error = err; -- return ctx->verify_cb(0, ctx); --} -- --/*- -- * Inform the verify callback of an error, CRL-specific variant. Here, the -- * error depth and certificate are already set, we just specify the error -- * number. -- * -- * Returns 0 to abort verification with an error, non-zero to continue. -- */ --static int verify_cb_crl(X509_STORE_CTX *ctx, int err) --{ -- ctx->error = err; -- return ctx->verify_cb(0, ctx); --} -- --static int check_auth_level(X509_STORE_CTX *ctx) --{ -- int i; -- int num = sk_X509_num(ctx->chain); -- -- if (ctx->param->auth_level <= 0) -- return 1; -- -- for (i = 0; i < num; ++i) { -- X509 *cert = sk_X509_value(ctx->chain, i); -- -- /* -- * We've already checked the security of the leaf key, so here we only -- * check the security of issuer keys. -- */ -- if (i > 0 && !check_key_level(ctx, cert) && -- verify_cb_cert(ctx, cert, i, X509_V_ERR_CA_KEY_TOO_SMALL) == 0) -- return 0; -- /* -- * We also check the signature algorithm security of all certificates -- * except those of the trust anchor at index num-1. -- */ -- if (i < num - 1 && !check_sig_level(ctx, cert) && -- verify_cb_cert(ctx, cert, i, X509_V_ERR_CA_MD_TOO_WEAK) == 0) -- return 0; -- } -- return 1; --} -- --static int verify_chain(X509_STORE_CTX *ctx) --{ -- int err; -- int ok; -- -- /* -- * Before either returning with an error, or continuing with CRL checks, -- * instantiate chain public key parameters. -- */ -- if ((ok = build_chain(ctx)) == 0 || -- (ok = check_chain_extensions(ctx)) == 0 || -- (ok = check_auth_level(ctx)) == 0 || -- (ok = check_name_constraints(ctx)) == 0 || -- (ok = check_id(ctx)) == 0 || 1) -- X509_get_pubkey_parameters(NULL, ctx->chain); -- if (ok == 0 || (ok = ctx->check_revocation(ctx)) == 0) -- return ok; -- -- err = X509_chain_check_suiteb(&ctx->error_depth, NULL, ctx->chain, -- ctx->param->flags); -- if (err != X509_V_OK) { -- if ((ok = verify_cb_cert(ctx, NULL, ctx->error_depth, err)) == 0) -- return ok; -- } -- -- /* Verify chain signatures and expiration times */ -- ok = (ctx->verify != NULL) ? ctx->verify(ctx) : internal_verify(ctx); -- if (!ok) -- return ok; -- --#ifndef OPENSSL_NO_RFC3779 -- /* RFC 3779 path validation, now that CRL check has been done */ -- if ((ok = X509v3_asid_validate_path(ctx)) == 0) -- return ok; -- if ((ok = X509v3_addr_validate_path(ctx)) == 0) -- return ok; --#endif -- -- /* If we get this far evaluate policies */ -- if (ctx->param->flags & X509_V_FLAG_POLICY_CHECK) -- ok = ctx->check_policy(ctx); -- return ok; --} -- - int X509_verify_cert(X509_STORE_CTX *ctx) - { -- SSL_DANE *dane = ctx->dane; -- int ret; -+ X509 *x, *xtmp, *xtmp2, *chain_ss = NULL; -+ int bad_chain = 0; -+ X509_VERIFY_PARAM *param = ctx->param; -+ int depth, i, ok = 0; -+ int num, j, retry; -+ int (*cb) (int xok, X509_STORE_CTX *xctx); -+ STACK_OF(X509) *sktmp = NULL; -+ int trust = X509_TRUST_UNTRUSTED; -+ int err; - - if (ctx->cert == NULL) { - X509err(X509_F_X509_VERIFY_CERT, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); - ctx->error = X509_V_ERR_INVALID_CALL; - return -1; - } -- - if (ctx->chain != NULL) { - /* - * This X509_STORE_CTX has already been used to verify a cert. We -@@ -269,6 +212,8 @@ int X509_verify_cert(X509_STORE_CTX *ctx) - return -1; - } - -+ cb = ctx->verify_cb; -+ - /* - * first we make sure the chain we are going to build is present and that - * the first entry is in place -@@ -277,48 +222,332 @@ int X509_verify_cert(X509_STORE_CTX *ctx) - (!sk_X509_push(ctx->chain, ctx->cert))) { - X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); - ctx->error = X509_V_ERR_OUT_OF_MEM; -- return -1; -+ ok = -1; -+ goto err; - } -- X509_up_ref(ctx->cert); -- ctx->num_untrusted = 1; -+ CRYPTO_add(&ctx->cert->references, 1, CRYPTO_LOCK_X509); -+ ctx->last_untrusted = 1; - -- /* If the peer's public key is too weak, we can stop early. */ -- if (!check_key_level(ctx, ctx->cert) && -- !verify_cb_cert(ctx, ctx->cert, 0, X509_V_ERR_EE_KEY_TOO_SMALL)) -- return 0; -+ /* We use a temporary STACK so we can chop and hack at it */ -+ if (ctx->untrusted != NULL -+ && (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) { -+ X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); -+ ctx->error = X509_V_ERR_OUT_OF_MEM; -+ ok = -1; -+ goto err; -+ } - -- if (DANETLS_ENABLED(dane)) -- ret = dane_verify(ctx); -- else -- ret = verify_chain(ctx); -+ num = sk_X509_num(ctx->chain); -+ x = sk_X509_value(ctx->chain, num - 1); -+ depth = param->depth; -+ -+ for (;;) { -+ /* If we have enough, we break */ -+ if (depth < num) -+ break; /* FIXME: If this happens, we should take -+ * note of it and, if appropriate, use the -+ * X509_V_ERR_CERT_CHAIN_TOO_LONG error code -+ * later. */ -+ -+ /* If we are self signed, we break */ -+ if (cert_self_signed(x)) -+ break; -+ /* -+ * If asked see if we can find issuer in trusted store first -+ */ -+ if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) { -+ ok = ctx->get_issuer(&xtmp, ctx, x); -+ if (ok < 0) { -+ ctx->error = X509_V_ERR_STORE_LOOKUP; -+ goto err; -+ } -+ /* -+ * If successful for now free up cert so it will be picked up -+ * again later. -+ */ -+ if (ok > 0) { -+ X509_free(xtmp); -+ break; -+ } -+ } -+ -+ /* If we were passed a cert chain, use it first */ -+ if (ctx->untrusted != NULL) { -+ xtmp = find_issuer(ctx, sktmp, x); -+ if (xtmp != NULL) { -+ if (!sk_X509_push(ctx->chain, xtmp)) { -+ X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); -+ ctx->error = X509_V_ERR_OUT_OF_MEM; -+ ok = -1; -+ goto err; -+ } -+ CRYPTO_add(&xtmp->references, 1, CRYPTO_LOCK_X509); -+ (void)sk_X509_delete_ptr(sktmp, xtmp); -+ ctx->last_untrusted++; -+ x = xtmp; -+ num++; -+ /* -+ * reparse the full chain for the next one -+ */ -+ continue; -+ } -+ } -+ break; -+ } -+ -+ /* Remember how many untrusted certs we have */ -+ j = num; -+ /* -+ * at this point, chain should contain a list of untrusted certificates. -+ * We now need to add at least one trusted one, if possible, otherwise we -+ * complain. -+ */ -+ -+ do { -+ /* -+ * Examine last certificate in chain and see if it is self signed. -+ */ -+ i = sk_X509_num(ctx->chain); -+ x = sk_X509_value(ctx->chain, i - 1); -+ if (cert_self_signed(x)) { -+ /* we have a self signed certificate */ -+ if (sk_X509_num(ctx->chain) == 1) { -+ /* -+ * We have a single self signed certificate: see if we can -+ * find it in the store. We must have an exact match to avoid -+ * possible impersonation. -+ */ -+ ok = ctx->get_issuer(&xtmp, ctx, x); -+ if ((ok <= 0) || X509_cmp(x, xtmp)) { -+ ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; -+ ctx->current_cert = x; -+ ctx->error_depth = i - 1; -+ if (ok == 1) -+ X509_free(xtmp); -+ bad_chain = 1; -+ ok = cb(0, ctx); -+ if (!ok) -+ goto err; -+ } else { -+ /* -+ * We have a match: replace certificate with store -+ * version so we get any trust settings. -+ */ -+ X509_free(x); -+ x = xtmp; -+ (void)sk_X509_set(ctx->chain, i - 1, x); -+ ctx->last_untrusted = 0; -+ } -+ } else { -+ /* -+ * extract and save self signed certificate for later use -+ */ -+ chain_ss = sk_X509_pop(ctx->chain); -+ ctx->last_untrusted--; -+ num--; -+ j--; -+ x = sk_X509_value(ctx->chain, num - 1); -+ } -+ } -+ /* We now lookup certs from the certificate store */ -+ for (;;) { -+ /* If we have enough, we break */ -+ if (depth < num) -+ break; -+ /* If we are self signed, we break */ -+ if (cert_self_signed(x)) -+ break; -+ ok = ctx->get_issuer(&xtmp, ctx, x); -+ -+ if (ok < 0) { -+ ctx->error = X509_V_ERR_STORE_LOOKUP; -+ goto err; -+ } -+ if (ok == 0) -+ break; -+ x = xtmp; -+ if (!sk_X509_push(ctx->chain, x)) { -+ X509_free(xtmp); -+ X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); -+ ctx->error = X509_V_ERR_OUT_OF_MEM; -+ ok = -1; -+ goto err; -+ } -+ num++; -+ } -+ -+ /* we now have our chain, lets check it... */ -+ if ((trust = check_trust(ctx)) == X509_TRUST_REJECTED) { -+ /* Callback already issued */ -+ ok = 0; -+ goto err; -+ } -+ -+ /* -+ * If it's not explicitly trusted then check if there is an alternative -+ * chain that could be used. We only do this if we haven't already -+ * checked via TRUSTED_FIRST and the user hasn't switched off alternate -+ * chain checking -+ */ -+ retry = 0; -+ if (trust != X509_TRUST_TRUSTED -+ && !(ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) -+ && !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) { -+ while (j-- > 1) { -+ xtmp2 = sk_X509_value(ctx->chain, j - 1); -+ ok = ctx->get_issuer(&xtmp, ctx, xtmp2); -+ if (ok < 0) { -+ ctx->error = X509_V_ERR_STORE_LOOKUP; -+ goto err; -+ } -+ /* Check if we found an alternate chain */ -+ if (ok > 0) { -+ /* -+ * Free up the found cert we'll add it again later -+ */ -+ X509_free(xtmp); -+ -+ /* -+ * Dump all the certs above this point - we've found an -+ * alternate chain -+ */ -+ while (num > j) { -+ xtmp = sk_X509_pop(ctx->chain); -+ X509_free(xtmp); -+ num--; -+ } -+ ctx->last_untrusted = sk_X509_num(ctx->chain); -+ retry = 1; -+ break; -+ } -+ } -+ } -+ } while (retry); -+ -+ /* -+ * If not explicitly trusted then indicate error unless it's a single -+ * self signed certificate in which case we've indicated an error already -+ * and set bad_chain == 1 -+ */ -+ if (trust != X509_TRUST_TRUSTED && !bad_chain) { -+ if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) { -+ if (ctx->last_untrusted >= num) -+ ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY; -+ else -+ ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT; -+ ctx->current_cert = x; -+ } else { -+ -+ sk_X509_push(ctx->chain, chain_ss); -+ num++; -+ ctx->last_untrusted = num; -+ ctx->current_cert = chain_ss; -+ ctx->error = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN; -+ chain_ss = NULL; -+ } -+ -+ ctx->error_depth = num - 1; -+ bad_chain = 1; -+ ok = cb(0, ctx); -+ if (!ok) -+ goto err; -+ } -+ -+ /* We have the chain complete: now we need to check its purpose */ -+ ok = check_chain_extensions(ctx); -+ -+ if (!ok) -+ goto err; -+ -+ /* Check name constraints */ -+ -+ ok = check_name_constraints(ctx); -+ -+ if (!ok) -+ goto err; -+ -+ ok = check_id(ctx); -+ -+ if (!ok) -+ goto err; -+ -+ /* We may as well copy down any DSA parameters that are required */ -+ X509_get_pubkey_parameters(NULL, ctx->chain); - - /* -- * Safety-net. If we are returning an error, we must also set ctx->error, -- * so that the chain is not considered verified should the error be ignored -- * (e.g. TLS with SSL_VERIFY_NONE). -+ * Check revocation status: we do this after copying parameters because -+ * they may be needed for CRL signature verification. - */ -- if (ret <= 0 && ctx->error == X509_V_OK) -+ -+ ok = ctx->check_revocation(ctx); -+ if (!ok) -+ goto err; -+ -+ err = X509_chain_check_suiteb(&ctx->error_depth, NULL, ctx->chain, -+ ctx->param->flags); -+ if (err != X509_V_OK) { -+ ctx->error = err; -+ ctx->current_cert = sk_X509_value(ctx->chain, ctx->error_depth); -+ ok = cb(0, ctx); -+ if (!ok) -+ goto err; -+ } -+ -+ /* At this point, we have a chain and need to verify it */ -+ if (ctx->verify != NULL) -+ ok = ctx->verify(ctx); -+ else -+ ok = internal_verify(ctx); -+ if (!ok) -+ goto err; -+ -+#ifndef OPENSSL_NO_RFC3779 -+ /* RFC 3779 path validation, now that CRL check has been done */ -+ ok = v3_asid_validate_path(ctx); -+ if (!ok) -+ goto err; -+ ok = v3_addr_validate_path(ctx); -+ if (!ok) -+ goto err; -+#endif -+ -+ /* If we get this far evaluate policies */ -+ if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK)) -+ ok = ctx->check_policy(ctx); -+ if (!ok) -+ goto err; -+ if (0) { -+ err: -+ /* Ensure we return an error */ -+ if (ok > 0) -+ ok = 0; -+ X509_get_pubkey_parameters(NULL, ctx->chain); -+ } -+ if (sktmp != NULL) -+ sk_X509_free(sktmp); -+ if (chain_ss != NULL) -+ X509_free(chain_ss); -+ -+ /* Safety net, error returns must set ctx->error */ -+ if (ok <= 0 && ctx->error == X509_V_OK) - ctx->error = X509_V_ERR_UNSPECIFIED; -- return ret; -+ return ok; - } - - /* - * Given a STACK_OF(X509) find the issuer of cert (if any) - */ -+ - static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x) - { - int i; -- X509 *issuer, *rv = NULL; -- -+ X509 *issuer; - for (i = 0; i < sk_X509_num(sk); i++) { - issuer = sk_X509_value(sk, i); -- if (ctx->check_issued(ctx, x, issuer)) { -- rv = issuer; -- if (x509_check_cert_time(ctx, rv, -1)) -- break; -- } -+ if (ctx->check_issued(ctx, x, issuer)) -+ return issuer; - } -- return rv; -+ return NULL; - } - - /* Given a possible certificate and issuer check them */ -@@ -326,25 +555,17 @@ static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x) - static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer) - { - int ret; -- if (x == issuer) -- return cert_self_signed(x); - ret = X509_check_issued(issuer, x); -- if (ret == X509_V_OK) { -- int i; -- X509 *ch; -- /* Special case: single self signed certificate */ -- if (cert_self_signed(x) && sk_X509_num(ctx->chain) == 1) -- return 1; -- for (i = 0; i < sk_X509_num(ctx->chain); i++) { -- ch = sk_X509_value(ctx->chain, i); -- if (ch == issuer || !X509_cmp(ch, issuer)) { -- ret = X509_V_ERR_PATH_LOOP; -- break; -- } -- } -- } -+ if (ret == X509_V_OK) -+ return 1; -+ /* If we haven't asked for issuer errors don't set ctx */ -+ if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK)) -+ return 0; - -- return (ret == X509_V_OK); -+ ctx->error = ret; -+ ctx->current_cert = x; -+ ctx->current_issuer = issuer; -+ return ctx->verify_cb(0, ctx); - } - - /* Alternative lookup method: look from a STACK stored in other_ctx */ -@@ -353,83 +574,12 @@ static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) - { - *issuer = find_issuer(ctx, ctx->other_ctx, x); - if (*issuer) { -- X509_up_ref(*issuer); -+ CRYPTO_add(&(*issuer)->references, 1, CRYPTO_LOCK_X509); - return 1; - } else - return 0; - } - --static STACK_OF(X509) *lookup_certs_sk(X509_STORE_CTX *ctx, X509_NAME *nm) --{ -- STACK_OF(X509) *sk = NULL; -- X509 *x; -- int i; -- for (i = 0; i < sk_X509_num(ctx->other_ctx); i++) { -- x = sk_X509_value(ctx->other_ctx, i); -- if (X509_NAME_cmp(nm, X509_get_subject_name(x)) == 0) { -- if (sk == NULL) -- sk = sk_X509_new_null(); -- if (sk == NULL || sk_X509_push(sk, x) == 0) { -- sk_X509_pop_free(sk, X509_free); -- return NULL; -- } -- X509_up_ref(x); -- } -- } -- return sk; --} -- --/* -- * Check EE or CA certificate purpose. For trusted certificates explicit local -- * auxiliary trust can be used to override EKU-restrictions. -- */ --static int check_purpose(X509_STORE_CTX *ctx, X509 *x, int purpose, int depth, -- int must_be_ca) --{ -- int tr_ok = X509_TRUST_UNTRUSTED; -- -- /* -- * For trusted certificates we want to see whether any auxiliary trust -- * settings trump the purpose constraints. -- * -- * This is complicated by the fact that the trust ordinals in -- * ctx->param->trust are entirely independent of the purpose ordinals in -- * ctx->param->purpose! -- * -- * What connects them is their mutual initialization via calls from -- * X509_STORE_CTX_set_default() into X509_VERIFY_PARAM_lookup() which sets -- * related values of both param->trust and param->purpose. It is however -- * typically possible to infer associated trust values from a purpose value -- * via the X509_PURPOSE API. -- * -- * Therefore, we can only check for trust overrides when the purpose we're -- * checking is the same as ctx->param->purpose and ctx->param->trust is -- * also set. -- */ -- if (depth >= ctx->num_untrusted && purpose == ctx->param->purpose) -- tr_ok = X509_check_trust(x, ctx->param->trust, X509_TRUST_NO_SS_COMPAT); -- -- switch (tr_ok) { -- case X509_TRUST_TRUSTED: -- return 1; -- case X509_TRUST_REJECTED: -- break; -- default: -- switch (X509_check_purpose(x, purpose, must_be_ca > 0)) { -- case 1: -- return 1; -- case 0: -- break; -- default: -- if ((ctx->param->flags & X509_V_FLAG_X509_STRICT) == 0) -- return 1; -- } -- break; -- } -- -- return verify_cb_cert(ctx, x, depth, X509_V_ERR_INVALID_PURPOSE); --} -- - /* - * Check a certificate chains extensions for consistency with the supplied - * purpose -@@ -437,12 +587,16 @@ static int check_purpose(X509_STORE_CTX *ctx, X509 *x, int purpose, int depth, - - static int check_chain_extensions(X509_STORE_CTX *ctx) - { -- int i, must_be_ca, plen = 0; -+#ifdef OPENSSL_NO_CHAIN_VERIFY -+ return 1; -+#else -+ int i, ok = 0, must_be_ca, plen = 0; - X509 *x; -+ int (*cb) (int xok, X509_STORE_CTX *xctx); - int proxy_path_length = 0; - int purpose; - int allow_proxy_certs; -- int num = sk_X509_num(ctx->chain); -+ cb = ctx->verify_cb; - - /*- - * must_be_ca can have 1 of 3 values: -@@ -462,22 +616,35 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) - } else { - allow_proxy_certs = - ! !(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS); -+ /* -+ * A hack to keep people who don't want to modify their software -+ * happy -+ */ -+ if (getenv("OPENSSL_ALLOW_PROXY_CERTS")) -+ allow_proxy_certs = 1; - purpose = ctx->param->purpose; - } - -- for (i = 0; i < num; i++) { -+ /* Check all untrusted certificates */ -+ for (i = 0; i < ctx->last_untrusted; i++) { - int ret; - x = sk_X509_value(ctx->chain, i); - if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) - && (x->ex_flags & EXFLAG_CRITICAL)) { -- if (!verify_cb_cert(ctx, x, i, -- X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION)) -- return 0; -+ ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION; -+ ctx->error_depth = i; -+ ctx->current_cert = x; -+ ok = cb(0, ctx); -+ if (!ok) -+ goto end; - } - if (!allow_proxy_certs && (x->ex_flags & EXFLAG_PROXY)) { -- if (!verify_cb_cert(ctx, x, i, -- X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED)) -- return 0; -+ ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED; -+ ctx->error_depth = i; -+ ctx->current_cert = x; -+ ok = cb(0, ctx); -+ if (!ok) -+ goto end; - } - ret = X509_check_ca(x); - switch (must_be_ca) { -@@ -497,9 +664,8 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) - ret = 1; - break; - default: -- /* X509_V_FLAG_X509_STRICT is implicit for intermediate CAs */ - if ((ret == 0) -- || ((i + 1 < num || ctx->param->flags & X509_V_FLAG_X509_STRICT) -+ || ((ctx->param->flags & X509_V_FLAG_X509_STRICT) - && (ret != 1))) { - ret = 0; - ctx->error = X509_V_ERR_INVALID_CA; -@@ -507,17 +673,36 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) - ret = 1; - break; - } -- if (ret == 0 && !verify_cb_cert(ctx, x, i, X509_V_OK)) -- return 0; -- /* check_purpose() makes the callback as needed */ -- if (purpose > 0 && !check_purpose(ctx, x, purpose, i, must_be_ca)) -- return 0; -- /* Check pathlen if not self issued */ -- if ((i > 1) && !(x->ex_flags & EXFLAG_SI) -+ if (ret == 0) { -+ ctx->error_depth = i; -+ ctx->current_cert = x; -+ ok = cb(0, ctx); -+ if (!ok) -+ goto end; -+ } -+ if (ctx->param->purpose > 0) { -+ ret = X509_check_purpose(x, purpose, must_be_ca > 0); -+ if ((ret == 0) -+ || ((ctx->param->flags & X509_V_FLAG_X509_STRICT) -+ && (ret != 1))) { -+ ctx->error = X509_V_ERR_INVALID_PURPOSE; -+ ctx->error_depth = i; -+ ctx->current_cert = x; -+ ok = cb(0, ctx); -+ if (!ok) -+ goto end; -+ } -+ } -+ /* Check pathlen if not self issued */ -+ if ((i > 1) && !(x->ex_flags & EXFLAG_SI) - && (x->ex_pathlen != -1) - && (plen > (x->ex_pathlen + proxy_path_length + 1))) { -- if (!verify_cb_cert(ctx, x, i, X509_V_ERR_PATH_LENGTH_EXCEEDED)) -- return 0; -+ ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED; -+ ctx->error_depth = i; -+ ctx->current_cert = x; -+ ok = cb(0, ctx); -+ if (!ok) -+ goto end; - } - /* Increment path length if not self issued */ - if (!(x->ex_flags & EXFLAG_SI)) -@@ -541,9 +726,12 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) - */ - if (x->ex_pcpathlen != -1) { - if (proxy_path_length > x->ex_pcpathlen) { -- if (!verify_cb_cert(ctx, x, i, -- X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED)) -- return 0; -+ ctx->error = X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED; -+ ctx->error_depth = i; -+ ctx->current_cert = x; -+ ok = cb(0, ctx); -+ if (!ok) -+ goto end; - } - proxy_path_length = x->ex_pcpathlen; - } -@@ -552,18 +740,19 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) - } else - must_be_ca = 1; - } -- return 1; -+ ok = 1; -+ end: -+ return ok; -+#endif - } - - static int check_name_constraints(X509_STORE_CTX *ctx) - { -- int i; -- -+ X509 *x; -+ int i, j, rv; - /* Check name constraints for all certificates */ - for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) { -- X509 *x = sk_X509_value(ctx->chain, i); -- int j; -- -+ x = sk_X509_value(ctx->chain, i); - /* Ignore self issued certs unless last in chain */ - if (i && (x->ex_flags & EXFLAG_SI)) - continue; -@@ -602,10 +791,8 @@ static int check_name_constraints(X509_STORE_CTX *ctx) - * Check that the last subject component isn't part of a - * multivalued RDN - */ -- if (X509_NAME_ENTRY_set(X509_NAME_get_entry(tmpsubject, -- last_object_loc)) -- == X509_NAME_ENTRY_set(X509_NAME_get_entry(tmpsubject, -- last_object_loc - 1))) { -+ if (X509_NAME_get_entry(tmpsubject, last_object_loc)->set -+ == X509_NAME_get_entry(tmpsubject, last_object_loc - 1)->set) { - err = X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION; - goto proxy_name_done; - } -@@ -635,9 +822,13 @@ static int check_name_constraints(X509_STORE_CTX *ctx) - X509_NAME_free(tmpsubject); - - proxy_name_done: -- if (err != X509_V_OK -- && !verify_cb_cert(ctx, x, i, err)) -- return 0; -+ if (err != X509_V_OK) { -+ ctx->error = err; -+ ctx->error_depth = i; -+ ctx->current_cert = x; -+ if (!ctx->verify_cb(0, ctx)) -+ return 0; -+ } - } - - /* -@@ -648,21 +839,19 @@ static int check_name_constraints(X509_STORE_CTX *ctx) - */ - for (j = sk_X509_num(ctx->chain) - 1; j > i; j--) { - NAME_CONSTRAINTS *nc = sk_X509_value(ctx->chain, j)->nc; -- - if (nc) { -- int rv = NAME_CONSTRAINTS_check(x, nc); -- -- /* If EE certificate check commonName too */ -- if (rv == X509_V_OK && i == 0) -- rv = NAME_CONSTRAINTS_check_CN(x, nc); -- -+ rv = NAME_CONSTRAINTS_check(x, nc); - switch (rv) { - case X509_V_OK: -- break; -+ continue; - case X509_V_ERR_OUT_OF_MEM: -+ ctx->error = rv; - return 0; - default: -- if (!verify_cb_cert(ctx, x, i, rv)) -+ ctx->error = rv; -+ ctx->error_depth = i; -+ ctx->current_cert = x; -+ if (!ctx->verify_cb(0, ctx)) - return 0; - break; - } -@@ -674,22 +863,25 @@ static int check_name_constraints(X509_STORE_CTX *ctx) - - static int check_id_error(X509_STORE_CTX *ctx, int errcode) - { -- return verify_cb_cert(ctx, ctx->cert, 0, errcode); -+ ctx->error = errcode; -+ ctx->current_cert = ctx->cert; -+ ctx->error_depth = 0; -+ return ctx->verify_cb(0, ctx); - } - --static int check_hosts(X509 *x, X509_VERIFY_PARAM *vpm) -+static int check_hosts(X509 *x, X509_VERIFY_PARAM_ID *id) - { - int i; -- int n = sk_OPENSSL_STRING_num(vpm->hosts); -+ int n = sk_OPENSSL_STRING_num(id->hosts); - char *name; - -- if (vpm->peername != NULL) { -- OPENSSL_free(vpm->peername); -- vpm->peername = NULL; -+ if (id->peername != NULL) { -+ OPENSSL_free(id->peername); -+ id->peername = NULL; - } - for (i = 0; i < n; ++i) { -- name = sk_OPENSSL_STRING_value(vpm->hosts, i); -- if (X509_check_host(x, name, 0, vpm->hostflags, &vpm->peername) > 0) -+ name = sk_OPENSSL_STRING_value(id->hosts, i); -+ if (X509_check_host(x, name, 0, id->hostflags, &id->peername) > 0) - return 1; - } - return n == 0; -@@ -698,95 +890,65 @@ static int check_hosts(X509 *x, X509_VERIFY_PARAM *vpm) - static int check_id(X509_STORE_CTX *ctx) - { - X509_VERIFY_PARAM *vpm = ctx->param; -+ X509_VERIFY_PARAM_ID *id = vpm->id; - X509 *x = ctx->cert; -- if (vpm->hosts && check_hosts(x, vpm) <= 0) { -+ if (id->hosts && check_hosts(x, id) <= 0) { - if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH)) - return 0; - } -- if (vpm->email && X509_check_email(x, vpm->email, vpm->emaillen, 0) <= 0) { -+ if (id->email && X509_check_email(x, id->email, id->emaillen, 0) <= 0) { - if (!check_id_error(ctx, X509_V_ERR_EMAIL_MISMATCH)) - return 0; - } -- if (vpm->ip && X509_check_ip(x, vpm->ip, vpm->iplen, 0) <= 0) { -+ if (id->ip && X509_check_ip(x, id->ip, id->iplen, 0) <= 0) { - if (!check_id_error(ctx, X509_V_ERR_IP_ADDRESS_MISMATCH)) - return 0; - } - return 1; - } - --static int check_trust(X509_STORE_CTX *ctx, int num_untrusted) -+static int check_trust(X509_STORE_CTX *ctx) - { -- int i; -+ int i, ok; - X509 *x = NULL; -- X509 *mx; -- SSL_DANE *dane = ctx->dane; -- int num = sk_X509_num(ctx->chain); -- int trust; -- -- /* -- * Check for a DANE issuer at depth 1 or greater, if it is a DANE-TA(2) -- * match, we're done, otherwise we'll merely record the match depth. -- */ -- if (DANETLS_HAS_TA(dane) && num_untrusted > 0 && num_untrusted < num) { -- switch (trust = check_dane_issuer(ctx, num_untrusted)) { -- case X509_TRUST_TRUSTED: -- case X509_TRUST_REJECTED: -- return trust; -- } -- } -- -- /* -- * Check trusted certificates in chain at depth num_untrusted and up. -- * Note, that depths 0..num_untrusted-1 may also contain trusted -- * certificates, but the caller is expected to have already checked those, -- * and wants to incrementally check just any added since. -- */ -- for (i = num_untrusted; i < num; i++) { -+ int (*cb) (int xok, X509_STORE_CTX *xctx); -+ cb = ctx->verify_cb; -+ /* Check all trusted certificates in chain */ -+ for (i = ctx->last_untrusted; i < sk_X509_num(ctx->chain); i++) { - x = sk_X509_value(ctx->chain, i); -- trust = X509_check_trust(x, ctx->param->trust, 0); -+ ok = X509_check_trust(x, ctx->param->trust, 0); - /* If explicitly trusted return trusted */ -- if (trust == X509_TRUST_TRUSTED) -- goto trusted; -- if (trust == X509_TRUST_REJECTED) -- goto rejected; -+ if (ok == X509_TRUST_TRUSTED) -+ return X509_TRUST_TRUSTED; -+ /* -+ * If explicitly rejected notify callback and reject if not -+ * overridden. -+ */ -+ if (ok == X509_TRUST_REJECTED) { -+ ctx->error_depth = i; -+ ctx->current_cert = x; -+ ctx->error = X509_V_ERR_CERT_REJECTED; -+ ok = cb(0, ctx); -+ if (!ok) -+ return X509_TRUST_REJECTED; -+ } - } -- - /* -- * If we are looking at a trusted certificate, and accept partial chains, -- * the chain is PKIX trusted. -+ * If we accept partial chains and have at least one trusted certificate -+ * return success. - */ -- if (num_untrusted < num) { -- if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) -- goto trusted; -- return X509_TRUST_UNTRUSTED; -- } -- -- if (num_untrusted == num && ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) { -- /* -- * Last-resort call with no new trusted certificates, check the leaf -- * for a direct trust store match. -- */ -- i = 0; -- x = sk_X509_value(ctx->chain, i); -+ if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) { -+ X509 *mx; -+ if (ctx->last_untrusted < sk_X509_num(ctx->chain)) -+ return X509_TRUST_TRUSTED; -+ x = sk_X509_value(ctx->chain, 0); - mx = lookup_cert_match(ctx, x); -- if (!mx) -- return X509_TRUST_UNTRUSTED; -- -- /* -- * Check explicit auxiliary trust/reject settings. If none are set, -- * we'll accept X509_TRUST_UNTRUSTED when not self-signed. -- */ -- trust = X509_check_trust(mx, ctx->param->trust, 0); -- if (trust == X509_TRUST_REJECTED) { -- X509_free(mx); -- goto rejected; -+ if (mx) { -+ (void)sk_X509_set(ctx->chain, 0, mx); -+ X509_free(x); -+ ctx->last_untrusted = 0; -+ return X509_TRUST_TRUSTED; - } -- -- /* Replace leaf with trusted match */ -- (void) sk_X509_set(ctx->chain, 0, mx); -- X509_free(x); -- ctx->num_untrusted = 0; -- goto trusted; - } - - /* -@@ -794,26 +956,11 @@ static int check_trust(X509_STORE_CTX *ctx, int num_untrusted) - * standard (no issuer cert) etc errors to be indicated. - */ - return X509_TRUST_UNTRUSTED; -- -- rejected: -- if (!verify_cb_cert(ctx, x, i, X509_V_ERR_CERT_REJECTED)) -- return X509_TRUST_REJECTED; -- return X509_TRUST_UNTRUSTED; -- -- trusted: -- if (!DANETLS_ENABLED(dane)) -- return X509_TRUST_TRUSTED; -- if (dane->pdpth < 0) -- dane->pdpth = num_untrusted; -- /* With DANE, PKIX alone is not trusted until we have both */ -- if (dane->mdpth >= 0) -- return X509_TRUST_TRUSTED; -- return X509_TRUST_UNTRUSTED; - } - - static int check_revocation(X509_STORE_CTX *ctx) - { -- int i = 0, last = 0, ok = 0; -+ int i, last, ok; - if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK)) - return 1; - if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL) -@@ -836,21 +983,19 @@ static int check_revocation(X509_STORE_CTX *ctx) - static int check_cert(X509_STORE_CTX *ctx) - { - X509_CRL *crl = NULL, *dcrl = NULL; -- int ok = 0; -- int cnum = ctx->error_depth; -- X509 *x = sk_X509_value(ctx->chain, cnum); -- -+ X509 *x; -+ int ok, cnum; -+ unsigned int last_reasons; -+ cnum = ctx->error_depth; -+ x = sk_X509_value(ctx->chain, cnum); - ctx->current_cert = x; - ctx->current_issuer = NULL; - ctx->current_crl_score = 0; - ctx->current_reasons = 0; -- - if (x->ex_flags & EXFLAG_PROXY) - return 1; -- - while (ctx->current_reasons != CRLDP_ALL_REASONS) { -- unsigned int last_reasons = ctx->current_reasons; -- -+ last_reasons = ctx->current_reasons; - /* Try to retrieve relevant CRL */ - if (ctx->get_crl) - ok = ctx->get_crl(ctx, &crl, x); -@@ -860,21 +1005,22 @@ static int check_cert(X509_STORE_CTX *ctx) - * If error looking up CRL, nothing we can do except notify callback - */ - if (!ok) { -- ok = verify_cb_crl(ctx, X509_V_ERR_UNABLE_TO_GET_CRL); -- goto done; -+ ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL; -+ ok = ctx->verify_cb(0, ctx); -+ goto err; - } - ctx->current_crl = crl; - ok = ctx->check_crl(ctx, crl); - if (!ok) -- goto done; -+ goto err; - - if (dcrl) { - ok = ctx->check_crl(ctx, dcrl); - if (!ok) -- goto done; -+ goto err; - ok = ctx->cert_crl(ctx, dcrl, x); - if (!ok) -- goto done; -+ goto err; - } else - ok = 1; - -@@ -882,7 +1028,7 @@ static int check_cert(X509_STORE_CTX *ctx) - if (ok != 2) { - ok = ctx->cert_crl(ctx, crl, x); - if (!ok) -- goto done; -+ goto err; - } - - X509_CRL_free(crl); -@@ -890,20 +1036,22 @@ static int check_cert(X509_STORE_CTX *ctx) - crl = NULL; - dcrl = NULL; - /* -- * If reasons not updated we won't get anywhere by another iteration, -+ * If reasons not updated we wont get anywhere by another iteration, - * so exit loop. - */ - if (last_reasons == ctx->current_reasons) { -- ok = verify_cb_crl(ctx, X509_V_ERR_UNABLE_TO_GET_CRL); -- goto done; -+ ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL; -+ ok = ctx->verify_cb(0, ctx); -+ goto err; - } - } -- done: -+ err: - X509_CRL_free(crl); - X509_CRL_free(dcrl); - - ctx->current_crl = NULL; - return ok; -+ - } - - /* Check CRL times against values in X509_STORE_CTX */ -@@ -912,7 +1060,6 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) - { - time_t *ptime; - int i; -- - if (notify) - ctx->current_crl = crl; - if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) -@@ -922,35 +1069,39 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) - else - ptime = NULL; - -- i = X509_cmp_time(X509_CRL_get0_lastUpdate(crl), ptime); -+ i = X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime); - if (i == 0) { - if (!notify) - return 0; -- if (!verify_cb_crl(ctx, X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD)) -+ ctx->error = X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD; -+ if (!ctx->verify_cb(0, ctx)) - return 0; - } - - if (i > 0) { - if (!notify) - return 0; -- if (!verify_cb_crl(ctx, X509_V_ERR_CRL_NOT_YET_VALID)) -+ ctx->error = X509_V_ERR_CRL_NOT_YET_VALID; -+ if (!ctx->verify_cb(0, ctx)) - return 0; - } - -- if (X509_CRL_get0_nextUpdate(crl)) { -- i = X509_cmp_time(X509_CRL_get0_nextUpdate(crl), ptime); -+ if (X509_CRL_get_nextUpdate(crl)) { -+ i = X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime); - - if (i == 0) { - if (!notify) - return 0; -- if (!verify_cb_crl(ctx, X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD)) -+ ctx->error = X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD; -+ if (!ctx->verify_cb(0, ctx)) - return 0; - } - /* Ignore expiry of base CRL is delta is valid */ - if ((i < 0) && !(ctx->current_crl_score & CRL_SCORE_TIME_DELTA)) { - if (!notify) - return 0; -- if (!verify_cb_crl(ctx, X509_V_ERR_CRL_HAS_EXPIRED)) -+ ctx->error = X509_V_ERR_CRL_HAS_EXPIRED; -+ if (!ctx->verify_cb(0, ctx)) - return 0; - } - } -@@ -980,8 +1131,8 @@ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, - /* If current CRL is equivalent use it if it is newer */ - if (crl_score == best_score && best_crl != NULL) { - int day, sec; -- if (ASN1_TIME_diff(&day, &sec, X509_CRL_get0_lastUpdate(best_crl), -- X509_CRL_get0_lastUpdate(crl)) == 0) -+ if (ASN1_TIME_diff(&day, &sec, X509_CRL_get_lastUpdate(best_crl), -+ X509_CRL_get_lastUpdate(crl)) == 0) - continue; - /* - * ASN1_TIME_diff never returns inconsistent signs for |day| -@@ -997,14 +1148,17 @@ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, - } - - if (best_crl) { -- X509_CRL_free(*pcrl); -+ if (*pcrl) -+ X509_CRL_free(*pcrl); - *pcrl = best_crl; - *pissuer = best_crl_issuer; - *pscore = best_score; - *preasons = best_reasons; -- X509_CRL_up_ref(best_crl); -- X509_CRL_free(*pdcrl); -- *pdcrl = NULL; -+ CRYPTO_add(&best_crl->references, 1, CRYPTO_LOCK_X509_CRL); -+ if (*pdcrl) { -+ X509_CRL_free(*pdcrl); -+ *pdcrl = NULL; -+ } - get_delta_sk(ctx, pdcrl, pscore, best_crl, crls); - } - -@@ -1100,7 +1254,7 @@ static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pscore, - if (check_delta_base(delta, base)) { - if (check_crl_time(ctx, delta, 0)) - *pscore |= CRL_SCORE_TIME_DELTA; -- X509_CRL_up_ref(delta); -+ CRYPTO_add(&delta->references, 1, CRYPTO_LOCK_X509_CRL); - *dcrl = delta; - return; - } -@@ -1242,7 +1396,6 @@ static int check_crl_path(X509_STORE_CTX *ctx, X509 *x) - { - X509_STORE_CTX crl_ctx; - int ret; -- - /* Don't allow recursive CRL path validation */ - if (ctx->parent) - return 0; -@@ -1258,10 +1411,12 @@ static int check_crl_path(X509_STORE_CTX *ctx, X509 *x) - - /* Verify CRL issuer */ - ret = X509_verify_cert(&crl_ctx); -+ - if (ret <= 0) - goto err; - - /* Check chain is acceptable */ -+ - ret = check_crl_chain(ctx, ctx->chain, crl_ctx.chain); - err: - X509_STORE_CTX_cleanup(&crl_ctx); -@@ -1418,10 +1573,10 @@ static int get_crl_delta(X509_STORE_CTX *ctx, - X509_CRL *crl = NULL, *dcrl = NULL; - STACK_OF(X509_CRL) *skcrl; - X509_NAME *nm = X509_get_issuer_name(x); -- - reasons = ctx->current_reasons; - ok = get_crl_sk(ctx, &crl, &dcrl, - &issuer, &crl_score, &reasons, ctx->crls); -+ - if (ok) - goto done; - -@@ -1438,6 +1593,7 @@ static int get_crl_delta(X509_STORE_CTX *ctx, - sk_X509_CRL_pop_free(skcrl, X509_CRL_free); - - done: -+ - /* If we got any kind of CRL use it and return success */ - if (crl) { - ctx->current_issuer = issuer; -@@ -1447,6 +1603,7 @@ static int get_crl_delta(X509_STORE_CTX *ctx, - *pdcrl = dcrl; - return 1; - } -+ - return 0; - } - -@@ -1455,12 +1612,13 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) - { - X509 *issuer = NULL; - EVP_PKEY *ikey = NULL; -- int cnum = ctx->error_depth; -- int chnum = sk_X509_num(ctx->chain) - 1; -- -+ int ok = 0, chnum, cnum; -+ cnum = ctx->error_depth; -+ chnum = sk_X509_num(ctx->chain) - 1; - /* if we have an alternative CRL issuer cert use that */ - if (ctx->current_issuer) - issuer = ctx->current_issuer; -+ - /* - * Else find CRL issuer: if not last certificate then issuer is next - * certificate in chain. -@@ -1470,85 +1628,121 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) - else { - issuer = sk_X509_value(ctx->chain, chnum); - /* If not self signed, can't check signature */ -- if (!ctx->check_issued(ctx, issuer, issuer) && -- !verify_cb_crl(ctx, X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER)) -- return 0; -+ if (!ctx->check_issued(ctx, issuer, issuer)) { -+ ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER; -+ ok = ctx->verify_cb(0, ctx); -+ if (!ok) -+ goto err; -+ } - } - -- if (issuer == NULL) -- return 1; -+ if (issuer) { -+ /* -+ * Skip most tests for deltas because they have already been done -+ */ -+ if (!crl->base_crl_number) { -+ /* Check for cRLSign bit if keyUsage present */ -+ if ((issuer->ex_flags & EXFLAG_KUSAGE) && -+ !(issuer->ex_kusage & KU_CRL_SIGN)) { -+ ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN; -+ ok = ctx->verify_cb(0, ctx); -+ if (!ok) -+ goto err; -+ } - -- /* -- * Skip most tests for deltas because they have already been done -- */ -- if (!crl->base_crl_number) { -- /* Check for cRLSign bit if keyUsage present */ -- if ((issuer->ex_flags & EXFLAG_KUSAGE) && -- !(issuer->ex_kusage & KU_CRL_SIGN) && -- !verify_cb_crl(ctx, X509_V_ERR_KEYUSAGE_NO_CRL_SIGN)) -- return 0; -+ if (!(ctx->current_crl_score & CRL_SCORE_SCOPE)) { -+ ctx->error = X509_V_ERR_DIFFERENT_CRL_SCOPE; -+ ok = ctx->verify_cb(0, ctx); -+ if (!ok) -+ goto err; -+ } - -- if (!(ctx->current_crl_score & CRL_SCORE_SCOPE) && -- !verify_cb_crl(ctx, X509_V_ERR_DIFFERENT_CRL_SCOPE)) -- return 0; -+ if (!(ctx->current_crl_score & CRL_SCORE_SAME_PATH)) { -+ if (check_crl_path(ctx, ctx->current_issuer) <= 0) { -+ ctx->error = X509_V_ERR_CRL_PATH_VALIDATION_ERROR; -+ ok = ctx->verify_cb(0, ctx); -+ if (!ok) -+ goto err; -+ } -+ } - -- if (!(ctx->current_crl_score & CRL_SCORE_SAME_PATH) && -- check_crl_path(ctx, ctx->current_issuer) <= 0 && -- !verify_cb_crl(ctx, X509_V_ERR_CRL_PATH_VALIDATION_ERROR)) -- return 0; -+ if (crl->idp_flags & IDP_INVALID) { -+ ctx->error = X509_V_ERR_INVALID_EXTENSION; -+ ok = ctx->verify_cb(0, ctx); -+ if (!ok) -+ goto err; -+ } - -- if ((crl->idp_flags & IDP_INVALID) && -- !verify_cb_crl(ctx, X509_V_ERR_INVALID_EXTENSION)) -- return 0; -- } -+ } - -- if (!(ctx->current_crl_score & CRL_SCORE_TIME) && -- !check_crl_time(ctx, crl, 1)) -- return 0; -+ if (!(ctx->current_crl_score & CRL_SCORE_TIME)) { -+ ok = check_crl_time(ctx, crl, 1); -+ if (!ok) -+ goto err; -+ } - -- /* Attempt to get issuer certificate public key */ -- ikey = X509_get0_pubkey(issuer); -+ /* Attempt to get issuer certificate public key */ -+ ikey = X509_get_pubkey(issuer); - -- if (!ikey && -- !verify_cb_crl(ctx, X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY)) -- return 0; -+ if (!ikey) { -+ ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; -+ ok = ctx->verify_cb(0, ctx); -+ if (!ok) -+ goto err; -+ } else { -+ int rv; -+ rv = X509_CRL_check_suiteb(crl, ikey, ctx->param->flags); -+ if (rv != X509_V_OK) { -+ ctx->error = rv; -+ ok = ctx->verify_cb(0, ctx); -+ if (!ok) -+ goto err; -+ } -+ /* Verify CRL signature */ -+ if (X509_CRL_verify(crl, ikey) <= 0) { -+ ctx->error = X509_V_ERR_CRL_SIGNATURE_FAILURE; -+ ok = ctx->verify_cb(0, ctx); -+ if (!ok) -+ goto err; -+ } -+ } -+ } - -- if (ikey) { -- int rv = X509_CRL_check_suiteb(crl, ikey, ctx->param->flags); -+ ok = 1; - -- if (rv != X509_V_OK && !verify_cb_crl(ctx, rv)) -- return 0; -- /* Verify CRL signature */ -- if (X509_CRL_verify(crl, ikey) <= 0 && -- !verify_cb_crl(ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE)) -- return 0; -- } -- return 1; -+ err: -+ EVP_PKEY_free(ikey); -+ return ok; - } - - /* Check certificate against CRL */ - static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x) - { -+ int ok; - X509_REVOKED *rev; -- - /* - * The rules changed for this... previously if a CRL contained unhandled - * critical extensions it could still be used to indicate a certificate -- * was revoked. This has since been changed since critical extensions can -+ * was revoked. This has since been changed since critical extension can - * change the meaning of CRL entries. - */ - if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) -- && (crl->flags & EXFLAG_CRITICAL) && -- !verify_cb_crl(ctx, X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION)) -- return 0; -+ && (crl->flags & EXFLAG_CRITICAL)) { -+ ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION; -+ ok = ctx->verify_cb(0, ctx); -+ if (!ok) -+ return 0; -+ } - /* -- * Look for serial number of certificate in CRL. If found, make sure -- * reason is not removeFromCRL. -+ * Look for serial number of certificate in CRL If found make sure reason -+ * is not removeFromCRL. - */ - if (X509_CRL_get0_by_cert(crl, &rev, x)) { - if (rev->reason == CRL_REASON_REMOVE_FROM_CRL) - return 2; -- if (!verify_cb_crl(ctx, X509_V_ERR_CERT_REVOKED)) -+ ctx->error = X509_V_ERR_CERT_REVOKED; -+ ok = ctx->verify_cb(0, ctx); -+ if (!ok) - return 0; - } - -@@ -1558,60 +1752,38 @@ static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x) - static int check_policy(X509_STORE_CTX *ctx) - { - int ret; -- - if (ctx->parent) - return 1; -- /* -- * With DANE, the trust anchor might be a bare public key, not a -- * certificate! In that case our chain does not have the trust anchor -- * certificate as a top-most element. This comports well with RFC5280 -- * chain verification, since there too, the trust anchor is not part of the -- * chain to be verified. In particular, X509_policy_check() does not look -- * at the TA cert, but assumes that it is present as the top-most chain -- * element. We therefore temporarily push a NULL cert onto the chain if it -- * was verified via a bare public key, and pop it off right after the -- * X509_policy_check() call. -- */ -- if (ctx->bare_ta_signed && !sk_X509_push(ctx->chain, NULL)) { -- X509err(X509_F_CHECK_POLICY, ERR_R_MALLOC_FAILURE); -- ctx->error = X509_V_ERR_OUT_OF_MEM; -- return 0; -- } - ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain, - ctx->param->policies, ctx->param->flags); -- if (ctx->bare_ta_signed) -- sk_X509_pop(ctx->chain); -- -- if (ret == X509_PCY_TREE_INTERNAL) { -+ if (ret == 0) { - X509err(X509_F_CHECK_POLICY, ERR_R_MALLOC_FAILURE); - ctx->error = X509_V_ERR_OUT_OF_MEM; - return 0; - } - /* Invalid or inconsistent extensions */ -- if (ret == X509_PCY_TREE_INVALID) { -+ if (ret == -1) { -+ /* -+ * Locate certificates with bad extensions and notify callback. -+ */ -+ X509 *x; - int i; -- -- /* Locate certificates with bad extensions and notify callback. */ - for (i = 1; i < sk_X509_num(ctx->chain); i++) { -- X509 *x = sk_X509_value(ctx->chain, i); -- -+ x = sk_X509_value(ctx->chain, i); - if (!(x->ex_flags & EXFLAG_INVALID_POLICY)) - continue; -- if (!verify_cb_cert(ctx, x, i, -- X509_V_ERR_INVALID_POLICY_EXTENSION)) -+ ctx->current_cert = x; -+ ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION; -+ if (!ctx->verify_cb(0, ctx)) - return 0; - } - return 1; - } -- if (ret == X509_PCY_TREE_FAILURE) { -+ if (ret == -2) { - ctx->current_cert = NULL; - ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY; - return ctx->verify_cb(0, ctx); - } -- if (ret != X509_PCY_TREE_VALID) { -- X509err(X509_F_CHECK_POLICY, ERR_R_INTERNAL_ERROR); -- return 0; -- } - - if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) { - ctx->current_cert = NULL; -@@ -1628,14 +1800,7 @@ static int check_policy(X509_STORE_CTX *ctx) - return 1; - } - --/*- -- * Check certificate validity times. -- * If depth >= 0, invoke verification callbacks on error, otherwise just return -- * the validation status. -- * -- * Return 1 on success, 0 otherwise. -- */ --int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth) -+static int check_cert_time(X509_STORE_CTX *ctx, X509 *x) - { - time_t *ptime; - int i; -@@ -1647,42 +1812,52 @@ int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth) - else - ptime = NULL; - -- i = X509_cmp_time(X509_get0_notBefore(x), ptime); -- if (i >= 0 && depth < 0) -- return 0; -- if (i == 0 && !verify_cb_cert(ctx, x, depth, -- X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD)) -- return 0; -- if (i > 0 && !verify_cb_cert(ctx, x, depth, X509_V_ERR_CERT_NOT_YET_VALID)) -- return 0; -+ i = X509_cmp_time(X509_get_notBefore(x), ptime); -+ if (i == 0) { -+ ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD; -+ ctx->current_cert = x; -+ if (!ctx->verify_cb(0, ctx)) -+ return 0; -+ } -+ -+ if (i > 0) { -+ ctx->error = X509_V_ERR_CERT_NOT_YET_VALID; -+ ctx->current_cert = x; -+ if (!ctx->verify_cb(0, ctx)) -+ return 0; -+ } -+ -+ i = X509_cmp_time(X509_get_notAfter(x), ptime); -+ if (i == 0) { -+ ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD; -+ ctx->current_cert = x; -+ if (!ctx->verify_cb(0, ctx)) -+ return 0; -+ } -+ -+ if (i < 0) { -+ ctx->error = X509_V_ERR_CERT_HAS_EXPIRED; -+ ctx->current_cert = x; -+ if (!ctx->verify_cb(0, ctx)) -+ return 0; -+ } - -- i = X509_cmp_time(X509_get0_notAfter(x), ptime); -- if (i <= 0 && depth < 0) -- return 0; -- if (i == 0 && !verify_cb_cert(ctx, x, depth, -- X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD)) -- return 0; -- if (i < 0 && !verify_cb_cert(ctx, x, depth, X509_V_ERR_CERT_HAS_EXPIRED)) -- return 0; - return 1; - } - - static int internal_verify(X509_STORE_CTX *ctx) - { -- int n = sk_X509_num(ctx->chain) - 1; -- X509 *xi = sk_X509_value(ctx->chain, n); -- X509 *xs; -+ int ok = 0, n; -+ X509 *xs, *xi; -+ EVP_PKEY *pkey = NULL; -+ int (*cb) (int xok, X509_STORE_CTX *xctx); - -- /* -- * With DANE-verified bare public key TA signatures, it remains only to -- * check the timestamps of the top certificate. We report the issuer as -- * NULL, since all we have is a bare key. -- */ -- if (ctx->bare_ta_signed) { -- xs = xi; -- xi = NULL; -- goto check_cert; -- } -+ cb = ctx->verify_cb; -+ -+ n = sk_X509_num(ctx->chain); -+ ctx->error_depth = n - 1; -+ n--; -+ xi = sk_X509_value(ctx->chain, n); - - if (ctx->check_issued(ctx, xi, xi)) - xs = xi; -@@ -1691,60 +1866,72 @@ static int internal_verify(X509_STORE_CTX *ctx) - xs = xi; - goto check_cert; - } -- if (n <= 0) -- return verify_cb_cert(ctx, xi, 0, -- X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE); -- n--; -- ctx->error_depth = n; -- xs = sk_X509_value(ctx->chain, n); -+ if (n <= 0) { -+ ctx->error = X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE; -+ ctx->current_cert = xi; -+ ok = cb(0, ctx); -+ goto end; -+ } else { -+ n--; -+ ctx->error_depth = n; -+ xs = sk_X509_value(ctx->chain, n); -+ } - } - -- /* -- * Do not clear ctx->error=0, it must be "sticky", only the user's callback -- * is allowed to reset errors (at its own peril). -- */ -+/* ctx->error=0; not needed */ - while (n >= 0) { -- EVP_PKEY *pkey; -+ ctx->error_depth = n; - - /* -- * Skip signature check for self signed certificates unless explicitly -- * asked for. It doesn't add any security and just wastes time. If -- * the issuer's public key is unusable, report the issuer certificate -- * and its depth (rather than the depth of the subject). -+ * Skip signature check for self signed certificates unless -+ * explicitly asked for. It doesn't add any security and just wastes -+ * time. - */ -- if (xs != xi || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE)) { -- if ((pkey = X509_get0_pubkey(xi)) == NULL) { -- if (!verify_cb_cert(ctx, xi, xi != xs ? n+1 : n, -- X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY)) -- return 0; -+ if (!xs->valid -+ && (xs != xi -+ || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE))) { -+ if ((pkey = X509_get_pubkey(xi)) == NULL) { -+ ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; -+ ctx->current_cert = xi; -+ ok = (*cb) (0, ctx); -+ if (!ok) -+ goto end; - } else if (X509_verify(xs, pkey) <= 0) { -- if (!verify_cb_cert(ctx, xs, n, -- X509_V_ERR_CERT_SIGNATURE_FAILURE)) -- return 0; -+ ctx->error = X509_V_ERR_CERT_SIGNATURE_FAILURE; -+ ctx->current_cert = xs; -+ ok = (*cb) (0, ctx); -+ if (!ok) { -+ EVP_PKEY_free(pkey); -+ goto end; -+ } - } -+ EVP_PKEY_free(pkey); -+ pkey = NULL; - } - -+ xs->valid = 1; -+ - check_cert: -- /* Calls verify callback as needed */ -- if (!x509_check_cert_time(ctx, xs, n)) -- return 0; -+ ok = check_cert_time(ctx, xs); -+ if (!ok) -+ goto end; - -- /* -- * Signal success at this depth. However, the previous error (if any) -- * is retained. -- */ -+ /* The last error (if any) is still in the error value */ - ctx->current_issuer = xi; - ctx->current_cert = xs; -- ctx->error_depth = n; -- if (!ctx->verify_cb(1, ctx)) -- return 0; -+ ok = (*cb) (1, ctx); -+ if (!ok) -+ goto end; - -- if (--n >= 0) { -+ n--; -+ if (n >= 0) { - xi = xs; - xs = sk_X509_value(ctx->chain, n); - } - } -- return 1; -+ ok = 1; -+ end: -+ return ok; - } - - int X509_cmp_current_time(const ASN1_TIME *ctm) -@@ -1907,7 +2094,7 @@ int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain) - return 1; - - for (i = 0; i < sk_X509_num(chain); i++) { -- ktmp = X509_get0_pubkey(sk_X509_value(chain, i)); -+ ktmp = X509_get_pubkey(sk_X509_value(chain, i)); - if (ktmp == NULL) { - X509err(X509_F_X509_GET_PUBKEY_PARAMETERS, - X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY); -@@ -1915,6 +2102,10 @@ int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain) - } - if (!EVP_PKEY_missing_parameters(ktmp)) - break; -+ else { -+ EVP_PKEY_free(ktmp); -+ ktmp = NULL; -+ } - } - if (ktmp == NULL) { - X509err(X509_F_X509_GET_PUBKEY_PARAMETERS, -@@ -1924,12 +2115,14 @@ int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain) - - /* first, populate the other certs */ - for (j = i - 1; j >= 0; j--) { -- ktmp2 = X509_get0_pubkey(sk_X509_value(chain, j)); -+ ktmp2 = X509_get_pubkey(sk_X509_value(chain, j)); - EVP_PKEY_copy_parameters(ktmp2, ktmp); -+ EVP_PKEY_free(ktmp2); - } - - if (pkey != NULL) - EVP_PKEY_copy_parameters(pkey, ktmp); -+ EVP_PKEY_free(ktmp); - return 1; - } - -@@ -1978,15 +2171,15 @@ X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, - } - /* Create new CRL */ - crl = X509_CRL_new(); -- if (crl == NULL || !X509_CRL_set_version(crl, 1)) -+ if (!crl || !X509_CRL_set_version(crl, 1)) - goto memerr; - /* Set issuer name */ - if (!X509_CRL_set_issuer_name(crl, X509_CRL_get_issuer(newer))) - goto memerr; - -- if (!X509_CRL_set1_lastUpdate(crl, X509_CRL_get0_lastUpdate(newer))) -+ if (!X509_CRL_set_lastUpdate(crl, X509_CRL_get_lastUpdate(newer))) - goto memerr; -- if (!X509_CRL_set1_nextUpdate(crl, X509_CRL_get0_nextUpdate(newer))) -+ if (!X509_CRL_set_nextUpdate(crl, X509_CRL_get_nextUpdate(newer))) - goto memerr; - - /* Set base CRL number: must be critical */ -@@ -2017,7 +2210,7 @@ X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, - * Add only if not also in base. TODO: need something cleverer here - * for some more complex CRLs covering multiple CAs. - */ -- if (!X509_CRL_get0_by_serial(base, &rvtmp, &rvn->serialNumber)) { -+ if (!X509_CRL_get0_by_serial(base, &rvtmp, rvn->serialNumber)) { - rvtmp = X509_REVOKED_dup(rvn); - if (!rvtmp) - goto memerr; -@@ -2036,10 +2229,24 @@ X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, - - memerr: - X509err(X509_F_X509_CRL_DIFF, ERR_R_MALLOC_FAILURE); -- X509_CRL_free(crl); -+ if (crl) -+ X509_CRL_free(crl); - return NULL; - } - -+int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, -+ CRYPTO_EX_new *new_func, -+ CRYPTO_EX_dup *dup_func, -+ CRYPTO_EX_free *free_func) -+{ -+ /* -+ * This function is (usually) called only once, by -+ * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c). -+ */ -+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, argl, argp, -+ new_func, dup_func, free_func); -+} -+ - int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data) - { - return CRYPTO_set_ex_data(&ctx->ex_data, idx, data); -@@ -2065,22 +2272,12 @@ int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx) - return ctx->error_depth; - } - --void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth) --{ -- ctx->error_depth = depth; --} -- - X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx) - { - return ctx->current_cert; - } - --void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x) --{ -- ctx->current_cert = x; --} -- --STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx) -+STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx) - { - return ctx->chain; - } -@@ -2112,6 +2309,11 @@ void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x) - ctx->cert = x; - } - -+void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) -+{ -+ ctx->untrusted = sk; -+} -+ - void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk) - { - ctx->crls = sk; -@@ -2119,20 +2321,11 @@ void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk) - - int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose) - { -- /* -- * XXX: Why isn't this function always used to set the associated trust? -- * Should there even be a VPM->trust field at all? Or should the trust -- * always be inferred from the purpose by X509_STORE_CTX_init(). -- */ - return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0); - } - - int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust) - { -- /* -- * XXX: See above, this function would only be needed when the default -- * trust for the purpose needs an override in a corner case. -- */ - return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust); - } - -@@ -2166,11 +2359,6 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, - ptmp = X509_PURPOSE_get0(idx); - if (ptmp->trust == X509_TRUST_DEFAULT) { - idx = X509_PURPOSE_get_by_id(def_purpose); -- /* -- * XXX: In the two callers above def_purpose is always 0, which is -- * not a known value, so idx will always be -1. How is the -- * X509_TRUST_DEFAULT case actually supposed to be handled? -- */ - if (idx == -1) { - X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT, - X509_R_UNKNOWN_PURPOSE_ID); -@@ -2200,20 +2388,20 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, - - X509_STORE_CTX *X509_STORE_CTX_new(void) - { -- X509_STORE_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); -- -- if (ctx == NULL) { -+ X509_STORE_CTX *ctx; -+ ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX)); -+ if (!ctx) { - X509err(X509_F_X509_STORE_CTX_NEW, ERR_R_MALLOC_FAILURE); - return NULL; - } -+ memset(ctx, 0, sizeof(X509_STORE_CTX)); - return ctx; - } - - void X509_STORE_CTX_free(X509_STORE_CTX *ctx) - { -- if (ctx == NULL) -+ if (!ctx) - return; -- - X509_STORE_CTX_cleanup(ctx); - OPENSSL_free(ctx); - } -@@ -2222,12 +2410,12 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, - STACK_OF(X509) *chain) - { - int ret = 1; -- - ctx->ctx = store; -+ ctx->current_method = 0; - ctx->cert = x509; - ctx->untrusted = chain; - ctx->crls = NULL; -- ctx->num_untrusted = 0; -+ ctx->last_untrusted = 0; - ctx->other_ctx = NULL; - ctx->valid = 0; - ctx->chain = NULL; -@@ -2241,17 +2429,39 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, - ctx->current_reasons = 0; - ctx->tree = NULL; - ctx->parent = NULL; -- ctx->dane = NULL; -- ctx->bare_ta_signed = 0; - /* Zero ex_data to make sure we're cleanup-safe */ - memset(&ctx->ex_data, 0, sizeof(ctx->ex_data)); - -- /* store->cleanup is always 0 in OpenSSL, if set must be idempotent */ -+ ctx->param = X509_VERIFY_PARAM_new(); -+ if (!ctx->param) { -+ X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ -+ /* -+ * Inherit callbacks and flags from X509_STORE if not set use defaults. -+ */ - if (store) -- ctx->cleanup = store->cleanup; -+ ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param); - else -+ ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT | X509_VP_FLAG_ONCE; -+ -+ if (store) { -+ ctx->verify_cb = store->verify_cb; -+ /* Seems to always be 0 in OpenSSL, else must be idempotent */ -+ ctx->cleanup = store->cleanup; -+ } else - ctx->cleanup = 0; - -+ if (ret) -+ ret = X509_VERIFY_PARAM_inherit(ctx->param, -+ X509_VERIFY_PARAM_lookup("default")); -+ -+ if (ret == 0) { -+ X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ - if (store && store->check_issued) - ctx->check_issued = store->check_issued; - else -@@ -2292,79 +2502,41 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, - else - ctx->cert_crl = cert_crl; - -- if (store && store->check_policy) -- ctx->check_policy = store->check_policy; -- else -- ctx->check_policy = check_policy; -- - if (store && store->lookup_certs) - ctx->lookup_certs = store->lookup_certs; - else -- ctx->lookup_certs = X509_STORE_CTX_get1_certs; -+ ctx->lookup_certs = X509_STORE_get1_certs; - - if (store && store->lookup_crls) - ctx->lookup_crls = store->lookup_crls; - else -- ctx->lookup_crls = X509_STORE_CTX_get1_crls; -+ ctx->lookup_crls = X509_STORE_get1_crls; - -- ctx->param = X509_VERIFY_PARAM_new(); -- if (ctx->param == NULL) { -- X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE); -- goto err; -- } -+ ctx->check_policy = check_policy; -+ -+ if (CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, -+ &ctx->ex_data)) -+ return 1; -+ X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE); - -+ err: - /* -- * Inherit callbacks and flags from X509_STORE if not set use defaults. -+ * On error clean up allocated storage, if the store context was not -+ * allocated with X509_STORE_CTX_new() this is our last chance to do so. - */ -- if (store) -- ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param); -- else -- ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT | X509_VP_FLAG_ONCE; -- -- if (ret) -- ret = X509_VERIFY_PARAM_inherit(ctx->param, -- X509_VERIFY_PARAM_lookup("default")); -- -- if (ret == 0) { -- X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- /* -- * XXX: For now, continue to inherit trust from VPM, but infer from the -- * purpose if this still yields the default value. -- */ -- if (ctx->param->trust == X509_TRUST_DEFAULT) { -- int idx = X509_PURPOSE_get_by_id(ctx->param->purpose); -- X509_PURPOSE *xp = X509_PURPOSE_get0(idx); -- -- if (xp != NULL) -- ctx->param->trust = X509_PURPOSE_get_trust(xp); -- } -- -- if (CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, -- &ctx->ex_data)) -- return 1; -- X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE); -- -- err: -- /* -- * On error clean up allocated storage, if the store context was not -- * allocated with X509_STORE_CTX_new() this is our last chance to do so. -- */ -- X509_STORE_CTX_cleanup(ctx); -- return 0; --} -+ X509_STORE_CTX_cleanup(ctx); -+ return 0; -+} - - /* - * Set alternative lookup method: just a STACK of trusted certificates. This - * avoids X509_STORE nastiness where it isn't needed. - */ --void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) -+ -+void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) - { - ctx->other_ctx = sk; - ctx->get_issuer = get_issuer_sk; -- ctx->lookup_certs = lookup_certs_sk; - } - - void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx) -@@ -2385,12 +2557,16 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx) - X509_VERIFY_PARAM_free(ctx->param); - ctx->param = NULL; - } -- X509_policy_tree_free(ctx->tree); -- ctx->tree = NULL; -- sk_X509_pop_free(ctx->chain, X509_free); -- ctx->chain = NULL; -+ if (ctx->tree != NULL) { -+ X509_policy_tree_free(ctx->tree); -+ ctx->tree = NULL; -+ } -+ if (ctx->chain != NULL) { -+ sk_X509_pop_free(ctx->chain, X509_free); -+ ctx->chain = NULL; -+ } - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data)); -- memset(&ctx->ex_data, 0, sizeof(ctx->ex_data)); -+ memset(&ctx->ex_data, 0, sizeof(CRYPTO_EX_DATA)); - } - - void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth) -@@ -2409,99 +2585,12 @@ void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, - X509_VERIFY_PARAM_set_time(ctx->param, t); - } - --X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx) --{ -- return ctx->cert; --} -- --STACK_OF(X509) *X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx) --{ -- return ctx->untrusted; --} -- --void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) --{ -- ctx->untrusted = sk; --} -- --void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) --{ -- sk_X509_pop_free(ctx->chain, X509_free); -- ctx->chain = sk; --} -- - void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, -- X509_STORE_CTX_verify_cb verify_cb) -+ int (*verify_cb) (int, X509_STORE_CTX *)) - { - ctx->verify_cb = verify_cb; - } - --X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx) --{ -- return ctx->verify_cb; --} -- --void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, -- X509_STORE_CTX_verify_fn verify) --{ -- ctx->verify = verify; --} -- --X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx) --{ -- return ctx->verify; --} -- --X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(X509_STORE_CTX *ctx) --{ -- return ctx->get_issuer; --} -- --X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx) --{ -- return ctx->check_issued; --} -- --X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(X509_STORE_CTX *ctx) --{ -- return ctx->check_revocation; --} -- --X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(X509_STORE_CTX *ctx) --{ -- return ctx->get_crl; --} -- --X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(X509_STORE_CTX *ctx) --{ -- return ctx->check_crl; --} -- --X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(X509_STORE_CTX *ctx) --{ -- return ctx->cert_crl; --} -- --X509_STORE_CTX_check_policy_fn X509_STORE_CTX_get_check_policy(X509_STORE_CTX *ctx) --{ -- return ctx->check_policy; --} -- --X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(X509_STORE_CTX *ctx) --{ -- return ctx->lookup_certs; --} -- --X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(X509_STORE_CTX *ctx) --{ -- return ctx->lookup_crls; --} -- --X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx) --{ -- return ctx->cleanup; --} -- - X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx) - { - return ctx->tree; -@@ -2512,11 +2601,6 @@ int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx) - return ctx->explicit_policy; - } - --int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx) --{ -- return ctx->num_untrusted; --} -- - int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name) - { - const X509_VERIFY_PARAM *param; -@@ -2533,743 +2617,17 @@ X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx) - - void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param) - { -- X509_VERIFY_PARAM_free(ctx->param); -+ if (ctx->param) -+ X509_VERIFY_PARAM_free(ctx->param); - ctx->param = param; - } - --void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, SSL_DANE *dane) --{ -- ctx->dane = dane; --} -- --static unsigned char *dane_i2d( -- X509 *cert, -- uint8_t selector, -- unsigned int *i2dlen) --{ -- unsigned char *buf = NULL; -- int len; -- -- /* -- * Extract ASN.1 DER form of certificate or public key. -- */ -- switch (selector) { -- case DANETLS_SELECTOR_CERT: -- len = i2d_X509(cert, &buf); -- break; -- case DANETLS_SELECTOR_SPKI: -- len = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), &buf); -- break; -- default: -- X509err(X509_F_DANE_I2D, X509_R_BAD_SELECTOR); -- return NULL; -- } -- -- if (len < 0 || buf == NULL) { -- X509err(X509_F_DANE_I2D, ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- -- *i2dlen = (unsigned int)len; -- return buf; --} -- --#define DANETLS_NONE 256 /* impossible uint8_t */ -- --static int dane_match(X509_STORE_CTX *ctx, X509 *cert, int depth) --{ -- SSL_DANE *dane = ctx->dane; -- unsigned usage = DANETLS_NONE; -- unsigned selector = DANETLS_NONE; -- unsigned ordinal = DANETLS_NONE; -- unsigned mtype = DANETLS_NONE; -- unsigned char *i2dbuf = NULL; -- unsigned int i2dlen = 0; -- unsigned char mdbuf[EVP_MAX_MD_SIZE]; -- unsigned char *cmpbuf = NULL; -- unsigned int cmplen = 0; -- int i; -- int recnum; -- int matched = 0; -- danetls_record *t = NULL; -- uint32_t mask; -- -- mask = (depth == 0) ? DANETLS_EE_MASK : DANETLS_TA_MASK; -- -- /* -- * The trust store is not applicable with DANE-TA(2) -- */ -- if (depth >= ctx->num_untrusted) -- mask &= DANETLS_PKIX_MASK; -- -- /* -- * If we've previously matched a PKIX-?? record, no need to test any -- * further PKIX-?? records, it remains to just build the PKIX chain. -- * Had the match been a DANE-?? record, we'd be done already. -- */ -- if (dane->mdpth >= 0) -- mask &= ~DANETLS_PKIX_MASK; -- -- /*- -- * https://tools.ietf.org/html/rfc7671#section-5.1 -- * https://tools.ietf.org/html/rfc7671#section-5.2 -- * https://tools.ietf.org/html/rfc7671#section-5.3 -- * https://tools.ietf.org/html/rfc7671#section-5.4 -- * -- * We handle DANE-EE(3) records first as they require no chain building -- * and no expiration or hostname checks. We also process digests with -- * higher ordinals first and ignore lower priorities except Full(0) which -- * is always processed (last). If none match, we then process PKIX-EE(1). -- * -- * NOTE: This relies on DANE usages sorting before the corresponding PKIX -- * usages in SSL_dane_tlsa_add(), and also on descending sorting of digest -- * priorities. See twin comment in ssl/ssl_lib.c. -- * -- * We expect that most TLSA RRsets will have just a single usage, so we -- * don't go out of our way to cache multiple selector-specific i2d buffers -- * across usages, but if the selector happens to remain the same as switch -- * usages, that's OK. Thus, a set of "3 1 1", "3 0 1", "1 1 1", "1 0 1", -- * records would result in us generating each of the certificate and public -- * key DER forms twice, but more typically we'd just see multiple "3 1 1" -- * or multiple "3 0 1" records. -- * -- * As soon as we find a match at any given depth, we stop, because either -- * we've matched a DANE-?? record and the peer is authenticated, or, after -- * exhausting all DANE-?? records, we've matched a PKIX-?? record, which is -- * sufficient for DANE, and what remains to do is ordinary PKIX validation. -- */ -- recnum = (dane->umask & mask) ? sk_danetls_record_num(dane->trecs) : 0; -- for (i = 0; matched == 0 && i < recnum; ++i) { -- t = sk_danetls_record_value(dane->trecs, i); -- if ((DANETLS_USAGE_BIT(t->usage) & mask) == 0) -- continue; -- if (t->usage != usage) { -- usage = t->usage; -- -- /* Reset digest agility for each usage/selector pair */ -- mtype = DANETLS_NONE; -- ordinal = dane->dctx->mdord[t->mtype]; -- } -- if (t->selector != selector) { -- selector = t->selector; -- -- /* Update per-selector state */ -- OPENSSL_free(i2dbuf); -- i2dbuf = dane_i2d(cert, selector, &i2dlen); -- if (i2dbuf == NULL) -- return -1; -- -- /* Reset digest agility for each usage/selector pair */ -- mtype = DANETLS_NONE; -- ordinal = dane->dctx->mdord[t->mtype]; -- } else if (t->mtype != DANETLS_MATCHING_FULL) { -- /*- -- * Digest agility: -- * -- * -- * -- * For a fixed selector, after processing all records with the -- * highest mtype ordinal, ignore all mtypes with lower ordinals -- * other than "Full". -- */ -- if (dane->dctx->mdord[t->mtype] < ordinal) -- continue; -- } -- -- /* -- * Each time we hit a (new selector or) mtype, re-compute the relevant -- * digest, more complex caching is not worth the code space. -- */ -- if (t->mtype != mtype) { -- const EVP_MD *md = dane->dctx->mdevp[mtype = t->mtype]; -- cmpbuf = i2dbuf; -- cmplen = i2dlen; -- -- if (md != NULL) { -- cmpbuf = mdbuf; -- if (!EVP_Digest(i2dbuf, i2dlen, cmpbuf, &cmplen, md, 0)) { -- matched = -1; -- break; -- } -- } -- } -- -- /* -- * Squirrel away the certificate and depth if we have a match. Any -- * DANE match is dispositive, but with PKIX we still need to build a -- * full chain. -- */ -- if (cmplen == t->dlen && -- memcmp(cmpbuf, t->data, cmplen) == 0) { -- if (DANETLS_USAGE_BIT(usage) & DANETLS_DANE_MASK) -- matched = 1; -- if (matched || dane->mdpth < 0) { -- dane->mdpth = depth; -- dane->mtlsa = t; -- OPENSSL_free(dane->mcert); -- dane->mcert = cert; -- X509_up_ref(cert); -- } -- break; -- } -- } -- -- /* Clear the one-element DER cache */ -- OPENSSL_free(i2dbuf); -- return matched; --} -- --static int check_dane_issuer(X509_STORE_CTX *ctx, int depth) --{ -- SSL_DANE *dane = ctx->dane; -- int matched = 0; -- X509 *cert; -+IMPLEMENT_STACK_OF(X509) - -- if (!DANETLS_HAS_TA(dane) || depth == 0) -- return X509_TRUST_UNTRUSTED; -+IMPLEMENT_ASN1_SET_OF(X509) - -- /* -- * Record any DANE trust-anchor matches, for the first depth to test, if -- * there's one at that depth. (This'll be false for length 1 chains looking -- * for an exact match for the leaf certificate). -- */ -- cert = sk_X509_value(ctx->chain, depth); -- if (cert != NULL && (matched = dane_match(ctx, cert, depth)) < 0) -- return X509_TRUST_REJECTED; -- if (matched > 0) { -- ctx->num_untrusted = depth - 1; -- return X509_TRUST_TRUSTED; -- } -- -- return X509_TRUST_UNTRUSTED; --} -- --static int check_dane_pkeys(X509_STORE_CTX *ctx) --{ -- SSL_DANE *dane = ctx->dane; -- danetls_record *t; -- int num = ctx->num_untrusted; -- X509 *cert = sk_X509_value(ctx->chain, num - 1); -- int recnum = sk_danetls_record_num(dane->trecs); -- int i; -- -- for (i = 0; i < recnum; ++i) { -- t = sk_danetls_record_value(dane->trecs, i); -- if (t->usage != DANETLS_USAGE_DANE_TA || -- t->selector != DANETLS_SELECTOR_SPKI || -- t->mtype != DANETLS_MATCHING_FULL || -- X509_verify(cert, t->spki) <= 0) -- continue; -+IMPLEMENT_STACK_OF(X509_NAME) - -- /* Clear any PKIX-?? matches that failed to extend to a full chain */ -- X509_free(dane->mcert); -- dane->mcert = NULL; -+IMPLEMENT_STACK_OF(X509_ATTRIBUTE) - -- /* Record match via a bare TA public key */ -- ctx->bare_ta_signed = 1; -- dane->mdpth = num - 1; -- dane->mtlsa = t; -- -- /* Prune any excess chain certificates */ -- num = sk_X509_num(ctx->chain); -- for (; num > ctx->num_untrusted; --num) -- X509_free(sk_X509_pop(ctx->chain)); -- -- return X509_TRUST_TRUSTED; -- } -- -- return X509_TRUST_UNTRUSTED; --} -- --static void dane_reset(SSL_DANE *dane) --{ -- /* -- * Reset state to verify another chain, or clear after failure. -- */ -- X509_free(dane->mcert); -- dane->mcert = NULL; -- dane->mtlsa = NULL; -- dane->mdpth = -1; -- dane->pdpth = -1; --} -- --static int check_leaf_suiteb(X509_STORE_CTX *ctx, X509 *cert) --{ -- int err = X509_chain_check_suiteb(NULL, cert, NULL, ctx->param->flags); -- -- if (err == X509_V_OK) -- return 1; -- return verify_cb_cert(ctx, cert, 0, err); --} -- --static int dane_verify(X509_STORE_CTX *ctx) --{ -- X509 *cert = ctx->cert; -- SSL_DANE *dane = ctx->dane; -- int matched; -- int done; -- -- dane_reset(dane); -- -- /*- -- * When testing the leaf certificate, if we match a DANE-EE(3) record, -- * dane_match() returns 1 and we're done. If however we match a PKIX-EE(1) -- * record, the match depth and matching TLSA record are recorded, but the -- * return value is 0, because we still need to find a PKIX trust-anchor. -- * Therefore, when DANE authentication is enabled (required), we're done -- * if: -- * + matched < 0, internal error. -- * + matched == 1, we matched a DANE-EE(3) record -- * + matched == 0, mdepth < 0 (no PKIX-EE match) and there are no -- * DANE-TA(2) or PKIX-TA(0) to test. -- */ -- matched = dane_match(ctx, ctx->cert, 0); -- done = matched != 0 || (!DANETLS_HAS_TA(dane) && dane->mdpth < 0); -- -- if (done) -- X509_get_pubkey_parameters(NULL, ctx->chain); -- -- if (matched > 0) { -- /* Callback invoked as needed */ -- if (!check_leaf_suiteb(ctx, cert)) -- return 0; -- /* Callback invoked as needed */ -- if ((dane->flags & DANE_FLAG_NO_DANE_EE_NAMECHECKS) == 0 && -- !check_id(ctx)) -- return 0; -- /* Bypass internal_verify(), issue depth 0 success callback */ -- ctx->error_depth = 0; -- ctx->current_cert = cert; -- return ctx->verify_cb(1, ctx); -- } -- -- if (matched < 0) { -- ctx->error_depth = 0; -- ctx->current_cert = cert; -- ctx->error = X509_V_ERR_OUT_OF_MEM; -- return -1; -- } -- -- if (done) { -- /* Fail early, TA-based success is not possible */ -- if (!check_leaf_suiteb(ctx, cert)) -- return 0; -- return verify_cb_cert(ctx, cert, 0, X509_V_ERR_DANE_NO_MATCH); -- } -- -- /* -- * Chain verification for usages 0/1/2. TLSA record matching of depth > 0 -- * certificates happens in-line with building the rest of the chain. -- */ -- return verify_chain(ctx); --} -- --/* Get issuer, without duplicate suppression */ --static int get_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *cert) --{ -- STACK_OF(X509) *saved_chain = ctx->chain; -- int ok; -- -- ctx->chain = NULL; -- ok = ctx->get_issuer(issuer, ctx, cert); -- ctx->chain = saved_chain; -- -- return ok; --} -- --static int build_chain(X509_STORE_CTX *ctx) --{ -- SSL_DANE *dane = ctx->dane; -- int num = sk_X509_num(ctx->chain); -- X509 *cert = sk_X509_value(ctx->chain, num - 1); -- int ss = cert_self_signed(cert); -- STACK_OF(X509) *sktmp = NULL; -- unsigned int search; -- int may_trusted = 0; -- int may_alternate = 0; -- int trust = X509_TRUST_UNTRUSTED; -- int alt_untrusted = 0; -- int depth; -- int ok = 0; -- int i; -- -- /* Our chain starts with a single untrusted element. */ -- OPENSSL_assert(num == 1 && ctx->num_untrusted == num); -- --#define S_DOUNTRUSTED (1 << 0) /* Search untrusted chain */ --#define S_DOTRUSTED (1 << 1) /* Search trusted store */ --#define S_DOALTERNATE (1 << 2) /* Retry with pruned alternate chain */ -- /* -- * Set up search policy, untrusted if possible, trusted-first if enabled. -- * If we're doing DANE and not doing PKIX-TA/PKIX-EE, we never look in the -- * trust_store, otherwise we might look there first. If not trusted-first, -- * and alternate chains are not disabled, try building an alternate chain -- * if no luck with untrusted first. -- */ -- search = (ctx->untrusted != NULL) ? S_DOUNTRUSTED : 0; -- if (DANETLS_HAS_PKIX(dane) || !DANETLS_HAS_DANE(dane)) { -- if (search == 0 || ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) -- search |= S_DOTRUSTED; -- else if (!(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) -- may_alternate = 1; -- may_trusted = 1; -- } -- -- /* -- * Shallow-copy the stack of untrusted certificates (with TLS, this is -- * typically the content of the peer's certificate message) so can make -- * multiple passes over it, while free to remove elements as we go. -- */ -- if (ctx->untrusted && (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) { -- X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE); -- ctx->error = X509_V_ERR_OUT_OF_MEM; -- return 0; -- } -- -- /* -- * If we got any "DANE-TA(2) Cert(0) Full(0)" trust-anchors from DNS, add -- * them to our working copy of the untrusted certificate stack. Since the -- * caller of X509_STORE_CTX_init() may have provided only a leaf cert with -- * no corresponding stack of untrusted certificates, we may need to create -- * an empty stack first. [ At present only the ssl library provides DANE -- * support, and ssl_verify_cert_chain() always provides a non-null stack -- * containing at least the leaf certificate, but we must be prepared for -- * this to change. ] -- */ -- if (DANETLS_ENABLED(dane) && dane->certs != NULL) { -- if (sktmp == NULL && (sktmp = sk_X509_new_null()) == NULL) { -- X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE); -- ctx->error = X509_V_ERR_OUT_OF_MEM; -- return 0; -- } -- for (i = 0; i < sk_X509_num(dane->certs); ++i) { -- if (!sk_X509_push(sktmp, sk_X509_value(dane->certs, i))) { -- sk_X509_free(sktmp); -- X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE); -- ctx->error = X509_V_ERR_OUT_OF_MEM; -- return 0; -- } -- } -- } -- -- /* -- * Still absurdly large, but arithmetically safe, a lower hard upper bound -- * might be reasonable. -- */ -- if (ctx->param->depth > INT_MAX/2) -- ctx->param->depth = INT_MAX/2; -- -- /* -- * Try to Extend the chain until we reach an ultimately trusted issuer. -- * Build chains up to one longer the limit, later fail if we hit the limit, -- * with an X509_V_ERR_CERT_CHAIN_TOO_LONG error code. -- */ -- depth = ctx->param->depth + 1; -- -- while (search != 0) { -- X509 *x; -- X509 *xtmp = NULL; -- -- /* -- * Look in the trust store if enabled for first lookup, or we've run -- * out of untrusted issuers and search here is not disabled. When we -- * reach the depth limit, we stop extending the chain, if by that point -- * we've not found a trust-anchor, any trusted chain would be too long. -- * -- * The error reported to the application verify callback is at the -- * maximal valid depth with the current certificate equal to the last -- * not ultimately-trusted issuer. For example, with verify_depth = 0, -- * the callback will report errors at depth=1 when the immediate issuer -- * of the leaf certificate is not a trust anchor. No attempt will be -- * made to locate an issuer for that certificate, since such a chain -- * would be a-priori too long. -- */ -- if ((search & S_DOTRUSTED) != 0) { -- i = num = sk_X509_num(ctx->chain); -- if ((search & S_DOALTERNATE) != 0) { -- /* -- * As high up the chain as we can, look for an alternative -- * trusted issuer of an untrusted certificate that currently -- * has an untrusted issuer. We use the alt_untrusted variable -- * to track how far up the chain we find the first match. It -- * is only if and when we find a match, that we prune the chain -- * and reset ctx->num_untrusted to the reduced count of -- * untrusted certificates. While we're searching for such a -- * match (which may never be found), it is neither safe nor -- * wise to preemptively modify either the chain or -- * ctx->num_untrusted. -- * -- * Note, like ctx->num_untrusted, alt_untrusted is a count of -- * untrusted certificates, not a "depth". -- */ -- i = alt_untrusted; -- } -- x = sk_X509_value(ctx->chain, i-1); -- -- ok = (depth < num) ? 0 : get_issuer(&xtmp, ctx, x); -- -- if (ok < 0) { -- trust = X509_TRUST_REJECTED; -- ctx->error = X509_V_ERR_STORE_LOOKUP; -- search = 0; -- continue; -- } -- -- if (ok > 0) { -- /* -- * Alternative trusted issuer for a mid-chain untrusted cert? -- * Pop the untrusted cert's successors and retry. We might now -- * be able to complete a valid chain via the trust store. Note -- * that despite the current trust-store match we might still -- * fail complete the chain to a suitable trust-anchor, in which -- * case we may prune some more untrusted certificates and try -- * again. Thus the S_DOALTERNATE bit may yet be turned on -- * again with an even shorter untrusted chain! -- * -- * If in the process we threw away our matching PKIX-TA trust -- * anchor, reset DANE trust. We might find a suitable trusted -- * certificate among the ones from the trust store. -- */ -- if ((search & S_DOALTERNATE) != 0) { -- OPENSSL_assert(num > i && i > 0 && ss == 0); -- search &= ~S_DOALTERNATE; -- for (; num > i; --num) -- X509_free(sk_X509_pop(ctx->chain)); -- ctx->num_untrusted = num; -- -- if (DANETLS_ENABLED(dane) && -- dane->mdpth >= ctx->num_untrusted) { -- dane->mdpth = -1; -- X509_free(dane->mcert); -- dane->mcert = NULL; -- } -- if (DANETLS_ENABLED(dane) && -- dane->pdpth >= ctx->num_untrusted) -- dane->pdpth = -1; -- } -- -- /* -- * Self-signed untrusted certificates get replaced by their -- * trusted matching issuer. Otherwise, grow the chain. -- */ -- if (ss == 0) { -- if (!sk_X509_push(ctx->chain, x = xtmp)) { -- X509_free(xtmp); -- X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE); -- trust = X509_TRUST_REJECTED; -- ctx->error = X509_V_ERR_OUT_OF_MEM; -- search = 0; -- continue; -- } -- ss = cert_self_signed(x); -- } else if (num == ctx->num_untrusted) { -- /* -- * We have a self-signed certificate that has the same -- * subject name (and perhaps keyid and/or serial number) as -- * a trust-anchor. We must have an exact match to avoid -- * possible impersonation via key substitution etc. -- */ -- if (X509_cmp(x, xtmp) != 0) { -- /* Self-signed untrusted mimic. */ -- X509_free(xtmp); -- ok = 0; -- } else { -- X509_free(x); -- ctx->num_untrusted = --num; -- (void) sk_X509_set(ctx->chain, num, x = xtmp); -- } -- } -- -- /* -- * We've added a new trusted certificate to the chain, recheck -- * trust. If not done, and not self-signed look deeper. -- * Whether or not we're doing "trusted first", we no longer -- * look for untrusted certificates from the peer's chain. -- * -- * At this point ctx->num_trusted and num must reflect the -- * correct number of untrusted certificates, since the DANE -- * logic in check_trust() depends on distinguishing CAs from -- * "the wire" from CAs from the trust store. In particular, the -- * certificate at depth "num" should be the new trusted -- * certificate with ctx->num_untrusted <= num. -- */ -- if (ok) { -- OPENSSL_assert(ctx->num_untrusted <= num); -- search &= ~S_DOUNTRUSTED; -- switch (trust = check_trust(ctx, num)) { -- case X509_TRUST_TRUSTED: -- case X509_TRUST_REJECTED: -- search = 0; -- continue; -- } -- if (ss == 0) -- continue; -- } -- } -- -- /* -- * No dispositive decision, and either self-signed or no match, if -- * we were doing untrusted-first, and alt-chains are not disabled, -- * do that, by repeatedly losing one untrusted element at a time, -- * and trying to extend the shorted chain. -- */ -- if ((search & S_DOUNTRUSTED) == 0) { -- /* Continue search for a trusted issuer of a shorter chain? */ -- if ((search & S_DOALTERNATE) != 0 && --alt_untrusted > 0) -- continue; -- /* Still no luck and no fallbacks left? */ -- if (!may_alternate || (search & S_DOALTERNATE) != 0 || -- ctx->num_untrusted < 2) -- break; -- /* Search for a trusted issuer of a shorter chain */ -- search |= S_DOALTERNATE; -- alt_untrusted = ctx->num_untrusted - 1; -- ss = 0; -- } -- } -- -- /* -- * Extend chain with peer-provided certificates -- */ -- if ((search & S_DOUNTRUSTED) != 0) { -- num = sk_X509_num(ctx->chain); -- OPENSSL_assert(num == ctx->num_untrusted); -- x = sk_X509_value(ctx->chain, num-1); -- -- /* -- * Once we run out of untrusted issuers, we stop looking for more -- * and start looking only in the trust store if enabled. -- */ -- xtmp = (ss || depth < num) ? NULL : find_issuer(ctx, sktmp, x); -- if (xtmp == NULL) { -- search &= ~S_DOUNTRUSTED; -- if (may_trusted) -- search |= S_DOTRUSTED; -- continue; -- } -- -- /* Drop this issuer from future consideration */ -- (void) sk_X509_delete_ptr(sktmp, xtmp); -- -- if (!sk_X509_push(ctx->chain, xtmp)) { -- X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE); -- trust = X509_TRUST_REJECTED; -- ctx->error = X509_V_ERR_OUT_OF_MEM; -- search = 0; -- continue; -- } -- -- X509_up_ref(x = xtmp); -- ++ctx->num_untrusted; -- ss = cert_self_signed(xtmp); -- -- /* -- * Check for DANE-TA trust of the topmost untrusted certificate. -- */ -- switch (trust = check_dane_issuer(ctx, ctx->num_untrusted - 1)) { -- case X509_TRUST_TRUSTED: -- case X509_TRUST_REJECTED: -- search = 0; -- continue; -- } -- } -- } -- sk_X509_free(sktmp); -- -- /* -- * Last chance to make a trusted chain, either bare DANE-TA public-key -- * signers, or else direct leaf PKIX trust. -- */ -- num = sk_X509_num(ctx->chain); -- if (num <= depth) { -- if (trust == X509_TRUST_UNTRUSTED && DANETLS_HAS_DANE_TA(dane)) -- trust = check_dane_pkeys(ctx); -- if (trust == X509_TRUST_UNTRUSTED && num == ctx->num_untrusted) -- trust = check_trust(ctx, num); -- } -- -- switch (trust) { -- case X509_TRUST_TRUSTED: -- return 1; -- case X509_TRUST_REJECTED: -- /* Callback already issued */ -- return 0; -- case X509_TRUST_UNTRUSTED: -- default: -- num = sk_X509_num(ctx->chain); -- if (num > depth) -- return verify_cb_cert(ctx, NULL, num-1, -- X509_V_ERR_CERT_CHAIN_TOO_LONG); -- if (DANETLS_ENABLED(dane) && -- (!DANETLS_HAS_PKIX(dane) || dane->pdpth >= 0)) -- return verify_cb_cert(ctx, NULL, num-1, X509_V_ERR_DANE_NO_MATCH); -- if (ss && sk_X509_num(ctx->chain) == 1) -- return verify_cb_cert(ctx, NULL, num-1, -- X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT); -- if (ss) -- return verify_cb_cert(ctx, NULL, num-1, -- X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN); -- if (ctx->num_untrusted < num) -- return verify_cb_cert(ctx, NULL, num-1, -- X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT); -- return verify_cb_cert(ctx, NULL, num-1, -- X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY); -- } --} -- --static const int minbits_table[] = { 80, 112, 128, 192, 256 }; --static const int NUM_AUTH_LEVELS = OSSL_NELEM(minbits_table); -- --/* -- * Check whether the public key of ``cert`` meets the security level of -- * ``ctx``. -- * -- * Returns 1 on success, 0 otherwise. -- */ --static int check_key_level(X509_STORE_CTX *ctx, X509 *cert) --{ -- EVP_PKEY *pkey = X509_get0_pubkey(cert); -- int level = ctx->param->auth_level; -- -- /* Unsupported or malformed keys are not secure */ -- if (pkey == NULL) -- return 0; -- -- if (level <= 0) -- return 1; -- if (level > NUM_AUTH_LEVELS) -- level = NUM_AUTH_LEVELS; -- -- return EVP_PKEY_security_bits(pkey) >= minbits_table[level - 1]; --} -- --/* -- * Check whether the signature digest algorithm of ``cert`` meets the security -- * level of ``ctx``. Should not be checked for trust anchors (whether -- * self-signed or otherwise). -- * -- * Returns 1 on success, 0 otherwise. -- */ --static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert) --{ -- int nid = X509_get_signature_nid(cert); -- int mdnid = NID_undef; -- int secbits = -1; -- int level = ctx->param->auth_level; -- -- if (level <= 0) -- return 1; -- if (level > NUM_AUTH_LEVELS) -- level = NUM_AUTH_LEVELS; -- -- /* Lookup signature algorithm digest */ -- if (nid && OBJ_find_sigid_algs(nid, &mdnid, NULL)) { -- const EVP_MD *md; -- -- /* Assume 4 bits of collision resistance for each hash octet */ -- if (mdnid != NID_undef && (md = EVP_get_digestbynid(mdnid)) != NULL) -- secbits = EVP_MD_size(md) * 4; -- } -- -- return secbits >= minbits_table[level - 1]; --} -+IMPLEMENT_ASN1_SET_OF(X509_ATTRIBUTE) -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_vpm.c b/Cryptlib/OpenSSL/crypto/x509/x509_vpm.c -index b506722..1ac15a8 100644 ---- a/Cryptlib/OpenSSL/crypto/x509/x509_vpm.c -+++ b/Cryptlib/OpenSSL/crypto/x509/x509_vpm.c -@@ -1,23 +1,72 @@ -+/* x509_vpm.c */ - /* -- * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2004. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include - --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include - #include - #include --#include "internal/x509_int.h" - --#include "x509_lcl.h" -+#include "vpm_int.h" - - /* X509_VERIFY_PARAM functions */ - -@@ -34,7 +83,9 @@ static void str_free(char *s) - OPENSSL_free(s); - } - --static int int_x509_param_set_hosts(X509_VERIFY_PARAM *vpm, int mode, -+#define string_stack_free(sk) sk_OPENSSL_STRING_pop_free(sk, str_free) -+ -+static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode, - const char *name, size_t namelen) - { - char *copy; -@@ -50,28 +101,28 @@ static int int_x509_param_set_hosts(X509_VERIFY_PARAM *vpm, int mode, - if (namelen > 0 && name[namelen - 1] == '\0') - --namelen; - -- if (mode == SET_HOST) { -- sk_OPENSSL_STRING_pop_free(vpm->hosts, str_free); -- vpm->hosts = NULL; -+ if (mode == SET_HOST && id->hosts) { -+ string_stack_free(id->hosts); -+ id->hosts = NULL; - } - if (name == NULL || namelen == 0) - return 1; - -- copy = OPENSSL_strndup(name, namelen); -+ copy = BUF_strndup(name, namelen); - if (copy == NULL) - return 0; - -- if (vpm->hosts == NULL && -- (vpm->hosts = sk_OPENSSL_STRING_new_null()) == NULL) { -+ if (id->hosts == NULL && -+ (id->hosts = sk_OPENSSL_STRING_new_null()) == NULL) { - OPENSSL_free(copy); - return 0; - } - -- if (!sk_OPENSSL_STRING_push(vpm->hosts, copy)) { -+ if (!sk_OPENSSL_STRING_push(id->hosts, copy)) { - OPENSSL_free(copy); -- if (sk_OPENSSL_STRING_num(vpm->hosts) == 0) { -- sk_OPENSSL_STRING_free(vpm->hosts); -- vpm->hosts = NULL; -+ if (sk_OPENSSL_STRING_num(id->hosts) == 0) { -+ sk_OPENSSL_STRING_free(id->hosts); -+ id->hosts = NULL; - } - return 0; - } -@@ -81,48 +132,75 @@ static int int_x509_param_set_hosts(X509_VERIFY_PARAM *vpm, int mode, - - static void x509_verify_param_zero(X509_VERIFY_PARAM *param) - { -+ X509_VERIFY_PARAM_ID *paramid; - if (!param) - return; - param->name = NULL; - param->purpose = 0; -- param->trust = X509_TRUST_DEFAULT; -+ param->trust = 0; - /* - * param->inh_flags = X509_VP_FLAG_DEFAULT; - */ - param->inh_flags = 0; - param->flags = 0; - param->depth = -1; -- param->auth_level = -1; /* -1 means unset, 0 is explicit */ -- sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); -- param->policies = NULL; -- sk_OPENSSL_STRING_pop_free(param->hosts, str_free); -- param->hosts = NULL; -- OPENSSL_free(param->peername); -- param->peername = NULL; -- OPENSSL_free(param->email); -- param->email = NULL; -- param->emaillen = 0; -- OPENSSL_free(param->ip); -- param->ip = NULL; -- param->iplen = 0; -+ if (param->policies) { -+ sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); -+ param->policies = NULL; -+ } -+ paramid = param->id; -+ if (paramid->hosts) { -+ string_stack_free(paramid->hosts); -+ paramid->hosts = NULL; -+ } -+ if (paramid->peername) -+ OPENSSL_free(paramid->peername); -+ paramid->peername = NULL; -+ if (paramid->email) { -+ OPENSSL_free(paramid->email); -+ paramid->email = NULL; -+ paramid->emaillen = 0; -+ } -+ if (paramid->ip) { -+ OPENSSL_free(paramid->ip); -+ paramid->ip = NULL; -+ paramid->iplen = 0; -+ } - } - - X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) - { - X509_VERIFY_PARAM *param; -+ X509_VERIFY_PARAM_ID *paramid; - -- param = OPENSSL_zalloc(sizeof(*param)); -- if (param == NULL) -+ param = OPENSSL_malloc(sizeof *param); -+ if (!param) - return NULL; -+ memset(param, 0, sizeof(*param)); -+ -+ paramid = OPENSSL_malloc(sizeof(*paramid)); -+ if (!paramid) { -+ OPENSSL_free(param); -+ return NULL; -+ } -+ memset(paramid, 0, sizeof(*paramid)); -+ /* Exotic platforms may have non-zero bit representation of NULL */ -+ paramid->hosts = NULL; -+ paramid->peername = NULL; -+ paramid->email = NULL; -+ paramid->ip = NULL; -+ -+ param->id = paramid; - x509_verify_param_zero(param); - return param; - } - - void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param) - { -- if (!param) -+ if (param == NULL) - return; - x509_verify_param_zero(param); -+ OPENSSL_free(param->id); - OPENSSL_free(param); - } - -@@ -164,6 +242,11 @@ void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param) - (to_overwrite || \ - ((src->field != def) && (to_default || (dest->field == def)))) - -+/* As above but for ID fields */ -+ -+#define test_x509_verify_param_copy_id(idf, def) \ -+ test_x509_verify_param_copy(id->idf, def) -+ - /* Macro to test and copy a field if necessary */ - - #define x509_verify_param_copy(field, def) \ -@@ -175,8 +258,10 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, - { - unsigned long inh_flags; - int to_default, to_overwrite; -+ X509_VERIFY_PARAM_ID *id; - if (!src) - return 1; -+ id = src->id; - inh_flags = dest->inh_flags | src->inh_flags; - - if (inh_flags & X509_VP_FLAG_ONCE) -@@ -196,9 +281,8 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, - to_overwrite = 0; - - x509_verify_param_copy(purpose, 0); -- x509_verify_param_copy(trust, X509_TRUST_DEFAULT); -+ x509_verify_param_copy(trust, 0); - x509_verify_param_copy(depth, -1); -- x509_verify_param_copy(auth_level, -1); - - /* If overwrite or check time not set, copy across */ - -@@ -219,25 +303,27 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, - } - - /* Copy the host flags if and only if we're copying the host list */ -- if (test_x509_verify_param_copy(hosts, NULL)) { -- sk_OPENSSL_STRING_pop_free(dest->hosts, str_free); -- dest->hosts = NULL; -- if (src->hosts) { -- dest->hosts = -- sk_OPENSSL_STRING_deep_copy(src->hosts, str_copy, str_free); -- if (dest->hosts == NULL) -+ if (test_x509_verify_param_copy_id(hosts, NULL)) { -+ if (dest->id->hosts) { -+ string_stack_free(dest->id->hosts); -+ dest->id->hosts = NULL; -+ } -+ if (id->hosts) { -+ dest->id->hosts = -+ sk_OPENSSL_STRING_deep_copy(id->hosts, str_copy, str_free); -+ if (dest->id->hosts == NULL) - return 0; -- dest->hostflags = src->hostflags; -+ dest->id->hostflags = id->hostflags; - } - } - -- if (test_x509_verify_param_copy(email, NULL)) { -- if (!X509_VERIFY_PARAM_set1_email(dest, src->email, src->emaillen)) -+ if (test_x509_verify_param_copy_id(email, NULL)) { -+ if (!X509_VERIFY_PARAM_set1_email(dest, id->email, id->emaillen)) - return 0; - } - -- if (test_x509_verify_param_copy(ip, NULL)) { -- if (!X509_VERIFY_PARAM_set1_ip(dest, src->ip, src->iplen)) -+ if (test_x509_verify_param_copy_id(ip, NULL)) { -+ if (!X509_VERIFY_PARAM_set1_ip(dest, id->ip, id->iplen)) - return 0; - } - -@@ -260,27 +346,30 @@ static int int_x509_param_set1(char **pdest, size_t *pdestlen, - { - void *tmp; - if (src) { -- if (srclen == 0) -+ if (srclen == 0) { -+ tmp = BUF_strdup(src); - srclen = strlen(src); -- -- tmp = OPENSSL_memdup(src, srclen); -- if (tmp == NULL) -+ } else -+ tmp = BUF_memdup(src, srclen); -+ if (!tmp) - return 0; - } else { - tmp = NULL; - srclen = 0; - } -- OPENSSL_free(*pdest); -+ if (*pdest) -+ OPENSSL_free(*pdest); - *pdest = tmp; -- if (pdestlen != NULL) -+ if (pdestlen) - *pdestlen = srclen; - return 1; - } - - int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name) - { -- OPENSSL_free(param->name); -- param->name = OPENSSL_strdup(name); -+ if (param->name) -+ OPENSSL_free(param->name); -+ param->name = BUF_strdup(name); - if (param->name) - return 1; - return 0; -@@ -306,17 +395,6 @@ unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param) - return param->flags; - } - --uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param) --{ -- return param->inh_flags; --} -- --int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param, uint32_t flags) --{ -- param->inh_flags = flags; -- return 1; --} -- - int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose) - { - return X509_PURPOSE_set(¶m->purpose, purpose); -@@ -332,16 +410,6 @@ void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth) - param->depth = depth; - } - --void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, int auth_level) --{ -- param->auth_level = auth_level; --} -- --time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param) --{ -- return param->check_time; --} -- - void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t) - { - param->check_time = t; -@@ -366,10 +434,10 @@ int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, - { - int i; - ASN1_OBJECT *oid, *doid; -- - if (!param) - return 0; -- sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); -+ if (param->policies) -+ sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); - - if (!policies) { - param->policies = NULL; -@@ -397,48 +465,30 @@ int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, - int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, - const char *name, size_t namelen) - { -- return int_x509_param_set_hosts(param, SET_HOST, name, namelen); -+ return int_x509_param_set_hosts(param->id, SET_HOST, name, namelen); - } - - int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, - const char *name, size_t namelen) - { -- return int_x509_param_set_hosts(param, ADD_HOST, name, namelen); -+ return int_x509_param_set_hosts(param->id, ADD_HOST, name, namelen); - } - - void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, - unsigned int flags) - { -- param->hostflags = flags; -+ param->id->hostflags = flags; - } - - char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param) - { -- return param->peername; --} -- --/* -- * Move peername from one param structure to another, freeing any name present -- * at the target. If the source is a NULL parameter structure, free and zero -- * the target peername. -- */ --void X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM *to, -- X509_VERIFY_PARAM *from) --{ -- char *peername = (from != NULL) ? from->peername : NULL; -- -- if (to->peername != peername) { -- OPENSSL_free(to->peername); -- to->peername = peername; -- } -- if (from) -- from->peername = NULL; -+ return param->id->peername; - } - - int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, - const char *email, size_t emaillen) - { -- return int_x509_param_set1(¶m->email, ¶m->emaillen, -+ return int_x509_param_set1(¶m->id->email, ¶m->id->emaillen, - email, emaillen); - } - -@@ -447,7 +497,7 @@ int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, - { - if (iplen != 0 && iplen != 4 && iplen != 16) - return 0; -- return int_x509_param_set1((char **)¶m->ip, ¶m->iplen, -+ return int_x509_param_set1((char **)¶m->id->ip, ¶m->id->iplen, - (char *)ip, iplen); - } - -@@ -467,17 +517,14 @@ int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param) - return param->depth; - } - --int X509_VERIFY_PARAM_get_auth_level(const X509_VERIFY_PARAM *param) --{ -- return param->auth_level; --} -- - const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param) - { - return param->name; - } - --#define vpm_empty_id NULL, 0U, NULL, NULL, 0, NULL, 0 -+static X509_VERIFY_PARAM_ID _empty_id = { NULL, 0U, NULL, NULL, 0, NULL, 0 }; -+ -+#define vpm_empty_id (X509_VERIFY_PARAM_ID *)&_empty_id - - /* - * Default verify parameters: these are used for various applications and can -@@ -490,11 +537,10 @@ static const X509_VERIFY_PARAM default_table[] = { - "default", /* X509 default parameters */ - 0, /* Check time */ - 0, /* internal flags */ -- X509_V_FLAG_TRUSTED_FIRST, /* flags */ -+ 0, /* flags */ - 0, /* purpose */ - 0, /* trust */ - 100, /* depth */ -- -1, /* auth_level */ - NULL, /* policies */ - vpm_empty_id}, - { -@@ -505,7 +551,6 @@ static const X509_VERIFY_PARAM default_table[] = { - X509_PURPOSE_SMIME_SIGN, /* purpose */ - X509_TRUST_EMAIL, /* trust */ - -1, /* depth */ -- -1, /* auth_level */ - NULL, /* policies */ - vpm_empty_id}, - { -@@ -516,7 +561,6 @@ static const X509_VERIFY_PARAM default_table[] = { - X509_PURPOSE_SMIME_SIGN, /* purpose */ - X509_TRUST_EMAIL, /* trust */ - -1, /* depth */ -- -1, /* auth_level */ - NULL, /* policies */ - vpm_empty_id}, - { -@@ -527,7 +571,6 @@ static const X509_VERIFY_PARAM default_table[] = { - X509_PURPOSE_SSL_CLIENT, /* purpose */ - X509_TRUST_SSL_CLIENT, /* trust */ - -1, /* depth */ -- -1, /* auth_level */ - NULL, /* policies */ - vpm_empty_id}, - { -@@ -538,7 +581,6 @@ static const X509_VERIFY_PARAM default_table[] = { - X509_PURPOSE_SSL_SERVER, /* purpose */ - X509_TRUST_SSL_SERVER, /* trust */ - -1, /* depth */ -- -1, /* auth_level */ - NULL, /* policies */ - vpm_empty_id} - }; -@@ -563,9 +605,9 @@ int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param) - { - int idx; - X509_VERIFY_PARAM *ptmp; -- if (param_table == NULL) { -+ if (!param_table) { - param_table = sk_X509_VERIFY_PARAM_new(param_cmp); -- if (param_table == NULL) -+ if (!param_table) - return 0; - } else { - idx = sk_X509_VERIFY_PARAM_find(param_table, param); -@@ -582,7 +624,7 @@ int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param) - - int X509_VERIFY_PARAM_get_count(void) - { -- int num = OSSL_NELEM(default_table); -+ int num = sizeof(default_table) / sizeof(X509_VERIFY_PARAM); - if (param_table) - num += sk_X509_VERIFY_PARAM_num(param_table); - return num; -@@ -590,7 +632,7 @@ int X509_VERIFY_PARAM_get_count(void) - - const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id) - { -- int num = OSSL_NELEM(default_table); -+ int num = sizeof(default_table) / sizeof(X509_VERIFY_PARAM); - if (id < num) - return default_table + id; - return sk_X509_VERIFY_PARAM_value(param_table, id - num); -@@ -607,11 +649,14 @@ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name) - if (idx != -1) - return sk_X509_VERIFY_PARAM_value(param_table, idx); - } -- return OBJ_bsearch_table(&pm, default_table, OSSL_NELEM(default_table)); -+ return OBJ_bsearch_table(&pm, default_table, -+ sizeof(default_table) / -+ sizeof(X509_VERIFY_PARAM)); - } - - void X509_VERIFY_PARAM_table_cleanup(void) - { -- sk_X509_VERIFY_PARAM_pop_free(param_table, X509_VERIFY_PARAM_free); -+ if (param_table) -+ sk_X509_VERIFY_PARAM_pop_free(param_table, X509_VERIFY_PARAM_free); - param_table = NULL; - } -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509cset.c b/Cryptlib/OpenSSL/crypto/x509/x509cset.c -index 2057859..24ca35b 100644 ---- a/Cryptlib/OpenSSL/crypto/x509/x509cset.c -+++ b/Cryptlib/OpenSSL/crypto/x509/x509cset.c -@@ -1,50 +1,119 @@ -+/* crypto/x509/x509cset.c */ - /* -- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2001. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include - #include --#include "internal/x509_int.h" - - int X509_CRL_set_version(X509_CRL *x, long version) - { - if (x == NULL) - return (0); -- if (x->crl.version == NULL) { -- if ((x->crl.version = ASN1_INTEGER_new()) == NULL) -+ if (x->crl->version == NULL) { -+ if ((x->crl->version = M_ASN1_INTEGER_new()) == NULL) - return (0); - } -- return (ASN1_INTEGER_set(x->crl.version, version)); -+ return (ASN1_INTEGER_set(x->crl->version, version)); - } - - int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name) - { -- if (x == NULL) -+ if ((x == NULL) || (x->crl == NULL)) - return (0); -- return (X509_NAME_set(&x->crl.issuer, name)); -+ return (X509_NAME_set(&x->crl->issuer, name)); - } - --int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm) -+int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm) - { -+ ASN1_TIME *in; -+ - if (x == NULL) -- return 0; -- return x509_set1_time(&x->crl.lastUpdate, tm); -+ return (0); -+ in = x->crl->lastUpdate; -+ if (in != tm) { -+ in = M_ASN1_TIME_dup(tm); -+ if (in != NULL) { -+ M_ASN1_TIME_free(x->crl->lastUpdate); -+ x->crl->lastUpdate = in; -+ } -+ } -+ return (in != NULL); - } - --int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm) -+int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm) - { -+ ASN1_TIME *in; -+ - if (x == NULL) -- return 0; -- return x509_set1_time(&x->crl.nextUpdate, tm); -+ return (0); -+ in = x->crl->nextUpdate; -+ if (in != tm) { -+ in = M_ASN1_TIME_dup(tm); -+ if (in != NULL) { -+ M_ASN1_TIME_free(x->crl->nextUpdate); -+ x->crl->nextUpdate = in; -+ } -+ } -+ return (in != NULL); - } - - int X509_CRL_sort(X509_CRL *c) -@@ -54,88 +123,15 @@ int X509_CRL_sort(X509_CRL *c) - /* - * sort the data so it will be written in serial number order - */ -- sk_X509_REVOKED_sort(c->crl.revoked); -- for (i = 0; i < sk_X509_REVOKED_num(c->crl.revoked); i++) { -- r = sk_X509_REVOKED_value(c->crl.revoked, i); -+ sk_X509_REVOKED_sort(c->crl->revoked); -+ for (i = 0; i < sk_X509_REVOKED_num(c->crl->revoked); i++) { -+ r = sk_X509_REVOKED_value(c->crl->revoked, i); - r->sequence = i; - } -- c->crl.enc.modified = 1; -+ c->crl->enc.modified = 1; - return 1; - } - --int X509_CRL_up_ref(X509_CRL *crl) --{ -- int i; -- -- if (CRYPTO_atomic_add(&crl->references, 1, &i, crl->lock) <= 0) -- return 0; -- -- REF_PRINT_COUNT("X509_CRL", crl); -- REF_ASSERT_ISNT(i < 2); -- return ((i > 1) ? 1 : 0); --} -- --long X509_CRL_get_version(const X509_CRL *crl) --{ -- return ASN1_INTEGER_get(crl->crl.version); --} -- --const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl) --{ -- return crl->crl.lastUpdate; --} -- --const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl) --{ -- return crl->crl.nextUpdate; --} -- --#if OPENSSL_API_COMPAT < 0x10100000L --ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl) --{ -- return crl->crl.lastUpdate; --} -- --ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl) --{ -- return crl->crl.nextUpdate; --} --#endif -- --X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl) --{ -- return crl->crl.issuer; --} -- --const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl) --{ -- return crl->crl.extensions; --} -- --STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl) --{ -- return crl->crl.revoked; --} -- --void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, -- const X509_ALGOR **palg) --{ -- if (psig != NULL) -- *psig = &crl->signature; -- if (palg != NULL) -- *palg = &crl->sig_alg; --} -- --int X509_CRL_get_signature_nid(const X509_CRL *crl) --{ -- return OBJ_obj2nid(crl->sig_alg.algorithm); --} -- --const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *x) --{ -- return x->revocationDate; --} -- - int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm) - { - ASN1_TIME *in; -@@ -144,39 +140,28 @@ int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm) - return (0); - in = x->revocationDate; - if (in != tm) { -- in = ASN1_STRING_dup(tm); -+ in = M_ASN1_TIME_dup(tm); - if (in != NULL) { -- ASN1_TIME_free(x->revocationDate); -+ M_ASN1_TIME_free(x->revocationDate); - x->revocationDate = in; - } - } - return (in != NULL); - } - --const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x) --{ -- return &x->serialNumber; --} -- - int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial) - { - ASN1_INTEGER *in; - - if (x == NULL) - return (0); -- in = &x->serialNumber; -- if (in != serial) -- return ASN1_STRING_copy(in, serial); -- return 1; --} -- --const STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(const X509_REVOKED *r) --{ -- return r->extensions; --} -- --int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp) --{ -- crl->crl.enc.modified = 1; -- return i2d_X509_CRL_INFO(&crl->crl, pp); -+ in = x->serialNumber; -+ if (in != serial) { -+ in = M_ASN1_INTEGER_dup(serial); -+ if (in != NULL) { -+ M_ASN1_INTEGER_free(x->serialNumber); -+ x->serialNumber = in; -+ } -+ } -+ return (in != NULL); - } -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509name.c b/Cryptlib/OpenSSL/crypto/x509/x509name.c -index 919d8c1..6ea601f 100644 ---- a/Cryptlib/OpenSSL/crypto/x509/x509name.c -+++ b/Cryptlib/OpenSSL/crypto/x509/x509name.c -@@ -1,20 +1,68 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/x509/x509name.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include - #include --#include "internal/x509_int.h" - - int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len) - { -@@ -26,11 +74,11 @@ int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len) - return (X509_NAME_get_text_by_OBJ(name, obj, buf, len)); - } - --int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, char *buf, -+int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf, - int len) - { - int i; -- const ASN1_STRING *data; -+ ASN1_STRING *data; - - i = X509_NAME_get_index_by_OBJ(name, obj, -1); - if (i < 0) -@@ -44,7 +92,7 @@ int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, char *buf - return (i); - } - --int X509_NAME_entry_count(const X509_NAME *name) -+int X509_NAME_entry_count(X509_NAME *name) - { - if (name == NULL) - return (0); -@@ -61,8 +109,8 @@ int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos) - return (X509_NAME_get_index_by_OBJ(name, obj, lastpos)); - } - --/* NOTE: you should be passing -1, not 0 as lastpos */ --int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int lastpos) -+/* NOTE: you should be passsing -1, not 0 as lastpos */ -+int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int lastpos) - { - int n; - X509_NAME_ENTRY *ne; -@@ -82,7 +130,7 @@ int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int last - return (-1); - } - --X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc) -+X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc) - { - if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc - || loc < 0) -@@ -130,8 +178,8 @@ X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc) - return (ret); - } - --int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type, -- const unsigned char *bytes, int len, int loc, -+int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, -+ unsigned char *bytes, int len, int loc, - int set) - { - X509_NAME_ENTRY *ne; -@@ -145,7 +193,7 @@ int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type - } - - int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, -- const unsigned char *bytes, int len, int loc, -+ unsigned char *bytes, int len, int loc, - int set) - { - X509_NAME_ENTRY *ne; -@@ -176,7 +224,7 @@ int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, - * if set is -1, append to previous set, 0 'a new one', and 1, prepend to the - * guy we are about to stomp on. - */ --int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, int loc, -+int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc, - int set) - { - X509_NAME_ENTRY *new_name = NULL; -@@ -214,11 +262,7 @@ int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, int loc, - inc = (set == 0) ? 1 : 0; - } - -- /* -- * X509_NAME_ENTRY_dup is ASN1 generated code, that can't be easily -- * const'ified; harmless cast as dup() don't modify its input. -- */ -- if ((new_name = X509_NAME_ENTRY_dup((X509_NAME_ENTRY *)ne)) == NULL) -+ if ((new_name = X509_NAME_ENTRY_dup(ne)) == NULL) - goto err; - new_name->set = set; - if (!sk_X509_NAME_ENTRY_insert(sk, new_name, loc)) { -@@ -232,7 +276,8 @@ int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, int loc, - } - return (1); - err: -- X509_NAME_ENTRY_free(new_name); -+ if (new_name != NULL) -+ X509_NAME_ENTRY_free(new_name); - return (0); - } - -@@ -257,8 +302,7 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, - } - - X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, -- int type, -- const unsigned char *bytes, -+ int type, unsigned char *bytes, - int len) - { - ASN1_OBJECT *obj; -@@ -275,7 +319,7 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, - } - - X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, -- const ASN1_OBJECT *obj, int type, -+ ASN1_OBJECT *obj, int type, - const unsigned char *bytes, - int len) - { -@@ -301,7 +345,7 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, - return (NULL); - } - --int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj) -+int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj) - { - if ((ne == NULL) || (obj == NULL)) { - X509err(X509_F_X509_NAME_ENTRY_SET_OBJECT, -@@ -338,21 +382,16 @@ int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, - return (1); - } - --ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne) -+ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne) - { - if (ne == NULL) - return (NULL); - return (ne->object); - } - --ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne) -+ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne) - { - if (ne == NULL) - return (NULL); - return (ne->value); - } -- --int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne) --{ -- return ne->set; --} -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509rset.c b/Cryptlib/OpenSSL/crypto/x509/x509rset.c -index 6dee297..80e273e 100644 ---- a/Cryptlib/OpenSSL/crypto/x509/x509rset.c -+++ b/Cryptlib/OpenSSL/crypto/x509/x509rset.c -@@ -1,40 +1,85 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/x509/x509rset.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include - #include --#include "internal/x509_int.h" - - int X509_REQ_set_version(X509_REQ *x, long version) - { - if (x == NULL) - return (0); -- x->req_info.enc.modified = 1; -- return (ASN1_INTEGER_set(x->req_info.version, version)); -+ return (ASN1_INTEGER_set(x->req_info->version, version)); - } - - int X509_REQ_set_subject_name(X509_REQ *x, X509_NAME *name) - { -- if (x == NULL) -+ if ((x == NULL) || (x->req_info == NULL)) - return (0); -- x->req_info.enc.modified = 1; -- return (X509_NAME_set(&x->req_info.subject, name)); -+ return (X509_NAME_set(&x->req_info->subject, name)); - } - - int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey) - { -- if (x == NULL) -+ if ((x == NULL) || (x->req_info == NULL)) - return (0); -- x->req_info.enc.modified = 1; -- return (X509_PUBKEY_set(&x->req_info.pubkey, pkey)); -+ return (X509_PUBKEY_set(&x->req_info->pubkey, pkey)); - } -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509spki.c b/Cryptlib/OpenSSL/crypto/x509/x509spki.c -index b142485..5ae5d30 100644 ---- a/Cryptlib/OpenSSL/crypto/x509/x509spki.c -+++ b/Cryptlib/OpenSSL/crypto/x509/x509spki.c -@@ -1,14 +1,64 @@ -+/* x509spki.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - - int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey) -@@ -35,7 +85,7 @@ NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str, int len) - NETSCAPE_SPKI *spki; - if (len <= 0) - len = strlen(str); -- if ((spki_der = OPENSSL_malloc(len + 1)) == NULL) { -+ if (!(spki_der = OPENSSL_malloc(len + 1))) { - X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, ERR_R_MALLOC_FAILURE); - return NULL; - } -@@ -61,10 +111,10 @@ char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki) - der_len = i2d_NETSCAPE_SPKI(spki, NULL); - der_spki = OPENSSL_malloc(der_len); - b64_str = OPENSSL_malloc(der_len * 2); -- if (der_spki == NULL || b64_str == NULL) { -- X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE); -+ if (!der_spki || !b64_str) { - OPENSSL_free(der_spki); - OPENSSL_free(b64_str); -+ X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE); - return NULL; - } - p = der_spki; -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509type.c b/Cryptlib/OpenSSL/crypto/x509/x509type.c -index aca8355..9219f75 100644 ---- a/Cryptlib/OpenSSL/crypto/x509/x509type.c -+++ b/Cryptlib/OpenSSL/crypto/x509/x509type.c -@@ -1,35 +1,84 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/x509/x509type.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include - --int X509_certificate_type(const X509 *x, const EVP_PKEY *pkey) -+int X509_certificate_type(X509 *x, EVP_PKEY *pkey) - { -- const EVP_PKEY *pk; -+ EVP_PKEY *pk; - int ret = 0, i; - - if (x == NULL) - return (0); - - if (pkey == NULL) -- pk = X509_get0_pubkey(x); -+ pk = X509_get_pubkey(x); - else - pk = pkey; - - if (pk == NULL) - return (0); - -- switch (EVP_PKEY_id(pk)) { -+ switch (pk->type) { - case EVP_PKEY_RSA: - ret = EVP_PK_RSA | EVP_PKT_SIGN; - /* if (!sign only extension) */ -@@ -44,16 +93,15 @@ int X509_certificate_type(const X509 *x, const EVP_PKEY *pkey) - case EVP_PKEY_DH: - ret = EVP_PK_DH | EVP_PKT_EXCH; - break; -+ case NID_id_GostR3410_94: - case NID_id_GostR3410_2001: -- case NID_id_GostR3410_2012_256: -- case NID_id_GostR3410_2012_512: - ret = EVP_PKT_EXCH | EVP_PKT_SIGN; - break; - default: - break; - } - -- i = X509_get_signature_nid(x); -+ i = OBJ_obj2nid(x->sig_alg->algorithm); - if (i && OBJ_find_sigid_algs(i, NULL, &i)) { - - switch (i) { -@@ -73,5 +121,7 @@ int X509_certificate_type(const X509 *x, const EVP_PKEY *pkey) - } - } - -+ if (pkey == NULL) -+ EVP_PKEY_free(pk); - return (ret); - } -diff --git a/Cryptlib/OpenSSL/crypto/x509/x_all.c b/Cryptlib/OpenSSL/crypto/x509/x_all.c -index 124dd2d..0f26c54 100644 ---- a/Cryptlib/OpenSSL/crypto/x509/x_all.c -+++ b/Cryptlib/OpenSSL/crypto/x509/x_all.c -@@ -1,113 +1,159 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/x509/x_all.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #include - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include - #include --#include "internal/x509_int.h" - #include --#include --#include --#include -+#ifndef OPENSSL_NO_RSA -+# include -+#endif -+#ifndef OPENSSL_NO_DSA -+# include -+#endif - - int X509_verify(X509 *a, EVP_PKEY *r) - { -- if (X509_ALGOR_cmp(&a->sig_alg, &a->cert_info.signature)) -+ if (X509_ALGOR_cmp(a->sig_alg, a->cert_info->signature)) - return 0; -- return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF), &a->sig_alg, -- &a->signature, &a->cert_info, r)); -+ return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF), a->sig_alg, -+ a->signature, a->cert_info, r)); - } - - int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r) - { - return (ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO), -- &a->sig_alg, a->signature, &a->req_info, r)); -+ a->sig_alg, a->signature, a->req_info, r)); - } - - int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r) - { - return (ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC), -- &a->sig_algor, a->signature, a->spkac, r)); -+ a->sig_algor, a->signature, a->spkac, r)); - } - - int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) - { -- x->cert_info.enc.modified = 1; -- return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), &x->cert_info.signature, -- &x->sig_alg, &x->signature, &x->cert_info, pkey, -- md)); -+ x->cert_info->enc.modified = 1; -+ return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info->signature, -+ x->sig_alg, x->signature, x->cert_info, pkey, md)); - } - - int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx) - { -- x->cert_info.enc.modified = 1; -+ x->cert_info->enc.modified = 1; - return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF), -- &x->cert_info.signature, -- &x->sig_alg, &x->signature, &x->cert_info, ctx); -+ x->cert_info->signature, -+ x->sig_alg, x->signature, x->cert_info, ctx); - } - --#ifndef OPENSSL_NO_OCSP - int X509_http_nbio(OCSP_REQ_CTX *rctx, X509 **pcert) - { - return OCSP_REQ_CTX_nbio_d2i(rctx, - (ASN1_VALUE **)pcert, ASN1_ITEM_rptr(X509)); - } --#endif - - int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md) - { -- return (ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO), &x->sig_alg, NULL, -- x->signature, &x->req_info, pkey, md)); -+ return (ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO), x->sig_alg, NULL, -+ x->signature, x->req_info, pkey, md)); - } - - int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx) - { - return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_REQ_INFO), -- &x->sig_alg, NULL, x->signature, &x->req_info, -+ x->sig_alg, NULL, x->signature, x->req_info, - ctx); - } - - int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md) - { -- x->crl.enc.modified = 1; -- return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO), &x->crl.sig_alg, -- &x->sig_alg, &x->signature, &x->crl, pkey, md)); -+ x->crl->enc.modified = 1; -+ return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO), x->crl->sig_alg, -+ x->sig_alg, x->signature, x->crl, pkey, md)); - } - - int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx) - { -- x->crl.enc.modified = 1; -+ x->crl->enc.modified = 1; - return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO), -- &x->crl.sig_alg, &x->sig_alg, &x->signature, -- &x->crl, ctx); -+ x->crl->sig_alg, x->sig_alg, x->signature, -+ x->crl, ctx); - } - --#ifndef OPENSSL_NO_OCSP - int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl) - { - return OCSP_REQ_CTX_nbio_d2i(rctx, - (ASN1_VALUE **)pcrl, - ASN1_ITEM_rptr(X509_CRL)); - } --#endif - - int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md) - { -- return (ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), &x->sig_algor, NULL, -+ return (ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor, NULL, - x->signature, x->spkac, pkey, md)); - } - --#ifndef OPENSSL_NO_STDIO -+#ifndef OPENSSL_NO_FP_API - X509 *d2i_X509_fp(FILE *fp, X509 **x509) - { - return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509); -@@ -129,7 +175,7 @@ int i2d_X509_bio(BIO *bp, X509 *x509) - return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509); - } - --#ifndef OPENSSL_NO_STDIO -+#ifndef OPENSSL_NO_FP_API - X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl) - { - return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl); -@@ -151,7 +197,7 @@ int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl) - return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl); - } - --#ifndef OPENSSL_NO_STDIO -+#ifndef OPENSSL_NO_FP_API - PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7) - { - return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7), fp, p7); -@@ -173,7 +219,7 @@ int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7) - return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7); - } - --#ifndef OPENSSL_NO_STDIO -+#ifndef OPENSSL_NO_FP_API - X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req) - { - return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req); -@@ -197,7 +243,7 @@ int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req) - - #ifndef OPENSSL_NO_RSA - --# ifndef OPENSSL_NO_STDIO -+# ifndef OPENSSL_NO_FP_API - RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa) - { - return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa); -@@ -263,7 +309,7 @@ int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa) - #endif - - #ifndef OPENSSL_NO_DSA --# ifndef OPENSSL_NO_STDIO -+# ifndef OPENSSL_NO_FP_API - DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa) - { - return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSAPrivateKey, fp, dsa); -@@ -308,7 +354,7 @@ int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa) - #endif - - #ifndef OPENSSL_NO_EC --# ifndef OPENSSL_NO_STDIO -+# ifndef OPENSSL_NO_FP_API - EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey) - { - return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, fp, eckey); -@@ -363,13 +409,6 @@ int X509_pubkey_digest(const X509 *data, const EVP_MD *type, - int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md, - unsigned int *len) - { -- if (type == EVP_sha1() && (data->ex_flags & EXFLAG_SET) != 0) { -- /* Asking for SHA1 and we already computed it. */ -- if (len != NULL) -- *len = sizeof(data->sha1_hash); -- memcpy(md, data->sha1_hash, sizeof(data->sha1_hash)); -- return 1; -- } - return (ASN1_item_digest - (ASN1_ITEM_rptr(X509), type, (char *)data, md, len)); - } -@@ -377,13 +416,6 @@ int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md, - int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, - unsigned char *md, unsigned int *len) - { -- if (type == EVP_sha1() && (data->flags & EXFLAG_SET) != 0) { -- /* Asking for SHA1; always computed in CRL d2i. */ -- if (len != NULL) -- *len = sizeof(data->sha1_hash); -- memcpy(md, data->sha1_hash, sizeof(data->sha1_hash)); -- return 1; -- } - return (ASN1_item_digest - (ASN1_ITEM_rptr(X509_CRL), type, (char *)data, md, len)); - } -@@ -410,7 +442,7 @@ int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, - (char *)data, md, len)); - } - --#ifndef OPENSSL_NO_STDIO -+#ifndef OPENSSL_NO_FP_API - X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8) - { - return ASN1_d2i_fp_of(X509_SIG, X509_SIG_new, d2i_X509_SIG, fp, p8); -@@ -432,7 +464,7 @@ int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8) - return ASN1_i2d_bio_of(X509_SIG, i2d_X509_SIG, bp, p8); - } - --#ifndef OPENSSL_NO_STDIO -+#ifndef OPENSSL_NO_FP_API - PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, - PKCS8_PRIV_KEY_INFO **p8inf) - { -diff --git a/Cryptlib/OpenSSL/crypto/x509/x_attrib.c b/Cryptlib/OpenSSL/crypto/x509/x_attrib.c -deleted file mode 100644 -index 35f4aee..0000000 ---- a/Cryptlib/OpenSSL/crypto/x509/x_attrib.c -+++ /dev/null -@@ -1,55 +0,0 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include --#include "internal/cryptlib.h" --#include --#include --#include --#include "x509_lcl.h" -- --/*- -- * X509_ATTRIBUTE: this has the following form: -- * -- * typedef struct x509_attributes_st -- * { -- * ASN1_OBJECT *object; -- * STACK_OF(ASN1_TYPE) *set; -- * } X509_ATTRIBUTE; -- * -- */ -- --ASN1_SEQUENCE(X509_ATTRIBUTE) = { -- ASN1_SIMPLE(X509_ATTRIBUTE, object, ASN1_OBJECT), -- ASN1_SET_OF(X509_ATTRIBUTE, set, ASN1_ANY) --} ASN1_SEQUENCE_END(X509_ATTRIBUTE) -- --IMPLEMENT_ASN1_FUNCTIONS(X509_ATTRIBUTE) --IMPLEMENT_ASN1_DUP_FUNCTION(X509_ATTRIBUTE) -- --X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value) --{ -- X509_ATTRIBUTE *ret = NULL; -- ASN1_TYPE *val = NULL; -- -- if ((ret = X509_ATTRIBUTE_new()) == NULL) -- return (NULL); -- ret->object = OBJ_nid2obj(nid); -- if ((val = ASN1_TYPE_new()) == NULL) -- goto err; -- if (!sk_ASN1_TYPE_push(ret->set, val)) -- goto err; -- -- ASN1_TYPE_set(val, atrtype, value); -- return (ret); -- err: -- X509_ATTRIBUTE_free(ret); -- ASN1_TYPE_free(val); -- return (NULL); --} -diff --git a/Cryptlib/OpenSSL/crypto/x509/x_crl.c b/Cryptlib/OpenSSL/crypto/x509/x_crl.c -deleted file mode 100644 -index dbed850..0000000 ---- a/Cryptlib/OpenSSL/crypto/x509/x_crl.c -+++ /dev/null -@@ -1,459 +0,0 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include --#include "internal/cryptlib.h" --#include --#include --#include "internal/x509_int.h" --#include --#include "x509_lcl.h" -- --static int X509_REVOKED_cmp(const X509_REVOKED *const *a, -- const X509_REVOKED *const *b); --static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp); -- --ASN1_SEQUENCE(X509_REVOKED) = { -- ASN1_EMBED(X509_REVOKED,serialNumber, ASN1_INTEGER), -- ASN1_SIMPLE(X509_REVOKED,revocationDate, ASN1_TIME), -- ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION) --} ASN1_SEQUENCE_END(X509_REVOKED) -- --static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r); --static int def_crl_lookup(X509_CRL *crl, -- X509_REVOKED **ret, ASN1_INTEGER *serial, -- X509_NAME *issuer); -- --static X509_CRL_METHOD int_crl_meth = { -- 0, -- 0, 0, -- def_crl_lookup, -- def_crl_verify --}; -- --static const X509_CRL_METHOD *default_crl_method = &int_crl_meth; -- --/* -- * The X509_CRL_INFO structure needs a bit of customisation. Since we cache -- * the original encoding the signature won't be affected by reordering of the -- * revoked field. -- */ --static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, -- void *exarg) --{ -- X509_CRL_INFO *a = (X509_CRL_INFO *)*pval; -- -- if (!a || !a->revoked) -- return 1; -- switch (operation) { -- /* -- * Just set cmp function here. We don't sort because that would -- * affect the output of X509_CRL_print(). -- */ -- case ASN1_OP_D2I_POST: -- (void)sk_X509_REVOKED_set_cmp_func(a->revoked, X509_REVOKED_cmp); -- break; -- } -- return 1; --} -- -- --ASN1_SEQUENCE_enc(X509_CRL_INFO, enc, crl_inf_cb) = { -- ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER), -- ASN1_EMBED(X509_CRL_INFO, sig_alg, X509_ALGOR), -- ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME), -- ASN1_SIMPLE(X509_CRL_INFO, lastUpdate, ASN1_TIME), -- ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME), -- ASN1_SEQUENCE_OF_OPT(X509_CRL_INFO, revoked, X509_REVOKED), -- ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0) --} ASN1_SEQUENCE_END_enc(X509_CRL_INFO, X509_CRL_INFO) -- --/* -- * Set CRL entry issuer according to CRL certificate issuer extension. Check -- * for unhandled critical CRL entry extensions. -- */ -- --static int crl_set_issuers(X509_CRL *crl) --{ -- -- int i, j; -- GENERAL_NAMES *gens, *gtmp; -- STACK_OF(X509_REVOKED) *revoked; -- -- revoked = X509_CRL_get_REVOKED(crl); -- -- gens = NULL; -- for (i = 0; i < sk_X509_REVOKED_num(revoked); i++) { -- X509_REVOKED *rev = sk_X509_REVOKED_value(revoked, i); -- STACK_OF(X509_EXTENSION) *exts; -- ASN1_ENUMERATED *reason; -- X509_EXTENSION *ext; -- gtmp = X509_REVOKED_get_ext_d2i(rev, -- NID_certificate_issuer, &j, NULL); -- if (!gtmp && (j != -1)) { -- crl->flags |= EXFLAG_INVALID; -- return 1; -- } -- -- if (gtmp) { -- gens = gtmp; -- if (!crl->issuers) { -- crl->issuers = sk_GENERAL_NAMES_new_null(); -- if (!crl->issuers) -- return 0; -- } -- if (!sk_GENERAL_NAMES_push(crl->issuers, gtmp)) -- return 0; -- } -- rev->issuer = gens; -- -- reason = X509_REVOKED_get_ext_d2i(rev, NID_crl_reason, &j, NULL); -- if (!reason && (j != -1)) { -- crl->flags |= EXFLAG_INVALID; -- return 1; -- } -- -- if (reason) { -- rev->reason = ASN1_ENUMERATED_get(reason); -- ASN1_ENUMERATED_free(reason); -- } else -- rev->reason = CRL_REASON_NONE; -- -- /* Check for critical CRL entry extensions */ -- -- exts = rev->extensions; -- -- for (j = 0; j < sk_X509_EXTENSION_num(exts); j++) { -- ext = sk_X509_EXTENSION_value(exts, j); -- if (X509_EXTENSION_get_critical(ext)) { -- if (OBJ_obj2nid(X509_EXTENSION_get_object(ext)) == NID_certificate_issuer) -- continue; -- crl->flags |= EXFLAG_CRITICAL; -- break; -- } -- } -- -- } -- -- return 1; -- --} -- --/* -- * The X509_CRL structure needs a bit of customisation. Cache some extensions -- * and hash of the whole CRL. -- */ --static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, -- void *exarg) --{ -- X509_CRL *crl = (X509_CRL *)*pval; -- STACK_OF(X509_EXTENSION) *exts; -- X509_EXTENSION *ext; -- int idx; -- -- switch (operation) { -- case ASN1_OP_NEW_POST: -- crl->idp = NULL; -- crl->akid = NULL; -- crl->flags = 0; -- crl->idp_flags = 0; -- crl->idp_reasons = CRLDP_ALL_REASONS; -- crl->meth = default_crl_method; -- crl->meth_data = NULL; -- crl->issuers = NULL; -- crl->crl_number = NULL; -- crl->base_crl_number = NULL; -- break; -- -- case ASN1_OP_D2I_POST: -- X509_CRL_digest(crl, EVP_sha1(), crl->sha1_hash, NULL); -- crl->idp = X509_CRL_get_ext_d2i(crl, -- NID_issuing_distribution_point, NULL, -- NULL); -- if (crl->idp) -- setup_idp(crl, crl->idp); -- -- crl->akid = X509_CRL_get_ext_d2i(crl, -- NID_authority_key_identifier, NULL, -- NULL); -- -- crl->crl_number = X509_CRL_get_ext_d2i(crl, -- NID_crl_number, NULL, NULL); -- -- crl->base_crl_number = X509_CRL_get_ext_d2i(crl, -- NID_delta_crl, NULL, -- NULL); -- /* Delta CRLs must have CRL number */ -- if (crl->base_crl_number && !crl->crl_number) -- crl->flags |= EXFLAG_INVALID; -- -- /* -- * See if we have any unhandled critical CRL extensions and indicate -- * this in a flag. We only currently handle IDP so anything else -- * critical sets the flag. This code accesses the X509_CRL structure -- * directly: applications shouldn't do this. -- */ -- -- exts = crl->crl.extensions; -- -- for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++) { -- int nid; -- ext = sk_X509_EXTENSION_value(exts, idx); -- nid = OBJ_obj2nid(X509_EXTENSION_get_object(ext)); -- if (nid == NID_freshest_crl) -- crl->flags |= EXFLAG_FRESHEST; -- if (X509_EXTENSION_get_critical(ext)) { -- /* We handle IDP and deltas */ -- if ((nid == NID_issuing_distribution_point) -- || (nid == NID_authority_key_identifier) -- || (nid == NID_delta_crl)) -- continue; -- crl->flags |= EXFLAG_CRITICAL; -- break; -- } -- } -- -- if (!crl_set_issuers(crl)) -- return 0; -- -- if (crl->meth->crl_init) { -- if (crl->meth->crl_init(crl) == 0) -- return 0; -- } -- -- crl->flags |= EXFLAG_SET; -- break; -- -- case ASN1_OP_FREE_POST: -- if (crl->meth->crl_free) { -- if (!crl->meth->crl_free(crl)) -- return 0; -- } -- AUTHORITY_KEYID_free(crl->akid); -- ISSUING_DIST_POINT_free(crl->idp); -- ASN1_INTEGER_free(crl->crl_number); -- ASN1_INTEGER_free(crl->base_crl_number); -- sk_GENERAL_NAMES_pop_free(crl->issuers, GENERAL_NAMES_free); -- break; -- } -- return 1; --} -- --/* Convert IDP into a more convenient form */ -- --static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp) --{ -- int idp_only = 0; -- /* Set various flags according to IDP */ -- crl->idp_flags |= IDP_PRESENT; -- if (idp->onlyuser > 0) { -- idp_only++; -- crl->idp_flags |= IDP_ONLYUSER; -- } -- if (idp->onlyCA > 0) { -- idp_only++; -- crl->idp_flags |= IDP_ONLYCA; -- } -- if (idp->onlyattr > 0) { -- idp_only++; -- crl->idp_flags |= IDP_ONLYATTR; -- } -- -- if (idp_only > 1) -- crl->idp_flags |= IDP_INVALID; -- -- if (idp->indirectCRL > 0) -- crl->idp_flags |= IDP_INDIRECT; -- -- if (idp->onlysomereasons) { -- crl->idp_flags |= IDP_REASONS; -- if (idp->onlysomereasons->length > 0) -- crl->idp_reasons = idp->onlysomereasons->data[0]; -- if (idp->onlysomereasons->length > 1) -- crl->idp_reasons |= (idp->onlysomereasons->data[1] << 8); -- crl->idp_reasons &= CRLDP_ALL_REASONS; -- } -- -- DIST_POINT_set_dpname(idp->distpoint, X509_CRL_get_issuer(crl)); --} -- --ASN1_SEQUENCE_ref(X509_CRL, crl_cb) = { -- ASN1_EMBED(X509_CRL, crl, X509_CRL_INFO), -- ASN1_EMBED(X509_CRL, sig_alg, X509_ALGOR), -- ASN1_EMBED(X509_CRL, signature, ASN1_BIT_STRING) --} ASN1_SEQUENCE_END_ref(X509_CRL, X509_CRL) -- --IMPLEMENT_ASN1_FUNCTIONS(X509_REVOKED) -- --IMPLEMENT_ASN1_DUP_FUNCTION(X509_REVOKED) -- --IMPLEMENT_ASN1_FUNCTIONS(X509_CRL_INFO) -- --IMPLEMENT_ASN1_FUNCTIONS(X509_CRL) -- --IMPLEMENT_ASN1_DUP_FUNCTION(X509_CRL) -- --static int X509_REVOKED_cmp(const X509_REVOKED *const *a, -- const X509_REVOKED *const *b) --{ -- return (ASN1_STRING_cmp((ASN1_STRING *)&(*a)->serialNumber, -- (ASN1_STRING *)&(*b)->serialNumber)); --} -- --int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev) --{ -- X509_CRL_INFO *inf; -- inf = &crl->crl; -- if (inf->revoked == NULL) -- inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp); -- if (inf->revoked == NULL || !sk_X509_REVOKED_push(inf->revoked, rev)) { -- ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE); -- return 0; -- } -- inf->enc.modified = 1; -- return 1; --} -- --int X509_CRL_verify(X509_CRL *crl, EVP_PKEY *r) --{ -- if (crl->meth->crl_verify) -- return crl->meth->crl_verify(crl, r); -- return 0; --} -- --int X509_CRL_get0_by_serial(X509_CRL *crl, -- X509_REVOKED **ret, ASN1_INTEGER *serial) --{ -- if (crl->meth->crl_lookup) -- return crl->meth->crl_lookup(crl, ret, serial, NULL); -- return 0; --} -- --int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x) --{ -- if (crl->meth->crl_lookup) -- return crl->meth->crl_lookup(crl, ret, -- X509_get_serialNumber(x), -- X509_get_issuer_name(x)); -- return 0; --} -- --static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r) --{ -- return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO), -- &crl->sig_alg, &crl->signature, &crl->crl, r)); --} -- --static int crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm, -- X509_REVOKED *rev) --{ -- int i; -- -- if (!rev->issuer) { -- if (!nm) -- return 1; -- if (!X509_NAME_cmp(nm, X509_CRL_get_issuer(crl))) -- return 1; -- return 0; -- } -- -- if (!nm) -- nm = X509_CRL_get_issuer(crl); -- -- for (i = 0; i < sk_GENERAL_NAME_num(rev->issuer); i++) { -- GENERAL_NAME *gen = sk_GENERAL_NAME_value(rev->issuer, i); -- if (gen->type != GEN_DIRNAME) -- continue; -- if (!X509_NAME_cmp(nm, gen->d.directoryName)) -- return 1; -- } -- return 0; -- --} -- --static int def_crl_lookup(X509_CRL *crl, -- X509_REVOKED **ret, ASN1_INTEGER *serial, -- X509_NAME *issuer) --{ -- X509_REVOKED rtmp, *rev; -- int idx; -- rtmp.serialNumber = *serial; -- /* -- * Sort revoked into serial number order if not already sorted. Do this -- * under a lock to avoid race condition. -- */ -- if (!sk_X509_REVOKED_is_sorted(crl->crl.revoked)) { -- CRYPTO_THREAD_write_lock(crl->lock); -- sk_X509_REVOKED_sort(crl->crl.revoked); -- CRYPTO_THREAD_unlock(crl->lock); -- } -- idx = sk_X509_REVOKED_find(crl->crl.revoked, &rtmp); -- if (idx < 0) -- return 0; -- /* Need to look for matching name */ -- for (; idx < sk_X509_REVOKED_num(crl->crl.revoked); idx++) { -- rev = sk_X509_REVOKED_value(crl->crl.revoked, idx); -- if (ASN1_INTEGER_cmp(&rev->serialNumber, serial)) -- return 0; -- if (crl_revoked_issuer_match(crl, issuer, rev)) { -- if (ret) -- *ret = rev; -- if (rev->reason == CRL_REASON_REMOVE_FROM_CRL) -- return 2; -- return 1; -- } -- } -- return 0; --} -- --void X509_CRL_set_default_method(const X509_CRL_METHOD *meth) --{ -- if (meth == NULL) -- default_crl_method = &int_crl_meth; -- else -- default_crl_method = meth; --} -- --X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl), -- int (*crl_free) (X509_CRL *crl), -- int (*crl_lookup) (X509_CRL *crl, -- X509_REVOKED **ret, -- ASN1_INTEGER *ser, -- X509_NAME *issuer), -- int (*crl_verify) (X509_CRL *crl, -- EVP_PKEY *pk)) --{ -- X509_CRL_METHOD *m; -- m = OPENSSL_malloc(sizeof(*m)); -- if (m == NULL) -- return NULL; -- m->crl_init = crl_init; -- m->crl_free = crl_free; -- m->crl_lookup = crl_lookup; -- m->crl_verify = crl_verify; -- m->flags = X509_CRL_METHOD_DYNAMIC; -- return m; --} -- --void X509_CRL_METHOD_free(X509_CRL_METHOD *m) --{ -- if (m == NULL || !(m->flags & X509_CRL_METHOD_DYNAMIC)) -- return; -- OPENSSL_free(m); --} -- --void X509_CRL_set_meth_data(X509_CRL *crl, void *dat) --{ -- crl->meth_data = dat; --} -- --void *X509_CRL_get_meth_data(X509_CRL *crl) --{ -- return crl->meth_data; --} -diff --git a/Cryptlib/OpenSSL/crypto/x509/x_exten.c b/Cryptlib/OpenSSL/crypto/x509/x_exten.c -deleted file mode 100644 -index f10f4a4..0000000 ---- a/Cryptlib/OpenSSL/crypto/x509/x_exten.c -+++ /dev/null -@@ -1,28 +0,0 @@ --/* -- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include --#include --#include --#include --#include "x509_lcl.h" -- --ASN1_SEQUENCE(X509_EXTENSION) = { -- ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT), -- ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN), -- ASN1_EMBED(X509_EXTENSION, value, ASN1_OCTET_STRING) --} ASN1_SEQUENCE_END(X509_EXTENSION) -- --ASN1_ITEM_TEMPLATE(X509_EXTENSIONS) = -- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Extension, X509_EXTENSION) --ASN1_ITEM_TEMPLATE_END(X509_EXTENSIONS) -- --IMPLEMENT_ASN1_FUNCTIONS(X509_EXTENSION) --IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS) --IMPLEMENT_ASN1_DUP_FUNCTION(X509_EXTENSION) -diff --git a/Cryptlib/OpenSSL/crypto/x509/x_name.c b/Cryptlib/OpenSSL/crypto/x509/x_name.c -deleted file mode 100644 -index 97d735f..0000000 ---- a/Cryptlib/OpenSSL/crypto/x509/x_name.c -+++ /dev/null -@@ -1,557 +0,0 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include --#include --#include "internal/cryptlib.h" --#include --#include --#include "internal/x509_int.h" --#include "internal/asn1_int.h" --#include "x509_lcl.h" -- --/* -- * Maximum length of X509_NAME: much larger than anything we should -- * ever see in practice. -- */ -- --#define X509_NAME_MAX (1024 * 1024) -- --static int x509_name_ex_d2i(ASN1_VALUE **val, -- const unsigned char **in, long len, -- const ASN1_ITEM *it, -- int tag, int aclass, char opt, ASN1_TLC *ctx); -- --static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, -- const ASN1_ITEM *it, int tag, int aclass); --static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it); --static void x509_name_ex_free(ASN1_VALUE **val, const ASN1_ITEM *it); -- --static int x509_name_encode(X509_NAME *a); --static int x509_name_canon(X509_NAME *a); --static int asn1_string_canon(ASN1_STRING *out, const ASN1_STRING *in); --static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) * intname, -- unsigned char **in); -- --static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval, -- int indent, -- const char *fname, const ASN1_PCTX *pctx); -- --ASN1_SEQUENCE(X509_NAME_ENTRY) = { -- ASN1_SIMPLE(X509_NAME_ENTRY, object, ASN1_OBJECT), -- ASN1_SIMPLE(X509_NAME_ENTRY, value, ASN1_PRINTABLE) --} ASN1_SEQUENCE_END(X509_NAME_ENTRY) -- --IMPLEMENT_ASN1_FUNCTIONS(X509_NAME_ENTRY) --IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME_ENTRY) -- --/* -- * For the "Name" type we need a SEQUENCE OF { SET OF X509_NAME_ENTRY } so -- * declare two template wrappers for this -- */ -- --ASN1_ITEM_TEMPLATE(X509_NAME_ENTRIES) = -- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, RDNS, X509_NAME_ENTRY) --static_ASN1_ITEM_TEMPLATE_END(X509_NAME_ENTRIES) -- --ASN1_ITEM_TEMPLATE(X509_NAME_INTERNAL) = -- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Name, X509_NAME_ENTRIES) --static_ASN1_ITEM_TEMPLATE_END(X509_NAME_INTERNAL) -- --/* -- * Normally that's where it would end: we'd have two nested STACK structures -- * representing the ASN1. Unfortunately X509_NAME uses a completely different -- * form and caches encodings so we have to process the internal form and -- * convert to the external form. -- */ -- --static const ASN1_EXTERN_FUNCS x509_name_ff = { -- NULL, -- x509_name_ex_new, -- x509_name_ex_free, -- 0, /* Default clear behaviour is OK */ -- x509_name_ex_d2i, -- x509_name_ex_i2d, -- x509_name_ex_print --}; -- --IMPLEMENT_EXTERN_ASN1(X509_NAME, V_ASN1_SEQUENCE, x509_name_ff) -- --IMPLEMENT_ASN1_FUNCTIONS(X509_NAME) -- --IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME) -- --static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it) --{ -- X509_NAME *ret = OPENSSL_zalloc(sizeof(*ret)); -- -- if (ret == NULL) -- goto memerr; -- if ((ret->entries = sk_X509_NAME_ENTRY_new_null()) == NULL) -- goto memerr; -- if ((ret->bytes = BUF_MEM_new()) == NULL) -- goto memerr; -- ret->modified = 1; -- *val = (ASN1_VALUE *)ret; -- return 1; -- -- memerr: -- ASN1err(ASN1_F_X509_NAME_EX_NEW, ERR_R_MALLOC_FAILURE); -- if (ret) { -- sk_X509_NAME_ENTRY_free(ret->entries); -- OPENSSL_free(ret); -- } -- return 0; --} -- --static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it) --{ -- X509_NAME *a; -- -- if (!pval || !*pval) -- return; -- a = (X509_NAME *)*pval; -- -- BUF_MEM_free(a->bytes); -- sk_X509_NAME_ENTRY_pop_free(a->entries, X509_NAME_ENTRY_free); -- OPENSSL_free(a->canon_enc); -- OPENSSL_free(a); -- *pval = NULL; --} -- --static void local_sk_X509_NAME_ENTRY_free(STACK_OF(X509_NAME_ENTRY) *ne) --{ -- sk_X509_NAME_ENTRY_free(ne); --} -- --static void local_sk_X509_NAME_ENTRY_pop_free(STACK_OF(X509_NAME_ENTRY) *ne) --{ -- sk_X509_NAME_ENTRY_pop_free(ne, X509_NAME_ENTRY_free); --} -- --static int x509_name_ex_d2i(ASN1_VALUE **val, -- const unsigned char **in, long len, -- const ASN1_ITEM *it, int tag, int aclass, -- char opt, ASN1_TLC *ctx) --{ -- const unsigned char *p = *in, *q; -- union { -- STACK_OF(STACK_OF_X509_NAME_ENTRY) *s; -- ASN1_VALUE *a; -- } intname = { -- NULL -- }; -- union { -- X509_NAME *x; -- ASN1_VALUE *a; -- } nm = { -- NULL -- }; -- int i, j, ret; -- STACK_OF(X509_NAME_ENTRY) *entries; -- X509_NAME_ENTRY *entry; -- if (len > X509_NAME_MAX) -- len = X509_NAME_MAX; -- q = p; -- -- /* Get internal representation of Name */ -- ret = ASN1_item_ex_d2i(&intname.a, -- &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -- tag, aclass, opt, ctx); -- -- if (ret <= 0) -- return ret; -- -- if (*val) -- x509_name_ex_free(val, NULL); -- if (!x509_name_ex_new(&nm.a, NULL)) -- goto err; -- /* We've decoded it: now cache encoding */ -- if (!BUF_MEM_grow(nm.x->bytes, p - q)) -- goto err; -- memcpy(nm.x->bytes->data, q, p - q); -- -- /* Convert internal representation to X509_NAME structure */ -- for (i = 0; i < sk_STACK_OF_X509_NAME_ENTRY_num(intname.s); i++) { -- entries = sk_STACK_OF_X509_NAME_ENTRY_value(intname.s, i); -- for (j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) { -- entry = sk_X509_NAME_ENTRY_value(entries, j); -- entry->set = i; -- if (!sk_X509_NAME_ENTRY_push(nm.x->entries, entry)) -- goto err; -- sk_X509_NAME_ENTRY_set(entries, j, NULL); -- } -- } -- ret = x509_name_canon(nm.x); -- if (!ret) -- goto err; -- sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, -- local_sk_X509_NAME_ENTRY_free); -- nm.x->modified = 0; -- *val = nm.a; -- *in = p; -- return ret; -- -- err: -- if (nm.x != NULL) -- X509_NAME_free(nm.x); -- sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, -- local_sk_X509_NAME_ENTRY_pop_free); -- ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR); -- return 0; --} -- --static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, -- const ASN1_ITEM *it, int tag, int aclass) --{ -- int ret; -- X509_NAME *a = (X509_NAME *)*val; -- if (a->modified) { -- ret = x509_name_encode(a); -- if (ret < 0) -- return ret; -- ret = x509_name_canon(a); -- if (ret < 0) -- return ret; -- } -- ret = a->bytes->length; -- if (out != NULL) { -- memcpy(*out, a->bytes->data, ret); -- *out += ret; -- } -- return ret; --} -- --static int x509_name_encode(X509_NAME *a) --{ -- union { -- STACK_OF(STACK_OF_X509_NAME_ENTRY) *s; -- ASN1_VALUE *a; -- } intname = { -- NULL -- }; -- int len; -- unsigned char *p; -- STACK_OF(X509_NAME_ENTRY) *entries = NULL; -- X509_NAME_ENTRY *entry; -- int i, set = -1; -- intname.s = sk_STACK_OF_X509_NAME_ENTRY_new_null(); -- if (!intname.s) -- goto memerr; -- for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) { -- entry = sk_X509_NAME_ENTRY_value(a->entries, i); -- if (entry->set != set) { -- entries = sk_X509_NAME_ENTRY_new_null(); -- if (!entries) -- goto memerr; -- if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname.s, entries)) { -- sk_X509_NAME_ENTRY_free(entries); -- goto memerr; -- } -- set = entry->set; -- } -- if (!sk_X509_NAME_ENTRY_push(entries, entry)) -- goto memerr; -- } -- len = ASN1_item_ex_i2d(&intname.a, NULL, -- ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1); -- if (!BUF_MEM_grow(a->bytes, len)) -- goto memerr; -- p = (unsigned char *)a->bytes->data; -- ASN1_item_ex_i2d(&intname.a, -- &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1); -- sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, -- local_sk_X509_NAME_ENTRY_free); -- a->modified = 0; -- return len; -- memerr: -- sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, -- local_sk_X509_NAME_ENTRY_free); -- ASN1err(ASN1_F_X509_NAME_ENCODE, ERR_R_MALLOC_FAILURE); -- return -1; --} -- --static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval, -- int indent, -- const char *fname, const ASN1_PCTX *pctx) --{ -- if (X509_NAME_print_ex(out, (const X509_NAME *)*pval, -- indent, pctx->nm_flags) <= 0) -- return 0; -- return 2; --} -- --/* -- * This function generates the canonical encoding of the Name structure. In -- * it all strings are converted to UTF8, leading, trailing and multiple -- * spaces collapsed, converted to lower case and the leading SEQUENCE header -- * removed. In future we could also normalize the UTF8 too. By doing this -- * comparison of Name structures can be rapidly performed by just using -- * memcmp() of the canonical encoding. By omitting the leading SEQUENCE name -- * constraints of type dirName can also be checked with a simple memcmp(). -- */ -- --static int x509_name_canon(X509_NAME *a) --{ -- unsigned char *p; -- STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname = NULL; -- STACK_OF(X509_NAME_ENTRY) *entries = NULL; -- X509_NAME_ENTRY *entry, *tmpentry = NULL; -- int i, set = -1, ret = 0, len; -- -- OPENSSL_free(a->canon_enc); -- a->canon_enc = NULL; -- /* Special case: empty X509_NAME => null encoding */ -- if (sk_X509_NAME_ENTRY_num(a->entries) == 0) { -- a->canon_enclen = 0; -- return 1; -- } -- intname = sk_STACK_OF_X509_NAME_ENTRY_new_null(); -- if (!intname) -- goto err; -- for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) { -- entry = sk_X509_NAME_ENTRY_value(a->entries, i); -- if (entry->set != set) { -- entries = sk_X509_NAME_ENTRY_new_null(); -- if (!entries) -- goto err; -- if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries)) { -- sk_X509_NAME_ENTRY_free(entries); -- goto err; -- } -- set = entry->set; -- } -- tmpentry = X509_NAME_ENTRY_new(); -- if (tmpentry == NULL) -- goto err; -- tmpentry->object = OBJ_dup(entry->object); -- if (tmpentry->object == NULL) -- goto err; -- if (!asn1_string_canon(tmpentry->value, entry->value)) -- goto err; -- if (!sk_X509_NAME_ENTRY_push(entries, tmpentry)) -- goto err; -- tmpentry = NULL; -- } -- -- /* Finally generate encoding */ -- -- len = i2d_name_canon(intname, NULL); -- if (len < 0) -- goto err; -- a->canon_enclen = len; -- -- p = OPENSSL_malloc(a->canon_enclen); -- -- if (p == NULL) -- goto err; -- -- a->canon_enc = p; -- -- i2d_name_canon(intname, &p); -- -- ret = 1; -- -- err: -- -- X509_NAME_ENTRY_free(tmpentry); -- sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname, -- local_sk_X509_NAME_ENTRY_pop_free); -- return ret; --} -- --/* Bitmap of all the types of string that will be canonicalized. */ -- --#define ASN1_MASK_CANON \ -- (B_ASN1_UTF8STRING | B_ASN1_BMPSTRING | B_ASN1_UNIVERSALSTRING \ -- | B_ASN1_PRINTABLESTRING | B_ASN1_T61STRING | B_ASN1_IA5STRING \ -- | B_ASN1_VISIBLESTRING) -- --static int asn1_string_canon(ASN1_STRING *out, const ASN1_STRING *in) --{ -- unsigned char *to, *from; -- int len, i; -- -- /* If type not in bitmask just copy string across */ -- if (!(ASN1_tag2bit(in->type) & ASN1_MASK_CANON)) { -- if (!ASN1_STRING_copy(out, in)) -- return 0; -- return 1; -- } -- -- out->type = V_ASN1_UTF8STRING; -- out->length = ASN1_STRING_to_UTF8(&out->data, in); -- if (out->length == -1) -- return 0; -- -- to = out->data; -- from = to; -- -- len = out->length; -- -- /* -- * Convert string in place to canonical form. Ultimately we may need to -- * handle a wider range of characters but for now ignore anything with -- * MSB set and rely on the isspace() and tolower() functions. -- */ -- -- /* Ignore leading spaces */ -- while ((len > 0) && !(*from & 0x80) && isspace(*from)) { -- from++; -- len--; -- } -- -- to = from + len; -- -- /* Ignore trailing spaces */ -- while ((len > 0) && !(to[-1] & 0x80) && isspace(to[-1])) { -- to--; -- len--; -- } -- -- to = out->data; -- -- i = 0; -- while (i < len) { -- /* If MSB set just copy across */ -- if (*from & 0x80) { -- *to++ = *from++; -- i++; -- } -- /* Collapse multiple spaces */ -- else if (isspace(*from)) { -- /* Copy one space across */ -- *to++ = ' '; -- /* -- * Ignore subsequent spaces. Note: don't need to check len here -- * because we know the last character is a non-space so we can't -- * overflow. -- */ -- do { -- from++; -- i++; -- } -- while (!(*from & 0x80) && isspace(*from)); -- } else { -- *to++ = tolower(*from); -- from++; -- i++; -- } -- } -- -- out->length = to - out->data; -- -- return 1; -- --} -- --static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) * _intname, -- unsigned char **in) --{ -- int i, len, ltmp; -- ASN1_VALUE *v; -- STACK_OF(ASN1_VALUE) *intname = (STACK_OF(ASN1_VALUE) *)_intname; -- -- len = 0; -- for (i = 0; i < sk_ASN1_VALUE_num(intname); i++) { -- v = sk_ASN1_VALUE_value(intname, i); -- ltmp = ASN1_item_ex_i2d(&v, in, -- ASN1_ITEM_rptr(X509_NAME_ENTRIES), -1, -1); -- if (ltmp < 0) -- return ltmp; -- len += ltmp; -- } -- return len; --} -- --int X509_NAME_set(X509_NAME **xn, X509_NAME *name) --{ -- X509_NAME *in; -- -- if (!xn || !name) -- return (0); -- -- if (*xn != name) { -- in = X509_NAME_dup(name); -- if (in != NULL) { -- X509_NAME_free(*xn); -- *xn = in; -- } -- } -- return (*xn != NULL); --} -- --int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase) --{ -- char *s, *c, *b; -- int l, i; -- -- l = 80 - 2 - obase; -- -- b = X509_NAME_oneline(name, NULL, 0); -- if (!b) -- return 0; -- if (!*b) { -- OPENSSL_free(b); -- return 1; -- } -- s = b + 1; /* skip the first slash */ -- -- c = s; -- for (;;) { --#ifndef CHARSET_EBCDIC -- if (((*s == '/') && -- ((s[1] >= 'A') && (s[1] <= 'Z') && ((s[2] == '=') || -- ((s[2] >= 'A') -- && (s[2] <= 'Z') -- && (s[3] == '=')) -- ))) || (*s == '\0')) --#else -- if (((*s == '/') && -- (isupper(s[1]) && ((s[2] == '=') || -- (isupper(s[2]) && (s[3] == '=')) -- ))) || (*s == '\0')) --#endif -- { -- i = s - c; -- if (BIO_write(bp, c, i) != i) -- goto err; -- c = s + 1; /* skip following slash */ -- if (*s != '\0') { -- if (BIO_write(bp, ", ", 2) != 2) -- goto err; -- } -- l--; -- } -- if (*s == '\0') -- break; -- s++; -- l--; -- } -- -- OPENSSL_free(b); -- return 1; -- err: -- X509err(X509_F_X509_NAME_PRINT, ERR_R_BUF_LIB); -- OPENSSL_free(b); -- return 0; --} -- --int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder, -- size_t *pderlen) --{ -- /* Make sure encoding is valid */ -- if (i2d_X509_NAME(nm, NULL) <= 0) -- return 0; -- if (pder != NULL) -- *pder = (unsigned char *)nm->bytes->data; -- if (pderlen != NULL) -- *pderlen = nm->bytes->length; -- return 1; --} -diff --git a/Cryptlib/OpenSSL/crypto/x509/x_pubkey.c b/Cryptlib/OpenSSL/crypto/x509/x_pubkey.c -deleted file mode 100644 -index cc69283..0000000 ---- a/Cryptlib/OpenSSL/crypto/x509/x_pubkey.c -+++ /dev/null -@@ -1,374 +0,0 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include --#include "internal/cryptlib.h" --#include --#include --#include "internal/asn1_int.h" --#include "internal/evp_int.h" --#include "internal/x509_int.h" --#include --#include -- --struct X509_pubkey_st { -- X509_ALGOR *algor; -- ASN1_BIT_STRING *public_key; -- EVP_PKEY *pkey; --}; -- --static int x509_pubkey_decode(EVP_PKEY **pk, X509_PUBKEY *key); -- --/* Minor tweak to operation: free up EVP_PKEY */ --static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, -- void *exarg) --{ -- if (operation == ASN1_OP_FREE_POST) { -- X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval; -- EVP_PKEY_free(pubkey->pkey); -- } else if (operation == ASN1_OP_D2I_POST) { -- /* Attempt to decode public key and cache in pubkey structure. */ -- X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval; -- EVP_PKEY_free(pubkey->pkey); -- /* -- * Opportunistically decode the key but remove any non fatal errors -- * from the queue. Subsequent explicit attempts to decode/use the key -- * will return an appropriate error. -- */ -- ERR_set_mark(); -- if (x509_pubkey_decode(&pubkey->pkey, pubkey) == -1) -- return 0; -- ERR_pop_to_mark(); -- } -- return 1; --} -- --ASN1_SEQUENCE_cb(X509_PUBKEY, pubkey_cb) = { -- ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR), -- ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING) --} ASN1_SEQUENCE_END_cb(X509_PUBKEY, X509_PUBKEY) -- --IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY) -- --int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) --{ -- X509_PUBKEY *pk = NULL; -- -- if (x == NULL) -- return (0); -- -- if ((pk = X509_PUBKEY_new()) == NULL) -- goto error; -- -- if (pkey->ameth) { -- if (pkey->ameth->pub_encode) { -- if (!pkey->ameth->pub_encode(pk, pkey)) { -- X509err(X509_F_X509_PUBKEY_SET, -- X509_R_PUBLIC_KEY_ENCODE_ERROR); -- goto error; -- } -- } else { -- X509err(X509_F_X509_PUBKEY_SET, X509_R_METHOD_NOT_SUPPORTED); -- goto error; -- } -- } else { -- X509err(X509_F_X509_PUBKEY_SET, X509_R_UNSUPPORTED_ALGORITHM); -- goto error; -- } -- -- X509_PUBKEY_free(*x); -- *x = pk; -- pk->pkey = pkey; -- EVP_PKEY_up_ref(pkey); -- return 1; -- -- error: -- X509_PUBKEY_free(pk); -- return 0; --} -- --/* -- * Attempt to decode a public key. -- * Returns 1 on success, 0 for a decode failure and -1 for a fatal -- * error e.g. malloc failure. -- */ -- -- --static int x509_pubkey_decode(EVP_PKEY **ppkey, X509_PUBKEY *key) -- { -- EVP_PKEY *pkey = EVP_PKEY_new(); -- -- if (pkey == NULL) { -- X509err(X509_F_X509_PUBKEY_DECODE, ERR_R_MALLOC_FAILURE); -- return -1; -- } -- -- if (!EVP_PKEY_set_type(pkey, OBJ_obj2nid(key->algor->algorithm))) { -- X509err(X509_F_X509_PUBKEY_DECODE, X509_R_UNSUPPORTED_ALGORITHM); -- goto error; -- } -- -- if (pkey->ameth->pub_decode) { -- /* -- * Treat any failure of pub_decode as a decode error. In -- * future we could have different return codes for decode -- * errors and fatal errors such as malloc failure. -- */ -- if (!pkey->ameth->pub_decode(pkey, key)) { -- X509err(X509_F_X509_PUBKEY_DECODE, X509_R_PUBLIC_KEY_DECODE_ERROR); -- goto error; -- } -- } else { -- X509err(X509_F_X509_PUBKEY_DECODE, X509_R_METHOD_NOT_SUPPORTED); -- goto error; -- } -- -- *ppkey = pkey; -- return 1; -- -- error: -- EVP_PKEY_free(pkey); -- return 0; --} -- --EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key) --{ -- EVP_PKEY *ret = NULL; -- -- if (key == NULL || key->public_key == NULL) -- return NULL; -- -- if (key->pkey != NULL) -- return key->pkey; -- -- /* -- * When the key ASN.1 is initially parsed an attempt is made to -- * decode the public key and cache the EVP_PKEY structure. If this -- * operation fails the cached value will be NULL. Parsing continues -- * to allow parsing of unknown key types or unsupported forms. -- * We repeat the decode operation so the appropriate errors are left -- * in the queue. -- */ -- x509_pubkey_decode(&ret, key); -- /* If decode doesn't fail something bad happened */ -- if (ret != NULL) { -- X509err(X509_F_X509_PUBKEY_GET0, ERR_R_INTERNAL_ERROR); -- EVP_PKEY_free(ret); -- } -- -- return NULL; --} -- --EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) --{ -- EVP_PKEY *ret = X509_PUBKEY_get0(key); -- if (ret != NULL) -- EVP_PKEY_up_ref(ret); -- return ret; --} -- --/* -- * Now two pseudo ASN1 routines that take an EVP_PKEY structure and encode or -- * decode as X509_PUBKEY -- */ -- --EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length) --{ -- X509_PUBKEY *xpk; -- EVP_PKEY *pktmp; -- const unsigned char *q; -- q = *pp; -- xpk = d2i_X509_PUBKEY(NULL, &q, length); -- if (!xpk) -- return NULL; -- pktmp = X509_PUBKEY_get(xpk); -- X509_PUBKEY_free(xpk); -- if (!pktmp) -- return NULL; -- *pp = q; -- if (a) { -- EVP_PKEY_free(*a); -- *a = pktmp; -- } -- return pktmp; --} -- --int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp) --{ -- X509_PUBKEY *xpk = NULL; -- int ret; -- if (!a) -- return 0; -- if (!X509_PUBKEY_set(&xpk, a)) -- return 0; -- ret = i2d_X509_PUBKEY(xpk, pp); -- X509_PUBKEY_free(xpk); -- return ret; --} -- --/* -- * The following are equivalents but which return RSA and DSA keys -- */ --#ifndef OPENSSL_NO_RSA --RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length) --{ -- EVP_PKEY *pkey; -- RSA *key; -- const unsigned char *q; -- q = *pp; -- pkey = d2i_PUBKEY(NULL, &q, length); -- if (!pkey) -- return NULL; -- key = EVP_PKEY_get1_RSA(pkey); -- EVP_PKEY_free(pkey); -- if (!key) -- return NULL; -- *pp = q; -- if (a) { -- RSA_free(*a); -- *a = key; -- } -- return key; --} -- --int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp) --{ -- EVP_PKEY *pktmp; -- int ret; -- if (!a) -- return 0; -- pktmp = EVP_PKEY_new(); -- if (pktmp == NULL) { -- ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE); -- return 0; -- } -- EVP_PKEY_set1_RSA(pktmp, a); -- ret = i2d_PUBKEY(pktmp, pp); -- EVP_PKEY_free(pktmp); -- return ret; --} --#endif -- --#ifndef OPENSSL_NO_DSA --DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length) --{ -- EVP_PKEY *pkey; -- DSA *key; -- const unsigned char *q; -- q = *pp; -- pkey = d2i_PUBKEY(NULL, &q, length); -- if (!pkey) -- return NULL; -- key = EVP_PKEY_get1_DSA(pkey); -- EVP_PKEY_free(pkey); -- if (!key) -- return NULL; -- *pp = q; -- if (a) { -- DSA_free(*a); -- *a = key; -- } -- return key; --} -- --int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp) --{ -- EVP_PKEY *pktmp; -- int ret; -- if (!a) -- return 0; -- pktmp = EVP_PKEY_new(); -- if (pktmp == NULL) { -- ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE); -- return 0; -- } -- EVP_PKEY_set1_DSA(pktmp, a); -- ret = i2d_PUBKEY(pktmp, pp); -- EVP_PKEY_free(pktmp); -- return ret; --} --#endif -- --#ifndef OPENSSL_NO_EC --EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length) --{ -- EVP_PKEY *pkey; -- EC_KEY *key; -- const unsigned char *q; -- q = *pp; -- pkey = d2i_PUBKEY(NULL, &q, length); -- if (!pkey) -- return (NULL); -- key = EVP_PKEY_get1_EC_KEY(pkey); -- EVP_PKEY_free(pkey); -- if (!key) -- return (NULL); -- *pp = q; -- if (a) { -- EC_KEY_free(*a); -- *a = key; -- } -- return (key); --} -- --int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp) --{ -- EVP_PKEY *pktmp; -- int ret; -- if (!a) -- return (0); -- if ((pktmp = EVP_PKEY_new()) == NULL) { -- ASN1err(ASN1_F_I2D_EC_PUBKEY, ERR_R_MALLOC_FAILURE); -- return (0); -- } -- EVP_PKEY_set1_EC_KEY(pktmp, a); -- ret = i2d_PUBKEY(pktmp, pp); -- EVP_PKEY_free(pktmp); -- return (ret); --} --#endif -- --int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, -- int ptype, void *pval, -- unsigned char *penc, int penclen) --{ -- if (!X509_ALGOR_set0(pub->algor, aobj, ptype, pval)) -- return 0; -- if (penc) { -- OPENSSL_free(pub->public_key->data); -- pub->public_key->data = penc; -- pub->public_key->length = penclen; -- /* Set number of unused bits to zero */ -- pub->public_key->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); -- pub->public_key->flags |= ASN1_STRING_FLAG_BITS_LEFT; -- } -- return 1; --} -- --int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, -- const unsigned char **pk, int *ppklen, -- X509_ALGOR **pa, X509_PUBKEY *pub) --{ -- if (ppkalg) -- *ppkalg = pub->algor->algorithm; -- if (pk) { -- *pk = pub->public_key->data; -- *ppklen = pub->public_key->length; -- } -- if (pa) -- *pa = pub->algor; -- return 1; --} -- --ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x) --{ -- if (x == NULL) -- return NULL; -- return x->cert_info.key->public_key; --} -diff --git a/Cryptlib/OpenSSL/crypto/x509/x_req.c b/Cryptlib/OpenSSL/crypto/x509/x_req.c -deleted file mode 100644 -index c2da95a..0000000 ---- a/Cryptlib/OpenSSL/crypto/x509/x_req.c -+++ /dev/null -@@ -1,68 +0,0 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include --#include "internal/cryptlib.h" --#include --#include --#include "internal/x509_int.h" -- --/*- -- * X509_REQ_INFO is handled in an unusual way to get round -- * invalid encodings. Some broken certificate requests don't -- * encode the attributes field if it is empty. This is in -- * violation of PKCS#10 but we need to tolerate it. We do -- * this by making the attributes field OPTIONAL then using -- * the callback to initialise it to an empty STACK. -- * -- * This means that the field will be correctly encoded unless -- * we NULL out the field. -- * -- * As a result we no longer need the req_kludge field because -- * the information is now contained in the attributes field: -- * 1. If it is NULL then it's the invalid omission. -- * 2. If it is empty it is the correct encoding. -- * 3. If it is not empty then some attributes are present. -- * -- */ -- --static int rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, -- void *exarg) --{ -- X509_REQ_INFO *rinf = (X509_REQ_INFO *)*pval; -- -- if (operation == ASN1_OP_NEW_POST) { -- rinf->attributes = sk_X509_ATTRIBUTE_new_null(); -- if (!rinf->attributes) -- return 0; -- } -- return 1; --} -- --ASN1_SEQUENCE_enc(X509_REQ_INFO, enc, rinf_cb) = { -- ASN1_SIMPLE(X509_REQ_INFO, version, ASN1_INTEGER), -- ASN1_SIMPLE(X509_REQ_INFO, subject, X509_NAME), -- ASN1_SIMPLE(X509_REQ_INFO, pubkey, X509_PUBKEY), -- /* This isn't really OPTIONAL but it gets round invalid -- * encodings -- */ -- ASN1_IMP_SET_OF_OPT(X509_REQ_INFO, attributes, X509_ATTRIBUTE, 0) --} ASN1_SEQUENCE_END_enc(X509_REQ_INFO, X509_REQ_INFO) -- --IMPLEMENT_ASN1_FUNCTIONS(X509_REQ_INFO) -- --ASN1_SEQUENCE_ref(X509_REQ, 0) = { -- ASN1_EMBED(X509_REQ, req_info, X509_REQ_INFO), -- ASN1_EMBED(X509_REQ, sig_alg, X509_ALGOR), -- ASN1_SIMPLE(X509_REQ, signature, ASN1_BIT_STRING) --} ASN1_SEQUENCE_END_ref(X509_REQ, X509_REQ) -- --IMPLEMENT_ASN1_FUNCTIONS(X509_REQ) -- --IMPLEMENT_ASN1_DUP_FUNCTION(X509_REQ) -diff --git a/Cryptlib/OpenSSL/crypto/x509/x_x509.c b/Cryptlib/OpenSSL/crypto/x509/x_x509.c -deleted file mode 100644 -index 6783fd8..0000000 ---- a/Cryptlib/OpenSSL/crypto/x509/x_x509.c -+++ /dev/null -@@ -1,224 +0,0 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include --#include "internal/cryptlib.h" --#include --#include --#include --#include --#include "internal/x509_int.h" -- --ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = { -- ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0), -- ASN1_EMBED(X509_CINF, serialNumber, ASN1_INTEGER), -- ASN1_EMBED(X509_CINF, signature, X509_ALGOR), -- ASN1_SIMPLE(X509_CINF, issuer, X509_NAME), -- ASN1_EMBED(X509_CINF, validity, X509_VAL), -- ASN1_SIMPLE(X509_CINF, subject, X509_NAME), -- ASN1_SIMPLE(X509_CINF, key, X509_PUBKEY), -- ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1), -- ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2), -- ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3) --} ASN1_SEQUENCE_END_enc(X509_CINF, X509_CINF) -- --IMPLEMENT_ASN1_FUNCTIONS(X509_CINF) --/* X509 top level structure needs a bit of customisation */ -- --extern void policy_cache_free(X509_POLICY_CACHE *cache); -- --static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, -- void *exarg) --{ -- X509 *ret = (X509 *)*pval; -- -- switch (operation) { -- -- case ASN1_OP_NEW_POST: -- ret->ex_flags = 0; -- ret->ex_pathlen = -1; -- ret->ex_pcpathlen = -1; -- ret->skid = NULL; -- ret->akid = NULL; --#ifndef OPENSSL_NO_RFC3779 -- ret->rfc3779_addr = NULL; -- ret->rfc3779_asid = NULL; --#endif -- ret->aux = NULL; -- ret->crldp = NULL; -- if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data)) -- return 0; -- break; -- -- case ASN1_OP_FREE_POST: -- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data); -- X509_CERT_AUX_free(ret->aux); -- ASN1_OCTET_STRING_free(ret->skid); -- AUTHORITY_KEYID_free(ret->akid); -- CRL_DIST_POINTS_free(ret->crldp); -- policy_cache_free(ret->policy_cache); -- GENERAL_NAMES_free(ret->altname); -- NAME_CONSTRAINTS_free(ret->nc); --#ifndef OPENSSL_NO_RFC3779 -- sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free); -- ASIdentifiers_free(ret->rfc3779_asid); --#endif -- break; -- -- } -- -- return 1; -- --} -- --ASN1_SEQUENCE_ref(X509, x509_cb) = { -- ASN1_EMBED(X509, cert_info, X509_CINF), -- ASN1_EMBED(X509, sig_alg, X509_ALGOR), -- ASN1_EMBED(X509, signature, ASN1_BIT_STRING) --} ASN1_SEQUENCE_END_ref(X509, X509) -- --IMPLEMENT_ASN1_FUNCTIONS(X509) -- --IMPLEMENT_ASN1_DUP_FUNCTION(X509) -- --int X509_set_ex_data(X509 *r, int idx, void *arg) --{ -- return (CRYPTO_set_ex_data(&r->ex_data, idx, arg)); --} -- --void *X509_get_ex_data(X509 *r, int idx) --{ -- return (CRYPTO_get_ex_data(&r->ex_data, idx)); --} -- --/* -- * X509_AUX ASN1 routines. X509_AUX is the name given to a certificate with -- * extra info tagged on the end. Since these functions set how a certificate -- * is trusted they should only be used when the certificate comes from a -- * reliable source such as local storage. -- */ -- --X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length) --{ -- const unsigned char *q; -- X509 *ret; -- int freeret = 0; -- -- /* Save start position */ -- q = *pp; -- -- if (a == NULL || *a == NULL) -- freeret = 1; -- ret = d2i_X509(a, &q, length); -- /* If certificate unreadable then forget it */ -- if (ret == NULL) -- return NULL; -- /* update length */ -- length -= q - *pp; -- if (length > 0 && !d2i_X509_CERT_AUX(&ret->aux, &q, length)) -- goto err; -- *pp = q; -- return ret; -- err: -- if (freeret) { -- X509_free(ret); -- if (a) -- *a = NULL; -- } -- return NULL; --} -- --/* -- * Serialize trusted certificate to *pp or just return the required buffer -- * length if pp == NULL. We ultimately want to avoid modifying *pp in the -- * error path, but that depends on similar hygiene in lower-level functions. -- * Here we avoid compounding the problem. -- */ --static int i2d_x509_aux_internal(X509 *a, unsigned char **pp) --{ -- int length, tmplen; -- unsigned char *start = pp != NULL ? *pp : NULL; -- -- OPENSSL_assert(pp == NULL || *pp != NULL); -- -- /* -- * This might perturb *pp on error, but fixing that belongs in i2d_X509() -- * not here. It should be that if a == NULL length is zero, but we check -- * both just in case. -- */ -- length = i2d_X509(a, pp); -- if (length <= 0 || a == NULL) -- return length; -- -- tmplen = i2d_X509_CERT_AUX(a->aux, pp); -- if (tmplen < 0) { -- if (start != NULL) -- *pp = start; -- return tmplen; -- } -- length += tmplen; -- -- return length; --} -- --/* -- * Serialize trusted certificate to *pp, or just return the required buffer -- * length if pp == NULL. -- * -- * When pp is not NULL, but *pp == NULL, we allocate the buffer, but since -- * we're writing two ASN.1 objects back to back, we can't have i2d_X509() do -- * the allocation, nor can we allow i2d_X509_CERT_AUX() to increment the -- * allocated buffer. -- */ --int i2d_X509_AUX(X509 *a, unsigned char **pp) --{ -- int length; -- unsigned char *tmp; -- -- /* Buffer provided by caller */ -- if (pp == NULL || *pp != NULL) -- return i2d_x509_aux_internal(a, pp); -- -- /* Obtain the combined length */ -- if ((length = i2d_x509_aux_internal(a, NULL)) <= 0) -- return length; -- -- /* Allocate requisite combined storage */ -- *pp = tmp = OPENSSL_malloc(length); -- if (tmp == NULL) -- return -1; /* Push error onto error stack? */ -- -- /* Encode, but keep *pp at the originally malloced pointer */ -- length = i2d_x509_aux_internal(a, &tmp); -- if (length <= 0) { -- OPENSSL_free(*pp); -- *pp = NULL; -- } -- return length; --} -- --int i2d_re_X509_tbs(X509 *x, unsigned char **pp) --{ -- x->cert_info.enc.modified = 1; -- return i2d_X509_CINF(&x->cert_info, pp); --} -- --void X509_get0_signature(const ASN1_BIT_STRING **psig, -- const X509_ALGOR **palg, const X509 *x) --{ -- if (psig) -- *psig = &x->signature; -- if (palg) -- *palg = &x->sig_alg; --} -- --int X509_get_signature_nid(const X509 *x) --{ -- return OBJ_obj2nid(x->sig_alg.algorithm); --} -diff --git a/Cryptlib/OpenSSL/crypto/x509/x_x509a.c b/Cryptlib/OpenSSL/crypto/x509/x_x509a.c -deleted file mode 100644 -index 8c9ad71..0000000 ---- a/Cryptlib/OpenSSL/crypto/x509/x_x509a.c -+++ /dev/null -@@ -1,169 +0,0 @@ --/* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include --#include "internal/cryptlib.h" --#include --#include --#include --#include "internal/x509_int.h" -- --/* -- * X509_CERT_AUX routines. These are used to encode additional user -- * modifiable data about a certificate. This data is appended to the X509 -- * encoding when the *_X509_AUX routines are used. This means that the -- * "traditional" X509 routines will simply ignore the extra data. -- */ -- --static X509_CERT_AUX *aux_get(X509 *x); -- --ASN1_SEQUENCE(X509_CERT_AUX) = { -- ASN1_SEQUENCE_OF_OPT(X509_CERT_AUX, trust, ASN1_OBJECT), -- ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, reject, ASN1_OBJECT, 0), -- ASN1_OPT(X509_CERT_AUX, alias, ASN1_UTF8STRING), -- ASN1_OPT(X509_CERT_AUX, keyid, ASN1_OCTET_STRING), -- ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, other, X509_ALGOR, 1) --} ASN1_SEQUENCE_END(X509_CERT_AUX) -- --IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_AUX) -- --int X509_trusted(const X509 *x) --{ -- return x->aux ? 1 : 0; --} -- --static X509_CERT_AUX *aux_get(X509 *x) --{ -- if (x == NULL) -- return NULL; -- if (x->aux == NULL && (x->aux = X509_CERT_AUX_new()) == NULL) -- return NULL; -- return x->aux; --} -- --int X509_alias_set1(X509 *x, const unsigned char *name, int len) --{ -- X509_CERT_AUX *aux; -- if (!name) { -- if (!x || !x->aux || !x->aux->alias) -- return 1; -- ASN1_UTF8STRING_free(x->aux->alias); -- x->aux->alias = NULL; -- return 1; -- } -- if ((aux = aux_get(x)) == NULL) -- return 0; -- if (aux->alias == NULL && (aux->alias = ASN1_UTF8STRING_new()) == NULL) -- return 0; -- return ASN1_STRING_set(aux->alias, name, len); --} -- --int X509_keyid_set1(X509 *x, const unsigned char *id, int len) --{ -- X509_CERT_AUX *aux; -- if (!id) { -- if (!x || !x->aux || !x->aux->keyid) -- return 1; -- ASN1_OCTET_STRING_free(x->aux->keyid); -- x->aux->keyid = NULL; -- return 1; -- } -- if ((aux = aux_get(x)) == NULL) -- return 0; -- if (aux->keyid == NULL -- && (aux->keyid = ASN1_OCTET_STRING_new()) == NULL) -- return 0; -- return ASN1_STRING_set(aux->keyid, id, len); --} -- --unsigned char *X509_alias_get0(X509 *x, int *len) --{ -- if (!x->aux || !x->aux->alias) -- return NULL; -- if (len) -- *len = x->aux->alias->length; -- return x->aux->alias->data; --} -- --unsigned char *X509_keyid_get0(X509 *x, int *len) --{ -- if (!x->aux || !x->aux->keyid) -- return NULL; -- if (len) -- *len = x->aux->keyid->length; -- return x->aux->keyid->data; --} -- --int X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj) --{ -- X509_CERT_AUX *aux; -- ASN1_OBJECT *objtmp = NULL; -- if (obj) { -- objtmp = OBJ_dup(obj); -- if (!objtmp) -- return 0; -- } -- if ((aux = aux_get(x)) == NULL) -- goto err; -- if (aux->trust == NULL -- && (aux->trust = sk_ASN1_OBJECT_new_null()) == NULL) -- goto err; -- if (!objtmp || sk_ASN1_OBJECT_push(aux->trust, objtmp)) -- return 1; -- err: -- ASN1_OBJECT_free(objtmp); -- return 0; --} -- --int X509_add1_reject_object(X509 *x, const ASN1_OBJECT *obj) --{ -- X509_CERT_AUX *aux; -- ASN1_OBJECT *objtmp; -- if ((objtmp = OBJ_dup(obj)) == NULL) -- return 0; -- if ((aux = aux_get(x)) == NULL) -- goto err; -- if (aux->reject == NULL -- && (aux->reject = sk_ASN1_OBJECT_new_null()) == NULL) -- goto err; -- return sk_ASN1_OBJECT_push(aux->reject, objtmp); -- err: -- ASN1_OBJECT_free(objtmp); -- return 0; --} -- --void X509_trust_clear(X509 *x) --{ -- if (x->aux) { -- sk_ASN1_OBJECT_pop_free(x->aux->trust, ASN1_OBJECT_free); -- x->aux->trust = NULL; -- } --} -- --void X509_reject_clear(X509 *x) --{ -- if (x->aux) { -- sk_ASN1_OBJECT_pop_free(x->aux->reject, ASN1_OBJECT_free); -- x->aux->reject = NULL; -- } --} -- --STACK_OF(ASN1_OBJECT) *X509_get0_trust_objects(X509 *x) --{ -- if (x->aux != NULL) -- return x->aux->trust; -- return NULL; --} -- --STACK_OF(ASN1_OBJECT) *X509_get0_reject_objects(X509 *x) --{ -- if (x->aux != NULL) -- return x->aux->reject; -- return NULL; --} -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/ext_dat.h b/Cryptlib/OpenSSL/crypto/x509v3/ext_dat.h -index c9ede96..09ebbca 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/ext_dat.h -+++ b/Cryptlib/OpenSSL/crypto/x509v3/ext_dat.h -@@ -1,24 +1,138 @@ -+/* ext_dat.h */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ -+/* This file contains a table of "standard" extensions */ -+ -+extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku; -+extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo; -+extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id; -+extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate; -+extern X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld, v3_freshest_crl; -+extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff; -+extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc; -+extern X509V3_EXT_METHOD v3_crl_hold, v3_pci; -+extern X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints; -+extern X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp, v3_idp; -+extern X509V3_EXT_METHOD v3_addr, v3_asid; -+extern X509V3_EXT_METHOD v3_ct_scts[]; -+ -+/* -+ * This table will be searched using OBJ_bsearch so it *must* kept in order -+ * of the ext_nid values. -+ */ -+ -+static const X509V3_EXT_METHOD *standard_exts[] = { -+ &v3_nscert, -+ &v3_ns_ia5_list[0], -+ &v3_ns_ia5_list[1], -+ &v3_ns_ia5_list[2], -+ &v3_ns_ia5_list[3], -+ &v3_ns_ia5_list[4], -+ &v3_ns_ia5_list[5], -+ &v3_ns_ia5_list[6], -+ &v3_skey_id, -+ &v3_key_usage, -+ &v3_pkey_usage_period, -+ &v3_alt[0], -+ &v3_alt[1], -+ &v3_bcons, -+ &v3_crl_num, -+ &v3_cpols, -+ &v3_akey_id, -+ &v3_crld, -+ &v3_ext_ku, -+ &v3_delta_crl, -+ &v3_crl_reason, -+#ifndef OPENSSL_NO_OCSP -+ &v3_crl_invdate, -+#endif -+ &v3_sxnet, -+ &v3_info, -+#ifndef OPENSSL_NO_RFC3779 -+ &v3_addr, -+ &v3_asid, -+#endif -+#ifndef OPENSSL_NO_OCSP -+ &v3_ocsp_nonce, -+ &v3_ocsp_crlid, -+ &v3_ocsp_accresp, -+ &v3_ocsp_nocheck, -+ &v3_ocsp_acutoff, -+ &v3_ocsp_serviceloc, -+#endif -+ &v3_sinfo, -+ &v3_policy_constraints, -+#ifndef OPENSSL_NO_OCSP -+ &v3_crl_hold, -+#endif -+ &v3_pci, -+ &v3_name_constraints, -+ &v3_policy_mappings, -+ &v3_inhibit_anyp, -+ &v3_idp, -+ &v3_alt[2], -+ &v3_freshest_crl, -+#ifndef OPENSSL_NO_SCT -+ &v3_ct_scts[0], -+ &v3_ct_scts[1], -+#endif -+}; - --int name_cmp(const char *name, const char *cmp); -+/* Number of standard extensions */ - --extern const X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku; --extern const X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo; --extern const X509V3_EXT_METHOD v3_ns_ia5_list[8], v3_alt[3], v3_skey_id, v3_akey_id; --extern const X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate; --extern const X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld, v3_freshest_crl; --extern const X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff; --extern const X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc; --extern const X509V3_EXT_METHOD v3_crl_hold, v3_pci; --extern const X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints; --extern const X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp, v3_idp; --extern const X509V3_EXT_METHOD v3_addr, v3_asid; --extern const X509V3_EXT_METHOD v3_ct_scts[3]; --extern const X509V3_EXT_METHOD v3_tls_feature; -+#define STANDARD_EXTENSION_COUNT (sizeof(standard_exts)/sizeof(X509V3_EXT_METHOD *)) -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c -index a9ee30a..c8f41f2 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c -@@ -1,16 +1,65 @@ -+/* pcy_cache.c */ - /* -- * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2004. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include --#include "internal/x509_int.h" - - #include "pcy_int.h" - -@@ -34,12 +83,12 @@ static int policy_cache_create(X509 *x, - if (sk_POLICYINFO_num(policies) == 0) - goto bad_policy; - cache->data = sk_X509_POLICY_DATA_new(policy_data_cmp); -- if (cache->data == NULL) -+ if (!cache->data) - goto bad_policy; - for (i = 0; i < sk_POLICYINFO_num(policies); i++) { - policy = sk_POLICYINFO_value(policies, i); - data = policy_data_new(policy, NULL, crit); -- if (data == NULL) -+ if (!data) - goto bad_policy; - /* - * Duplicate policy OIDs are illegal: reject if matches found. -@@ -61,7 +110,8 @@ static int policy_cache_create(X509 *x, - bad_policy: - if (ret == -1) - x->ex_flags |= EXFLAG_INVALID_POLICY; -- policy_data_free(data); -+ if (data) -+ policy_data_free(data); - sk_POLICYINFO_pop_free(policies, POLICYINFO_free); - if (ret <= 0) { - sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free); -@@ -78,11 +128,8 @@ static int policy_cache_new(X509 *x) - CERTIFICATEPOLICIES *ext_cpols = NULL; - POLICY_MAPPINGS *ext_pmaps = NULL; - int i; -- -- if (x->policy_cache != NULL) -- return 1; -- cache = OPENSSL_malloc(sizeof(*cache)); -- if (cache == NULL) -+ cache = OPENSSL_malloc(sizeof(X509_POLICY_CACHE)); -+ if (!cache) - return 0; - cache->anyPolicy = NULL; - cache->data = NULL; -@@ -153,14 +200,18 @@ static int policy_cache_new(X509 *x) - goto bad_cache; - } else if (!policy_cache_set_int(&cache->any_skip, ext_any)) - goto bad_cache; -- goto just_cleanup; - -+ if (0) { - bad_cache: -- x->ex_flags |= EXFLAG_INVALID_POLICY; -+ x->ex_flags |= EXFLAG_INVALID_POLICY; -+ } -+ -+ if (ext_pcons) -+ POLICY_CONSTRAINTS_free(ext_pcons); -+ -+ if (ext_any) -+ ASN1_INTEGER_free(ext_any); - -- just_cleanup: -- POLICY_CONSTRAINTS_free(ext_pcons); -- ASN1_INTEGER_free(ext_any); - return 1; - - } -@@ -169,8 +220,10 @@ void policy_cache_free(X509_POLICY_CACHE *cache) - { - if (!cache) - return; -- policy_data_free(cache->anyPolicy); -- sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free); -+ if (cache->anyPolicy) -+ policy_data_free(cache->anyPolicy); -+ if (cache->data) -+ sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free); - OPENSSL_free(cache); - } - -@@ -178,9 +231,9 @@ const X509_POLICY_CACHE *policy_cache_set(X509 *x) - { - - if (x->policy_cache == NULL) { -- CRYPTO_THREAD_write_lock(x->lock); -+ CRYPTO_w_lock(CRYPTO_LOCK_X509); - policy_cache_new(x); -- CRYPTO_THREAD_unlock(x->lock); -+ CRYPTO_w_unlock(CRYPTO_LOCK_X509); - } - - return x->policy_cache; -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c -index cf1d635..90e9970 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c -@@ -1,13 +1,63 @@ -+/* pcy_data.c */ - /* -- * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2004. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - -@@ -17,8 +67,6 @@ - - void policy_data_free(X509_POLICY_DATA *data) - { -- if (!data) -- return; - ASN1_OBJECT_free(data->valid_policy); - /* Don't free qualifiers if shared */ - if (!(data->flags & POLICY_DATA_FLAG_SHARED_QUALIFIERS)) -@@ -28,9 +76,9 @@ void policy_data_free(X509_POLICY_DATA *data) - } - - /* -- * Create a data based on an existing policy. If 'id' is NULL use the OID in -+ * Create a data based on an existing policy. If 'id' is NULL use the oid in - * the policy, otherwise use 'id'. This behaviour covers the two types of -- * data in RFC3280: data with from a CertificatePolicies extension and -+ * data in RFC3280: data with from a CertificatePolcies extension and - * additional data with just the qualifiers of anyPolicy and ID from another - * source. - */ -@@ -48,18 +96,21 @@ X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, - return NULL; - } else - id = NULL; -- ret = OPENSSL_zalloc(sizeof(*ret)); -- if (ret == NULL) -+ ret = OPENSSL_malloc(sizeof(X509_POLICY_DATA)); -+ if (!ret) - return NULL; - ret->expected_policy_set = sk_ASN1_OBJECT_new_null(); -- if (ret->expected_policy_set == NULL) { -+ if (!ret->expected_policy_set) { - OPENSSL_free(ret); -- ASN1_OBJECT_free(id); -+ if (id) -+ ASN1_OBJECT_free(id); - return NULL; - } - - if (crit) - ret->flags = POLICY_DATA_FLAG_CRITICAL; -+ else -+ ret->flags = 0; - - if (id) - ret->valid_policy = id; -@@ -71,7 +122,8 @@ X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, - if (policy) { - ret->qualifier_set = policy->qualifiers; - policy->qualifiers = NULL; -- } -+ } else -+ ret->qualifier_set = NULL; - - return ret; - } -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_int.h b/Cryptlib/OpenSSL/crypto/x509v3/pcy_int.h -index 5daf78d..b5075f9 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_int.h -+++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_int.h -@@ -1,15 +1,65 @@ -+/* pcy_int.h */ - /* -- * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2004. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - typedef struct X509_POLICY_DATA_st X509_POLICY_DATA; - --DEFINE_STACK_OF(X509_POLICY_DATA) -+DECLARE_STACK_OF(X509_POLICY_DATA) - - /* Internal structures */ - -@@ -119,7 +169,7 @@ struct X509_POLICY_TREE_st { - * required. - */ - STACK_OF(X509_POLICY_DATA) *extra_data; -- /* This is the authority constrained policy set */ -+ /* This is the authority constained policy set */ - STACK_OF(X509_POLICY_NODE) *auth_policies; - STACK_OF(X509_POLICY_NODE) *user_policies; - unsigned int flags; -@@ -157,7 +207,7 @@ X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk, - const ASN1_OBJECT *id); - - X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, -- X509_POLICY_DATA *data, -+ const X509_POLICY_DATA *data, - X509_POLICY_NODE *parent, - X509_POLICY_TREE *tree); - void policy_node_free(X509_POLICY_NODE *node); -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c -index 67f7eaf..dbb2983 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c -@@ -1,13 +1,63 @@ -+/* pcy_lib.c */ - /* -- * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2004. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - -@@ -90,6 +140,15 @@ const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node) - return node->data->valid_policy; - } - -+#if 0 -+int X509_policy_node_get_critical(const X509_POLICY_NODE *node) -+{ -+ if (node_critical(node)) -+ return 1; -+ return 0; -+} -+#endif -+ - STACK_OF(POLICYQUALINFO) *X509_policy_node_get0_qualifiers(const - X509_POLICY_NODE - *node) -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c -index ab9dd21..b99eb91 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c -@@ -1,16 +1,65 @@ -+/* pcy_map.c */ - /* -- * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2004. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include --#include "internal/x509_int.h" - - #include "pcy_int.h" - -@@ -42,15 +91,15 @@ int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps) - /* Attempt to find matching policy data */ - data = policy_cache_find_data(cache, map->issuerDomainPolicy); - /* If we don't have anyPolicy can't map */ -- if (data == NULL && !cache->anyPolicy) -+ if (!data && !cache->anyPolicy) - continue; - - /* Create a NODE from anyPolicy */ -- if (data == NULL) { -+ if (!data) { - data = policy_data_new(NULL, map->issuerDomainPolicy, - cache->anyPolicy->flags - & POLICY_DATA_FLAG_CRITICAL); -- if (data == NULL) -+ if (!data) - goto bad_mapping; - data->qualifier_set = cache->anyPolicy->qualifier_set; - /* -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c -index 80443bf..d6c9176 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c -@@ -1,10 +1,60 @@ -+/* pcy_node.c */ - /* -- * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2004. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include -@@ -59,17 +109,17 @@ X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level, - } - - X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, -- X509_POLICY_DATA *data, -+ const X509_POLICY_DATA *data, - X509_POLICY_NODE *parent, - X509_POLICY_TREE *tree) - { - X509_POLICY_NODE *node; -- -- node = OPENSSL_zalloc(sizeof(*node)); -- if (node == NULL) -+ node = OPENSSL_malloc(sizeof(X509_POLICY_NODE)); -+ if (!node) - return NULL; - node->data = data; - node->parent = parent; -+ node->nchild = 0; - if (level) { - if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) { - if (level->anyPolicy) -@@ -77,9 +127,9 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, - level->anyPolicy = node; - } else { - -- if (level->nodes == NULL) -+ if (!level->nodes) - level->nodes = policy_node_cmp_new(); -- if (level->nodes == NULL) -+ if (!level->nodes) - goto node_error; - if (!sk_X509_POLICY_NODE_push(level->nodes, node)) - goto node_error; -@@ -87,9 +137,9 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, - } - - if (tree) { -- if (tree->extra_data == NULL) -+ if (!tree->extra_data) - tree->extra_data = sk_X509_POLICY_DATA_new_null(); -- if (tree->extra_data == NULL) -+ if (!tree->extra_data) - goto node_error; - if (!sk_X509_POLICY_DATA_push(tree->extra_data, data)) - goto node_error; -@@ -102,7 +152,8 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, - - node_error: - policy_node_free(node); -- return NULL; -+ return 0; -+ - } - - void policy_node_free(X509_POLICY_NODE *node) -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c -index 9f9246b..09b8691 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c -@@ -1,13 +1,63 @@ -+/* pcy_tree.c */ - /* -- * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2004. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - -@@ -48,26 +98,22 @@ static void expected_print(BIO *err, X509_POLICY_LEVEL *lev, - static void tree_print(char *str, X509_POLICY_TREE *tree, - X509_POLICY_LEVEL *curr) - { -- BIO *err = BIO_new_fp(stderr, BIO_NOCLOSE); - X509_POLICY_LEVEL *plev; -- -- if (err == NULL) -- return; -+ X509_POLICY_NODE *node; -+ int i; -+ BIO *err; -+ err = BIO_new_fp(stderr, BIO_NOCLOSE); - if (!curr) - curr = tree->levels + tree->nlevel; - else - curr++; -- - BIO_printf(err, "Level print after %s\n", str); - BIO_printf(err, "Printing Up to Level %ld\n", curr - tree->levels); - for (plev = tree->levels; plev != curr; plev++) { -- int i; -- - BIO_printf(err, "Level %ld, flags = %x\n", -- (long)(plev - tree->levels), plev->flags); -+ plev - tree->levels, plev->flags); - for (i = 0; i < sk_X509_POLICY_NODE_num(plev->nodes); i++) { -- X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(plev->nodes, i); -- -+ node = sk_X509_POLICY_NODE_value(plev->nodes, i); - X509_POLICY_NODE_print(err, node, 2); - expected_print(err, plev, node, 2); - BIO_printf(err, " Flags: %x\n", node->data->flags); -@@ -75,17 +121,26 @@ static void tree_print(char *str, X509_POLICY_TREE *tree, - if (plev->anyPolicy) - X509_POLICY_NODE_print(err, plev->anyPolicy, 2); - } -+ - BIO_free(err); -+ - } -+#else -+ -+# define tree_print(a,b,c) /* */ -+ - #endif - - /*- -- * Return value: <= 0 on error, or positive bit mask: -- * -- * X509_PCY_TREE_VALID: valid tree -- * X509_PCY_TREE_EMPTY: empty tree (including bare TA case) -- * X509_PCY_TREE_EXPLICIT: explicit policy required -+ * Initialize policy tree. Return values: -+ * 0 Some internal error occurred. -+ * -1 Inconsistent or invalid extensions in certificates. -+ * 1 Tree initialized OK. -+ * 2 Policy tree is empty. -+ * 5 Tree OK and requireExplicitPolicy true. -+ * 6 Tree empty and requireExplicitPolicy true. - */ -+ - static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, - unsigned int flags) - { -@@ -93,112 +148,114 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, - X509_POLICY_LEVEL *level; - const X509_POLICY_CACHE *cache; - X509_POLICY_DATA *data = NULL; -- int ret = X509_PCY_TREE_VALID; -- int n = sk_X509_num(certs) - 1; /* RFC5280 paths omit the TA */ -- int explicit_policy = (flags & X509_V_FLAG_EXPLICIT_POLICY) ? 0 : n+1; -- int any_skip = (flags & X509_V_FLAG_INHIBIT_ANY) ? 0 : n+1; -- int map_skip = (flags & X509_V_FLAG_INHIBIT_MAP) ? 0 : n+1; -- int i; -- -+ X509 *x; -+ int ret = 1; -+ int i, n; -+ int explicit_policy; -+ int any_skip; -+ int map_skip; - *ptree = NULL; -+ n = sk_X509_num(certs); - -- /* Can't do anything with just a trust anchor */ -- if (n == 0) -- return X509_PCY_TREE_EMPTY; -+#if 0 -+ /* Disable policy mapping for now... */ -+ flags |= X509_V_FLAG_INHIBIT_MAP; -+#endif - -- /* -- * First setup the policy cache in all n non-TA certificates, this will be -- * used in X509_verify_cert() which will invoke the verify callback for all -- * certificates with invalid policy extensions. -- */ -- for (i = n - 1; i >= 0; i--) { -- X509 *x = sk_X509_value(certs, i); -+ if (flags & X509_V_FLAG_EXPLICIT_POLICY) -+ explicit_policy = 0; -+ else -+ explicit_policy = n + 1; - -- /* Call for side-effect of computing hash and caching extensions */ -- X509_check_purpose(x, -1, 0); -+ if (flags & X509_V_FLAG_INHIBIT_ANY) -+ any_skip = 0; -+ else -+ any_skip = n + 1; - -- /* If cache is NULL, likely ENOMEM: return immediately */ -- if (policy_cache_set(x) == NULL) -- return X509_PCY_TREE_INTERNAL; -- } -+ if (flags & X509_V_FLAG_INHIBIT_MAP) -+ map_skip = 0; -+ else -+ map_skip = n + 1; - -+ /* Can't do anything with just a trust anchor */ -+ if (n == 1) -+ return 1; - /* -- * At this point check for invalid policies and required explicit policy. -- * Note that the explicit_policy counter is a count-down to zero, with the -- * requirement kicking in if and once it does that. The counter is -- * decremented for every non-self-issued certificate in the path, but may -- * be further reduced by policy constraints in a non-leaf certificate. -- * -- * The ultimate policy set is the intersection of all the policies along -- * the path, if we hit a certificate with an empty policy set, and explicit -- * policy is required we're done. -+ * First setup policy cache in all certificates apart from the trust -+ * anchor. Note any bad cache results on the way. Also can calculate -+ * explicit_policy value at this point. - */ -- for (i = n - 1; -- i >= 0 && (explicit_policy > 0 || (ret & X509_PCY_TREE_EMPTY) == 0); -- i--) { -- X509 *x = sk_X509_value(certs, i); -- uint32_t ex_flags = X509_get_extension_flags(x); -- -- /* All the policies are already cached, we can return early */ -- if (ex_flags & EXFLAG_INVALID_POLICY) -- return X509_PCY_TREE_INVALID; -- -- /* Access the cache which we now know exists */ -+ for (i = n - 2; i >= 0; i--) { -+ x = sk_X509_value(certs, i); -+ X509_check_purpose(x, -1, -1); - cache = policy_cache_set(x); -- -- if ((ret & X509_PCY_TREE_VALID) && cache->data == NULL) -- ret = X509_PCY_TREE_EMPTY; -+ /* If cache NULL something bad happened: return immediately */ -+ if (cache == NULL) -+ return 0; -+ /* -+ * If inconsistent extensions keep a note of it but continue -+ */ -+ if (x->ex_flags & EXFLAG_INVALID_POLICY) -+ ret = -1; -+ /* -+ * Otherwise if we have no data (hence no CertificatePolicies) and -+ * haven't already set an inconsistent code note it. -+ */ -+ else if ((ret == 1) && !cache->data) -+ ret = 2; - if (explicit_policy > 0) { -- if (!(ex_flags & EXFLAG_SI)) -+ if (!(x->ex_flags & EXFLAG_SI)) - explicit_policy--; -- if ((cache->explicit_skip >= 0) -+ if ((cache->explicit_skip != -1) - && (cache->explicit_skip < explicit_policy)) - explicit_policy = cache->explicit_skip; - } - } - -- if (explicit_policy == 0) -- ret |= X509_PCY_TREE_EXPLICIT; -- if ((ret & X509_PCY_TREE_VALID) == 0) -+ if (ret != 1) { -+ if (ret == 2 && !explicit_policy) -+ return 6; - return ret; -+ } - - /* If we get this far initialize the tree */ -- if ((tree = OPENSSL_zalloc(sizeof(*tree))) == NULL) -- return X509_PCY_TREE_INTERNAL; - -- /* -- * http://tools.ietf.org/html/rfc5280#section-6.1.2, figure 3. -- * -- * The top level is implicitly for the trust anchor with valid expected -- * policies of anyPolicy. (RFC 5280 has the TA at depth 0 and the leaf at -- * depth n, we have the leaf at depth 0 and the TA at depth n). -- */ -- if ((tree->levels = OPENSSL_zalloc(sizeof(*tree->levels)*(n+1))) == NULL) { -+ tree = OPENSSL_malloc(sizeof(X509_POLICY_TREE)); -+ -+ if (!tree) -+ return 0; -+ -+ tree->flags = 0; -+ tree->levels = OPENSSL_malloc(sizeof(X509_POLICY_LEVEL) * n); -+ tree->nlevel = 0; -+ tree->extra_data = NULL; -+ tree->auth_policies = NULL; -+ tree->user_policies = NULL; -+ -+ if (!tree->levels) { - OPENSSL_free(tree); -- return X509_PCY_TREE_INTERNAL; -+ return 0; - } -- tree->nlevel = n+1; -+ -+ memset(tree->levels, 0, n * sizeof(X509_POLICY_LEVEL)); -+ -+ tree->nlevel = n; -+ - level = tree->levels; -- if ((data = policy_data_new(NULL, OBJ_nid2obj(NID_any_policy), 0)) == NULL) -- goto bad_tree; -- if (level_add_node(level, data, NULL, tree) == NULL) { -- policy_data_free(data); -- goto bad_tree; -- } - -- /* -- * In this pass initialize all the tree levels and whether anyPolicy and -- * policy mapping are inhibited at each level. -- */ -- for (i = n - 1; i >= 0; i--) { -- X509 *x = sk_X509_value(certs, i); -- uint32_t ex_flags = X509_get_extension_flags(x); -+ /* Root data: initialize to anyPolicy */ - -- /* Access the cache which we now know exists */ -- cache = policy_cache_set(x); -+ data = policy_data_new(NULL, OBJ_nid2obj(NID_any_policy), 0); - -- X509_up_ref(x); -- (++level)->cert = x; -+ if (!data || !level_add_node(level, data, NULL, tree)) -+ goto bad_tree; -+ -+ for (i = n - 2; i >= 0; i--) { -+ level++; -+ x = sk_X509_value(certs, i); -+ cache = policy_cache_set(x); -+ CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); -+ level->cert = x; - - if (!cache->anyPolicy) - level->flags |= X509_V_FLAG_INHIBIT_ANY; -@@ -206,57 +263,63 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, - /* Determine inhibit any and inhibit map flags */ - if (any_skip == 0) { - /* -- * Any matching allowed only if certificate is self issued and not -- * the last in the chain. -+ * Any matching allowed if certificate is self issued and not the -+ * last in the chain. - */ -- if (!(ex_flags & EXFLAG_SI) || (i == 0)) -+ if (!(x->ex_flags & EXFLAG_SI) || (i == 0)) - level->flags |= X509_V_FLAG_INHIBIT_ANY; - } else { -- if (!(ex_flags & EXFLAG_SI)) -+ if (!(x->ex_flags & EXFLAG_SI)) - any_skip--; -- if ((cache->any_skip >= 0) && (cache->any_skip < any_skip)) -+ if ((cache->any_skip >= 0) -+ && (cache->any_skip < any_skip)) - any_skip = cache->any_skip; - } - - if (map_skip == 0) - level->flags |= X509_V_FLAG_INHIBIT_MAP; - else { -- if (!(ex_flags & EXFLAG_SI)) -+ if (!(x->ex_flags & EXFLAG_SI)) - map_skip--; -- if ((cache->map_skip >= 0) && (cache->map_skip < map_skip)) -+ if ((cache->map_skip >= 0) -+ && (cache->map_skip < map_skip)) - map_skip = cache->map_skip; - } -+ - } - - *ptree = tree; -- return ret; -+ -+ if (explicit_policy) -+ return 1; -+ else -+ return 5; - - bad_tree: -+ - X509_policy_tree_free(tree); -- return X509_PCY_TREE_INTERNAL; -+ -+ return 0; -+ - } - --/* -- * Return value: 1 on success, 0 otherwise -- */ - static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, -- X509_POLICY_DATA *data) -+ const X509_POLICY_DATA *data) - { - X509_POLICY_LEVEL *last = curr - 1; -+ X509_POLICY_NODE *node; - int i, matched = 0; -- - /* Iterate through all in nodes linking matches */ - for (i = 0; i < sk_X509_POLICY_NODE_num(last->nodes); i++) { -- X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(last->nodes, i); -- -+ node = sk_X509_POLICY_NODE_value(last->nodes, i); - if (policy_node_match(last, node, data->valid_policy)) { -- if (level_add_node(curr, data, node, NULL) == NULL) -+ if (!level_add_node(curr, data, node, NULL)) - return 0; - matched = 1; - } - } - if (!matched && last->anyPolicy) { -- if (level_add_node(curr, data, last->anyPolicy, NULL) == NULL) -+ if (!level_add_node(curr, data, last->anyPolicy, NULL)) - return 0; - } - return 1; -@@ -265,17 +328,29 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, - /* - * This corresponds to RFC3280 6.1.3(d)(1): link any data from - * CertificatePolicies onto matching parent or anyPolicy if no match. -- * -- * Return value: 1 on success, 0 otherwise. - */ -+ - static int tree_link_nodes(X509_POLICY_LEVEL *curr, - const X509_POLICY_CACHE *cache) - { - int i; -+ X509_POLICY_DATA *data; - - for (i = 0; i < sk_X509_POLICY_DATA_num(cache->data); i++) { -- X509_POLICY_DATA *data = sk_X509_POLICY_DATA_value(cache->data, i); -- -+ data = sk_X509_POLICY_DATA_value(cache->data, i); -+ /* -+ * If a node is mapped any it doesn't have a corresponding -+ * CertificatePolicies entry. However such an identical node would -+ * be created if anyPolicy matching is enabled because there would be -+ * no match with the parent valid_policy_set. So we create link -+ * because then it will have the mapping flags right and we can prune -+ * it later. -+ */ -+#if 0 -+ if ((data->flags & POLICY_DATA_FLAG_MAPPED_ANY) -+ && !(curr->flags & X509_V_FLAG_INHIBIT_ANY)) -+ continue; -+#endif - /* Look for matching nodes in previous level */ - if (!tree_link_matching_nodes(curr, data)) - return 0; -@@ -286,38 +361,35 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr, - /* - * This corresponds to RFC3280 6.1.3(d)(2): Create new data for any unmatched - * policies in the parent and link to anyPolicy. -- * -- * Return value: 1 on success, 0 otherwise. - */ -+ - static int tree_add_unmatched(X509_POLICY_LEVEL *curr, - const X509_POLICY_CACHE *cache, - const ASN1_OBJECT *id, - X509_POLICY_NODE *node, X509_POLICY_TREE *tree) - { - X509_POLICY_DATA *data; -- - if (id == NULL) - id = node->data->valid_policy; - /* - * Create a new node with qualifiers from anyPolicy and id from unmatched - * node. - */ -- if ((data = policy_data_new(NULL, id, node_critical(node))) == NULL) -- return 0; -+ data = policy_data_new(NULL, id, node_critical(node)); - -+ if (data == NULL) -+ return 0; - /* Curr may not have anyPolicy */ - data->qualifier_set = cache->anyPolicy->qualifier_set; - data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; -- if (level_add_node(curr, data, node, tree) == NULL) { -+ if (!level_add_node(curr, data, node, tree)) { - policy_data_free(data); - return 0; - } -+ - return 1; - } - --/* -- * Return value: 1 on success, 0 otherwise. -- */ - static int tree_link_unmatched(X509_POLICY_LEVEL *curr, - const X509_POLICY_CACHE *cache, - X509_POLICY_NODE *node, X509_POLICY_TREE *tree) -@@ -348,17 +420,19 @@ static int tree_link_unmatched(X509_POLICY_LEVEL *curr, - } - - } -+ - return 1; -+ - } - --/* -- * Return value: 1 on success, 0 otherwise -- */ - static int tree_link_any(X509_POLICY_LEVEL *curr, - const X509_POLICY_CACHE *cache, - X509_POLICY_TREE *tree) - { - int i; -+ /* -+ * X509_POLICY_DATA *data; -+ */ - X509_POLICY_NODE *node; - X509_POLICY_LEVEL *last = curr - 1; - -@@ -367,24 +441,50 @@ static int tree_link_any(X509_POLICY_LEVEL *curr, - - if (!tree_link_unmatched(curr, cache, node, tree)) - return 0; -+ -+#if 0 -+ -+ /* -+ * Skip any node with any children: we only want unmathced nodes. -+ * Note: need something better for policy mapping because each node -+ * may have multiple children -+ */ -+ if (node->nchild) -+ continue; -+ -+ /* -+ * Create a new node with qualifiers from anyPolicy and id from -+ * unmatched node. -+ */ -+ data = policy_data_new(NULL, node->data->valid_policy, -+ node_critical(node)); -+ -+ if (data == NULL) -+ return 0; -+ /* Curr may not have anyPolicy */ -+ data->qualifier_set = cache->anyPolicy->qualifier_set; -+ data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; -+ if (!level_add_node(curr, data, node, tree)) { -+ policy_data_free(data); -+ return 0; -+ } -+#endif -+ - } - /* Finally add link to anyPolicy */ -- if (last->anyPolicy && -- level_add_node(curr, cache->anyPolicy, last->anyPolicy, NULL) == NULL) -- return 0; -+ if (last->anyPolicy) { -+ if (!level_add_node(curr, cache->anyPolicy, last->anyPolicy, NULL)) -+ return 0; -+ } - return 1; - } - --/*- -- * Prune the tree: delete any child mapped child data on the current level then -- * proceed up the tree deleting any data with no children. If we ever have no -- * data on a level we can halt because the tree will be empty. -- * -- * Return value: <= 0 error, otherwise one of: -- * -- * X509_PCY_TREE_VALID: valid tree -- * X509_PCY_TREE_EMPTY: empty tree -+/* -+ * Prune the tree: delete any child mapped child data on the current level -+ * then proceed up the tree deleting any data with no children. If we ever -+ * have no data on a level we can halt because the tree will be empty. - */ -+ - static int tree_prune(X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr) - { - STACK_OF(X509_POLICY_NODE) *nodes; -@@ -423,43 +523,41 @@ static int tree_prune(X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr) - if (curr == tree->levels) { - /* If we zapped anyPolicy at top then tree is empty */ - if (!curr->anyPolicy) -- return X509_PCY_TREE_EMPTY; -- break; -+ return 2; -+ return 1; - } - } -- return X509_PCY_TREE_VALID; -+ -+ return 1; -+ - } - --/* -- * Return value: 1 on success, 0 otherwise. -- */ - static int tree_add_auth_node(STACK_OF(X509_POLICY_NODE) **pnodes, - X509_POLICY_NODE *pcy) - { -- if (*pnodes == NULL && -- (*pnodes = policy_node_cmp_new()) == NULL) -- return 0; -- if (sk_X509_POLICY_NODE_find(*pnodes, pcy) != -1) -+ if (!*pnodes) { -+ *pnodes = policy_node_cmp_new(); -+ if (!*pnodes) -+ return 0; -+ } else if (sk_X509_POLICY_NODE_find(*pnodes, pcy) != -1) - return 1; -- return sk_X509_POLICY_NODE_push(*pnodes, pcy) != 0; --} - --#define TREE_CALC_FAILURE 0 --#define TREE_CALC_OK_NOFREE 1 --#define TREE_CALC_OK_DOFREE 2 -+ if (!sk_X509_POLICY_NODE_push(*pnodes, pcy)) -+ return 0; - --/*- -- * Calculate the authority set based on policy tree. The 'pnodes' parameter is -- * used as a store for the set of policy nodes used to calculate the user set. -- * If the authority set is not anyPolicy then pnodes will just point to the -- * authority set. If however the authority set is anyPolicy then the set of -- * valid policies (other than anyPolicy) is store in pnodes. -- * -- * Return value: -- * TREE_CALC_FAILURE on failure, -- * TREE_CALC_OK_NOFREE on success and pnodes need not be freed, -- * TREE_CALC_OK_DOFREE on success and pnodes needs to be freed -+ return 1; -+ -+} -+ -+/* -+ * Calculate the authority set based on policy tree. The 'pnodes' parameter -+ * is used as a store for the set of policy nodes used to calculate the user -+ * set. If the authority set is not anyPolicy then pnodes will just point to -+ * the authority set. If however the authority set is anyPolicy then the set -+ * of valid policies (other than anyPolicy) is store in pnodes. The return -+ * value of '2' is used in this case to indicate that pnodes should be freed. - */ -+ - static int tree_calculate_authority_set(X509_POLICY_TREE *tree, - STACK_OF(X509_POLICY_NODE) **pnodes) - { -@@ -472,7 +570,7 @@ static int tree_calculate_authority_set(X509_POLICY_TREE *tree, - /* If last level contains anyPolicy set is anyPolicy */ - if (curr->anyPolicy) { - if (!tree_add_auth_node(&tree->auth_policies, curr->anyPolicy)) -- return TREE_CALC_FAILURE; -+ return 0; - addnodes = pnodes; - } else - /* Add policies to authority set */ -@@ -484,31 +582,25 @@ static int tree_calculate_authority_set(X509_POLICY_TREE *tree, - * If no anyPolicy node on this this level it can't appear on lower - * levels so end search. - */ -- if ((anyptr = curr->anyPolicy) == NULL) -+ if (!(anyptr = curr->anyPolicy)) - break; - curr++; - for (j = 0; j < sk_X509_POLICY_NODE_num(curr->nodes); j++) { - node = sk_X509_POLICY_NODE_value(curr->nodes, j); - if ((node->parent == anyptr) -- && !tree_add_auth_node(addnodes, node)) { -- if (addnodes == pnodes) { -- sk_X509_POLICY_NODE_free(*pnodes); -- *pnodes = NULL; -- } -- return TREE_CALC_FAILURE; -- } -+ && !tree_add_auth_node(addnodes, node)) -+ return 0; - } - } -+ - if (addnodes == pnodes) -- return TREE_CALC_OK_DOFREE; -+ return 2; - - *pnodes = tree->auth_policies; -- return TREE_CALC_OK_NOFREE; -+ -+ return 1; - } - --/* -- * Return value: 1 on success, 0 otherwise. -- */ - static int tree_calculate_user_set(X509_POLICY_TREE *tree, - STACK_OF(ASN1_OBJECT) *policy_oids, - STACK_OF(X509_POLICY_NODE) *auth_nodes) -@@ -516,6 +608,7 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree, - int i; - X509_POLICY_NODE *node; - ASN1_OBJECT *oid; -+ - X509_POLICY_NODE *anyPolicy; - X509_POLICY_DATA *extra; - -@@ -523,6 +616,7 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree, - * Check if anyPolicy present in authority constrained policy set: this - * will happen if it is a leaf node. - */ -+ - if (sk_ASN1_OBJECT_num(policy_oids) <= 0) - return 1; - -@@ -547,7 +641,7 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree, - * from anyPolicy. - */ - extra = policy_data_new(NULL, oid, node_critical(anyPolicy)); -- if (extra == NULL) -+ if (!extra) - return 0; - extra->qualifier_set = anyPolicy->data->qualifier_set; - extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS -@@ -563,14 +657,9 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree, - return 0; - } - return 1; -+ - } - --/*- -- * Return value: <= 0 error, otherwise one of: -- * X509_PCY_TREE_VALID: valid tree -- * X509_PCY_TREE_EMPTY: empty tree -- * (see tree_prune()). -- */ - static int tree_evaluate(X509_POLICY_TREE *tree) - { - int ret, i; -@@ -580,19 +669,19 @@ static int tree_evaluate(X509_POLICY_TREE *tree) - for (i = 1; i < tree->nlevel; i++, curr++) { - cache = policy_cache_set(curr->cert); - if (!tree_link_nodes(curr, cache)) -- return X509_PCY_TREE_INTERNAL; -+ return 0; - - if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY) - && !tree_link_any(curr, cache, tree)) -- return X509_PCY_TREE_INTERNAL; --#ifdef OPENSSL_POLICY_DEBUG -+ return 0; - tree_print("before tree_prune()", tree, curr); --#endif - ret = tree_prune(tree, curr); -- if (ret != X509_PCY_TREE_VALID) -+ if (ret != 1) - return ret; - } -- return X509_PCY_TREE_VALID; -+ -+ return 1; -+ - } - - static void exnode_free(X509_POLICY_NODE *node) -@@ -613,12 +702,17 @@ void X509_policy_tree_free(X509_POLICY_TREE *tree) - sk_X509_POLICY_NODE_pop_free(tree->user_policies, exnode_free); - - for (i = 0, curr = tree->levels; i < tree->nlevel; i++, curr++) { -- X509_free(curr->cert); -- sk_X509_POLICY_NODE_pop_free(curr->nodes, policy_node_free); -- policy_node_free(curr->anyPolicy); -+ if (curr->cert) -+ X509_free(curr->cert); -+ if (curr->nodes) -+ sk_X509_POLICY_NODE_pop_free(curr->nodes, policy_node_free); -+ if (curr->anyPolicy) -+ policy_node_free(curr->anyPolicy); - } - -- sk_X509_POLICY_DATA_pop_free(tree->extra_data, policy_data_free); -+ if (tree->extra_data) -+ sk_X509_POLICY_DATA_pop_free(tree->extra_data, policy_data_free); -+ - OPENSSL_free(tree->levels); - OPENSSL_free(tree); - -@@ -627,70 +721,111 @@ void X509_policy_tree_free(X509_POLICY_TREE *tree) - /*- - * Application policy checking function. - * Return codes: -- * X509_PCY_TREE_FAILURE: Failure to satisfy explicit policy -- * X509_PCY_TREE_INVALID: Inconsistent or invalid extensions -- * X509_PCY_TREE_INTERNAL: Internal error, most likely malloc -- * X509_PCY_TREE_VALID: Success (null tree if empty or bare TA) -+ * 0 Internal Error. -+ * 1 Successful. -+ * -1 One or more certificates contain invalid or inconsistent extensions -+ * -2 User constrained policy set empty and requireExplicit true. - */ -+ - int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, - STACK_OF(X509) *certs, - STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags) - { -- int init_ret; - int ret; - X509_POLICY_TREE *tree = NULL; - STACK_OF(X509_POLICY_NODE) *nodes, *auth_nodes = NULL; -- - *ptree = NULL; -+ - *pexplicit_policy = 0; -- init_ret = tree_init(&tree, certs, flags); -+ ret = tree_init(&tree, certs, flags); - -- if (init_ret <= 0) -- return init_ret; -+ switch (ret) { - -- if ((init_ret & X509_PCY_TREE_EXPLICIT) == 0) { -- if (init_ret & X509_PCY_TREE_EMPTY) { -- X509_policy_tree_free(tree); -- return X509_PCY_TREE_VALID; -- } -- } else { -+ /* Tree empty requireExplicit False: OK */ -+ case 2: -+ return 1; -+ -+ /* Some internal error */ -+ case -1: -+ return -1; -+ -+ /* Some internal error */ -+ case 0: -+ return 0; -+ -+ /* Tree empty requireExplicit True: Error */ -+ -+ case 6: - *pexplicit_policy = 1; -- /* Tree empty and requireExplicit True: Error */ -- if (init_ret & X509_PCY_TREE_EMPTY) -- return X509_PCY_TREE_FAILURE; -+ return -2; -+ -+ /* Tree OK requireExplicit True: OK and continue */ -+ case 5: -+ *pexplicit_policy = 1; -+ break; -+ -+ /* Tree OK: continue */ -+ -+ case 1: -+ if (!tree) -+ /* -+ * tree_init() returns success and a null tree -+ * if it's just looking at a trust anchor. -+ * I'm not sure that returning success here is -+ * correct, but I'm sure that reporting this -+ * as an internal error which our caller -+ * interprets as a malloc failure is wrong. -+ */ -+ return 1; -+ break; - } - -+ if (!tree) -+ goto error; - ret = tree_evaluate(tree); --#ifdef OPENSSL_POLICY_DEBUG -+ - tree_print("tree_evaluate()", tree, NULL); --#endif -+ - if (ret <= 0) - goto error; - -- if (ret == X509_PCY_TREE_EMPTY) { -+ /* Return value 2 means tree empty */ -+ if (ret == 2) { - X509_policy_tree_free(tree); -- if (init_ret & X509_PCY_TREE_EXPLICIT) -- return X509_PCY_TREE_FAILURE; -- return X509_PCY_TREE_VALID; -+ if (*pexplicit_policy) -+ return -2; -+ else -+ return 1; - } - - /* Tree is not empty: continue */ -- if ((ret = tree_calculate_authority_set(tree, &auth_nodes)) == 0 || -- !tree_calculate_user_set(tree, policy_oids, auth_nodes)) -+ -+ ret = tree_calculate_authority_set(tree, &auth_nodes); -+ -+ if (!ret) - goto error; -- if (ret == TREE_CALC_OK_DOFREE) -+ -+ if (!tree_calculate_user_set(tree, policy_oids, auth_nodes)) -+ goto error; -+ -+ if (ret == 2) - sk_X509_POLICY_NODE_free(auth_nodes); - -- *ptree = tree; -+ if (tree) -+ *ptree = tree; - -- if (init_ret & X509_PCY_TREE_EXPLICIT) { -+ if (*pexplicit_policy) { - nodes = X509_policy_tree_get0_user_policies(tree); - if (sk_X509_POLICY_NODE_num(nodes) <= 0) -- return X509_PCY_TREE_FAILURE; -+ return -2; - } -- return X509_PCY_TREE_VALID; -+ -+ return 1; - - error: -+ - X509_policy_tree_free(tree); -- return X509_PCY_TREE_INTERNAL; -+ -+ return 0; -+ - } -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c -index ef1d775..1290dec 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c -@@ -1,10 +1,58 @@ - /* -- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Contributed to the OpenSSL Project by the American Registry for -+ * Internet Numbers ("ARIN"). -+ */ -+/* ==================================================================== -+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - */ - - /* -@@ -14,14 +62,12 @@ - #include - #include - --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include - #include - #include --#include "internal/x509_int.h" --#include "ext_dat.h" - - #ifndef OPENSSL_NO_RFC3779 - -@@ -52,7 +98,7 @@ ASN1_SEQUENCE(IPAddressFamily) = { - ASN1_ITEM_TEMPLATE(IPAddrBlocks) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, - IPAddrBlocks, IPAddressFamily) --static_ASN1_ITEM_TEMPLATE_END(IPAddrBlocks) -+ASN1_ITEM_TEMPLATE_END(IPAddrBlocks) - - IMPLEMENT_ASN1_FUNCTIONS(IPAddressRange) - IMPLEMENT_ASN1_FUNCTIONS(IPAddressOrRange) -@@ -62,7 +108,7 @@ IMPLEMENT_ASN1_FUNCTIONS(IPAddressFamily) - /* - * How much buffer space do we need for a raw address? - */ --#define ADDR_RAW_BUF_LEN 16 -+# define ADDR_RAW_BUF_LEN 16 - - /* - * What's the address length associated with this AFI? -@@ -82,7 +128,7 @@ static int length_from_afi(const unsigned afi) - /* - * Extract the AFI from an IPAddressFamily. - */ --unsigned int X509v3_addr_get_afi(const IPAddressFamily *f) -+unsigned int v3_addr_get_afi(const IPAddressFamily *f) - { - return ((f != NULL && - f->addressFamily != NULL && f->addressFamily->data != NULL) -@@ -117,7 +163,7 @@ static int addr_expand(unsigned char *addr, - /* - * Extract the prefix length from a bitstring. - */ --#define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7))) -+# define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7))) - - /* - * i2r handler for one address bitstring. -@@ -200,7 +246,7 @@ static int i2r_IPAddrBlocks(const X509V3_EXT_METHOD *method, - int i; - for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { - IPAddressFamily *f = sk_IPAddressFamily_value(addr, i); -- const unsigned int afi = X509v3_addr_get_afi(f); -+ const unsigned int afi = v3_addr_get_afi(f); - switch (afi) { - case IANA_AFI_IPV4: - BIO_printf(out, "%*sIPv4", indent, ""); -@@ -312,7 +358,7 @@ static int IPAddressOrRange_cmp(const IPAddressOrRange *a, - - /* - * IPv4-specific closure over IPAddressOrRange_cmp, since sk_sort() -- * comparison routines are only allowed two arguments. -+ * comparision routines are only allowed two arguments. - */ - static int v4IPAddressOrRange_cmp(const IPAddressOrRange *const *a, - const IPAddressOrRange *const *b) -@@ -322,7 +368,7 @@ static int v4IPAddressOrRange_cmp(const IPAddressOrRange *const *a, - - /* - * IPv6-specific closure over IPAddressOrRange_cmp, since sk_sort() -- * comparison routines are only allowed two arguments. -+ * comparision routines are only allowed two arguments. - */ - static int v6IPAddressOrRange_cmp(const IPAddressOrRange *const *a, - const IPAddressOrRange *const *b) -@@ -482,7 +528,7 @@ static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr, - { - IPAddressFamily *f; - unsigned char key[3]; -- int keylen; -+ unsigned keylen; - int i; - - key[0] = (afi >> 8) & 0xFF; -@@ -525,8 +571,8 @@ static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr, - /* - * Add an inheritance element. - */ --int X509v3_addr_add_inherit(IPAddrBlocks *addr, -- const unsigned afi, const unsigned *safi) -+int v3_addr_add_inherit(IPAddrBlocks *addr, -+ const unsigned afi, const unsigned *safi) - { - IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi); - if (f == NULL || -@@ -581,10 +627,10 @@ static IPAddressOrRanges *make_prefix_or_range(IPAddrBlocks *addr, - /* - * Add a prefix. - */ --int X509v3_addr_add_prefix(IPAddrBlocks *addr, -- const unsigned afi, -- const unsigned *safi, -- unsigned char *a, const int prefixlen) -+int v3_addr_add_prefix(IPAddrBlocks *addr, -+ const unsigned afi, -+ const unsigned *safi, -+ unsigned char *a, const int prefixlen) - { - IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi); - IPAddressOrRange *aor; -@@ -599,10 +645,10 @@ int X509v3_addr_add_prefix(IPAddrBlocks *addr, - /* - * Add a range. - */ --int X509v3_addr_add_range(IPAddrBlocks *addr, -- const unsigned afi, -- const unsigned *safi, -- unsigned char *min, unsigned char *max) -+int v3_addr_add_range(IPAddrBlocks *addr, -+ const unsigned afi, -+ const unsigned *safi, -+ unsigned char *min, unsigned char *max) - { - IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi); - IPAddressOrRange *aor; -@@ -639,10 +685,10 @@ static int extract_min_max(IPAddressOrRange *aor, - /* - * Public wrapper for extract_min_max(). - */ --int X509v3_addr_get_range(IPAddressOrRange *aor, -- const unsigned afi, -- unsigned char *min, -- unsigned char *max, const int length) -+int v3_addr_get_range(IPAddressOrRange *aor, -+ const unsigned afi, -+ unsigned char *min, -+ unsigned char *max, const int length) - { - int afi_length = length_from_afi(afi); - if (aor == NULL || min == NULL || max == NULL || -@@ -656,7 +702,7 @@ int X509v3_addr_get_range(IPAddressOrRange *aor, - } - - /* -- * Sort comparison function for a sequence of IPAddressFamily. -+ * Sort comparision function for a sequence of IPAddressFamily. - * - * The last paragraph of RFC 3779 2.2.3.3 is slightly ambiguous about - * the ordering: I can read it as meaning that IPv6 without a SAFI -@@ -678,7 +724,7 @@ static int IPAddressFamily_cmp(const IPAddressFamily *const *a_, - /* - * Check whether an IPAddrBLocks is in canonical form. - */ --int X509v3_addr_is_canonical(IPAddrBlocks *addr) -+int v3_addr_is_canonical(IPAddrBlocks *addr) - { - unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN]; - unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN]; -@@ -686,7 +732,7 @@ int X509v3_addr_is_canonical(IPAddrBlocks *addr) - int i, j, k; - - /* -- * Empty extension is canonical. -+ * Empty extension is cannonical. - */ - if (addr == NULL) - return 1; -@@ -706,7 +752,7 @@ int X509v3_addr_is_canonical(IPAddrBlocks *addr) - */ - for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { - IPAddressFamily *f = sk_IPAddressFamily_value(addr, i); -- int length = length_from_afi(X509v3_addr_get_afi(f)); -+ int length = length_from_afi(v3_addr_get_afi(f)); - - /* - * Inheritance is canonical. Anything other than inheritance or -@@ -849,8 +895,7 @@ static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors, - IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j); - if (a != NULL && a->type == IPAddressOrRange_addressRange) { - unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN]; -- if (!extract_min_max(a, a_min, a_max, length)) -- return 0; -+ extract_min_max(a, a_min, a_max, length); - if (memcmp(a_min, a_max, length) > 0) - return 0; - } -@@ -862,7 +907,7 @@ static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors, - /* - * Whack an IPAddrBlocks extension into canonical form. - */ --int X509v3_addr_canonize(IPAddrBlocks *addr) -+int v3_addr_canonize(IPAddrBlocks *addr) - { - int i; - for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { -@@ -870,12 +915,12 @@ int X509v3_addr_canonize(IPAddrBlocks *addr) - if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges && - !IPAddressOrRanges_canonize(f->ipAddressChoice-> - u.addressesOrRanges, -- X509v3_addr_get_afi(f))) -+ v3_addr_get_afi(f))) - return 0; - } - (void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp); - sk_IPAddressFamily_sort(addr); -- OPENSSL_assert(X509v3_addr_is_canonical(addr)); -+ OPENSSL_assert(v3_addr_is_canonical(addr)); - return 1; - } - -@@ -901,7 +946,7 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, - CONF_VALUE *val = sk_CONF_VALUE_value(values, i); - unsigned char min[ADDR_RAW_BUF_LEN], max[ADDR_RAW_BUF_LEN]; - unsigned afi, *safi = NULL, safi_; -- const char *addr_chars = NULL; -+ const char *addr_chars; - int prefixlen, i1, i2, delim, length; - - if (!name_cmp(val->name, "IPv4")) { -@@ -933,7 +978,7 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, - length = length_from_afi(afi); - - /* -- * Handle SAFI, if any, and OPENSSL_strdup() so we can null-terminate -+ * Handle SAFI, if any, and BUF_strdup() so we can null-terminate - * the other input values. - */ - if (safi != NULL) { -@@ -945,9 +990,9 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, - goto err; - } - t += strspn(t, " \t"); -- s = OPENSSL_strdup(t); -+ s = BUF_strdup(t); - } else { -- s = OPENSSL_strdup(val->value); -+ s = BUF_strdup(val->value); - } - if (s == NULL) { - X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); -@@ -958,8 +1003,8 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, - * Check for inheritance. Not worth additional complexity to - * optimize this (seldom-used) case. - */ -- if (strcmp(s, "inherit") == 0) { -- if (!X509v3_addr_add_inherit(addr, afi, safi)) { -+ if (!strcmp(s, "inherit")) { -+ if (!v3_addr_add_inherit(addr, afi, safi)) { - X509V3err(X509V3_F_V2I_IPADDRBLOCKS, - X509V3_R_INVALID_INHERITANCE); - X509V3_conf_err(val); -@@ -990,7 +1035,7 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, - X509V3_conf_err(val); - goto err; - } -- if (!X509v3_addr_add_prefix(addr, afi, safi, min, prefixlen)) { -+ if (!v3_addr_add_prefix(addr, afi, safi, min, prefixlen)) { - X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); - goto err; - } -@@ -1016,13 +1061,13 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, - X509V3_conf_err(val); - goto err; - } -- if (!X509v3_addr_add_range(addr, afi, safi, min, max)) { -+ if (!v3_addr_add_range(addr, afi, safi, min, max)) { - X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); - goto err; - } - break; - case '\0': -- if (!X509v3_addr_add_prefix(addr, afi, safi, min, length * 8)) { -+ if (!v3_addr_add_prefix(addr, afi, safi, min, length * 8)) { - X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); - goto err; - } -@@ -1041,7 +1086,7 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, - /* - * Canonize the result, then we're done. - */ -- if (!X509v3_addr_canonize(addr)) -+ if (!v3_addr_canonize(addr)) - goto err; - return addr; - -@@ -1071,7 +1116,7 @@ const X509V3_EXT_METHOD v3_addr = { - /* - * Figure out whether extension sues inheritance. - */ --int X509v3_addr_inherits(IPAddrBlocks *addr) -+int v3_addr_inherits(IPAddrBlocks *addr) - { - int i; - if (addr == NULL) -@@ -1124,12 +1169,12 @@ static int addr_contains(IPAddressOrRanges *parent, - /* - * Test whether a is a subset of b. - */ --int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b) -+int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b) - { - int i; - if (a == NULL || a == b) - return 1; -- if (b == NULL || X509v3_addr_inherits(a) || X509v3_addr_inherits(b)) -+ if (b == NULL || v3_addr_inherits(a) || v3_addr_inherits(b)) - return 0; - (void)sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp); - for (i = 0; i < sk_IPAddressFamily_num(a); i++) { -@@ -1141,7 +1186,7 @@ int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b) - return 0; - if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges, - fa->ipAddressChoice->u.addressesOrRanges, -- length_from_afi(X509v3_addr_get_afi(fb)))) -+ length_from_afi(v3_addr_get_afi(fb)))) - return 0; - } - return 1; -@@ -1150,7 +1195,7 @@ int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b) - /* - * Validation error handling via callback. - */ --#define validation_err(_err_) \ -+# define validation_err(_err_) \ - do { \ - if (ctx != NULL) { \ - ctx->error = _err_; \ -@@ -1172,9 +1217,9 @@ int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b) - * When returning 0, ctx->error MUST be set to an appropriate value other than - * X509_V_OK. - */ --static int addr_validate_path_internal(X509_STORE_CTX *ctx, -- STACK_OF(X509) *chain, -- IPAddrBlocks *ext) -+static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, -+ STACK_OF(X509) *chain, -+ IPAddrBlocks *ext) - { - IPAddrBlocks *child = NULL; - int i, j, ret = 1; -@@ -1199,11 +1244,11 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx, - if ((ext = x->rfc3779_addr) == NULL) - goto done; - } -- if (!X509v3_addr_is_canonical(ext)) -+ if (!v3_addr_is_canonical(ext)) - validation_err(X509_V_ERR_INVALID_EXTENSION); - (void)sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp); - if ((child = sk_IPAddressFamily_dup(ext)) == NULL) { -- X509V3err(X509V3_F_ADDR_VALIDATE_PATH_INTERNAL, -+ X509V3err(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL, - ERR_R_MALLOC_FAILURE); - ctx->error = X509_V_ERR_OUT_OF_MEM; - ret = 0; -@@ -1217,7 +1262,7 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx, - for (i++; i < sk_X509_num(chain); i++) { - x = sk_X509_value(chain, i); - OPENSSL_assert(x != NULL); -- if (!X509v3_addr_is_canonical(x->rfc3779_addr)) -+ if (!v3_addr_is_canonical(x->rfc3779_addr)) - validation_err(X509_V_ERR_INVALID_EXTENSION); - if (x->rfc3779_addr == NULL) { - for (j = 0; j < sk_IPAddressFamily_num(child); j++) { -@@ -1249,7 +1294,7 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx, - if (fc->ipAddressChoice->type == IPAddressChoice_inherit - || addr_contains(fp->ipAddressChoice->u.addressesOrRanges, - fc->ipAddressChoice->u.addressesOrRanges, -- length_from_afi(X509v3_addr_get_afi(fc)))) -+ length_from_afi(v3_addr_get_afi(fc)))) - sk_IPAddressFamily_set(child, j, fp); - else - validation_err(X509_V_ERR_UNNESTED_RESOURCE); -@@ -1276,30 +1321,30 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx, - return ret; - } - --#undef validation_err -+# undef validation_err - - /* - * RFC 3779 2.3 path validation -- called from X509_verify_cert(). - */ --int X509v3_addr_validate_path(X509_STORE_CTX *ctx) -+int v3_addr_validate_path(X509_STORE_CTX *ctx) - { -- return addr_validate_path_internal(ctx, ctx->chain, NULL); -+ return v3_addr_validate_path_internal(ctx, ctx->chain, NULL); - } - - /* - * RFC 3779 2.3 path validation of an extension. - * Test whether chain covers extension. - */ --int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain, -+int v3_addr_validate_resource_set(STACK_OF(X509) *chain, - IPAddrBlocks *ext, int allow_inheritance) - { - if (ext == NULL) - return 1; - if (chain == NULL || sk_X509_num(chain) == 0) - return 0; -- if (!allow_inheritance && X509v3_addr_inherits(ext)) -+ if (!allow_inheritance && v3_addr_inherits(ext)) - return 0; -- return addr_validate_path_internal(NULL, chain, ext); -+ return v3_addr_validate_path_internal(NULL, chain, ext); - } - - #endif /* OPENSSL_NO_RFC3779 */ -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c -index d9f7704..e920270 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c -@@ -1,19 +1,68 @@ -+/* v3_akey.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include - #include --#include "ext_dat.h" - - static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, - AUTHORITY_KEYID *akeyid, -@@ -41,14 +90,14 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, - { - char *tmp; - if (akeyid->keyid) { -- tmp = OPENSSL_buf2hexstr(akeyid->keyid->data, akeyid->keyid->length); -+ tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length); - X509V3_add_value("keyid", tmp, &extlist); - OPENSSL_free(tmp); - } - if (akeyid->issuer) - extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist); - if (akeyid->serial) { -- tmp = OPENSSL_buf2hexstr(akeyid->serial->data, akeyid->serial->length); -+ tmp = hex_to_string(akeyid->serial->data, akeyid->serial->length); - X509V3_add_value("serial", tmp, &extlist); - OPENSSL_free(tmp); - } -@@ -82,13 +131,13 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, - - for (i = 0; i < sk_CONF_VALUE_num(values); i++) { - cnf = sk_CONF_VALUE_value(values, i); -- if (strcmp(cnf->name, "keyid") == 0) { -+ if (!strcmp(cnf->name, "keyid")) { - keyid = 1; -- if (cnf->value && strcmp(cnf->value, "always") == 0) -+ if (cnf->value && !strcmp(cnf->value, "always")) - keyid = 2; -- } else if (strcmp(cnf->name, "issuer") == 0) { -+ } else if (!strcmp(cnf->name, "issuer")) { - issuer = 1; -- if (cnf->value && strcmp(cnf->value, "always") == 0) -+ if (cnf->value && !strcmp(cnf->value, "always")) - issuer = 2; - } else { - X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, X509V3_R_UNKNOWN_OPTION); -@@ -120,7 +169,7 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, - - if ((issuer && !ikeyid) || (issuer == 2)) { - isname = X509_NAME_dup(X509_get_issuer_name(cert)); -- serial = ASN1_INTEGER_dup(X509_get_serialNumber(cert)); -+ serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert)); - if (!isname || !serial) { - X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, - X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS); -@@ -128,12 +177,12 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, - } - } - -- if ((akeyid = AUTHORITY_KEYID_new()) == NULL) -+ if (!(akeyid = AUTHORITY_KEYID_new())) - goto err; - - if (isname) { -- if ((gens = sk_GENERAL_NAME_new_null()) == NULL -- || (gen = GENERAL_NAME_new()) == NULL -+ if (!(gens = sk_GENERAL_NAME_new_null()) -+ || !(gen = GENERAL_NAME_new()) - || !sk_GENERAL_NAME_push(gens, gen)) { - X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, ERR_R_MALLOC_FAILURE); - goto err; -@@ -143,18 +192,14 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, - } - - akeyid->issuer = gens; -- gen = NULL; -- gens = NULL; - akeyid->serial = serial; - akeyid->keyid = ikeyid; - - return akeyid; - - err: -- sk_GENERAL_NAME_free(gens); -- GENERAL_NAME_free(gen); - X509_NAME_free(isname); -- ASN1_INTEGER_free(serial); -- ASN1_OCTET_STRING_free(ikeyid); -+ M_ASN1_INTEGER_free(serial); -+ M_ASN1_OCTET_STRING_free(ikeyid); - return NULL; - } -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c -index d6dd6bc..2cc85b7 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c -@@ -1,14 +1,64 @@ -+/* v3_akey_asn1.c */ - /* -- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c -index 0364e33..7f1e71d 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c -@@ -1,17 +1,66 @@ -+/* v3_alt.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -+ * project. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include --#include "ext_dat.h" - - static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, -@@ -21,10 +70,10 @@ static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, - STACK_OF(CONF_VALUE) *nval); - static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p); - static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens); --static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx); --static int do_dirname(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx); -+static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx); -+static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx); - --const X509V3_EXT_METHOD v3_alt[3] = { -+const X509V3_EXT_METHOD v3_alt[] = { - {NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES), - 0, 0, 0, 0, - 0, 0, -@@ -158,7 +207,7 @@ int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen) - break; - - case GEN_DIRNAME: -- BIO_printf(out, "DirName:"); -+ BIO_printf(out, "DirName: "); - X509_NAME_print_ex(out, gen->d.dirn, 0, XN_FLAG_ONELINE); - break; - -@@ -180,7 +229,7 @@ int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen) - break; - - case GEN_RID: -- BIO_printf(out, "Registered ID:"); -+ BIO_printf(out, "Registered ID"); - i2a_ASN1_OBJECT(out, gen->d.rid); - break; - } -@@ -194,20 +243,19 @@ static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, - GENERAL_NAMES *gens = NULL; - CONF_VALUE *cnf; - int i; -- -- if ((gens = sk_GENERAL_NAME_new_null()) == NULL) { -+ if (!(gens = sk_GENERAL_NAME_new_null())) { - X509V3err(X509V3_F_V2I_ISSUER_ALT, ERR_R_MALLOC_FAILURE); - return NULL; - } - for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { - cnf = sk_CONF_VALUE_value(nval, i); -- if (!name_cmp(cnf->name, "issuer") -- && cnf->value && strcmp(cnf->value, "copy") == 0) { -+ if (!name_cmp(cnf->name, "issuer") && cnf->value && -+ !strcmp(cnf->value, "copy")) { - if (!copy_issuer(ctx, gens)) - goto err; - } else { - GENERAL_NAME *gen; -- if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL) -+ if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) - goto err; - sk_GENERAL_NAME_push(gens, gen); - } -@@ -226,7 +274,6 @@ static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens) - GENERAL_NAME *gen; - X509_EXTENSION *ext; - int i; -- - if (ctx && (ctx->flags == CTX_TEST)) - return 1; - if (!ctx || !ctx->issuer_cert) { -@@ -236,8 +283,8 @@ static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens) - i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1); - if (i < 0) - return 1; -- if ((ext = X509_get_ext(ctx->issuer_cert, i)) == NULL -- || (ialt = X509V3_EXT_d2i(ext)) == NULL) { -+ if (!(ext = X509_get_ext(ctx->issuer_cert, i)) || -+ !(ialt = X509V3_EXT_d2i(ext))) { - X509V3err(X509V3_F_COPY_ISSUER, X509V3_R_ISSUER_DECODE_ERROR); - goto err; - } -@@ -265,24 +312,23 @@ static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, - GENERAL_NAMES *gens = NULL; - CONF_VALUE *cnf; - int i; -- -- if ((gens = sk_GENERAL_NAME_new_null()) == NULL) { -+ if (!(gens = sk_GENERAL_NAME_new_null())) { - X509V3err(X509V3_F_V2I_SUBJECT_ALT, ERR_R_MALLOC_FAILURE); - return NULL; - } - for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { - cnf = sk_CONF_VALUE_value(nval, i); -- if (!name_cmp(cnf->name, "email") -- && cnf->value && strcmp(cnf->value, "copy") == 0) { -+ if (!name_cmp(cnf->name, "email") && cnf->value && -+ !strcmp(cnf->value, "copy")) { - if (!copy_email(ctx, gens, 0)) - goto err; -- } else if (!name_cmp(cnf->name, "email") -- && cnf->value && strcmp(cnf->value, "move") == 0) { -+ } else if (!name_cmp(cnf->name, "email") && cnf->value && -+ !strcmp(cnf->value, "move")) { - if (!copy_email(ctx, gens, 1)) - goto err; - } else { - GENERAL_NAME *gen; -- if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL) -+ if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) - goto err; - sk_GENERAL_NAME_push(gens, gen); - } -@@ -321,13 +367,13 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p) - while ((i = X509_NAME_get_index_by_NID(nm, - NID_pkcs9_emailAddress, i)) >= 0) { - ne = X509_NAME_get_entry(nm, i); -- email = ASN1_STRING_dup(X509_NAME_ENTRY_get_data(ne)); -+ email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne)); - if (move_p) { - X509_NAME_delete_entry(nm, i); - X509_NAME_ENTRY_free(ne); - i--; - } -- if (email == NULL || (gen = GENERAL_NAME_new()) == NULL) { -+ if (!email || !(gen = GENERAL_NAME_new())) { - X509V3err(X509V3_F_COPY_EMAIL, ERR_R_MALLOC_FAILURE); - goto err; - } -@@ -345,7 +391,7 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p) - - err: - GENERAL_NAME_free(gen); -- ASN1_IA5STRING_free(email); -+ M_ASN1_IA5STRING_free(email); - return 0; - - } -@@ -357,14 +403,13 @@ GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method, - GENERAL_NAMES *gens = NULL; - CONF_VALUE *cnf; - int i; -- -- if ((gens = sk_GENERAL_NAME_new_null()) == NULL) { -+ if (!(gens = sk_GENERAL_NAME_new_null())) { - X509V3err(X509V3_F_V2I_GENERAL_NAMES, ERR_R_MALLOC_FAILURE); - return NULL; - } - for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { - cnf = sk_CONF_VALUE_value(nval, i); -- if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL) -+ if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) - goto err; - sk_GENERAL_NAME_push(gens, gen); - } -@@ -382,7 +427,7 @@ GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, - - GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, - const X509V3_EXT_METHOD *method, -- X509V3_CTX *ctx, int gen_type, const char *value, -+ X509V3_CTX *ctx, int gen_type, char *value, - int is_nc) - { - char is_string = 0; -@@ -413,7 +458,7 @@ GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, - case GEN_RID: - { - ASN1_OBJECT *obj; -- if ((obj = OBJ_txt2obj(value, 0)) == NULL) { -+ if (!(obj = OBJ_txt2obj(value, 0))) { - X509V3err(X509V3_F_A2I_GENERAL_NAME, X509V3_R_BAD_OBJECT); - ERR_add_error_data(2, "value=", value); - goto err; -@@ -453,7 +498,7 @@ GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, - } - - if (is_string) { -- if ((gen->d.ia5 = ASN1_IA5STRING_new()) == NULL || -+ if (!(gen->d.ia5 = M_ASN1_IA5STRING_new()) || - !ASN1_STRING_set(gen->d.ia5, (unsigned char *)value, - strlen(value))) { - X509V3err(X509V3_F_A2I_GENERAL_NAME, ERR_R_MALLOC_FAILURE); -@@ -511,26 +556,27 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, - - } - --static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx) -+static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) - { - char *objtmp = NULL, *p; - int objlen; -- -- if ((p = strchr(value, ';')) == NULL) -+ if (!(p = strchr(value, ';'))) - return 0; -- if ((gen->d.otherName = OTHERNAME_new()) == NULL) -+ if (!(gen->d.otherName = OTHERNAME_new())) - return 0; - /* - * Free this up because we will overwrite it. no need to free type_id - * because it is static - */ - ASN1_TYPE_free(gen->d.otherName->value); -- if ((gen->d.otherName->value = ASN1_generate_v3(p + 1, ctx)) == NULL) -+ if (!(gen->d.otherName->value = ASN1_generate_v3(p + 1, ctx))) - return 0; - objlen = p - value; -- objtmp = OPENSSL_strndup(value, objlen); -+ objtmp = OPENSSL_malloc(objlen + 1); - if (objtmp == NULL) - return 0; -+ strncpy(objtmp, value, objlen); -+ objtmp[objlen] = 0; - gen->d.otherName->type_id = OBJ_txt2obj(objtmp, 0); - OPENSSL_free(objtmp); - if (!gen->d.otherName->type_id) -@@ -538,13 +584,12 @@ static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx) - return 1; - } - --static int do_dirname(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx) -+static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) - { - int ret = 0; - STACK_OF(CONF_VALUE) *sk = NULL; -- X509_NAME *nm; -- -- if ((nm = X509_NAME_new()) == NULL) -+ X509_NAME *nm = NULL; -+ if (!(nm = X509_NAME_new())) - goto err; - sk = X509V3_get_section(ctx, value); - if (!sk) { -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c -index af4fcf4..2a32c9d 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c -@@ -1,10 +1,58 @@ - /* -- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Contributed to the OpenSSL Project by the American Registry for -+ * Internet Numbers ("ARIN"). -+ */ -+/* ==================================================================== -+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - */ - - /* -@@ -13,15 +61,13 @@ - - #include - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include - #include - #include --#include "internal/x509_int.h" - #include --#include "ext_dat.h" - - #ifndef OPENSSL_NO_RFC3779 - -@@ -116,7 +162,7 @@ static int i2r_ASIdentifiers(const X509V3_EXT_METHOD *method, - } - - /* -- * Sort comparison function for a sequence of ASIdOrRange elements. -+ * Sort comparision function for a sequence of ASIdOrRange elements. - */ - static int ASIdOrRange_cmp(const ASIdOrRange *const *a_, - const ASIdOrRange *const *b_) -@@ -149,7 +195,7 @@ static int ASIdOrRange_cmp(const ASIdOrRange *const *a_, - /* - * Add an inherit element. - */ --int X509v3_asid_add_inherit(ASIdentifiers *asid, int which) -+int v3_asid_add_inherit(ASIdentifiers *asid, int which) - { - ASIdentifierChoice **choice; - if (asid == NULL) -@@ -178,8 +224,8 @@ int X509v3_asid_add_inherit(ASIdentifiers *asid, int which) - /* - * Add an ID or range to an ASIdentifierChoice. - */ --int X509v3_asid_add_id_or_range(ASIdentifiers *asid, -- int which, ASN1_INTEGER *min, ASN1_INTEGER *max) -+int v3_asid_add_id_or_range(ASIdentifiers *asid, -+ int which, ASN1_INTEGER *min, ASN1_INTEGER *max) - { - ASIdentifierChoice **choice; - ASIdOrRange *aor; -@@ -276,8 +322,7 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) - for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) { - ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); - ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1); -- ASN1_INTEGER *a_min = NULL, *a_max = NULL, *b_min = NULL, *b_max = -- NULL; -+ ASN1_INTEGER *a_min, *a_max, *b_min, *b_max; - - extract_min_max(a, &a_min, &a_max); - extract_min_max(b, &b_min, &b_max); -@@ -335,7 +380,7 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) - /* - * Check whether an ASIdentifier extension is in canonical form. - */ --int X509v3_asid_is_canonical(ASIdentifiers *asid) -+int v3_asid_is_canonical(ASIdentifiers *asid) - { - return (asid == NULL || - (ASIdentifierChoice_is_canonical(asid->asnum) && -@@ -379,8 +424,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) - for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) { - ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); - ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1); -- ASN1_INTEGER *a_min = NULL, *a_max = NULL, *b_min = NULL, *b_max = -- NULL; -+ ASN1_INTEGER *a_min, *a_max, *b_min, *b_max; - - extract_min_max(a, &a_min, &a_max); - extract_min_max(b, &b_min, &b_max); -@@ -426,7 +470,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) - ASRange *r; - switch (a->type) { - case ASIdOrRange_id: -- if ((r = OPENSSL_malloc(sizeof(*r))) == NULL) { -+ if ((r = OPENSSL_malloc(sizeof(ASRange))) == NULL) { - X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, - ERR_R_MALLOC_FAILURE); - goto done; -@@ -483,7 +527,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) - /* - * Whack an ASIdentifier extension into canonical form. - */ --int X509v3_asid_canonize(ASIdentifiers *asid) -+int v3_asid_canonize(ASIdentifiers *asid) - { - return (asid == NULL || - (ASIdentifierChoice_canonize(asid->asnum) && -@@ -508,7 +552,7 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method, - - for (i = 0; i < sk_CONF_VALUE_num(values); i++) { - CONF_VALUE *val = sk_CONF_VALUE_value(values, i); -- int i1 = 0, i2 = 0, i3 = 0, is_range = 0, which = 0; -+ int i1, i2, i3, is_range, which; - - /* - * Figure out whether this is an AS or an RDI. -@@ -527,8 +571,8 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method, - /* - * Handle inheritance. - */ -- if (strcmp(val->value, "inherit") == 0) { -- if (X509v3_asid_add_inherit(asid, which)) -+ if (!strcmp(val->value, "inherit")) { -+ if (v3_asid_add_inherit(asid, which)) - continue; - X509V3err(X509V3_F_V2I_ASIDENTIFIERS, - X509V3_R_INVALID_INHERITANCE); -@@ -571,7 +615,7 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method, - goto err; - } - } else { -- char *s = OPENSSL_strdup(val->value); -+ char *s = BUF_strdup(val->value); - if (s == NULL) { - X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE); - goto err; -@@ -590,7 +634,7 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method, - goto err; - } - } -- if (!X509v3_asid_add_id_or_range(asid, which, min, max)) { -+ if (!v3_asid_add_id_or_range(asid, which, min, max)) { - X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE); - goto err; - } -@@ -600,7 +644,7 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method, - /* - * Canonize the result, then we're done. - */ -- if (!X509v3_asid_canonize(asid)) -+ if (!v3_asid_canonize(asid)) - goto err; - return asid; - -@@ -631,7 +675,7 @@ const X509V3_EXT_METHOD v3_asid = { - /* - * Figure out whether extension uses inheritance. - */ --int X509v3_asid_inherits(ASIdentifiers *asid) -+int v3_asid_inherits(ASIdentifiers *asid) - { - return (asid != NULL && - ((asid->asnum != NULL && -@@ -645,7 +689,7 @@ int X509v3_asid_inherits(ASIdentifiers *asid) - */ - static int asid_contains(ASIdOrRanges *parent, ASIdOrRanges *child) - { -- ASN1_INTEGER *p_min = NULL, *p_max = NULL, *c_min = NULL, *c_max = NULL; -+ ASN1_INTEGER *p_min, *p_max, *c_min, *c_max; - int p, c; - - if (child == NULL || parent == child) -@@ -672,15 +716,15 @@ static int asid_contains(ASIdOrRanges *parent, ASIdOrRanges *child) - } - - /* -- * Test whether a is a subset of b. -+ * Test whether a is a subet of b. - */ --int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b) -+int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b) - { - return (a == NULL || - a == b || - (b != NULL && -- !X509v3_asid_inherits(a) && -- !X509v3_asid_inherits(b) && -+ !v3_asid_inherits(a) && -+ !v3_asid_inherits(b) && - asid_contains(b->asnum->u.asIdsOrRanges, - a->asnum->u.asIdsOrRanges) && - asid_contains(b->rdi->u.asIdsOrRanges, -@@ -690,7 +734,7 @@ int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b) - /* - * Validation error handling via callback. - */ --#define validation_err(_err_) \ -+# define validation_err(_err_) \ - do { \ - if (ctx != NULL) { \ - ctx->error = _err_; \ -@@ -707,9 +751,9 @@ int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b) - /* - * Core code for RFC 3779 3.3 path validation. - */ --static int asid_validate_path_internal(X509_STORE_CTX *ctx, -- STACK_OF(X509) *chain, -- ASIdentifiers *ext) -+static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx, -+ STACK_OF(X509) *chain, -+ ASIdentifiers *ext) - { - ASIdOrRanges *child_as = NULL, *child_rdi = NULL; - int i, ret = 1, inherit_as = 0, inherit_rdi = 0; -@@ -734,7 +778,7 @@ static int asid_validate_path_internal(X509_STORE_CTX *ctx, - if ((ext = x->rfc3779_asid) == NULL) - goto done; - } -- if (!X509v3_asid_is_canonical(ext)) -+ if (!v3_asid_is_canonical(ext)) - validation_err(X509_V_ERR_INVALID_EXTENSION); - if (ext->asnum != NULL) { - switch (ext->asnum->type) { -@@ -769,7 +813,7 @@ static int asid_validate_path_internal(X509_STORE_CTX *ctx, - validation_err(X509_V_ERR_UNNESTED_RESOURCE); - continue; - } -- if (!X509v3_asid_is_canonical(x->rfc3779_asid)) -+ if (!v3_asid_is_canonical(x->rfc3779_asid)) - validation_err(X509_V_ERR_INVALID_EXTENSION); - if (x->rfc3779_asid->asnum == NULL && child_as != NULL) { - validation_err(X509_V_ERR_UNNESTED_RESOURCE); -@@ -823,30 +867,30 @@ static int asid_validate_path_internal(X509_STORE_CTX *ctx, - return ret; - } - --#undef validation_err -+# undef validation_err - - /* - * RFC 3779 3.3 path validation -- called from X509_verify_cert(). - */ --int X509v3_asid_validate_path(X509_STORE_CTX *ctx) -+int v3_asid_validate_path(X509_STORE_CTX *ctx) - { -- return asid_validate_path_internal(ctx, ctx->chain, NULL); -+ return v3_asid_validate_path_internal(ctx, ctx->chain, NULL); - } - - /* - * RFC 3779 3.3 path validation of an extension. - * Test whether chain covers extension. - */ --int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain, -- ASIdentifiers *ext, int allow_inheritance) -+int v3_asid_validate_resource_set(STACK_OF(X509) *chain, -+ ASIdentifiers *ext, int allow_inheritance) - { - if (ext == NULL) - return 1; - if (chain == NULL || sk_X509_num(chain) == 0) - return 0; -- if (!allow_inheritance && X509v3_asid_inherits(ext)) -+ if (!allow_inheritance && v3_asid_inherits(ext)) - return 0; -- return asid_validate_path_internal(NULL, chain, ext); -+ return v3_asid_validate_path_internal(NULL, chain, ext); - } - - #endif /* OPENSSL_NO_RFC3779 */ -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c -index 3bbf155..dc00b9c 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c -@@ -1,19 +1,68 @@ -+/* v3_bcons.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include - #include --#include "ext_dat.h" - - static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, - BASIC_CONSTRAINTS *bcons, -@@ -58,17 +107,16 @@ static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, - BASIC_CONSTRAINTS *bcons = NULL; - CONF_VALUE *val; - int i; -- -- if ((bcons = BASIC_CONSTRAINTS_new()) == NULL) { -+ if (!(bcons = BASIC_CONSTRAINTS_new())) { - X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, ERR_R_MALLOC_FAILURE); - return NULL; - } - for (i = 0; i < sk_CONF_VALUE_num(values); i++) { - val = sk_CONF_VALUE_value(values, i); -- if (strcmp(val->name, "CA") == 0) { -+ if (!strcmp(val->name, "CA")) { - if (!X509V3_get_value_bool(val, &bcons->ca)) - goto err; -- } else if (strcmp(val->name, "pathlen") == 0) { -+ } else if (!strcmp(val->name, "pathlen")) { - if (!X509V3_get_value_int(val, &bcons->pathlen)) - goto err; - } else { -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c -index 4802116..b7bb3b5 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c -@@ -1,17 +1,66 @@ -+/* v3_bitst.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include --#include "ext_dat.h" - - static BIT_STRING_BITNAME ns_cert_type_table[] = { - {0, "SSL Client", "client"}, -@@ -63,19 +112,19 @@ ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, - ASN1_BIT_STRING *bs; - int i; - BIT_STRING_BITNAME *bnam; -- if ((bs = ASN1_BIT_STRING_new()) == NULL) { -+ if (!(bs = M_ASN1_BIT_STRING_new())) { - X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, ERR_R_MALLOC_FAILURE); - return NULL; - } - for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { - val = sk_CONF_VALUE_value(nval, i); - for (bnam = method->usr_data; bnam->lname; bnam++) { -- if (strcmp(bnam->sname, val->name) == 0 -- || strcmp(bnam->lname, val->name) == 0) { -+ if (!strcmp(bnam->sname, val->name) || -+ !strcmp(bnam->lname, val->name)) { - if (!ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1)) { - X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, - ERR_R_MALLOC_FAILURE); -- ASN1_BIT_STRING_free(bs); -+ M_ASN1_BIT_STRING_free(bs); - return NULL; - } - break; -@@ -85,7 +134,7 @@ ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, - X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, - X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT); - X509V3_conf_err(val); -- ASN1_BIT_STRING_free(bs); -+ M_ASN1_BIT_STRING_free(bs); - return NULL; - } - } -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c -index f625ff5..c1b4c1a 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c -@@ -1,40 +1,88 @@ -+/* v3_conf.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ -- - /* extension creation utilities */ - - #include - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include --#include "internal/x509_int.h" - #include - --static int v3_check_critical(const char **value); --static int v3_check_generic(const char **value); -+static int v3_check_critical(char **value); -+static int v3_check_generic(char **value); - static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, -- int crit, const char *value); --static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value, -+ int crit, char *value); -+static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, - int crit, int type, - X509V3_CTX *ctx); --static char *conf_lhash_get_string(void *db, const char *section, const char *value); --static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, const char *section); -+static char *conf_lhash_get_string(void *db, char *section, char *value); -+static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section); - static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, - int ext_nid, int crit, void *ext_struc); --static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx, -+static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, - long *ext_len); - /* CONF *conf: Config file */ - /* char *name: Name */ - /* char *value: Value */ --X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name, -- const char *value) -+X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, -+ char *value) - { - int crit; - int ext_type; -@@ -53,7 +101,7 @@ X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name, - /* CONF *conf: Config file */ - /* char *value: Value */ - X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, -- const char *value) -+ char *value) - { - int crit; - int ext_type; -@@ -67,18 +115,17 @@ X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, - /* CONF *conf: Config file */ - /* char *value: Value */ - static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, -- int crit, const char *value) -+ int crit, char *value) - { - const X509V3_EXT_METHOD *method; - X509_EXTENSION *ext; - STACK_OF(CONF_VALUE) *nval; - void *ext_struc; -- - if (ext_nid == NID_undef) { - X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_UNKNOWN_EXTENSION_NAME); - return NULL; - } -- if ((method = X509V3_EXT_get_nid(ext_nid)) == NULL) { -+ if (!(method = X509V3_EXT_get_nid(ext_nid))) { - X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_UNKNOWN_EXTENSION); - return NULL; - } -@@ -94,7 +141,7 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, - ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", - value); - if (*value != '@') -- sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); -+ sk_CONF_VALUE_free(nval); - return NULL; - } - ext_struc = method->v2i(method, ctx, nval); -@@ -103,14 +150,14 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, - if (!ext_struc) - return NULL; - } else if (method->s2i) { -- if ((ext_struc = method->s2i(method, ctx, value)) == NULL) -+ if (!(ext_struc = method->s2i(method, ctx, value))) - return NULL; - } else if (method->r2i) { - if (!ctx->db || !ctx->db_meth) { - X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_NO_CONFIG_DATABASE); - return NULL; - } -- if ((ext_struc = method->r2i(method, ctx, value)) == NULL) -+ if (!(ext_struc = method->r2i(method, ctx, value))) - return NULL; - } else { - X509V3err(X509V3_F_DO_EXT_NCONF, -@@ -131,9 +178,9 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, - static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, - int ext_nid, int crit, void *ext_struc) - { -- unsigned char *ext_der = NULL; -+ unsigned char *ext_der; - int ext_len; -- ASN1_OCTET_STRING *ext_oct = NULL; -+ ASN1_OCTET_STRING *ext_oct; - X509_EXTENSION *ext; - /* Convert internal representation to DER */ - if (method->it) { -@@ -144,30 +191,26 @@ static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, - goto merr; - } else { - unsigned char *p; -- - ext_len = method->i2d(ext_struc, NULL); -- if ((ext_der = OPENSSL_malloc(ext_len)) == NULL) -+ if (!(ext_der = OPENSSL_malloc(ext_len))) - goto merr; - p = ext_der; - method->i2d(ext_struc, &p); - } -- if ((ext_oct = ASN1_OCTET_STRING_new()) == NULL) -+ if (!(ext_oct = M_ASN1_OCTET_STRING_new())) - goto merr; - ext_oct->data = ext_der; -- ext_der = NULL; - ext_oct->length = ext_len; - - ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct); - if (!ext) - goto merr; -- ASN1_OCTET_STRING_free(ext_oct); -+ M_ASN1_OCTET_STRING_free(ext_oct); - - return ext; - - merr: - X509V3err(X509V3_F_DO_EXT_I2D, ERR_R_MALLOC_FAILURE); -- OPENSSL_free(ext_der); -- ASN1_OCTET_STRING_free(ext_oct); - return NULL; - - } -@@ -177,8 +220,7 @@ static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, - X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc) - { - const X509V3_EXT_METHOD *method; -- -- if ((method = X509V3_EXT_get_nid(ext_nid)) == NULL) { -+ if (!(method = X509V3_EXT_get_nid(ext_nid))) { - X509V3err(X509V3_F_X509V3_EXT_I2D, X509V3_R_UNKNOWN_EXTENSION); - return NULL; - } -@@ -186,9 +228,9 @@ X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc) - } - - /* Check the extension string for critical flag */ --static int v3_check_critical(const char **value) -+static int v3_check_critical(char **value) - { -- const char *p = *value; -+ char *p = *value; - if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) - return 0; - p += 9; -@@ -199,14 +241,14 @@ static int v3_check_critical(const char **value) - } - - /* Check extension string for generic extension and return the type */ --static int v3_check_generic(const char **value) -+static int v3_check_generic(char **value) - { - int gen_type = 0; -- const char *p = *value; -- if ((strlen(p) >= 4) && strncmp(p, "DER:", 4) == 0) { -+ char *p = *value; -+ if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) { - p += 4; - gen_type = 1; -- } else if ((strlen(p) >= 5) && strncmp(p, "ASN1:", 5) == 0) { -+ } else if ((strlen(p) >= 5) && !strncmp(p, "ASN1:", 5)) { - p += 5; - gen_type = 2; - } else -@@ -219,17 +261,16 @@ static int v3_check_generic(const char **value) - } - - /* Create a generic extension: for now just handle DER type */ --static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value, -+static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, - int crit, int gen_type, - X509V3_CTX *ctx) - { - unsigned char *ext_der = NULL; -- long ext_len = 0; -+ long ext_len; - ASN1_OBJECT *obj = NULL; - ASN1_OCTET_STRING *oct = NULL; - X509_EXTENSION *extension = NULL; -- -- if ((obj = OBJ_txt2obj(ext, 0)) == NULL) { -+ if (!(obj = OBJ_txt2obj(ext, 0))) { - X509V3err(X509V3_F_V3_GENERIC_EXTENSION, - X509V3_R_EXTENSION_NAME_ERROR); - ERR_add_error_data(2, "name=", ext); -@@ -237,7 +278,7 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value, - } - - if (gen_type == 1) -- ext_der = OPENSSL_hexstr2buf(value, &ext_len); -+ ext_der = string_to_hex(value, &ext_len); - else if (gen_type == 2) - ext_der = generic_asn1(value, ctx, &ext_len); - -@@ -248,7 +289,7 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value, - goto err; - } - -- if ((oct = ASN1_OCTET_STRING_new()) == NULL) { -+ if (!(oct = M_ASN1_OCTET_STRING_new())) { - X509V3err(X509V3_F_V3_GENERIC_EXTENSION, ERR_R_MALLOC_FAILURE); - goto err; - } -@@ -261,13 +302,14 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value, - - err: - ASN1_OBJECT_free(obj); -- ASN1_OCTET_STRING_free(oct); -- OPENSSL_free(ext_der); -+ M_ASN1_OCTET_STRING_free(oct); -+ if (ext_der) -+ OPENSSL_free(ext_der); - return extension; - - } - --static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx, -+static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, - long *ext_len) - { - ASN1_TYPE *typ; -@@ -280,39 +322,24 @@ static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx, - return ext_der; - } - --static void delete_ext(STACK_OF(X509_EXTENSION) *sk, X509_EXTENSION *dext) --{ -- int idx; -- ASN1_OBJECT *obj; -- obj = X509_EXTENSION_get_object(dext); -- while ((idx = X509v3_get_ext_by_OBJ(sk, obj, -1)) >= 0) { -- X509_EXTENSION *tmpext = X509v3_get_ext(sk, idx); -- X509v3_delete_ext(sk, idx); -- X509_EXTENSION_free(tmpext); -- } --} -- - /* - * This is the main function: add a bunch of extensions based on a config - * file section to an extension STACK. - */ - --int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section, -+int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, - STACK_OF(X509_EXTENSION) **sk) - { - X509_EXTENSION *ext; - STACK_OF(CONF_VALUE) *nval; - CONF_VALUE *val; - int i; -- -- if ((nval = NCONF_get_section(conf, section)) == NULL) -+ if (!(nval = NCONF_get_section(conf, section))) - return 0; - for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { - val = sk_CONF_VALUE_value(nval, i); -- if ((ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value)) == NULL) -+ if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value))) - return 0; -- if (ctx->flags == X509V3_CTX_REPLACE) -- delete_ext(*sk, ext); - if (sk) - X509v3_add_ext(sk, ext, -1); - X509_EXTENSION_free(ext); -@@ -324,29 +351,29 @@ int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section, - * Convenience functions to add extensions to a certificate, CRL and request - */ - --int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, -+int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, - X509 *cert) - { - STACK_OF(X509_EXTENSION) **sk = NULL; - if (cert) -- sk = &cert->cert_info.extensions; -+ sk = &cert->cert_info->extensions; - return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); - } - - /* Same as above but for a CRL */ - --int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, -+int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, - X509_CRL *crl) - { - STACK_OF(X509_EXTENSION) **sk = NULL; - if (crl) -- sk = &crl->crl.extensions; -+ sk = &crl->crl->extensions; - return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); - } - - /* Add extensions to certificate request */ - --int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, -+int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, - X509_REQ *req) - { - STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL; -@@ -363,7 +390,7 @@ int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, - - /* Config database functions */ - --char *X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section) -+char *X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) - { - if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) { - X509V3err(X509V3_F_X509V3_GET_STRING, X509V3_R_OPERATION_NOT_DEFINED); -@@ -374,7 +401,7 @@ char *X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section) - return NULL; - } - --STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section) -+STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, char *section) - { - if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) { - X509V3err(X509V3_F_X509V3_GET_SECTION, -@@ -402,12 +429,12 @@ void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section) - ctx->db_meth->free_section(ctx->db, section); - } - --static char *nconf_get_string(void *db, const char *section, const char *value) -+static char *nconf_get_string(void *db, char *section, char *value) - { - return NCONF_get_string(db, section, value); - } - --static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, const char *section) -+static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section) - { - return NCONF_get_section(db, section); - } -@@ -438,7 +465,7 @@ void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req, - /* Old conf compatibility functions */ - - X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, -- const char *name, const char *value) -+ char *name, char *value) - { - CONF ctmp; - CONF_set_nconf(&ctmp, conf); -@@ -448,19 +475,19 @@ X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - /* LHASH *conf: Config file */ - /* char *value: Value */ - X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, -- X509V3_CTX *ctx, int ext_nid, const char *value) -+ X509V3_CTX *ctx, int ext_nid, char *value) - { - CONF ctmp; - CONF_set_nconf(&ctmp, conf); - return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value); - } - --static char *conf_lhash_get_string(void *db, const char *section, const char *value) -+static char *conf_lhash_get_string(void *db, char *section, char *value) - { - return CONF_get_string(db, section, value); - } - --static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, const char *section) -+static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section) - { - return CONF_get_section(db, section); - } -@@ -479,7 +506,7 @@ void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash) - } - - int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, -- const char *section, X509 *cert) -+ char *section, X509 *cert) - { - CONF ctmp; - CONF_set_nconf(&ctmp, conf); -@@ -489,7 +516,7 @@ int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - /* Same as above but for a CRL */ - - int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, -- const char *section, X509_CRL *crl) -+ char *section, X509_CRL *crl) - { - CONF ctmp; - CONF_set_nconf(&ctmp, conf); -@@ -499,7 +526,7 @@ int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - /* Add extensions to certificate request */ - - int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, -- const char *section, X509_REQ *req) -+ char *section, X509_REQ *req) - { - CONF ctmp; - CONF_set_nconf(&ctmp, conf); -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c -index f717e13..d97f622 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c -@@ -1,28 +1,77 @@ -+/* v3_cpols.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include - #include - - #include "pcy_int.h" --#include "ext_dat.h" - - /* Certificate policies extension support: this one is a bit complex... */ - - static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, - BIO *out, int indent); - static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, -- X509V3_CTX *ctx, const char *value); -+ X509V3_CTX *ctx, char *value); - static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, - int indent); - static void print_notice(BIO *out, USERNOTICE *notice, int indent); -@@ -84,7 +133,7 @@ ASN1_SEQUENCE(NOTICEREF) = { - IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF) - - static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, -- X509V3_CTX *ctx, const char *value) -+ X509V3_CTX *ctx, char *value) - { - STACK_OF(POLICYINFO) *pols = NULL; - char *pstr; -@@ -113,7 +162,7 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, - goto err; - } - pstr = cnf->name; -- if (strcmp(pstr, "ia5org") == 0) { -+ if (!strcmp(pstr, "ia5org")) { - ia5org = 1; - continue; - } else if (*pstr == '@') { -@@ -127,10 +176,10 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, - } - pol = policy_section(ctx, polsect, ia5org); - X509V3_section_free(ctx, polsect); -- if (pol == NULL) -+ if (!pol) - goto err; - } else { -- if ((pobj = OBJ_txt2obj(cnf->name, 0)) == NULL) { -+ if (!(pobj = OBJ_txt2obj(cnf->name, 0))) { - X509V3err(X509V3_F_R2I_CERTPOL, - X509V3_R_INVALID_OBJECT_IDENTIFIER); - X509V3_conf_err(cnf); -@@ -139,7 +188,6 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, - pol = POLICYINFO_new(); - if (pol == NULL) { - X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE); -- ASN1_OBJECT_free(pobj); - goto err; - } - pol->policyid = pobj; -@@ -165,14 +213,13 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, - CONF_VALUE *cnf; - POLICYINFO *pol; - POLICYQUALINFO *qual; -- -- if ((pol = POLICYINFO_new()) == NULL) -+ if (!(pol = POLICYINFO_new())) - goto merr; - for (i = 0; i < sk_CONF_VALUE_num(polstrs); i++) { - cnf = sk_CONF_VALUE_value(polstrs, i); -- if (strcmp(cnf->name, "policyIdentifier") == 0) { -+ if (!strcmp(cnf->name, "policyIdentifier")) { - ASN1_OBJECT *pobj; -- if ((pobj = OBJ_txt2obj(cnf->value, 0)) == NULL) { -+ if (!(pobj = OBJ_txt2obj(cnf->value, 0))) { - X509V3err(X509V3_F_POLICY_SECTION, - X509V3_R_INVALID_OBJECT_IDENTIFIER); - X509V3_conf_err(cnf); -@@ -181,17 +228,17 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, - pol->policyid = pobj; - - } else if (!name_cmp(cnf->name, "CPS")) { -- if (pol->qualifiers == NULL) -+ if (!pol->qualifiers) - pol->qualifiers = sk_POLICYQUALINFO_new_null(); -- if ((qual = POLICYQUALINFO_new()) == NULL) -+ if (!(qual = POLICYQUALINFO_new())) - goto merr; - if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) - goto merr; -- if ((qual->pqualid = OBJ_nid2obj(NID_id_qt_cps)) == NULL) { -+ if (!(qual->pqualid = OBJ_nid2obj(NID_id_qt_cps))) { - X509V3err(X509V3_F_POLICY_SECTION, ERR_R_INTERNAL_ERROR); - goto err; - } -- if ((qual->d.cpsuri = ASN1_IA5STRING_new()) == NULL) -+ if (!(qual->d.cpsuri = M_ASN1_IA5STRING_new())) - goto merr; - if (!ASN1_STRING_set(qual->d.cpsuri, cnf->value, - strlen(cnf->value))) -@@ -249,28 +296,27 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, - CONF_VALUE *cnf; - USERNOTICE *not; - POLICYQUALINFO *qual; -- -- if ((qual = POLICYQUALINFO_new()) == NULL) -+ if (!(qual = POLICYQUALINFO_new())) - goto merr; -- if ((qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice)) == NULL) { -+ if (!(qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice))) { - X509V3err(X509V3_F_NOTICE_SECTION, ERR_R_INTERNAL_ERROR); - goto err; - } -- if ((not = USERNOTICE_new()) == NULL) -+ if (!(not = USERNOTICE_new())) - goto merr; - qual->d.usernotice = not; - for (i = 0; i < sk_CONF_VALUE_num(unot); i++) { - cnf = sk_CONF_VALUE_value(unot, i); -- if (strcmp(cnf->name, "explicitText") == 0) { -- if ((not->exptext = ASN1_VISIBLESTRING_new()) == NULL) -+ if (!strcmp(cnf->name, "explicitText")) { -+ if (!(not->exptext = M_ASN1_VISIBLESTRING_new())) - goto merr; - if (!ASN1_STRING_set(not->exptext, cnf->value, - strlen(cnf->value))) - goto merr; -- } else if (strcmp(cnf->name, "organization") == 0) { -+ } else if (!strcmp(cnf->name, "organization")) { - NOTICEREF *nref; - if (!not->noticeref) { -- if ((nref = NOTICEREF_new()) == NULL) -+ if (!(nref = NOTICEREF_new())) - goto merr; - not->noticeref = nref; - } else -@@ -282,11 +328,11 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, - if (!ASN1_STRING_set(nref->organization, cnf->value, - strlen(cnf->value))) - goto merr; -- } else if (strcmp(cnf->name, "noticeNumbers") == 0) { -+ } else if (!strcmp(cnf->name, "noticeNumbers")) { - NOTICEREF *nref; - STACK_OF(CONF_VALUE) *nos; - if (!not->noticeref) { -- if ((nref = NOTICEREF_new()) == NULL) -+ if (!(nref = NOTICEREF_new())) - goto merr; - not->noticeref = nref; - } else -@@ -295,7 +341,6 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, - if (!nos || !sk_CONF_VALUE_num(nos)) { - X509V3err(X509V3_F_NOTICE_SECTION, X509V3_R_INVALID_NUMBERS); - X509V3_conf_err(cnf); -- sk_CONF_VALUE_pop_free(nos, X509V3_conf_free); - goto err; - } - ret = nref_nos(nref->noticenos, nos); -@@ -335,7 +380,7 @@ static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos) - - for (i = 0; i < sk_CONF_VALUE_num(nos); i++) { - cnf = sk_CONF_VALUE_value(nos, i); -- if ((aint = s2i_ASN1_INTEGER(NULL, cnf->name)) == NULL) { -+ if (!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) { - X509V3err(X509V3_F_NREF_NOS, X509V3_R_INVALID_NUMBER); - goto err; - } -@@ -345,10 +390,10 @@ static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos) - return 1; - - merr: -- ASN1_INTEGER_free(aint); - X509V3err(X509V3_F_NREF_NOS, ERR_R_MALLOC_FAILURE); - - err: -+ sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free); - return 0; - } - -@@ -439,3 +484,8 @@ void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent) - else - BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, ""); - } -+ -+ -+IMPLEMENT_STACK_OF(X509_POLICY_NODE) -+ -+IMPLEMENT_STACK_OF(X509_POLICY_DATA) -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c -index c4c77f1..d3e1d1b 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c -@@ -1,22 +1,69 @@ -+/* v3_crld.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include - #include - --#include "internal/x509_int.h" --#include "ext_dat.h" -- - static void *v2i_crld(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); - static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out, -@@ -68,17 +115,16 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, - { - STACK_OF(GENERAL_NAME) *fnm = NULL; - STACK_OF(X509_NAME_ENTRY) *rnm = NULL; -- -- if (strncmp(cnf->name, "fullname", 9) == 0) { -+ if (!strncmp(cnf->name, "fullname", 9)) { - fnm = gnames_from_sectname(ctx, cnf->value); - if (!fnm) - goto err; -- } else if (strcmp(cnf->name, "relativename") == 0) { -+ } else if (!strcmp(cnf->name, "relativename")) { - int ret; - STACK_OF(CONF_VALUE) *dnsect; - X509_NAME *nm; - nm = X509_NAME_new(); -- if (nm == NULL) -+ if (!nm) - return -1; - dnsect = X509V3_get_section(ctx, cnf->value); - if (!dnsect) { -@@ -112,7 +158,7 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, - } - - *pdp = DIST_POINT_NAME_new(); -- if (*pdp == NULL) -+ if (!*pdp) - goto err; - if (fnm) { - (*pdp)->type = 0; -@@ -125,8 +171,10 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, - return 1; - - err: -- sk_GENERAL_NAME_pop_free(fnm, GENERAL_NAME_free); -- sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free); -+ if (fnm) -+ sk_GENERAL_NAME_pop_free(fnm, GENERAL_NAME_free); -+ if (rnm) -+ sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free); - return -1; - } - -@@ -150,19 +198,19 @@ static int set_reasons(ASN1_BIT_STRING **preas, char *value) - const char *bnam; - int i, ret = 0; - rsk = X509V3_parse_list(value); -- if (rsk == NULL) -+ if (!rsk) -+ return 0; -+ if (*preas) - return 0; -- if (*preas != NULL) -- goto err; - for (i = 0; i < sk_CONF_VALUE_num(rsk); i++) { - bnam = sk_CONF_VALUE_value(rsk, i)->name; -- if (*preas == NULL) { -+ if (!*preas) { - *preas = ASN1_BIT_STRING_new(); -- if (*preas == NULL) -+ if (!*preas) - goto err; - } - for (pbn = reason_flags; pbn->lname; pbn++) { -- if (strcmp(pbn->sname, bnam) == 0) { -+ if (!strcmp(pbn->sname, bnam)) { - if (!ASN1_BIT_STRING_set_bit(*preas, pbn->bitnum, 1)) - goto err; - break; -@@ -207,7 +255,7 @@ static DIST_POINT *crldp_from_section(X509V3_CTX *ctx, - CONF_VALUE *cnf; - DIST_POINT *point = NULL; - point = DIST_POINT_new(); -- if (point == NULL) -+ if (!point) - goto err; - for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { - int ret; -@@ -217,10 +265,10 @@ static DIST_POINT *crldp_from_section(X509V3_CTX *ctx, - continue; - if (ret < 0) - goto err; -- if (strcmp(cnf->name, "reasons") == 0) { -+ if (!strcmp(cnf->name, "reasons")) { - if (!set_reasons(&point->reasons, cnf->value)) - goto err; -- } else if (strcmp(cnf->name, "CRLissuer") == 0) { -+ } else if (!strcmp(cnf->name, "CRLissuer")) { - point->CRLissuer = gnames_from_sectname(ctx, cnf->value); - if (!point->CRLissuer) - goto err; -@@ -230,7 +278,8 @@ static DIST_POINT *crldp_from_section(X509V3_CTX *ctx, - return point; - - err: -- DIST_POINT_free(point); -+ if (point) -+ DIST_POINT_free(point); - return NULL; - } - -@@ -242,8 +291,7 @@ static void *v2i_crld(const X509V3_EXT_METHOD *method, - GENERAL_NAME *gen = NULL; - CONF_VALUE *cnf; - int i; -- -- if ((crld = sk_DIST_POINT_new_null()) == NULL) -+ if (!(crld = sk_DIST_POINT_new_null())) - goto merr; - for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { - DIST_POINT *point; -@@ -262,20 +310,20 @@ static void *v2i_crld(const X509V3_EXT_METHOD *method, - goto merr; - } - } else { -- if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL) -+ if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) - goto err; -- if ((gens = GENERAL_NAMES_new()) == NULL) -+ if (!(gens = GENERAL_NAMES_new())) - goto merr; - if (!sk_GENERAL_NAME_push(gens, gen)) - goto merr; - gen = NULL; -- if ((point = DIST_POINT_new()) == NULL) -+ if (!(point = DIST_POINT_new())) - goto merr; - if (!sk_DIST_POINT_push(crld, point)) { - DIST_POINT_free(point); - goto merr; - } -- if ((point->distpoint = DIST_POINT_NAME_new()) == NULL) -+ if (!(point->distpoint = DIST_POINT_NAME_new())) - goto merr; - point->distpoint->name.fullname = gens; - point->distpoint->type = 0; -@@ -293,6 +341,10 @@ static void *v2i_crld(const X509V3_EXT_METHOD *method, - return NULL; - } - -+IMPLEMENT_STACK_OF(DIST_POINT) -+ -+IMPLEMENT_ASN1_SET_OF(DIST_POINT) -+ - static int dpn_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) - { -@@ -304,7 +356,8 @@ static int dpn_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - break; - - case ASN1_OP_FREE_POST: -- X509_NAME_free(dpn->dpname); -+ if (dpn->dpname) -+ X509_NAME_free(dpn->dpname); - break; - } - return 1; -@@ -368,7 +421,7 @@ static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - char *name, *val; - int i, ret; - idp = ISSUING_DIST_POINT_new(); -- if (idp == NULL) -+ if (!idp) - goto merr; - for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { - cnf = sk_CONF_VALUE_value(nval, i); -@@ -379,19 +432,19 @@ static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - continue; - if (ret < 0) - goto err; -- if (strcmp(name, "onlyuser") == 0) { -+ if (!strcmp(name, "onlyuser")) { - if (!X509V3_get_value_bool(cnf, &idp->onlyuser)) - goto err; -- } else if (strcmp(name, "onlyCA") == 0) { -+ } else if (!strcmp(name, "onlyCA")) { - if (!X509V3_get_value_bool(cnf, &idp->onlyCA)) - goto err; -- } else if (strcmp(name, "onlyAA") == 0) { -+ } else if (!strcmp(name, "onlyAA")) { - if (!X509V3_get_value_bool(cnf, &idp->onlyattr)) - goto err; -- } else if (strcmp(name, "indirectCRL") == 0) { -+ } else if (!strcmp(name, "indirectCRL")) { - if (!X509V3_get_value_bool(cnf, &idp->indirectCRL)) - goto err; -- } else if (strcmp(name, "onlysomereasons") == 0) { -+ } else if (!strcmp(name, "onlysomereasons")) { - if (!set_reasons(&idp->onlysomereasons, val)) - goto err; - } else { -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c -index f39cb5a..7678664 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c -@@ -1,16 +1,65 @@ -+/* v3_enum.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include --#include "ext_dat.h" - - static ENUMERATED_NAMES crl_reasons[] = { - {CRL_REASON_UNSPECIFIED, "Unspecified", "unspecified"}, -@@ -38,16 +87,14 @@ const X509V3_EXT_METHOD v3_crl_reason = { - crl_reasons - }; - --char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method, -- const ASN1_ENUMERATED *e) -+char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *e) - { - ENUMERATED_NAMES *enam; - long strval; -- - strval = ASN1_ENUMERATED_get(e); - for (enam = method->usr_data; enam->lname; enam++) { - if (strval == enam->bitnum) -- return OPENSSL_strdup(enam->lname); -+ return BUF_strdup(enam->lname); - } - return i2s_ASN1_ENUMERATED(method, e); - } -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c -index bae755e..6092c2e 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c -@@ -1,18 +1,67 @@ -+/* v3_extku.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include --#include "ext_dat.h" - - static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, -@@ -76,7 +125,7 @@ static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, - CONF_VALUE *val; - int i; - -- if ((extku = sk_ASN1_OBJECT_new_null()) == NULL) { -+ if (!(extku = sk_ASN1_OBJECT_new_null())) { - X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE, ERR_R_MALLOC_FAILURE); - return NULL; - } -@@ -87,7 +136,7 @@ static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, - extval = val->value; - else - extval = val->name; -- if ((objtmp = OBJ_txt2obj(extval, 0)) == NULL) { -+ if (!(objtmp = OBJ_txt2obj(extval, 0))) { - sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free); - X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE, - X509V3_R_INVALID_OBJECT_IDENTIFIER); -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c -index 8d11997..7f40bfa 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c -@@ -1,14 +1,64 @@ -+/* v3_genn.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include -@@ -179,7 +229,7 @@ int GENERAL_NAME_set0_othername(GENERAL_NAME *gen, - { - OTHERNAME *oth; - oth = OTHERNAME_new(); -- if (oth == NULL) -+ if (!oth) - return 0; - oth->type_id = oid; - oth->value = value; -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c -index c1170d4..c170a55 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c -@@ -1,20 +1,73 @@ -+/* v3_ia5.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include --#include "ext_dat.h" - --const X509V3_EXT_METHOD v3_ns_ia5_list[8] = { -+static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, -+ ASN1_IA5STRING *ia5); -+static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, -+ X509V3_CTX *ctx, char *str); -+const X509V3_EXT_METHOD v3_ns_ia5_list[] = { - EXT_IA5STRING(NID_netscape_base_url), - EXT_IA5STRING(NID_netscape_revocation_url), - EXT_IA5STRING(NID_netscape_ca_revocation_url), -@@ -25,13 +78,13 @@ const X509V3_EXT_METHOD v3_ns_ia5_list[8] = { - EXT_END - }; - --char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5) -+static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, -+ ASN1_IA5STRING *ia5) - { - char *tmp; -- - if (!ia5 || !ia5->length) - return NULL; -- if ((tmp = OPENSSL_malloc(ia5->length + 1)) == NULL) { -+ if (!(tmp = OPENSSL_malloc(ia5->length + 1))) { - X509V3err(X509V3_F_I2S_ASN1_IA5STRING, ERR_R_MALLOC_FAILURE); - return NULL; - } -@@ -40,8 +93,8 @@ char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5) - return tmp; - } - --ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, -- X509V3_CTX *ctx, const char *str) -+static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, -+ X509V3_CTX *ctx, char *str) - { - ASN1_IA5STRING *ia5; - if (!str) { -@@ -49,11 +102,12 @@ ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, - X509V3_R_INVALID_NULL_ARGUMENT); - return NULL; - } -- if ((ia5 = ASN1_IA5STRING_new()) == NULL) -+ if (!(ia5 = M_ASN1_IA5STRING_new())) -+ goto err; -+ if (!ASN1_STRING_set((ASN1_STRING *)ia5, (unsigned char *)str, -+ strlen(str))) { -+ M_ASN1_IA5STRING_free(ia5); - goto err; -- if (!ASN1_STRING_set((ASN1_STRING *)ia5, str, strlen(str))) { -- ASN1_IA5STRING_free(ia5); -- return NULL; - } - #ifdef CHARSET_EBCDIC - ebcdic2ascii(ia5->data, ia5->data, ia5->length); -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_info.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_info.c -index 61ef213..e052a34 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_info.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_info.c -@@ -1,19 +1,68 @@ -+/* v3_info.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include - #include --#include "ext_dat.h" - - static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD - *method, AUTHORITY_INFO_ACCESS -@@ -76,14 +125,14 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD - i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method); - nlen = strlen(objtmp) + strlen(vtmp->name) + 5; - ntmp = OPENSSL_malloc(nlen); -- if (ntmp == NULL) { -+ if (!ntmp) { - X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS, - ERR_R_MALLOC_FAILURE); - return NULL; - } -- OPENSSL_strlcpy(ntmp, objtmp, nlen); -- OPENSSL_strlcat(ntmp, " - ", nlen); -- OPENSSL_strlcat(ntmp, vtmp->name, nlen); -+ BUF_strlcpy(ntmp, objtmp, nlen); -+ BUF_strlcat(ntmp, " - ", nlen); -+ BUF_strlcat(ntmp, vtmp->name, nlen); - OPENSSL_free(vtmp->name); - vtmp->name = ntmp; - -@@ -104,14 +153,13 @@ static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD - ACCESS_DESCRIPTION *acc; - int i, objlen; - char *objtmp, *ptmp; -- -- if ((ainfo = sk_ACCESS_DESCRIPTION_new_null()) == NULL) { -+ if (!(ainfo = sk_ACCESS_DESCRIPTION_new_null())) { - X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS, ERR_R_MALLOC_FAILURE); - return NULL; - } - for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { - cnf = sk_CONF_VALUE_value(nval, i); -- if ((acc = ACCESS_DESCRIPTION_new()) == NULL -+ if (!(acc = ACCESS_DESCRIPTION_new()) - || !sk_ACCESS_DESCRIPTION_push(ainfo, acc)) { - X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS, - ERR_R_MALLOC_FAILURE); -@@ -128,11 +176,13 @@ static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD - ctmp.value = cnf->value; - if (!v2i_GENERAL_NAME_ex(acc->location, method, ctx, &ctmp, 0)) - goto err; -- if ((objtmp = OPENSSL_strndup(cnf->name, objlen)) == NULL) { -+ if (!(objtmp = OPENSSL_malloc(objlen + 1))) { - X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS, - ERR_R_MALLOC_FAILURE); - goto err; - } -+ strncpy(objtmp, cnf->name, objlen); -+ objtmp[objlen] = 0; - acc->method = OBJ_txt2obj(objtmp, 0); - if (!acc->method) { - X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS, -@@ -150,8 +200,11 @@ static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD - return NULL; - } - --int i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION *a) -+int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION *a) - { - i2a_ASN1_OBJECT(bp, a->method); -+#ifdef UNDEF -+ i2a_GENERAL_NAME(bp, a->location); -+#endif - return 2; - } -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_int.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_int.c -index 690c90e..8bfdb37 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_int.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_int.c -@@ -1,16 +1,65 @@ -+/* v3_int.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include --#include "ext_dat.h" - - const X509V3_EXT_METHOD v3_crl_num = { - NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER), -@@ -29,7 +78,7 @@ const X509V3_EXT_METHOD v3_delta_crl = { - }; - - static void *s2i_asn1_int(X509V3_EXT_METHOD *meth, X509V3_CTX *ctx, -- const char *value) -+ char *value) - { - return s2i_ASN1_INTEGER(meth, value); - } -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c -index a3ca720..8350429 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c -@@ -1,16 +1,65 @@ -+/* v3_lib.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ -- - /* X509 v3 extension utilities */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - -@@ -24,8 +73,7 @@ static void ext_list_free(X509V3_EXT_METHOD *ext); - - int X509V3_EXT_add(X509V3_EXT_METHOD *ext) - { -- if (ext_list == NULL -- && (ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp)) == NULL) { -+ if (!ext_list && !(ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp))) { - X509V3err(X509V3_F_X509V3_EXT_ADD, ERR_R_MALLOC_FAILURE); - return 0; - } -@@ -47,74 +95,6 @@ DECLARE_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *, - IMPLEMENT_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *, - const X509V3_EXT_METHOD *, ext); - --/* -- * This table will be searched using OBJ_bsearch so it *must* kept in order -- * of the ext_nid values. -- */ -- --static const X509V3_EXT_METHOD *standard_exts[] = { -- &v3_nscert, -- &v3_ns_ia5_list[0], -- &v3_ns_ia5_list[1], -- &v3_ns_ia5_list[2], -- &v3_ns_ia5_list[3], -- &v3_ns_ia5_list[4], -- &v3_ns_ia5_list[5], -- &v3_ns_ia5_list[6], -- &v3_skey_id, -- &v3_key_usage, -- &v3_pkey_usage_period, -- &v3_alt[0], -- &v3_alt[1], -- &v3_bcons, -- &v3_crl_num, -- &v3_cpols, -- &v3_akey_id, -- &v3_crld, -- &v3_ext_ku, -- &v3_delta_crl, -- &v3_crl_reason, --#ifndef OPENSSL_NO_OCSP -- &v3_crl_invdate, --#endif -- &v3_sxnet, -- &v3_info, --#ifndef OPENSSL_NO_RFC3779 -- &v3_addr, -- &v3_asid, --#endif --#ifndef OPENSSL_NO_OCSP -- &v3_ocsp_nonce, -- &v3_ocsp_crlid, -- &v3_ocsp_accresp, -- &v3_ocsp_nocheck, -- &v3_ocsp_acutoff, -- &v3_ocsp_serviceloc, --#endif -- &v3_sinfo, -- &v3_policy_constraints, --#ifndef OPENSSL_NO_OCSP -- &v3_crl_hold, --#endif -- &v3_pci, -- &v3_name_constraints, -- &v3_policy_mappings, -- &v3_inhibit_anyp, -- &v3_idp, -- &v3_alt[2], -- &v3_freshest_crl, --#ifndef OPENSSL_NO_CT -- &v3_ct_scts[0], -- &v3_ct_scts[1], -- &v3_ct_scts[2], --#endif -- &v3_tls_feature, --}; -- --/* Number of standard extensions */ -- --#define STANDARD_EXTENSION_COUNT OSSL_NELEM(standard_exts) -- - const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid) - { - X509V3_EXT_METHOD tmp; -@@ -137,11 +117,33 @@ const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid) - const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext) - { - int nid; -- if ((nid = OBJ_obj2nid(X509_EXTENSION_get_object(ext))) == NID_undef) -+ if ((nid = OBJ_obj2nid(ext->object)) == NID_undef) - return NULL; - return X509V3_EXT_get_nid(nid); - } - -+int X509V3_EXT_free(int nid, void *ext_data) -+{ -+ const X509V3_EXT_METHOD *ext_method = X509V3_EXT_get_nid(nid); -+ if (ext_method == NULL) { -+ X509V3err(X509V3_F_X509V3_EXT_FREE, -+ X509V3_R_CANNOT_FIND_FREE_FUNCTION); -+ return 0; -+ } -+ -+ if (ext_method->it != NULL) -+ ASN1_item_free(ext_data, ASN1_ITEM_ptr(ext_method->it)); -+ else if (ext_method->ext_free != NULL) -+ ext_method->ext_free(ext_data); -+ else { -+ X509V3err(X509V3_F_X509V3_EXT_FREE, -+ X509V3_R_CANNOT_FIND_FREE_FUNCTION); -+ return 0; -+ } -+ -+ return 1; -+} -+ - int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist) - { - for (; extlist->ext_nid != -1; extlist++) -@@ -155,11 +157,14 @@ int X509V3_EXT_add_alias(int nid_to, int nid_from) - const X509V3_EXT_METHOD *ext; - X509V3_EXT_METHOD *tmpext; - -- if ((ext = X509V3_EXT_get_nid(nid_from)) == NULL) { -- X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS, X509V3_R_EXTENSION_NOT_FOUND); -+ if (!(ext = X509V3_EXT_get_nid(nid_from))) { -+ X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS, -+ X509V3_R_EXTENSION_NOT_FOUND); - return 0; - } -- if ((tmpext = OPENSSL_malloc(sizeof(*tmpext))) == NULL) { -+ if (! -+ (tmpext = -+ (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)))) { - X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS, ERR_R_MALLOC_FAILURE); - return 0; - } -@@ -197,17 +202,14 @@ void *X509V3_EXT_d2i(X509_EXTENSION *ext) - { - const X509V3_EXT_METHOD *method; - const unsigned char *p; -- ASN1_STRING *extvalue; -- int extlen; - -- if ((method = X509V3_EXT_get(ext)) == NULL) -+ if (!(method = X509V3_EXT_get(ext))) - return NULL; -- extvalue = X509_EXTENSION_get_data(ext); -- p = ASN1_STRING_get0_data(extvalue); -- extlen = ASN1_STRING_length(extvalue); -+ p = ext->value->data; - if (method->it) -- return ASN1_item_d2i(NULL, &p, extlen, ASN1_ITEM_ptr(method->it)); -- return method->d2i(NULL, &p, extlen); -+ return ASN1_item_d2i(NULL, &p, ext->value->length, -+ ASN1_ITEM_ptr(method->it)); -+ return method->d2i(NULL, &p, ext->value->length); - } - - /*- -@@ -226,7 +228,7 @@ void *X509V3_EXT_d2i(X509_EXTENSION *ext) - * -2 extension occurs more than once. - */ - --void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit, -+void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, - int *idx) - { - int lastpos, i; -@@ -246,7 +248,7 @@ void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit, - lastpos = 0; - for (i = lastpos; i < sk_X509_EXTENSION_num(x); i++) { - ex = sk_X509_EXTENSION_value(x, i); -- if (OBJ_obj2nid(X509_EXTENSION_get_object(ex)) == nid) { -+ if (OBJ_obj2nid(ex->object) == nid) { - if (idx) { - *idx = i; - found_ex = ex; -@@ -345,8 +347,7 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, - return 1; - } - -- if (*x == NULL -- && (*x = sk_X509_EXTENSION_new_null()) == NULL) -+ if (!*x && !(*x = sk_X509_EXTENSION_new_null())) - return -1; - if (!sk_X509_EXTENSION_push(*x, ext)) - return -1; -@@ -358,3 +359,5 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, - X509V3err(X509V3_F_X509V3_ADD1_I2D, errcode); - return 0; - } -+ -+IMPLEMENT_STACK_OF(X509V3_EXT_METHOD) -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c -index 9b3bb12..2855269 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c -@@ -1,22 +1,68 @@ -+/* v3_ncons.c */ - /* -- * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -+ * project. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" --#include "internal/asn1_int.h" -+#include "cryptlib.h" - #include - #include - #include - --#include "internal/x509_int.h" --#include "ext_dat.h" -- - static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval); -@@ -24,7 +70,7 @@ static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a, - BIO *bp, int ind); - static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method, - STACK_OF(GENERAL_SUBTREE) *trees, BIO *bp, -- int ind, const char *name); -+ int ind, char *name); - static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip); - - static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc); -@@ -33,7 +79,6 @@ static int nc_dn(X509_NAME *sub, X509_NAME *nm); - static int nc_dns(ASN1_IA5STRING *sub, ASN1_IA5STRING *dns); - static int nc_email(ASN1_IA5STRING *sub, ASN1_IA5STRING *eml); - static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base); --static int nc_ip(ASN1_OCTET_STRING *ip, ASN1_OCTET_STRING *base); - - const X509V3_EXT_METHOD v3_name_constraints = { - NID_name_constraints, 0, -@@ -70,16 +115,15 @@ static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, - STACK_OF(GENERAL_SUBTREE) **ptree = NULL; - NAME_CONSTRAINTS *ncons = NULL; - GENERAL_SUBTREE *sub = NULL; -- - ncons = NAME_CONSTRAINTS_new(); -- if (ncons == NULL) -+ if (!ncons) - goto memerr; - for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { - val = sk_CONF_VALUE_value(nval, i); -- if (strncmp(val->name, "permitted", 9) == 0 && val->name[9]) { -+ if (!strncmp(val->name, "permitted", 9) && val->name[9]) { - ptree = &ncons->permittedSubtrees; - tval.name = val->name + 10; -- } else if (strncmp(val->name, "excluded", 8) == 0 && val->name[8]) { -+ } else if (!strncmp(val->name, "excluded", 8) && val->name[8]) { - ptree = &ncons->excludedSubtrees; - tval.name = val->name + 9; - } else { -@@ -92,9 +136,9 @@ static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, - goto memerr; - if (!v2i_GENERAL_NAME_ex(sub->base, method, ctx, &tval, 1)) - goto err; -- if (*ptree == NULL) -+ if (!*ptree) - *ptree = sk_GENERAL_SUBTREE_new_null(); -- if (*ptree == NULL || !sk_GENERAL_SUBTREE_push(*ptree, sub)) -+ if (!*ptree || !sk_GENERAL_SUBTREE_push(*ptree, sub)) - goto memerr; - sub = NULL; - } -@@ -104,8 +148,10 @@ static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, - memerr: - X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, ERR_R_MALLOC_FAILURE); - err: -- NAME_CONSTRAINTS_free(ncons); -- GENERAL_SUBTREE_free(sub); -+ if (ncons) -+ NAME_CONSTRAINTS_free(ncons); -+ if (sub) -+ GENERAL_SUBTREE_free(sub); - - return NULL; - } -@@ -123,7 +169,7 @@ static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a, - - static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method, - STACK_OF(GENERAL_SUBTREE) *trees, -- BIO *bp, int ind, const char *name) -+ BIO *bp, int ind, char *name) - { - GENERAL_SUBTREE *tree; - int i; -@@ -199,8 +245,7 @@ int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc) - /* Process any email address attributes in subject name */ - - for (i = -1;;) { -- const X509_NAME_ENTRY *ne; -- -+ X509_NAME_ENTRY *ne; - i = X509_NAME_get_index_by_NID(nm, NID_pkcs9_emailAddress, i); - if (i == -1) - break; -@@ -228,51 +273,6 @@ int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc) - - } - --int NAME_CONSTRAINTS_check_CN(X509 *x, NAME_CONSTRAINTS *nc) --{ -- int r, i; -- X509_NAME *nm; -- -- ASN1_STRING stmp; -- GENERAL_NAME gntmp; -- stmp.flags = 0; -- stmp.type = V_ASN1_IA5STRING; -- gntmp.type = GEN_DNS; -- gntmp.d.dNSName = &stmp; -- -- nm = X509_get_subject_name(x); -- -- /* Process any commonName attributes in subject name */ -- -- for (i = -1;;) { -- X509_NAME_ENTRY *ne; -- ASN1_STRING *hn; -- i = X509_NAME_get_index_by_NID(nm, NID_commonName, i); -- if (i == -1) -- break; -- ne = X509_NAME_get_entry(nm, i); -- hn = X509_NAME_ENTRY_get_data(ne); -- /* Only process attributes that look like host names */ -- if (asn1_valid_host(hn)) { -- unsigned char *h; -- int hlen = ASN1_STRING_to_UTF8(&h, hn); -- if (hlen <= 0) -- return X509_V_ERR_OUT_OF_MEM; -- -- stmp.length = hlen; -- stmp.data = h; -- -- r = nc_match(&gntmp, nc); -- -- OPENSSL_free(h); -- -- if (r != X509_V_OK) -- return r; -- } -- } -- return X509_V_OK; --} -- - static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc) - { - GENERAL_SUBTREE *sub; -@@ -341,9 +341,6 @@ static int nc_match_single(GENERAL_NAME *gen, GENERAL_NAME *base) - return nc_uri(gen->d.uniformResourceIdentifier, - base->d.uniformResourceIdentifier); - -- case GEN_IPADD: -- return nc_ip(gen->d.iPAddress, base->d.iPAddress); -- - default: - return X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE; - } -@@ -403,11 +400,11 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base) - const char *emlat = strchr(emlptr, '@'); - if (!emlat) - return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; -- /* Special case: initial '.' is RHS match */ -+ /* Special case: inital '.' is RHS match */ - if (!baseat && (*baseptr == '.')) { - if (eml->length > base->length) { - emlptr += eml->length - base->length; -- if (strcasecmp(baseptr, emlptr) == 0) -+ if (!strcasecmp(baseptr, emlptr)) - return X509_V_OK; - } - return X509_V_ERR_PERMITTED_VIOLATION; -@@ -463,11 +460,11 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base) - if (hostlen == 0) - return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; - -- /* Special case: initial '.' is RHS match */ -+ /* Special case: inital '.' is RHS match */ - if (*baseptr == '.') { - if (hostlen > base->length) { - p = hostptr + hostlen - base->length; -- if (strncasecmp(p, baseptr, base->length) == 0) -+ if (!strncasecmp(p, baseptr, base->length)) - return X509_V_OK; - } - return X509_V_ERR_PERMITTED_VIOLATION; -@@ -480,34 +477,3 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base) - return X509_V_OK; - - } -- --static int nc_ip(ASN1_OCTET_STRING *ip, ASN1_OCTET_STRING *base) --{ -- int hostlen, baselen, i; -- unsigned char *hostptr, *baseptr, *maskptr; -- hostptr = ip->data; -- hostlen = ip->length; -- baseptr = base->data; -- baselen = base->length; -- -- /* Invalid if not IPv4 or IPv6 */ -- if (!((hostlen == 4) || (hostlen == 16))) -- return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; -- if (!((baselen == 8) || (baselen == 32))) -- return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; -- -- /* Do not match IPv4 with IPv6 */ -- if (hostlen * 2 != baselen) -- return X509_V_ERR_PERMITTED_VIOLATION; -- -- maskptr = base->data + hostlen; -- -- /* Considering possible not aligned base ipAddress */ -- /* Not checking for wrong mask definition: i.e.: 255.0.255.0 */ -- for (i = 0; i < hostlen; i++) -- if ((hostptr[i] & maskptr[i]) != (baseptr[i] & maskptr[i])) -- return X509_V_ERR_PERMITTED_VIOLATION; -- -- return X509_V_OK; -- --} -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c -new file mode 100644 -index 0000000..b151eac ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c -@@ -0,0 +1,312 @@ -+/* v3_ocsp.c */ -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+#ifndef OPENSSL_NO_OCSP -+ -+# include -+# include "cryptlib.h" -+# include -+# include -+# include -+# include -+ -+/* -+ * OCSP extensions and a couple of CRL entry extensions -+ */ -+ -+static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *nonce, -+ BIO *out, int indent); -+static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *nonce, -+ BIO *out, int indent); -+static int i2r_object(const X509V3_EXT_METHOD *method, void *obj, BIO *out, -+ int indent); -+ -+static void *ocsp_nonce_new(void); -+static int i2d_ocsp_nonce(void *a, unsigned char **pp); -+static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length); -+static void ocsp_nonce_free(void *a); -+static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce, -+ BIO *out, int indent); -+ -+static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, -+ void *nocheck, BIO *out, int indent); -+static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, -+ X509V3_CTX *ctx, const char *str); -+static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in, -+ BIO *bp, int ind); -+ -+const X509V3_EXT_METHOD v3_ocsp_crlid = { -+ NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID), -+ 0, 0, 0, 0, -+ 0, 0, -+ 0, 0, -+ i2r_ocsp_crlid, 0, -+ NULL -+}; -+ -+const X509V3_EXT_METHOD v3_ocsp_acutoff = { -+ NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), -+ 0, 0, 0, 0, -+ 0, 0, -+ 0, 0, -+ i2r_ocsp_acutoff, 0, -+ NULL -+}; -+ -+const X509V3_EXT_METHOD v3_crl_invdate = { -+ NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), -+ 0, 0, 0, 0, -+ 0, 0, -+ 0, 0, -+ i2r_ocsp_acutoff, 0, -+ NULL -+}; -+ -+const X509V3_EXT_METHOD v3_crl_hold = { -+ NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT), -+ 0, 0, 0, 0, -+ 0, 0, -+ 0, 0, -+ i2r_object, 0, -+ NULL -+}; -+ -+const X509V3_EXT_METHOD v3_ocsp_nonce = { -+ NID_id_pkix_OCSP_Nonce, 0, NULL, -+ ocsp_nonce_new, -+ ocsp_nonce_free, -+ d2i_ocsp_nonce, -+ i2d_ocsp_nonce, -+ 0, 0, -+ 0, 0, -+ i2r_ocsp_nonce, 0, -+ NULL -+}; -+ -+const X509V3_EXT_METHOD v3_ocsp_nocheck = { -+ NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL), -+ 0, 0, 0, 0, -+ 0, s2i_ocsp_nocheck, -+ 0, 0, -+ i2r_ocsp_nocheck, 0, -+ NULL -+}; -+ -+const X509V3_EXT_METHOD v3_ocsp_serviceloc = { -+ NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC), -+ 0, 0, 0, 0, -+ 0, 0, -+ 0, 0, -+ i2r_ocsp_serviceloc, 0, -+ NULL -+}; -+ -+static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *in, BIO *bp, -+ int ind) -+{ -+ OCSP_CRLID *a = in; -+ if (a->crlUrl) { -+ if (BIO_printf(bp, "%*scrlUrl: ", ind, "") <= 0) -+ goto err; -+ if (!ASN1_STRING_print(bp, (ASN1_STRING *)a->crlUrl)) -+ goto err; -+ if (BIO_write(bp, "\n", 1) <= 0) -+ goto err; -+ } -+ if (a->crlNum) { -+ if (BIO_printf(bp, "%*scrlNum: ", ind, "") <= 0) -+ goto err; -+ if (i2a_ASN1_INTEGER(bp, a->crlNum) <= 0) -+ goto err; -+ if (BIO_write(bp, "\n", 1) <= 0) -+ goto err; -+ } -+ if (a->crlTime) { -+ if (BIO_printf(bp, "%*scrlTime: ", ind, "") <= 0) -+ goto err; -+ if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) -+ goto err; -+ if (BIO_write(bp, "\n", 1) <= 0) -+ goto err; -+ } -+ return 1; -+ err: -+ return 0; -+} -+ -+static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *cutoff, -+ BIO *bp, int ind) -+{ -+ if (BIO_printf(bp, "%*s", ind, "") <= 0) -+ return 0; -+ if (!ASN1_GENERALIZEDTIME_print(bp, cutoff)) -+ return 0; -+ return 1; -+} -+ -+static int i2r_object(const X509V3_EXT_METHOD *method, void *oid, BIO *bp, -+ int ind) -+{ -+ if (BIO_printf(bp, "%*s", ind, "") <= 0) -+ return 0; -+ if (i2a_ASN1_OBJECT(bp, oid) <= 0) -+ return 0; -+ return 1; -+} -+ -+/* -+ * OCSP nonce. This is needs special treatment because it doesn't have an -+ * ASN1 encoding at all: it just contains arbitrary data. -+ */ -+ -+static void *ocsp_nonce_new(void) -+{ -+ return ASN1_OCTET_STRING_new(); -+} -+ -+static int i2d_ocsp_nonce(void *a, unsigned char **pp) -+{ -+ ASN1_OCTET_STRING *os = a; -+ if (pp) { -+ memcpy(*pp, os->data, os->length); -+ *pp += os->length; -+ } -+ return os->length; -+} -+ -+static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length) -+{ -+ ASN1_OCTET_STRING *os, **pos; -+ pos = a; -+ if (!pos || !*pos) -+ os = ASN1_OCTET_STRING_new(); -+ else -+ os = *pos; -+ if (!ASN1_OCTET_STRING_set(os, *pp, length)) -+ goto err; -+ -+ *pp += length; -+ -+ if (pos) -+ *pos = os; -+ return os; -+ -+ err: -+ if (os && (!pos || (*pos != os))) -+ M_ASN1_OCTET_STRING_free(os); -+ OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE); -+ return NULL; -+} -+ -+static void ocsp_nonce_free(void *a) -+{ -+ M_ASN1_OCTET_STRING_free(a); -+} -+ -+static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce, -+ BIO *out, int indent) -+{ -+ if (BIO_printf(out, "%*s", indent, "") <= 0) -+ return 0; -+ if (i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) -+ return 0; -+ return 1; -+} -+ -+/* Nocheck is just a single NULL. Don't print anything and always set it */ -+ -+static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, void *nocheck, -+ BIO *out, int indent) -+{ -+ return 1; -+} -+ -+static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, -+ X509V3_CTX *ctx, const char *str) -+{ -+ return ASN1_NULL_new(); -+} -+ -+static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in, -+ BIO *bp, int ind) -+{ -+ int i; -+ OCSP_SERVICELOC *a = in; -+ ACCESS_DESCRIPTION *ad; -+ -+ if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0) -+ goto err; -+ if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0) -+ goto err; -+ for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++) { -+ ad = sk_ACCESS_DESCRIPTION_value(a->locator, i); -+ if (BIO_printf(bp, "\n%*s", (2 * ind), "") <= 0) -+ goto err; -+ if (i2a_ASN1_OBJECT(bp, ad->method) <= 0) -+ goto err; -+ if (BIO_puts(bp, " - ") <= 0) -+ goto err; -+ if (GENERAL_NAME_print(bp, ad->location) <= 0) -+ goto err; -+ } -+ return 1; -+ err: -+ return 0; -+} -+#endif -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c -index 2c05edb..12f12a7 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c -@@ -1,12 +1,8 @@ -+/* v3_pci.c */ - /* -- * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * Contributed to the OpenSSL Project 2004 by Richard Levitte -+ * (richard@levitte.org) - */ -- - /* Copyright (c) 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. -@@ -40,10 +36,9 @@ - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include --#include "ext_dat.h" - - static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext, - BIO *out, int indent); -@@ -91,7 +86,7 @@ static int process_pci_value(CONF_VALUE *val, - X509V3_conf_err(val); - return 0; - } -- if ((*language = OBJ_txt2obj(val->value, 0)) == NULL) { -+ if (!(*language = OBJ_txt2obj(val->value, 0))) { - X509V3err(X509V3_F_PROCESS_PCI_VALUE, - X509V3_R_INVALID_OBJECT_IDENTIFIER); - X509V3_conf_err(val); -@@ -115,7 +110,7 @@ static int process_pci_value(CONF_VALUE *val, - long val_len; - if (!*policy) { - *policy = ASN1_OCTET_STRING_new(); -- if (*policy == NULL) { -+ if (!*policy) { - X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE); - X509V3_conf_err(val); - return 0; -@@ -124,9 +119,11 @@ static int process_pci_value(CONF_VALUE *val, - } - if (strncmp(val->value, "hex:", 4) == 0) { - unsigned char *tmp_data2 = -- OPENSSL_hexstr2buf(val->value + 4, &val_len); -+ string_to_hex(val->value + 4, &val_len); - - if (!tmp_data2) { -+ X509V3err(X509V3_F_PROCESS_PCI_VALUE, -+ X509V3_R_ILLEGAL_HEX_DIGIT); - X509V3_conf_err(val); - goto err; - } -@@ -145,7 +142,6 @@ static int process_pci_value(CONF_VALUE *val, - * realloc failure implies the original data space is b0rked - * too! - */ -- OPENSSL_free((*policy)->data); - (*policy)->data = NULL; - (*policy)->length = 0; - X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE); -@@ -153,6 +149,7 @@ static int process_pci_value(CONF_VALUE *val, - goto err; - } - OPENSSL_free(tmp_data2); -+#ifndef OPENSSL_NO_STDIO - } else if (strncmp(val->value, "file:", 5) == 0) { - unsigned char buf[2048]; - int n; -@@ -170,16 +167,8 @@ static int process_pci_value(CONF_VALUE *val, - tmp_data = OPENSSL_realloc((*policy)->data, - (*policy)->length + n + 1); - -- if (!tmp_data) { -- OPENSSL_free((*policy)->data); -- (*policy)->data = NULL; -- (*policy)->length = 0; -- X509V3err(X509V3_F_PROCESS_PCI_VALUE, -- ERR_R_MALLOC_FAILURE); -- X509V3_conf_err(val); -- BIO_free_all(b); -- goto err; -- } -+ if (!tmp_data) -+ break; - - (*policy)->data = tmp_data; - memcpy(&(*policy)->data[(*policy)->length], buf, n); -@@ -193,6 +182,7 @@ static int process_pci_value(CONF_VALUE *val, - X509V3_conf_err(val); - goto err; - } -+#endif /* !OPENSSL_NO_STDIO */ - } else if (strncmp(val->value, "text:", 5) == 0) { - val_len = strlen(val->value + 5); - tmp_data = OPENSSL_realloc((*policy)->data, -@@ -208,7 +198,6 @@ static int process_pci_value(CONF_VALUE *val, - * realloc failure implies the original data space is b0rked - * too! - */ -- OPENSSL_free((*policy)->data); - (*policy)->data = NULL; - (*policy)->length = 0; - X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE); -@@ -295,7 +284,7 @@ static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method, - } - - pci = PROXY_CERT_INFO_EXTENSION_new(); -- if (pci == NULL) { -+ if (!pci) { - X509V3err(X509V3_F_R2I_PCI, ERR_R_MALLOC_FAILURE); - goto err; - } -@@ -308,13 +297,22 @@ static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method, - pathlen = NULL; - goto end; - err: -- ASN1_OBJECT_free(language); -- ASN1_INTEGER_free(pathlen); -- pathlen = NULL; -- ASN1_OCTET_STRING_free(policy); -- policy = NULL; -- PROXY_CERT_INFO_EXTENSION_free(pci); -- pci = NULL; -+ if (language) { -+ ASN1_OBJECT_free(language); -+ language = NULL; -+ } -+ if (pathlen) { -+ ASN1_INTEGER_free(pathlen); -+ pathlen = NULL; -+ } -+ if (policy) { -+ ASN1_OCTET_STRING_free(policy); -+ policy = NULL; -+ } -+ if (pci) { -+ PROXY_CERT_INFO_EXTENSION_free(pci); -+ pci = NULL; -+ } - end: - sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); - return pci; -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c -index e6f7a91..e53c82e 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c -@@ -1,12 +1,8 @@ -+/* v3_pcia.c */ - /* -- * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * Contributed to the OpenSSL Project 2004 by Richard Levitte -+ * (richard@levitte.org) - */ -- - /* Copyright (c) 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c -index 24f7ff4..cfccb97 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c -@@ -1,19 +1,68 @@ -+/* v3_pcons.c */ - /* -- * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -+ * project. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include - #include --#include "ext_dat.h" - - static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD - *method, void *bcons, STACK_OF(CONF_VALUE) -@@ -59,17 +108,16 @@ static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, - POLICY_CONSTRAINTS *pcons = NULL; - CONF_VALUE *val; - int i; -- -- if ((pcons = POLICY_CONSTRAINTS_new()) == NULL) { -+ if (!(pcons = POLICY_CONSTRAINTS_new())) { - X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, ERR_R_MALLOC_FAILURE); - return NULL; - } - for (i = 0; i < sk_CONF_VALUE_num(values); i++) { - val = sk_CONF_VALUE_value(values, i); -- if (strcmp(val->name, "requireExplicitPolicy") == 0) { -+ if (!strcmp(val->name, "requireExplicitPolicy")) { - if (!X509V3_get_value_int(val, &pcons->requireExplicitPolicy)) - goto err; -- } else if (strcmp(val->name, "inhibitPolicyMapping") == 0) { -+ } else if (!strcmp(val->name, "inhibitPolicyMapping")) { - if (!X509V3_get_value_int(val, &pcons->inhibitPolicyMapping)) - goto err; - } else { -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c -index ed82bca..dd01c44 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c -@@ -1,18 +1,67 @@ -+/* v3_pku.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include --#include "ext_dat.h" - - static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, - PKEY_USAGE_PERIOD *usage, BIO *out, -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c -index 73f4ec2..a168343 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c -@@ -1,18 +1,67 @@ -+/* v3_pmaps.c */ - /* -- * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -+ * project. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include --#include "ext_dat.h" - - static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); -@@ -64,13 +113,13 @@ static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD - static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) - { -- POLICY_MAPPINGS *pmaps = NULL; -- POLICY_MAPPING *pmap = NULL; -- ASN1_OBJECT *obj1 = NULL, *obj2 = NULL; -+ POLICY_MAPPINGS *pmaps; -+ POLICY_MAPPING *pmap; -+ ASN1_OBJECT *obj1, *obj2; - CONF_VALUE *val; - int i; - -- if ((pmaps = sk_POLICY_MAPPING_new_null()) == NULL) { -+ if (!(pmaps = sk_POLICY_MAPPING_new_null())) { - X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, ERR_R_MALLOC_FAILURE); - return NULL; - } -@@ -78,33 +127,30 @@ static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, - for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { - val = sk_CONF_VALUE_value(nval, i); - if (!val->value || !val->name) { -+ sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); - X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, - X509V3_R_INVALID_OBJECT_IDENTIFIER); - X509V3_conf_err(val); -- goto err; -+ return NULL; - } - obj1 = OBJ_txt2obj(val->name, 0); - obj2 = OBJ_txt2obj(val->value, 0); - if (!obj1 || !obj2) { -+ sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); - X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, - X509V3_R_INVALID_OBJECT_IDENTIFIER); - X509V3_conf_err(val); -- goto err; -+ return NULL; - } - pmap = POLICY_MAPPING_new(); -- if (pmap == NULL) { -+ if (!pmap) { -+ sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); - X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, ERR_R_MALLOC_FAILURE); -- goto err; -+ return NULL; - } - pmap->issuerDomainPolicy = obj1; - pmap->subjectDomainPolicy = obj2; -- obj1 = obj2 = NULL; - sk_POLICY_MAPPING_push(pmaps, pmap); - } - return pmaps; -- err: -- ASN1_OBJECT_free(obj1); -- ASN1_OBJECT_free(obj2); -- sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); -- return NULL; - } -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c -index f384c34..acc9c6d 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c -@@ -1,22 +1,71 @@ -+/* v3_prn.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ -- - /* X509 v3 extension utilities */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - - /* Extension printing routines */ - --static int unknown_ext_print(BIO *out, const unsigned char *ext, int extlen, -+static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, - unsigned long flag, int indent, int supported); - - /* Print out a name+value stack */ -@@ -52,7 +101,7 @@ void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, - char *tmp; - len = strlen(nval->value) + 1; - tmp = OPENSSL_malloc(len); -- if (tmp != NULL) { -+ if (tmp) { - ascii2ebcdic(tmp, nval->value, len); - BIO_printf(out, "%s:%s", nval->name, tmp); - OPENSSL_free(tmp); -@@ -71,29 +120,26 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, - { - void *ext_str = NULL; - char *value = NULL; -- ASN1_OCTET_STRING *extoct; - const unsigned char *p; -- int extlen; - const X509V3_EXT_METHOD *method; - STACK_OF(CONF_VALUE) *nval = NULL; - int ok = 1; - -- extoct = X509_EXTENSION_get_data(ext); -- p = ASN1_STRING_get0_data(extoct); -- extlen = ASN1_STRING_length(extoct); -- -- if ((method = X509V3_EXT_get(ext)) == NULL) -- return unknown_ext_print(out, p, extlen, flag, indent, 0); -+ if (!(method = X509V3_EXT_get(ext))) -+ return unknown_ext_print(out, ext, flag, indent, 0); -+ p = ext->value->data; - if (method->it) -- ext_str = ASN1_item_d2i(NULL, &p, extlen, ASN1_ITEM_ptr(method->it)); -+ ext_str = -+ ASN1_item_d2i(NULL, &p, ext->value->length, -+ ASN1_ITEM_ptr(method->it)); - else -- ext_str = method->d2i(NULL, &p, extlen); -+ ext_str = method->d2i(NULL, &p, ext->value->length); - - if (!ext_str) -- return unknown_ext_print(out, p, extlen, flag, indent, 1); -+ return unknown_ext_print(out, ext, flag, indent, 1); - - if (method->i2s) { -- if ((value = method->i2s(method, ext_str)) == NULL) { -+ if (!(value = method->i2s(method, ext_str))) { - ok = 0; - goto err; - } -@@ -105,7 +151,7 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, - char *tmp; - len = strlen(value) + 1; - tmp = OPENSSL_malloc(len); -- if (tmp != NULL) { -+ if (tmp) { - ascii2ebcdic(tmp, value, len); - BIO_printf(out, "%*s%s", indent, "", tmp); - OPENSSL_free(tmp); -@@ -113,7 +159,7 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, - } - #endif - } else if (method->i2v) { -- if ((nval = method->i2v(method, ext_str, NULL)) == NULL) { -+ if (!(nval = method->i2v(method, ext_str, NULL))) { - ok = 0; - goto err; - } -@@ -127,7 +173,8 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, - - err: - sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); -- OPENSSL_free(value); -+ if (value) -+ OPENSSL_free(value); - if (method->it) - ASN1_item_free(ext_str, ASN1_ITEM_ptr(method->it)); - else -@@ -135,8 +182,8 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, - return ok; - } - --int X509V3_extensions_print(BIO *bp, const char *title, -- const STACK_OF(X509_EXTENSION) *exts, -+int X509V3_extensions_print(BIO *bp, char *title, -+ STACK_OF(X509_EXTENSION) *exts, - unsigned long flag, int indent) - { - int i, j; -@@ -162,7 +209,7 @@ int X509V3_extensions_print(BIO *bp, const char *title, - return 0; - if (!X509V3_EXT_print(bp, ex, flag, indent + 4)) { - BIO_printf(bp, "%*s", indent + 4, ""); -- ASN1_STRING_print(bp, X509_EXTENSION_get_data(ex)); -+ M_ASN1_OCTET_STRING_print(bp, ex->value); - } - if (BIO_write(bp, "\n", 1) <= 0) - return 0; -@@ -170,7 +217,7 @@ int X509V3_extensions_print(BIO *bp, const char *title, - return 1; - } - --static int unknown_ext_print(BIO *out, const unsigned char *ext, int extlen, -+static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, - unsigned long flag, int indent, int supported) - { - switch (flag & X509V3_EXT_UNKNOWN_MASK) { -@@ -186,22 +233,24 @@ static int unknown_ext_print(BIO *out, const unsigned char *ext, int extlen, - return 1; - - case X509V3_EXT_PARSE_UNKNOWN: -- return ASN1_parse_dump(out, ext, extlen, indent, -1); -+ return ASN1_parse_dump(out, -+ ext->value->data, ext->value->length, indent, -+ -1); - case X509V3_EXT_DUMP_UNKNOWN: -- return BIO_dump_indent(out, (const char *)ext, extlen, indent); -+ return BIO_dump_indent(out, (char *)ext->value->data, -+ ext->value->length, indent); - - default: - return 1; - } - } - --#ifndef OPENSSL_NO_STDIO -+#ifndef OPENSSL_NO_FP_API - int X509V3_EXT_print_fp(FILE *fp, X509_EXTENSION *ext, int flag, int indent) - { - BIO *bio_tmp; - int ret; -- -- if ((bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) -+ if (!(bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE))) - return 0; - ret = X509V3_EXT_print(bio_tmp, ext, flag, indent); - BIO_free(bio_tmp); -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c -index 451e7f8..845be67 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c -@@ -1,18 +1,66 @@ -+/* v3_purp.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2001. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" --#include "internal/numbers.h" -+#include "cryptlib.h" - #include - #include --#include "internal/x509_int.h" - - static void x509v3_cache_extensions(X509 *x); - -@@ -60,7 +108,9 @@ static X509_PURPOSE xstandard[] = { - NULL}, - }; - --#define X509_PURPOSE_COUNT OSSL_NELEM(xstandard) -+#define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE)) -+ -+IMPLEMENT_STACK_OF(X509_PURPOSE) - - static STACK_OF(X509_PURPOSE) *xptable = NULL; - -@@ -79,11 +129,10 @@ int X509_check_purpose(X509 *x, int id, int ca) - int idx; - const X509_PURPOSE *pt; - if (!(x->ex_flags & EXFLAG_SET)) { -- CRYPTO_THREAD_write_lock(x->lock); -+ CRYPTO_w_lock(CRYPTO_LOCK_X509); - x509v3_cache_extensions(x); -- CRYPTO_THREAD_unlock(x->lock); -+ CRYPTO_w_unlock(CRYPTO_LOCK_X509); - } -- /* Return if side-effect only call */ - if (id == -1) - return 1; - idx = X509_PURPOSE_get_by_id(id); -@@ -119,13 +168,13 @@ X509_PURPOSE *X509_PURPOSE_get0(int idx) - return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT); - } - --int X509_PURPOSE_get_by_sname(const char *sname) -+int X509_PURPOSE_get_by_sname(char *sname) - { - int i; - X509_PURPOSE *xptmp; - for (i = 0; i < X509_PURPOSE_get_count(); i++) { - xptmp = X509_PURPOSE_get0(i); -- if (strcmp(xptmp->sname, sname) == 0) -+ if (!strcmp(xptmp->sname, sname)) - return i; - } - return -1; -@@ -148,7 +197,7 @@ int X509_PURPOSE_get_by_id(int purpose) - - int X509_PURPOSE_add(int id, int trust, int flags, - int (*ck) (const X509_PURPOSE *, const X509 *, int), -- const char *name, const char *sname, void *arg) -+ char *name, char *sname, void *arg) - { - int idx; - X509_PURPOSE *ptmp; -@@ -162,7 +211,7 @@ int X509_PURPOSE_add(int id, int trust, int flags, - idx = X509_PURPOSE_get_by_id(id); - /* Need a new entry */ - if (idx == -1) { -- if ((ptmp = OPENSSL_malloc(sizeof(*ptmp))) == NULL) { -+ if (!(ptmp = OPENSSL_malloc(sizeof(X509_PURPOSE)))) { - X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE); - return 0; - } -@@ -176,11 +225,11 @@ int X509_PURPOSE_add(int id, int trust, int flags, - OPENSSL_free(ptmp->sname); - } - /* dup supplied name */ -- ptmp->name = OPENSSL_strdup(name); -- ptmp->sname = OPENSSL_strdup(sname); -+ ptmp->name = BUF_strdup(name); -+ ptmp->sname = BUF_strdup(sname); - if (!ptmp->name || !ptmp->sname) { - X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE); -- goto err; -+ return 0; - } - /* Keep the dynamic flag of existing entry */ - ptmp->flags &= X509_PURPOSE_DYNAMIC; -@@ -194,24 +243,16 @@ int X509_PURPOSE_add(int id, int trust, int flags, - - /* If its a new entry manage the dynamic table */ - if (idx == -1) { -- if (xptable == NULL -- && (xptable = sk_X509_PURPOSE_new(xp_cmp)) == NULL) { -+ if (!xptable && !(xptable = sk_X509_PURPOSE_new(xp_cmp))) { - X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE); -- goto err; -+ return 0; - } - if (!sk_X509_PURPOSE_push(xptable, ptmp)) { - X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE); -- goto err; -+ return 0; - } - } - return 1; -- err: -- if (idx == -1) { -- OPENSSL_free(ptmp->name); -- OPENSSL_free(ptmp->sname); -- OPENSSL_free(ptmp); -- } -- return 0; - } - - static void xptable_free(X509_PURPOSE *p) -@@ -229,26 +270,29 @@ static void xptable_free(X509_PURPOSE *p) - - void X509_PURPOSE_cleanup(void) - { -+ unsigned int i; - sk_X509_PURPOSE_pop_free(xptable, xptable_free); -+ for (i = 0; i < X509_PURPOSE_COUNT; i++) -+ xptable_free(xstandard + i); - xptable = NULL; - } - --int X509_PURPOSE_get_id(const X509_PURPOSE *xp) -+int X509_PURPOSE_get_id(X509_PURPOSE *xp) - { - return xp->purpose; - } - --char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp) -+char *X509_PURPOSE_get0_name(X509_PURPOSE *xp) - { - return xp->name; - } - --char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp) -+char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp) - { - return xp->sname; - } - --int X509_PURPOSE_get_trust(const X509_PURPOSE *xp) -+int X509_PURPOSE_get_trust(X509_PURPOSE *xp) - { - return xp->trust; - } -@@ -294,7 +338,8 @@ int X509_supported_extension(X509_EXTENSION *ex) - if (ex_nid == NID_undef) - return 0; - -- if (OBJ_bsearch_nid(&ex_nid, supported_nids, OSSL_NELEM(supported_nids))) -+ if (OBJ_bsearch_nid(&ex_nid, supported_nids, -+ sizeof(supported_nids) / sizeof(int))) - return 1; - return 0; - } -@@ -355,7 +400,9 @@ static void x509v3_cache_extensions(X509 *x) - int i; - if (x->ex_flags & EXFLAG_SET) - return; -+#ifndef OPENSSL_NO_SHA - X509_digest(x, EVP_sha1(), x->sha1_hash, NULL); -+#endif - /* V1 should mean no extensions ... */ - if (!X509_get_version(x)) - x->ex_flags |= EXFLAG_V1; -@@ -528,22 +575,12 @@ static int check_ca(const X509 *x) - } - } - --void X509_set_proxy_flag(X509 *x) --{ -- x->ex_flags |= EXFLAG_PROXY; --} -- --void X509_set_proxy_pathlen(X509 *x, long l) --{ -- x->ex_pcpathlen = l; --} -- - int X509_check_ca(X509 *x) - { - if (!(x->ex_flags & EXFLAG_SET)) { -- CRYPTO_THREAD_write_lock(x->lock); -+ CRYPTO_w_lock(CRYPTO_LOCK_X509); - x509v3_cache_extensions(x); -- CRYPTO_THREAD_unlock(x->lock); -+ CRYPTO_w_unlock(CRYPTO_LOCK_X509); - } - - return check_ca(x); -@@ -725,7 +762,7 @@ static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x, - return 0; - - /* Extended Key Usage MUST be critical */ -- i_ext = X509_get_ext_by_NID(x, NID_ext_key_usage, -1); -+ i_ext = X509_get_ext_by_NID((X509 *)x, NID_ext_key_usage, -1); - if (i_ext >= 0) { - X509_EXTENSION *ext = X509_get_ext((X509 *)x, i_ext); - if (!X509_EXTENSION_get_critical(ext)) -@@ -813,53 +850,3 @@ int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid) - } - return X509_V_OK; - } -- --uint32_t X509_get_extension_flags(X509 *x) --{ -- /* Call for side-effect of computing hash and caching extensions */ -- X509_check_purpose(x, -1, -1); -- return x->ex_flags; --} -- --uint32_t X509_get_key_usage(X509 *x) --{ -- /* Call for side-effect of computing hash and caching extensions */ -- X509_check_purpose(x, -1, -1); -- if (x->ex_flags & EXFLAG_KUSAGE) -- return x->ex_kusage; -- return UINT32_MAX; --} -- --uint32_t X509_get_extended_key_usage(X509 *x) --{ -- /* Call for side-effect of computing hash and caching extensions */ -- X509_check_purpose(x, -1, -1); -- if (x->ex_flags & EXFLAG_XKUSAGE) -- return x->ex_xkusage; -- return UINT32_MAX; --} -- --const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x) --{ -- /* Call for side-effect of computing hash and caching extensions */ -- X509_check_purpose(x, -1, -1); -- return x->skid; --} -- --long X509_get_pathlen(X509 *x) --{ -- /* Called for side effect of caching extensions */ -- if (X509_check_purpose(x, -1, -1) != 1 -- || (x->ex_flags & EXFLAG_BCONS) == 0) -- return -1; -- return x->ex_pathlen; --} -- --long X509_get_proxy_pathlen(X509 *x) --{ -- /* Called for side effect of caching extensions */ -- if (X509_check_purpose(x, -1, -1) != 1 -- || (x->ex_flags & EXFLAG_PROXY) == 0) -- return -1; -- return x->ex_pcpathlen; --} -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c -index 39597dc..1cede04 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c -@@ -1,17 +1,65 @@ -+/* v3_skey.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include --#include "internal/x509_int.h" --#include "ext_dat.h" - - static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, char *str); -@@ -24,25 +72,24 @@ const X509V3_EXT_METHOD v3_skey_id = { - NULL - }; - --char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, -- const ASN1_OCTET_STRING *oct) -+char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *oct) - { -- return OPENSSL_buf2hexstr(oct->data, oct->length); -+ return hex_to_string(oct->data, oct->length); - } - - ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, -- X509V3_CTX *ctx, const char *str) -+ X509V3_CTX *ctx, char *str) - { - ASN1_OCTET_STRING *oct; - long length; - -- if ((oct = ASN1_OCTET_STRING_new()) == NULL) { -+ if (!(oct = M_ASN1_OCTET_STRING_new())) { - X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE); - return NULL; - } - -- if ((oct->data = OPENSSL_hexstr2buf(str, &length)) == NULL) { -- ASN1_OCTET_STRING_free(oct); -+ if (!(oct->data = string_to_hex(str, &length))) { -+ M_ASN1_OCTET_STRING_free(oct); - return NULL; - } - -@@ -56,16 +103,14 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, char *str) - { - ASN1_OCTET_STRING *oct; -- X509_PUBKEY *pubkey; -- const unsigned char *pk; -- int pklen; -+ ASN1_BIT_STRING *pk; - unsigned char pkey_dig[EVP_MAX_MD_SIZE]; - unsigned int diglen; - - if (strcmp(str, "hash")) - return s2i_ASN1_OCTET_STRING(method, ctx, str); - -- if ((oct = ASN1_OCTET_STRING_new()) == NULL) { -+ if (!(oct = M_ASN1_OCTET_STRING_new())) { - X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE); - return NULL; - } -@@ -79,21 +124,20 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, - } - - if (ctx->subject_req) -- pubkey = ctx->subject_req->req_info.pubkey; -+ pk = ctx->subject_req->req_info->pubkey->public_key; - else -- pubkey = ctx->subject_cert->cert_info.key; -+ pk = ctx->subject_cert->cert_info->key->public_key; - -- if (pubkey == NULL) { -+ if (!pk) { - X509V3err(X509V3_F_S2I_SKEY_ID, X509V3_R_NO_PUBLIC_KEY); - goto err; - } - -- X509_PUBKEY_get0_param(NULL, &pk, &pklen, NULL, pubkey); -- -- if (!EVP_Digest(pk, pklen, pkey_dig, &diglen, EVP_sha1(), NULL)) -+ if (!EVP_Digest -+ (pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL)) - goto err; - -- if (!ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) { -+ if (!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) { - X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE); - goto err; - } -@@ -101,6 +145,6 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, - return oct; - - err: -- ASN1_OCTET_STRING_free(oct); -+ M_ASN1_OCTET_STRING_free(oct); - return NULL; - } -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c -index 89cda01..a4e6a93 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c -@@ -1,19 +1,68 @@ -+/* v3_sxnet.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ - - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include - #include - #include --#include "ext_dat.h" - - /* Support for Thawte strong extranet extension */ - -@@ -68,7 +117,7 @@ static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, - tmp = i2s_ASN1_INTEGER(NULL, id->zone); - BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp); - OPENSSL_free(tmp); -- ASN1_STRING_print(out, id->user); -+ M_ASN1_OCTET_STRING_print(out, id->user); - } - return 1; - } -@@ -101,11 +150,10 @@ static SXNET *sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - - /* Add an id given the zone as an ASCII number */ - --int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userlen) -+int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen) - { -- ASN1_INTEGER *izone; -- -- if ((izone = s2i_ASN1_INTEGER(NULL, zone)) == NULL) { -+ ASN1_INTEGER *izone = NULL; -+ if (!(izone = s2i_ASN1_INTEGER(NULL, zone))) { - X509V3err(X509V3_F_SXNET_ADD_ID_ASC, X509V3_R_ERROR_CONVERTING_ZONE); - return 0; - } -@@ -114,15 +162,13 @@ int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userle - - /* Add an id given the zone as an unsigned long */ - --int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user, -+int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, - int userlen) - { -- ASN1_INTEGER *izone; -- -- if ((izone = ASN1_INTEGER_new()) == NULL -- || !ASN1_INTEGER_set(izone, lzone)) { -+ ASN1_INTEGER *izone = NULL; -+ if (!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { - X509V3err(X509V3_F_SXNET_ADD_ID_ULONG, ERR_R_MALLOC_FAILURE); -- ASN1_INTEGER_free(izone); -+ M_ASN1_INTEGER_free(izone); - return 0; - } - return SXNET_add_id_INTEGER(psx, izone, user, userlen); -@@ -134,7 +180,7 @@ int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user, - * passed integer and doesn't make a copy so don't free it up afterwards. - */ - --int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, const char *user, -+int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user, - int userlen) - { - SXNET *sx = NULL; -@@ -150,8 +196,8 @@ int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, const char *user, - X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, X509V3_R_USER_TOO_LONG); - return 0; - } -- if (*psx == NULL) { -- if ((sx = SXNET_new()) == NULL) -+ if (!*psx) { -+ if (!(sx = SXNET_new())) - goto err; - if (!ASN1_INTEGER_set(sx->version, 0)) - goto err; -@@ -163,12 +209,12 @@ int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, const char *user, - return 0; - } - -- if ((id = SXNETID_new()) == NULL) -+ if (!(id = SXNETID_new())) - goto err; - if (userlen == -1) - userlen = strlen(user); - -- if (!ASN1_OCTET_STRING_set(id->user, (const unsigned char *)user, userlen)) -+ if (!M_ASN1_OCTET_STRING_set(id->user, user, userlen)) - goto err; - if (!sk_SXNETID_push(sx->ids, id)) - goto err; -@@ -183,33 +229,30 @@ int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, const char *user, - return 0; - } - --ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, const char *zone) -+ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone) - { -- ASN1_INTEGER *izone; -+ ASN1_INTEGER *izone = NULL; - ASN1_OCTET_STRING *oct; -- -- if ((izone = s2i_ASN1_INTEGER(NULL, zone)) == NULL) { -+ if (!(izone = s2i_ASN1_INTEGER(NULL, zone))) { - X509V3err(X509V3_F_SXNET_GET_ID_ASC, X509V3_R_ERROR_CONVERTING_ZONE); - return NULL; - } - oct = SXNET_get_id_INTEGER(sx, izone); -- ASN1_INTEGER_free(izone); -+ M_ASN1_INTEGER_free(izone); - return oct; - } - - ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone) - { -- ASN1_INTEGER *izone; -+ ASN1_INTEGER *izone = NULL; - ASN1_OCTET_STRING *oct; -- -- if ((izone = ASN1_INTEGER_new()) == NULL -- || !ASN1_INTEGER_set(izone, lzone)) { -+ if (!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { - X509V3err(X509V3_F_SXNET_GET_ID_ULONG, ERR_R_MALLOC_FAILURE); -- ASN1_INTEGER_free(izone); -+ M_ASN1_INTEGER_free(izone); - return NULL; - } - oct = SXNET_get_id_INTEGER(sx, izone); -- ASN1_INTEGER_free(izone); -+ M_ASN1_INTEGER_free(izone); - return oct; - } - -@@ -219,8 +262,12 @@ ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone) - int i; - for (i = 0; i < sk_SXNETID_num(sx->ids); i++) { - id = sk_SXNETID_value(sx->ids, i); -- if (!ASN1_INTEGER_cmp(id->zone, zone)) -+ if (!M_ASN1_INTEGER_cmp(id->zone, zone)) - return id->user; - } - return NULL; - } -+ -+IMPLEMENT_STACK_OF(SXNETID) -+ -+IMPLEMENT_ASN1_SET_OF(SXNETID) -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_tlsf.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_tlsf.c -deleted file mode 100644 -index fec6724..0000000 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_tlsf.c -+++ /dev/null -@@ -1,137 +0,0 @@ --/* -- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#include --#include "internal/cryptlib.h" --#include "internal/o_str.h" --#include --#include --#include --#include "ext_dat.h" -- --static STACK_OF(CONF_VALUE) *i2v_TLS_FEATURE(const X509V3_EXT_METHOD *method, -- TLS_FEATURE *tls_feature, -- STACK_OF(CONF_VALUE) *ext_list); --static TLS_FEATURE *v2i_TLS_FEATURE(const X509V3_EXT_METHOD *method, -- X509V3_CTX *ctx, -- STACK_OF(CONF_VALUE) *nval); -- --ASN1_ITEM_TEMPLATE(TLS_FEATURE) = -- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, TLS_FEATURE, ASN1_INTEGER) --static_ASN1_ITEM_TEMPLATE_END(TLS_FEATURE) -- --IMPLEMENT_ASN1_ALLOC_FUNCTIONS(TLS_FEATURE) -- --const X509V3_EXT_METHOD v3_tls_feature = { -- NID_tlsfeature, 0, -- ASN1_ITEM_ref(TLS_FEATURE), -- 0, 0, 0, 0, -- 0, 0, -- (X509V3_EXT_I2V)i2v_TLS_FEATURE, -- (X509V3_EXT_V2I)v2i_TLS_FEATURE, -- 0, 0, -- NULL --}; -- -- --typedef struct { -- long num; -- const char *name; --} TLS_FEATURE_NAME; -- --static TLS_FEATURE_NAME tls_feature_tbl[] = { -- { 5, "status_request" }, -- { 17, "status_request_v2" } --}; -- --/* -- * i2v_TLS_FEATURE converts the TLS_FEATURE structure tls_feature into the -- * STACK_OF(CONF_VALUE) structure ext_list. STACK_OF(CONF_VALUE) is the format -- * used by the CONF library to represent a multi-valued extension. ext_list is -- * returned. -- */ --static STACK_OF(CONF_VALUE) *i2v_TLS_FEATURE(const X509V3_EXT_METHOD *method, -- TLS_FEATURE *tls_feature, -- STACK_OF(CONF_VALUE) *ext_list) --{ -- int i; -- size_t j; -- ASN1_INTEGER *ai; -- long tlsextid; -- for (i = 0; i < sk_ASN1_INTEGER_num(tls_feature); i++) { -- ai = sk_ASN1_INTEGER_value(tls_feature, i); -- tlsextid = ASN1_INTEGER_get(ai); -- for (j = 0; j < OSSL_NELEM(tls_feature_tbl); j++) -- if (tlsextid == tls_feature_tbl[j].num) -- break; -- if (j < OSSL_NELEM(tls_feature_tbl)) -- X509V3_add_value(NULL, tls_feature_tbl[j].name, &ext_list); -- else -- X509V3_add_value_int(NULL, ai, &ext_list); -- } -- return ext_list; --} -- --/* -- * v2i_TLS_FEATURE converts the multi-valued extension nval into a TLS_FEATURE -- * structure, which is returned if the conversion is successful. In case of -- * error, NULL is returned. -- */ --static TLS_FEATURE *v2i_TLS_FEATURE(const X509V3_EXT_METHOD *method, -- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) --{ -- TLS_FEATURE *tlsf; -- char *extval, *endptr; -- ASN1_INTEGER *ai; -- CONF_VALUE *val; -- int i; -- size_t j; -- long tlsextid; -- -- if ((tlsf = sk_ASN1_INTEGER_new_null()) == NULL) { -- X509V3err(X509V3_F_V2I_TLS_FEATURE, ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- -- for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { -- val = sk_CONF_VALUE_value(nval, i); -- if (val->value) -- extval = val->value; -- else -- extval = val->name; -- -- for (j = 0; j < OSSL_NELEM(tls_feature_tbl); j++) -- if (strcasecmp(extval, tls_feature_tbl[j].name) == 0) -- break; -- if (j < OSSL_NELEM(tls_feature_tbl)) -- tlsextid = tls_feature_tbl[j].num; -- else { -- tlsextid = strtol(extval, &endptr, 10); -- if (((*endptr) != '\0') || (extval == endptr) || (tlsextid < 0) || -- (tlsextid > 65535)) { -- X509V3err(X509V3_F_V2I_TLS_FEATURE, X509V3_R_INVALID_SYNTAX); -- X509V3_conf_err(val); -- goto err; -- } -- } -- -- ai = ASN1_INTEGER_new(); -- if (ai == NULL) { -- X509V3err(X509V3_F_V2I_TLS_FEATURE, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- ASN1_INTEGER_set(ai, tlsextid); -- sk_ASN1_INTEGER_push(tlsf, ai); -- } -- return tlsf; -- -- err: -- sk_ASN1_INTEGER_pop_free(tlsf, ASN1_INTEGER_free); -- return NULL; --} -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c -index 7dc9a45..43b9cb9 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c -@@ -1,29 +1,76 @@ -+/* v3_utl.c */ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -+ * project. -+ */ -+/* ==================================================================== -+ * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html - */ -- - /* X509 v3 extension utilities */ - - #include - #include --#include "internal/cryptlib.h" -+#include "cryptlib.h" - #include - #include --#include "internal/x509_int.h" - #include --#include "ext_dat.h" - - static char *strip_spaces(char *name); - static int sk_strcmp(const char *const *a, const char *const *b); - static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name, - GENERAL_NAMES *gens); - static void str_free(OPENSSL_STRING str); --static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, const ASN1_IA5STRING *email); -+static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email); - - static int ipv4_from_asc(unsigned char *v4, const char *in); - static int ipv6_from_asc(unsigned char *v6, const char *in); -@@ -37,14 +84,13 @@ int X509V3_add_value(const char *name, const char *value, - { - CONF_VALUE *vtmp = NULL; - char *tname = NULL, *tvalue = NULL; -- -- if (name && (tname = OPENSSL_strdup(name)) == NULL) -+ if (name && !(tname = BUF_strdup(name))) - goto err; -- if (value && (tvalue = OPENSSL_strdup(value)) == NULL) -+ if (value && !(tvalue = BUF_strdup(value))) - goto err; -- if ((vtmp = OPENSSL_malloc(sizeof(*vtmp))) == NULL) -+ if (!(vtmp = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) - goto err; -- if (*extlist == NULL && (*extlist = sk_CONF_VALUE_new_null()) == NULL) -+ if (!*extlist && !(*extlist = sk_CONF_VALUE_new_null())) - goto err; - vtmp->section = NULL; - vtmp->name = tname; -@@ -54,9 +100,12 @@ int X509V3_add_value(const char *name, const char *value, - return 1; - err: - X509V3err(X509V3_F_X509V3_ADD_VALUE, ERR_R_MALLOC_FAILURE); -- OPENSSL_free(vtmp); -- OPENSSL_free(tname); -- OPENSSL_free(tvalue); -+ if (vtmp) -+ OPENSSL_free(vtmp); -+ if (tname) -+ OPENSSL_free(tname); -+ if (tvalue) -+ OPENSSL_free(tvalue); - return 0; - } - -@@ -72,9 +121,12 @@ void X509V3_conf_free(CONF_VALUE *conf) - { - if (!conf) - return; -- OPENSSL_free(conf->name); -- OPENSSL_free(conf->value); -- OPENSSL_free(conf->section); -+ if (conf->name) -+ OPENSSL_free(conf->name); -+ if (conf->value) -+ OPENSSL_free(conf->value); -+ if (conf->section) -+ OPENSSL_free(conf->section); - OPENSSL_free(conf); - } - -@@ -86,7 +138,7 @@ int X509V3_add_value_bool(const char *name, int asn1_bool, - return X509V3_add_value(name, "FALSE", extlist); - } - --int X509V3_add_value_bool_nf(const char *name, int asn1_bool, -+int X509V3_add_value_bool_nf(char *name, int asn1_bool, - STACK_OF(CONF_VALUE) **extlist) - { - if (asn1_bool) -@@ -94,49 +146,43 @@ int X509V3_add_value_bool_nf(const char *name, int asn1_bool, - return 1; - } - --char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, const ASN1_ENUMERATED *a) -+char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *a) - { - BIGNUM *bntmp = NULL; - char *strtmp = NULL; -- - if (!a) - return NULL; -- if ((bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) == NULL -- || (strtmp = BN_bn2dec(bntmp)) == NULL) -+ if (!(bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) || -+ !(strtmp = BN_bn2dec(bntmp))) - X509V3err(X509V3_F_I2S_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE); - BN_free(bntmp); - return strtmp; - } - --char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, const ASN1_INTEGER *a) -+char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, ASN1_INTEGER *a) - { - BIGNUM *bntmp = NULL; - char *strtmp = NULL; -- - if (!a) - return NULL; -- if ((bntmp = ASN1_INTEGER_to_BN(a, NULL)) == NULL -- || (strtmp = BN_bn2dec(bntmp)) == NULL) -+ if (!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) || -+ !(strtmp = BN_bn2dec(bntmp))) - X509V3err(X509V3_F_I2S_ASN1_INTEGER, ERR_R_MALLOC_FAILURE); - BN_free(bntmp); - return strtmp; - } - --ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, const char *value) -+ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value) - { - BIGNUM *bn = NULL; - ASN1_INTEGER *aint; - int isneg, ishex; - int ret; -- if (value == NULL) { -+ if (!value) { - X509V3err(X509V3_F_S2I_ASN1_INTEGER, X509V3_R_INVALID_NULL_VALUE); -- return NULL; -+ return 0; - } - bn = BN_new(); -- if (bn == NULL) { -- X509V3err(X509V3_F_S2I_ASN1_INTEGER, ERR_R_MALLOC_FAILURE); -- return NULL; -- } - if (value[0] == '-') { - value++; - isneg = 1; -@@ -157,7 +203,7 @@ ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, const char *value) - if (!ret || value[ret]) { - BN_free(bn); - X509V3err(X509V3_F_S2I_ASN1_INTEGER, X509V3_R_BN_DEC2BN_ERROR); -- return NULL; -+ return 0; - } - - if (isneg && BN_is_zero(bn)) -@@ -168,49 +214,40 @@ ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, const char *value) - if (!aint) { - X509V3err(X509V3_F_S2I_ASN1_INTEGER, - X509V3_R_BN_TO_ASN1_INTEGER_ERROR); -- return NULL; -+ return 0; - } - if (isneg) - aint->type |= V_ASN1_NEG; - return aint; - } - --int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint, -+int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint, - STACK_OF(CONF_VALUE) **extlist) - { - char *strtmp; - int ret; -- - if (!aint) - return 1; -- if ((strtmp = i2s_ASN1_INTEGER(NULL, aint)) == NULL) -+ if (!(strtmp = i2s_ASN1_INTEGER(NULL, aint))) - return 0; - ret = X509V3_add_value(name, strtmp, extlist); - OPENSSL_free(strtmp); - return ret; - } - --int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool) -+int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool) - { -- const char *btmp; -- -- if ((btmp = value->value) == NULL) -+ char *btmp; -+ if (!(btmp = value->value)) - goto err; -- if (strcmp(btmp, "TRUE") == 0 -- || strcmp(btmp, "true") == 0 -- || strcmp(btmp, "Y") == 0 -- || strcmp(btmp, "y") == 0 -- || strcmp(btmp, "YES") == 0 -- || strcmp(btmp, "yes") == 0) { -+ if (!strcmp(btmp, "TRUE") || !strcmp(btmp, "true") -+ || !strcmp(btmp, "Y") || !strcmp(btmp, "y") -+ || !strcmp(btmp, "YES") || !strcmp(btmp, "yes")) { - *asn1_bool = 0xff; - return 1; -- } -- if (strcmp(btmp, "FALSE") == 0 -- || strcmp(btmp, "false") == 0 -- || strcmp(btmp, "N") == 0 -- || strcmp(btmp, "n") == 0 -- || strcmp(btmp, "NO") == 0 -- || strcmp(btmp, "no") == 0) { -+ } else if (!strcmp(btmp, "FALSE") || !strcmp(btmp, "false") -+ || !strcmp(btmp, "N") || !strcmp(btmp, "n") -+ || !strcmp(btmp, "NO") || !strcmp(btmp, "no")) { - *asn1_bool = 0; - return 1; - } -@@ -221,11 +258,10 @@ int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool) - return 0; - } - --int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint) -+int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint) - { - ASN1_INTEGER *itmp; -- -- if ((itmp = s2i_ASN1_INTEGER(NULL, value->value)) == NULL) { -+ if (!(itmp = s2i_ASN1_INTEGER(NULL, value->value))) { - X509V3_conf_err(value); - return 0; - } -@@ -248,7 +284,7 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) - char *linebuf; - int state; - /* We are going to modify the line so copy it first */ -- linebuf = OPENSSL_strdup(line); -+ linebuf = BUF_strdup(line); - if (linebuf == NULL) { - X509V3err(X509V3_F_X509V3_PARSE_LIST, ERR_R_MALLOC_FAILURE); - goto err; -@@ -275,6 +311,9 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) - *p = 0; - ntmp = strip_spaces(q); - q = p + 1; -+#if 0 -+ printf("%s\n", ntmp); -+#endif - if (!ntmp) { - X509V3err(X509V3_F_X509V3_PARSE_LIST, - X509V3_R_INVALID_NULL_NAME); -@@ -289,6 +328,9 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) - state = HDR_NAME; - *p = 0; - vtmp = strip_spaces(q); -+#if 0 -+ printf("%s\n", ntmp); -+#endif - if (!vtmp) { - X509V3err(X509V3_F_X509V3_PARSE_LIST, - X509V3_R_INVALID_NULL_VALUE); -@@ -304,6 +346,9 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) - - if (state == HDR_VALUE) { - vtmp = strip_spaces(q); -+#if 0 -+ printf("%s=%s\n", ntmp, vtmp); -+#endif - if (!vtmp) { - X509V3err(X509V3_F_X509V3_PARSE_LIST, - X509V3_R_INVALID_NULL_VALUE); -@@ -312,6 +357,9 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) - X509V3_add_value(ntmp, vtmp, &values); - } else { - ntmp = strip_spaces(q); -+#if 0 -+ printf("%s\n", ntmp); -+#endif - if (!ntmp) { - X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME); - goto err; -@@ -348,6 +396,109 @@ static char *strip_spaces(char *name) - return p; - } - -+/* hex string utilities */ -+ -+/* -+ * Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its -+ * hex representation @@@ (Contents of buffer are always kept in ASCII, also -+ * on EBCDIC machines) -+ */ -+ -+char *hex_to_string(const unsigned char *buffer, long len) -+{ -+ char *tmp, *q; -+ const unsigned char *p; -+ int i; -+ const static char hexdig[] = "0123456789ABCDEF"; -+ if (!buffer || !len) -+ return NULL; -+ if (!(tmp = OPENSSL_malloc(len * 3 + 1))) { -+ X509V3err(X509V3_F_HEX_TO_STRING, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ q = tmp; -+ for (i = 0, p = buffer; i < len; i++, p++) { -+ *q++ = hexdig[(*p >> 4) & 0xf]; -+ *q++ = hexdig[*p & 0xf]; -+ *q++ = ':'; -+ } -+ q[-1] = 0; -+#ifdef CHARSET_EBCDIC -+ ebcdic2ascii(tmp, tmp, q - tmp - 1); -+#endif -+ -+ return tmp; -+} -+ -+/* -+ * Give a string of hex digits convert to a buffer -+ */ -+ -+unsigned char *string_to_hex(const char *str, long *len) -+{ -+ unsigned char *hexbuf, *q; -+ unsigned char ch, cl, *p; -+ if (!str) { -+ X509V3err(X509V3_F_STRING_TO_HEX, X509V3_R_INVALID_NULL_ARGUMENT); -+ return NULL; -+ } -+ if (!(hexbuf = OPENSSL_malloc(strlen(str) >> 1))) -+ goto err; -+ for (p = (unsigned char *)str, q = hexbuf; *p;) { -+ ch = *p++; -+#ifdef CHARSET_EBCDIC -+ ch = os_toebcdic[ch]; -+#endif -+ if (ch == ':') -+ continue; -+ cl = *p++; -+#ifdef CHARSET_EBCDIC -+ cl = os_toebcdic[cl]; -+#endif -+ if (!cl) { -+ X509V3err(X509V3_F_STRING_TO_HEX, X509V3_R_ODD_NUMBER_OF_DIGITS); -+ OPENSSL_free(hexbuf); -+ return NULL; -+ } -+ if (isupper(ch)) -+ ch = tolower(ch); -+ if (isupper(cl)) -+ cl = tolower(cl); -+ -+ if ((ch >= '0') && (ch <= '9')) -+ ch -= '0'; -+ else if ((ch >= 'a') && (ch <= 'f')) -+ ch -= 'a' - 10; -+ else -+ goto badhex; -+ -+ if ((cl >= '0') && (cl <= '9')) -+ cl -= '0'; -+ else if ((cl >= 'a') && (cl <= 'f')) -+ cl -= 'a' - 10; -+ else -+ goto badhex; -+ -+ *q++ = (ch << 4) | cl; -+ } -+ -+ if (len) -+ *len = q - hexbuf; -+ -+ return hexbuf; -+ -+ err: -+ if (hexbuf) -+ OPENSSL_free(hexbuf); -+ X509V3err(X509V3_F_STRING_TO_HEX, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ -+ badhex: -+ OPENSSL_free(hexbuf); -+ X509V3err(X509V3_F_STRING_TO_HEX, X509V3_R_ILLEGAL_HEX_DIGIT); -+ return NULL; -+ -+} - - /* - * V2I name comparison function: returns zero if 'name' matches cmp or cmp.* -@@ -452,7 +603,7 @@ static void str_free(OPENSSL_STRING str) - OPENSSL_free(str); - } - --static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, const ASN1_IA5STRING *email) -+static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email) - { - char *emtmp; - /* First some sanity checks */ -@@ -460,16 +611,15 @@ static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, const ASN1_IA5STRING *email - return 1; - if (!email->data || !email->length) - return 1; -- if (*sk == NULL) -+ if (!*sk) - *sk = sk_OPENSSL_STRING_new(sk_strcmp); -- if (*sk == NULL) -+ if (!*sk) - return 0; - /* Don't add duplicates */ - if (sk_OPENSSL_STRING_find(*sk, (char *)email->data) != -1) - return 1; -- emtmp = OPENSSL_strdup((char *)email->data); -- if (emtmp == NULL || !sk_OPENSSL_STRING_push(*sk, emtmp)) { -- OPENSSL_free(emtmp); /* free on push failure */ -+ emtmp = BUF_strdup((char *)email->data); -+ if (!emtmp || !sk_OPENSSL_STRING_push(*sk, emtmp)) { - X509_email_free(*sk); - *sk = NULL; - return 0; -@@ -488,7 +638,7 @@ typedef int (*equal_fn) (const unsigned char *pattern, size_t pattern_len, - - /* Skip pattern prefix to match "wildcard" subject */ - static void skip_prefix(const unsigned char **p, size_t *plen, -- size_t subject_len, -+ const unsigned char *subject, size_t subject_len, - unsigned int flags) - { - const unsigned char *pattern = *p; -@@ -523,7 +673,7 @@ static int equal_nocase(const unsigned char *pattern, size_t pattern_len, - const unsigned char *subject, size_t subject_len, - unsigned int flags) - { -- skip_prefix(&pattern, &pattern_len, subject_len, flags); -+ skip_prefix(&pattern, &pattern_len, subject, subject_len, flags); - if (pattern_len != subject_len) - return 0; - while (pattern_len) { -@@ -552,7 +702,7 @@ static int equal_case(const unsigned char *pattern, size_t pattern_len, - const unsigned char *subject, size_t subject_len, - unsigned int flags) - { -- skip_prefix(&pattern, &pattern_len, subject_len, flags); -+ skip_prefix(&pattern, &pattern_len, subject, subject_len, flags); - if (pattern_len != subject_len) - return 0; - return !memcmp(pattern, subject, pattern_len); -@@ -735,7 +885,7 @@ static int equal_wildcard(const unsigned char *pattern, size_t pattern_len, - * to UTF8. - */ - --static int do_check_string(const ASN1_STRING *a, int cmp_type, equal_fn equal, -+static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal, - unsigned int flags, const char *b, size_t blen, - char **peername) - { -@@ -751,7 +901,7 @@ static int do_check_string(const ASN1_STRING *a, int cmp_type, equal_fn equal, - else if (a->length == (int)blen && !memcmp(a->data, b, blen)) - rv = 1; - if (rv > 0 && peername) -- *peername = OPENSSL_strndup((char *)a->data, a->length); -+ *peername = BUF_strndup((char *)a->data, a->length); - } else { - int astrlen; - unsigned char *astr; -@@ -765,7 +915,7 @@ static int do_check_string(const ASN1_STRING *a, int cmp_type, equal_fn equal, - } - rv = equal(astr, astrlen, (unsigned char *)b, blen, flags); - if (rv > 0 && peername) -- *peername = OPENSSL_strndup((char *)astr, astrlen); -+ *peername = BUF_strndup((char *)astr, astrlen); - OPENSSL_free(astr); - } - return rv; -@@ -830,20 +980,23 @@ static int do_x509_check(X509 *x, const char *chk, size_t chklen, - GENERAL_NAMES_free(gens); - if (rv != 0) - return rv; -- if (san_present && !(flags & X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT)) -+ if (cnid == NID_undef -+ || (san_present -+ && !(flags & X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT))) - return 0; - } - - /* We're done if CN-ID is not pertinent */ -- if (cnid == NID_undef || (flags & X509_CHECK_FLAG_NEVER_CHECK_SUBJECT)) -+ if (cnid == NID_undef) - return 0; - - i = -1; - name = X509_get_subject_name(x); - while ((i = X509_NAME_get_index_by_NID(name, cnid, i)) >= 0) { -- const X509_NAME_ENTRY *ne = X509_NAME_get_entry(name, i); -- const ASN1_STRING *str = X509_NAME_ENTRY_get_data(ne); -- -+ X509_NAME_ENTRY *ne; -+ ASN1_STRING *str; -+ ne = X509_NAME_get_entry(name, i); -+ str = X509_NAME_ENTRY_get_data(ne); - /* Positive on success, negative on error! */ - if ((rv = do_check_string(str, -1, equal, flags, - chk, chklen, peername)) != 0) -@@ -930,7 +1083,7 @@ ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc) - return NULL; - - ret = ASN1_OCTET_STRING_new(); -- if (ret == NULL) -+ if (!ret) - return NULL; - if (!ASN1_OCTET_STRING_set(ret, ipout, iplen)) { - ASN1_OCTET_STRING_free(ret); -@@ -948,7 +1101,7 @@ ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc) - p = strchr(ipasc, '/'); - if (!p) - return NULL; -- iptmp = OPENSSL_strdup(ipasc); -+ iptmp = BUF_strdup(ipasc); - if (!iptmp) - return NULL; - p = iptmp + (p - ipasc); -@@ -968,7 +1121,7 @@ ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc) - goto err; - - ret = ASN1_OCTET_STRING_new(); -- if (ret == NULL) -+ if (!ret) - goto err; - if (!ASN1_OCTET_STRING_set(ret, ipout, iplen1 + iplen2)) - goto err; -@@ -976,8 +1129,10 @@ ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc) - return ret; - - err: -- OPENSSL_free(iptmp); -- ASN1_OCTET_STRING_free(ret); -+ if (iptmp) -+ OPENSSL_free(iptmp); -+ if (ret) -+ ASN1_OCTET_STRING_free(ret); - return NULL; - } - -@@ -1129,17 +1284,19 @@ static int ipv6_hex(unsigned char *out, const char *in, int inlen) - { - unsigned char c; - unsigned int num = 0; -- int x; -- - if (inlen > 4) - return 0; - while (inlen--) { - c = *in++; - num <<= 4; -- x = OPENSSL_hexchar2int(c); -- if (x < 0) -+ if ((c >= '0') && (c <= '9')) -+ num |= c - '0'; -+ else if ((c >= 'A') && (c <= 'F')) -+ num |= c - 'A' + 10; -+ else if ((c >= 'a') && (c <= 'f')) -+ num |= c - 'a' + 10; -+ else - return 0; -- num |= (char)x; - } - out[0] = num >> 8; - out[1] = num & 0xff; -@@ -1150,7 +1307,7 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk, - unsigned long chtype) - { - CONF_VALUE *v; -- int i, mval, spec_char, plus_char; -+ int i, mval; - char *p, *type; - if (!nm) - return 0; -@@ -1161,26 +1318,25 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk, - /* - * Skip past any leading X. X: X, etc to allow for multiple instances - */ -- for (p = type; *p; p++) { -+ for (p = type; *p; p++) - #ifndef CHARSET_EBCDIC -- spec_char = ((*p == ':') || (*p == ',') || (*p == '.')); -+ if ((*p == ':') || (*p == ',') || (*p == '.')) - #else -- spec_char = ((*p == os_toascii[':']) || (*p == os_toascii[',']) -- || (*p == os_toascii['.'])); -+ if ((*p == os_toascii[':']) || (*p == os_toascii[',']) -+ || (*p == os_toascii['.'])) - #endif -- if (spec_char) { -+ { - p++; - if (*p) - type = p; - break; - } -- } - #ifndef CHARSET_EBCDIC -- plus_char = (*type == '+'); -+ if (*type == '+') - #else -- plus_char = (*type == os_toascii['+']); -+ if (*type == os_toascii['+']) - #endif -- if (plus_char) { -+ { - mval = -1; - type++; - } else -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3err.c b/Cryptlib/OpenSSL/crypto/x509v3/v3err.c -index 5d79c8c..bcc1be7 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3err.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3err.c -@@ -1,11 +1,62 @@ --/* -- * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* crypto/x509v3/v3err.c */ -+/* ==================================================================== -+ * Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+/* -+ * NOTE: this file was auto generated by the mkerr.pl script: any changes -+ * made to it will be overwritten when the script next updates this file, -+ * only reason strings will be preserved. - */ - - #include -@@ -20,62 +71,68 @@ - - static ERR_STRING_DATA X509V3_str_functs[] = { - {ERR_FUNC(X509V3_F_A2I_GENERAL_NAME), "a2i_GENERAL_NAME"}, -- {ERR_FUNC(X509V3_F_ADDR_VALIDATE_PATH_INTERNAL), -- "addr_validate_path_internal"}, - {ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE), -- "ASIdentifierChoice_canonize"}, -+ "ASIDENTIFIERCHOICE_CANONIZE"}, - {ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL), -- "ASIdentifierChoice_is_canonical"}, -- {ERR_FUNC(X509V3_F_COPY_EMAIL), "copy_email"}, -- {ERR_FUNC(X509V3_F_COPY_ISSUER), "copy_issuer"}, -- {ERR_FUNC(X509V3_F_DO_DIRNAME), "do_dirname"}, -- {ERR_FUNC(X509V3_F_DO_EXT_I2D), "do_ext_i2d"}, -- {ERR_FUNC(X509V3_F_DO_EXT_NCONF), "do_ext_nconf"}, -- {ERR_FUNC(X509V3_F_GNAMES_FROM_SECTNAME), "gnames_from_sectname"}, -+ "ASIDENTIFIERCHOICE_IS_CANONICAL"}, -+ {ERR_FUNC(X509V3_F_COPY_EMAIL), "COPY_EMAIL"}, -+ {ERR_FUNC(X509V3_F_COPY_ISSUER), "COPY_ISSUER"}, -+ {ERR_FUNC(X509V3_F_DO_DIRNAME), "DO_DIRNAME"}, -+ {ERR_FUNC(X509V3_F_DO_EXT_CONF), "DO_EXT_CONF"}, -+ {ERR_FUNC(X509V3_F_DO_EXT_I2D), "DO_EXT_I2D"}, -+ {ERR_FUNC(X509V3_F_DO_EXT_NCONF), "DO_EXT_NCONF"}, -+ {ERR_FUNC(X509V3_F_DO_I2V_NAME_CONSTRAINTS), "DO_I2V_NAME_CONSTRAINTS"}, -+ {ERR_FUNC(X509V3_F_GNAMES_FROM_SECTNAME), "GNAMES_FROM_SECTNAME"}, -+ {ERR_FUNC(X509V3_F_HEX_TO_STRING), "hex_to_string"}, - {ERR_FUNC(X509V3_F_I2S_ASN1_ENUMERATED), "i2s_ASN1_ENUMERATED"}, -- {ERR_FUNC(X509V3_F_I2S_ASN1_IA5STRING), "i2s_ASN1_IA5STRING"}, -+ {ERR_FUNC(X509V3_F_I2S_ASN1_IA5STRING), "I2S_ASN1_IA5STRING"}, - {ERR_FUNC(X509V3_F_I2S_ASN1_INTEGER), "i2s_ASN1_INTEGER"}, - {ERR_FUNC(X509V3_F_I2V_AUTHORITY_INFO_ACCESS), -- "i2v_AUTHORITY_INFO_ACCESS"}, -- {ERR_FUNC(X509V3_F_NOTICE_SECTION), "notice_section"}, -- {ERR_FUNC(X509V3_F_NREF_NOS), "nref_nos"}, -- {ERR_FUNC(X509V3_F_POLICY_SECTION), "policy_section"}, -- {ERR_FUNC(X509V3_F_PROCESS_PCI_VALUE), "process_pci_value"}, -- {ERR_FUNC(X509V3_F_R2I_CERTPOL), "r2i_certpol"}, -- {ERR_FUNC(X509V3_F_R2I_PCI), "r2i_pci"}, -- {ERR_FUNC(X509V3_F_S2I_ASN1_IA5STRING), "s2i_ASN1_IA5STRING"}, -+ "I2V_AUTHORITY_INFO_ACCESS"}, -+ {ERR_FUNC(X509V3_F_NOTICE_SECTION), "NOTICE_SECTION"}, -+ {ERR_FUNC(X509V3_F_NREF_NOS), "NREF_NOS"}, -+ {ERR_FUNC(X509V3_F_POLICY_SECTION), "POLICY_SECTION"}, -+ {ERR_FUNC(X509V3_F_PROCESS_PCI_VALUE), "PROCESS_PCI_VALUE"}, -+ {ERR_FUNC(X509V3_F_R2I_CERTPOL), "R2I_CERTPOL"}, -+ {ERR_FUNC(X509V3_F_R2I_PCI), "R2I_PCI"}, -+ {ERR_FUNC(X509V3_F_S2I_ASN1_IA5STRING), "S2I_ASN1_IA5STRING"}, - {ERR_FUNC(X509V3_F_S2I_ASN1_INTEGER), "s2i_ASN1_INTEGER"}, - {ERR_FUNC(X509V3_F_S2I_ASN1_OCTET_STRING), "s2i_ASN1_OCTET_STRING"}, -- {ERR_FUNC(X509V3_F_S2I_SKEY_ID), "s2i_skey_id"}, -- {ERR_FUNC(X509V3_F_SET_DIST_POINT_NAME), "set_dist_point_name"}, -+ {ERR_FUNC(X509V3_F_S2I_ASN1_SKEY_ID), "S2I_ASN1_SKEY_ID"}, -+ {ERR_FUNC(X509V3_F_S2I_SKEY_ID), "S2I_SKEY_ID"}, -+ {ERR_FUNC(X509V3_F_SET_DIST_POINT_NAME), "SET_DIST_POINT_NAME"}, -+ {ERR_FUNC(X509V3_F_STRING_TO_HEX), "string_to_hex"}, - {ERR_FUNC(X509V3_F_SXNET_ADD_ID_ASC), "SXNET_add_id_asc"}, - {ERR_FUNC(X509V3_F_SXNET_ADD_ID_INTEGER), "SXNET_add_id_INTEGER"}, - {ERR_FUNC(X509V3_F_SXNET_ADD_ID_ULONG), "SXNET_add_id_ulong"}, - {ERR_FUNC(X509V3_F_SXNET_GET_ID_ASC), "SXNET_get_id_asc"}, - {ERR_FUNC(X509V3_F_SXNET_GET_ID_ULONG), "SXNET_get_id_ulong"}, -- {ERR_FUNC(X509V3_F_V2I_ASIDENTIFIERS), "v2i_ASIdentifiers"}, -+ {ERR_FUNC(X509V3_F_V2I_ASIDENTIFIERS), "V2I_ASIDENTIFIERS"}, - {ERR_FUNC(X509V3_F_V2I_ASN1_BIT_STRING), "v2i_ASN1_BIT_STRING"}, - {ERR_FUNC(X509V3_F_V2I_AUTHORITY_INFO_ACCESS), -- "v2i_AUTHORITY_INFO_ACCESS"}, -- {ERR_FUNC(X509V3_F_V2I_AUTHORITY_KEYID), "v2i_AUTHORITY_KEYID"}, -- {ERR_FUNC(X509V3_F_V2I_BASIC_CONSTRAINTS), "v2i_BASIC_CONSTRAINTS"}, -- {ERR_FUNC(X509V3_F_V2I_CRLD), "v2i_crld"}, -- {ERR_FUNC(X509V3_F_V2I_EXTENDED_KEY_USAGE), "v2i_EXTENDED_KEY_USAGE"}, -+ "V2I_AUTHORITY_INFO_ACCESS"}, -+ {ERR_FUNC(X509V3_F_V2I_AUTHORITY_KEYID), "V2I_AUTHORITY_KEYID"}, -+ {ERR_FUNC(X509V3_F_V2I_BASIC_CONSTRAINTS), "V2I_BASIC_CONSTRAINTS"}, -+ {ERR_FUNC(X509V3_F_V2I_CRLD), "V2I_CRLD"}, -+ {ERR_FUNC(X509V3_F_V2I_EXTENDED_KEY_USAGE), "V2I_EXTENDED_KEY_USAGE"}, - {ERR_FUNC(X509V3_F_V2I_GENERAL_NAMES), "v2i_GENERAL_NAMES"}, - {ERR_FUNC(X509V3_F_V2I_GENERAL_NAME_EX), "v2i_GENERAL_NAME_ex"}, -- {ERR_FUNC(X509V3_F_V2I_IDP), "v2i_idp"}, -- {ERR_FUNC(X509V3_F_V2I_IPADDRBLOCKS), "v2i_IPAddrBlocks"}, -- {ERR_FUNC(X509V3_F_V2I_ISSUER_ALT), "v2i_issuer_alt"}, -- {ERR_FUNC(X509V3_F_V2I_NAME_CONSTRAINTS), "v2i_NAME_CONSTRAINTS"}, -- {ERR_FUNC(X509V3_F_V2I_POLICY_CONSTRAINTS), "v2i_POLICY_CONSTRAINTS"}, -- {ERR_FUNC(X509V3_F_V2I_POLICY_MAPPINGS), "v2i_POLICY_MAPPINGS"}, -- {ERR_FUNC(X509V3_F_V2I_SUBJECT_ALT), "v2i_subject_alt"}, -- {ERR_FUNC(X509V3_F_V2I_TLS_FEATURE), "v2i_TLS_FEATURE"}, -- {ERR_FUNC(X509V3_F_V3_GENERIC_EXTENSION), "v3_generic_extension"}, -+ {ERR_FUNC(X509V3_F_V2I_IDP), "V2I_IDP"}, -+ {ERR_FUNC(X509V3_F_V2I_IPADDRBLOCKS), "V2I_IPADDRBLOCKS"}, -+ {ERR_FUNC(X509V3_F_V2I_ISSUER_ALT), "V2I_ISSUER_ALT"}, -+ {ERR_FUNC(X509V3_F_V2I_NAME_CONSTRAINTS), "V2I_NAME_CONSTRAINTS"}, -+ {ERR_FUNC(X509V3_F_V2I_POLICY_CONSTRAINTS), "V2I_POLICY_CONSTRAINTS"}, -+ {ERR_FUNC(X509V3_F_V2I_POLICY_MAPPINGS), "V2I_POLICY_MAPPINGS"}, -+ {ERR_FUNC(X509V3_F_V2I_SUBJECT_ALT), "V2I_SUBJECT_ALT"}, -+ {ERR_FUNC(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL), -+ "V3_ADDR_VALIDATE_PATH_INTERNAL"}, -+ {ERR_FUNC(X509V3_F_V3_GENERIC_EXTENSION), "V3_GENERIC_EXTENSION"}, - {ERR_FUNC(X509V3_F_X509V3_ADD1_I2D), "X509V3_add1_i2d"}, - {ERR_FUNC(X509V3_F_X509V3_ADD_VALUE), "X509V3_add_value"}, - {ERR_FUNC(X509V3_F_X509V3_EXT_ADD), "X509V3_EXT_add"}, - {ERR_FUNC(X509V3_F_X509V3_EXT_ADD_ALIAS), "X509V3_EXT_add_alias"}, -+ {ERR_FUNC(X509V3_F_X509V3_EXT_CONF), "X509V3_EXT_conf"}, -+ {ERR_FUNC(X509V3_F_X509V3_EXT_FREE), "X509V3_EXT_free"}, - {ERR_FUNC(X509V3_F_X509V3_EXT_I2D), "X509V3_EXT_i2d"}, - {ERR_FUNC(X509V3_F_X509V3_EXT_NCONF), "X509V3_EXT_nconf"}, - {ERR_FUNC(X509V3_F_X509V3_GET_SECTION), "X509V3_get_section"}, -@@ -93,6 +150,8 @@ static ERR_STRING_DATA X509V3_str_reasons[] = { - {ERR_REASON(X509V3_R_BN_DEC2BN_ERROR), "bn dec2bn error"}, - {ERR_REASON(X509V3_R_BN_TO_ASN1_INTEGER_ERROR), - "bn to asn1 integer error"}, -+ {ERR_REASON(X509V3_R_CANNOT_FIND_FREE_FUNCTION), -+ "cannot find free function"}, - {ERR_REASON(X509V3_R_DIRNAME_ERROR), "dirname error"}, - {ERR_REASON(X509V3_R_DISTPOINT_ALREADY_SET), "distpoint already set"}, - {ERR_REASON(X509V3_R_DUPLICATE_ZONE_ID), "duplicate zone id"}, -@@ -108,6 +167,7 @@ static ERR_STRING_DATA X509V3_str_reasons[] = { - "extension setting not supported"}, - {ERR_REASON(X509V3_R_EXTENSION_VALUE_ERROR), "extension value error"}, - {ERR_REASON(X509V3_R_ILLEGAL_EMPTY_EXTENSION), "illegal empty extension"}, -+ {ERR_REASON(X509V3_R_ILLEGAL_HEX_DIGIT), "illegal hex digit"}, - {ERR_REASON(X509V3_R_INCORRECT_POLICY_SYNTAX_TAG), - "incorrect policy syntax tag"}, - {ERR_REASON(X509V3_R_INVALID_ASNUMBER), "invalid asnumber"}, -@@ -147,6 +207,7 @@ static ERR_STRING_DATA X509V3_str_reasons[] = { - "no proxy cert policy language defined"}, - {ERR_REASON(X509V3_R_NO_PUBLIC_KEY), "no public key"}, - {ERR_REASON(X509V3_R_NO_SUBJECT_DETAILS), "no subject details"}, -+ {ERR_REASON(X509V3_R_ODD_NUMBER_OF_DIGITS), "odd number of digits"}, - {ERR_REASON(X509V3_R_OPERATION_NOT_DEFINED), "operation not defined"}, - {ERR_REASON(X509V3_R_OTHERNAME_ERROR), "othername error"}, - {ERR_REASON(X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED), -@@ -154,6 +215,8 @@ static ERR_STRING_DATA X509V3_str_reasons[] = { - {ERR_REASON(X509V3_R_POLICY_PATH_LENGTH), "policy path length"}, - {ERR_REASON(X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED), - "policy path length already defined"}, -+ {ERR_REASON(X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED), -+ "policy syntax not currently supported"}, - {ERR_REASON(X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY), - "policy when proxy language requires no policy"}, - {ERR_REASON(X509V3_R_SECTION_NOT_FOUND), "section not found"}, -@@ -174,7 +237,7 @@ static ERR_STRING_DATA X509V3_str_reasons[] = { - - #endif - --int ERR_load_X509V3_strings(void) -+void ERR_load_X509V3_strings(void) - { - #ifndef OPENSSL_NO_ERR - -@@ -183,5 +246,4 @@ int ERR_load_X509V3_strings(void) - ERR_load_strings(0, X509V3_str_reasons); - } - #endif -- return 1; - } -diff --git a/Cryptlib/OpenSSL/e_os.h b/Cryptlib/OpenSSL/e_os.h -index eafa862..3e9dae2 100644 ---- a/Cryptlib/OpenSSL/e_os.h -+++ b/Cryptlib/OpenSSL/e_os.h -@@ -1,10 +1,59 @@ --/* -- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -+/* e_os.h */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] - */ - - #ifndef HEADER_E_OS_H -@@ -23,28 +72,11 @@ extern "C" { - #endif - - /* Used to checking reference counts, most while doing perl5 stuff :-) */ --# if defined(OPENSSL_NO_STDIO) --# if defined(REF_PRINT) --# error "REF_PRINT requires stdio" --# endif --# endif -- --# if !defined(NDEBUG) && !defined(OPENSSL_NO_STDIO) --# define REF_ASSERT_ISNT(test) \ -- (void)((test) ? (OPENSSL_die("refcount error", __FILE__, __LINE__), 1) : 0) --# else --# define REF_ASSERT_ISNT(i) --# endif - # ifdef REF_PRINT --# define REF_PRINT_COUNT(a, b) \ -- fprintf(stderr, "%p:%4d:%s\n", b, b->references, a) --# else --# define REF_PRINT_COUNT(a, b) -+# undef REF_PRINT -+# define REF_PRINT(a,b) fprintf(stderr,"%08X:%4d:%s\n",(int)b,b->references,a) - # endif - --# define osslargused(x) (void)x --# define OPENSSL_CONF "openssl.cnf" -- - # ifndef DEVRANDOM - /* - * set this to a comma-separated list of 'random' device files to try out. My -@@ -52,9 +84,9 @@ extern "C" { - */ - # define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom" - # endif --# if !defined(OPENSSL_NO_EGD) && !defined(DEVRANDOM_EGD) -+# ifndef DEVRANDOM_EGD - /* -- * set this to a comma-separated list of 'egd' sockets to try out. These -+ * set this to a comma-seperated list of 'egd' sockets to try out. These - * sockets will be tried in the order listed in case accessing the device - * files listed in DEVRANDOM did not return enough entropy. - */ -@@ -67,9 +99,33 @@ extern "C" { - # define NO_SYSLOG - # endif - -+# if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) -+# if macintosh==1 -+# ifndef MAC_OS_GUSI_SOURCE -+# define MAC_OS_pre_X -+# define NO_SYS_TYPES_H -+# endif -+# define NO_SYS_PARAM_H -+# define NO_CHMOD -+# define NO_SYSLOG -+# undef DEVRANDOM -+# define GETPID_IS_MEANINGLESS -+# endif -+# endif -+ - /******************************************************************** - The Microsoft section - ********************************************************************/ -+/* -+ * The following is used because of the small stack in some Microsoft -+ * operating systems -+ */ -+# if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYSNAME_WIN32) -+# define MS_STATIC static -+# else -+# define MS_STATIC -+# endif -+ - # if defined(OPENSSL_SYS_WIN32) && !defined(WIN32) - # define WIN32 - # endif -@@ -85,7 +141,6 @@ extern "C" { - # endif - - # ifdef WIN32 --# define NO_SYS_UN_H - # define get_last_sys_error() GetLastError() - # define clear_sys_error() SetLastError(0) - # if !defined(WINNT) -@@ -103,12 +158,17 @@ extern "C" { - # define writesocket(s,b,n) send((s),(b),(n),0) - # elif defined(__DJGPP__) - # define WATT32 --# define WATT32_NO_OLDIES - # define get_last_socket_error() errno - # define clear_socket_error() errno=0 - # define closesocket(s) close_s(s) - # define readsocket(s,b,n) read_s(s,b,n) - # define writesocket(s,b,n) send(s,b,n,0) -+# elif defined(MAC_OS_pre_X) -+# define get_last_socket_error() errno -+# define clear_socket_error() errno=0 -+# define closesocket(s) MacSocket_close(s) -+# define readsocket(s,b,n) MacSocket_recv((s),(b),(n),true) -+# define writesocket(s,b,n) MacSocket_send((s),(b),(n)) - # elif defined(OPENSSL_SYS_VMS) - # define get_last_socket_error() errno - # define clear_socket_error() errno=0 -@@ -123,6 +183,32 @@ extern "C" { - # define closesocket(s) close(s) - # define readsocket(s,b,n) read((s),(b),(n)) - # define writesocket(s,b,n) write((s),(char *)(b),(n)) -+# elif defined(OPENSSL_SYS_BEOS_R5) -+# define get_last_socket_error() errno -+# define clear_socket_error() errno=0 -+# define FIONBIO SO_NONBLOCK -+# define ioctlsocket(a,b,c) setsockopt((a),SOL_SOCKET,(b),(c),sizeof(*(c))) -+# define readsocket(s,b,n) recv((s),(b),(n),0) -+# define writesocket(s,b,n) send((s),(b),(n),0) -+# elif defined(OPENSSL_SYS_NETWARE) -+# if defined(NETWARE_BSDSOCK) -+# define get_last_socket_error() errno -+# define clear_socket_error() errno=0 -+# define closesocket(s) close(s) -+# define ioctlsocket(a,b,c) ioctl(a,b,c) -+# if defined(NETWARE_LIBC) -+# define readsocket(s,b,n) recv((s),(b),(n),0) -+# define writesocket(s,b,n) send((s),(b),(n),0) -+# else -+# define readsocket(s,b,n) recv((s),(char*)(b),(n),0) -+# define writesocket(s,b,n) send((s),(char*)(b),(n),0) -+# endif -+# else -+# define get_last_socket_error() WSAGetLastError() -+# define clear_socket_error() WSASetLastError(0) -+# define readsocket(s,b,n) recv((s),(b),(n),0) -+# define writesocket(s,b,n) send((s),(b),(n),0) -+# endif - # else - # define get_last_socket_error() errno - # define clear_socket_error() errno=0 -@@ -132,20 +218,30 @@ extern "C" { - # define writesocket(s,b,n) write((s),(b),(n)) - # endif - -+# ifdef WIN16 /* never the case */ -+# define MS_CALLBACK _far _loadds -+# define MS_FAR _far -+# else -+# define MS_CALLBACK -+# define MS_FAR -+# endif -+ -+# ifdef OPENSSL_NO_STDIO -+# undef OPENSSL_NO_FP_API -+# define OPENSSL_NO_FP_API -+# endif -+ - # if (defined(WINDOWS) || defined(MSDOS)) - - # ifdef __DJGPP__ - # include - # include - # include --# include - # include - # include - # define _setmode setmode - # define _O_TEXT O_TEXT - # define _O_BINARY O_BINARY --# define HAS_LFN_SUPPORT(name) (pathconf((name), _PC_NAME_MAX) > 12) --# undef DEVRANDOM_EGD /* Neither MS-DOS nor FreeDOS provide 'egd' sockets. */ - # undef DEVRANDOM - # define DEVRANDOM "/dev/urandom\x24" - # endif /* __DJGPP__ */ -@@ -168,18 +264,20 @@ extern "C" { - /* - * Defining _WIN32_WINNT here in e_os.h implies certain "discipline." - * Most notably we ought to check for availability of each specific -- * routine that was introduced after denoted _WIN32_WINNT with -- * GetProcAddress(). Normally newer functions are masked with higher -- * _WIN32_WINNT in SDK headers. So that if you wish to use them in -- * some module, you'd need to override _WIN32_WINNT definition in -- * the target module in order to "reach for" prototypes, but replace -- * calls to new functions with indirect calls. Alternatively it -- * might be possible to achieve the goal by /DELAYLOAD-ing .DLLs -- * and check for current OS version instead. -+ * routine with GetProcAddress() and/or guard NT-specific calls with -+ * GetVersion() < 0x80000000. One can argue that in latter "or" case -+ * we ought to /DELAYLOAD some .DLLs in order to protect ourselves -+ * against run-time link errors. This doesn't seem to be necessary, -+ * because it turned out that already Windows 95, first non-NT Win32 -+ * implementation, is equipped with at least NT 3.51 stubs, dummy -+ * routines with same name, but which do nothing. Meaning that it's -+ * apparently sufficient to guard "vanilla" NT calls with GetVersion -+ * alone, while NT 4.0 and above interfaces ought to be linked with -+ * GetProcAddress at run-time. - */ --# define _WIN32_WINNT 0x0501 -+# define _WIN32_WINNT 0x0400 - # endif --# if defined(_WIN32_WINNT) || defined(_WIN32_WCE) -+# if !defined(OPENSSL_NO_SOCK) && (defined(_WIN32_WINNT) || defined(_WIN32_WCE)) - /* - * Just like defining _WIN32_WINNT including winsock2.h implies - * certain "discipline" for maintaining [broad] binary compatibility. -@@ -253,6 +351,14 @@ extern FILE *_imp___iob; - # define OPENSSL_NO_POSIX_IO - # endif - -+# if defined (__BORLANDC__) -+# define _setmode setmode -+# define _O_TEXT O_TEXT -+# define _O_BINARY O_BINARY -+# define _int64 __int64 -+# define _kbhit kbhit -+# endif -+ - # define EXIT(n) exit(n) - # define LIST_SEPARATOR_CHAR ';' - # ifndef X_OK -@@ -264,6 +370,10 @@ extern FILE *_imp___iob; - # ifndef R_OK - # define R_OK 4 - # endif -+# define OPENSSL_CONF "openssl.cnf" -+# define SSLEAY_CONF OPENSSL_CONF -+# define NUL_DEV "nul" -+# define RFILE ".rnd" - # ifdef OPENSSL_SYS_WINCE - # define DEFAULT_HOME "" - # else -@@ -293,7 +403,11 @@ extern FILE *_imp___iob; - # else - # include - # endif -+# define OPENSSL_CONF "openssl.cnf" -+# define SSLEAY_CONF OPENSSL_CONF -+# define RFILE ".rnd" - # define LIST_SEPARATOR_CHAR ',' -+# define NUL_DEV "NLA0:" - /* We don't have any well-defined random devices on VMS, yet... */ - # undef DEVRANDOM - /*- -@@ -309,26 +423,47 @@ extern FILE *_imp___iob; - - So, what we do here is to change 0 to 1 to get the default success status, - and everything else is shifted up to fit into the status number field, and -- the status is tagged as an error, which is what is wanted here. -- -- Finally, we add the VMS C facility code 0x35a000, because there are some -- programs, such as Perl, that will reinterpret the code back to something -- POSIXly. 'man perlvms' explains it further. -- -- NOTE: the perlvms manual wants to turn all codes 2 to 255 into success -- codes (status type = 1). I couldn't disagree more. Fortunately, the -- status type doesn't seem to bother Perl. -+ the status is tagged as an error, which I believe is what is wanted here. - -- Richard Levitte - */ --# define EXIT(n) exit((n) ? (((n) << 3) | 2 | 0x10000000 | 0x35a000) : 1) -- -+# define EXIT(n) do { int __VMS_EXIT = n; \ -+ if (__VMS_EXIT == 0) \ -+ __VMS_EXIT = 1; \ -+ else \ -+ __VMS_EXIT = (n << 3) | 2; \ -+ __VMS_EXIT |= 0x10000000; \ -+ exit(__VMS_EXIT); } while(0) - # define NO_SYS_PARAM_H --# define NO_SYS_UN_H - --# define DEFAULT_HOME "SYS$LOGIN:" -+# elif defined(OPENSSL_SYS_NETWARE) -+# include -+# include -+# define NO_SYS_TYPES_H -+# undef DEVRANDOM -+# ifdef NETWARE_CLIB -+# define getpid GetThreadID -+extern int GetThreadID(void); -+/* # include */ -+extern int kbhit(void); -+# else -+# include -+# endif -+# define NO_SYSLOG -+# define _setmode setmode -+# define _kbhit kbhit -+# define _O_TEXT O_TEXT -+# define _O_BINARY O_BINARY -+# define OPENSSL_CONF "openssl.cnf" -+# define SSLEAY_CONF OPENSSL_CONF -+# define RFILE ".rnd" -+# define LIST_SEPARATOR_CHAR ';' -+# define EXIT(n) { if (n) printf("ERROR: %d\n", (int)n); exit(n); } - - # else - /* !defined VMS */ -+# ifdef OPENSSL_SYS_MPE -+# define NO_SYS_PARAM_H -+# endif - # ifdef OPENSSL_UNISTD - # include OPENSSL_UNISTD - # else -@@ -337,24 +472,49 @@ extern FILE *_imp___iob; - # ifndef NO_SYS_TYPES_H - # include - # endif -+# if defined(NeXT) || defined(OPENSSL_SYS_NEWS4) -+# define pid_t int /* pid_t is missing on NEXTSTEP/OPENSTEP -+ * (unless when compiling with -+ * -D_POSIX_SOURCE, which doesn't work for -+ * us) */ -+# endif -+# ifdef OPENSSL_SYS_NEWS4 /* setvbuf is missing on mips-sony-bsd */ -+# define setvbuf(a, b, c, d) setbuffer((a), (b), (d)) -+typedef unsigned long clock_t; -+# endif - # ifdef OPENSSL_SYS_WIN32_CYGWIN - # include - # include - # endif - -+# define OPENSSL_CONF "openssl.cnf" -+# define SSLEAY_CONF OPENSSL_CONF -+# define RFILE ".rnd" - # define LIST_SEPARATOR_CHAR ':' -+# define NUL_DEV "/dev/null" - # define EXIT(n) exit(n) - # endif - -+# define SSLeay_getpid() getpid() -+ - # endif - - /*************/ - -+# if defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_DGRAM) -+# define OPENSSL_NO_DGRAM -+# endif -+ - # ifdef USE_SOCKETS --# ifdef OPENSSL_NO_SOCK --# elif defined(WINDOWS) || defined(MSDOS) -+# if defined(WINDOWS) || defined(MSDOS) - /* windows world */ --# if !defined(__DJGPP__) -+ -+# ifdef OPENSSL_NO_SOCK -+# define SSLeay_Write(a,b,c) (-1) -+# define SSLeay_Read(a,b,c) (-1) -+# define SHUTDOWN(fd) close(fd) -+# define SHUTDOWN2(fd) close(fd) -+# elif !defined(__DJGPP__) - # if defined(_WIN32_WCE) && _WIN32_WCE<410 - # define getservbyname _masked_declaration_getservbyname - # endif -@@ -372,16 +532,53 @@ struct servent *PASCAL getservbyname(const char *, const char *); - /* - * Even though sizeof(SOCKET) is 8, it's safe to cast it to int, because - * the value constitutes an index in per-process table of limited size -- * and not a real pointer. And we also depend on fact that all processors -- * Windows run on happen to be two's-complement, which allows to -- * interchange INVALID_SOCKET and -1. -+ * and not a real pointer. - */ - # define socket(d,t,p) ((int)socket(d,t,p)) - # define accept(s,f,l) ((int)accept(s,f,l)) - # endif -+# define SSLeay_Write(a,b,c) send((a),(b),(c),0) -+# define SSLeay_Read(a,b,c) recv((a),(b),(c),0) -+# define SHUTDOWN(fd) { shutdown((fd),0); closesocket(fd); } -+# define SHUTDOWN2(fd) { shutdown((fd),2); closesocket(fd); } - # else -+# define SSLeay_Write(a,b,c) write_s(a,b,c,0) -+# define SSLeay_Read(a,b,c) read_s(a,b,c) -+# define SHUTDOWN(fd) close_s(fd) -+# define SHUTDOWN2(fd) close_s(fd) - # endif - -+# elif defined(MAC_OS_pre_X) -+ -+# include "MacSocket.h" -+# define SSLeay_Write(a,b,c) MacSocket_send((a),(b),(c)) -+# define SSLeay_Read(a,b,c) MacSocket_recv((a),(b),(c),true) -+# define SHUTDOWN(fd) MacSocket_close(fd) -+# define SHUTDOWN2(fd) MacSocket_close(fd) -+ -+# elif defined(OPENSSL_SYS_NETWARE) -+ /* -+ * NetWare uses the WinSock2 interfaces by default, but can be -+ * configured for BSD -+ */ -+# if defined(NETWARE_BSDSOCK) -+# include -+# include -+# include -+# if defined(NETWARE_CLIB) -+# include -+# else -+# include -+# endif -+# define INVALID_SOCKET (int)(~0) -+# else -+# include -+# endif -+# define SSLeay_Write(a,b,c) send((a),(b),(c),0) -+# define SSLeay_Read(a,b,c) recv((a),(b),(c),0) -+# define SHUTDOWN(fd) { shutdown((fd),0); closesocket(fd); } -+# define SHUTDOWN2(fd) { shutdown((fd),2); closesocket(fd); } -+ - # else - - # ifndef NO_SYS_PARAM_H -@@ -389,6 +586,8 @@ struct servent *PASCAL getservbyname(const char *, const char *); - # endif - # ifdef OPENSSL_SYS_VXWORKS - # include -+# elif !defined(OPENSSL_SYS_MPE) -+# include /* Needed under linux for FD_XXX */ - # endif - - # include -@@ -398,22 +597,18 @@ struct servent *PASCAL getservbyname(const char *, const char *); - # include - # else - # include --# ifndef NO_SYS_UN_H --# ifdef OPENSSL_SYS_VXWORKS --# include --# else --# include --# endif --# ifndef UNIX_PATH_MAX --# define UNIX_PATH_MAX sizeof(((struct sockaddr_un *)NULL)->sun_path) --# endif --# endif - # ifdef FILIO_H --# include /* FIONBIO in some SVR4, e.g. unixware, solaris */ -+# include /* Added for FIONBIO under unixware */ - # endif - # include --# include --# include -+# if !defined(OPENSSL_SYS_BEOS_R5) -+# include -+# endif -+# endif -+ -+# if defined(NeXT) || defined(_NEXT_SOURCE) -+# include -+# include - # endif - - # ifdef OPENSSL_SYS_AIX -@@ -424,12 +619,16 @@ struct servent *PASCAL getservbyname(const char *, const char *); - # include - # endif - --# ifndef VMS --# include -+# if defined(__sun) || defined(sun) -+# include - # else -- /* ioctl is only in VMS > 7.0 and when socketshr is not used */ --# if !defined(TCPIP_TYPE_SOCKETSHR) && defined(__VMS_VER) && (__VMS_VER > 70000000) -+# ifndef VMS - # include -+# else -+ /* ioctl is only in VMS > 7.0 and when socketshr is not used */ -+# if !defined(TCPIP_TYPE_SOCKETSHR) && defined(__VMS_VER) && (__VMS_VER > 70000000) -+# include -+# endif - # endif - # endif - -@@ -440,6 +639,10 @@ struct servent *PASCAL getservbyname(const char *, const char *); - # endif - # endif - -+# define SSLeay_Read(a,b,c) read((a),(b),(c)) -+# define SSLeay_Write(a,b,c) write((a),(b),(c)) -+# define SHUTDOWN(fd) { shutdown((fd),0); closesocket((fd)); } -+# define SHUTDOWN2(fd) { shutdown((fd),2); closesocket((fd)); } - # ifndef INVALID_SOCKET - # define INVALID_SOCKET (-1) - # endif /* INVALID_SOCKET */ -@@ -449,7 +652,7 @@ struct servent *PASCAL getservbyname(const char *, const char *); - * Some IPv6 implementations are broken, disable them in known bad versions. - */ - # if !defined(OPENSSL_USE_IPV6) --# if defined(AF_INET6) && !defined(NETWARE_CLIB) -+# if defined(AF_INET6) && !defined(OPENSSL_SYS_BEOS_BONE) && !defined(NETWARE_CLIB) - # define OPENSSL_USE_IPV6 1 - # else - # define OPENSSL_USE_IPV6 0 -@@ -458,6 +661,22 @@ struct servent *PASCAL getservbyname(const char *, const char *); - - # endif - -+# if (defined(__sun) || defined(sun)) && !defined(__svr4__) && !defined(__SVR4) -+ /* include headers first, so our defines don't break it */ -+# include -+# include -+ /* bcopy can handle overlapping moves according to SunOS 4.1.4 manpage */ -+# define memmove(s1,s2,n) bcopy((s2),(s1),(n)) -+# define strtoul(s,e,b) ((unsigned long int)strtol((s),(e),(b))) -+extern char *sys_errlist[]; -+extern int sys_nerr; -+# define strerror(errnum) \ -+ (((errnum)<0 || (errnum)>=sys_nerr) ? NULL : sys_errlist[errnum]) -+ /* Being signed SunOS 4.x memcpy breaks ASN1_OBJECT table lookup */ -+# include "crypto/o_str.h" -+# define memcmp OPENSSL_memcmp -+# endif -+ - # ifndef OPENSSL_EXIT - # if defined(MONOLITH) && !defined(OPENSSL_C) - # define OPENSSL_EXIT(n) return(n) -@@ -468,20 +687,40 @@ struct servent *PASCAL getservbyname(const char *, const char *); - - /***********************************************/ - -+# define DG_GCC_BUG /* gcc < 2.6.3 on DGUX */ -+ -+# ifdef sgi -+# define IRIX_CC_BUG /* all version of IRIX I've tested (4.* 5.*) */ -+# endif -+# ifdef OPENSSL_SYS_SNI -+# define IRIX_CC_BUG /* CDS++ up to V2.0Bsomething suffered from -+ * the same bug. */ -+# endif -+ - # if defined(OPENSSL_SYS_WINDOWS) - # define strcasecmp _stricmp - # define strncasecmp _strnicmp --# if (_MSC_VER >= 1310) --# define open _open --# define fdopen _fdopen --# define close _close --# ifndef strdup --# define strdup _strdup --# endif --# define unlink _unlink --# endif --# else --# include -+# elif defined(OPENSSL_SYS_VMS) -+/* VMS below version 7.0 doesn't have strcasecmp() */ -+# include "o_str.h" -+# define strcasecmp OPENSSL_strcasecmp -+# define strncasecmp OPENSSL_strncasecmp -+# define OPENSSL_IMPLEMENTS_strncasecmp -+# elif defined(OPENSSL_SYS_OS2) && defined(__EMX__) -+# define strcasecmp stricmp -+# define strncasecmp strnicmp -+# elif defined(OPENSSL_SYS_NETWARE) -+# include -+# if defined(NETWARE_CLIB) -+# define strcasecmp stricmp -+# define strncasecmp strnicmp -+# endif /* NETWARE_CLIB */ -+# endif -+ -+# if defined(OPENSSL_SYS_OS2) && defined(__EMX__) -+# include -+# include -+# define NO_SYSLOG - # endif - - /* vxworks */ -@@ -511,7 +750,30 @@ struct servent *getservbyname(const char *name, const char *proto); - # endif - /* end vxworks */ - --#define OSSL_NELEM(x) (sizeof(x)/sizeof(x[0])) -+/* beos */ -+# if defined(OPENSSL_SYS_BEOS_R5) -+# define SO_ERROR 0 -+# define NO_SYS_UN -+# define IPPROTO_IP 0 -+# include -+# endif -+ -+# if !defined(inline) && !defined(__cplusplus) -+# if defined(__STDC_VERSION__) && __STDC_VERSION__>=199901L -+ /* do nothing, inline works */ -+# elif defined(__GNUC__) && __GNUC__>=2 -+# define inline __inline__ -+# elif defined(_MSC_VER) -+ /* -+ * Visual Studio: inline is available in C++ only, however -+ * __inline is available for C, see -+ * http://msdn.microsoft.com/en-us/library/z8y1yy88.aspx -+ */ -+# define inline __inline -+# else -+# define inline -+# endif -+# endif - - #ifdef __cplusplus - } -diff --git a/Cryptlib/OpenSSL/openssl-bio-b_print-disable-sse.patch b/Cryptlib/OpenSSL/openssl-bio-b_print-disable-sse.patch -index 2b1fc5b..4a9c76a 100644 ---- a/Cryptlib/OpenSSL/openssl-bio-b_print-disable-sse.patch -+++ b/Cryptlib/OpenSSL/openssl-bio-b_print-disable-sse.patch -@@ -1,19 +1,19 @@ - diff --git a/Cryptlib/OpenSSL/crypto/bio/b_print.c b/Cryptlib/OpenSSL/crypto/bio/b_print.c --index e91ab6d..f33caa2 100644 -+index 90248fa..dfc26bc 100644 - --- a/Cryptlib/OpenSSL/crypto/bio/b_print.c - +++ b/Cryptlib/OpenSSL/crypto/bio/b_print.c --@@ -51,8 +51,10 @@ static int fmtstr(char **, char **, size_t *, size_t *, -+@@ -129,8 +129,10 @@ static int fmtstr(char **, char **, size_t *, size_t *, - const char *, int, int, int); - static int fmtint(char **, char **, size_t *, size_t *, - LLONG, int, int, int, int); - +#ifndef OPENSSL_SYS_UEFI - static int fmtfp(char **, char **, size_t *, size_t *, -- LDOUBLE, int, int, int, int); -+ LDOUBLE, int, int, int); - +#endif - static int doapr_outch(char **, char **, size_t *, size_t *, int); - static int _dopr(char **sbuffer, char **buffer, - size_t *maxlen, size_t *retlen, int *truncated, --@@ -107,7 +109,9 @@ _dopr(char **sbuffer, -+@@ -173,7 +175,9 @@ _dopr(char **sbuffer, - { - char ch; - LLONG value; -@@ -23,7 +23,7 @@ index e91ab6d..f33caa2 100644 - char *strvalue; - int min; - int max; --@@ -210,10 +214,12 @@ _dopr(char **sbuffer, -+@@ -276,10 +280,12 @@ _dopr(char **sbuffer, - cflags = DP_C_LLONG; - ch = *format++; - break; -@@ -36,7 +36,7 @@ index e91ab6d..f33caa2 100644 - default: - break; - } --@@ -267,6 +273,7 @@ _dopr(char **sbuffer, -+@@ -333,6 +339,7 @@ _dopr(char **sbuffer, - min, max, flags)) - return 0; - break; -@@ -44,15 +44,15 @@ index e91ab6d..f33caa2 100644 - case 'f': - if (cflags == DP_C_LDOUBLE) - fvalue = va_arg(args, LDOUBLE); --@@ -298,6 +305,7 @@ _dopr(char **sbuffer, -- flags, G_FORMAT)) -- return 0; -+@@ -358,6 +365,7 @@ _dopr(char **sbuffer, -+ else -+ fvalue = va_arg(args, double); - break; - +#endif - case 'c': - if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, - va_arg(args, int))) --@@ -530,6 +538,7 @@ fmtint(char **sbuffer, -+@@ -575,6 +583,7 @@ fmtint(char **sbuffer, - return 1; - } - -@@ -60,7 +60,7 @@ index e91ab6d..f33caa2 100644 - static LDOUBLE abs_val(LDOUBLE value) - { - LDOUBLE result = value; --@@ -816,6 +825,7 @@ fmtfp(char **sbuffer, -+@@ -733,6 +742,7 @@ fmtfp(char **sbuffer, - } - return 1; - } -diff --git a/Cryptlib/OpenSSL/update.sh b/Cryptlib/OpenSSL/update.sh -index a454467..8e1cc0a 100755 ---- a/Cryptlib/OpenSSL/update.sh -+++ b/Cryptlib/OpenSSL/update.sh -@@ -1,85 +1,482 @@ - #/bin/sh - DIR=$1 --OPENSSLLIB_PATH=$DIR/CryptoPkg/Library/OpensslLib --OPENSSL_PATH=$OPENSSLLIB_PATH/openssl -+version="1.0.2k" - --cp $OPENSSLLIB_PATH/buildinf.h buildinf.h --cp $OPENSSL_PATH/e_os.h e_os.h -- --mkdir -p crypto --C_FILES=" -- LPdir_nyi.c -- cpt_err.c -- cryptlib.c -- cversion.c -- ebcdic.c -- ex_data.c -- init.c -- mem.c -- mem_clr.c -- mem_dbg.c -- mem_sec.c -- o_dir.c -- o_fips.c -- o_fopen.c -- o_init.c -- o_str.c -- o_time.c -- threads_none.c -- threads_pthread.c -- threads_win.c uid.c --" --for file in $C_FILES --do -- cp $OPENSSL_PATH/crypto/$file crypto --done -- --SUBDIRS=" -- include/internal/ -- aes -- asn1 -- async/arch -- async -- bio -- bn -- buffer -- cmac -- comp -- conf -- dh -- dso -- err -- evp -- hmac -- kdf -- lhash -- md5 -- modes -- objects -- ocsp -- pem -- pkcs12 -- pkcs7 -- rand -- rc4 -- rsa -- sha -- stack -- txt_db -- x509 -- x509v3 --" --for dir in $SUBDIRS --do -- mkdir -p crypto/$dir -- cp $OPENSSL_PATH/crypto/$dir/*.[ch] crypto/$dir --done -- --# Remove unused files --rm -f crypto/aes/aes_x86core.c --rm -f crypto/x509v3/tabtest.c --rm -f crypto/x509v3/v3conf.c --rm -f crypto/x509v3/v3prin.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/e_os.h e_os.h -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/constant_time_locl.h crypto/constant_time_locl.h -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md32_common.h crypto/md32_common.h -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cryptlib.h crypto/cryptlib.h -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cryptlib.c crypto/cryptlib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/mem.c crypto/mem.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/mem_clr.c crypto/mem_clr.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/mem_dbg.c crypto/mem_dbg.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cversion.c crypto/cversion.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ex_data.c crypto/ex_data.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cpt_err.c crypto/cpt_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ebcdic.c crypto/ebcdic.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/uid.c crypto/uid.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/o_time.h crypto/o_time.h -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/o_time.c crypto/o_time.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/o_str.h crypto/o_str.h -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/o_str.c crypto/o_str.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/o_dir.h crypto/o_dir.h -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/o_dir.c crypto/o_dir.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/o_fips.c crypto/o_fips.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/o_init.c crypto/o_init.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/fips_ers.c crypto/fips_ers.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/LPdir_nyi.c crypto/LPdir_nyi.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md4/md4_locl.h crypto/md4/md4_locl.h -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md4/md4_dgst.c crypto/md4/md4_dgst.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md4/md4_one.c crypto/md4/md4_one.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md5/md5_locl.h crypto/md5/md5_locl.h -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md5/md5_dgst.c crypto/md5/md5_dgst.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md5/md5_one.c crypto/md5/md5_one.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha_locl.h crypto/sha/sha_locl.h -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha_dgst.c crypto/sha/sha_dgst.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha1dgst.c crypto/sha/sha1dgst.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha_one.c crypto/sha/sha_one.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha1_one.c crypto/sha/sha1_one.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha256.c crypto/sha/sha256.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha512.c crypto/sha/sha512.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/hmac/hmac.c crypto/hmac/hmac.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/hmac/hm_ameth.c crypto/hmac/hm_ameth.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/hmac/hm_pmeth.c crypto/hmac/hm_pmeth.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/des_locl.h crypto/des/des_locl.h -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/des_ver.h crypto/des/des_ver.h -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/spr.h crypto/des/spr.h -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/rpc_des.h crypto/des/rpc_des.h -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/set_key.c crypto/des/set_key.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/ecb_enc.c crypto/des/ecb_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/cbc_enc.c crypto/des/cbc_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/ncbc_enc.c crypto/des/ncbc_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/ecb3_enc.c crypto/des/ecb3_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/cfb64enc.c crypto/des/cfb64enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/cfb64ede.c crypto/des/cfb64ede.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/cfb_enc.c crypto/des/cfb_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/ofb64ede.c crypto/des/ofb64ede.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/enc_read.c crypto/des/enc_read.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/enc_writ.c crypto/des/enc_writ.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/ofb64enc.c crypto/des/ofb64enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/ofb_enc.c crypto/des/ofb_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/str2key.c crypto/des/str2key.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/pcbc_enc.c crypto/des/pcbc_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/qud_cksm.c crypto/des/qud_cksm.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/rand_key.c crypto/des/rand_key.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/des_enc.c crypto/des/des_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/fcrypt_b.c crypto/des/fcrypt_b.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/fcrypt.c crypto/des/fcrypt.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/xcbc_enc.c crypto/des/xcbc_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/rpc_enc.c crypto/des/rpc_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/cbc_cksm.c crypto/des/cbc_cksm.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/ede_cbcm_enc.c crypto/des/ede_cbcm_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/des_old.c crypto/des/des_old.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/des_old2.c crypto/des/des_old2.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/read2pwd.c crypto/des/read2pwd.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc4/rc4_locl.h crypto/rc4/rc4_locl.h -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc4/rc4_enc.c crypto/rc4/rc4_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc4/rc4_skey.c crypto/rc4/rc4_skey.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc4/rc4_utl.c crypto/rc4/rc4_utl.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_locl.h crypto/aes/aes_locl.h -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_misc.c crypto/aes/aes_misc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_ecb.c crypto/aes/aes_ecb.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_cfb.c crypto/aes/aes_cfb.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_ofb.c crypto/aes/aes_ofb.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_ctr.c crypto/aes/aes_ctr.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_ige.c crypto/aes/aes_ige.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_wrap.c crypto/aes/aes_wrap.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_core.c crypto/aes/aes_core.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_cbc.c crypto/aes/aes_cbc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/modes/modes_lcl.h crypto/modes/modes_lcl.h -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/modes/cbc128.c crypto/modes/cbc128.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/modes/ctr128.c crypto/modes/ctr128.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/modes/cts128.c crypto/modes/cts128.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/modes/cfb128.c crypto/modes/cfb128.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/modes/ofb128.c crypto/modes/ofb128.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/modes/gcm128.c crypto/modes/gcm128.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/modes/ccm128.c crypto/modes/ccm128.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/modes/xts128.c crypto/modes/xts128.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/modes/wrap128.c crypto/modes/wrap128.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn.h crypto/bn/bn.h -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_lcl.h crypto/bn/bn_lcl.h -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_prime.h crypto/bn/bn_prime.h -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_add.c crypto/bn/bn_add.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_div.c crypto/bn/bn_div.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_exp.c crypto/bn/bn_exp.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_lib.c crypto/bn/bn_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_ctx.c crypto/bn/bn_ctx.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_mul.c crypto/bn/bn_mul.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_mod.c crypto/bn/bn_mod.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_print.c crypto/bn/bn_print.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_rand.c crypto/bn/bn_rand.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_shift.c crypto/bn/bn_shift.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_word.c crypto/bn/bn_word.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_blind.c crypto/bn/bn_blind.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_kron.c crypto/bn/bn_kron.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_sqrt.c crypto/bn/bn_sqrt.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_gcd.c crypto/bn/bn_gcd.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_prime.c crypto/bn/bn_prime.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_err.c crypto/bn/bn_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_sqr.c crypto/bn/bn_sqr.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_asm.c crypto/bn/bn_asm.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_recp.c crypto/bn/bn_recp.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_mont.c crypto/bn/bn_mont.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_mpi.c crypto/bn/bn_mpi.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_exp2.c crypto/bn/bn_exp2.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_gf2m.c crypto/bn/bn_gf2m.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_nist.c crypto/bn/bn_nist.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_depr.c crypto/bn/bn_depr.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_x931p.c crypto/bn/bn_x931p.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_const.c crypto/bn/bn_const.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/rsaz_exp.h crypto/bn/rsaz_exp.h -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_locl.h crypto/rsa/rsa_locl.h -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_eay.c crypto/rsa/rsa_eay.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_gen.c crypto/rsa/rsa_gen.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_lib.c crypto/rsa/rsa_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_sign.c crypto/rsa/rsa_sign.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_saos.c crypto/rsa/rsa_saos.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_err.c crypto/rsa/rsa_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_pk1.c crypto/rsa/rsa_pk1.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_ssl.c crypto/rsa/rsa_ssl.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_none.c crypto/rsa/rsa_none.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_oaep.c crypto/rsa/rsa_oaep.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_chk.c crypto/rsa/rsa_chk.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_null.c crypto/rsa/rsa_null.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_pss.c crypto/rsa/rsa_pss.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_x931.c crypto/rsa/rsa_x931.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_asn1.c crypto/rsa/rsa_asn1.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_depr.c crypto/rsa/rsa_depr.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_ameth.c crypto/rsa/rsa_ameth.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_prn.c crypto/rsa/rsa_prn.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_pmeth.c crypto/rsa/rsa_pmeth.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_crpt.c crypto/rsa/rsa_crpt.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_dl.c crypto/dso/dso_dl.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_dlfcn.c crypto/dso/dso_dlfcn.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_err.c crypto/dso/dso_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_lib.c crypto/dso/dso_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_null.c crypto/dso/dso_null.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_openssl.c crypto/dso/dso_openssl.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_win32.c crypto/dso/dso_win32.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_vms.c crypto/dso/dso_vms.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_beos.c crypto/dso/dso_beos.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_asn1.c crypto/dh/dh_asn1.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_gen.c crypto/dh/dh_gen.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_key.c crypto/dh/dh_key.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_lib.c crypto/dh/dh_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_check.c crypto/dh/dh_check.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_err.c crypto/dh/dh_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_depr.c crypto/dh/dh_depr.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_ameth.c crypto/dh/dh_ameth.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_pmeth.c crypto/dh/dh_pmeth.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_prn.c crypto/dh/dh_prn.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_rfc5114.c crypto/dh/dh_rfc5114.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/buffer/buffer.c crypto/buffer/buffer.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/buffer/buf_str.c crypto/buffer/buf_str.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/buffer/buf_err.c crypto/buffer/buf_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bio_lcl.h crypto/bio/bio_lcl.h -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bio_lib.c crypto/bio/bio_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bio_cb.c crypto/bio/bio_cb.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bio_err.c crypto/bio/bio_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_mem.c crypto/bio/bss_mem.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_null.c crypto/bio/bss_null.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_fd.c crypto/bio/bss_fd.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_file.c crypto/bio/bss_file.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_sock.c crypto/bio/bss_sock.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_conn.c crypto/bio/bss_conn.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bf_null.c crypto/bio/bf_null.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bf_buff.c crypto/bio/bf_buff.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/b_dump.c crypto/bio/b_dump.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/b_print.c crypto/bio/b_print.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/b_sock.c crypto/bio/b_sock.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_acpt.c crypto/bio/bss_acpt.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bf_nbio.c crypto/bio/bf_nbio.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_log.c crypto/bio/bss_log.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_bio.c crypto/bio/bss_bio.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_dgram.c crypto/bio/bss_dgram.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/stack/stack.c crypto/stack/stack.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/lhash/lhash.c crypto/lhash/lhash.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/lhash/lh_stats.c crypto/lhash/lh_stats.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_lcl.h crypto/rand/rand_lcl.h -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/md_rand.c crypto/rand/md_rand.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/randfile.c crypto/rand/randfile.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_lib.c crypto/rand/rand_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_err.c crypto/rand/rand_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_unix.c crypto/rand/rand_unix.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/err/err.c crypto/err/err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/err/err_all.c crypto/err/err_all.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/err/err_prn.c crypto/err/err_prn.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/objects/o_names.c crypto/objects/o_names.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/objects/obj_dat.h crypto/objects/obj_dat.h -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/objects/obj_dat.c crypto/objects/obj_dat.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/objects/obj_lib.c crypto/objects/obj_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/objects/obj_err.c crypto/objects/obj_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/objects/obj_xref.h crypto/objects/obj_xref.h -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/objects/obj_xref.c crypto/objects/obj_xref.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_locl.h crypto/evp/evp_locl.h -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/encode.c crypto/evp/encode.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/digest.c crypto/evp/digest.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_enc.c crypto/evp/evp_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_key.c crypto/evp/evp_key.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_acnf.c crypto/evp/evp_acnf.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_cnf.c crypto/evp/evp_cnf.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_des.c crypto/evp/e_des.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_bf.c crypto/evp/e_bf.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_idea.c crypto/evp/e_idea.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_des3.c crypto/evp/e_des3.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_camellia.c crypto/evp/e_camellia.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_rc4.c crypto/evp/e_rc4.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_aes.c crypto/evp/e_aes.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/names.c crypto/evp/names.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_seed.c crypto/evp/e_seed.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_xcbc_d.c crypto/evp/e_xcbc_d.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_rc2.c crypto/evp/e_rc2.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_cast.c crypto/evp/e_cast.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_rc5.c crypto/evp/e_rc5.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_null.c crypto/evp/m_null.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_md2.c crypto/evp/m_md2.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_md4.c crypto/evp/m_md4.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_md5.c crypto/evp/m_md5.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_sha.c crypto/evp/m_sha.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_sha1.c crypto/evp/m_sha1.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_wp.c crypto/evp/m_wp.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_dss.c crypto/evp/m_dss.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_dss1.c crypto/evp/m_dss1.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_mdc2.c crypto/evp/m_mdc2.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_ripemd.c crypto/evp/m_ripemd.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_ecdsa.c crypto/evp/m_ecdsa.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_open.c crypto/evp/p_open.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_seal.c crypto/evp/p_seal.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_sign.c crypto/evp/p_sign.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_verify.c crypto/evp/p_verify.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_lib.c crypto/evp/p_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_enc.c crypto/evp/p_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_dec.c crypto/evp/p_dec.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/bio_md.c crypto/evp/bio_md.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/bio_b64.c crypto/evp/bio_b64.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/bio_enc.c crypto/evp/bio_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_err.c crypto/evp/evp_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_null.c crypto/evp/e_null.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/c_all.c crypto/evp/c_all.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/c_allc.c crypto/evp/c_allc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/c_alld.c crypto/evp/c_alld.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_lib.c crypto/evp/evp_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/bio_ok.c crypto/evp/bio_ok.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_pkey.c crypto/evp/evp_pkey.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_pbe.c crypto/evp/evp_pbe.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p5_crpt.c crypto/evp/p5_crpt.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p5_crpt2.c crypto/evp/p5_crpt2.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_old.c crypto/evp/e_old.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/pmeth_lib.c crypto/evp/pmeth_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/pmeth_fn.c crypto/evp/pmeth_fn.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/pmeth_gn.c crypto/evp/pmeth_gn.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_sigver.c crypto/evp/m_sigver.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_aes_cbc_hmac_sha1.c crypto/evp/e_aes_cbc_hmac_sha1.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_aes_cbc_hmac_sha256.c crypto/evp/e_aes_cbc_hmac_sha256.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_rc4_hmac_md5.c crypto/evp/e_rc4_hmac_md5.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn1_locl.h crypto/asn1/asn1_locl.h -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/charmap.h crypto/asn1/charmap.h -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_object.c crypto/asn1/a_object.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_bitstr.c crypto/asn1/a_bitstr.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_utctm.c crypto/asn1/a_utctm.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_gentm.c crypto/asn1/a_gentm.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_time.c crypto/asn1/a_time.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_int.c crypto/asn1/a_int.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_octet.c crypto/asn1/a_octet.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_print.c crypto/asn1/a_print.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_type.c crypto/asn1/a_type.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_set.c crypto/asn1/a_set.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_dup.c crypto/asn1/a_dup.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_d2i_fp.c crypto/asn1/a_d2i_fp.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_i2d_fp.c crypto/asn1/a_i2d_fp.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_enum.c crypto/asn1/a_enum.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_utf8.c crypto/asn1/a_utf8.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_sign.c crypto/asn1/a_sign.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_digest.c crypto/asn1/a_digest.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_verify.c crypto/asn1/a_verify.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_mbstr.c crypto/asn1/a_mbstr.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_strex.c crypto/asn1/a_strex.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_algor.c crypto/asn1/x_algor.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_val.c crypto/asn1/x_val.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_pubkey.c crypto/asn1/x_pubkey.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_sig.c crypto/asn1/x_sig.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_req.c crypto/asn1/x_req.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_attrib.c crypto/asn1/x_attrib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_bignum.c crypto/asn1/x_bignum.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_long.c crypto/asn1/x_long.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_name.c crypto/asn1/x_name.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_x509.c crypto/asn1/x_x509.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_x509a.c crypto/asn1/x_x509a.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_crl.c crypto/asn1/x_crl.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_info.c crypto/asn1/x_info.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_spki.c crypto/asn1/x_spki.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/nsseq.c crypto/asn1/nsseq.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_nx509.c crypto/asn1/x_nx509.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/d2i_pu.c crypto/asn1/d2i_pu.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/d2i_pr.c crypto/asn1/d2i_pr.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/i2d_pu.c crypto/asn1/i2d_pu.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/i2d_pr.c crypto/asn1/i2d_pr.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_req.c crypto/asn1/t_req.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_x509.c crypto/asn1/t_x509.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_x509a.c crypto/asn1/t_x509a.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_crl.c crypto/asn1/t_crl.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_pkey.c crypto/asn1/t_pkey.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_spki.c crypto/asn1/t_spki.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_bitst.c crypto/asn1/t_bitst.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_new.c crypto/asn1/tasn_new.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_fre.c crypto/asn1/tasn_fre.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_enc.c crypto/asn1/tasn_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_dec.c crypto/asn1/tasn_dec.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_utl.c crypto/asn1/tasn_utl.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_typ.c crypto/asn1/tasn_typ.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_prn.c crypto/asn1/tasn_prn.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/ameth_lib.c crypto/asn1/ameth_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/f_int.c crypto/asn1/f_int.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/f_string.c crypto/asn1/f_string.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/n_pkey.c crypto/asn1/n_pkey.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/f_enum.c crypto/asn1/f_enum.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_pkey.c crypto/asn1/x_pkey.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_bool.c crypto/asn1/a_bool.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_exten.c crypto/asn1/x_exten.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/bio_asn1.c crypto/asn1/bio_asn1.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/bio_ndef.c crypto/asn1/bio_ndef.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn_mime.c crypto/asn1/asn_mime.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn1_gen.c crypto/asn1/asn1_gen.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn1_par.c crypto/asn1/asn1_par.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn1_lib.c crypto/asn1/asn1_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn1_err.c crypto/asn1/asn1_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_bytes.c crypto/asn1/a_bytes.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_strnid.c crypto/asn1/a_strnid.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/evp_asn1.c crypto/asn1/evp_asn1.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn_pack.c crypto/asn1/asn_pack.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/p5_pbe.c crypto/asn1/p5_pbe.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/p5_pbev2.c crypto/asn1/p5_pbev2.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/p8_pkey.c crypto/asn1/p8_pkey.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn_moid.c crypto/asn1/asn_moid.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_sign.c crypto/pem/pem_sign.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_seal.c crypto/pem/pem_seal.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_info.c crypto/pem/pem_info.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_lib.c crypto/pem/pem_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_all.c crypto/pem/pem_all.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_err.c crypto/pem/pem_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_x509.c crypto/pem/pem_x509.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_xaux.c crypto/pem/pem_xaux.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_oth.c crypto/pem/pem_oth.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_pk8.c crypto/pem/pem_pk8.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_pkey.c crypto/pem/pem_pkey.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pvkfmt.c crypto/pem/pvkfmt.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/vpm_int.h crypto/x509/vpm_int.h -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_def.c crypto/x509/x509_def.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_d2.c crypto/x509/x509_d2.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_r2x.c crypto/x509/x509_r2x.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_cmp.c crypto/x509/x509_cmp.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_obj.c crypto/x509/x509_obj.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_req.c crypto/x509/x509_req.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509spki.c crypto/x509/x509spki.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_set.c crypto/x509/x509_set.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509cset.c crypto/x509/x509cset.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509rset.c crypto/x509/x509rset.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_err.c crypto/x509/x509_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509name.c crypto/x509/x509name.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_v3.c crypto/x509/x509_v3.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_ext.c crypto/x509/x509_ext.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_att.c crypto/x509/x509_att.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509type.c crypto/x509/x509type.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_lu.c crypto/x509/x509_lu.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x_all.c crypto/x509/x_all.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_txt.c crypto/x509/x509_txt.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_trs.c crypto/x509/x509_trs.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_vpm.c crypto/x509/x509_vpm.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/ext_dat.h crypto/x509v3/ext_dat.h -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/pcy_int.h crypto/x509v3/pcy_int.h -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_bcons.c crypto/x509v3/v3_bcons.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_bitst.c crypto/x509v3/v3_bitst.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_conf.c crypto/x509v3/v3_conf.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_extku.c crypto/x509v3/v3_extku.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_ia5.c crypto/x509v3/v3_ia5.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_lib.c crypto/x509v3/v3_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_prn.c crypto/x509v3/v3_prn.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_utl.c crypto/x509v3/v3_utl.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3err.c crypto/x509v3/v3err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_genn.c crypto/x509v3/v3_genn.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_alt.c crypto/x509v3/v3_alt.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_skey.c crypto/x509v3/v3_skey.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_akey.c crypto/x509v3/v3_akey.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_pku.c crypto/x509v3/v3_pku.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_int.c crypto/x509v3/v3_int.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_enum.c crypto/x509v3/v3_enum.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_sxnet.c crypto/x509v3/v3_sxnet.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_cpols.c crypto/x509v3/v3_cpols.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_crld.c crypto/x509v3/v3_crld.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_purp.c crypto/x509v3/v3_purp.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_info.c crypto/x509v3/v3_info.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_ocsp.c crypto/x509v3/v3_ocsp.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_akeya.c crypto/x509v3/v3_akeya.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_pmaps.c crypto/x509v3/v3_pmaps.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_pcons.c crypto/x509v3/v3_pcons.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_ncons.c crypto/x509v3/v3_ncons.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_pcia.c crypto/x509v3/v3_pcia.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_pci.c crypto/x509v3/v3_pci.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/pcy_cache.c crypto/x509v3/pcy_cache.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/pcy_node.c crypto/x509v3/pcy_node.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/pcy_data.c crypto/x509v3/pcy_data.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/pcy_map.c crypto/x509v3/pcy_map.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/pcy_tree.c crypto/x509v3/pcy_tree.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/pcy_lib.c crypto/x509v3/pcy_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_asid.c crypto/x509v3/v3_asid.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_addr.c crypto/x509v3/v3_addr.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_err.c crypto/conf/conf_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_lib.c crypto/conf/conf_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_api.c crypto/conf/conf_api.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_def.h crypto/conf/conf_def.h -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_def.c crypto/conf/conf_def.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_mod.c crypto/conf/conf_mod.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_mall.c crypto/conf/conf_mall.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_sap.c crypto/conf/conf_sap.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/txt_db/txt_db.c crypto/txt_db/txt_db.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pk7_asn1.c crypto/pkcs7/pk7_asn1.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pk7_lib.c crypto/pkcs7/pk7_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pkcs7err.c crypto/pkcs7/pkcs7err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pk7_doit.c crypto/pkcs7/pk7_doit.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pk7_smime.c crypto/pkcs7/pk7_smime.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pk7_attr.c crypto/pkcs7/pk7_attr.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pk7_mime.c crypto/pkcs7/pk7_mime.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/bio_pk7.c crypto/pkcs7/bio_pk7.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_add.c crypto/pkcs12/p12_add.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_asn.c crypto/pkcs12/p12_asn.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_attr.c crypto/pkcs12/p12_attr.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_crpt.c crypto/pkcs12/p12_crpt.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_crt.c crypto/pkcs12/p12_crt.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_decr.c crypto/pkcs12/p12_decr.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_init.c crypto/pkcs12/p12_init.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_key.c crypto/pkcs12/p12_key.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_kiss.c crypto/pkcs12/p12_kiss.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_mutl.c crypto/pkcs12/p12_mutl.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_utl.c crypto/pkcs12/p12_utl.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_npas.c crypto/pkcs12/p12_npas.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/pk12err.c crypto/pkcs12/pk12err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_p8d.c crypto/pkcs12/p12_p8d.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_p8e.c crypto/pkcs12/p12_p8e.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/comp/comp_lib.c crypto/comp/comp_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/comp/comp_err.c crypto/comp/comp_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/comp/c_rle.c crypto/comp/c_rle.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/comp/c_zlib.c crypto/comp/c_zlib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_asn.c crypto/ocsp/ocsp_asn.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_ext.c crypto/ocsp/ocsp_ext.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_ht.c crypto/ocsp/ocsp_ht.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_lib.c crypto/ocsp/ocsp_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_cl.c crypto/ocsp/ocsp_cl.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_srv.c crypto/ocsp/ocsp_srv.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_prn.c crypto/ocsp/ocsp_prn.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_vfy.c crypto/ocsp/ocsp_vfy.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_err.c crypto/ocsp/ocsp_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ui/ui_locl.h crypto/ui/ui_locl.h -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ui/ui_lib.c crypto/ui/ui_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ui/ui_util.c crypto/ui/ui_util.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ui/ui_compat.c crypto/ui/ui_compat.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/krb5/krb5_asn.c crypto/krb5/krb5_asn.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cmac/cmac.c crypto/cmac/cmac.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cmac/cm_ameth.c crypto/cmac/cm_ameth.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cmac/cm_pmeth.c crypto/cmac/cm_pmeth.c - - find . -name "*.[ch]" -exec chmod -x {} \; - -diff --git a/Cryptlib/Pem/CryptPem.c b/Cryptlib/Pem/CryptPem.c -new file mode 100644 -index 0000000..51e648b ---- /dev/null -+++ b/Cryptlib/Pem/CryptPem.c -@@ -0,0 +1,135 @@ -+/** @file -+ PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation over OpenSSL. -+ -+Copyright (c) 2010 - 2013, Intel Corporation. All rights reserved.
-+This program and the accompanying materials -+are licensed and made available under the terms and conditions of the BSD License -+which accompanies this distribution. The full text of the license may be found at -+http://opensource.org/licenses/bsd-license.php -+ -+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -+ -+**/ -+ -+#include "InternalCryptLib.h" -+#include -+ -+/** -+ Callback function for password phrase conversion used for retrieving the encrypted PEM. -+ -+ @param[out] Buf Pointer to the buffer to write the passphrase to. -+ @param[in] Size Maximum length of the passphrase (i.e. the size of Buf). -+ @param[in] Flag A flag which is set to 0 when reading and 1 when writing. -+ @param[in] Key Key data to be passed to the callback routine. -+ -+ @retval The number of characters in the passphrase or 0 if an error occurred. -+ -+**/ -+INTN -+PasswordCallback ( -+ OUT CHAR8 *Buf, -+ IN INTN Size, -+ IN INTN Flag, -+ IN VOID *Key -+ ) -+{ -+ INTN KeyLength; -+ -+ ZeroMem ((VOID *) Buf, (UINTN) Size); -+ if (Key != NULL) { -+ // -+ // Duplicate key phrase directly. -+ // -+ KeyLength = (INTN) AsciiStrLen ((CHAR8 *)Key); -+ KeyLength = (KeyLength > Size ) ? Size : KeyLength; -+ CopyMem (Buf, Key, (UINTN) KeyLength); -+ return KeyLength; -+ } else { -+ return 0; -+ } -+} -+ -+/** -+ Retrieve the RSA Private Key from the password-protected PEM key data. -+ -+ @param[in] PemData Pointer to the PEM-encoded key data to be retrieved. -+ @param[in] PemSize Size of the PEM key data in bytes. -+ @param[in] Password NULL-terminated passphrase used for encrypted PEM key data. -+ @param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved -+ RSA private key component. Use RsaFree() function to free the -+ resource. -+ -+ If PemData is NULL, then return FALSE. -+ If RsaContext is NULL, then return FALSE. -+ -+ @retval TRUE RSA Private Key was retrieved successfully. -+ @retval FALSE Invalid PEM key data or incorrect password. -+ -+**/ -+BOOLEAN -+EFIAPI -+RsaGetPrivateKeyFromPem ( -+ IN CONST UINT8 *PemData, -+ IN UINTN PemSize, -+ IN CONST CHAR8 *Password, -+ OUT VOID **RsaContext -+ ) -+{ -+ BOOLEAN Status; -+ BIO *PemBio; -+ -+ // -+ // Check input parameters. -+ // -+ if (PemData == NULL || RsaContext == NULL || PemSize > INT_MAX) { -+ return FALSE; -+ } -+ -+ // -+ // Add possible block-cipher descriptor for PEM data decryption. -+ // NOTE: Only support most popular ciphers (3DES, AES) for the encrypted PEM. -+ // -+ if (EVP_add_cipher (EVP_des_ede3_cbc ()) == 0) { -+ return FALSE; -+ } -+ if (EVP_add_cipher (EVP_aes_128_cbc ()) == 0) { -+ return FALSE; -+ } -+ if (EVP_add_cipher (EVP_aes_192_cbc ()) == 0) { -+ return FALSE; -+ } -+ if (EVP_add_cipher (EVP_aes_256_cbc ()) == 0) { -+ return FALSE; -+ } -+ -+ Status = FALSE; -+ -+ // -+ // Read encrypted PEM Data. -+ // -+ PemBio = BIO_new (BIO_s_mem ()); -+ if (PemBio == NULL) { -+ goto _Exit; -+ } -+ -+ if (BIO_write (PemBio, PemData, (int) PemSize) <= 0) { -+ goto _Exit; -+ } -+ -+ // -+ // Retrieve RSA Private Key from encrypted PEM data. -+ // -+ *RsaContext = PEM_read_bio_RSAPrivateKey (PemBio, NULL, (pem_password_cb *) &PasswordCallback, (void *) Password); -+ if (*RsaContext != NULL) { -+ Status = TRUE; -+ } -+ -+_Exit: -+ // -+ // Release Resources. -+ // -+ BIO_free (PemBio); -+ -+ return Status; -+} -diff --git a/Cryptlib/Pem/CryptPemNull.c b/Cryptlib/Pem/CryptPemNull.c -deleted file mode 100644 -index 8c9e4f0..0000000 ---- a/Cryptlib/Pem/CryptPemNull.c -+++ /dev/null -@@ -1,44 +0,0 @@ --/** @file -- PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation which does -- not provide real capabilities. -- --Copyright (c) 2012, Intel Corporation. All rights reserved.
--This program and the accompanying materials --are licensed and made available under the terms and conditions of the BSD License --which accompanies this distribution. The full text of the license may be found at --http://opensource.org/licenses/bsd-license.php -- --THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, --WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -- --**/ -- --#include "InternalCryptLib.h" -- --/** -- Retrieve the RSA Private Key from the password-protected PEM key data. -- -- Return FALSE to indicate this interface is not supported. -- -- @param[in] PemData Pointer to the PEM-encoded key data to be retrieved. -- @param[in] PemSize Size of the PEM key data in bytes. -- @param[in] Password NULL-terminated passphrase used for encrypted PEM key data. -- @param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved -- RSA private key component. Use RsaFree() function to free the -- resource. -- -- @retval FALSE This interface is not supported. -- --**/ --BOOLEAN --EFIAPI --RsaGetPrivateKeyFromPem ( -- IN CONST UINT8 *PemData, -- IN UINTN PemSize, -- IN CONST CHAR8 *Password, -- OUT VOID **RsaContext -- ) --{ -- ASSERT (FALSE); -- return FALSE; --} -diff --git a/Cryptlib/Pk/CryptPkcs7Verify.c b/Cryptlib/Pk/CryptPkcs7Verify.c -index bf24e92..dcaba43 100644 ---- a/Cryptlib/Pk/CryptPkcs7Verify.c -+++ b/Cryptlib/Pk/CryptPkcs7Verify.c -@@ -10,7 +10,7 @@ - WrapPkcs7Data(), Pkcs7GetSigners(), Pkcs7Verify() will get UEFI Authenticated - Variable and will do basic check for data structure. - --Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.
-+Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.
- This program and the accompanying materials - are licensed and made available under the terms and conditions of the BSD License - which accompanies this distribution. The full text of the license may be found at -@@ -163,7 +163,6 @@ X509PopCertificate ( - STACK_OF(X509) *CertStack; - BOOLEAN Status; - INT32 Result; -- BUF_MEM *Ptr; - INT32 Length; - VOID *Buffer; - -@@ -193,8 +192,7 @@ X509PopCertificate ( - goto _Exit; - } - -- BIO_get_mem_ptr (CertBio, &Ptr); -- Length = (INT32)(Ptr->length); -+ Length = (INT32)(((BUF_MEM *) CertBio->ptr)->length); - if (Length <= 0) { - goto _Exit; - } -@@ -465,15 +463,12 @@ Pkcs7GetCertificatesList ( - BOOLEAN Wrapped; - UINT8 Index; - PKCS7 *Pkcs7; -- X509_STORE_CTX *CertCtx; -- STACK_OF(X509) *CtxChain; -- STACK_OF(X509) *CtxUntrusted; -- X509 *CtxCert; -+ X509_STORE_CTX CertCtx; - STACK_OF(X509) *Signers; - X509 *Signer; - X509 *Cert; -+ X509 *TempCert; - X509 *Issuer; -- X509_NAME *IssuerName; - UINT8 *CertBuf; - UINT8 *OldBuf; - UINTN BufferSize; -@@ -487,11 +482,8 @@ Pkcs7GetCertificatesList ( - Status = FALSE; - NewP7Data = NULL; - Pkcs7 = NULL; -- CertCtx = NULL; -- CtxChain = NULL; -- CtxCert = NULL; -- CtxUntrusted = NULL; - Cert = NULL; -+ TempCert = NULL; - SingleCert = NULL; - CertBuf = NULL; - OldBuf = NULL; -@@ -539,26 +531,19 @@ Pkcs7GetCertificatesList ( - } - Signer = sk_X509_value (Signers, 0); - -- CertCtx = X509_STORE_CTX_new (); -- if (CertCtx == NULL) { -- goto _Error; -- } -- if (!X509_STORE_CTX_init (CertCtx, NULL, Signer, Pkcs7->d.sign->cert)) { -+ if (!X509_STORE_CTX_init (&CertCtx, NULL, Signer, Pkcs7->d.sign->cert)) { - goto _Error; - } - // - // Initialize Chained & Untrusted stack - // -- CtxChain = X509_STORE_CTX_get0_chain (CertCtx); -- CtxCert = X509_STORE_CTX_get0_cert (CertCtx); -- if (CtxChain == NULL) { -- if (((CtxChain = sk_X509_new_null ()) == NULL) || -- (!sk_X509_push (CtxChain, CtxCert))) { -+ if (CertCtx.chain == NULL) { -+ if (((CertCtx.chain = sk_X509_new_null ()) == NULL) || -+ (!sk_X509_push (CertCtx.chain, CertCtx.cert))) { - goto _Error; - } - } -- CtxUntrusted = X509_STORE_CTX_get0_untrusted (CertCtx); -- (VOID)sk_X509_delete_ptr (CtxUntrusted, Signer); -+ (VOID)sk_X509_delete_ptr (CertCtx.untrusted, Signer); - - // - // Build certificates stack chained from Signer's certificate. -@@ -568,25 +553,27 @@ Pkcs7GetCertificatesList ( - // - // Self-Issue checking - // -- Issuer = NULL; -- if (X509_STORE_CTX_get1_issuer (&Issuer, CertCtx, Cert) == 1) { -- if (X509_cmp (Issuer, Cert) == 0) { -- break; -- } -+ if (CertCtx.check_issued (&CertCtx, Cert, Cert)) { -+ break; - } - - // - // Found the issuer of the current certificate - // -- if (CtxUntrusted != NULL) { -+ if (CertCtx.untrusted != NULL) { - Issuer = NULL; -- IssuerName = X509_get_issuer_name (Cert); -- Issuer = X509_find_by_subject (CtxUntrusted, IssuerName); -+ for (Index = 0; Index < sk_X509_num (CertCtx.untrusted); Index++) { -+ TempCert = sk_X509_value (CertCtx.untrusted, Index); -+ if (CertCtx.check_issued (&CertCtx, Cert, TempCert)) { -+ Issuer = TempCert; -+ break; -+ } -+ } - if (Issuer != NULL) { -- if (!sk_X509_push (CtxChain, Issuer)) { -+ if (!sk_X509_push (CertCtx.chain, Issuer)) { - goto _Error; - } -- (VOID)sk_X509_delete_ptr (CtxUntrusted, Issuer); -+ (VOID)sk_X509_delete_ptr (CertCtx.untrusted, Issuer); - - Cert = Issuer; - continue; -@@ -608,13 +595,13 @@ Pkcs7GetCertificatesList ( - // UINT8 Certn[]; - // - -- if (CtxChain != NULL) { -+ if (CertCtx.chain != NULL) { - BufferSize = sizeof (UINT8); - OldSize = BufferSize; - CertBuf = NULL; - - for (Index = 0; ; Index++) { -- Status = X509PopCertificate (CtxChain, &SingleCert, &CertSize); -+ Status = X509PopCertificate (CertCtx.chain, &SingleCert, &CertSize); - if (!Status) { - break; - } -@@ -652,13 +639,13 @@ Pkcs7GetCertificatesList ( - } - } - -- if (CtxUntrusted != NULL) { -+ if (CertCtx.untrusted != NULL) { - BufferSize = sizeof (UINT8); - OldSize = BufferSize; - CertBuf = NULL; - - for (Index = 0; ; Index++) { -- Status = X509PopCertificate (CtxUntrusted, &SingleCert, &CertSize); -+ Status = X509PopCertificate (CertCtx.untrusted, &SingleCert, &CertSize); - if (!Status) { - break; - } -@@ -711,8 +698,7 @@ _Error: - } - sk_X509_free (Signers); - -- X509_STORE_CTX_cleanup (CertCtx); -- X509_STORE_CTX_free (CertCtx); -+ X509_STORE_CTX_cleanup (&CertCtx); - - if (SingleCert != NULL) { - free (SingleCert); -diff --git a/Cryptlib/Pk/CryptRsaBasic.c b/Cryptlib/Pk/CryptRsaBasic.c -index ba1bcf0..e68dd02 100644 ---- a/Cryptlib/Pk/CryptRsaBasic.c -+++ b/Cryptlib/Pk/CryptRsaBasic.c -@@ -7,7 +7,7 @@ - 3) RsaSetKey - 4) RsaPkcs1Verify - --Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.
-+Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.
- This program and the accompanying materials - are licensed and made available under the terms and conditions of the BSD License - which accompanies this distribution. The full text of the license may be found at -@@ -92,15 +92,7 @@ RsaSetKey ( - IN UINTN BnSize - ) - { -- RSA *RsaKey; -- BIGNUM *BnN; -- BIGNUM *BnE; -- BIGNUM *BnD; -- BIGNUM *BnP; -- BIGNUM *BnQ; -- BIGNUM *BnDp; -- BIGNUM *BnDq; -- BIGNUM *BnQInv; -+ RSA *RsaKey; - - // - // Check input parameters. -@@ -109,23 +101,7 @@ RsaSetKey ( - return FALSE; - } - -- BnN = NULL; -- BnE = NULL; -- BnD = NULL; -- BnP = NULL; -- BnQ = NULL; -- BnDp = NULL; -- BnDq = NULL; -- BnQInv = NULL; -- -- // -- // Retrieve the components from RSA object. -- // - RsaKey = (RSA *) RsaContext; -- RSA_get0_key (RsaKey, (const BIGNUM **)&BnN, (const BIGNUM **)&BnE, (const BIGNUM **)&BnD); -- RSA_get0_factors (RsaKey, (const BIGNUM **)&BnP, (const BIGNUM **)&BnQ); -- RSA_get0_crt_params (RsaKey, (const BIGNUM **)&BnDp, (const BIGNUM **)&BnDq, (const BIGNUM **)&BnQInv); -- - // - // Set RSA Key Components by converting octet string to OpenSSL BN representation. - // NOTE: For RSA public key (used in signature verification), only public components -@@ -134,109 +110,144 @@ RsaSetKey ( - switch (KeyTag) { - - // -- // RSA Public Modulus (N), Public Exponent (e) and Private Exponent (d) -+ // RSA Public Modulus (N) - // - case RsaKeyN: -- case RsaKeyE: -- case RsaKeyD: -- if (BnN == NULL) { -- BnN = BN_new (); -+ if (RsaKey->n != NULL) { -+ BN_free (RsaKey->n); - } -- if (BnE == NULL) { -- BnE = BN_new (); -+ RsaKey->n = NULL; -+ if (BigNumber == NULL) { -+ break; - } -- if (BnD == NULL) { -- BnD = BN_new (); -+ RsaKey->n = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->n); -+ if (RsaKey->n == NULL) { -+ return FALSE; - } - -- if ((BnN == NULL) || (BnE == NULL) || (BnD == NULL)) { -+ break; -+ -+ // -+ // RSA Public Exponent (e) -+ // -+ case RsaKeyE: -+ if (RsaKey->e != NULL) { -+ BN_free (RsaKey->e); -+ } -+ RsaKey->e = NULL; -+ if (BigNumber == NULL) { -+ break; -+ } -+ RsaKey->e = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->e); -+ if (RsaKey->e == NULL) { - return FALSE; - } - -- switch (KeyTag) { -- case RsaKeyN: -- BnN = BN_bin2bn (BigNumber, (UINT32)BnSize, BnN); -- break; -- case RsaKeyE: -- BnE = BN_bin2bn (BigNumber, (UINT32)BnSize, BnE); -- break; -- case RsaKeyD: -- BnD = BN_bin2bn (BigNumber, (UINT32)BnSize, BnD); -+ break; -+ -+ // -+ // RSA Private Exponent (d) -+ // -+ case RsaKeyD: -+ if (RsaKey->d != NULL) { -+ BN_free (RsaKey->d); -+ } -+ RsaKey->d = NULL; -+ if (BigNumber == NULL) { - break; -- default: -- return FALSE; - } -- if (RSA_set0_key (RsaKey, BN_dup(BnN), BN_dup(BnE), BN_dup(BnD)) == 0) { -+ RsaKey->d = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->d); -+ if (RsaKey->d == NULL) { - return FALSE; - } - - break; - - // -- // RSA Secret Prime Factor of Modulus (p and q) -+ // RSA Secret Prime Factor of Modulus (p) - // - case RsaKeyP: -- case RsaKeyQ: -- if (BnP == NULL) { -- BnP = BN_new (); -+ if (RsaKey->p != NULL) { -+ BN_free (RsaKey->p); - } -- if (BnQ == NULL) { -- BnQ = BN_new (); -+ RsaKey->p = NULL; -+ if (BigNumber == NULL) { -+ break; - } -- if ((BnP == NULL) || (BnQ == NULL)) { -+ RsaKey->p = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->p); -+ if (RsaKey->p == NULL) { - return FALSE; - } - -- switch (KeyTag) { -- case RsaKeyP: -- BnP = BN_bin2bn (BigNumber, (UINT32)BnSize, BnP); -- break; -- case RsaKeyQ: -- BnQ = BN_bin2bn (BigNumber, (UINT32)BnSize, BnQ); -+ break; -+ -+ // -+ // RSA Secret Prime Factor of Modules (q) -+ // -+ case RsaKeyQ: -+ if (RsaKey->q != NULL) { -+ BN_free (RsaKey->q); -+ } -+ RsaKey->q = NULL; -+ if (BigNumber == NULL) { - break; -- default: -- return FALSE; - } -- if (RSA_set0_factors (RsaKey, BN_dup(BnP), BN_dup(BnQ)) == 0) { -+ RsaKey->q = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->q); -+ if (RsaKey->q == NULL) { - return FALSE; - } - - break; - - // -- // p's CRT Exponent (== d mod (p - 1)), q's CRT Exponent (== d mod (q - 1)), -- // and CRT Coefficient (== 1/q mod p) -+ // p's CRT Exponent (== d mod (p - 1)) - // - case RsaKeyDp: -- case RsaKeyDq: -- case RsaKeyQInv: -- if (BnDp == NULL) { -- BnDp = BN_new (); -- } -- if (BnDq == NULL) { -- BnDq = BN_new (); -+ if (RsaKey->dmp1 != NULL) { -+ BN_free (RsaKey->dmp1); - } -- if (BnQInv == NULL) { -- BnQInv = BN_new (); -+ RsaKey->dmp1 = NULL; -+ if (BigNumber == NULL) { -+ break; - } -- if ((BnDp == NULL) || (BnDq == NULL) || (BnQInv == NULL)) { -+ RsaKey->dmp1 = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->dmp1); -+ if (RsaKey->dmp1 == NULL) { - return FALSE; - } - -- switch (KeyTag) { -- case RsaKeyDp: -- BnDp = BN_bin2bn (BigNumber, (UINT32)BnSize, BnDp); -- break; -- case RsaKeyDq: -- BnDq = BN_bin2bn (BigNumber, (UINT32)BnSize, BnDq); -- break; -- case RsaKeyQInv: -- BnQInv = BN_bin2bn (BigNumber, (UINT32)BnSize, BnQInv); -+ break; -+ -+ // -+ // q's CRT Exponent (== d mod (q - 1)) -+ // -+ case RsaKeyDq: -+ if (RsaKey->dmq1 != NULL) { -+ BN_free (RsaKey->dmq1); -+ } -+ RsaKey->dmq1 = NULL; -+ if (BigNumber == NULL) { - break; -- default: -+ } -+ RsaKey->dmq1 = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->dmq1); -+ if (RsaKey->dmq1 == NULL) { - return FALSE; - } -- if (RSA_set0_crt_params (RsaKey, BN_dup(BnDp), BN_dup(BnDq), BN_dup(BnQInv)) == 0) { -+ -+ break; -+ -+ // -+ // The CRT Coefficient (== 1/q mod p) -+ // -+ case RsaKeyQInv: -+ if (RsaKey->iqmp != NULL) { -+ BN_free (RsaKey->iqmp); -+ } -+ RsaKey->iqmp = NULL; -+ if (BigNumber == NULL) { -+ break; -+ } -+ RsaKey->iqmp = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->iqmp); -+ if (RsaKey->iqmp == NULL) { - return FALSE; - } - -@@ -300,11 +311,11 @@ RsaPkcs1Verify ( - case MD5_DIGEST_SIZE: - DigestType = NID_md5; - break; -- -+ - case SHA1_DIGEST_SIZE: - DigestType = NID_sha1; - break; -- -+ - case SHA256_DIGEST_SIZE: - DigestType = NID_sha256; - break; -diff --git a/Cryptlib/Pk/CryptTs.c b/Cryptlib/Pk/CryptTs.c -index d63c23d..1b78472 100644 ---- a/Cryptlib/Pk/CryptTs.c -+++ b/Cryptlib/Pk/CryptTs.c -@@ -5,7 +5,7 @@ - the lifetime of the signature when a signing certificate expires or is later - revoked. - --Copyright (c) 2014 - 2017, Intel Corporation. All rights reserved.
-+Copyright (c) 2014 - 2015, Intel Corporation. All rights reserved.
- This program and the accompanying materials - are licensed and made available under the terms and conditions of the BSD License - which accompanies this distribution. The full text of the license may be found at -@@ -239,7 +239,7 @@ CheckTSTInfo ( - TS_MESSAGE_IMPRINT *Imprint; - X509_ALGOR *HashAlgo; - CONST EVP_MD *Md; -- EVP_MD_CTX *MdCtx; -+ EVP_MD_CTX MdCtx; - UINTN MdSize; - UINT8 *HashedMsg; - -@@ -249,7 +249,6 @@ CheckTSTInfo ( - Status = FALSE; - HashAlgo = NULL; - HashedMsg = NULL; -- MdCtx = NULL; - - // - // -- Check version number of Timestamp: -@@ -286,17 +285,11 @@ CheckTSTInfo ( - if (HashedMsg == NULL) { - goto _Exit; - } -- MdCtx = EVP_MD_CTX_new (); -- if (MdCtx == NULL) { -- goto _Exit; -- } -- if ((EVP_DigestInit_ex (MdCtx, Md, NULL) != 1) || -- (EVP_DigestUpdate (MdCtx, TimestampedData, DataSize) != 1) || -- (EVP_DigestFinal (MdCtx, HashedMsg, NULL) != 1)) { -- goto _Exit; -- } -+ EVP_DigestInit (&MdCtx, Md); -+ EVP_DigestUpdate (&MdCtx, TimestampedData, DataSize); -+ EVP_DigestFinal (&MdCtx, HashedMsg, NULL); - if ((MdSize == (UINTN)ASN1_STRING_length (Imprint->HashedMessage)) && -- (CompareMem (HashedMsg, ASN1_STRING_get0_data (Imprint->HashedMessage), MdSize) != 0)) { -+ (CompareMem (HashedMsg, ASN1_STRING_data (Imprint->HashedMessage), MdSize) != 0)) { - goto _Exit; - } - -@@ -322,7 +315,6 @@ CheckTSTInfo ( - - _Exit: - X509_ALGOR_free (HashAlgo); -- EVP_MD_CTX_free (MdCtx); - if (HashedMsg != NULL) { - FreePool (HashedMsg); - } -diff --git a/Cryptlib/Pk/CryptX509.c b/Cryptlib/Pk/CryptX509.c -index 7d27597..7dc4596 100644 ---- a/Cryptlib/Pk/CryptX509.c -+++ b/Cryptlib/Pk/CryptX509.c -@@ -1,7 +1,7 @@ - /** @file - X.509 Certificate Handler Wrapper Implementation over OpenSSL. - --Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.
-+Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.
- This program and the accompanying materials - are licensed and made available under the terms and conditions of the BSD License - which accompanies this distribution. The full text of the license may be found at -@@ -73,7 +73,7 @@ X509ConstructCertificate ( - @param ... A list of DER-encoded single certificate data followed - by certificate size. A NULL terminates the list. The - pairs are the arguments to X509ConstructCertificate(). -- -+ - @retval TRUE The X509 stack construction succeeded. - @retval FALSE The construction operation failed. - -@@ -82,7 +82,7 @@ BOOLEAN - EFIAPI - X509ConstructCertificateStack ( - IN OUT UINT8 **X509Stack, -- ... -+ ... - ) - { - UINT8 *Cert; -@@ -175,14 +175,14 @@ EFIAPI - X509Free ( - IN VOID *X509Cert - ) --{ -+{ - // - // Check input parameters. - // - if (X509Cert == NULL) { - return; - } -- -+ - // - // Free OpenSSL X509 object. - // -@@ -209,7 +209,7 @@ X509StackFree ( - if (X509Stack == NULL) { - return; - } -- -+ - // - // Free OpenSSL X509 stack object. - // -@@ -324,7 +324,7 @@ RsaGetPublicKeyFromX509 ( - BOOLEAN Status; - EVP_PKEY *Pkey; - X509 *X509Cert; -- -+ - // - // Check input parameters. - // -@@ -350,14 +350,14 @@ RsaGetPublicKeyFromX509 ( - // Retrieve and check EVP_PKEY data from X509 Certificate. - // - Pkey = X509_get_pubkey (X509Cert); -- if ((Pkey == NULL) || (EVP_PKEY_id (Pkey) != EVP_PKEY_RSA)) { -+ if ((Pkey == NULL) || (Pkey->type != EVP_PKEY_RSA)) { - goto _Exit; - } - - // - // Duplicate RSA Context from the retrieved EVP_PKEY. - // -- if ((*RsaContext = RSAPublicKey_dup (EVP_PKEY_get0_RSA (Pkey))) != NULL) { -+ if ((*RsaContext = RSAPublicKey_dup (Pkey->pkey.rsa)) != NULL) { - Status = TRUE; - } - -@@ -371,7 +371,7 @@ _Exit: - - if (Pkey != NULL) { - EVP_PKEY_free (Pkey); -- } -+ } - - return Status; - } -@@ -405,8 +405,8 @@ X509VerifyCert ( - X509 *X509Cert; - X509 *X509CACert; - X509_STORE *CertStore; -- X509_STORE_CTX *CertCtx; -- -+ X509_STORE_CTX CertCtx; -+ - // - // Check input parameters. - // -@@ -418,7 +418,6 @@ X509VerifyCert ( - X509Cert = NULL; - X509CACert = NULL; - CertStore = NULL; -- CertCtx = NULL; - - // - // Register & Initialize necessary digest algorithms for certificate verification. -@@ -474,19 +473,15 @@ X509VerifyCert ( - // - // Set up X509_STORE_CTX for the subsequent verification operation. - // -- CertCtx = X509_STORE_CTX_new (); -- if (CertCtx == NULL) { -- goto _Exit; -- } -- if (!X509_STORE_CTX_init (CertCtx, CertStore, X509Cert, NULL)) { -+ if (!X509_STORE_CTX_init (&CertCtx, CertStore, X509Cert, NULL)) { - goto _Exit; - } - - // - // X509 Certificate Verification. - // -- Status = (BOOLEAN) X509_verify_cert (CertCtx); -- X509_STORE_CTX_cleanup (CertCtx); -+ Status = (BOOLEAN) X509_verify_cert (&CertCtx); -+ X509_STORE_CTX_cleanup (&CertCtx); - - _Exit: - // -@@ -503,9 +498,7 @@ _Exit: - if (CertStore != NULL) { - X509_STORE_free (CertStore); - } -- -- X509_STORE_CTX_free (CertCtx); -- -+ - return Status; - } - -@@ -582,6 +575,6 @@ X509GetTBSCert ( - } - - *TBSCertSize = Length + (Temp - *TBSCert); -- -+ - return TRUE; - } -diff --git a/Cryptlib/SysCall/BaseMemAllocation.c b/Cryptlib/SysCall/BaseMemAllocation.c -index 65e9938..792b29e 100644 ---- a/Cryptlib/SysCall/BaseMemAllocation.c -+++ b/Cryptlib/SysCall/BaseMemAllocation.c -@@ -2,7 +2,7 @@ - Base Memory Allocation Routines Wrapper for Crypto library over OpenSSL - during PEI & DXE phases. - --Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.
-+Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.
- This program and the accompanying materials - are licensed and made available under the terms and conditions of the BSD License - which accompanies this distribution. The full text of the license may be found at -@@ -13,8 +13,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - - **/ - --#include --#include -+#include - - // - // -- Memory-Allocation Routines -- -diff --git a/Cryptlib/SysCall/BaseStrings.c b/Cryptlib/SysCall/BaseStrings.c -index 2267d86..4387571 100644 ---- a/Cryptlib/SysCall/BaseStrings.c -+++ b/Cryptlib/SysCall/BaseStrings.c -@@ -1,9 +1,9 @@ --#include -+#include - --char * --AsciiStrCat(char *Destination, char *Source) -+CHAR8 * -+AsciiStrCat(CHAR8 *Destination, CHAR8 *Source) - { -- UINTN dest_len = strlena((CHAR8 *)Destination); -+ UINTN dest_len = strlena(Destination); - UINTN i; - - for (i = 0; Source[i] != '\0'; i++) -@@ -25,8 +25,8 @@ AsciiStrCpy(CHAR8 *Destination, CHAR8 *Source) - return Destination; - } - --char * --AsciiStrnCpy(char *Destination, char *Source, UINTN count) -+CHAR8 * -+AsciiStrnCpy(CHAR8 *Destination, CHAR8 *Source, UINTN count) - { - UINTN i; - -@@ -64,62 +64,4 @@ AsciiStrSize(CHAR8 *string) - return strlena(string) + 1; - } - --/* Based on AsciiStrDecimalToUintnS() in edk2 -- * MdePkg/Library/BaseLib/SafeString.c */ --UINTN --AsciiStrDecimalToUintn(const char *String) --{ -- UINTN Result; -- -- if (String == NULL) -- return 0; -- -- /* Ignore the pad spaces (space or tab) */ -- while ((*String == ' ') || (*String == '\t')) { -- String++; -- } -- -- /* Ignore leading Zeros after the spaces */ -- while (*String == '0') { -- String++; -- } -- -- Result = 0; -- -- while (*String >= '0' && *String <= '9') { -- Result = Result * 10 + (*String - '0'); -- String++; -- } -- -- return Result; --} -- --int --strcmp (const char *str1, const char *str2) --{ -- return strcmpa((CHAR8 *)str1,(CHAR8 *)str2); --} -- --inline static char --toupper (char c) --{ -- return ((c >= 'a' && c <= 'z') ? c - ('a' - 'A') : c); --} -- --/* Based on AsciiStriCmp() in edk2 MdePkg/Library/BaseLib/String.c */ --int --strcasecmp (const char *str1, const char *str2) --{ -- char c1, c2; -- -- c1 = toupper (*str1); -- c2 = toupper (*str2); -- while ((*str1 != '\0') && (c1 == c2)) { -- str1++; -- str2++; -- c1 = toupper (*str1); -- c2 = toupper (*str2); -- } - -- return c1 - c2; --} -diff --git a/Cryptlib/SysCall/CrtWrapper.c b/Cryptlib/SysCall/CrtWrapper.c -index 7878953..1afe319 100644 ---- a/Cryptlib/SysCall/CrtWrapper.c -+++ b/Cryptlib/SysCall/CrtWrapper.c -@@ -2,7 +2,7 @@ - C Run-Time Libraries (CRT) Wrapper Implementation for OpenSSL-based - Cryptographic Library. - --Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.
-+Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.
- This program and the accompanying materials - are licensed and made available under the terms and conditions of the BSD License - which accompanies this distribution. The full text of the license may be found at -@@ -13,7 +13,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - - **/ - --#include -+#include - - int errno = 0; - -@@ -136,30 +136,6 @@ char *strrchr (const char *str, int c) - } - } - --/* Compare first n bytes of string s1 with string s2, ignoring case */ --int strncasecmp (const char *s1, const char *s2, size_t n) --{ -- int Val; -- -- ASSERT(s1 != NULL); -- ASSERT(s2 != NULL); -- -- if (n != 0) { -- do { -- Val = tolower(*s1) - tolower(*s2); -- if (Val != 0) { -- return Val; -- } -- ++s1; -- ++s2; -- if (*s1 == '\0') { -- break; -- } -- } while (--n != 0); -- } -- return 0; --} -- - /* Read formatted data from a string */ - int sscanf (const char *buffer, const char *format, ...) - { -@@ -170,70 +146,6 @@ int sscanf (const char *buffer, const char *format, ...) - return 0; - } - --/* Maps errnum to an error-message string */ --char * strerror (int errnum) --{ -- return NULL; --} -- --/* Computes the length of the maximum initial segment of the string pointed to by s1 -- which consists entirely of characters from the string pointed to by s2. */ --size_t strspn (const char *s1 , const char *s2) --{ -- UINT8 Map[32]; -- UINT32 Index; -- size_t Count; -- -- for (Index = 0; Index < 32; Index++) { -- Map[Index] = 0; -- } -- -- while (*s2) { -- Map[*s2 >> 3] |= (1 << (*s2 & 7)); -- s2++; -- } -- -- if (*s1) { -- Count = 0; -- while (Map[*s1 >> 3] & (1 << (*s1 & 7))) { -- Count++; -- s1++; -- } -- -- return Count; -- } -- -- return 0; --} -- --/* Computes the length of the maximum initial segment of the string pointed to by s1 -- which consists entirely of characters not from the string pointed to by s2. */ --size_t strcspn (const char *s1, const char *s2) --{ -- UINT8 Map[32]; -- UINT32 Index; -- size_t Count; -- -- for (Index = 0; Index < 32; Index++) { -- Map[Index] = 0; -- } -- -- while (*s2) { -- Map[*s2 >> 3] |= (1 << (*s2 & 7)); -- s2++; -- } -- -- Map[0] |= 1; -- -- Count = 0; -- while (!(Map[*s1 >> 3] & (1 << (*s1 & 7)))) { -- Count ++; -- s1++; -- } -- -- return Count; --} -- - // - // -- Character Classification Routines -- - // -@@ -365,12 +277,52 @@ char *getenv (const char *varname) - // -- Stream I/O Routines -- - // - -+/* Write formatted output using a pointer to a list of arguments */ -+int vfprintf (FILE *stream, const char *format, VA_LIST arg) -+{ -+ return 0; -+} -+ - /* Write data to a stream */ - size_t fwrite (const void *buffer, size_t size, size_t count, FILE *stream) - { - return 0; - } - -+// -+// -- Dummy OpenSSL Support Routines -- -+// -+ -+void *UI_OpenSSL(void) -+{ -+ return NULL; -+} -+ -+int X509_load_cert_file (VOID *ctx, const char *file, int type) -+{ -+ return 0; -+} -+ -+int X509_load_crl_file (VOID *ctx, const char *file, int type) -+{ -+ return 0; -+} -+ -+int chmod (const char *c, mode_t m) -+{ -+ return -1; -+} -+ -+int close (int f) -+{ -+ return -1; -+} -+ -+void closelog (void) -+{ -+ -+} -+ - #ifdef __GNUC__ - - typedef -@@ -379,6 +331,7 @@ VOID - VOID - ) __attribute__((__noreturn__)); - -+ - STATIC - VOID - EFIAPI -@@ -388,7 +341,8 @@ NopFunction ( - { - } - --void abort (void) -+ -+void exit (int e) - { - NoReturnFuncPtr NoReturnFunc; - -@@ -399,9 +353,8 @@ void abort (void) - - #else - --void abort (void) -+void exit (int e) - { -- // Do nothing - } - - #endif -@@ -421,6 +374,16 @@ size_t fread (void *b, size_t c, size_t i, FILE *f) - return 0; - } - -+int fputs (const char *s, FILE *f) -+{ -+ return 0; -+} -+ -+int fprintf (FILE *f, const char *s, ...) -+{ -+ return 0; -+} -+ - uid_t getuid (void) - { - return 0; -@@ -441,6 +404,46 @@ gid_t getegid (void) - return 0; - } - -+off_t lseek (int a, off_t o, int d) -+{ -+ return 0; -+} -+ -+void openlog (const char *c, int a, int b) -+{ -+ -+} -+ -+ssize_t read (int f, void *b, size_t c) -+{ -+ return 0; -+} -+ -+int stat (const char *c, struct stat *s) -+{ -+ return -1; -+} -+ -+int strcasecmp (const char *c, const char *s) -+{ -+ return 0; -+} -+ -+int strncasecmp (const char *c, const char *s, size_t l) -+{ -+ return 0; -+} -+ -+void syslog (int a, const char *c, ...) -+{ -+ -+} -+ -+ssize_t write (int f, const void *b, size_t l) -+{ -+ return 0; -+} -+ - int printf (char const *fmt, ...) - { - return 0; -diff --git a/Cryptlib/SysCall/TimerWrapper.c b/Cryptlib/SysCall/TimerWrapper.c -index 04fe4ef..27ac44a 100644 ---- a/Cryptlib/SysCall/TimerWrapper.c -+++ b/Cryptlib/SysCall/TimerWrapper.c -@@ -2,7 +2,7 @@ - C Run-Time Libraries (CRT) Time Management Routines Wrapper Implementation - for OpenSSL-based Cryptographic Library (used in DXE & RUNTIME). - --Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.
-+Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.
- This program and the accompanying materials - are licensed and made available under the terms and conditions of the BSD License - which accompanies this distribution. The full text of the license may be found at -@@ -13,7 +13,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - - **/ - --#include -+#include - - // - // -- Time Management Routines -- -diff --git a/Cryptlib/opensslconf-diff.patch b/Cryptlib/opensslconf-diff.patch -deleted file mode 100644 -index efd2ea4..0000000 ---- a/Cryptlib/opensslconf-diff.patch -+++ /dev/null -@@ -1,24 +0,0 @@ --diff --git a/Cryptlib/Include/openssl/opensslconf.h b/Cryptlib/Include/openssl/opensslconf.h --index 1917d7a..c73d03a 100644 ----- a/Cryptlib/Include/openssl/opensslconf.h --+++ b/Cryptlib/Include/openssl/opensslconf.h --@@ -47,6 +47,9 @@ extern "C" { -- #ifndef OPENSSL_NO_CT -- # define OPENSSL_NO_CT -- #endif --+#ifndef OPENSSL_NO_DES --+# define OPENSSL_NO_DES --+#endif -- #ifndef OPENSSL_NO_DSA -- # define OPENSSL_NO_DSA -- #endif --@@ -59,6 +62,9 @@ extern "C" { -- #ifndef OPENSSL_NO_MD2 -- # define OPENSSL_NO_MD2 -- #endif --+#ifndef OPENSSL_NO_MD4 --+# define OPENSSL_NO_MD4 --+#endif -- #ifndef OPENSSL_NO_MDC2 -- # define OPENSSL_NO_MDC2 -- #endif -diff --git a/Cryptlib/update.sh b/Cryptlib/update.sh -index 392e21a..255e175 100755 ---- a/Cryptlib/update.sh -+++ b/Cryptlib/update.sh -@@ -1,6 +1,7 @@ - #!/bin/bash - - DIR=$1 -+OPENSSL_VERSION="1.0.2k" - - cp $DIR/CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h InternalCryptLib.h - cp $DIR/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c Hash/CryptMd4Null.c -@@ -23,16 +24,11 @@ cp $DIR/CryptoPkg/Library/BaseCryptLib/Pk/CryptDhNull.c Pk/CryptDhNull.c - cp $DIR/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c Pk/CryptTs.c - cp $DIR/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c Pk/CryptX509.c - cp $DIR/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c Pk/CryptAuthenticode.c --cp $DIR/CryptoPkg/Library/BaseCryptLib/Pem/CryptPemNull.c Pem/CryptPemNull.c -+cp $DIR/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c Pem/CryptPem.c - cp $DIR/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c SysCall/CrtWrapper.c - cp $DIR/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c SysCall/TimerWrapper.c - cp $DIR/CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c SysCall/BaseMemAllocation.c - --cp $DIR/CryptoPkg/Library/OpensslLib/openssl/include/openssl/*.h Include/openssl/ --cp $DIR/CryptoPkg/Library/OpensslLib/openssl/include/internal/*.h Include/internal/ --cp $DIR/CryptoPkg/Library/Include/internal/dso_conf.h Include/internal/ -- --cp $DIR/CryptoPkg/Library/Include/openssl/opensslconf.h Include/openssl/ -+cp $DIR/CryptoPkg/Library/OpensslLib/openssl-${OPENSSL_VERSION}/include/openssl/* Include/openssl/ - - patch -p2 - #include - #include -+#include - #include "PasswordCrypt.h" - #include "crypt_blowfish.h" - -@@ -30,6 +31,20 @@ UINT16 get_hash_size (const UINT16 method) - return 0; - } - -+static EFI_STATUS trad_des_crypt (const char *key, const char *salt, UINT8 *hash) -+{ -+ char result[TRAD_DES_HASH_SIZE + 1]; -+ char *ret; -+ -+ ret = DES_fcrypt(key, salt, result); -+ if (ret) { -+ CopyMem(hash, result, TRAD_DES_HASH_SIZE); -+ return EFI_SUCCESS; -+ } -+ -+ return EFI_UNSUPPORTED; -+} -+ - static const char md5_salt_prefix[] = "$1$"; - - static EFI_STATUS md5_crypt (const char *key, UINT32 key_len, -@@ -293,6 +308,8 @@ EFI_STATUS password_crypt (const char *password, UINT32 pw_length, - - switch (pw_crypt->method) { - case TRADITIONAL_DES: -+ status = trad_des_crypt (password, (char *)pw_crypt->salt, hash); -+ break; - case EXTEND_BSDI_DES: - status = EFI_UNSUPPORTED; - break; -diff --git a/shim.c b/shim.c -index 32aa521..b7e80a8 100644 ---- a/shim.c -+++ b/shim.c -@@ -422,6 +422,8 @@ static BOOLEAN verify_eku(UINT8 *Cert, UINTN CertSize) - X509_free(x509); - } - -+ OBJ_cleanup(); -+ - return TRUE; - } - --- -2.14.1 - - -From 6ebc67c3bf42eedd92f19065767ab2320d8645fc Mon Sep 17 00:00:00 2001 -From: Gary Lin -Date: Fri, 7 Apr 2017 11:27:26 +0800 -Subject: [PATCH 2/3] Cryptlib: Include stddef.h in CrtLibSupport.h - -The changes in the openssl headers cause the inclusion of -CrtLibSupport.h eariler than the inclusion of stddef.h, so "offsetof" -was defined twice and this caused the followling build error: - -In file included from Cryptlib/Include/openssl/buffer.h:23:0, - from Cryptlib/Include/openssl/x509.h:22, - from shim.c:56: -/usr/lib64/gcc/x86_64-suse-linux/6/include/stddef.h:417:0: error: "offsetof" redefined [-Werror] - #define offsetof(TYPE, MEMBER) __builtin_offsetof (TYPE, MEMBER) - -In file included from Cryptlib/Include/limits.h:15:0, - from Cryptlib/Include/openssl/ossl_typ.h:13, - from Cryptlib/Include/openssl/x509.h:20, - from shim.c:56: -Cryptlib/Include/CrtLibSupport.h:192:0: note: this is the location of the previous definition - #define offsetof(type, member) ( (int) & ((type*)0) -> member ) - -We can lower the priority of the gcc include path or just remove the -path, but this might cause problem since the path was introduced on -purpose(*). Instead, including stddef.h first is more feasible. - -(*) https://github.com/rhinstaller/shim/commit/d51739a416400ad348d8a1c7e3886abce11fff1b - -Signed-off-by: Gary Lin -(cherry picked from commit 1b5dbc4b4df297e4a351ed2b8434a9021c4041d1) ---- - Cryptlib/Include/OpenSslSupport.h | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/Cryptlib/Include/OpenSslSupport.h b/Cryptlib/Include/OpenSslSupport.h -index f73bbc9..fff6a52 100644 ---- a/Cryptlib/Include/OpenSslSupport.h -+++ b/Cryptlib/Include/OpenSslSupport.h -@@ -23,6 +23,11 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - #include - #include - -+/* -+ * Include stddef.h to avoid redefining "offsetof" -+ */ -+#include -+ - #define CONST const - - // --- -2.14.1 - - -From ab2e00d400c68e1c1949323f2f3c52f6ae28ecc8 Mon Sep 17 00:00:00 2001 -From: Gary Lin -Date: Fri, 7 Apr 2017 17:14:09 +0800 -Subject: [PATCH 3/3] Cryptlib: implement strcmp() and strcasecmp() - -strcmp() and strcasecmp() are widely used in openssl. Implement those -two functions to eliminate the gcc warnings and the potential crash. - -Signed-off-by: Gary Lin -(cherry picked from commit e06765ae0dbbc874ff9e04dbd0e7d82989048261) ---- - Cryptlib/Include/OpenSslSupport.h | 1 - - Cryptlib/SysCall/BaseStrings.c | 28 ++++++++++++++++++++++++++++ - Cryptlib/SysCall/CrtWrapper.c | 5 ----- - 3 files changed, 28 insertions(+), 6 deletions(-) - -diff --git a/Cryptlib/Include/OpenSslSupport.h b/Cryptlib/Include/OpenSslSupport.h -index fff6a52..5f85f79 100644 ---- a/Cryptlib/Include/OpenSslSupport.h -+++ b/Cryptlib/Include/OpenSslSupport.h -@@ -366,7 +366,6 @@ extern FILE *stdout; - #define memchr(buf,ch,count) ScanMem8(buf,(UINTN)(count),(UINT8)ch) - #define memcmp(buf1,buf2,count) (int)(CompareMem(buf1,buf2,(UINTN)(count))) - #define memmove(dest,source,count) CopyMem(dest,source,(UINTN)(count)) --#define strcmp strcmpa - #define strncmp(string1,string2,count) (int)(AsciiStrnCmp(string1,string2,(UINTN)(count))) - #define strcpy(strDest,strSource) AsciiStrCpy(strDest,strSource) - #define strncpy(strDest,strSource,count) AsciiStrnCpy(strDest,strSource,(UINTN)count) -diff --git a/Cryptlib/SysCall/BaseStrings.c b/Cryptlib/SysCall/BaseStrings.c -index 4387571..1844a65 100644 ---- a/Cryptlib/SysCall/BaseStrings.c -+++ b/Cryptlib/SysCall/BaseStrings.c -@@ -64,4 +64,32 @@ AsciiStrSize(CHAR8 *string) - return strlena(string) + 1; - } - -+int -+strcmp (const char *str1, const char *str2) -+{ -+ return strcmpa((CHAR8 *)str1,(CHAR8 *)str2); -+} -+ -+inline static char -+toupper (char c) -+{ -+ return ((c >= 'a' && c <= 'z') ? c - ('a' - 'A') : c); -+} - -+/* Based on AsciiStriCmp() in edk2 MdePkg/Library/BaseLib/String.c */ -+int -+strcasecmp (const char *str1, const char *str2) -+{ -+ char c1, c2; -+ -+ c1 = toupper (*str1); -+ c2 = toupper (*str2); -+ while ((*str1 != '\0') && (c1 == c2)) { -+ str1++; -+ str2++; -+ c1 = toupper (*str1); -+ c2 = toupper (*str2); -+ } -+ -+ return c1 - c2; -+} -diff --git a/Cryptlib/SysCall/CrtWrapper.c b/Cryptlib/SysCall/CrtWrapper.c -index 1afe319..698e1ee 100644 ---- a/Cryptlib/SysCall/CrtWrapper.c -+++ b/Cryptlib/SysCall/CrtWrapper.c -@@ -424,11 +424,6 @@ int stat (const char *c, struct stat *s) - return -1; - } - --int strcasecmp (const char *c, const char *s) --{ -- return 0; --} -- - int strncasecmp (const char *c, const char *s, size_t l) - { - return 0; --- -2.14.1 - diff --git a/shim-change-debug-file-path.patch b/shim-change-debug-file-path.patch index 4cd29ef..2b490cb 100644 --- a/shim-change-debug-file-path.patch +++ b/shim-change-debug-file-path.patch @@ -1,23 +1,26 @@ -From a2b1ceac7093798d770cf50c8a2a78f7051c7be9 Mon Sep 17 00:00:00 2001 -From: Gary Ching-Pang Lin -Date: Wed, 15 Jul 2015 18:15:40 +0800 -Subject: [PATCH] Change the debug file path +From 4e83fe57c5a8f1ba32a264f7a936e0e3a9aafedc Mon Sep 17 00:00:00 2001 +From: Gary Lin +Date: Thu, 4 Jan 2018 12:28:37 +0800 +Subject: [PATCH] Use our own debug path -Signed-off-by: Gary Ching-Pang Lin +Signed-off-by: Gary Lin --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -Index: shim-12/Makefile -=================================================================== ---- shim-12.orig/Makefile -+++ shim-12/Makefile -@@ -50,7 +50,7 @@ ifeq ($(ARCH),x86_64) - -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI \ - -DNO_BUILTIN_VA_FUNCS \ - -DMDE_CPU_X64 "-DEFI_ARCH=L\"x64\"" -DPAGE_SIZE=4096 \ -- "-DDEBUGDIR=L\"/usr/lib/debug/usr/share/shim/x64-$(VERSION)$(RELEASE)/\"" -+ "-DDEBUGDIR=L\"/usr/lib/debug/usr/lib64/efi/shim.debug\"" - EFI_PATH:=/usr/lib64/gnuefi - LIB_PATH:=/usr/lib64 +diff --git a/Makefile b/Makefile +index f4b7adb..55f6126 100644 +--- a/Makefile ++++ b/Makefile +@@ -122,7 +122,7 @@ SHIMHASHNAME = $(SHIMSTEM).hash + BOOTEFINAME ?= BOOT$(ARCH_SUFFIX_UPPER).EFI + BOOTCSVNAME ?= BOOT$(ARCH_SUFFIX_UPPER).CSV +-CFLAGS += "-DEFI_ARCH=L\"$(ARCH_SUFFIX)\"" "-DDEBUGDIR=L\"/usr/lib/debug/usr/share/shim/$(ARCH_SUFFIX)-$(VERSION)$(DASHRELEASE)/\"" ++CFLAGS += "-DEFI_ARCH=L\"$(ARCH_SUFFIX)\"" "-DDEBUGDIR=L\"/usr/lib/debug/usr/lib64/efi/shim.debug\"" + + ifneq ($(origin VENDOR_CERT_FILE), undefined) + CFLAGS += -DVENDOR_CERT_FILE=\"$(VENDOR_CERT_FILE)\" +-- +2.15.1 + diff --git a/shim-fallback-workaround-masked-ami-variables.patch b/shim-fallback-workaround-masked-ami-variables.patch deleted file mode 100644 index 57e04c3..0000000 --- a/shim-fallback-workaround-masked-ami-variables.patch +++ /dev/null @@ -1,198 +0,0 @@ -From 38744a099187401f2f5e382c2ce8869e1e9b22a0 Mon Sep 17 00:00:00 2001 -From: Lans Zhang -Date: Fri, 11 Aug 2017 13:42:20 +0800 -Subject: [PATCH] fallback: work around the issue of boot option creation with - AMI BIOS - -AMI BIOS (e.g, Intel NUC5i3MYHE) may automatically hide and patch BootXXXX -variables with ami_masked_device_path_guid. - -Initially, the normal boot option created by fallback looks like this: -00000000 01 00 00 00 5e 00 42 00 6f 00 6f 00 74 00 6c 00 |....^.B.o.o.t.l.| -00000010 6f 00 61 00 64 00 65 00 72 00 20 00 54 00 65 00 |o.a.d.e.r. .T.e.| -00000020 73 00 74 00 20 00 28 00 36 00 34 00 2d 00 62 00 |s.t. .(.6.4.-.b.| -00000030 69 00 74 00 29 00 00 00 04 01 2a 00 01 00 00 00 |i.t.).....*.....| -00000040 00 08 00 00 00 00 00 00 00 00 08 00 00 00 00 00 |................| -00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000060 01 01 04 04 30 00 5c 00 45 00 46 00 49 00 5c 00 |....0.\.E.F.I.\.| -00000070 42 00 4f 00 4f 00 54 00 5c 00 74 00 65 00 73 00 |B.O.O.T.\.t.e.s.| -00000080 74 00 78 00 36 00 34 00 2e 00 65 00 66 00 69 00 |t.x.6.4...e.f.i.| -00000090 00 00 7f ff 04 00 |......| -00000096 - -after reboot, fallback has to create a new one due to the previous boot -option is hidden and masked by AMI BIOS: -00000000 09 00 00 00 76 00 42 00 6f 00 6f 00 74 00 6c 00 |....v.B.o.o.t.l.| -00000010 6f 00 61 00 64 00 65 00 72 00 20 00 54 00 65 00 |o.a.d.e.r. .T.e.| -00000020 73 00 74 00 20 00 28 00 36 00 34 00 2d 00 62 00 |s.t. .(.6.4.-.b.| -00000030 69 00 74 00 29 00 00 00 01 04 14 00 e7 75 e2 99 |i.t.)........u..| -00000040 a0 75 37 4b a2 e6 c5 38 5e 6c 00 cb 7f ff 04 00 |.u7K...8^l......| -00000050 04 01 2a 00 01 00 00 00 00 08 00 00 00 00 00 00 |..*.............| -00000060 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000070 00 00 00 00 00 00 00 00 01 01 04 04 30 00 5c 00 |............0.\.| -00000080 45 00 46 00 49 00 5c 00 42 00 4f 00 4f 00 54 00 |E.F.I.\.B.O.O.T.| -00000090 5c 00 74 00 65 00 73 00 74 00 78 00 36 00 34 00 |\.t.e.s.t.x.6.4.| -000000a0 2e 00 65 00 66 00 69 00 00 00 7f ff 04 00 |..e.f.i.......| -000000ae - -And after several reboot, fallback will have to create more boot options -because AMI BIOS corrupts the previous ones. - -We can get the valid device path if just skipping the masked device path and -its next end path. - -Signed-off-by: Lans Zhang -(cherry picked from commit 0cc030c2f2fba53b74fb09466a07b8e6297a52d3) ---- - fallback.c | 114 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--- - 1 file changed, 109 insertions(+), 5 deletions(-) - -diff --git a/fallback.c b/fallback.c -index 5602a88..8c0369f 100644 ---- a/fallback.c -+++ b/fallback.c -@@ -286,6 +286,105 @@ add_boot_option(EFI_DEVICE_PATH *hddp, EFI_DEVICE_PATH *fulldp, - return EFI_OUT_OF_RESOURCES; - } - -+/* -+ * AMI BIOS (e.g, Intel NUC5i3MYHE) may automatically hide and patch BootXXXX -+ * variables with ami_masked_device_path_guid. We can get the valid device path -+ * if just skipping it and its next end path. -+ */ -+ -+static EFI_GUID ami_masked_device_path_guid = { -+ 0x99e275e7, 0x75a0, 0x4b37, -+ { 0xa2, 0xe6, 0xc5, 0x38, 0x5e, 0x6c, 0x0, 0xcb } -+}; -+ -+static unsigned int -+calc_masked_boot_option_size(unsigned int size) -+{ -+ return size + sizeof(EFI_DEVICE_PATH) + -+ sizeof(ami_masked_device_path_guid) + sizeof(EFI_DEVICE_PATH); -+} -+ -+static int -+check_masked_boot_option(CHAR8 *candidate, unsigned int candidate_size, -+ CHAR8 *data, unsigned int data_size) -+{ -+ /* -+ * The patched BootXXXX variables contain a hardware device path and -+ * an end path, preceding the real device path. -+ */ -+ if (calc_masked_boot_option_size(data_size) != candidate_size) -+ return 1; -+ -+ CHAR8 *cursor = candidate; -+ -+ /* Check whether the BootXXXX is patched */ -+ cursor += sizeof(UINT32) + sizeof(UINT16); -+ cursor += StrSize((CHAR16 *)cursor); -+ -+ unsigned int min_valid_size = cursor - candidate + sizeof(EFI_DEVICE_PATH); -+ -+ if (candidate_size <= min_valid_size) -+ return 1; -+ -+ EFI_DEVICE_PATH *dp = (EFI_DEVICE_PATH *)cursor; -+ unsigned int node_size = DevicePathNodeLength(dp) - sizeof(EFI_DEVICE_PATH); -+ -+ min_valid_size += node_size; -+ if (candidate_size <= min_valid_size || -+ DevicePathType(dp) != HARDWARE_DEVICE_PATH || -+ DevicePathSubType(dp) != HW_VENDOR_DP || -+ node_size != sizeof(ami_masked_device_path_guid) || -+ CompareGuid((EFI_GUID *)(cursor + sizeof(EFI_DEVICE_PATH)), -+ &ami_masked_device_path_guid)) -+ return 1; -+ -+ /* Check whether the patched guid is followed by an end path */ -+ min_valid_size += sizeof(EFI_DEVICE_PATH); -+ if (candidate_size <= min_valid_size) -+ return 1; -+ -+ dp = NextDevicePathNode(dp); -+ if (!IsDevicePathEnd(dp)) -+ return 1; -+ -+ /* -+ * OK. We may really get a masked BootXXXX variable. The next -+ * step is to test whether it is hidden. -+ */ -+ UINT32 attrs = *(UINT32 *)candidate; -+#ifndef LOAD_OPTION_HIDDEN -+# define LOAD_OPTION_HIDDEN 0x00000008 -+#endif -+ if (!(attrs & LOAD_OPTION_HIDDEN)) -+ return 1; -+ -+ attrs &= ~LOAD_OPTION_HIDDEN; -+ -+ /* Compare the field Attributes */ -+ if (attrs != *(UINT32 *)data) -+ return 1; -+ -+ /* Compare the field FilePathListLength */ -+ data += sizeof(UINT32); -+ candidate += sizeof(UINT32); -+ if (calc_masked_boot_option_size(*(UINT16 *)data) != -+ *(UINT16 *)candidate) -+ return 1; -+ -+ /* Compare the field Description */ -+ data += sizeof(UINT16); -+ candidate += sizeof(UINT16); -+ if (CompareMem(candidate, data, cursor - candidate)) -+ return 1; -+ -+ /* Compare the filed FilePathList */ -+ cursor = (CHAR8 *)NextDevicePathNode(dp); -+ data += sizeof(UINT16); -+ data += StrSize((CHAR16 *)data); -+ -+ return CompareMem(cursor, data, candidate_size - min_valid_size); -+} -+ - EFI_STATUS - find_boot_option(EFI_DEVICE_PATH *dp, EFI_DEVICE_PATH *fulldp, - CHAR16 *filename, CHAR16 *label, CHAR16 *arguments, -@@ -315,7 +414,8 @@ find_boot_option(EFI_DEVICE_PATH *dp, EFI_DEVICE_PATH *fulldp, - EFI_GUID global = EFI_GLOBAL_VARIABLE; - EFI_STATUS rc; - -- CHAR8 *candidate = AllocateZeroPool(size); -+ UINTN max_candidate_size = calc_masked_boot_option_size(size); -+ CHAR8 *candidate = AllocateZeroPool(max_candidate_size); - if (!candidate) { - FreePool(data); - return EFI_OUT_OF_RESOURCES; -@@ -327,17 +427,21 @@ find_boot_option(EFI_DEVICE_PATH *dp, EFI_DEVICE_PATH *fulldp, - varname[6] = hexmap[(bootorder[i] & 0x00f0) >> 4]; - varname[7] = hexmap[(bootorder[i] & 0x000f) >> 0]; - -- UINTN candidate_size = size; -+ UINTN candidate_size = max_candidate_size; - rc = uefi_call_wrapper(RT->GetVariable, 5, varname, &global, - NULL, &candidate_size, candidate); - if (EFI_ERROR(rc)) - continue; - -- if (candidate_size != size) -+ if (candidate_size != size) { -+ if (check_masked_boot_option(candidate, candidate_size, -+ data, size)) -+ continue; -+ } else if (CompareMem(candidate, data, size)) - continue; - -- if (CompareMem(candidate, data, size)) -- continue; -+ VerbosePrint(L"Found boot entry \"%s\" with label \"%s\" " -+ L"for file \"%s\"\n", varname, label, filename); - - /* at this point, we have duplicate data. */ - if (!first_new_option) { --- -2.14.1 - diff --git a/shim-fix-fallback-double-free.patch b/shim-fix-fallback-double-free.patch deleted file mode 100644 index edfc329..0000000 --- a/shim-fix-fallback-double-free.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 971c5225bea11b4193e4e69a939410030b420ed1 Mon Sep 17 00:00:00 2001 -From: Lans Zhang -Date: Wed, 9 Aug 2017 16:10:14 +0800 -Subject: [PATCH] fallback: fix double free of dp - -If the boot option recorded in csv is not in a media device path, the -corresponding full device path will be referred for creating the boot -variable. - -However, the current code logic always frees the full device path -(full_device_path) and the media device path (dp) separately. In order -to resolve this issue, always check whether dp equals to full_device_path -before freeing dp. - -Signed-off-by: Lans Zhang ---- - fallback.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/fallback.c b/fallback.c -index c80652a..0a7058b 100644 ---- a/fallback.c -+++ b/fallback.c -@@ -433,7 +433,7 @@ err: - FreePool(file); - if (full_device_path) - FreePool(full_device_path); -- if (dp) -+ if (dp && dp != full_device_path) - FreePool(dp); - if (fullpath) - FreePool(fullpath); --- -2.14.0 - diff --git a/shim-fix-httpboot-crash.patch b/shim-fix-httpboot-crash.patch deleted file mode 100644 index bf7ed07..0000000 --- a/shim-fix-httpboot-crash.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 1a83299ac5caca13be7ba69507f7623c99d9eef6 Mon Sep 17 00:00:00 2001 -From: Lans Zhang -Date: Fri, 30 Jun 2017 15:50:24 +0800 -Subject: [PATCH] httpboot: fix OVMF crash - -This is a typical typo. The free operation should be done if uri -was allocated. - -Signed-off-by: Lans Zhang ---- - httpboot.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/httpboot.c b/httpboot.c -index f8fbc73..e4657c1 100644 ---- a/httpboot.c -+++ b/httpboot.c -@@ -110,8 +110,10 @@ find_httpboot (EFI_HANDLE device) - URI_DEVICE_PATH *UriNode; - UINTN uri_size; - -- if (!uri) -+ if (uri) { - FreePool(uri); -+ uri = NULL; -+ } - - devpath = DevicePathFromHandle(device); - if (!devpath) { --- -2.14.0 - diff --git a/shim-fix-openssl-flags.patch b/shim-fix-openssl-flags.patch deleted file mode 100644 index e14e996..0000000 --- a/shim-fix-openssl-flags.patch +++ /dev/null @@ -1,40 +0,0 @@ -From a120ddd83d02f302c72baa1974691a1f677829f3 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Tue, 8 Aug 2017 17:48:59 -0400 -Subject: [PATCH] Fix openssl compile flags for x86_64 - -Signed-off-by: Peter Jones ---- - Cryptlib/Makefile | 2 +- - Cryptlib/OpenSSL/Makefile | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile -index 77a5bd4..e99f009 100644 ---- a/Cryptlib/Makefile -+++ b/Cryptlib/Makefile -@@ -8,7 +8,7 @@ CFLAGS = -ggdb -O0 -I. -fno-stack-protector -fno-strict-aliasing -fpic -fshort- - ifeq ($(ARCH),x86_64) - CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc -maccumulate-outgoing-args \ - -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI -DNO_BUILTIN_VA_FUNCS \ -- -DMDE_CPU_IA64 -+ -DMDE_CPU_X64 - endif - ifeq ($(ARCH),ia32) - CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc -maccumulate-outgoing-args -m32 \ -diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile -index 829fa5c..e54105b 100644 ---- a/Cryptlib/OpenSSL/Makefile -+++ b/Cryptlib/OpenSSL/Makefile -@@ -8,7 +8,7 @@ CFLAGS = -ggdb -O0 -I. -I.. -I../Include/ -Icrypto -fno-stack-protector -fno-st - ifeq ($(ARCH),x86_64) - CFLAGS += -mno-mmx -mno-sse -mno-red-zone -maccumulate-outgoing-args \ - -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI \ -- -UNO_BUILTIN_VA_FUNCS -DMDE_CPU_IA64 -+ -UNO_BUILTIN_VA_FUNCS -DMDE_CPU_X64 - endif - ifeq ($(ARCH),ia32) - CFLAGS += -mno-mmx -mno-sse -mno-red-zone -maccumulate-outgoing-args \ --- -2.14.0 - diff --git a/shim-httpboot-include-console.h.patch b/shim-httpboot-include-console.h.patch new file mode 100644 index 0000000..955f52c --- /dev/null +++ b/shim-httpboot-include-console.h.patch @@ -0,0 +1,28 @@ +From c6ecc2923b8072e9cb24806b1c1b92f63016fd63 Mon Sep 17 00:00:00 2001 +From: Gary Lin +Date: Thu, 4 Jan 2018 14:31:51 +0800 +Subject: [PATCH] httpboot: include console.h + +in_protocol is declared in console.h, so httpboot.c has to include the +header. + +Signed-off-by: Gary Lin +--- + httpboot.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/httpboot.c b/httpboot.c +index 058704f..b753405 100644 +--- a/httpboot.c ++++ b/httpboot.c +@@ -34,6 +34,7 @@ + #include + #include + #include "str.h" ++#include "console.h" + #include "Http.h" + #include "Ip4Config2.h" + #include "Ip6Config.h" +-- +2.15.1 + diff --git a/shim-more-tpm-measurement.patch b/shim-more-tpm-measurement.patch deleted file mode 100644 index 81351a8..0000000 --- a/shim-more-tpm-measurement.patch +++ /dev/null @@ -1,1263 +0,0 @@ -From 0ed82edaf88e51b2e4da26104202d681bb78f948 Mon Sep 17 00:00:00 2001 -From: Lans Zhang -Date: Wed, 21 Sep 2016 11:17:29 +0800 -Subject: [PATCH 1/9] update verification_method if the loaded image is signed - by shim/vendor cert - -Signed-off-by: Lans Zhang -(cherry picked from commit 6d4498fb3b66621992ef61f163befd1c8374781b) ---- - shim.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/shim.c b/shim.c -index 48c8797..7081be2 100644 ---- a/shim.c -+++ b/shim.c -@@ -1025,6 +1025,7 @@ static EFI_STATUS verify_buffer (char *data, int datasize, - cert->Hdr.dwLength - sizeof(cert->Hdr), - shim_cert, sizeof(shim_cert), sha256hash, - SHA256_DIGEST_SIZE)) { -+ update_verification_method(VERIFIED_BY_CERT); - status = EFI_SUCCESS; - return status; - } -@@ -1037,6 +1038,7 @@ static EFI_STATUS verify_buffer (char *data, int datasize, - cert->Hdr.dwLength - sizeof(cert->Hdr), - vendor_cert, vendor_cert_size, - sha256hash, SHA256_DIGEST_SIZE)) { -+ update_verification_method(VERIFIED_BY_CERT); - status = EFI_SUCCESS; - return status; - } --- -2.14.1 - - -From 36719046eba3e92ec91887391648d551412f47db Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Thu, 15 Jun 2017 15:16:04 +0200 -Subject: [PATCH 2/9] shim/tpm: Remove magic numbers - -When measuring data into the TPM and generating events logs, the event -type is set to EV_IPL (0xd), and for TPM1.2 the algorithm will always -be set to SHA-1 (0x4). - -So, add some macro-defined constants for these instead of having them -as magic numbers to make the code more readable. - -Signed-off-by: Javier Martinez Canillas -(cherry picked from commit 9c40fb7c0570430e28c8e5bc34223d6e3a59a929) ---- - tpm.c | 9 ++++----- - tpm.h | 3 +++ - 2 files changed, 7 insertions(+), 5 deletions(-) - -diff --git a/tpm.c b/tpm.c -index 88920bb..99486b1 100644 ---- a/tpm.c -+++ b/tpm.c -@@ -110,7 +110,7 @@ EFI_STATUS tpm_log_event(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 pcr, - event->Header.HeaderSize = sizeof(EFI_TCG2_EVENT_HEADER); - event->Header.HeaderVersion = 1; - event->Header.PCRIndex = pcr; -- event->Header.EventType = 0x0d; -+ event->Header.EventType = EV_IPL; - event->Size = sizeof(*event) - sizeof(event->Event) + strlen(description) + 1; - memcpy(event->Event, description, strlen(description) + 1); - status = uefi_call_wrapper(tpm2->hash_log_extend_event, 5, tpm2, -@@ -119,7 +119,7 @@ EFI_STATUS tpm_log_event(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 pcr, - return status; - } else { - TCG_PCR_EVENT *event; -- UINT32 algorithm, eventnum = 0; -+ UINT32 eventnum = 0; - EFI_PHYSICAL_ADDRESS lastevent; - - status = LibLocateProtocol(&tpm_guid, (VOID **)&tpm); -@@ -138,11 +138,10 @@ EFI_STATUS tpm_log_event(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 pcr, - } - - event->PCRIndex = pcr; -- event->EventType = 0x0d; -+ event->EventType = EV_IPL; - event->EventSize = strlen(description) + 1; -- algorithm = 0x00000004; - status = uefi_call_wrapper(tpm->log_extend_event, 7, tpm, buf, -- (UINT64)size, algorithm, event, -+ (UINT64)size, TPM_ALG_SHA, event, - &eventnum, &lastevent); - FreePool(event); - return status; -diff --git a/tpm.h b/tpm.h -index 7c83644..27cb418 100644 ---- a/tpm.h -+++ b/tpm.h -@@ -1,6 +1,9 @@ - #define EFI_TPM_GUID {0xf541796d, 0xa62e, 0x4954, {0xa7, 0x75, 0x95, 0x84, 0xf6, 0x1b, 0x9c, 0xdd }}; - #define EFI_TPM2_GUID {0x607f766c, 0x7455, 0x42be, {0x93, 0x0b, 0xe4, 0xd7, 0x6d, 0xb2, 0x72, 0x0f }}; - -+#define TPM_ALG_SHA 0x00000004 -+#define EV_IPL 0x0000000d -+ - EFI_STATUS tpm_log_event(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 pcr, - const CHAR8 *description); - --- -2.14.1 - - -From 69f0b00e0fba6a08455e0e2f72726b73ad0c2cc6 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Thu, 15 Jun 2017 15:16:05 +0200 -Subject: [PATCH 3/9] shim/tpm: Take out GetCapability() call from - tpm2_present() logic - -The EFI_TCG2_PROTOCOL.GetCapability() function is used to learn if a TPM2 -chip is present. But the protocol capability information is also needed -for other reasons, for example to determine what event log formats are -supported by the firmware. - -Take out the GetCapability() call from the tpm2_present() logic and reduce -that function to just checking if a TPM2 chip is available or not, so the -capabilities can later be used to determine the supported TPM log formats. - -Signed-off-by: Javier Martinez Canillas -(cherry picked from commit 0baa915056b6dc3dbea51c045e1e3ef8a0d86a08) ---- - tpm.c | 44 +++++++++++++++++++++++++++++++------------- - 1 file changed, 31 insertions(+), 13 deletions(-) - -diff --git a/tpm.c b/tpm.c -index 99486b1..2ca5845 100644 ---- a/tpm.c -+++ b/tpm.c -@@ -35,29 +35,41 @@ static BOOLEAN tpm_present(efi_tpm_protocol_t *tpm) - return TRUE; - } - --static BOOLEAN tpm2_present(efi_tpm2_protocol_t *tpm) -+static EFI_STATUS tpm2_get_caps(efi_tpm2_protocol_t *tpm, -+ EFI_TCG2_BOOT_SERVICE_CAPABILITY *caps, -+ BOOLEAN *old_caps) - { - EFI_STATUS status; -- EFI_TCG2_BOOT_SERVICE_CAPABILITY caps; -- TREE_BOOT_SERVICE_CAPABILITY *caps_1_0; - -- caps.Size = (UINT8)sizeof(caps); -+ caps->Size = (UINT8)sizeof(*caps); - -- status = uefi_call_wrapper(tpm->get_capability, 2, tpm, &caps); -+ status = uefi_call_wrapper(tpm->get_capability, 2, tpm, caps); - - if (status != EFI_SUCCESS) -- return FALSE; -+ return status; -+ -+ if (caps->StructureVersion.Major == 1 && -+ caps->StructureVersion.Minor == 0) -+ *old_caps = TRUE; - -- if (caps.StructureVersion.Major == 1 && -- caps.StructureVersion.Minor == 0) { -- caps_1_0 = (TREE_BOOT_SERVICE_CAPABILITY *)∩︀ -+ return EFI_SUCCESS; -+} -+ -+static BOOLEAN tpm2_present(efi_tpm2_protocol_t *tpm, -+ EFI_TCG2_BOOT_SERVICE_CAPABILITY *caps, -+ BOOLEAN old_caps) -+{ -+ TREE_BOOT_SERVICE_CAPABILITY *caps_1_0; -+ -+ if (old_caps) { -+ caps_1_0 = (TREE_BOOT_SERVICE_CAPABILITY *)caps; - if (caps_1_0->TrEEPresentFlag) - return TRUE; -- } else { -- if (caps.TPMPresentFlag) -- return TRUE; - } - -+ if (caps->TPMPresentFlag) -+ return TRUE; -+ - return FALSE; - } - -@@ -90,9 +102,15 @@ EFI_STATUS tpm_log_event(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 pcr, - status = LibLocateProtocol(&tpm2_guid, (VOID **)&tpm2); - /* TPM 2.0 */ - if (status == EFI_SUCCESS) { -+ BOOLEAN old_caps; - EFI_TCG2_EVENT *event; -+ EFI_TCG2_BOOT_SERVICE_CAPABILITY caps; -+ -+ status = tpm2_get_caps(tpm2, &caps, &old_caps); -+ if (status != EFI_SUCCESS) -+ return EFI_SUCCESS; - -- if (!tpm2_present(tpm2)) -+ if (!tpm2_present(tpm2, &caps, old_caps)) - return EFI_SUCCESS; - - status = trigger_tcg2_final_events_table(tpm2); --- -2.14.1 - - -From 947f9d7e70cc899997a1cfe89ee08152c6f921be Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Thu, 15 Jun 2017 15:16:06 +0200 -Subject: [PATCH 4/9] shim/tpm: Avoid passing an usupported event log format to - GetEventLogs() - -The TCG EFI Protocol Specification for family "2.0" mentions that not all -TPM2 chips may support the EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 (crypto agile) -log format. So instead of always use this log format, the GetCapability() -function should be used to determine which format is supported by the TPM. - -For example, the Intel PTT firmware based TPM found in Lenovo Thinkapd X1 -Carbon (4th gen), only supports SHA-1 (EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2) -log format. So a call to GetEventLog() using the crypto agile format was -returning EFI_INVALID_PARAMETER, making tpm_log_event() function to fail. - -This was preventing shim to correctly measure the second stage bootloader: - -$ tpm2_listpcrs -L 0x04:9 - -Bank/Algorithm: TPM_ALG_SHA1(0x0004) -PCR_09: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - -After passing a supported log format to GetEventLog(), it succeeds and so -shim is able to call the HashLogExtendEvent() EFI function correctly: - -$ tpm2_listpcrs -L 0x04:9 - -Bank/Algorithm: TPM_ALG_SHA1(0x0004) -PCR_09: 07 5a 7e d3 75 64 ad 91 1a 34 17 17 c2 34 10 2b 58 5b de b7 - -Signed-off-by: Javier Martinez Canillas -(cherry picked from commit 55c65546e46a78edbe41e88cb4ccbd2522e09625) ---- - tpm.c | 30 +++++++++++++++++++++++++----- - tpm.h | 3 ++- - 2 files changed, 27 insertions(+), 6 deletions(-) - -diff --git a/tpm.c b/tpm.c -index 2ca5845..b2f9c46 100644 ---- a/tpm.c -+++ b/tpm.c -@@ -73,6 +73,17 @@ static BOOLEAN tpm2_present(efi_tpm2_protocol_t *tpm, - return FALSE; - } - -+static inline EFI_TCG2_EVENT_LOG_BITMAP -+tpm2_get_supported_logs(efi_tpm2_protocol_t *tpm, -+ EFI_TCG2_BOOT_SERVICE_CAPABILITY *caps, -+ BOOLEAN old_caps) -+{ -+ if (old_caps) -+ return ((TREE_BOOT_SERVICE_CAPABILITY *)caps)->SupportedEventLogs; -+ -+ return caps->SupportedEventLogs; -+} -+ - /* - * According to TCG EFI Protocol Specification for TPM 2.0 family, - * all events generated after the invocation of EFI_TCG2_GET_EVENT_LOG -@@ -81,15 +92,21 @@ static BOOLEAN tpm2_present(efi_tpm2_protocol_t *tpm, - * internal switch through calling get_event_log() in order to allow - * to retrieve the logs from OS runtime. - */ --static EFI_STATUS trigger_tcg2_final_events_table(efi_tpm2_protocol_t *tpm2) -+static EFI_STATUS trigger_tcg2_final_events_table(efi_tpm2_protocol_t *tpm2, -+ EFI_TCG2_EVENT_LOG_BITMAP supported_logs) - { -+ EFI_TCG2_EVENT_LOG_FORMAT log_fmt; - EFI_PHYSICAL_ADDRESS start; - EFI_PHYSICAL_ADDRESS end; - BOOLEAN truncated; - -- return uefi_call_wrapper(tpm2->get_event_log, 5, tpm2, -- EFI_TCG2_EVENT_LOG_FORMAT_TCG_2, &start, -- &end, &truncated); -+ if (supported_logs & EFI_TCG2_EVENT_LOG_FORMAT_TCG_2) -+ log_fmt = EFI_TCG2_EVENT_LOG_FORMAT_TCG_2; -+ else -+ log_fmt = EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2; -+ -+ return uefi_call_wrapper(tpm2->get_event_log, 5, tpm2, log_fmt, -+ &start, &end, &truncated); - } - - EFI_STATUS tpm_log_event(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 pcr, -@@ -105,6 +122,7 @@ EFI_STATUS tpm_log_event(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 pcr, - BOOLEAN old_caps; - EFI_TCG2_EVENT *event; - EFI_TCG2_BOOT_SERVICE_CAPABILITY caps; -+ EFI_TCG2_EVENT_LOG_BITMAP supported_logs; - - status = tpm2_get_caps(tpm2, &caps, &old_caps); - if (status != EFI_SUCCESS) -@@ -113,7 +131,9 @@ EFI_STATUS tpm_log_event(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 pcr, - if (!tpm2_present(tpm2, &caps, old_caps)) - return EFI_SUCCESS; - -- status = trigger_tcg2_final_events_table(tpm2); -+ supported_logs = tpm2_get_supported_logs(tpm2, &caps, old_caps); -+ -+ status = trigger_tcg2_final_events_table(tpm2, supported_logs); - if (EFI_ERROR(status)) { - perror(L"Unable to trigger tcg2 final events table: %r\n", status); - return status; -diff --git a/tpm.h b/tpm.h -index 27cb418..cc1bbed 100644 ---- a/tpm.h -+++ b/tpm.h -@@ -122,7 +122,8 @@ typedef struct tdEFI_TCG2_EVENT { - uint8_t Event[1]; - } __attribute__ ((packed)) EFI_TCG2_EVENT; - --#define EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 0x00000002 -+#define EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 0x00000001 -+#define EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 0x00000002 - - struct efi_tpm2_protocol - { --- -2.14.1 - - -From 7518101bcca0213afe1ca94fbedb76a06d644d1d Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Tue, 20 Jun 2017 16:41:44 -0400 -Subject: [PATCH 5/9] tpm2_present(): remove unused tpm2 protocol argument. - -Signed-off-by: Peter Jones -(cherry picked from commit 919c17a45fe722dcc2b9bdaba538c738f97f88cd) ---- - tpm.c | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - -diff --git a/tpm.c b/tpm.c -index b2f9c46..c37cc48 100644 ---- a/tpm.c -+++ b/tpm.c -@@ -55,8 +55,7 @@ static EFI_STATUS tpm2_get_caps(efi_tpm2_protocol_t *tpm, - return EFI_SUCCESS; - } - --static BOOLEAN tpm2_present(efi_tpm2_protocol_t *tpm, -- EFI_TCG2_BOOT_SERVICE_CAPABILITY *caps, -+static BOOLEAN tpm2_present(EFI_TCG2_BOOT_SERVICE_CAPABILITY *caps, - BOOLEAN old_caps) - { - TREE_BOOT_SERVICE_CAPABILITY *caps_1_0; -@@ -128,7 +127,7 @@ EFI_STATUS tpm_log_event(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 pcr, - if (status != EFI_SUCCESS) - return EFI_SUCCESS; - -- if (!tpm2_present(tpm2, &caps, old_caps)) -+ if (!tpm2_present(&caps, old_caps)) - return EFI_SUCCESS; - - supported_logs = tpm2_get_supported_logs(tpm2, &caps, old_caps); --- -2.14.1 - - -From 4d722aae64e74192c16682caa204c90013cc42c0 Mon Sep 17 00:00:00 2001 -From: Matthew Garrett -Date: Mon, 22 May 2017 15:36:48 -0700 -Subject: [PATCH 6/9] Extend PCR 7 - -It's desirable to be able to use PCR 7 for all TPM policy on Secure Boot -systems, but right now Shim doesn't record any information about its -configuration or the signature used to launch the second stage loader. Add -support for that. - -(cherry picked from commit 8af7c4cacaf753f38f2564b26b962a7a2942d664) ---- - shim.c | 41 +++++++++++++++----- - tpm.c | 136 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++----- - tpm.h | 16 ++++++++ - 3 files changed, 174 insertions(+), 19 deletions(-) - -diff --git a/shim.c b/shim.c -index 7081be2..f621af9 100644 ---- a/shim.c -+++ b/shim.c -@@ -428,7 +428,8 @@ static BOOLEAN verify_eku(UINT8 *Cert, UINTN CertSize) - static CHECK_STATUS check_db_cert_in_ram(EFI_SIGNATURE_LIST *CertList, - UINTN dbsize, - WIN_CERTIFICATE_EFI_PKCS *data, -- UINT8 *hash) -+ UINT8 *hash, CHAR16 *dbname, -+ EFI_GUID guid) - { - EFI_SIGNATURE_DATA *Cert; - UINTN CertSize; -@@ -446,8 +447,10 @@ static CHECK_STATUS check_db_cert_in_ram(EFI_SIGNATURE_LIST *CertList, - Cert->SignatureData, - CertSize, - hash, SHA256_DIGEST_SIZE); -- if (IsFound) -+ if (IsFound) { -+ tpm_measure_variable(dbname, guid, CertSize, Cert->SignatureData); - return DATA_FOUND; -+ } - } - } else if (verbose) { - console_notify(L"Not a DER encoding x.509 Certificate"); -@@ -477,7 +480,7 @@ static CHECK_STATUS check_db_cert(CHAR16 *dbname, EFI_GUID guid, - - CertList = (EFI_SIGNATURE_LIST *)db; - -- rc = check_db_cert_in_ram(CertList, dbsize, data, hash); -+ rc = check_db_cert_in_ram(CertList, dbsize, data, hash, dbname, guid); - - FreePool(db); - -@@ -489,7 +492,8 @@ static CHECK_STATUS check_db_cert(CHAR16 *dbname, EFI_GUID guid, - */ - static CHECK_STATUS check_db_hash_in_ram(EFI_SIGNATURE_LIST *CertList, - UINTN dbsize, UINT8 *data, -- int SignatureSize, EFI_GUID CertType) -+ int SignatureSize, EFI_GUID CertType, -+ CHAR16 *dbname, EFI_GUID guid) - { - EFI_SIGNATURE_DATA *Cert; - UINTN CertCount, Index; -@@ -505,6 +509,7 @@ static CHECK_STATUS check_db_hash_in_ram(EFI_SIGNATURE_LIST *CertList, - // Find the signature in database. - // - IsFound = TRUE; -+ tpm_measure_variable(dbname, guid, SignatureSize, data); - break; - } - -@@ -545,7 +550,8 @@ static CHECK_STATUS check_db_hash(CHAR16 *dbname, EFI_GUID guid, UINT8 *data, - CertList = (EFI_SIGNATURE_LIST *)db; - - CHECK_STATUS rc = check_db_hash_in_ram(CertList, dbsize, data, -- SignatureSize, CertType); -+ SignatureSize, CertType, -+ dbname, guid); - FreePool(db); - return rc; - -@@ -563,15 +569,18 @@ static EFI_STATUS check_blacklist (WIN_CERTIFICATE_EFI_PKCS *cert, - EFI_SIGNATURE_LIST *dbx = (EFI_SIGNATURE_LIST *)vendor_dbx; - - if (check_db_hash_in_ram(dbx, vendor_dbx_size, sha256hash, -- SHA256_DIGEST_SIZE, EFI_CERT_SHA256_GUID) == -+ SHA256_DIGEST_SIZE, EFI_CERT_SHA256_GUID, -+ L"dbx", secure_var) == - DATA_FOUND) - return EFI_SECURITY_VIOLATION; - if (check_db_hash_in_ram(dbx, vendor_dbx_size, sha1hash, -- SHA1_DIGEST_SIZE, EFI_CERT_SHA1_GUID) == -+ SHA1_DIGEST_SIZE, EFI_CERT_SHA1_GUID, -+ L"dbx", secure_var) == - DATA_FOUND) - return EFI_SECURITY_VIOLATION; - if (cert && check_db_cert_in_ram(dbx, vendor_dbx_size, cert, -- sha256hash) == DATA_FOUND) -+ sha256hash, L"dbx", -+ secure_var) == DATA_FOUND) - return EFI_SECURITY_VIOLATION; - - if (check_db_hash(L"dbx", secure_var, sha256hash, SHA256_DIGEST_SIZE, -@@ -960,6 +969,7 @@ static EFI_STATUS verify_buffer (char *data, int datasize, - EFI_STATUS status = EFI_SECURITY_VIOLATION; - WIN_CERTIFICATE_EFI_PKCS *cert = NULL; - unsigned int size = datasize; -+ EFI_GUID shim_var = SHIM_LOCK_GUID; - - if (context->SecDir->Size != 0) { - if (context->SecDir->Size >= size) { -@@ -1026,6 +1036,7 @@ static EFI_STATUS verify_buffer (char *data, int datasize, - shim_cert, sizeof(shim_cert), sha256hash, - SHA256_DIGEST_SIZE)) { - update_verification_method(VERIFIED_BY_CERT); -+ tpm_measure_variable(L"Shim", shim_var, sizeof(shim_cert), shim_cert); - status = EFI_SUCCESS; - return status; - } -@@ -1039,6 +1050,7 @@ static EFI_STATUS verify_buffer (char *data, int datasize, - vendor_cert, vendor_cert_size, - sha256hash, SHA256_DIGEST_SIZE)) { - update_verification_method(VERIFIED_BY_CERT); -+ tpm_measure_variable(L"Shim", shim_var, vendor_cert_size, vendor_cert); - status = EFI_SUCCESS; - return status; - } -@@ -1888,7 +1900,11 @@ EFI_STATUS init_grub(EFI_HANDLE image_handle) - } - - /* -- * Measure some of the MOK variables into the TPM -+ * Measure some of the MOK variables into the TPM. We measure the entirety -+ * of MokList into PCR 14, and also measure the raw MokSBState there. PCR 7 -+ * will be extended with MokSBState in the Microsoft format, and we'll -+ * measure any matching hashes or certificates later on in order to behave -+ * consistently with the PCR 7 spec. - */ - EFI_STATUS measure_mok() - { -@@ -1915,9 +1931,14 @@ EFI_STATUS measure_mok() - if (efi_status != EFI_SUCCESS) - return efi_status; - -+ efi_status = tpm_measure_variable(L"MokSBState", shim_lock_guid, -+ DataSize, Data); -+ if (efi_status != EFI_SUCCESS) -+ goto out; -+ - efi_status = tpm_log_event((EFI_PHYSICAL_ADDRESS)(UINTN)Data, - DataSize, 14, (CHAR8 *)"MokSBState"); -- -+out: - FreePool(Data); - - return efi_status; -diff --git a/tpm.c b/tpm.c -index c37cc48..6e3933c 100644 ---- a/tpm.c -+++ b/tpm.c -@@ -14,6 +14,16 @@ extern UINT8 in_protocol; - }) - - -+typedef struct { -+ CHAR16 *VariableName; -+ EFI_GUID *VendorGuid; -+ VOID *Data; -+ UINTN Size; -+} VARIABLE_RECORD; -+ -+UINTN measuredcount = 0; -+VARIABLE_RECORD *measureddata = NULL; -+ - EFI_GUID tpm_guid = EFI_TPM_GUID; - EFI_GUID tpm2_guid = EFI_TPM2_GUID; - -@@ -108,8 +118,9 @@ static EFI_STATUS trigger_tcg2_final_events_table(efi_tpm2_protocol_t *tpm2, - &start, &end, &truncated); - } - --EFI_STATUS tpm_log_event(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 pcr, -- const CHAR8 *description) -+static EFI_STATUS tpm_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size, -+ UINT8 pcr, const CHAR8 *log, UINTN logsize, -+ UINT32 type) - { - EFI_STATUS status; - efi_tpm_protocol_t *tpm; -@@ -138,7 +149,7 @@ EFI_STATUS tpm_log_event(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 pcr, - return status; - } - -- event = AllocatePool(sizeof(*event) + strlen(description) + 1); -+ event = AllocatePool(sizeof(*event) + logsize); - if (!event) { - perror(L"Unable to allocate event structure\n"); - return EFI_OUT_OF_RESOURCES; -@@ -147,9 +158,9 @@ EFI_STATUS tpm_log_event(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 pcr, - event->Header.HeaderSize = sizeof(EFI_TCG2_EVENT_HEADER); - event->Header.HeaderVersion = 1; - event->Header.PCRIndex = pcr; -- event->Header.EventType = EV_IPL; -- event->Size = sizeof(*event) - sizeof(event->Event) + strlen(description) + 1; -- memcpy(event->Event, description, strlen(description) + 1); -+ event->Header.EventType = type; -+ event->Size = sizeof(*event) - sizeof(event->Event) + logsize + 1; -+ CopyMem(event->Event, (VOID *)log, logsize); - status = uefi_call_wrapper(tpm2->hash_log_extend_event, 5, tpm2, - 0, buf, (UINT64) size, event); - FreePool(event); -@@ -167,7 +178,7 @@ EFI_STATUS tpm_log_event(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 pcr, - if (!tpm_present(tpm)) - return EFI_SUCCESS; - -- event = AllocatePool(sizeof(*event) + strlen(description) + 1); -+ event = AllocatePool(sizeof(*event) + logsize); - - if (!event) { - perror(L"Unable to allocate event structure\n"); -@@ -175,8 +186,9 @@ EFI_STATUS tpm_log_event(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 pcr, - } - - event->PCRIndex = pcr; -- event->EventType = EV_IPL; -- event->EventSize = strlen(description) + 1; -+ event->EventType = type; -+ event->EventSize = logsize; -+ CopyMem(event->Event, (VOID *)log, logsize); - status = uefi_call_wrapper(tpm->log_extend_event, 7, tpm, buf, - (UINT64)size, TPM_ALG_SHA, event, - &eventnum, &lastevent); -@@ -186,3 +198,109 @@ EFI_STATUS tpm_log_event(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 pcr, - - return EFI_SUCCESS; - } -+EFI_STATUS tpm_log_event(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 pcr, -+ const CHAR8 *description) -+{ -+ return tpm_log_event_raw(buf, size, pcr, description, -+ strlen(description) + 1, 0xd); -+} -+ -+typedef struct { -+ EFI_GUID VariableName; -+ UINT64 UnicodeNameLength; -+ UINT64 VariableDataLength; -+ CHAR16 UnicodeName[1]; -+ INT8 VariableData[1]; -+} EFI_VARIABLE_DATA_TREE; -+ -+static BOOLEAN tpm_data_measured(CHAR16 *VarName, EFI_GUID VendorGuid, UINTN VarSize, VOID *VarData) -+{ -+ UINTN i; -+ -+ for (i=0; iUnicodeName) - -+ sizeof (VarLog->VariableData)); -+ -+ VarLog = (EFI_VARIABLE_DATA_TREE *) AllocateZeroPool (VarLogSize); -+ if (VarLog == NULL) { -+ return EFI_OUT_OF_RESOURCES; -+ } -+ -+ CopyMem (&VarLog->VariableName, &VendorGuid, -+ sizeof(VarLog->VariableName)); -+ VarLog->UnicodeNameLength = VarNameLength; -+ VarLog->VariableDataLength = VarSize; -+ CopyMem (VarLog->UnicodeName, VarName, -+ VarNameLength * sizeof (*VarName)); -+ CopyMem ((CHAR16 *)VarLog->UnicodeName + VarNameLength, VarData, -+ VarSize); -+ -+ Status = tpm_log_event_raw((EFI_PHYSICAL_ADDRESS)VarLog, VarLogSize, 7, -+ (CHAR8 *)VarLog, VarLogSize, -+ EV_EFI_VARIABLE_AUTHORITY); -+ -+ FreePool(VarLog); -+ -+ if (Status != EFI_SUCCESS) -+ return Status; -+ -+ return tpm_record_data_measurement(VarName, VendorGuid, VarSize, -+ VarData); -+} -diff --git a/tpm.h b/tpm.h -index cc1bbed..3769a1d 100644 ---- a/tpm.h -+++ b/tpm.h -@@ -7,6 +7,8 @@ - EFI_STATUS tpm_log_event(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 pcr, - const CHAR8 *description); - -+EFI_STATUS tpm_measure_variable(CHAR16 *dbname, EFI_GUID guid, UINTN size, void *data); -+ - typedef struct { - uint8_t Major; - uint8_t Minor; -@@ -154,3 +156,17 @@ struct efi_tpm2_protocol - }; - - typedef struct efi_tpm2_protocol efi_tpm2_protocol_t; -+ -+typedef UINT32 TCG_EVENTTYPE; -+ -+#define EV_EFI_EVENT_BASE ((TCG_EVENTTYPE) 0x80000000) -+#define EV_EFI_VARIABLE_DRIVER_CONFIG (EV_EFI_EVENT_BASE + 1) -+#define EV_EFI_VARIABLE_BOOT (EV_EFI_EVENT_BASE + 2) -+#define EV_EFI_BOOT_SERVICES_APPLICATION (EV_EFI_EVENT_BASE + 3) -+#define EV_EFI_BOOT_SERVICES_DRIVER (EV_EFI_EVENT_BASE + 4) -+#define EV_EFI_RUNTIME_SERVICES_DRIVER (EV_EFI_EVENT_BASE + 5) -+#define EV_EFI_GPT_EVENT (EV_EFI_EVENT_BASE + 6) -+#define EV_EFI_ACTION (EV_EFI_EVENT_BASE + 7) -+#define EV_EFI_PLATFORM_FIRMWARE_BLOB (EV_EFI_EVENT_BASE + 8) -+#define EV_EFI_HANDOFF_TABLES (EV_EFI_EVENT_BASE + 9) -+#define EV_EFI_VARIABLE_AUTHORITY (EV_EFI_EVENT_BASE + 0xE0) --- -2.14.1 - - -From 6572858b0c39cd8ba32e7e0d3f6791ccbe4d69c7 Mon Sep 17 00:00:00 2001 -From: Matthew Garrett -Date: Wed, 12 Jul 2017 15:29:24 -0700 -Subject: [PATCH 7/9] Measure stage 2 according to spec - -We're currently measuring the raw second stage loader into PCR 9, but -we're closer to spec if we measure the semi-parsed PE into PCR 4. The -hash that's logged is the same as the hash used for the Authenticode -validation, so refactor shim.c a little to separate out the hash -generation. - -(cherry picked from commit 22f2737535ca09faf48762df89b61e81b8d4a2f8) ---- - shim.c | 30 +++++++++++++++++++++--------- - tpm.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++-------- - tpm.h | 15 +++++++++++++++ - 3 files changed, 83 insertions(+), 17 deletions(-) - -diff --git a/shim.c b/shim.c -index f621af9..8feed6d 100644 ---- a/shim.c -+++ b/shim.c -@@ -962,10 +962,9 @@ static EFI_STATUS verify_mok (void) { - * Check that the signature is valid and matches the binary - */ - static EFI_STATUS verify_buffer (char *data, int datasize, -- PE_COFF_LOADER_IMAGE_CONTEXT *context) -+ PE_COFF_LOADER_IMAGE_CONTEXT *context, -+ UINT8 *sha256hash, UINT8 *sha1hash) - { -- UINT8 sha256hash[SHA256_DIGEST_SIZE]; -- UINT8 sha1hash[SHA1_DIGEST_SIZE]; - EFI_STATUS status = EFI_SECURITY_VIOLATION; - WIN_CERTIFICATE_EFI_PKCS *cert = NULL; - unsigned int size = datasize; -@@ -1206,6 +1205,8 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, - unsigned int alignment, alloc_size; - EFI_PHYSICAL_ADDRESS alloc_address; - int found_entry_point = 0; -+ UINT8 sha1hash[SHA1_DIGEST_SIZE]; -+ UINT8 sha256hash[SHA256_DIGEST_SIZE]; - - /* - * The binary header contains relevant context and section pointers -@@ -1219,8 +1220,17 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, - /* - * We only need to verify the binary if we're in secure mode - */ -+ efi_status = generate_hash(data, datasize, &context, sha256hash, -+ sha1hash); -+ if (efi_status != EFI_SUCCESS) -+ return efi_status; -+ -+ /* Measure the binary into the TPM */ -+ tpm_log_pe((EFI_PHYSICAL_ADDRESS)(UINTN)data, datasize, sha1hash, 4); -+ - if (secure_mode ()) { -- efi_status = verify_buffer(data, datasize, &context); -+ efi_status = verify_buffer(data, datasize, &context, -+ sha256hash, sha1hash); - - if (EFI_ERROR(efi_status)) { - console_error(L"Verification failed", efi_status); -@@ -1711,6 +1721,8 @@ EFI_STATUS shim_verify (void *buffer, UINT32 size) - { - EFI_STATUS status = EFI_SUCCESS; - PE_COFF_LOADER_IMAGE_CONTEXT context; -+ UINT8 sha1hash[SHA1_DIGEST_SIZE]; -+ UINT8 sha256hash[SHA256_DIGEST_SIZE]; - - loader_is_participating = 1; - in_protocol = 1; -@@ -1722,7 +1734,11 @@ EFI_STATUS shim_verify (void *buffer, UINT32 size) - if (status != EFI_SUCCESS) - goto done; - -- status = verify_buffer(buffer, size, &context); -+ status = generate_hash(buffer, size, &context, sha256hash, sha1hash); -+ if (status != EFI_SUCCESS) -+ goto done; -+ -+ status = verify_buffer(buffer, size, &context, sha256hash, sha1hash); - done: - in_protocol = 0; - return status; -@@ -1826,10 +1842,6 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) - } - } - -- /* Measure the binary into the TPM */ -- tpm_log_event((EFI_PHYSICAL_ADDRESS)(UINTN)data, datasize, -- 9, (CHAR8 *)"Second stage bootloader"); -- - /* - * We need to modify the loaded image protocol entry before running - * the new binary, so back it up -diff --git a/tpm.c b/tpm.c -index 6e3933c..af6b126 100644 ---- a/tpm.c -+++ b/tpm.c -@@ -120,7 +120,7 @@ static EFI_STATUS trigger_tcg2_final_events_table(efi_tpm2_protocol_t *tpm2, - - static EFI_STATUS tpm_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size, - UINT8 pcr, const CHAR8 *log, UINTN logsize, -- UINT32 type) -+ UINT32 type, CHAR8 *hash) - { - EFI_STATUS status; - efi_tpm_protocol_t *tpm; -@@ -161,8 +161,18 @@ static EFI_STATUS tpm_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size, - event->Header.EventType = type; - event->Size = sizeof(*event) - sizeof(event->Event) + logsize + 1; - CopyMem(event->Event, (VOID *)log, logsize); -- status = uefi_call_wrapper(tpm2->hash_log_extend_event, 5, tpm2, -- 0, buf, (UINT64) size, event); -+ if (hash) { -+ /* TPM 2 systems will generate the appropriate hash -+ themselves if we pass PE_COFF_IMAGE -+ */ -+ status = uefi_call_wrapper(tpm2->hash_log_extend_event, -+ 5, tpm2, PE_COFF_IMAGE, buf, -+ (UINT64) size, event); -+ } else { -+ status = uefi_call_wrapper(tpm2->hash_log_extend_event, -+ 5, tpm2, 0, buf, -+ (UINT64) size, event); -+ } - FreePool(event); - return status; - } else { -@@ -189,9 +199,21 @@ static EFI_STATUS tpm_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size, - event->EventType = type; - event->EventSize = logsize; - CopyMem(event->Event, (VOID *)log, logsize); -- status = uefi_call_wrapper(tpm->log_extend_event, 7, tpm, buf, -- (UINT64)size, TPM_ALG_SHA, event, -- &eventnum, &lastevent); -+ if (hash) { -+ /* TPM 1.2 devices require us to pass the Authenticode -+ hash rather than allowing the firmware to attempt -+ to calculate it */ -+ CopyMem(event->digest, hash, sizeof(event->digest)); -+ status = uefi_call_wrapper(tpm->log_extend_event, 7, -+ tpm, 0, 0, TPM_ALG_SHA, -+ event, &eventnum, -+ &lastevent); -+ } else { -+ status = uefi_call_wrapper(tpm->log_extend_event, 7, -+ tpm, buf, (UINT64)size, -+ TPM_ALG_SHA, event, -+ &eventnum, &lastevent); -+ } - FreePool(event); - return status; - } -@@ -202,7 +224,24 @@ EFI_STATUS tpm_log_event(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 pcr, - const CHAR8 *description) - { - return tpm_log_event_raw(buf, size, pcr, description, -- strlen(description) + 1, 0xd); -+ strlen(description) + 1, 0xd, NULL); -+} -+ -+EFI_STATUS tpm_log_pe(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 *sha1hash, -+ UINT8 pcr) -+{ -+ EFI_IMAGE_LOAD_EVENT ImageLoad; -+ -+ // All of this is informational and forces us to do more parsing before -+ // we can generate it, so let's just leave it out for now -+ ImageLoad.ImageLocationInMemory = 0; -+ ImageLoad.ImageLengthInMemory = 0; -+ ImageLoad.ImageLinkTimeAddress = 0; -+ ImageLoad.LengthOfDevicePath = 0; -+ -+ return tpm_log_event_raw(buf, size, pcr, (CHAR8 *)&ImageLoad, -+ sizeof(ImageLoad), -+ EV_EFI_BOOT_SERVICES_APPLICATION, sha1hash); - } - - typedef struct { -@@ -294,7 +333,7 @@ EFI_STATUS tpm_measure_variable(CHAR16 *VarName, EFI_GUID VendorGuid, UINTN VarS - - Status = tpm_log_event_raw((EFI_PHYSICAL_ADDRESS)VarLog, VarLogSize, 7, - (CHAR8 *)VarLog, VarLogSize, -- EV_EFI_VARIABLE_AUTHORITY); -+ EV_EFI_VARIABLE_AUTHORITY, NULL); - - FreePool(VarLog); - -diff --git a/tpm.h b/tpm.h -index 3769a1d..e3c2b92 100644 ---- a/tpm.h -+++ b/tpm.h -@@ -1,3 +1,5 @@ -+#include -+ - #define EFI_TPM_GUID {0xf541796d, 0xa62e, 0x4954, {0xa7, 0x75, 0x95, 0x84, 0xf6, 0x1b, 0x9c, 0xdd }}; - #define EFI_TPM2_GUID {0x607f766c, 0x7455, 0x42be, {0x93, 0x0b, 0xe4, 0xd7, 0x6d, 0xb2, 0x72, 0x0f }}; - -@@ -7,6 +9,9 @@ - EFI_STATUS tpm_log_event(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 pcr, - const CHAR8 *description); - -+EFI_STATUS tpm_log_pe(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 *sha1hash, -+ UINT8 pcr); -+ - EFI_STATUS tpm_measure_variable(CHAR16 *dbname, EFI_GUID guid, UINTN size, void *data); - - typedef struct { -@@ -33,6 +38,14 @@ typedef struct _TCG_PCR_EVENT { - uint8_t Event[1]; - } TCG_PCR_EVENT; - -+typedef struct _EFI_IMAGE_LOAD_EVENT { -+ EFI_PHYSICAL_ADDRESS ImageLocationInMemory; -+ UINTN ImageLengthInMemory; -+ UINTN ImageLinkTimeAddress; -+ UINTN LengthOfDevicePath; -+ EFI_DEVICE_PATH DevicePath[1]; -+} EFI_IMAGE_LOAD_EVENT; -+ - struct efi_tpm_protocol - { - EFI_STATUS (EFIAPI *status_check) (struct efi_tpm_protocol *this, -@@ -170,3 +183,5 @@ typedef UINT32 TCG_EVENTTYPE; - #define EV_EFI_PLATFORM_FIRMWARE_BLOB (EV_EFI_EVENT_BASE + 8) - #define EV_EFI_HANDOFF_TABLES (EV_EFI_EVENT_BASE + 9) - #define EV_EFI_VARIABLE_AUTHORITY (EV_EFI_EVENT_BASE + 0xE0) -+ -+#define PE_COFF_IMAGE 0x0000000000000010 --- -2.14.1 - - -From c40cc115a60da33ce2291149471bfd740981bc37 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Tue, 1 Aug 2017 11:19:33 -0400 -Subject: [PATCH 8/9] Always measure all of MokSBState, MokList, and MokListX - -Even if errors occurred, always try to measure all of our Mok entries. -This way we won't fail on e.g. MokList not being set. - -Signed-off-by: Peter Jones -(cherry picked from commit bdc5d3ec9ca5e0f270dc583c86ef8916ee70ac39) ---- - shim.c | 56 +++++++++++++++++++++++++++++++++++++------------------- - 1 file changed, 37 insertions(+), 19 deletions(-) - -diff --git a/shim.c b/shim.c -index 8feed6d..32aa521 100644 ---- a/shim.c -+++ b/shim.c -@@ -1921,37 +1921,55 @@ EFI_STATUS init_grub(EFI_HANDLE image_handle) - EFI_STATUS measure_mok() - { - EFI_GUID shim_lock_guid = SHIM_LOCK_GUID; -- EFI_STATUS efi_status; -+ EFI_STATUS efi_status, ret = EFI_SUCCESS; - UINT8 *Data = NULL; - UINTN DataSize = 0; - - efi_status = get_variable(L"MokList", &Data, &DataSize, shim_lock_guid); -- if (efi_status != EFI_SUCCESS) -- return efi_status; -+ if (!EFI_ERROR(efi_status)) { -+ efi_status = tpm_log_event((EFI_PHYSICAL_ADDRESS)(UINTN)Data, -+ DataSize, 14, (CHAR8 *)"MokList"); -+ FreePool(Data); - -- efi_status = tpm_log_event((EFI_PHYSICAL_ADDRESS)(UINTN)Data, -- DataSize, 14, (CHAR8 *)"MokList"); -+ if (EFI_ERROR(efi_status)) -+ ret = efi_status; - -- FreePool(Data); -+ } else { -+ ret = efi_status; -+ } - -- if (efi_status != EFI_SUCCESS) -- return efi_status; -+ efi_status = get_variable(L"MokListX", &Data, &DataSize, shim_lock_guid); -+ if (!EFI_ERROR(efi_status)) { -+ efi_status = tpm_log_event((EFI_PHYSICAL_ADDRESS)(UINTN)Data, -+ DataSize, 14, (CHAR8 *)"MokListX"); -+ FreePool(Data); -+ -+ if (EFI_ERROR(efi_status) && !EFI_ERROR(ret)) -+ ret = efi_status; -+ -+ } else if (!EFI_ERROR(ret)) { -+ ret = efi_status; -+ } - - efi_status = get_variable(L"MokSBState", &Data, &DataSize, - shim_lock_guid); -+ if (!EFI_ERROR(efi_status)) { -+ efi_status = tpm_measure_variable(L"MokSBState", -+ shim_lock_guid, -+ DataSize, Data); -+ if (!EFI_ERROR(efi_status)) { -+ efi_status = tpm_log_event((EFI_PHYSICAL_ADDRESS) -+ (UINTN)Data, DataSize, 14, -+ (CHAR8 *)"MokSBState"); -+ } - -- if (efi_status != EFI_SUCCESS) -- return efi_status; -- -- efi_status = tpm_measure_variable(L"MokSBState", shim_lock_guid, -- DataSize, Data); -- if (efi_status != EFI_SUCCESS) -- goto out; -+ FreePool(Data); - -- efi_status = tpm_log_event((EFI_PHYSICAL_ADDRESS)(UINTN)Data, -- DataSize, 14, (CHAR8 *)"MokSBState"); --out: -- FreePool(Data); -+ if (EFI_ERROR(efi_status) && !EFI_ERROR(ret)) -+ ret = efi_status; -+ } else if (!EFI_ERROR(ret)) { -+ ret = efi_status; -+ } - - return efi_status; - } --- -2.14.1 - - -From de680d100d94d613be32168fcefa0f47868ba07c Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Mon, 31 Jul 2017 13:10:41 -0400 -Subject: [PATCH 9/9] Make fallback aware of tpm measurements, and reboot if - tpm is used. - -Since booting the entry with fallback in the stack of things that got -measured will result in all the wrong PCR values, in the cases where TPM -is present and enabled, use ->Reset() instead of loading the Boot#### -variable and executing its target. - -Signed-off-by: Peter Jones -(cherry picked from commit 431b8a2e75a71a0b1f47d47d3f045b1e3efbce53) ---- - Makefile | 2 +- - fallback.c | 9 +++++++- - tpm.c | 70 +++++++++++++++++++++++++++++++++++++++++++++++++++----------- - tpm.h | 1 + - 4 files changed, 68 insertions(+), 14 deletions(-) - -diff --git a/Makefile b/Makefile -index d518615..05e8f46 100644 ---- a/Makefile -+++ b/Makefile -@@ -85,7 +85,7 @@ KEYS = shim_cert.h ocsp.* ca.* shim.crt shim.csr shim.p12 shim.pem shim.key shim - SOURCES = shim.c shim.h netboot.c include/PeImage.h include/wincert.h include/console.h replacements.c replacements.h tpm.c tpm.h version.c version.h - MOK_OBJS = MokManager.o PasswordCrypt.o crypt_blowfish.o - MOK_SOURCES = MokManager.c shim.h include/console.h PasswordCrypt.c PasswordCrypt.h crypt_blowfish.c crypt_blowfish.h --FALLBACK_OBJS = fallback.o -+FALLBACK_OBJS = fallback.o tpm.o - FALLBACK_SRCS = fallback.c - - ifneq ($(origin ENABLE_HTTPBOOT), undefined) -diff --git a/fallback.c b/fallback.c -index 8c0369f..55ce79f 100644 ---- a/fallback.c -+++ b/fallback.c -@@ -12,6 +12,7 @@ - - #include "ucs2.h" - #include "variables.h" -+#include "tpm.h" - - EFI_LOADED_IMAGE *this_image = NULL; - -@@ -1020,7 +1021,13 @@ efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *systab) - return rc; - } - -- try_start_first_option(image); -+ rc = fallback_should_prefer_reset(); -+ if (EFI_ERROR(rc)) { -+ VerbosePrint(L"tpm not present, starting the first image\n"); -+ try_start_first_option(image); -+ } else { -+ VerbosePrint(L"tpm present, resetting system\n"); -+ } - - Print(L"Reset System\n"); - -diff --git a/tpm.c b/tpm.c -index af6b126..0a36e1c 100644 ---- a/tpm.c -+++ b/tpm.c -@@ -118,28 +118,60 @@ static EFI_STATUS trigger_tcg2_final_events_table(efi_tpm2_protocol_t *tpm2, - &start, &end, &truncated); - } - --static EFI_STATUS tpm_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size, -- UINT8 pcr, const CHAR8 *log, UINTN logsize, -- UINT32 type, CHAR8 *hash) -+static EFI_STATUS tpm_locate_protocol(efi_tpm_protocol_t **tpm, -+ efi_tpm2_protocol_t **tpm2, -+ BOOLEAN *old_caps_p, -+ EFI_TCG2_BOOT_SERVICE_CAPABILITY *capsp) - { - EFI_STATUS status; -- efi_tpm_protocol_t *tpm; -- efi_tpm2_protocol_t *tpm2; - -- status = LibLocateProtocol(&tpm2_guid, (VOID **)&tpm2); -+ *tpm = NULL; -+ *tpm2 = NULL; -+ status = LibLocateProtocol(&tpm2_guid, (VOID **)tpm2); - /* TPM 2.0 */ - if (status == EFI_SUCCESS) { - BOOLEAN old_caps; -- EFI_TCG2_EVENT *event; - EFI_TCG2_BOOT_SERVICE_CAPABILITY caps; -- EFI_TCG2_EVENT_LOG_BITMAP supported_logs; - -- status = tpm2_get_caps(tpm2, &caps, &old_caps); -- if (status != EFI_SUCCESS) -+ status = tpm2_get_caps(*tpm2, &caps, &old_caps); -+ if (EFI_ERROR(status)) -+ return status; -+ -+ if (tpm2_present(&caps, old_caps)) { -+ if (old_caps_p) -+ *old_caps_p = old_caps; -+ if (capsp) -+ memcpy(capsp, &caps, sizeof(caps)); - return EFI_SUCCESS; -+ } -+ } else { -+ status = LibLocateProtocol(&tpm_guid, (VOID **)tpm); -+ if (EFI_ERROR(status)) -+ return status; - -- if (!tpm2_present(&caps, old_caps)) -+ if (tpm_present(*tpm)) - return EFI_SUCCESS; -+ } -+ -+ return EFI_NOT_FOUND; -+} -+ -+static EFI_STATUS tpm_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size, -+ UINT8 pcr, const CHAR8 *log, UINTN logsize, -+ UINT32 type, CHAR8 *hash) -+{ -+ EFI_STATUS status; -+ efi_tpm_protocol_t *tpm; -+ efi_tpm2_protocol_t *tpm2; -+ BOOLEAN old_caps; -+ EFI_TCG2_BOOT_SERVICE_CAPABILITY caps; -+ -+ status = tpm_locate_protocol(&tpm, &tpm2, &old_caps, &caps); -+ if (EFI_ERROR(status)) { -+ return status; -+ } else if (tpm2) { -+ EFI_TCG2_EVENT *event; -+ EFI_TCG2_EVENT_LOG_BITMAP supported_logs; - - supported_logs = tpm2_get_supported_logs(tpm2, &caps, old_caps); - -@@ -175,7 +207,7 @@ static EFI_STATUS tpm_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size, - } - FreePool(event); - return status; -- } else { -+ } else if (tpm) { - TCG_PCR_EVENT *event; - UINT32 eventnum = 0; - EFI_PHYSICAL_ADDRESS lastevent; -@@ -220,6 +252,7 @@ static EFI_STATUS tpm_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size, - - return EFI_SUCCESS; - } -+ - EFI_STATUS tpm_log_event(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 pcr, - const CHAR8 *description) - { -@@ -343,3 +376,16 @@ EFI_STATUS tpm_measure_variable(CHAR16 *VarName, EFI_GUID VendorGuid, UINTN VarS - return tpm_record_data_measurement(VarName, VendorGuid, VarSize, - VarData); - } -+ -+EFI_STATUS -+fallback_should_prefer_reset(void) -+{ -+ EFI_STATUS status; -+ efi_tpm_protocol_t *tpm; -+ efi_tpm2_protocol_t *tpm2; -+ -+ status = tpm_locate_protocol(&tpm, &tpm2, NULL, NULL); -+ if (EFI_ERROR(status)) -+ return EFI_NOT_FOUND; -+ return EFI_SUCCESS; -+} -diff --git a/tpm.h b/tpm.h -index e3c2b92..d11b545 100644 ---- a/tpm.h -+++ b/tpm.h -@@ -8,6 +8,7 @@ - - EFI_STATUS tpm_log_event(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 pcr, - const CHAR8 *description); -+EFI_STATUS fallback_should_prefer_reset(void); - - EFI_STATUS tpm_log_pe(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 *sha1hash, - UINT8 pcr); --- -2.14.1 - diff --git a/shim-only-os-name.patch b/shim-only-os-name.patch index 70bc254..136efe9 100644 --- a/shim-only-os-name.patch +++ b/shim-only-os-name.patch @@ -1,13 +1,30 @@ -Index: shim-12/Makefile -=================================================================== ---- shim-12.orig/Makefile -+++ shim-12/Makefile -@@ -117,7 +117,7 @@ shim_cert.h: shim.cer +From 087123b6eb8e8067c500cb7a411085c0ebe66e94 Mon Sep 17 00:00:00 2001 +From: Gary Lin +Date: Thu, 4 Jan 2018 12:22:43 +0800 +Subject: [PATCH] Only use the OS name in version + +Since we build shim binary with open build service, it's difficult to +fix the linux kernel version of the build bot, so we just use "uname -o" +instead of "uname -a". + +Signed-off-by: Gary Lin +--- + Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile b/Makefile +index e756aa5..f4b7adb 100644 +--- a/Makefile ++++ b/Makefile +@@ -177,7 +177,7 @@ shim_cert.h: shim.cer - version.c : version.c.in + version.c : $(TOPDIR)/version.c.in sed -e "s,@@VERSION@@,$(VERSION)," \ - -e "s,@@UNAME@@,$(shell uname -a)," \ + -e "s,@@UNAME@@,$(shell uname -o)," \ -e "s,@@COMMIT@@,$(COMMITID)," \ - < version.c.in > version.c + < $< > $@ +-- +2.15.1 + diff --git a/shim-opensuse-cert-prompt.patch b/shim-opensuse-cert-prompt.patch index a0d0be1..30075ad 100644 --- a/shim-opensuse-cert-prompt.patch +++ b/shim-opensuse-cert-prompt.patch @@ -1,7 +1,7 @@ -From ccd53ba8892ce8955611c9dc519454ddd4b2a62f Mon Sep 17 00:00:00 2001 +From 7472a6ee1f01466df1a1de65de669ed0c20b12c4 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Tue, 18 Feb 2014 17:29:19 +0800 -Subject: [PATCH 1/4] Show the build-in certificate prompt +Subject: [PATCH 1/3] Show the build-in certificate prompt This is an openSUSE-only patch. @@ -21,10 +21,10 @@ The state will store in use_openSUSE_cert, a volatile RT variable. 1 file changed, 75 insertions(+), 2 deletions(-) diff --git a/shim.c b/shim.c -index f8a1e67..b1fe60f 100644 +index 7b34868..be250b6 100644 --- a/shim.c +++ b/shim.c -@@ -99,6 +99,7 @@ UINT8 *vendor_dbx; +@@ -93,6 +93,7 @@ UINT8 *vendor_dbx; */ verification_method_t verification_method; int loader_is_participating; @@ -32,16 +32,16 @@ index f8a1e67..b1fe60f 100644 #define EFI_IMAGE_SECURITY_DATABASE_GUID { 0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f }} -@@ -1016,7 +1017,7 @@ static EFI_STATUS verify_buffer (char *data, int datasize, - if (status == EFI_SUCCESS) - return status; +@@ -1096,7 +1097,7 @@ static EFI_STATUS verify_buffer (char *data, int datasize, + LogError(L"check_whitelist(): %r\n", status); + } - if (cert) { + if (cert && use_builtin_cert) { + #if defined(ENABLE_SHIM_CERT) /* * Check against the shim build key - */ -@@ -1941,7 +1942,7 @@ EFI_STATUS mirror_mok_list() +@@ -2080,7 +2081,7 @@ EFI_STATUS mirror_mok_list() if (efi_status != EFI_SUCCESS) DataSize = 0; @@ -50,7 +50,7 @@ index f8a1e67..b1fe60f 100644 FullDataSize = DataSize + sizeof (*CertList) + sizeof (EFI_GUID) -@@ -2648,6 +2649,75 @@ shim_fini(void) +@@ -2829,6 +2830,75 @@ shim_fini(void) setup_console(0); } @@ -126,7 +126,7 @@ index f8a1e67..b1fe60f 100644 extern EFI_STATUS efi_main(EFI_HANDLE passed_image_handle, EFI_SYSTEM_TABLE *passed_systab); -@@ -2750,6 +2820,9 @@ efi_main (EFI_HANDLE passed_image_handle, EFI_SYSTEM_TABLE *passed_systab) +@@ -2933,6 +3003,9 @@ efi_main (EFI_HANDLE passed_image_handle, EFI_SYSTEM_TABLE *passed_systab) */ check_mok_sb(); @@ -137,13 +137,13 @@ index f8a1e67..b1fe60f 100644 if (EFI_ERROR(efi_status)) { Print(L"Something has gone seriously wrong: %r\n", efi_status); -- -2.13.1 +2.15.1 -From 04cef138d17143fb1b5e9e52b593991f783536e8 Mon Sep 17 00:00:00 2001 +From 3e3cf4589edf350c8c33d0f5069c6868c2810b80 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Thu, 20 Feb 2014 16:57:08 +0800 -Subject: [PATCH 2/4] Support revoking the openSUSE cert +Subject: [PATCH 2/3] Support revoking the openSUSE cert This is an openSUSE-only patch. @@ -156,11 +156,11 @@ will show up with an additional option to clear openSUSE_Verify 2 files changed, 60 insertions(+), 3 deletions(-) diff --git a/MokManager.c b/MokManager.c -index e0ba789..81ae8aa 100644 +index 55af321..678a9d9 100644 --- a/MokManager.c +++ b/MokManager.c -@@ -1812,6 +1812,33 @@ static INTN mok_pw_prompt (void *MokPW, UINTN MokPWSize) { - return -1; +@@ -1806,6 +1806,33 @@ mokpw_done: + return EFI_SUCCESS; } +static INTN mok_clear_verify_prompt(void *ClearVerify, UINTN ClearVerifySize) { @@ -193,7 +193,7 @@ index e0ba789..81ae8aa 100644 static BOOLEAN verify_certificate(UINT8 *cert, UINTN size) { X509 *X509Cert; -@@ -2164,6 +2191,7 @@ typedef enum { +@@ -2162,6 +2189,7 @@ typedef enum { MOK_CHANGE_SB, MOK_SET_PW, MOK_CHANGE_DB, @@ -201,7 +201,7 @@ index e0ba789..81ae8aa 100644 MOK_KEY_ENROLL, MOK_HASH_ENROLL } mok_menu_item; -@@ -2175,7 +2203,8 @@ static EFI_STATUS enter_mok_menu(EFI_HANDLE image_handle, +@@ -2182,7 +2210,8 @@ static EFI_STATUS enter_mok_menu(EFI_HANDLE image_handle, void *MokPW, UINTN MokPWSize, void *MokDB, UINTN MokDBSize, void *MokXNew, UINTN MokXNewSize, @@ -211,40 +211,40 @@ index e0ba789..81ae8aa 100644 { CHAR16 **menu_strings; mok_menu_item *menu_item; -@@ -2249,6 +2278,9 @@ static EFI_STATUS enter_mok_menu(EFI_HANDLE image_handle, - if (MokDB) - menucount++; +@@ -2262,6 +2291,9 @@ static EFI_STATUS enter_mok_menu(EFI_HANDLE image_handle, + if (MokDB) + menucount++; -+ if (ClearVerify) -+ menucount++; ++ if (ClearVerify) ++ menucount++; + - menu_strings = AllocateZeroPool(sizeof(CHAR16 *) * (menucount + 1)); + menu_strings = AllocateZeroPool(sizeof(CHAR16 *) * (menucount + 1)); - if (!menu_strings) -@@ -2318,6 +2350,12 @@ static EFI_STATUS enter_mok_menu(EFI_HANDLE image_handle, + if (!menu_strings) +@@ -2334,6 +2366,12 @@ static EFI_STATUS enter_mok_menu(EFI_HANDLE image_handle, + i++; + } + ++ if (ClearVerify) { ++ menu_strings[i] = L"Revoke openSUSE certificate"; ++ menu_item[i] = MOK_CLEAR_VERIFY; ++ i++; ++ } ++ + menu_strings[i] = L"Enroll key from disk"; + menu_item[i] = MOK_KEY_ENROLL; i++; - } - -+ if (ClearVerify) { -+ menu_strings[i] = L"Revoke openSUSE certificate"; -+ menu_item[i] = MOK_CLEAR_VERIFY; -+ i++; -+ } -+ - menu_strings[i] = L"Enroll key from disk"; - menu_item[i] = MOK_KEY_ENROLL; - i++; -@@ -2368,6 +2406,9 @@ static EFI_STATUS enter_mok_menu(EFI_HANDLE image_handle, - case MOK_CHANGE_DB: - mok_db_prompt(MokDB, MokDBSize); +@@ -2394,6 +2432,9 @@ static EFI_STATUS enter_mok_menu(EFI_HANDLE image_handle, + if (efi_status == EFI_SUCCESS) + MokDB = NULL; break; + case MOK_CLEAR_VERIFY: + mok_clear_verify_prompt(ClearVerify, ClearVerifySize); + break; case MOK_KEY_ENROLL: - mok_key_enroll(); + efi_status = mok_key_enroll(); break; -@@ -2393,6 +2434,7 @@ static EFI_STATUS check_mok_request(EFI_HANDLE image_handle) +@@ -2424,6 +2465,7 @@ static EFI_STATUS check_mok_request(EFI_HANDLE image_handle) EFI_GUID shim_lock_guid = SHIM_LOCK_GUID; UINTN MokNewSize = 0, MokDelSize = 0, MokSBSize = 0, MokPWSize = 0; UINTN MokDBSize = 0, MokXNewSize = 0, MokXDelSize = 0; @@ -252,7 +252,7 @@ index e0ba789..81ae8aa 100644 void *MokNew = NULL; void *MokDel = NULL; void *MokSB = NULL; -@@ -2400,6 +2442,7 @@ static EFI_STATUS check_mok_request(EFI_HANDLE image_handle) +@@ -2431,6 +2473,7 @@ static EFI_STATUS check_mok_request(EFI_HANDLE image_handle) void *MokDB = NULL; void *MokXNew = NULL; void *MokXDel = NULL; @@ -260,7 +260,7 @@ index e0ba789..81ae8aa 100644 EFI_STATUS status; status = get_variable(L"MokNew", (UINT8 **)&MokNew, &MokNewSize, -@@ -2472,9 +2515,20 @@ static EFI_STATUS check_mok_request(EFI_HANDLE image_handle) +@@ -2503,9 +2546,20 @@ static EFI_STATUS check_mok_request(EFI_HANDLE image_handle) console_error(L"Could not retrieve MokXDel", status); } @@ -282,7 +282,7 @@ index e0ba789..81ae8aa 100644 if (MokNew) FreePool (MokNew); -@@ -2497,6 +2551,9 @@ static EFI_STATUS check_mok_request(EFI_HANDLE image_handle) +@@ -2528,6 +2582,9 @@ static EFI_STATUS check_mok_request(EFI_HANDLE image_handle) if (MokXDel) FreePool (MokXDel); @@ -293,10 +293,10 @@ index e0ba789..81ae8aa 100644 LibDeleteVariable(L"MokDelAuth", &shim_lock_guid); LibDeleteVariable(L"MokXAuth", &shim_lock_guid); diff --git a/shim.c b/shim.c -index b1fe60f..909c4b7 100644 +index be250b6..d461edd 100644 --- a/shim.c +++ b/shim.c -@@ -2092,7 +2092,7 @@ EFI_STATUS check_mok_request(EFI_HANDLE image_handle) +@@ -2233,7 +2233,7 @@ EFI_STATUS check_mok_request(EFI_HANDLE image_handle) check_var(L"MokPW") || check_var(L"MokAuth") || check_var(L"MokDel") || check_var(L"MokDB") || check_var(L"MokXNew") || check_var(L"MokXDel") || @@ -306,13 +306,13 @@ index b1fe60f..909c4b7 100644 if (efi_status != EFI_SUCCESS) { -- -2.13.1 +2.15.1 -From c7d47d6050bac84d99651278a7e1a3defddaed86 Mon Sep 17 00:00:00 2001 +From b5348293dd95c6627f8fde0344650e006acc181b Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Fri, 7 Mar 2014 16:17:20 +0800 -Subject: [PATCH 3/4] Delete openSUSE_Verify the right way +Subject: [PATCH 3/3] Delete openSUSE_Verify the right way This is an openSUSE-only patch. @@ -322,10 +322,10 @@ LibDeleteVariable only works on the runtime variables. 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/MokManager.c b/MokManager.c -index 81ae8aa..d839355 100644 +index 678a9d9..c3f8f45 100644 --- a/MokManager.c +++ b/MokManager.c -@@ -1826,7 +1826,10 @@ static INTN mok_clear_verify_prompt(void *ClearVerify, UINTN ClearVerifySize) { +@@ -1820,7 +1820,10 @@ static INTN mok_clear_verify_prompt(void *ClearVerify, UINTN ClearVerifySize) { if (status != EFI_SUCCESS) return -1; @@ -338,37 +338,5 @@ index 81ae8aa..d839355 100644 console_error(L"Failed to delete openSUSE_Verify", status); return -1; -- -2.13.1 - - -From 29a7dd0330a75dce47131c4165c06d0b425e2159 Mon Sep 17 00:00:00 2001 -From: Gary Ching-Pang Lin -Date: Mon, 19 Oct 2015 16:36:14 +0800 -Subject: [PATCH 4/4] Don't pass NULL to set MokListRT - -This is an openSUSE-only patch. - -Signed-off-by: Gary Ching-Pang Lin ---- - shim.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/shim.c b/shim.c -index 909c4b7..1804f1c 100644 ---- a/shim.c -+++ b/shim.c -@@ -1979,6 +1979,11 @@ EFI_STATUS mirror_mok_list() - FullData = Data; - } - -+ if (FullDataSize == 0) { -+ /* openSUSE_Verify isn't set and no other MOK exists. */ -+ return EFI_SUCCESS; -+ } -+ - efi_status = uefi_call_wrapper(RT->SetVariable, 5, L"MokListRT", - &shim_lock_guid, - EFI_VARIABLE_BOOTSERVICE_ACCESS --- -2.13.1 +2.15.1 diff --git a/shim-remove-cryptpem.patch b/shim-remove-cryptpem.patch new file mode 100644 index 0000000..99b490b --- /dev/null +++ b/shim-remove-cryptpem.patch @@ -0,0 +1,223 @@ +From 063d4aa37d271ce5c30a9c7a1746af421d40ca17 Mon Sep 17 00:00:00 2001 +From: Gary Lin +Date: Thu, 4 Jan 2018 14:54:34 +0800 +Subject: [PATCH] Cryptlib: replace CryptPem with CryptPemNull + +We don't need the functions in CryptPem.c. + +Signed-off-by: Gary Lin +--- + Cryptlib/Makefile | 2 +- + Cryptlib/Pem/CryptPem.c | 135 -------------------------------------------- + Cryptlib/Pem/CryptPemNull.c | 44 +++++++++++++++ + 3 files changed, 45 insertions(+), 136 deletions(-) + delete mode 100644 Cryptlib/Pem/CryptPem.c + create mode 100644 Cryptlib/Pem/CryptPemNull.c + +diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile +index bf9d0dc..a025ac5 100644 +--- a/Cryptlib/Makefile ++++ b/Cryptlib/Makefile +@@ -40,7 +40,7 @@ OBJS = Hash/CryptMd4Null.o \ + Pk/CryptTs.o \ + Pk/CryptX509.o \ + Pk/CryptAuthenticode.o \ +- Pem/CryptPem.o \ ++ Pem/CryptPemNull.o \ + SysCall/CrtWrapper.o \ + SysCall/TimerWrapper.o \ + SysCall/BaseMemAllocation.o \ +diff --git a/Cryptlib/Pem/CryptPem.c b/Cryptlib/Pem/CryptPem.c +deleted file mode 100644 +index 51e648b..0000000 +--- a/Cryptlib/Pem/CryptPem.c ++++ /dev/null +@@ -1,135 +0,0 @@ +-/** @file +- PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation over OpenSSL. +- +-Copyright (c) 2010 - 2013, Intel Corporation. All rights reserved.
+-This program and the accompanying materials +-are licensed and made available under the terms and conditions of the BSD License +-which accompanies this distribution. The full text of the license may be found at +-http://opensource.org/licenses/bsd-license.php +- +-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +- +-**/ +- +-#include "InternalCryptLib.h" +-#include +- +-/** +- Callback function for password phrase conversion used for retrieving the encrypted PEM. +- +- @param[out] Buf Pointer to the buffer to write the passphrase to. +- @param[in] Size Maximum length of the passphrase (i.e. the size of Buf). +- @param[in] Flag A flag which is set to 0 when reading and 1 when writing. +- @param[in] Key Key data to be passed to the callback routine. +- +- @retval The number of characters in the passphrase or 0 if an error occurred. +- +-**/ +-INTN +-PasswordCallback ( +- OUT CHAR8 *Buf, +- IN INTN Size, +- IN INTN Flag, +- IN VOID *Key +- ) +-{ +- INTN KeyLength; +- +- ZeroMem ((VOID *) Buf, (UINTN) Size); +- if (Key != NULL) { +- // +- // Duplicate key phrase directly. +- // +- KeyLength = (INTN) AsciiStrLen ((CHAR8 *)Key); +- KeyLength = (KeyLength > Size ) ? Size : KeyLength; +- CopyMem (Buf, Key, (UINTN) KeyLength); +- return KeyLength; +- } else { +- return 0; +- } +-} +- +-/** +- Retrieve the RSA Private Key from the password-protected PEM key data. +- +- @param[in] PemData Pointer to the PEM-encoded key data to be retrieved. +- @param[in] PemSize Size of the PEM key data in bytes. +- @param[in] Password NULL-terminated passphrase used for encrypted PEM key data. +- @param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved +- RSA private key component. Use RsaFree() function to free the +- resource. +- +- If PemData is NULL, then return FALSE. +- If RsaContext is NULL, then return FALSE. +- +- @retval TRUE RSA Private Key was retrieved successfully. +- @retval FALSE Invalid PEM key data or incorrect password. +- +-**/ +-BOOLEAN +-EFIAPI +-RsaGetPrivateKeyFromPem ( +- IN CONST UINT8 *PemData, +- IN UINTN PemSize, +- IN CONST CHAR8 *Password, +- OUT VOID **RsaContext +- ) +-{ +- BOOLEAN Status; +- BIO *PemBio; +- +- // +- // Check input parameters. +- // +- if (PemData == NULL || RsaContext == NULL || PemSize > INT_MAX) { +- return FALSE; +- } +- +- // +- // Add possible block-cipher descriptor for PEM data decryption. +- // NOTE: Only support most popular ciphers (3DES, AES) for the encrypted PEM. +- // +- if (EVP_add_cipher (EVP_des_ede3_cbc ()) == 0) { +- return FALSE; +- } +- if (EVP_add_cipher (EVP_aes_128_cbc ()) == 0) { +- return FALSE; +- } +- if (EVP_add_cipher (EVP_aes_192_cbc ()) == 0) { +- return FALSE; +- } +- if (EVP_add_cipher (EVP_aes_256_cbc ()) == 0) { +- return FALSE; +- } +- +- Status = FALSE; +- +- // +- // Read encrypted PEM Data. +- // +- PemBio = BIO_new (BIO_s_mem ()); +- if (PemBio == NULL) { +- goto _Exit; +- } +- +- if (BIO_write (PemBio, PemData, (int) PemSize) <= 0) { +- goto _Exit; +- } +- +- // +- // Retrieve RSA Private Key from encrypted PEM data. +- // +- *RsaContext = PEM_read_bio_RSAPrivateKey (PemBio, NULL, (pem_password_cb *) &PasswordCallback, (void *) Password); +- if (*RsaContext != NULL) { +- Status = TRUE; +- } +- +-_Exit: +- // +- // Release Resources. +- // +- BIO_free (PemBio); +- +- return Status; +-} +diff --git a/Cryptlib/Pem/CryptPemNull.c b/Cryptlib/Pem/CryptPemNull.c +new file mode 100644 +index 0000000..8c9e4f0 +--- /dev/null ++++ b/Cryptlib/Pem/CryptPemNull.c +@@ -0,0 +1,44 @@ ++/** @file ++ PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation which does ++ not provide real capabilities. ++ ++Copyright (c) 2012, Intel Corporation. All rights reserved.
++This program and the accompanying materials ++are licensed and made available under the terms and conditions of the BSD License ++which accompanies this distribution. The full text of the license may be found at ++http://opensource.org/licenses/bsd-license.php ++ ++THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, ++WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. ++ ++**/ ++ ++#include "InternalCryptLib.h" ++ ++/** ++ Retrieve the RSA Private Key from the password-protected PEM key data. ++ ++ Return FALSE to indicate this interface is not supported. ++ ++ @param[in] PemData Pointer to the PEM-encoded key data to be retrieved. ++ @param[in] PemSize Size of the PEM key data in bytes. ++ @param[in] Password NULL-terminated passphrase used for encrypted PEM key data. ++ @param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved ++ RSA private key component. Use RsaFree() function to free the ++ resource. ++ ++ @retval FALSE This interface is not supported. ++ ++**/ ++BOOLEAN ++EFIAPI ++RsaGetPrivateKeyFromPem ( ++ IN CONST UINT8 *PemData, ++ IN UINTN PemSize, ++ IN CONST CHAR8 *Password, ++ OUT VOID **RsaContext ++ ) ++{ ++ ASSERT (FALSE); ++ return FALSE; ++} +-- +2.15.1 + diff --git a/shim.changes b/shim.changes index 4082c07..3e5a395 100644 --- a/shim.changes +++ b/shim.changes @@ -1,3 +1,26 @@ +------------------------------------------------------------------- +Thu Jan 4 08:17:44 UTC 2018 - glin@suse.com + +- Update to 14 +- Adjust make commands in spec +- Drop upstreamed fixes + + shim-add-fallback-verbose-print.patch + + shim-back-to-openssl-1.0.2e.patch + + shim-fallback-workaround-masked-ami-variables.patch + + shim-fix-fallback-double-free.patch + + shim-fix-httpboot-crash.patch + + shim-fix-openssl-flags.patch + + shim-more-tpm-measurement.patch +- Add shim-httpboot-include-console.h.patch to include console.h + in httpboot.c to avoid build failure +- Add shim-remove-cryptpem.patch to replace functions in CryptPem.c + with the null function +- Update SUSE/openSUSE specific patches + + shim-only-os-name.patch + + shim-arch-independent-names.patch + + shim-change-debug-file-path.patch + + shim-opensuse-cert-prompt.patch + ------------------------------------------------------------------- Fri Dec 29 18:41:12 UTC 2017 - ngompa13@gmail.com diff --git a/shim.spec b/shim.spec index a552c1c..0ef68a4 100644 --- a/shim.spec +++ b/shim.spec @@ -1,7 +1,7 @@ # # spec file for package shim # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,7 +21,7 @@ %undefine _build_create_debug Name: shim -Version: 12 +Version: 14 Release: 0 Summary: UEFI shim loader License: BSD-2-Clause @@ -48,20 +48,10 @@ Source99: SIGNATURE_UPDATE.txt Patch1: shim-only-os-name.patch # PATCH-FIX-SUSE shim-arch-independent-names.patch glin@suse.com -- Use the Arch-independent names Patch2: shim-arch-independent-names.patch -# PATCH-FIX-UPSTREAM shim-fix-httpboot-crash.patch glin@suse.com -- Fix HTTPBoot crash -Patch3: shim-fix-httpboot-crash.patch -# PATCH-FIX-UPSTREAM shim-fix-openssl-flags.patch glin@suse.com -- Fix the openssl compiler flags -Patch4: shim-fix-openssl-flags.patch -# PATCH-FIX-UPSTREAM shim-fix-fallback-double-free.patch glin@suse.com -- Fix double free in fallback.c -Patch5: shim-fix-fallback-double-free.patch -# PATCH-FIX-UPSTREAM shim-add-fallback-verbose-print.patch glin@suse.com -- Print debug messages dynamically -Patch6: shim-add-fallback-verbose-print.patch -# PATCH-FIX-UPSTREAM shim-fallback-workaround-masked-ami-variables.patch glin@suse.com -- Work around the masked AMI variables -Patch7: shim-fallback-workaround-masked-ami-variables.patch -# PATCH-FIX-UPSTREAM shim-more-tpm-measurement.patch glin@suse.com -- Measure more components for TPM -Patch8: shim-more-tpm-measurement.patch -# PATCH-FIX-UPSTREAM shim-back-to-openssl-1.0.2e.patch bsc#1054712 glin@suse.com -- Revert openssl back to 1.0.2e due to the rejection of some legit certificates -Patch9: shim-back-to-openssl-1.0.2e.patch +# PATCH-FIX-UPSTREAM shim-httpboot-include-console.h.patch glin@suse.com -- Include console.h in httpboot.c +Patch3: shim-httpboot-include-console.h.patch +# PATCH-FIX-UPSTREAM shim-remove-cryptpem.patch glin@suse.com -- Replace the functions in CryptPem.c with the null function +Patch4: shim-remove-cryptpem.patch # PATCH-FIX-OPENSUSE shim-change-debug-file-path.patch glin@suse.com -- Change the default debug file path Patch50: shim-change-debug-file-path.patch # PATCH-FIX-OPENSUSE shim-opensuse-cert-prompt.patch glin@suse.com -- Show the prompt to ask whether the user trusts openSUSE certificate or not @@ -110,11 +100,6 @@ The source code of UEFI shim loader %patch2 -p1 %patch3 -p1 %patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 -%patch9 -p1 %patch50 -p1 %if 0%{?is_opensuse} == 1 %patch100 -p1 @@ -122,7 +107,10 @@ The source code of UEFI shim loader %build # first, build MokManager and fallback as they don't depend on a # specific certificate -make EFI_PATH=/usr/lib64 RELEASE=0 MokManager.efi fallback.efi 2> /dev/null +make EFI_PATH=/usr/lib64 RELEASE=0 \ + MMSTEM=MokManager FBSTEM=fallback \ + MokManager.efi.debug fallback.efi.debug \ + MokManager.efi fallback.efi # now build variants of shim that embed different certificates default='' @@ -177,7 +165,10 @@ for suffix in "${suffixes[@]}"; do cp $cert2 shim.crt fi # make sure cast warnings don't trigger post build check - make EFI_PATH=/usr/lib64 RELEASE=0 VENDOR_CERT_FILE=shim-$suffix.der ENABLE_HTTPBOOT=1 shim.efi + make EFI_PATH=/usr/lib64 RELEASE=0 SHIMSTEM=shim \ + VENDOR_CERT_FILE=shim-$suffix.der ENABLE_HTTPBOOT=1 \ + DEFAULT_LOADER="grub.efi" \ + shim.efi.debug shim.efi # # assert correct certificate embedded grep -q "$verify" shim.efi